skip navigation

More signal. Less noise.

Do you know the best practices for applying threat intelligence?

Threat intelligence is one of the most talked about areas of information security today, but how do you actually use it? Learn best practices for applying threat intelligence with Recorded Future's latest white paper. Download your free copy now.

Daily briefing.

BadRabbit's odd behavior—sophisticated, noisy, and brief—may have an explanation: it appears the campaign was misdirection. Ukrainian police have told Reuters that the same threat actor behind the ransomware campaign (Ukraine believes this to be the same Russian security service responsible for NotPetya) operated a quiet phishing campaign during BadRabbit's activity. The goal, investigators think, was to obtain undetected remote access to financial and other confidential data.

The AP publishes what it characterizes as a "hit list" (a long list of hacking targets, not of people marked for assassination) comprising Fancy Bear's persons of interest. It goes far beyond Fancy's notorious interest in the Clinton campaign, indeed, far beyond US targets. Aerospace and defense sector workers are on it, as are political figures from both parties, the Papal nuncio to Kiev, and the Ukrainian officer who wrote that Android gunnery app whose compromise CrowdStrike investigated late last year. (Fancy Bear is widely believed to be a unit of Russia's GRU.)

US prosecutors have identified six Russians allegedly involved in the DNC hack. Indictments are expected early next year.

Skyhigh Networks warns of "GhostWriter," in which misconfigured Amazon Web Services S3 buckets are not only exposed to public view, but can also be exploited in man-in-the-middle attacks. About 4% of the buckets accessed from within enterprise networks are thought susceptible to GhostWriter.

The more familiar problem of data loss from AWS S3 misconfiguration persists. Nearly 50 thousand Australians recently had their information exposed, as have 2.2 million Dow Jones customers.


Today's issue includes events affecting Australia, Belarus, Canada, China, France, Germany, Malaysia, Russia, Ukraine, United Kingdom, United States.

A note to our readers: Next week we'll be at two important conferences meeting in Washington, DC: CyCon (sponsored by the NATO Cyber Center of Excellence and the US Army Cyber Institute) and the SINET Showcase (highlighted as it is every year by the SINET 16). Watch for coverage over the course of the week.

The IOC and IOA playbook: making sense of your indicators.

Acronyms such as IOCs (indicators of compromise) and IOAs (indicators of attack) are ubiquitous in the security industry. However, a recent SANS survey revealed a vast majority of security professionals don't even know how many indicators they receive or can use. Join DomainTools Senior Security Researcher Kyle Wilhoit to get clarification on the use and value of IOCs and IOAs and how they can enrich your investigations and overall security strategy.

In today's podcast, we hear from our partners at Webroot, as David DuFour describes recent ransomware trends. And we have two guests today, Sherrie Caltagirone, founder and executive director of the Global Emancipation Network (GEN), and Andrew Lewman, SVP of DarkOwl. They describe how they use cybersecurity tools to help stop human trafficking online.

This week’s Research Saturday podcast will feature Jordan Wright from Duo Security, discussing their newly released report, “Phish in a Barrel,” the first public large-scale analysis of phishing kits. Duo took a look at more than 3,200 unique phishing kits from 66,000 potential phishing URLs in community feeds.

Cyber Security Summit: Boston and Los Angeles (Boston, Massachusetts, USA, November 8, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security on November 8 in Boston and November 29 in Los Angeles. Register with promo code cyberwire50 for half off your admission (Regular price $350).

Insider Threat - How to Unlock the Full Potential of Your Insider Threat Tools (Webinar, November 9, 2017) Insider threats continue to be a growing concern for security professionals. During this webinar, cybersecurity experts will discuss how to implement a holistic monitoring and detection solution to maximize your insider threat capabilities to improve your security posture.

Cyber Attacks, Threats, and Vulnerabilities

Exclusive: Ukraine hit by stealthier phishing attacks during BadRabbit strike (Reuters) Hackers tried to access confidential data in powerful but stealthy phishing attacks launched in parallel with an eyeball-grabbing ransomware strike called BadRabbit last week, the head of the Ukrainian state cyber police said on Thursday.

NotPetya was nastier than WannaCry ransomware, say experts (IT PRO) The malware tops the list of 2017's worst ransomware outbreaks

'Fancy Bear' Tried To Hack E-Mail Of Ukrainian Making Artillery-Guidance App (RadioFreeEurope/RadioLiberty) An officer who developed an artillery-guidance app used by the Ukrainian military in its fight against Moscow-backed separatists was among the members of Ukraine's political and military elite targeted by a hacking group with alleged links to Russian security services.

Russia hackers had targets worldwide, beyond US election (Fifth Domain) There is detailed forensic evidence pointing to the close alignment between the hackers and the Russian government, exposing an operation that stretched back years and tried to break into the inboxes of 4,700 Gmail users across the globe, according to a previously unpublished digital hit list obtained by The Associated Press.

Fancy Bear Pens the Worst Blog Posts Ever (ThreatConnect) ThreatConnect reviews continuing Fancy Bear activity targeting citizen journalism organization Bellingcat and identifies a new tactic leveraging Blogspot to mask their credential harvesting links.

Meet the french researcher the Shadow Brokers keep calling out (Cyberscoop) A 29-year-old French security researcher and entrepreneur, Matthieu Suiche is one of the foremost experts when it comes to the peculiar group.

Russian Federation Cybersecurity Report (Anomali) Whether the perpetrators or the victims, the Russian Federation is often linked to cyber activities in the news. The Russian Federation was recently hit with a ransomware attack called Bad Rabbit (research conducted by Luis Mendieta, Threat Analytics Team), which security professionals theorize was a retaliation for ransomware known as Petya. Evidence was also recently released indicating that the Russian government used private Russian company Kaspersky Labs’ technology to steal

Apple Warned About Evil Wi-Fi Attack That Installs Malware On iPhones (Forbes) Apple's security team is having a busy week thanks to Wi-Fi issues.

What We Can Learn From KRACK WiFi Loophole ( Only you can prevent forest fires. And, as the KRACK WiFi vulnerability perhaps demonstrated, only you can prevent hackers from worming their way into your networks and devices, as even established security measures that are presumed to be stable may not be as secure as we think. As much as consumers, organizations and retailers rely […]

GhostWriter AWS Issue Impacts Thousands of Amazon S3 Buckets (eSecurity Planet) Affected buckets are owned by major news sites, popular retailers and leading ad networks.

Skyhigh Discovers GhostWriter: MITM Exposure In Cloud Storage Services (Skyhigh) As the cloud increasingly becomes the de-facto source of computing and storage resources for websites and applications, we are seeing new types of exposure

Another AWS configuration error exposes Dow Jones customer data (TechGenix) At least 2.2 million Dow Jones & Co. clients had their information exposed because of an AWS configuration error — an error that may be far too common.

Malaysian Data Breach Could Affect Entire Population (Infosecurity Magazine) Over 46 million records found their way onto the dark web

50K Australians Exposed in Server Misconfig Snafu (Infosecurity Magazine) It is the country’s largest data breach since the Red Cross leaks.

Hackers Stole $150,000 from Cryptocurrency Wallets Using CryptoShuffler Trojan (HackRead) Popular cryptocurrency wallets are under threat currently as the notorious CryptoShuffler Trojan is stealing cryptocurrencies. According to the findings of

Russian Hacker Exploits GTA 5 PC Mod to Install Cryptocurrency Miner (HackRead) Gamers were delighted with the release of world’s second most popular video game Grand Theft Auto V (GTA 5) released by Rockstar North. It was in every way

Devilish ONI Attacks in Japan Use Wiper to Cover Tracks (Threatpost) The ONI ransomware attacks targeting organizations in Japan are also dropping wiper malware which is being used to delete logs and cover the attackers' tracks.

Popular USB Audio Driver Ships With Root Certificate, Big Security No-No (BleepingComputer) The Savitech USB audio driver installation package will install a root CA certificate into the Windows trusted root certificate store, in an incident that's reminiscent of the Superfish and eDellRoot episodes from 2015 and 2016, respectively.

Social Engineer Spills Tricks of the Trade (Dark Reading) A social engineer points out gaping holes in businesses' human security and shares lessons learned from years of phishing research.

Are the Good Guys as Dangerous as the Bad Guys – an Almost Catastrophic Failure of the Transmission Grid (Control Global) A security group at a large utility with experience only scanning data center assets scanned a number of critical transmission substations. The scanning cut all communication between hundreds of relays and SCADA was unaware.

Someone at Twitter 'Inadvertently' Deactivated Donald Trump's Account for 11 Minutes (Motherboard) According to the social media company this was 'human error by a Twitter employee.'

Taking HTTPS Denial to an Absurd Level (Threatpost) Researcher Troy Hunt discovers as far as the internet has come in adopting HTTPS it still has a ways to go.

Cyber Trends

The Future of Cybersecurity Part II: The Need for Automation (CSO Online) CSO offers the latest information and best practices on business continuity and data protection, best practices for prevention of social engineering scams, malware and breaches, and tips and advice abut security careers and leadership.

Three-Quarters of Americans Concerned About Identity Theft During Holiday Shopping Season (Generali) A vast majority of Americans say their willingness to do business with a retailer during this holiday shopping season would be impacted if the retailer experienced a data breach in the past, according to a consumer survey conducted by Generali Global Assistance (“GGA” or “the Company”), a leader ...


Fifteen-year-old Black Duck Software gets its exit, selling to Synopsys for $565 million (TechCrunch) Black Duck Software, a 15-year-old company whose products automate the process of securing and managing open-source software -- including detecting license..

Carbon Black plans to go public in 2018, say sources (Boston Business Journal) After buying a Boston-based startup for $100 million in 2016, the Waltham cybersecurity firm is finally getting ready to trade publicly.

Dragos unveils new global headquarters as part of the company's continued expansion (PRNewswire) Dragos opened the doors to its new global offices in Hanover MD this week.

Broadcom Trumpets Plans to Domicile to the US as Brocade Deal Lin (SDxCentral) Broadcom said it plans to move its official corporate headquarters from Singapore to the U.S. as its pending acquisition of Brocade lingers.

Products, Services, and Solutions

NinjaRMM Partners with Ivanti to Simplify and Automate Patching Processes for Managed Service Providers (Ivanti) Ivanti patch management technology integrated within the NinjaRMM platform

Netwrix Auditor 9.5 Enables Organizations to Identify, Assess and Reduce Risks to IT Infrastructure and Data (Netwrix) Upgraded Netwrix Auditor improves detection of threat actors and security gaps in hybrid environments.

Cygilant Launches New Vulnerability and Patch Management Subscription Service to Support and Equip Lean IT Teams to Effectively Stop Cyber Threats and Exploits (PRWeb) Cygilant’s industry-first ‘One Vendor’ approach to vulnerability and patch management aims to streamline workflows; speeding cyber threat response times and lowering cost of ownership

Forensiq Releases Next Generation Fraud Detection Algorithm (PRNewswire) Forensiq, a global leader in ad fraud detection and prevention, today...

Bromium Helps London’s Metropolitan Police Investigate and Convict Cyber Criminals, Increasing Protection for Citizens and BusinessesMetropolitan Police Cybercrime Unit, FALCON, to use Bromium to... (Business Insider) Bromium®, Inc., the pioneer and leader in virtualisation-based enterprise security that stops advanced malware attacks, today announced that the Metropolitan Police Cybercrime Unit (FALCON) has deployed Bromium to rapidly investigate and mitigate cybercrime impacting businesses and the public in London.

Technologies, Techniques, and Standards

The Sometimes Forgotten Foundation for the OODA Loop - the Human (Security Week) Applying the OODA loop to cybersecurity will help accelerate the process of translating threat data into action

Design and Innovation

Researcher: ‘We Should Be Worried’ This Computer Thought a Turtle Was a Gun (Motherboard) The once-theoretical problem of "adversarial objects" just got real.

The Bots That Are Changing Politics (Motherboard) A taxonomy of politibots, a swelling force in global elections that cannot be ignored.

Security vs. convenience? IoT requires another level of thinking about risk (Ars Technica) Op-ed: Devices like Amazon Key put too much risk assessment on users; bad decisions follow.

Research and Development

China on path to eclipse US with AI, warns Alphabet (C4ISRNET) One of America's leading technologists says China is eroding the U.S. artificial intelligence edge.

Legislation, Policy, and Regulation

Chinese Hacking Efforts More Strategic, Less Noisy (BleepingComputer) Chinese hackers, once some of the most careless and noisy hackers around, have become very careful and much more strategic at choosing the targets they go after.

Army, Navy cyber teams say they’re ready to go ... a year early (Fifth Domain) Army Cyber Command and Fleet Cyber Command announced their cyber mission force teams have achieved full operational capability a year ahead of schedule.

Navy Cyber Mission Force Teams Achieve Full Operational Capability (U.S. DEPARTMENT OF DEFENSE) U.S. Fleet Cyber Command/U.S. 10th Fleet officials announced that all of the Navy’s Cyber Mission Force teams achieved full operational capability last month, almost a full year ahead of schedule.

Active Army cyber teams fully operational a year-plus ahead of schedule (DVIDS) U.S. Army Cyber Command (ARCYBER) announced today that all of the Army’s Cyber Mission Force teams achieved full operational capability (FOC) at the end of September, 2017, more than a year ahead of schedule.

Is legislation key to security in IoT? ((ISC)² Blog) (ISC)² Community weighs in on Cyber Shield Act of 2017 Senator Ed Markey (D-Mass) has long been concerned about securing new technology as it bleeds into our everyday lives. In 2015, Sen. Markey, a member of the Commerce, Science and Transportation Committee, released the report, Tracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk. Since then, smart cars have made frequent headlines, which has had the residual effect of bringing securing connecting cars to front of mind for the auto industry. We posed the question, “What do you think?” to members of the (ISC)² Community, and received...

Call to Arms on Cybersecurity for Industrial Control (EETimes) Made especially visible by May's worldwide WannaCry ransomware attacks, the security and cybersecurity of industrial control and automation systems have become a topic that can't safely be ignored.

Gangs, States and 'Geeks' Behind Canada Cyberattacks: Minister (Security Week) Cyberattacks on Canadian government computers by what a minister described Tuesday as gangsters, rogue states and "geeks in basements" are on the rise, but are also failing more, according to a report.

NY AG Proposes Stricter Data Security Laws Citing Equifax Breach (New York Law Journal) Attorney General Eric Schneiderman is proposing comprehensive legislation to tighten state data security laws and expand data protections for New York residents in the aftermath of the Equifax breach that compromised 8 million New Yorkers among 145.5 million Americans.

Information protection policy in Belarus hailed as effective (Belorussian Telegraph Agency) Alexander Shumilin remarked that the third state science and technology program on information protection for 2016-2020 is underway in Belarus.

Litigation, Investigation, and Law Enforcement

Bin Laden files back up US claims on Iran ties to al-Qaida (Sacramento Bee) CIA release of bin Laden files renews interest in Iran's support of network leading up to Sept. 11 terror attacks.

US Investigators Identify Russian State DNC Hackers (Infosecurity Magazine) US Investigators Identify Russian State DNC Hackers. Prosecutors said to be preparing charges

Under pressure, social media giants acknowledge meddling (Fifth Domain) Admissions and disclosures from Facebook, Twitter and Google over the last several months have given congressional investigators one of their first real wins in the Russia probes.

DWS, Perkins Coie May Have Engaged CrowdStrike Instead Of FBI Without Consulting DNC Officers (The Daily Caller) Rep. Debbie Wasserman Schultz, the former head of the Democratic National Committee, did not tell the DNC's own officers about a breach on its servers for more than a month after learning about it, ac

Former Yahoo CEO, Equifax CEO to testify at Senate hearing (Reuters) Former Yahoo Chief Executive Marissa Mayer and the current and former CEOs of Equifax Inc (EFX.N) will testify before a U.S. Senate panel on Nov. 8 on two massive data breaches, the committee said Wednesday.

Malware Dev Who Used Spam Botnet to Pay for College Gets No Prison Time (BleepingComputer) A Pittsburgh judge sentenced a malware dev to two years probation and no prison time for his involvement with a spam botnet.

Police Arrest Suspect in #LeakTheAnalyst Mandiant Hacking Incident (BleepingComputer) Law enforcement authorities have arrested an individual believed to be behind Operation #LeakTheAnalyst that took place over the summer.

Internet cryptography plan, police exam letter found in accused Baton Rouge serial killer home (The Advocate) A Baton Rouge police officer found instructions for searching the web anonymously through a "state of the art cryptography tool" during a search of accused killer Kenneth Gleason's house, according

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Third International Conference on Information Security and Digital Forensics (ISDF 2017) (Thessaloniki, Greece, December 8 - 10, 2017) A 3 day event, with presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures.

Cyber Security Indonesia 2017: Shaping National Capacity for Cyber Security (Jakarta, Indonesia, December 6 - 7, 2017) Cyber Security Indonesia 2017 exhibition and conference, brought to you by the organisers of the Indonesia Infrastructure Week, will bring cyber security solutions providers together with key government...

National Insider Threat Special Interest Group Meeting (Virginia Chapter) (Herndon, Virginia, USA, December 5, 2017) The National Insider Threat Special Interest Group (NITSIG) is excited to announce it has established a Virginia Chapter. NITSIG Members and others may attend meetings at no charge. Attendees will receive...

cyberSecure (New York, New York, USA, December 4 - 5, 2017) cyberSecure is a unique cross-industry conference that moves beyond the technology of cyber risk management, data security and privacy. Unlike other cybersecurity events, cyberSecure brings together corporate...

Cyber Security Summit Los Angeles (Los Angeles, California, USA, November 30, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Los Angeles. Receive...

Cyber Security, Oil, Gas & Power 2017 (London, England, UK, November 29 - 30, 2017) ACI’s Cyber Security - Oil, Gas, Power Conference will bring together key stakeholders from energy majors and technology industries, to discuss the challenges and opportunities found in the current systems.

INsecurity (National Harbor, Maryland, USA, November 29 - 30, 2017) INsecurity is for the defenders of enterprise security—those defending corporate networks—and offers real-world case studies, peer sharing and practical, actionable content for IT professionals grappling...

INsecurity (National Harbor, Maryland, USA, November 29 - 30, 2017) Organized by Dark Reading, the web’s most trusted online community for the exchange of information about cybersecurity issues. INsecurity focuses on the everyday practices of the IT security department,...

AutoMobility LA (Los Angeles, California, USA, November 27 - 30, 2017) The Los Angeles Auto Show Press & Trade Days and Connected Car Expo have MERGED to form AutoMobility LA, the new auto industry’s first true trade show. Register to join us in Los Angeles this November.

Global Conference on Cyberspace (GCCS) (New Dehli, India, November 23 - 24, 2017) The Global Conference on Cyberspace (GCCS) aims to deliberate on the issues related to promotion of cooperation in cyberspace, norms for responsible behaviors in cyberspace and to enhance cyber capacity...

Aviation Cyber Security (London, England, UK, November 21 - 22, 2017) Join us on November 21/22 in London, England for the Cyber Senate Aviation Cyber Security Summit. We will address key issues such as the importance of information sharing and collaboration, supply chain...

Cyber Security Opportunities in Mexico Webinar (Washington, DC, USA, November 15, 2017) Learn about the cyber security opportunities in Mexico. Mexico is ranked 28th out of 164 countries in the ITU's 2017 Global Cyber Security Index. Companies spend approximately 3.5% of their IT budgets...

Federal IT Security Conference (Columbia, Maryland, USA, November 14, 2017) The Federal IT Security Institute (FITSI) in partnership with Phoenix TS in Columbia, MD is hosting the second annual Federal IT Security Conference. Speakers from NIST, DHS, the Defense Department as...

Sector (Toronto, Ontario, Canada, November 13 - 15, 2017) Illuminating the Black Art of Security. Now entering its 11th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving...

Countermeasure (Ottawa, Ontario, Canada, November 9 - 10, 2017) Now into its sixth year in Ottawa, and consistently advancing in both size and content quality, COUNTERMEASURE continues to be the national capital's premier IT security event. As in years past, attendees...

2017 ICIT Gala & Benefit (Washington, DC, USA, November 9, 2017) The Annual ICIT Gala and Benefit is the year’s most prestigious and intimate gathering of legislative, agency and private sector leaders committed to protecting our Nation’s critical infrastructures. This...

4th Annual Journal of Law & Cyber Warfare Conference (New York, New York, USA, November 9, 2017) Join thought leaders across the industry for a day of collaboration and education with an outstanding group of cyber security experts. In this one-day program, we continue JLCW's 5+ year reputation for...

Fourth Annual JLCW Conference (New York, New York, USA, November 9, 2017) The 2017 Journal of Law and Cyber Warfare symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from...

Cyber Southwest (Tucson, Arizona, USA, November 9, 2017) CSW will focus on creating a positive, unique, and highly productive unification point to further Arizona's developing leadership in cybersecurity. Cyber Southwest is an annual event, and a platform for...

SINET Showcase 2017 (Washington, DC, USA, November 8 - 9, 2017) SINET – Washington DC provides a platform to identify and highlight “best-of-class” security companies that are addressing the most pressing needs and requirements in Cybersecurity. As always, this event...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.