skip navigation

More signal. Less noise.

Do you know the best practices for applying threat intelligence?

Threat intelligence is one of the most talked about areas of information security today, but how do you actually use it? Learn best practices for applying threat intelligence with Recorded Future's latest white paper. Download your free copy now.

Daily briefing.

The man arrested in Tuesday's truck-ramming killings in Manhattan has been charged. He appears to have been radicalized and inspired online.

Several criminal campaigns receive researchers' scrutiny.

A gang Kaspersky calls "Silence" is distributing an eponymous banking Trojan. The group isn't Carbanak, but researchers note that they're using some of the same techniques Carbanak pioneered in its rise to underworld leadership. Prominent among those tactics is the use of screen grabs to record and profile ordinary daily activity on a targeted enterprise's networks.

Chinese speakers are afflicted with a new variant of iXintpwn/YJSNPI iOS malware being distributed through two third-party app stores. According to Trend Micro, the malware appears to try to induce its victims to download "repackaged apps."

Proofpoint is following the resurgence of KovCoreG, a criminal gang distributing Kovter ad fraud malware. The threat group has been active since 2011.

The sixth annual Mobile Pwn2Own is on in Tokyo. Apple's iPhone 7 (iOS 11.1), Samsung's Galaxy S8 and Huawei's Mate 9 Pro fell to hackers on the first day.

Apple has patched the KRACK vulnerability in iOS 11.1, addressing key-reinstallation issues implicit in the WPA2 protocol.

WordPress has also patched, issuing a fix for an SQL injection flaw. The issue was exploitable in WordPress 4.8.2 and earlier versions.

In the crypto wars, US Deputy Attorney General Rosenstein advocates "secure, responsible encryption," that is, encryption accessible to authorized investigators.

US Senate hearings into Russian influence operations find that foreign trolls can post the kind of stuff everybody else does.


Today's issue includes events affecting Australia, India, Papua New Guinea, Russia, Syria, United Kingdom, United States, and Uzbekistan.

The IOC and IOA playbook: making sense of your indicators.

Acronyms such as IOCs (indicators of compromise) and IOAs (indicators of attack) are ubiquitous in the security industry. However, a recent SANS survey revealed a vast majority of security professionals don't even know how many indicators they receive or can use. Join DomainTools Senior Security Researcher Kyle Wilhoit to get clarification on the use and value of IOCs and IOAs and how they can enrich your investigations and overall security strategy.

In today's podcast we hear from our partners at Booz Allen Hamilton, as Chris Poulin discusses ways of augmenting human capabilities. Our guest, Robert Knapp from CyberGhost, talks about how employers can raise awareness of cyber security within their organizations. 

Cyber Security Summit: Boston and Los Angeles (Boston, Massachusetts, USA, November 8, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security on November 8 in Boston and November 29 in Los Angeles. Register with promo code cyberwire50 for half off your admission (Regular price $350).

Cyber Attacks, Threats, and Vulnerabilities

App Stores that Formerly Coddled ZNIU Found Distributing a New iXintpwn/YJSNPI Variant (TrendLabs Security Intelligence Blog) App Stores that Formerly Coddled ZNIU Found Distributing a New iXintpwn/YJSNPI Variant

Threat Actor Profile: KovCoreG, The Kovter Saga (Proofpoint) KovCoreG, a financially motivated threat actor active since at least 2011, made headlines recently when Proofpoint researchers uncovered a long-running malvertising campaign distributing Kovter ad fraud malware via social engineering.

Silence Gang Borrows From Carbanak To Steal From Banks (Threatpost) A cybercrime outfit stealing from as many as 10 banks in Russia, Armenia and Malaysia has borrowed heavily from one of the kingpins in this realm, Carbanak.

"Silence" Trojan Records Pseudo-Videos of Bank PCs to Aid Bank Cyber-Heists (BleepingComputer) Kaspersky Lab experts have found a new trojan that was deployed to aid cyber-heists of banks in Russia, Armenia, and Malaysia. Experts named the new trojan Silence.

Silence Please: New Carbanak-Like Group Attacks Banks (Infosecurity Magazine) Silence Please: New Carbanak-Like Group Attacks Banks. Kaspersky Lab reveals sophisticated monitoring techniques

Ramnit worm: Still turning up in unlikely places (Symantec Security Response) Over 90 Ramnit-infected apps removed from Google Play.

Apple, Samsung and Huawei phones hacked on day one of Mobile Pwn2Own (CSO Online) Apple's iPhone 7 running iOS 11.1, the Samsung Galaxy S8 and the Huawei Mate 9 Pro were hacked on the first day of Mobile Pwn2Own.

How Wireless Intruders Can Bypass NAC Controls (Dark Reading) A researcher at this month's SecTor conference will demonstrate the dangers of not employing EAP-TLS wireless security.

CryptoShuffler Stole $150,000 by Replacing Bitcoin Wallet IDs in PC Clipboards (BleepingComputer) The operators of a malware strain identified as CryptoShuffler have made at least $150,000 worth of Bitcoin by using an extremely simple scheme.

Popular ‘Circle with Disney’ Parental Control System Riddled With 23 Vulnerabilities (Threatpost) Popular parental monitoring system, called Circle with Disney, receives 23 patches for a wide range of serious vulnerabilities.

Dark Web Marketplace Offers Remote Access to Corporate PCs for $3-15 Each (eSecurity Planet) Ultimate Anonymity Services offers more than 35,000 RDPs for sale, including about 300 from the U.S.

Duo Peers Inside The Phishing Economy (Tom's Hardware) There's an entire phishing economy, and the Duo security company analyzed thousands of sites to see how things operate behind the scenes.

15 real-world phishing examples — and how to recognize them (CSO Online) How well do you know these crafty cons?

Google Doc users locked out of files due to code error (Computing) Issue now fixed, but lasted for around a day, due to code that was not properly checked,Software ,Google,Google Docs

Security Patches, Mitigations, and Software Updates

Apple Patches KRACK Vulnerability in iOS 11.1 (Threatpost) Apple has patched the KRACK vulnerability in iOS and elsewhere in its product line, closing a key re-installation vulnerability in the WPA2 protocol implemented used by its software.

WordPress Delivers Second Patch For SQL Injection Bug (Threatpost) A bug exploitable in WordPress 4.8.2 and earlier creates unexpected and unsafe conditions ripe for a SQL-injection attack.

Cyber Trends

Selected thoughts from 2017 ICS Cyber Security Conference (Control Global) The 17th ICS Cyber Security Conference was held 10/23-26/17 in Atlanta. The detailed agenda can be found at CyberWire covered the Conference and provided daily commentary -

Six things the security industry can expect from 2018 (Channel Life) As the end of the calendar year wraps up, the security industry is preparing for what 2018 may bring.

A closer look at hybrid cloud security challenges (Help Net Security) Most enterprises face major challenges when managing security across their hybrid enterprise networks both during and after cloud migrations, according to

Quarter of Firms Allow Password-Only BYOD Security (Infosecurity Magazine) Quarter of Firms Allow Password-Only BYOD Security. Bitglass study reveals weakness in enterprise endpoints


The Race for AI Company Acquisitions: Why It's Happening, and Its Lessons for You (Entrepreneur) The explosion of big data and interest in it have created a need for technology solutions to control, organize and analyze all this information.

Defence broadens engagement with cyber security sector (Defence Connect) Academia and industry are being urged to join Defence as it seeks to expand its partnerships with Australia's innovation and cyber security community. Defence Science and Technology (DST) Group and C

Forging closer links with commercial partners crucial for military (Financial Review) The mindset of the Next Generation Technologies Fund is the realisation that government and defence need to have stronger relationships with commercial partners.

Facebook's Zuckerberg says he's 'dead serious' about Russia, warns security spending will hurt profits (USA TODAY) After being grilled by Washington lawmakers, Facebook CEO Mark Zuckerberg warned new security measures post Russia interference will cut into profits.

Security Stocks Take A Hit: Symantec, FireEye, Check Point Fall (Investor's Business Daily) Symantec said Wednesday that fiscal second-quarter adjusted earnings were 30 cents a share, up 33% from a year ago.

Sheffield cyber security start-up set to work with GCHQ (Star) Sheffield start-up Ioetec has been selected to join an "accelerator" run by government listening post GCHQ to create the next generation of leaders in cyber security.

CSRA team nabs $163M endpoint security contract from DISA (Fedscoop) SRA International, a team under IT contractor CSRA, received a $163 million contract to serve as the primary integrator for the Defense Information Systems Agency’s Endpoint Security Solution program. As the integrator for the ESS program, awarded on the General Services Administration’s Alliant governmentwide contract, CSRA will be in charge of leading the Defense Department’s detection, …

How Sanjay Katkar built India’s most successful IT security firm Quick Heal ( From a chawl in Pune to building Quick Heal, Sanjay Katkar’s journey to being the one of the most successful tech entrepreneurs of India.

Products, Services, and Solutions

Digital Defense’s “Daylight Scanning Time” Helps IT Security Teams Avoid Working Late Nights or Weekends (GlobeNewswire News Room) Frontline Vulnerability Manager™ Scanning Engine enables security scans during business hours

Avanan Selects Lastline to Boost Malware Detection and Visibility for Endpoint and Web Gateway Security (Lastline) Avanan joins a growing community of cybersecurity vendors that integrates Lastline’s industry-leading technology...

Which vulnerability to fix first? Kenna Security has the answer (CSO Online) Kenna's vulnerability management platform is designed to prioritize the most dangerous vulnerabilities. Here's how it works.

Dashlane 5: Designed to Work Everywhere, For Everyone (Business Insider) One of world's most trusted digital security companies unveils latest password management features

Detecting the Cyber Enemy Within (Design News) Once the firewalls are up, it’s time to seek out the latent cyber bug.

EclecticIQ launches Fusion Center Intelligence Essentials (Global Security Mag Online) EclecticIQ launches EclecticIQ Fusion Center Intelligence Essentials, a first-in-the-industry service that merges and normalizes 50+ intelligence sources into a single feed, providing contextual qualification for human analysts.

Technologies, Techniques, and Standards

NAO highlights need for co-ordinated comms within NHS to counter future cyber-attacks (PR Week) The National Audit Office's investigation into this year's WannaCry cyber-attack on the NHS has called for a more co-ordinated comms response from central and national health bodies in the event of a similar attack in the future.

Enrollment for threat sharing program continues to lag (FCW) The federal government has big plans for the Automated Indicator Sharing program, but agency officials and members of Congress continue to express frustration at the sluggish pace of enrollment.

Shadow IT: Assess it, don't just shut it down, say CIOs (Computing) A panel of experts at a recent Computing event explain that shadow IT can help the business, once the security risks have been assessed.

Build an ultra-secure Microsoft Exchange Server (CSO Online) Yes, it's possible to do a Microsoft Exchange Server deployment that is secure enough for all but the most sensitive information. Here's how to do it.

How to secure a software-driven technology stack in a cloud of moving parts (Register) Automate all the things

Cyber insurance becoming a key defense in digital world (Cody Enterprise) If you’ve never thought about buying insurance to protect against losses resulting from phishing, ransomware, unsolicited emails, cookie theft or other hacking tactics in the digital world, you’re not alone.

How shared cloud security assessments can benefit enterprises (SearchSecurity) Explore the benefits of shared cloud security assessments and how they can help service providers become more efficient with expert Nick Lewis.

7 tips to reduce risks of data breaches (Help Net Security) Traditional approaches are not working, and companies need to completely rethink their security approach in order to reduce security risk.

3 Facts Social Media Marketers Should Know About Cloud Security (Nibletz) Social media marketing is a data intensive undertaking that collects sensitive data from both target demographics and the client. Marketers collect information for their clients, have sensitive information about upcoming marketing campaigns, and obtain personal information from those who willingly t

VERIFY: Is The Government Planning a Nationwide Blackout on Nov. 4th? (WFMY) The U.S. military is debunking a claim that says the government has plans to enact a nationwide blackout on November 4th. 

One Bitcoin Transaction Now Uses as Much Energy as Your House in a Week (Motherboard) Bitcoin’s surge in price has sent its electricity consumption soaring.

Design and Innovation

Quantum resistant tech wins big at ARM TechCon (Computing) IoT security a major topic at ARM TechCon,Chips and Components ,ARM,Cyber security,SecureRF,IoT,Internet of Things

Now anyone can fool reCAPTCHA (Naked Security) unCaptcha “requires minimal resources to mount a large-scale successful attack”

Research and Development

Quantum particles can transmit perfectly secure messages, but only in theory—until now (MIT Technology Review) Physicists can only tell whether a quantum message has been overheard after the fact. Now they’ve found a way around this problem.


Over One Million People Enroll in Online Crypto Class (Bitcoin News) Bitcoin's rise in valuation has created new student demand for learning about cryptography. Stanford now offers a free online course.

Northrop Grumman Launches 2017-2018 CyberCenturion Competition (Northrop Grumman Newsroom) Northrop Grumman Corporation (NYSE: NOC) has launched this year’s CyberCenturion, the U.K.’s national youth cyber defence competition for 12-18 year olds. A record 575 teams, made up of more 2,500 students, including 116...

Local college students receive 'Cyber Warrior Diversity Certifications' (WMAR) Northrop Grumman and Digital All City presented Morgan State and Coppin State University students with Cyber Warrior Diversity Certifications.

Engility, Center For Cyber Safety And Education Announce CyberWarrior Scholarship (Engility) Scholarship program empowers military veterans

Legislation, Policy, and Regulation

Will the United States Ever Set Red Lines in CyberSpace ? (CyberDB) As the global community seeks avenues to collaborate on an array of cyber issues it is imperative that red lines be set to define acceptable state behavior

US government wants “keys under doormat” approach to encryption (Naked Security) It’s not exactly plaintext copies of all your communications, but that doesn’t make it OK

Punching the Wrong Bag: The Deputy AG Enters the Crypto Wars (Lawfare) Deputy Attorney General Rod Rosenstein’s speech on encryption reveals law enforcement’s misunderstanding of risks.

Securing the homeland means reauthorizing bulk surveillance (TheHill) Failure to reauthorize the Section 702 program would put America at risk of another 9/11.

Halloween is over — but surveillance state boosters still want to scare us (Salon) Senate Intelligence Committee hopes to pass off major expansion of NSA's spy powers as "reform." No thanks

The Zero Day Problem (ASIS Security Management) A series of cyberattacks leveraging a vulnerability discovered by the U.S. National Security Agency renews debate about storage of zero-day vulnerabilities

HHS continuing to push for health care cyberthreat sharing (Fedscoop) Sharing cyber-threat information between public and private sector partners is becoming the prescription for the Department of Health and Human Services.

U.S. ports lack key cyber tools (FCW) The NotPetya attack in June that briefly crippled shipping giant Maersk is a reminder that maritime cybersecurity vulnerability is a problem with global reach.

Members of Congress want you to hack the US election voting system (Ars Technica) Bug-bounty program would exempt participants from federal hacking laws.

Electronic security vital to protect the country’s cyberspace (Post Courier) Security of cyberspace is crucial for the country.

Litigation, Investigation, and Law Enforcement

New York truck attack suspect charged with terrorism offense, FBI says he plotted to carry out attack for ISIS (Washington Post) Authorities believe the attacker, who pledged allegiance to ISIS, was a lone wolf.

For Uzbeks, Radicalization Often Begins Abroad (Foreign Policy) The Islamic State has ramped up its Russian-language recruitment.

Analysis: CIA releases massive trove of Osama bin Laden's files (FDD's Long War Journal) The CIA is releasing hundreds of thousands of documents, images, and computer files recovered during the May 2011 raid on Osama bin Laden's compound in Abbottabad, Pakistan. The newly-available material provides invaluable insights into the terrorist organization that struck America on September 11, 2001.

Inside Bin Laden’s Files: GIFs, Memes, and Mr. Bean (WIRED) A newly released trove of 470,000 files seized from Osama bin Laden's compound include some internet classics—and links to Iran.

Eight Revealing Moments From the Second Day of Russia Hearings (WIRED) Two hearings Wednesday revealed new details of how Russia used propaganda to divide and anger Americans.

Social media firms urged to do more to combat 'start of cyberwarfare' (Fifth Domain) Lawmakers demanded answers Wednesday from leading social media companies about why they haven’t done more to combat Russian interference on their sites, and said congressional action might be needed in response to what one Democrat called “the start of cyberwarfare” against American democracy.

Here Are 14 Facebook and Instagram Ads that Russian Trolls Bought to Divide Americans (Motherboard) Lawmakers released some ads purchased on Facebook and Instagram by Russian government-linked entities.

Russian Facebook Trolls Got Two Groups of People to Protest Each Other In Texas (Motherboard) A US Senator revealed on Wednesday that Russian trolls organized a simultaneous protest and a counter-protest in Texas in 2016.

Here are the Kremlin-backed Facebook ads designed to foment discord in US (Ars Technica) Ads bash Clinton before election and cap on Trump after he won the presidency.

Here’s how Russia targeted its fake Facebook ads and how those ads performed (TechCrunch) It's impossible to know just how much stuff being circulated on social networks is Russian state content in sheep's clothing, although tech companies are..

Twitter Buried #DNCLeak, #PodestaEmails Tweets In Last Two Months Of Campaign (The Daily Caller) Twitter buried significant portions of tweets related to hacked emails from the Democratic National Committee and Clinton campaign chair John Podesta in the last two months of the 2016 presidential ca

Why Twitter Is the Best Social Media Platform for Disinformation (Motherboard) It is time for Twitter to confront bots, extremists, and hostile spies by owning up to its own values.

Opinion | The Mueller indictments aren’t proof of Trump-Russia collusion — just bad judgment (Washington Post) And Russia’s spy network sought to exploit that weakness.

Sir Michael Fallon admits falling short and leaves the job he loved (Times) Next February was to be a special month for Sir Michael Fallon. It would mark the moment he became the longest-serving Conservative defence secretary in history — a point that the senior minister...

Georgia insists server deletion was “not undertaken to delete evidence” (Ars Technica) "Narrative asserted in the media that the data was nefariously deleted… is without merit."

Arrest Made In FireEye Corporate Network Hacking Attempt (CRN) "I am pleased that, in this case, we were able to impose repercussions for the attacker and achieve a small victory for the good guys," said FireEye CEO Kevin Mandia.

Hilton Told to Pay Up After Mishandling Data Breaches (Infosecurity Magazine) The hotel giant took nine months to notify customers about a point-of-sale attack in 2014.

Student charged by FBI for hacking his grades more than 90 times (Naked Security) The 22-year-old student used a keylogger he called the “Hand of God.”

Coin offerings using celebrity glitter may not be golden, SEC warns (TechCrunch) A slew of media stars have hitched their stars to various virtual currencies, lending their social media outreach and luster to projects that have seemed less..

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Cybersecurity: A Shared Responsibility (Auburn, Alabama, USA, April 8 - 10, 2018) During the 2018 SEC Academic Conference, we will explore three themes within cyber security: the underlying computer and communication technology; the economic and physical systems that are controlled...

Upcoming Events

Third International Conference on Information Security and Digital Forensics (ISDF 2017) (Thessaloniki, Greece, December 8 - 10, 2017) A 3 day event, with presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures.

Cyber Security Indonesia 2017: Shaping National Capacity for Cyber Security (Jakarta, Indonesia, December 6 - 7, 2017) Cyber Security Indonesia 2017 exhibition and conference, brought to you by the organisers of the Indonesia Infrastructure Week, will bring cyber security solutions providers together with key government...

National Insider Threat Special Interest Group Meeting (Virginia Chapter) (Herndon, Virginia, USA, December 5, 2017) The National Insider Threat Special Interest Group (NITSIG) is excited to announce it has established a Virginia Chapter. NITSIG Members and others may attend meetings at no charge. Attendees will receive...

cyberSecure (New York, New York, USA, December 4 - 5, 2017) cyberSecure is a unique cross-industry conference that moves beyond the technology of cyber risk management, data security and privacy. Unlike other cybersecurity events, cyberSecure brings together corporate...

Cyber Security Summit Los Angeles (Los Angeles, California, USA, November 30, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Los Angeles. Receive...

Cyber Security, Oil, Gas & Power 2017 (London, England, UK, November 29 - 30, 2017) ACI’s Cyber Security - Oil, Gas, Power Conference will bring together key stakeholders from energy majors and technology industries, to discuss the challenges and opportunities found in the current systems.

INsecurity (National Harbor, Maryland, USA, November 29 - 30, 2017) INsecurity is for the defenders of enterprise security—those defending corporate networks—and offers real-world case studies, peer sharing and practical, actionable content for IT professionals grappling...

INsecurity (National Harbor, Maryland, USA, November 29 - 30, 2017) Organized by Dark Reading, the web’s most trusted online community for the exchange of information about cybersecurity issues. INsecurity focuses on the everyday practices of the IT security department,...

AutoMobility LA (Los Angeles, California, USA, November 27 - 30, 2017) The Los Angeles Auto Show Press & Trade Days and Connected Car Expo have MERGED to form AutoMobility LA, the new auto industry’s first true trade show. Register to join us in Los Angeles this November.

Global Conference on Cyberspace (GCCS) (New Dehli, India, November 23 - 24, 2017) The Global Conference on Cyberspace (GCCS) aims to deliberate on the issues related to promotion of cooperation in cyberspace, norms for responsible behaviors in cyberspace and to enhance cyber capacity...

Aviation Cyber Security (London, England, UK, November 21 - 22, 2017) Join us on November 21/22 in London, England for the Cyber Senate Aviation Cyber Security Summit. We will address key issues such as the importance of information sharing and collaboration, supply chain...

Cyber Security Opportunities in Mexico Webinar (Washington, DC, USA, November 15, 2017) Learn about the cyber security opportunities in Mexico. Mexico is ranked 28th out of 164 countries in the ITU's 2017 Global Cyber Security Index. Companies spend approximately 3.5% of their IT budgets...

Federal IT Security Conference (Columbia, Maryland, USA, November 14, 2017) The Federal IT Security Institute (FITSI) in partnership with Phoenix TS in Columbia, MD is hosting the second annual Federal IT Security Conference. Speakers from NIST, DHS, the Defense Department as...

Sector (Toronto, Ontario, Canada, November 13 - 15, 2017) Illuminating the Black Art of Security. Now entering its 11th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving...

Countermeasure (Ottawa, Ontario, Canada, November 9 - 10, 2017) Now into its sixth year in Ottawa, and consistently advancing in both size and content quality, COUNTERMEASURE continues to be the national capital's premier IT security event. As in years past, attendees...

2017 ICIT Gala & Benefit (Washington, DC, USA, November 9, 2017) The Annual ICIT Gala and Benefit is the year’s most prestigious and intimate gathering of legislative, agency and private sector leaders committed to protecting our Nation’s critical infrastructures. This...

4th Annual Journal of Law & Cyber Warfare Conference (New York, New York, USA, November 9, 2017) Join thought leaders across the industry for a day of collaboration and education with an outstanding group of cyber security experts. In this one-day program, we continue JLCW's 5+ year reputation for...

Fourth Annual JLCW Conference (New York, New York, USA, November 9, 2017) The 2017 Journal of Law and Cyber Warfare symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from...

Cyber Southwest (Tucson, Arizona, USA, November 9, 2017) CSW will focus on creating a positive, unique, and highly productive unification point to further Arizona's developing leadership in cybersecurity. Cyber Southwest is an annual event, and a platform for...

SINET Showcase 2017 (Washington, DC, USA, November 8 - 9, 2017) SINET – Washington DC provides a platform to identify and highlight “best-of-class” security companies that are addressing the most pressing needs and requirements in Cybersecurity. As always, this event...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.