skip navigation

More signal. Less noise.

Do you know the best practices for applying threat intelligence?

Threat intelligence is one of the most talked about areas of information security today, but how do you actually use it? Learn best practices for applying threat intelligence with Recorded Future's latest white paper. Download your free copy now.

Daily briefing.

Another misconfigured Amazon Web Services S3 bucket leaks. This one belongs to the Australian Broadcasting Corporation. Amazon continues its efforts to nudge customers to more mindful use of its cloud services.

Kaspersky has released the results of its own investigation of the alleged NSA leaks that appear retrospectively to have played a role in prompting the US Government to eject Kaspersky products from its systems. Kaspersky says a laptop with a Baltimore-area IP address, and protected with Kaspersky software, was found to have been infected with what appeared to be Equation Group tools, and that those were the files Kaspersky uploaded for inspection. That there turned out to be classified files in the mix Kaspersky says was unknown at the time, and that such files were promptly deleted as soon as recognized. Kaspersky also says the laptop, which is thought to have been used by an NSA worker or contractor, was thoroughly compromised by other sources.

Bitdefender warns that the Terdot banking Trojan is a very capable information-stealer, one that would be easily adaptable into an espionage tool.

Inevitably concerns about fake news are being monetized by cyber criminals, some of whom are now offering fake-news-as-a-service, often in the forms of spoofed legitimate sites.

Criminals get disrupted when their black markets are shuttered. They will move to other dark web souks to do business, but they operated less effectively and with more leaks in their new virtual hangouts.

The new US Vulnerabilities Equities Process continues to draw generally positive reviews.


Today's issue includes events affecting Australia, China, European Union, France, NATO/OTAN, Russia, Turkey, United Kingdom, United States.

A note to our readers: We are offering continuing coverage of some recent events on our site. Today we have two new articles from CyCon US: one on the international law of conflict as it applies in cyberspace (with notes from a panel of authorities on the Tallinn Manual, and thoughts on attribution by an international law expert from Dentons) and another on Engility's cyber certification scholarship program for transitioning veterans.

Not all intelligence is created equal.

A well-informed cybersecurity strategy is essential to keeping your organization protected, but gathering global intelligence from various sources and locations is difficult. Your organization needs a partner with deep roots in cyber threat intelligence. The LookingGlass digital library (STRATISS) of strategic intelligence reports expands your understanding of the threat landscape and delivers the intelligence your decision makers want to their fingertips. Check out our intelligence here.

In today's podcast, we hear from our partners at Booz Allen Hamilton, as Chris Poulin discusses the ethical conundrums artificial intelligence will face when it begins driving cars. In an emergency, how does the self-driving car decide whom or what it's going to run over, or into? Does it protect its passengers first, no matter what, or does it apply some more complex moral calculus? Listen and discuss among yourselves when you get back to the dorm, students. And we also have a guest, Jeremy Wittkop from Intelisecure, who tells us what we need to know about the trouble with Social Security Account Numbers.

Earn a master’s degree in cybersecurity from SANS (Online, November 21, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Tuesday, November 21st, at 1:00pm ET. For complete information on master’s degree and graduate certificate programs, visit

Cyber Security Summit: Los Angeles (Los Angeles, California, USA, November 29, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security on November 29 in Los Angeles. Register with promo code cyberwire50 for half off your admission (Regular price $350).

Cyber Attacks, Threats, and Vulnerabilities

Australian Broadcasting Corporation confirms S3 data leak (ZDNet) The government-backed broadcaster has confirmed that data from an unsecured repository was exposed.

Kaspersky defends its role in NSA breach (BBC News) The Russian anti-virus company explains why it copied files off a PC used by a cyber-spy contractor.

‘US will never retract accusations against Kaspersky - Russia must always be blamed for something’ (RT International) Without evidence, US DHS ordered agencies to remove Kaspersky programs from networks, saying it may be involved in Russian intelligence spying.

Kaspersky Lab releases report into upload of NSA documents (Fifth Domain) Moscow-based cybersecurity firm Kasperksy Lab is releasing new details about how its software uploaded classified U.S. documents several years ago.

121 Pieces of Malware Flagged on NSA Employee's Home Computer (Dark Reading) Kaspersky Lab's internal investigation found a backdoor Trojan and other malware on the personal computer of the NSA employee who took home agency hacking tools.

Report Says Dissident Under Cyber, Information Attack from China (Washington Free Beacon) China is engaged in an unprecedented campaign of cyber attacks and information operations aimed at discrediting Beijing critic Guo Wengui.

Reaper: The Next Evolution of IoT Botnets (Fortinet Blog) By now, everyone should be aware of two things related to IoT devices. The first is that these devices...

Terdot Banking Trojan Could Act as Cyber-Espionage Tool (Security Week) The Terdot banking Trojan packs information-stealing capabilities that could easily turn it into a cyber-espionage tool, Bitdefender says in a new report.

Middle East 'MuddyWater' Attacks Difficult to Clear Up (Security Week) Long-lasting targeted attacks aimed at entities in the Middle East are difficult to attribute despite being analyzed by several researchers, Palo Alto Networks said this week.

Bamboozled: How a scam website reached the top of Google search ranking ( A look at how a fake website offering Windows Movie Maker software is trouble.

'Fake news' Becomes a Business Model: Researchers (Security Week) Cyber criminals have latched onto the notion of "fake news" and turned it into a profitable business model, with services starting at under $10, security researchers said Thursday.

Rogue couriers can enter your home by disabling the Amazon Key smart lock (Computing) Not so smart, after all

Amazon Key Flaw Could Let Rogue Deliverymen Disable Your Camera (WIRED) After hackers exposed a way to freeze the delivery service's security cameras, Amazon will push out a fix later this week.

Russia tried to attack the UK’s energy sector – what would a UK power grid hack be like? (Verdict) The next thing to worry about Russia hackers? A UK power grid hack. This is according to the head of the UK's National Cyber Security Centre

Nokia study damns Android security; Calls Google’s mobile OS the most vulnerable platform (MySmartPrice) It’s hasn’t been long since Nokia dropkicked Windows and came back from the grave to embrace Android. It looks like the Finnish smartphone maker has finally had an epiphany and now decided to tell us something we already know – that Android, isn’t all that great when it comes to security. Nokia study: Android is …

1 in 25 Black Friday Apps Fake, Finds RiskIQ, Threatening $10.8B in Projected Black Friday Online Sales (Business Insider) RiskIQ, the leader in digital threat management, today released its 2017 Black Friday E-commerce Blacklist.

Does GDPR enable identity theft? (Computing) Under GDPR you'll be able to ask organisations to hand over all the data they hold on you. But what happens when a cyber criminal is able to pass himself off as you, and force firms to tell him everything?

Deleted WhatsApp sent messages might not be gone forever (Naked Security) The first 100 characters are in the registry, and you don’t even have to bother with that if you have a backup app. How very Snapchat!

No more data breach details will be released: Deloitte (iTWire) Accountancy firm Deloitte says it will not be releasing any more details about the data breach that it suffered in March this year. In response to a q...

Security Patches, Mitigations, and Software Updates

Apple’s iOS 11.1.2 fixes the cold weather input bug on the iPhone X (Ars Technica) Apple Pay Cash is still coming in a later update.

Firefox Will Block Navigational Data URIs as Part of an Anti-Phishing Feature (BleepingComputer) Mozilla will soon block the loading of data URIs in the Firefox navigation bar as part of a crackdown on phishing sites that abuse this protocol.

Oracle rushes out 5 patches for huge vulnerabilities in PeopleSoft app server (Ars Technica) "JoltandBleed" memory leak gives attackers full access to business applications.

Cyber Trends

NSA: Cyber Attacks Are Becoming More Sophisticated, Aggressive and Disruptive (Washington Free Beacon) Cyber attacks by foreign nations and criminals against both government and private sector networks are increasing in both sophistication and scale.

Europe not ready for imminent cyber strikes, say infosec professionals ( Information security leaders in Europe believe a major breach of critical infrastructure is coming and that data breaches in their own organisations are imminent – yet most are not ready.

The uphill battle of beating back weaponized AI (SearchCIO) The race to exploit machine learning and other artificial intelligence technologies is not just for good guys. We live in a world of weaponized AI.

Only one-in-five major organisations confident they will be ready for GDPR (Computing) Data sprawl is a significant challenge for multi-nationals

A third of US businesses do not feel prepared for GDPR deadline (Help Net Security) 35% of US organizations don’t believe they will be fully prepared for GDPR in time for the deadline. They're apprehensive about GDPR’s impact.

Netsparker Holiday Survey: 44 Percent of Americans Fear Credit Card Information Will Be Stolen While Shopping Online (BusinessWire) Netsparker Ltd., a leading player in the web applications security industry, has today released the results of its 2017 Holiday Survey. The survey of

Poor security habits are the ideal recipe for a breach (Help Net Security) employees have more access than they should, and a large majority of them have poor security habits even when they think they don’t.

Half of consumers think that organisations don't care about their privacy (Computing) Consumers don't trust firms and are prepared to take legal action

State of Authentication: How SecureAuth Detects and Protects with Adaptive Access Control (SecureAuth) Over a twelve-month period, SecureAuth processed 617 million authentications across 500 different organizations across multiple industries.

Venafi study reveals over half of organizations do not audit SSH entitlements (Venafi) Venafi®, the leading provider of machine identity protection, today announced the results of a study on how well audits measure Secure Shell (SSH) security in their environments. Over 400 IT security professionals participated in the study, which reveals a widespread lack of SSH audits.

Lastline Reveals Predictions and Trends For the 2018 Cyberthreat Landscape (GlobeNewswire News Room) Company predicts continued rise in cybercrime will be met with advances in artificial intelligence and machine learning as emerging methods to counteract attacks


France invests in ventures focused on advanced defense tech (Defense News) France has launched a $59 million equity fund investing in small and medium enterprises specializing in advanced defense technology.

6 Cybersecurity Businesses that Present Opportunity. (HuffPost) If you’re on the lookout for a breakout growth opportunity, it’s important to look where others aren’t. And, in that case, it’s hard to argue against the...

Internet of So Much Stuff: Don't wanna be a security id-IoT (Register) IoT is not the same as IT... normal infosec does not pply

How Verizon is Building a Big Data and AI Culture (Forbes) Telecommunications has long been one of the most data-intensive industries, and some of the earliest analytical marketing initiatives originated at established firms like AT&T.

Optiv's latest acquisition brings tech expertise that's 'unparalleled in the industry' (Kansas City Business Journal) Optiv Security made its sixth acquisition in less than two years, furthering its global growth strategy.

The U.S. Military’s Favorite Cyber Platform ( Endgame has the Pentagon’s ear in the hottest security software market.

Tern's Device Authority Signs Three-Year Contract With Comodo (Interactive Investor) Shares in Tern PLC rose on Thursday as it said its investee company Device Authority has signed a three-year global original equipment manufacturer agreement with cybersecurity developer Comodo CA.

The Maryland cybersecurity startup keeping devices safe, from cameras to Barbie ( Baltimore) ReFirm Labs' platform automates the process of finding security vulnerabilities in IoT firmware. It's the latest ex-NSA team to take up residence at DataTribe in Fulton.

Tenable Will Locate Its Company Headquarters to Downtown Columbia (BusinessWire) Tenable™ Inc., officials from The Howard Hughes Corporation® (NYSE:HHC) and Maryland Governor Larry Hogan announced today that Tenable, one

Products, Services, and Solutions

New infosec products of the week​: November 17, 2017 (Help Net Security) Yoti launches digital identity app The free app is available for Apple and Android phones and takes less than five minutes to set up. People take a selfie

Ntrepid Launches Timestream 2 to Capture Complexities of Investigations and Litigation (BusinessWire) Ntrepid today announced the latest release of Timestream, the company’s patented web-based timeline visualization solution.

Secure Channels Inc. Releases Peer Review Report on Security Analysis Independently Validating Patented PKMS2 Encryption Protocol (PRNewswire) Secure Channels Inc., provider of innovative data security and access...

New Netskope Capabilities Provide Industry's Most Customizable and Intuitive Enterprise Security Management for the Cloud At Scale (PRNewswire) Netskope, the leader in cloud security, today announced the release...

Uplevel Solution Right-sizes Cybersecurity for Small-to-Medium Businesses, MSPs (PRNewswire) Uplevel Systems, provider of IT infrastructure solutions to managed...

MongoDB, Townsend Security Announce Certified Encryption Key Management (PRWeb) Townsend Security, a MongoDB Technology Partner, achieves MongoDB Enterprise Certification for Alliance Key Manager.

Raytheon, MetTel establish alliance to secure government, industry communications networks (Business Insider) Raytheon and MetTel today announced a global security alliance to protect government and commercial communications networks against growing cybersecurity threats, including those that exploit the proliferating Internet of Things (IoT). Civic Venture Working Towards Safer Online Marketplaces. (PRNewswire) is a global civic venture established with the...

CyberArk automates and simplifies protection against privileged account exploitation (CSO) CyberArk (NASDAQ: CYBR), the global leader in privileged account security, today unveiled major advancements to accelerate adoption of the most comprehensive privileged account security solution on the market.

Free Quad9 DNS service aims to make threat intel more accessible (ZDNet) IBM Security, the Global Cyber Alliance and Packet Clearing House are offering the automated security solution for free with individuals and SMBs in mind.

Content intelligence platform, Egnyte, announces full GDPR compliance (VatorNews) GDPR goes into effect on May 25, 2018 with the goal of better protecting EU citizens' personal data

Box and Dropbox rival Egnyte is aiming to capitalise on Europe's strict new data laws (Business Insider) The storage and collaboration software business has been backed by Google Ventures, which is now known as GV.

Technologies, Techniques, and Standards

CYBERCOM working through intel side of cyber defense (Fifth Domain) While intelligence for cyber defense has been slow to come online, these capabilities are now being more integrated with defensive elements.

Inside the Army’s interim WIN-T plans (C4ISRNET) WIN-T could lose funding, but soldiers around the world still rely on system capabilities so the Army is accelerating repairs and focusing on modernization.

Voting machine makers explain what they do (and don’t do) to make sure no one hacks the vote (TechCrunch) As the House and Senate continue to examine the wave of disinformation around the 2016 presidential election, concerns around the security of voting systems..

Safeguard mobile devices: VPNs and personal firewalls are vital (Help Net Security) If you want to safeguard mobile devices, security threats from public hotspots can be dramatically reduced by utilizing a personal firewall and a VPN.

Access Denied: What you need to know to protect the network [Commentary] (Fifth Domain) This story is true in essence, if not in particulars, and it is one that has played out many times across all sectors.

The Motherboard Guide to Not Getting Hacked (Motherboard) Do you want to stop criminals from getting into your Gmail or Facebook account? Are you worried about the cops spying on you? We have all the answers on how to protect yourself.

Hacking Blockchain with Smart Contracts to Control a Botnet (eSecurity Planet) Botract attack method revealed at SecTor security conference, could enable botnet to be as resilient and as distributed as the Ethereum blockchain itself.

SecTor: What the Story of David vs Goliath Teaches Cyber-Security (eSecurity Planet) While offensive attacks and zero-day vulnerabilities often grab headlines, understanding risk is the key to security.

Comment: How chip choice can affect your IoT security (Electronics Weekly) With price and performance dominating the choice of chip, many users are leaving themselves open to security issues, writes Ken Munro partner, Pen Test Partners.


Finding cyber talent among transitioning veterans: Engility's Cybersecurity Training Scholarships (The CyberWire) One company's approach to building the cyber workforce and helping veterans at the same time.

Cyber Discovery Aims to Encourage More Teens into Industry (Infosecurity Magazine) Cyber Discovery Aims to Encourage More Teens into Industry. Government’s latest initiative looks to plug chronic skills shortages

Legislation, Policy, and Regulation

China cyber watchdog rejects censorship critics, says internet must be 'orderly' (Reuters) China's top cyber authority on Thursday rejected a recent report ranking it last out of 65 countries for press freedom, saying the internet must be "orderly" and the international community should join it in addressing fake news and other cyber issues.

US coalition partners work out cyber defense for joint operations (Fifth Domain) The U.S. and four other nations worked through joint cyber defense of a mission partner network during a recent demonstration.

US official: If Turkey buys Russian systems, they can’t plug into NATO tech (Defense News) Also as a result of the buy, further action may be forthcoming that could affect the country’s acquisition or operation of the F-35.

Grading the New Vulnerabilities Equities Policy: Pass (Council on Foreign Relations) The new vulnerabilities equities process gets a passing grade but there is still room for improvement. 

White House Decision To Increase Transparency Of Cyber Vulnerability Disclosure Process Is “Exactly The Right Policy,” Says ITIF (Public) The Information Technology and Innovation Foundation (ITIF), a leading science and tech policy think tank, today applauded a White House decision to increase transparency in the vulnerabilities equities process (VEP), the interagency process which determines when and how the federal government discloses the cybersecurity vulnerabilities it discovers. Re-launch Marks New Era for IC Transparency (Office of the Director of National Intelligence) New site showcases everyday intel officers and improves data accessibility

Senator urges ad blocking by feds as possible remedy to malvertising scourge (Ars Technica) Block would happen in the event advertisers can’t curb malicious ads on their own.

FCC reportedly planning vote that could kill net neutrality next month (TechCrunch) The Federal Communications Commission will drive a stake through its own net neutrality rules roughly this time next month, if Chairman Ajit Pai gets his way...

Counterterrorism chief stepping down later this year (C4ISRNET) Nick Rasmussen will leave the government at the end of this year.

Litigation, Investigation, and Law Enforcement

International Law and Conflict in Cyberspace: Attribution, Consequences, and the Development of Norms (The CyberWire) Experts in international law and cyber operations discussed how the law of armed conflict is finding expression in cyberspace.

Dark Web Shops Are Leaking IPs Left and Right (BleepingComputer) The takedown of three major Dark Web markets by law enforcement officials over the summer has driven many vendors of illegal products to set up their own shops that, in many cases, are not properly configured and are leaking the underlying server's IP address.

Suspended .UK Domains Double in a Year (Infosecurity Magazine) Suspended .UK Domains Double in a Year. Nominet says it’s working closely with police and other agencies

Cybersecurity: A fiduciary duty (Ethical Boardroom) The recent WannaCry ransomware exploit brought into full view several factors that terrify many companies and their boards of directors.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

The 3rd Annual Billington INTERNATIONAL Cybersecurity Summit (Washington, DC, USA, November 21, 2017) The 3rd Annual Billington International Cybersecurity Summit on March 21 in Washington, D.C. at the National Press Club, will attract over 400 attendees at the leading forum on global cybersecurity in...

Aviation Cyber Security (London, England, UK, November 21 - 22, 2017) Join us on November 21/22 in London, England for the Cyber Senate Aviation Cyber Security Summit. We will address key issues such as the importance of information sharing and collaboration, supply chain...

Global Conference on Cyberspace (GCCS) (New Dehli, India, November 23 - 24, 2017) The Global Conference on Cyberspace (GCCS) aims to deliberate on the issues related to promotion of cooperation in cyberspace, norms for responsible behaviors in cyberspace and to enhance cyber capacity...

AutoMobility LA (Los Angeles, California, USA, November 27 - 30, 2017) The Los Angeles Auto Show Press & Trade Days and Connected Car Expo have MERGED to form AutoMobility LA, the new auto industry’s first true trade show. Register to join us in Los Angeles this November.

INsecurity (National Harbor, Maryland, USA, November 29 - 30, 2017) Organized by Dark Reading, the web’s most trusted online community for the exchange of information about cybersecurity issues. INsecurity focuses on the everyday practices of the IT security department,...

INsecurity (National Harbor, Maryland, USA, November 29 - 30, 2017) INsecurity is for the defenders of enterprise security—those defending corporate networks—and offers real-world case studies, peer sharing and practical, actionable content for IT professionals grappling...

Cyber Security, Oil, Gas & Power 2017 (London, England, UK, November 29 - 30, 2017) ACI’s Cyber Security - Oil, Gas, Power Conference will bring together key stakeholders from energy majors and technology industries, to discuss the challenges and opportunities found in the current systems.

Cyber Security Summit Los Angeles (Los Angeles, California, USA, November 30, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Los Angeles. Receive...

cyberSecure (New York, New York, USA, December 4 - 5, 2017) cyberSecure is a unique cross-industry conference that moves beyond the technology of cyber risk management, data security and privacy. It brings together corporate leaders from multiple function areas...

cyberSecure (New York, New York, USA, December 4 - 5, 2017) cyberSecure is a unique cross-industry conference that moves beyond the technology of cyber risk management, data security and privacy. Unlike other cybersecurity events, cyberSecure brings together corporate...

National Insider Threat Special Interest Group Meeting (Virginia Chapter) (Herndon, Virginia, USA, December 5, 2017) The National Insider Threat Special Interest Group (NITSIG) is excited to announce it has established a Virginia Chapter. NITSIG Members and others may attend meetings at no charge. Attendees will receive...

Cyber Security Indonesia 2017: Shaping National Capacity for Cyber Security (Jakarta, Indonesia, December 6 - 7, 2017) Cyber Security Indonesia 2017 exhibition and conference, brought to you by the organisers of the Indonesia Infrastructure Week, will bring cyber security solutions providers together with key government...

Third International Conference on Information Security and Digital Forensics (ISDF 2017) (Thessaloniki, Greece, December 8 - 10, 2017) A 3 day event, with presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.