skip navigation

More signal. Less noise.

Daily briefing.

Speculation about the ShadowBrokers increasingly turns toward the possibility that their source could be disgruntled NSA alumni.

Researchers have offered electrical utilities advice on how to discern early signs of cyberattacks similar to those that have afflicted Ukraine. Dragos and others warn that the malware employed is readily adaptable to grid targets anywhere. Such targets need not be older forms of power generation and distribution: wind farms, for example, are also susceptible to attack.

Flashpoint researchers warn that the venerable Trickbot has adopted some of the worm-like functionality that enabled WannaCry and NotPetya to spread rapidly.

The effects of NotPetya continue to be felt. At the end of last week pharmaceutical company Merck disclosed that its manufacturing had been disrupted and has yet to fully recover. Merck warns that the attack can be expected to have material effects on the company's performance.

Two Swedish ministers have resigned over that country's large data exposure scandal.

ISIS has lost most of its core territory. Observers expect that the terrorist group will make some attempt to reconstitute its claims to being a renewed Caliphate through its online presence.

Small businesses can be hit hard by ransomware, but Nextgov reports that the widely quoted statistic that sixty-percent of the businesses so hit go under within six months is exaggerated. The publications says it's working to run the stat to ground, but that it's symptomatic of the shaky information that circulates in the cyber sector.

Automotive cybersecurity shop Trillium has announced its acquisition of CanBusHack.

Notes.

Today's issue includes events affecting Australia, China, India, Iran, Iraq, Democratic Peoples Republic of Korea, Republic of Korea, Russia, Singapore, South Africa, Sweden, Syria, Ukraine, United Kingdom, United States.

Get Smart on the Politics of Cyberspace

The future of an open, secure, and resilient internet is anything but certain. CFR’s Digital and Cyberspace Policy program cuts through the rhetoric to help you understand the politics of cyberspace. Through their “Net Politics” blog, reports, briefings, and interactive tools, the program’s leading cyber experts analyze the emerging global rules of cyberspace. Subscribe to their bimonthly newsletter to get their insights in your inbox.

In today's podcast, we hear from our partners at Accenture Labs, as Malek Ben Salem describes their work developing a global ID system for refugees.

The Cyber Security Summit: Chicago & NYC (Chicago, Illinois, USA, August 8, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from the U.S. Dept of Justice, Cybraics, CenturyLink, Alert Logic and more. Register with promo code cyberwire50 for half off your admission (Regular price $350).

Security In the Boardroom (Palo Alto, CA, USA, August 23, 2017) Cybersecurity is a boardroom topic in nearly every organization. For many boards, security has evolved from a technical risk to a top business risk. Cybersecurity is also a growth opportunity. Proper integration of security and privacy concerns can drive far more effective digital transformation efforts. However, the mystique around cybersecurity can prevent board members and management from improving their cyber fluency and driving required improvements. Please join The Chertoff Group for our Security in the Boardroom event where we will demystify cybersecurity technology and policy issues while providing practical tools that board members and management can use to improve their resiliency to cyber risk and drive competitive advantage.

Cyber Security Conference for Executives (Baltimore, MD, USA, September 19, 2017) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 4th Annual Cyber Security Conference for Executives on Tuesday, September, 19. It will be held on the Homewood Campus of Johns Hopkins University. This year’s theme is, “Emerging Global Cyber Threats.” The conference will feature thought leaders across a variety of industries to address current cyber security threats to organizations and how executives can work to better protect their data.

Cyber Attacks, Threats, and Vulnerabilities

Who are the Shadow Brokers? Signs point to an intelligence insider (SearchSecurity) A Black Hat 2017 session presented by security researcher Matt Suiche looked at the Shadow Brokers and who they might be.

Shadow Brokers post new message as US hunts for disgruntled ex-NSA agent in cyberweapons leak (International Business Times UK) US investigators are reportedly focused on identifying a former insider who may be linked to the hacker group.

North Korea Targeting Poker Sites For Nuclear Cash, South Korea Says (Cardschat) South Korea's Financial Security Institute has linked North Korea to high-profile hacking groups they say have attacked online poker and gambling sites.

Is North Korea Hacking Satellite Agencies, Laboratories in India? (Sputnik) A cyber threat report published earlier this week indicates that North Korea could be attempting to hack into the systems of sensitive agencies in India and several other countries.

An Isolated North Korea Turns to Cyber Coercion and Cyber Chaos (The Cipher Brief) As North Korea’s nuclear and ballistic missile programs ruffle the feathers in the United States and regional players in East Asia, there is another, less visible, confrontation occurring in the depths of computer systems around the world.

Power firms alerted on hack attack scenarios (BBC News) Specific warnings about code used in potential attacks are sent to regulators, say security experts.

Industroyer malware a turning point for ICS security (SearchSecurity) Security researchers at Black Hat 2017 tackle the Industroyer malware and the threats to energy grids and ICS security.

Researcher: Metadata the ‘most potent weapon’ against critical infrastructure security (Federal Times) One researcher is warning leaders in government and industry of an old threat that, fueled by recent legislation and commercial practices, is quickly surpassing zero days and APTs as perhaps the greatest risk to critical infrastructure security.

How to protect the power grid from low-budget cyberattacks (Help Net Security) Vulnerabilities combined with publicly available information can provide enough guidance to execute low-budget power grid cyberattacks.

Flaws in web-connected, radiation-monitoring kit? What could go wrong? (Register) Ripe target for ne'er-do-wells...

Decrypting the Motivations Behind NotPetya/ExPetr/GoldenEye (Dark Reading) Experts discuss the methods and targets involved in this week's massive malware outbreak to figure out what motivated attackers.

North Korea hackers 'want cash not secrets' (BBC News) Banks in South Korea and elsewhere are being targeted for foreign currency, a report says.

With Fake News And Femmes Fatales, Iran's Spies Learn To Love Facebook (Forbes) Before she disappeared from Facebook, Mia Ash was a fun-loving, young photographer who used the world's biggest social network to showcase her work. Ash was popular too. Stretching back to April 2016, she'd befriended a lot of individuals, as many as 500, with similar interests. Her looks almost certainly helped her apparent popularity.

Could ISIS’s next caliphate be in cyberspace? (TheHill) OPINION | Left without physical territory, ISIS could easily move its caliphate into cyberspace.

The Myth of ISIS's Strategic Brilliance (Defense One) The group has adapted to battlefield setbacks. But that doesn't mean it factored territorial losses into its master plan.

Chinese researchers hack into Model X, take control of brakes (Roadshow) Software update 8.1 already patched the holes, so don't worry too much.

Wannacry Inpires Worm-like Module in Trickbot (Dark Reading) The malware is being primarily distributed via email spam in the form of spoofed invoices from an international financial services com, says Flashpoint.

Triada Trojan Found in Firmware of Low-Cost Android Smartphones (BleepingComputer) Security researchers have found malware inside the firmware of several low-cost Android smartphones, such as Leagoo M5 Plus, Leagoo M8, Nomu S10, and Nomu S20.

UK money transfer service 'leaks private data and passport scans' of 11,000 customers (International Business Times UK) The leak was blamed on an unprotected Amazon Web Services (AWS) cloud server.

Swedish ministers resign amid data security breach scandal (POLITICO) Citizens’ sensitive personal information may have been leaked.

Merck says cyber attack halted production, will hurt profits (Reuters) Drug and vaccine maker Merck & Co Inc (MRK.N) said it suffered a worldwide disruption of its operations when it was the victim of an international cyber attack in June, halting production of its drugs, which will hurt its profits for the rest of the year.

SMBLoris - the new SMB flaw (SANS Internet Storm Center) While studying the infamous EternalBlue exploit about 2 months ago, researchers Sean Dillon (zerosum0x0) and Zach Harding (Aleph-Naught-) found a new flaw in the Server Message Block (SMB) protocol that could allow an adversary to interrupt the service by depleting the memory and CPU resources of the targeted machine on a Denial of Service (DoS) attack.

The $10 Hardware Hack That Wrecks IoT Security (WIRED) Using an SD card reader and some soldering savvy, these hackers rooted out a ton of IoT zero days.

Hackers Show Proofs of Concept to Beat Hardware-Based 2FA (Motherboard) DEF CON hackers show how YubiKeys and RSA tokens can be spoofed and circumvented.

How one small hack turned a secure ATM into a cash-spitting monster (TechRepublic) At BlackHat 2017, security researchers demonstrated how a small flaw in an ATM allowed them to empty all the cash out.

IRS warns about spear phishing (Jackson Sun) Spear phishing is not a sport. It’s a scam and the IRS has issued an alert to tax professionals to be wary of it. Their clients may be the ultimate victims....

How Hackers Can Use 'Evil Bubbles' to Destroy Industrial Pumps (WIRED) One demonstration at the Black Hat conference shows how insidious physical infrastructure hacking could be.

Hackers scour voting machines for election bugs (Reuters) Hackers attending this weekend's Def Con hacking convention in Las Vegas were invited to break into voting machines and voter databases in a bid to uncover vulnerabilities that could be exploited to sway election results.

DEF CON Rocks the Vote with Live Machine Hacking (Dark Reading) Jeff Moss, founder of the hacker conference, is planning to host a full-blown election and voting system for hacking in 2018 at DEF CON, complete with a simulated presidential race.

An insider sifts through 108,000 client files. What can go wrong? (CSO Online) Bupa Global responds after an employee in its international health insurance division was caught copying and removing information from client files.

Security Patches, Mitigations, and Software Updates

iTWire - Microsoft refuses to fix 20-year-old SMB zero-day (IT Wire) A 20-year-old flaw in the server message block protocol used in Windows has been uncovered by two researchers who presented the details of their findings...

Symantec distrust to begin in Chrome from April 2018 (ZDNet) Google's browser will start the process of removing trust from old Symantec TLS certificates in Chrome 66.

Google Outlines SSL Apocalypse for Symantec Certificates (BleepingComputer) Google will distrust all existing Symantec SSL certificates starting with October 2018, and Symantec will have to rebuild its entire certificate issuance infrastructure from scratch if it wants to remain in the CA (Certificate Authority) business.

The Death Of Adobe Flash Is Long Overdue (Forbes) The world can breathe a collective sigh of relief. Adobe announced this week that it will officially end development of the Adobe Flash Player at the end of 2020. To be honest, though, the end of 2020 is still a long way off, and the death of Flash is actually long overdue.

Adobe Flash Player Is Dying: Should You Still Install It? (Blorge) A few days ago, we talked about Adobe pulling the plug Flash Player on 2020. This didn’t really come as a surprise since everyone knew that the web client was on its way to retirement — the only question was when. However, the announcement of Flash Player’s retirement date has left people with a lot …

Cyber Trends

A Fake Cyber Stat Lives On in Congress (Nextgov) Some numbers are too convincing to go away.

​Ombudsman says SMBs are a growing target for cybercrime in Australia (ZDNet) As the threat escalates, Australian Small Business and Family Enterprise Ombudsman has said knowledge of where small-to-medium businesses should turn in the event of a cyber attack is also unclear.

2017 cybersecurity trends at the Black Hat conference (SearchNetworking) Bloggers explore 2017 cybersecurity trends in anticipation of this year's Black Hat conference, Movidius AI offering and Mist's new take on WLAN.

At Black Hat Conference, good guy hackers have a bleak view of US cybersecurity (CNBC) Sixty percent of Black Hat conference experts believe a successful cyberattack on US infrastructure will occur in the next two years.

Verticals Vary Widely When it Comes to Prioritizing Cyber (Infosecurity Magazine) About 60% of finance/insurance execs consider cybersecurity a very high priority, vs 15% in hospitality and food.

When Snowden mattered (TechCrunch) Four years ago, the deep state was the enemy. Edward Snowden had just revealed its machinations. The head of the NSA was angrily catcalled during his Black..

Marketplace

Trillium Announces Acquisition of CanBusHack Inc. (ACN Newswire) Trillium Inc, a leading automotive cybersecurity solutions provider, today announced its acquisitioon of the assets of cybersecurity consulting firm CanBusHack, Inc.

Demand for automotive cybersecurity pros outpaces supply (TheHill) As the need for automotive cybersecurity researchers grows, the supply is not keeping up with demand.

Apple Removes Apps From China Store That Help Internet Users Evade Censorship (New York Times) The world’s most valuable company appears to have pulled down the apps amid China’s deepening crackdown on tools that evade internet controls.

Wannacry revealed as the 'biggest driver' for cyber insurance (Information Age) CFC Underwriting saw a 44% increase in cyber insurance enquiries during the month following the WannaCry cyber attack

Jeff Sessions made investors want to throw money at dark web intelligence firms (Cyberscoop) When U.S. Attorney General Jeff Sessions stepped in front of cameras and told the world about the international law enforcement operation that resulted in the bust of at least two multimillion-dollar dark web markets, investors’ ears perked up.

Asia turns to Israel's tech warriors for cyberprotection (Nikkei Asian Review) Veterans of IDF's elite Unit 8200 bring expertise to the private sector

IBM, Dell, McAfee Among Leading Vendors in Threat Intelligence (Channel Partners) The major forces driving the threat intelligence market are the increasing threat of data breaches due to insider attacks, fast-paced adoption of threat intelligence offerings among SMEs, and increasing adoption of crowd-sourced threat intelligence platforms.

This is the Dell security team. We have you surrounded. Come out with a purchase order (Register) RSA/VMware/Dell pincer movement to sell all the cybers

Would Raytheon consider a Forcepoint IPO? (Washington Technology) Raytheon's CEO tamps down investor inquiry over whether defense contractor would consider taking its Forcepoint cyber product joint venture to the public stock exchanges.

Why FireEye Inc (FEYE) Stockholders Have More Reasons to Feel Secure (InvestorPlace) FireEye holds a solid position in the cybersecurity market, and FEYE stock is poised for significant gains over the rest of this year.

Steep Market Competition Possibly Pushed Kaspersky to Offer Free Software (Sputnik) Russian cybersecurity firm Kaspersky Lab’s offer of a free version of the antivirus software may be a result of increased competition on the global antimalware market.

Commentary: Atlanta Can Become a Global Cybersecurity Capital (Global Atlanta) Editor’s note: The below is a commentary article written by Justin Daniels, the attorney leading Baker Donelson’s cybersecurity incubator in Atlanta

ViewQwest opens cyber security centre (The Straits Times) Local firm ViewQwest has set up its first security operations centre (SOC) here as it jostles for a share of the lucrative cyber security market.. Read more at straitstimes.com.

EY Opens Advanced Cybersecurity Center in Dallas to Help Clients Stay Ahead of Emerging Threats (PRNewswire) EY announced today that it will soon open an advanced, multi-million-dollar...

SAIC sector president Wagoner to leave company (Washington Technology) Science Applications International Corp. Sector President Doug Wagoner has resigned from the government services contractor, effective Sept. 1.

Products, Services, and Solutions

Inky Phish Fence Demo (Inky) Inky Phish Fence provides unique content-based protection against email-based phishing attacks, including zero-day exploits like typo domains and other brand forgeries.

CyberRisk partners with KnowBe4 (CSO) CyberRisk is one of Australia's leading information security, technology risk management and privacy consulting firms. Today CyberRisk announced that it is bringing the world's most popular integrated platform for Security Awareness Training and simulated phishing attacks to Australia.

AWS Web Application Firewall: Bolt-on Security for Insecure Websites (InfoQ) AWS Web Application Firewall inspects traffic coming into your web application, looking for suspicious activity. It can pass good requests onto your application and block requests that match common attack vectors - like SQL injection. WAF can add a layer of security onto an existing application without changing the app.

Hueya Finds Users Should Not Delete Facebook Accounts (Sys-Con Media) Today Hueya, the leader in online security tools for families, announces users are safer online when they own their digital identity and secure it with Hueya's suite of online security tools, rather than deleting or deactivating accounts such as Facebook.

Kaspersky releases Internet Security 18 for Mac (BetaNews) Do you need security software for your Mac? Whenever we’ve installed any security suite on our Macs they seriously reduce the effectiveness of our computer with almost the minimum advantage.

Technologies, Techniques, and Standards

Independent labs will test the security of medical devices (Help Net Security) The Medical Device Innovation, Safety and Security Consortium launched the first of many specialized labs for security testing medical devices.

Cloud Security Alliance Announces Upcoming Launch of CCSK v4 (IoT Evolution) The Cloud Security Alliance (CSA), an organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, recently announced at the Black Hat security conference in Las Vegas that its Certificate of Cloud Security Knowledge (CCSK) has been significantly updated to reflect changes in the cloud and security landscape and will be available in November of this year.

Is Cloud Security a Safe Bet for Highly Sensitive Government Data? (Security Intelligence) Given the sensitivity of data and the rising volume of cyberattacks across the globe, government agencies have deep concerns about cloud security.

Azure security boss tells sysadmins to harden up and properly harden Windows Server (Register) You're leaving stuff ON that deserves to be OFF

Security pros at hacker conference: Be more boring (TheHill) Cyber threats have never been more complicated. But, argue professionals at the most prominent research event in the hacker calendar, there has never been a better time to be more boring about security.

Army Cyber Education Enlists Field Operations (SIGNAL Magazine) Electronic warfare joins the digital realm in a confluence of activities to adjust to evolving threats.

Container security: The seven biggest mistakes companies are making (Help Net Security) As enterprises increase adoption of containers, they also risk increasing the number of mistakes they make with the technology. Given that many companies a

‘Companies can hide data breaches but ransomware can’t be hidden’ (Silicon Republic) Tarah Wheeler, website security czar at Symantec, spoke at Inspirefest 2017 about recent ransomware attacks and the future of cybersecurity.

Mitigate Ransomware Through Industry Best Practices (BOSS Magazine) Untangle’s CTO provides insight into how to mitigate ransomware threats--and it's easier than you might think.

Facebook joins heavy hitters to fund group standing up to post-truth (Naked Security) Facebook is joining executives from Google as well as former head of the NSA and Hillary Clinton, among others, to support the body that looks like a version 2.0 upgrade to fact-checking

Reality check: one zero-day doesn't equal an attack (Information Age) Vulnerabilities are everywhere, and although they can’t be totally evaded, they can be countered effectively

Security Think Tank: Employees are in the cyber attack firing line, so educate them well (ComputerWeekly) What are the best security controls to ensure a safe working environment where employees do not have the unfair pressure of being the first line of cyber defence?

What's the difference between cyber and IT? (C4ISRNET) The delineation between “cyber” and “IT” is generally thought to be operations within a maneuver space vs. the infrastructure that enables that to happen, respectively.

Going on holiday? Here are our tips for a security-minded trip (Naked Security) From taking care with hotel WiFi to keeping your cellphone safe, we’ve got some advice as you head off on holiday

What is cryptocurrency? (The Telegraph) Cryptocurrency is a form of digital money that is designed to be secure and, in many cases, anonymous.

Patrick Byrne: Why Cryptocurrency Matters (ValueWalk) This week we talk with Patrick Byrne, CEO of Overstock.com, and rare courageous voice within corporate America raising concern that powerful interests on Wall Street are destroying US companies for profit, robbing investors and destabilizing our financial system in the …

Stanford Cryptography Professor Releases Free Cryptocurrency Lecture (Cointelegraph) For those who are particularly interested in delving a bit more into cryptocurrency, a Stanford University cryptography PhD professor has recently released his lecture material for free.

Design and Innovation

Creating a Common Language Of Cybersecurity (SIGNAL Magazine) The ODNI is developing a set of common definitions to unify descriptions of cyberthreats used by different elements of the intelligence community.

Why Zuckerberg and Musk Are Fighting About the Robot Future (The Atlantic) It looks like the two tech titans are arguing about AI’s impact on humanity. Really they’re protecting their personal brands.

Security operations is broken, and AI can fix it (TechTarget) Every day, it seems, we read headlines about a new data breach or cyberattack. Then we talk about how to improve cybersecurity to prevent similar attacks from happening in the future. Chief among the issues to address is a lack of security personnel to fill vacant positions: How can we improve security if we don’t have the people to perform the work?

For 20 Years, This Man Has Survived Entirely by Hacking Online Games (Motherboard) A hacker says he turned finding and exploiting flaws in popular MMO video games into a lucrative, full-time, job.

No wonder cybersecurity is so bad: There's no way to measure it (Cyberscoop) No one has ever tested out how effectively cybersecurity measures used to harden operating systems and other computer software actually are.

Research and Development

Software brittleness may harden embedded systems (GCN) Brittleness causes programs to fail fast when under attack, which allows systems to quickly detect and disrupt cyberattacks and revert to known-good states.

Cyber-risk analysis, time are keys to infosec says game theory (SearchSecurity) Cyber-risk analysis, understanding the enterprise network and designing security to waste attacker time may be keys to cybersecurity, according to game theory.

Darpa Wants to Build a BS Detector for Science (WIRED) The Pentagon's blue-sky division asks for help in figuring out what research to believe

Who's the better ferret? Despite all our computing power, some of the world's greatest ciphers remain unsolved (Deutsche Welle) We use ciphers to keep secrets secret. To crack ciphers, you need math, psychology and a slab of luck. It's not easy. Many great ciphers remain unsolved, as cryptologist Craig P. Bauer tells DW's Zulfikar Abbany.

200 Terabyte Proof Demonstrates the Potential of Brute-Force Math (Motherboard) Automated verification finds renewed potential for making algorithms safe.

Academia

UNO uses NSA grant to teach about cyber security (WDSU) Educators to take notes back to classrooms

The US Army is teaching kids how to hack at DEF CON (DOTHANFIRST) At DEF CON, anyone can learn to hack -- toddlers included.

DMU students benefit from new cyber security expert on board (DeMontfort University) Learning from one of the country’s top cyber security experts and a De Montfort University Leicester (DMU) alumnus, is preparing students for a fast-paced industry.

Legislation, Policy, and Regulation

Human rights organisations declare EU-US privacy shield invalid (SC Media UK) US surveillance practices render EU-US Privacy Shield ineffective according to a recent letter from Amnesty International and Human Rights Watch.

Cybercrimes Bill makes cyberspace less secure (GroundUp) It also has a sinister provision that will make it easier for State Security to undermine privacy and freedom

New U.S. Cyber-Security Legislation May Help Reassert Fourth Amendment (eWEEK) NEWS ANALYSIS: Three pieces of federal legislation, one in the Senate and two in the House of Representatives could change the way the government regulates cyber-security and data privacy if approved.

Warner wants election-hacking to lead to cyber response (CNN) Sen. Mark Warner wants to add election-hacking to a proposed US policy outlining when and how the US should respond to cyber attacks.

Cyber Peace Treaty or the Peace of the Hegemon? (NewsClick) U.S. officials claim publicly that Cyber Command is primarily defensive, but the reluctance to entertain the idea of a cyberspace disarmament treaty is raising questions about the true U.S. position.”

Here's how the Air Force is fighting in the cyber domain (C4ISRNET) This is part four of a series exploring the differences between military cyber forces, capabilities, mission sets and needs.

DHS cyber shakeup faces new hurdles (TheHill) Lawmakers have been pushing to reorganize DHS's cyber team.

Dear Floyd Mayweather, you’re why the SEC exists (TechCrunch) Dear Floyd Mayweather: While perusing Facebook, I chanced across your post drumming up interest in the upcoming Stox initial coin offering (ICO). I..

Litigation, Investigation, and Law Enforcement

Australian Police Prevent a Terrorist Attack (The Atlantic) Authorities arrested four men Sunday who they say were planning to bring down an airplane.

Homeland Security says it is 'closely following' Australia terror plot (TheHill) The Department of Homeland Security said Sunday it is closely monitoring the foiled Australia terrorist plot in which extremists planned an attack targeting an airplane.

Temple Mount crisis underscores challenge for intelligence agencies (Haaretz) The evolution of the Temple Mount crisis has exposed Israeli officials’ shortsightedness.

Exclusive: Congress asks U.S. agencies for Kaspersky Lab cyber documents (Reuters) A U.S. congressional panel this week asked 22 government agencies to share documents on Moscow-based cyber firm Kaspersky Lab, saying its products could be used to carry out "nefarious activities against the United States," according to letters seen by Reuters.

Were the Russians Playing Both Sides? (The American Interest) Was the goal sanctions relief? Installing Trump? Just sowing chaos in our system? Or maybe all of the above?

Businessman Paints Terrifying And Complex Picture Of Putin's Russia (NPR) William Browder knows Vladimir Putin's Russia all too well.

Who Paid for the ‘Trump Dossier’? (Wall Street Journal) Democrats don’t want you to find out—and that ought to be a scandal of its own.

With Robert Mueller, FBI gets second chance to inspect ‘hacked’ DNC computers (The Washington Times) Robert Mueller’s appointment as special counsel of the Russia election interference probe presents an opportunity for the FBI to inspect the Democratic Party computers that U.S. intelligence concluded were penetrated by Kremlin-directed hackers, cybersecurity analysts say.

Intelligence chairman accuses Obama aides of hundreds of unmasking requests (TheHill) Intelligence Chairman Devin Nunes (R-Calif.), in a letter to Director of National Intelligence Dan Coats, said the requests were made without specific justifications on why the information was needed.

Debbie Wasserman Schultz and the Pakistani IT Scammers (National Review) There’s more than bank fraud going on here.

Online site backing defense of accused NSA leaker founded to promote “fearless journalism” (Augusta Chronicle) The founders of the online news publication that will help in the defense of a Fort Gordon contractor accused of leaking a classified document were among the first to report on the National Security Agency surveillance of citizens in other countries and at home in 2013, using thousands of documents leaked by a former NSA contractor, Edward Snowden.

Police crack seized phones of inauguration day protesters (Naked Security) The unencrypted devices have offered up a bonanza of data to police – what would your phone reveal about you?

When [s**tortion] suspect refused to unlock her iPhone, the FBI stepped in (Ars Technica) “We on some Bonnie Clyde [sh*t]I couldn’t have choose a Better partner crime lol.”

Kim Dotcom set to receive seized funds, “4 containers full of seized property” (Ars Technica) Megupload founder adds he plans to move his family to Queenstown, New Zealand.

Man Believed To Be Notorious Russian Hacker Awaiting Extradition To U.S. (Fraud Report) From the early days of online stock scams to the increasingly sophisticated world of botnets, pseudonymous hacker Peter Severa spent nearly two decades at the forefront of Russian cybercrime.

'Big hunt' for Russian hackers, but no obvious election link (AP News) MOSCOW (AP) — Pyotr Levashov appeared to be just another comfortable member of Russia's rising middle-class — an IT entrepreneur with a taste for upmarket restaurants, Thai

Suspended Sentence for Mirai Botmaster Daniel Kaye (KredbOnSecurity) Last month, KrebsOnSecurity identified U.K. citizen Daniel Kaye as the likely real-life identity behind a hacker responsible for clumsily wielding a powerful botnet built on Mirai, a malware strain that enslaves poorly secured Internet of Things (IoT) devices for use in large-scale online attacks. Today, a German court issued a suspended sentence for Kaye, who now faces cybercrime charges in the United Kingdom.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

10th Cyber Defence Summit (Dubai, UAE, September 20, 2017) Naseba’s 10th Cyber Defence Summit will address the importance of protecting critical infrastructure and sensitive information, help companies procure cyber security solutions and services, and create...

Upcoming Events

Cyber Texas (San Antonio, Texas, USA, August 1 - 2, 2017) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals...

Cyber Security Summit: Chicago (Chicago, Illinois, USA, August 8, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Chicago Receive...

PCI Security Standards Council: 2017 Latin America Forum (Sao Paulo, Brazil, August 9, 2017) Join your industry colleagues for a full day of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll...

2017 DoDIIS Worldwide Conference (St. Louis, Missouri, USA, August 13 - 16, 2017) Hosted annually by the DIA Chief Information Officer, the DoDIIS Worldwide Conference features a distinguished line-up of speakers and an extensive selection of breakout sessions allowing attendees to...

SANS New York City 2017 (New York, New York, USA, August 14 - 19, 2017) Be better prepared for cyber-attacks and data breaches. At SANS New York City 2017 (August 14-19), we offer training with applicable tools and techniques for effective cybersecurity practices. Gain the...

Information Security Summit 2017 (Hong Kong, August 15 - 16, 2017) Effective Use of Analytics and Threat Intelligence to Secure Organizations: The Information Security Summit 2017 is a Regional Event with the aim to give participants from the Asia Pacific region an update...

TechFest (Louisville, Kentucky, USA, August 16 - 17, 2017) TechFest is a biannual summit designed to bring together technology professionals for learning and networking. Attendees will have opportunities to explore economic development avenues for their businesses,...

The Chertoff Group Security Series: Security In The Boardroom (Palo Alto, California, USA, August 23, 2017) The Chertoff Group Security Series will aim to enhance and add to the Security in the Boardroom conversation by applying our insights into technology, threat, and policy to help executives respond to the...

The Chertoff Group Security Series: Security In The Boardroom (Palo Alto, California, USA, August 23, 2017) The Chertoff Group Security Series will aim to enhance and add to the Security in the Boardroom conversation by applying our insights into technology, threat, and policy to help executives respond to the...

U.S. Department of Commerce Cybersecurity Awareness Day (Washington, DC, USA, August 24, 2017) On August 24, 2017, the Department of Commerce headquarters is planning the Cybersecurity Awareness Day event which will host guest speakers from throughout the Cybersecurity community. The 2017 Cybersecurity...

7th Annual Cybersecurity Training and Technology Forum (Colorado Springs, Colorado, USA, August 30 - 31, 2017) CSTTF is designed to further educate Cybersecurity, Information Management, Information Technology, and Communications Professionals by providing a platform to explore and enhance cyber resilience, collaboration,...

SANS Network Security 2017 (Las Vegas, Nevada, USA, September 10 - 17, 2017) SANS is recognized around the world as the best place to develop the deep, hands-on cybersecurity skills most in need right now. SANS Network Security 2017 offers more than 45 information security courses...

Finovate Fall 2017 (New York, New York, USA, September 11 - 14, 2017) FinovateFall 2017 will begin with the traditional short-form, demo-only presentations that more than 20,000 attendees from 3,000+ companies have enjoyed for the past decade. After two days of Finovate’s...

PCI Security Standards Council: 2017 North America Community Meeting (Orlando, Florida, USA, September 12 - 14, 2017) Join your industry colleagues for three days of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll...

8th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 13, 2017) The 8th Annual Billington CyberSecurity Summit September 13 in Washington D.C. brings together world-class cybersecurity thought leaders for high-level information sharing, unparalleled networking and...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.