skip navigation

More signal. Less noise.

Daily briefing.

Authorities in the UK investigate yesterday's lethal bombing at a Manchester concert. The motivation is so far unknown, but ISIS has claimed responsibility in its online channels. Police in the UK have made at least one arrest in the case.

ISIS appears to be instructing its members to stay clear of social media activities (transmission, not however reception) that could bring them to the attention of law enforcement or intelligence services.

More circumstantial evidence points to North Korea as the responsible party in the WannaCry ransomware attacks. The apparent motive (prima facie financial) and clues in the attack code itself are consistent with a DPRK operation, but of course the attribution remains provisional and tentative. A number of profiles appear of North Korea's Unit 180, a cyber operations organization thought to be behind the Lazarus Group and such operations as Dark Seoul. Symantec, which has been tracking WannaCry, now assesses a link to North Korea as "highly likely."

The EternalRocks campaign, like WannaCry based on the EternalBlue exploits the ShadowBrokers leaked, continues to appear more troublesome to most observers. It's goal is persistence; the purpose of establishing that persistence remains so far unknown, but it doesn't appear to be a simple ransomware campaign. Its execution is superior to WannaCry's. (It's worth noting that Polaris Alpha has suggested that WannaCry's apparently slipshod execution may have been a matter of design as opposed to ineptitude. The attackers may have been probing to test the response an attack on upatched systems would evoke.)


Today's issue includes events affecting Australia, Bahrain, Canada, China, European Union, Kuwait, Oman, Russia, Saudi Arabia, Slovenia, United Arab Emirates, United Kingdom, United States.

In today's podcast we speak with Emily Wilson from our partners at Terbium Labs: she'll tell us all about the GDPR, the EU's upcoming privacy regulations. We also have a guest, Doug DePeppe from the Cyber Resilience Institute on the DHS funded Cyber Market Development Project.

The Cyber Security Summit: Seattle (Seattle, Washington, USA, June 1, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from the U.S. Dept of Justice, CenturyLink, root9B, IBM and more. Register with promo code cyberwire50 for half off your admission (Regular price $350)

CyberTech Fairfax (Fairfax, Virginia, USA, June 13, 2017) Cybertech Fairfax: meet tech execs, start-ups, investors & legal, media & mktg pros changing the global cyber landscape. Cybertech Fairfax is a thought-provoking conference on global cyber threats, solutions, innovations and technologies.

SANS Technology Institute (online event, June 13, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Tuesday, June 13th, at 12:00 pm (noon) ET. For complete information on master’s degree and graduate certificate programs, visit

Cyber Attacks, Threats, and Vulnerabilities

ISIS claims responsibility for bombing that killed 22 at Manchester concert (ABC News) ISIS has claimed responsibility for the deadly explosion at an Ariana Grande concert in Manchester, England, Monday that killed 22 people and injured 59 others.

CIA's Windows XP to Windows 10 malware: WikiLeaks reveals Athena (ZDNet) WikiLeaks says the CIA's Athena malware can be used to spy on Windows XP through to Windows 10 computers.

EternalRocks Worm Spreads Seven NSA SMB Exploits (Threatpost) A worm called EternalRocks has been spreading seven Windows SMB exploits leaked by the ShadowBrokers, including EternalBlue, which was used to spread WannaCry.

After WannaCry, EternalRocks digs deeper into the NSA’s exploit toolbox (Naked Security) WannaCry may be behind us, but fears that the crooks might create new malware from the NSA’s stash of exploits seem to be coming true

Middle East largely unscathed after WannaCry cyber attack (ComputerWeekly) The impact of WannaCry on the Middle East was reduced due to the attack falling on a weekend, but it is a stark warning.

COMMENTARY: WannaCry – A Caribbean cyber security perspective (St. Lucia News Online) "Organizations who continue to run Windows XP, software which cannot adequately detect and protect your information assets, and obsolete software, will make you

Q&A: Why health care remains a target to cyberattacks like WannaCry (Healio) Earlier this month, hackers executed a worldwide ransomware attack that has impacted more than 100 countries and infected tens of thousands of computers.

Businesses turn to encryption in the wake of WannaCry cyber attack (Cantech Letter) With the threat of cyberattacks increasing the world over, many companies are having to adopt security measures such as encryption apps to avoid getting hit by debilitating ransomware such as the WannaCry malware that infected more than 200,000 computers in 150 countries. Ransomeware involves an invasive encryption or locking of a computer’s files, usually spread …

There’s new evidence tying WCry ransomware worm to prolific hacking group (Ars Technica) Common tools, techniques, and infrastructure make link "highly likely."

North Korea's Unit 180 Hacking Cell Accused Of Major Cyber Attacks (Silicon UK) Blame for some of the most successful cyber attacks has been put on the doorstep of a dedicated cell of North Korea's main spy agency called Unit 180.

WannaCry: A Refreshing Attack (Infosecurity Magazine) $300 is just enough to get attention and make a point without inflicting financial damage.

“Yahoobleed” flaw leaked private e-mail attachments and credentials (Ars Technica) Yahoo promptly retired ImageMagic library after failing to install 2-year-old patch.

Advice of vigil against holiday cyber attacks in Oman, GCC (Times of Oman) Oman and the Middle East need to be prepared for cyber attacks during the holy month of Ramadan and the holiday of Eid, according to experts at Ernst & Young.

Barclays CEO has a Whale of a Time with Email Impersonator (Infosecurity Magazine) Jes Staley was tricked into emailing with someone pretending to be the bank’s chairman, John McFarlane.

Should SaaS Companies Publish Customers Lists? (KrebsOnSecurity) A few weeks back, HR and financial management firm sent a security advisory to customers warning that crooks were sending targeted malware phishing attacks at customers.

Beware the coffee shop: Mobile security threats lurk around every corner (Help Net Security) 40 percent of organizations believe that C-level executives, including the CEO, are most at risk of being hacked when working outside of the office.

Security Patches, Mitigations, and Software Updates

Verizon Patches XSS Issues in its Messaging Client (Threatpost) Verizon patched late last year persistent- DOM-based cross-site scripting vulnerabilities in its Message+ messaging client that could allow an attacker to control a user’s session.

What Apple customers must know before firing up latest iOS update (Daily O) This lightweight version of IOS 10.3.2 ranges between 150-200MB depending on the user's device.

Cyber Trends

No Ghost in the Machine (City Journal) The global cyber-attack poses questions about our modern helplessness.

Emerging Threats to Add to Your Security Radar Screen (Dark Reading) The cybersecurity threat landscape is poised to grow in size and complexity - what to look out for.

Breaches Set to Grow in 2018 but Cybersecurity Investments Stall (Infosecurity Magazine) Breaches Set to Grow in 2018 but Cybersecurity Investments Stall. FICO poll finds UK lagging on breach response plans

Interview: The SecureWorks detectives uncovering the 'who and why' of cybercrime (Security Brief) What is it about financial organisations that makes them attractive targets for cybercriminals? SecureWorks gives us the lowdown.

C-Level Provides Biggest Mobile Security Risk (Infosecurity Magazine) C-Level Provides Biggest Mobile Security Risk. Latest iPass study finds IT leaders are increasingly concerned

Cyber criminals ‘exploiting employee behaviour’ (Trade Arabia) Browser-based attacks and social engineering are now the two most powerful techniques targeting organisations, a report said, highlighting that both techniques prey upon users as their initial point of entry.


RigNet acquires cyber-security company (Seeking Alpha) RigNet (RNET) announced that it has acquired Cyphre Security Solutions.Cyphre provides the most advanced enterprise data protection and it's hardware-based encryption features low latency protection

Sophos to have Invincea integrated this year as CEO hints at future acquisitions | CRN (Channelweb) Sophos acquired Invincea earlier this year and CEO Kris Hagerman expects further acquisitions over the next five years

There Is A Lot To Like About Raytheon (Seeking Alpha) Raytheon is often overlooked for the more popular defense proxy - Lockheed Martin. Despite this, there is a whole lot to like about the company. Raytheon combin

Cisco Flags A Major Downturn And Drops Like A Stone (Seeking Alpha) Cisco plummets upon Q3 earnings announcement containing poor guidance for Q4. The sixth consecutive quarterly decline in revenue prompts a 10.2% drop in share p

Cisco Systems: In The Bin, But No Bargain (Seeking Alpha) Cisco Systems down sharply on news of lower revenue guidance for 2017. Cisco's transition is ongoing, and this quarter marks 6th straight one of revenue decline

US Navy's PEO C4I contracts Booz Allen for tactical networks modernisation (Naval Technology) Booz Allen Hamilton has secured a new cost-plus-fixed-fee deal to provide secure and reliable communications networks for US Navy forces.

Cybersecurity Hiring Woes? Time to Consider a New Collar Approach (Security Intelligence) IBM is leading an industrywide effort to close the IT skills gap by hiring new collar professionals who lack formal degrees but possess requisite skills.

Companies ramp up recruiting veterans as cybersecurity urgency grows (CSO Online) Many veterans have the cybersecurity skills and attitude to be successful in the public sector with the right support.

Forcepoint Appoints 20-Year Cybersecurity Veteran as Global Sales Leader (PRNewswire) Global cybersecurity leader Forcepoint™ today announced long-time...

Fidelis Cybersecurity Lands Former Forcepoint CEO As New Top Exec (CRN) Fidelis Cybersecurity has landed a top executive win, appointing former Forcepoint CEO John McCormack as the security company's new interim president and CEO, CRN has learned.

CACI hires BAE executive ( CACI International said today it has named DeEtte Gray, a former BAE Systems executive, president of U.S. operations.

Products, Services, and Solutions

AT&T Offers More Network Applications Via Software (Fortune) Corporate customers can save big bucks by cutting out proprietary hardware

du and DarkMatter partner for cybersecurity services ( Telco to offer DarkMatter products and services to its enterprise customer base.

Pulse Secure Helps Abu Dhabi’s TDIC Meet Stringent Information Assurance Standards (Military Technologies) Pulse Secure, the leader in secure access solutions, has announced that the Tourism Development & Investment Company (TDIC), the master developer of major tourism, cultural and residential destinations in Abu Dhabi has improved the efficiency of its IT operations and significantly strengthened its security posture using Pulse Secure software and appliances.

Eli Global secures its business critical servers from advanced threats with Trend Micro ( Eli Global has deployed Trend Micro’s 360° connected threat defense strategy solution to secure its business critical servers from advanced threats

Vera Branching Out to Integrate with Duo Security, RSA SecureID, Twilio (eWEEK) Vera’s job is to bolster users’ ability to ensure that only trusted individuals can access sensitive information in real time, regardless of its location.

Facebook’s Internal Moderator Policies Should Have Been Published Years Ago (Motherboard) It's taken a leak to the press to understand what Facebook really wants.

Technologies, Techniques, and Standards

Analyzing the Insider Threat (Recorded Future) Mitigating insider threats is difficult. In this episode, we discuss how to reduce the risk of insider threats and limit the damage that may be done.

WannaCry underscores a need for cyber hygiene and insurance (R Street) “Oops, your important files are encrypted” read the pop-up message on hundreds of thousands of Windows operating systems across the world.

How to Integrate Mobile Security into App Development (Infosecurity Magazine) The application layer is one of the most vulnerable risk areas in a system

Breaking TLS: Good or bad for security? (Help Net Security) Breaking TLS is typically accomplished by loading an inspection CA certificate that dynamically generates certificates by your TLS inspection device.

How to secure your digital transformation (Help Net Security) Organizations are demanding and implementing new solutions that enable them to streamline operations, cultivate new business opportunities and provide bett

Why Akamai Supports Let's Encrypt (eSecurity Planet) The Let's Encrypt project has re-shaped the market for SSL/TLS certificates, providing millions of free security certificate to organization around the world.

Design and Innovation

Gamification: Cybersecurity's secret spice for effective employee training (Security Brief) “Gamifying will help make the training process more exciting and engaging for employees, increasing employee awareness of cybersecurity practices."

Elon Musk says “hardware 2” Teslas will get better self-driving software in June (Ars Technica) An upgrade's coming to HW2 cars in June, and it will make them "smooth as silk."

Toyota pushes into blockchain tech to enable the next generation of cars (TechCrunch) On the same day that Ford officially ousted its chief executive in a bid to remake itself as future-focused vehicle manufacturer, Toyota announced its own..

Worlds collide: JPM works with team behind anonymous crypto Zcash (American Banker) The creators of a top "altcoin" are building privacy features for JPMorgan's blockchain platform.

Philipp Jovanovic on NORX, IoT Security and Blockchain (InfoQ) In this interview, orginally published on InfoQ France, Mathieu Bolla Talks to Philipp Jovanovic, a Cryptographer at EPFL, About NORX, IoT Security and keeping yourself safe on-line, and Blockchain.

Research and Development

Neuromorphic Chips Offer Neural Networks That Actually Work Like the Brain (Motherboard) Image recognition in a snap.


The Arduous Task of Investigating CyberCrime (null) Experts have estimated that cybercrime costs more than $400 billion annually, representing a share of about one half of 1% of Earth’s entire estimated GDP.

Security of Cloud Services (New Jersey Institute of Technology) As the advancements in modern technology offer businesses solutions to streamline and decrease costs, it should come as no surprise that so many individuals and organizations plan on relying on cloud services.

Legislation, Policy, and Regulation

Cybersecurity: Industry concerns and suggestions for policy makers (Help Net Security) ENISA, together with industry, reached a common position on cybersecurity, that provides a set of suggestions for policy makers.

‘Patch Act' Seeks to Avert Wanna Cry-like Attacks (CFO) The bill would make hidden cyber glitches transparent to corporations.

US politicians think companies should be allowed to 'hack back' after WannaCry (Graham Cluley) ACDC bill would give green light for firms to launch counterattacks against hackers. But is that really a good idea?

Trump’s Cybersecurity Boss Talks Priorities (Threatpost) The country’s top cybersecurity boss said the country is headed the wrong way when it comes to cybersecurity.

Litigation, Investigation, and Law Enforcement

May to hold security meeting at 0800 GMT - Sky (Reuters UK) British Prime Minister Theresa May will hold a meeting of the country's top security committee at 9 a.m. (0800 GMT) on Tuesday after 19 people were killed in an explosion after a concert in the English city of Manchester, broadcaster Sky News said.

Children among 22 killed by suicide bomb at Ariana Grande concert in Manchester (Times (London)) At least 22 people including children were killed in a suicide bombing at a pop concert in Manchester last night. A lone attacker is believed to have detonated an explosive device at Manchester...

House IT Aides Fear Suspects In Hill Breach Are Blackmailing Members With Their Own Data (The Daily Caller) Congressional technology aides are baffled that data-theft allegations against four former House IT workers — who were banned from the congressional network — have largely been ignored, and they f

Week ahead: Obama's CIA chief to testify on Russia probe (TheHill) Congressional investigations into Russian interference in the presidential election will press forward in the upcoming week.

Trump asked Coats, Rogers to publicly deny Russian collusion allegations: Report (Washington Examiner) Trump petitioned the director of National Intelligence and National Security Agency director to debunk the claims.

Elijah Cummings: Michael Flynn lied to US security clearance investigators (The Washington Times) The top Democrat on a House oversight committee says documents he’s reviewed suggest that former National Security Adviser Michael Flynn lied to federal security clearance investigators about the source of payments Flynn received from a Russian state-sponsored television network.

Apple Sued by RSA, the Security Division of Dell/EMC, for Patent Infringement regarding Apple Pay (Patently Apple) RSA SecurID, formerly referred to as SecurID, is a mechanism developed by Security Dynamics (later RSA Security and now RSA, The Security Division of EMC) for performing two-factor authentication for a user to a network resource. Today we learn that RSA SecurID, sued Apple and Visa on Sunday, arguing that the Apple Pay digital payment technology violates its patents.

Russian 'Cron' Cyber Gang Arrested for Raiding Bank Accounts (Dark Reading) Russian authorities arrest a group of 16 hackers who allegedly were attacking banks in their native country via mobile malware, nixing plans for their global expansion.

China's theft of IBM's intellectual property (CSO Online) Guilty plea of Xu Jiaqiang an IBM employee for theft of intellectual property and economic espioange

Cron Crime Ring Stole Hundreds of Thousands (Infosecurity Magazine) Cron had plans to expand operations to the West before arrests.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

CYBERCamp2017 (Herndon, Virginia, USA, July 17 - 28, 2017) Always wondered what “cyber attacks” really are? How a special group of cyber warriors protect and defend our banks, stores, and electric plants every second? Join experts from the FBI and the foremost...

PCI Security Standards Council: 2017 Latin America Forum (Sao Paulo, Brazil, August 9, 2017) Join your industry colleagues for a full day of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll...

PCI Security Standards Council: 2017 North America Community Meeting (Orlando, Florida, USA, September 12 - 14, 2017) Join your industry colleagues for three days of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll...

PCI Security Standards Council: 2017 Europe Community Meeting (Barcelona, Spain, October 24 - 26, 2017) Three days of networking and one-of-a-kind partnership opportunities await you. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll find it all at the...

Upcoming Events

cybergamut Technical Tuesday: Future of System Exploitation (Elkridge, MD, USA, May 23, 2017) This talk describes recent trends in vulnerability research and system exploitation, provides case studies of systems that were compromised that were not believed to be vulnerable (or in novel ways), discusses...

SC Cyber 2017 Summit (Columbia, South Carolina, USA, May 23, 2017) SC Cyber, in partnership with the U.S. Chamber of Commerce and the South Carolina Chamber of Commerce, will host a cybersecurity summit that brings together top experts nationally from government, law...

2017 Cyber Investing Summit (New York, New York, USA, May 23, 2017) The 2nd Annual Cyber Investing Summit is an all-day conference focusing on investing in the $100+ billion dollar cyber security industry. Attendees will explore the financial opportunities, trends, challenges,...

Citrix Synergy (Orlando, Florida, USA, May 23 - 25, 2017) Learn how to solve your IT flexibility, workforce continuity, security and networking challenges—and power your business like never before—with the workspace of the future.

CyberSmart 2017 (Fredericton, New Brunswick, Canada, May 24 - 25, 2017) As cybersecurity grows as a significant global challenge, the growing gap between Canada’s cyber workforce demand and supply offers our country both a challenge and an opportunity. CyberSmart 2017 will...

AFCEA/GMU Critical Issues in C4I Symposium (Fairfax, Virginia, USA, May 24 - 25, 2017) The AFCEA/GMU Critical Issues in C4I Symposium brings academia, industry and government together annually to address important issues in C4I technology and systems R&D. The agenda for 2017 will include:...

AFCEA/GMU Critical Issues in C4I Symposium (Fairfax, Virginia, USA, May 24 - 25, 2017) The AFCEA/GMU Critical Issues in C4I Symposium brings academia, industry and government together annually to address important issues in C4I technology and systems R&D.

SECON 2017 (Jersey City, New Jersey, USA, May 25, 2017) Social engineering impacts security. (ISC)2 New Jersey Chapter is a 501(c)(3) not-for-profit charitable organization. Our chapter’s mission is to disseminate knowledge, exchange ideas, and encourage community...

Cyber Southwest (Tucson, Arizona, USA, May 27, 2017) CSW will be dedicated to furthering the discussion on cyber education and workforce development in Arizona, healthcare cybersecurity, and technical training in areas such as threat intelligence, insider...

SANS Atlanta 2017 (Atlanta, Georgia, USA, May 30 - June 4, 2017) Learn the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work. Take advantage of tips and tricks from the experts...

Cyber Security Summit: Seattle (Seattle, Washington, USA, June 1, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Seattle. Receive...

Cyber Security Summit: Seattle (Seattle, Washington, USA, June 1, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Seattle. Receive...

SANS Houston 2017 (Houston, Texas, USA, June 5 - 10, 2017) At SANS Houston 2017, SANS offers hands-on, immersion-style security, security management, and pen testing training courses taught by real-world practitioners. The site of SANS Houston 2017, June 5-10,...

Cyber Resilience Summit: Measuring and Managing Software Risk, Security and Technical Debt (Brussels, Belgium, June 6, 2017) The Consortium for IT Software Quality is bringing the Cyber Resilience Summit to Europe, to take place on 6 June 2017 in Brussels, Belgium, the vibrant heart of political Europe and headquarters of the...

National Cyber Security Summit (Huntsville, Alabama, USA, June 6 - 8, 2017) The National Cyber Summit is the preeminent event for cyber training, education and workforce development aimed at protecting our nation’s infrastructure from the ever-evolving cyber threat. The summit...

Infosecurity Europe 2017 (London, England, UK, June 6 - 8, 2017) Infosecurity Europe is the region's number one information security event featuring Europe's largest and most comprehensive conference programme and over 360 exhibitors showcasing the most relevant information...

Cyber 8.0 Conference (Columbia, Maryland, USA, June 7, 2017) Join the Howard County Chamber of Commerce for their 8th annual cyber conference, where they will explore innovation, funding, and growth. Participants can expect riveting discussions from cyber innovators...

2017 ICIT Forum: Rise of The Machines (Washington, DC, USA, June 7, 2017) The 2017 ICIT Forum brings together over 300 cybersecurity executives from across critical infrastructure sectors to receive the latest ICIT research from our experts, share knowledge, develop strategies...

SecureWorld Chicago (Rosemont, Illinois, USA, June 7, 2017) Join your fellow security professionals for high-quality, affordable training and education. Attend featured keynotes, panel discussions, and breakout sessions—all while networking with local peers. Earn...

NYS Cyber Security Conference (Albany, New York, USA, June 7 - 8, 2017) June 2017 marks the 20th Annual New York State Cyber Security Conference and 12th Annual Symposium on Information Assurance (ASIA) and we invite you to join us for this nationally recognized event. Technology's...

RSAC Unplugged (London, England, UK, June 8, 2017) Informal, up close and personal, intimate…that’s RSAC Unplugged. Ignore the background noise and focus on what’s important in information security right now as part of a one-day program focused on excellent...

Insider Threat Program Development / Management Training For NITP-NISPOM CC 2 (Huntsville, Alabama, USA, June 8 - 9, 2017) Insider Threat Defense announced it will hold a 2 day training class on Insider Threat Program (ITP) Development / Insider Threat Risk Management (National Insider Threat Policy (NITP), NISPOM Conforming...

BSides Pittsburgh 2017 (Pittsburgh, Pennsylvania, USA, June 9, 2017) BSides Pittsburgh is part of a global series of community-driven conferences presenting a wide range of information security topics from technical topics, such as dissecting network protocols, to policy...

29th Annual FIRST Conference (San Juan, Puerto Rico, USA, June 11 - 16, 2017) FIRST is an international confederation of trusted computer incident response teams who cooperatively handle computer security incidents and promote incident prevention programs.

21st Colloquium, Cyber Security Education Innovation for the 21st Century (Las Vegas, Nevada, USA, June 12 - 14, 2017) The Colloquium for Information Systems Security Education (CISSE) provides a forum for dialogue among academia, industry and government. Protection of the information and infrastructure used to create,...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.