skip navigation

More signal. Less noise.

Do you trust your threat detection plan?

62% of cyber security professionals identified the inability to detect advanced threats as their most significant challenge. Learn about their top threat monitoring and detection challenges from the Delta Risk sponsored report. Download your free copy now.

Daily briefing.

It came to light yesterday that the US National Security Agency suffered a significant intrusion by a Russian intelligence service (thought to be the FSB) in 2015. Sensitive material concerning both offensive and defensive tools and techniques is said to have been exfiltrated from a contractor's computer (where they probably shouldn't have been in the first place). 

The contractor's device was secured by Kaspersky software, and reports say that the hackers used the Kaspersky security tools as, effectively, reconnaissance to identify the material they eventually stole. Kaspersky Lab denies any complicity in the incident. Observers are divided as to whether Kaspersky cooperated with Russian intelligence services or simply had their software compromised, but there's general agreement that whatever the outcome of investigation is, it's bad news for Kaspersky.

NSA discovered the compromise in the spring of 2106, a few weeks before the ShadowBrokers began to dump what they have claimed were Equation Group hacking tools. Observers are looking into possible connections, but so far the story is still developing, and none have come to light.

The incident has brought fresh criticism to both NSA and its use of contractors.

Forbes reports that, in addition to its problem with inadvertently exposed data, Deloitte also had some employees successfully catphished by Iranian operators using a bogus Facebook page.

Apple yesterday issued an emergency patch for MacOS that closes a serious Keychain vulnerability.

German authorities have dropped their post-Snowden investigation of alleged GCHQ and NSA surveillance of German targets (including Chancellor Merkel's phone).


Today's issue includes events affecting European Union, Germany, Ireland, Japan, Democratic Peoples Republic of Korea, NATO/OTAN, Poland, Russia, Syria, Ukraine, United Kingdom, United States.

A note to our readers: Monday is Columbus Day, and we'll be observing the holiday by taking a break from publication. The CyberWire Daily News Briefing and Podcast will be back as usual on Tuesday. We'll also be covering two events next week, the Association of the United States Army's annual meetings (Monday through Wednesday; we'll be at the Military Cyber Professionals Association Cyber Pavilion, so say hello if you drop by) and CyberMaryland (Wednesday and Thursday). Watch for reports and updates.

Survey says: frameworks are good, compliance could be better.

How does the public sector view the state of cyber risk management, IT modernization, and the role of cybersecurity standards in improving our nation’s cyber posture?  A survey of government and industry attendees at the 2017 AWS Public Sector Summit provides a unique window into the perceptions, challenges and opportunities for cyber risk management. Download your copy of the 2017 Public Sector Cyber Risk Management Report.

In today's podcast, we hear from our partners at Lancaster University as Awais Rashid discusses securing the supply chain. Our guest is Timothy H. Edgar, author of Beyond Snowden: Privacy, Mass Surveillance, and the Struggle to Reform the NSA.

3rd European Cybersecurity Forum – CYBERSEC (Krakow, Poland, October 9 - 10, 2017) CYBERSEC is a unique Europe-wide, annual public policy conference dedicated to strategic aspects of cybersecurity. Conference’s mission is to foster the building of a Europe-wide cybsersecurity system and create a dedicated collaborative platform for governments, international organisations, and key private-sector organisations.

UMBC Cybersecurity Graduate Info Session (Rockvale, Maryland, USA, October 11, 2017) Learn how UMBC’s graduate programs in Cybersecurity can elevate your career at our upcoming Info Session. Led by industry experts, our programs combine hands-on technical training with unparalleled opportunity.

CyberMaryland Conference: Baltimore Convention Center October 11-12 (Baltimore, Maryland, USA, October 11 - 12, 2017) The CyberMaryland Conference is an annual two-day event that brings together academia, government and private industry organizations. The theme, “Leading the Cyber Generation,” emphasizes information sharing and networking opportunities for development of cyber assets on both the human and technological side.

The International Information Sharing Conference on October 31 and November 1 in Washington, D.C. (Washington, DC, USA, October 31 - November 1, 2017) Join us for the inaugural International Information Sharing Conference hosted by the ISAO SO. This two-day event, a first of its kind, will convene practitioners from small businesses to multi-national corporations and from information sharing newcomers to well-established cybersecurity organizations.

Cyber Attacks, Threats, and Vulnerabilities

Russian Hackers Stole NSA Data on U.S. Cyber Defense (Wall Street Journal) Hackers working for the Russian government stole a vast collection of highly classified material from the home computer of a National Security Agency contractor, said people familiar with the matter. The breach could enable Russia to evade NSA surveillance and more easily infiltrate U.S. networks.

Russian government hackers used antivirus software to steal U.S. cyber capabilities (Washington Post) Employee who took classified material home was running Russian antivirus software on his computer, according to people familiar with the matter.

Investigators say Russian hackers exploited Kaspersky software to steal classified NSA documents (Pittsburgh Post-Gazette) It would be the third time since 2013 that a theft of sensitive information involving an NSA contractor has become publicly known.

Ex-NSA Hackers Are Not Surprised by Bombshell Kaspersky Report (Motherboard) Former NSA hackers respond to the revelation of yet another breach at the spy agency.

Russia reportedly stole NSA secrets with help of Kaspersky—what we know now (Ars Technica) Proven or not, the accusations almost certainly mean the end of Kaspersky as we know it.

More questions than answers after a third data breach at the NSA is revealed (CSO Online) A report in The Wall Street Journal says that hackers working for the Russian government stole sensitive documents from a NSA contractor's home computer. The story goes on to say the contractor was targeted after the files were discovered by Kaspersky's Anti-Virus software, somewhat explaining the U.S. government's push to ban the software on its systems.

Guess Which Software Russian Hackers Targeted to Steal NSA Secrets (Forbes) Just a few months ago, a team of security researchers at SafeBreach showed how several popular antivirus tools could be exploited to act as spying tools.

NSA contractors back in spotlight after reported Russian theft (POLITICO) The Kremlin's spies reportedly uncovered the secret cyber weapons on a personal laptop running software made by Kaspersky Lab.

Another NSA Contractor Stole Documents. Now the Russians Have More U.S. Hacking Tools. (Slate Magazine) The NSA is leaking like a sieve. What does that mean for the private data it holds on you?

The NSA Officially Has a Rogue Contractor Problem (WIRED) After the revelation of the third contractor leak in as many years, the agency has a clear operational security problem.

Smartphones of NATO Soldiers Compromised By Russian Hackers (HackRead) North Atlantic Treaty Organization, which is universally famous as NATO, has been targeted by none other but the country that is a pro at hacking and eaves

John Kelly's personal phone may have been breached (Washington Examiner) Government officials are unsure when or where the phone was initially compromised and what information, if any, was obtained.

Iranian Hackers Targeted Deloitte Via A Seriously Convincing Facebook Fake (Forbes) As America frets over Russians running rampant on Facebook, other adversaries have been exploiting the social network as a way into some of the world's biggest businesses.

Deloitte: would two-factor authentication really have helped? (TEISS) Two-factor authentication will protect you some, but not all of the time. It can deflect your average, opportunistic hackers but not all

FormBook Infostealer Sold on Hacking Forums Is Becoming Quite a Threat (BleepingComputer) During the past few months, malware campaigns distributing a previously unknown infostealer have ramped up, according to reports by Arbor Networks, FireEye, and the Internet Storm Center (ISC SANS).

KnockKnock campaign targets Office 365 corporate email accounts (Help Net Security) The KnockKnock campaign has a focus on precision targeting instead of high volume targeting, attacks averaged five email addresses for each customer.

Why Wannacry Was Just a “Warm-Up” (Infosecurity Magazine) It is only a matter of time before Western economies such as the US and the UK are hit by a massive cyber-attack aimed at taking down critical utilities or financial infrastructure.

When Phishing Starts from the Inside (Trend Micro Simply Security) A growing concern of security professionals is internal phishing attacks – phishing emails sent from one trusted user to another of the same organization. Internal phishing emails are used in multi-stage attacks in which an email account is owned either by controlling the users device with previously installed malware or by compromising the account credentials...

PoC for several Magento vulnerabilities released, update now! (Help Net Security) DefenseCode has published PoC code for two CSRF and stored XSS vulnerabilities affecting a number of versions of the popular e-commerce platform Magento.

Hundreds of Printers Expose Backend Panels and Password Reset Functions Online (BleepingComputer) A security researcher has found nearly 700 Brother printers left exposed online, allowing access to the password reset function to anyone who knows what to look for.

CloudFlare Boots Off Torrent Site For Using Cryptocurrency Miner (HackRead) CloudFlare says sites running mining code without notifying users are considered to be malware. In the last couple of weeks, researchers discovered an incr

Sonic Confirms Malware Breach After Customer Card Data Lands on Carding Shops (BleepingComputer) Sonic Drive-In, a fast food chain with over 3,600 restaurants across the US, has acknowledged a malware breach that affected an yet unidentified number of locations.

Security Patches, Mitigations, and Software Updates

Emergency Apple Patch Fixes High Sierra Password Hint Leak (Threatpost) Apple rushed out an emergency patch that fixed an bug in High Sierra that revealed APFS volume passwords via the password hint feature.

macOS High Sierra Update Patches Keychain Access Flaw (Security Week) An update released on Thursday by Apple for its macOS High Sierra operating system patches two vulnerabilities, including one that allows malicious applications to steal passwords from the Keychain.

‘Mind-Boggling’ Math Could Make Blockchain Work for Wall Street (Bloomberg) A major breakthrough in cryptography may have solved one of the biggest obstacles to using blockchain technology on Wall Street: keeping transaction data private.


Cybersecurity isn't just for the CISOs ( Baltimore) At the latest edition of the Waterfront Tech Series, Maryland cybersecurity leaders talked about implications for business and tech.

Beyond GDPR: Data protection as a competitive advantage (Help Net Security) Seventy percent of respondents to a McAfee survey believe the implementation of GDPR will make Europe a world leader in data protection.

Former Intel security researchers launch firmware-targeted startup, land $2M (Portland Business Journal) A pair of former Intel Corp. security engineers and researchers have formed a new security company headquartered in Beaverton.

Broadcom, Brocade Push Back Merger Deadline (Wall Street Journal) Broadcom and Brocade Communication Systems, technology companies that have been trying to complete a $5.5 billion tie-up since last year, have agreed to push back the deal-closing deadline to allow for additional regulatory review.

French group Orange eyes growth from cybersecurity businesses (Reuters) Orange (ORAN.PA) expects growth from cybersecurity services and aims to recruit 1,000 staff in this area by 2020, France's biggest telecoms group said on Thursday.

Can Security Drive The Turnaround At Cisco? (Seeking Alpha) Cisco is attempting to pivot towards the security market as part of an overall product restructuring. Progress is slow, and security still makes up a small prop

Cyber terror boosts Check Point (Globes) The Israeli company's value has been boosted 50% over the past year to nearly $19 billion.

Intercede sees huge growth in revenues as digital security sales soar (Leicester Mercury) Sales at a Lutterworth company are booming

Lawmakers to US Army: If network programs worth $6B are discarded, what’s next? (C4ISRNET) Lawmakers have roasted U.S. Army officials for abruptly scrapping its acquisition strategy months after submitting its fiscal year 2018 budget without a well-defined alternative.

Industry Veteran Thad Dupper Appointed CEO of Secure64 ( Secure64, the leading provider of Genuinely Secure DNS servers and DNS-based security solutions, today announced that Thad Dupper has been appointed Chief Executive Officer and will join the company's Board of Directors. Joe Gersch, the former CEO, has retired from the company.

Products, Services, and Solutions

New infosec products of the week​: October 6, 2017 (Help Net Security) EclecticIQ Platform 2.0 gets intelligence reporting, new UI, and more To remove one of the biggest bottlenecks in threat investigation, EclecticIQ Platform

Invizbox has announced a new InvizBox 2/2 Pro on Kickstarter for privacy/security (Movies Games and Tech) Irish cybersecurity company Invizbox has a few more days on Kickstarter for its new InvizBox 2 family of privacy and security products: InvizBox 2 and InvizBox 2 Pro. InvizBox 2 and InvizBox 2 Pro …

Introducing the Bugcrowd Researcher Advisory Council (Bugcrowd) The Bugcrowd Researcher Council provides feedback on platform designs for a direct impact on Bugcrowd bug bounty programs.

Zertificons Z1 SecureMail Gateway Release 4.12 brings new convenience features for admins (Zertificon) The Berlin-based email encryption expert Zertificon Solutions has released the Z1 SecureMail Gateway 4.12. Key new features include a policy wizard and LDAP authentication for administrators.

Cavirin Adds the NIST Cybersecurity Framework to its Hybrid Cloud Security Assessment and Remediation Platform (BusinessWire) Cavirin Systems, Inc. offers continuous security assessment and remediation for hybrid clouds, containers, and data centers, via the most comprehensiv

Crypto-Communication is Here with the BitVault (NEWSBTC) Embedded Downloads of Ireland, and VVDN Technologies, India, are set to become the producers of the world’s first crypto-communicator. Known as BitVault, the unit will work on all existing networks and will incorporate advanced blockchain security features. It appears the device will first be available for the fintech and defence market in November. The companies … Continue reading Crypto-Communication is Here with the BitVault

Arxan Named The First Application Security Solution To Receive ISO 13485 Certification (Markets Insider) Arxan Technologies, the trusted provider of application protection and management solutions, today announced that it has received an internationally recognized ISO 13485 Certification from BSI Group America Inc., a quality management systems registrar.

Farsight Security’s Flagship DNSDB Grows to 100B Records, Arming Threat Intelligence Teams with Unprecedented Historical and Real-time Intel to Fight Cybercrime (GlobeNewswire News Room) Farsight Security, Inc. today announced that Farsight’s flagship product, DNSDB, has grown from 35 billion in 2014 to over 100 billion records, each representing a unique observation of global DNS resolutions.

E8 Security gives SOCs a platform to jump into security analytics (451 Research) Security analytics have to be customized to business processes to detect advanced threats. E8 Security provides an analytic platform to help organizations catch attacks and better prioritize response within security operations centers.

Cyber Threat Alliance says it’s good to share (Computerworld) The Cyber Threat Alliance (CTA) formed earlier this year by Fortinet, McAfee, Palo Alto Networks and Symantec is taking cyber threat information sharing to a new level that it hopes will lead to all its members offering better protection against cyber threats.

Keybase launches encryption for git repositories (ZDNet) You can now encrypt repositories to keep them private and secure.

Technologies, Techniques, and Standards

Change management: Equifax highlighted the vulnerability gap between disclosure and patch (CSO Online) The Equifax breach highlighted a gap between the disclosure of a vulnerability and the implementation of a patch as a result of change management process. Adversaries seek out unpatched targets in this period of time which underscores the need for a layered security posture.

Cybersecurity: Lessons from 5 States (Government Technology) With protection from cyberthreats an ever-present concern for IT leaders at all levels, five states presented their approaches at NASCIO's annual conference in Austin.

Holograms for secure authentication still among top document security features (SecureIDNews) The decades-old technology is holding its own even as secure authentication relies more on biometrics and digital methods of ID. In spite of the newer tech, holograms are appearing on more passports and appear poised to command a place in the emerging mobile ID world.

If you use Yahoo Mail, switch to Gmail now (CSO Online) Yahoo suffered the world's biggest hack on 3 billion users. If you still use Yahoo Mail, follow these steps to switch to Gmail — the safest choice for personal email.

Leaving employees to manage their own password security is a mistake (Help Net Security) How do you manage password security in your organization? Are you focusing on the right process and using the right software? Read on to find out.

Design and Innovation

Guest blog: how blockchain can strengthen supply chain links (Loadstar) Blockchain – the technology behind digital asset and payment system Bitcoin – is being mooted as the next big thing for supply chains.

Legislation, Policy, and Regulation

'You Can't Uninvent Encryption', Cybersecurity Experts Tell Amber Rudd (Silicon UK) IP EXPO 2017: Cybersecurity panel aren't impressed with Home Secretary Amber Rudd's renewed calls for an encryption backdoor

U.S. Top Law Enforcement Call Strong Encryption a 'Serious Problem' (Threatpost) U.S. Deputy Attorney General and other top cyber policy makers warn the use of strong encryption hobbles law enforcement’s ability to protect the public and solve crimes and is a serious problem.

White House cybersecurity czar: 'We are certainly not asking for a back door' (CNBC) White House cybersecurity coordinator Rob Joyce says the government supports encryption.

House Cyber Leader Wants to Give Equifax the Kaspersky Treatment (Nextgov) Rep. John Ratcliffe wants DHS to issue a binding operational directive to end a $7 million Equifax contract with IRS.

Former Head of AT&T Had a Top Secret Security Clearance, Like Many Others in the Tech Community (Paleofuture) The former head of AT&T, Robert Eugene Allen, passed away in September 2016 at the age of 81. And while Allen’s 223-page FBI file is relatively unexceptional, it serves as a good reminder that telecommunications companies have been working on sensitive government work for their entire existence.

Litigation, Investigation, and Law Enforcement

Germany drops mass US, UK spying probe (Euronews) The decision comes four years after whistle-blower Edward Snowden accused the US National Security Agency (NSA) of bugging Chancellor Angela Merkel's private cell phone and massively spying on citizens of allied countries.

Judge denies bail for woman accused of leaking US secrets (Military Times) A woman charged with leaking U.S. secrets must remain jailed until her trial, a federal judge ruled Thursday, saying her release would pose an “ongoing risk to national security.”

Mueller's team met with Russia dossier author (CNN) Investigators met with the former British spy whose dossier on alleged Russian efforts to aid the Trump campaign spawned months of investigations, per sources.

Mattis warns DoD against leaks in new memo (Military Times) The Oct. 3 memo was driven in part by leaks after May 2017 Manchester attack.

Police expose group suspected of stealing 240 mil. yen using internet banking malware (The Mainichi) Police have exposed a criminal group using the internet banking malware

Judge: Wells Fargo directors can’t duck claims over fake accounts (Maryland Daily Record) Wells Fargo & Co. executives and directors accused of steering the bank into the worst scandal of its modern history were ordered to defend a lawsuit accusing them of profiting from the creatio…

Parents Calm But Cautious After Johnston Directory Cyber Attack (WHOTV) It's been a week of worry for many as a cyber crime struck the Johnston Community School District publicly releasing the names, addresses and telephone numbers of students and sending them threatening messages.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

National Insider Threat Special Interest Group Meeting (Virginia Chapter) (Herndon, Virginia, USA, December 5, 2017) The National Insider Threat Special Interest Group (NITSIG) is excited to announce it has established a Virginia Chapter. NITSIG Members and others may attend meetings at no charge. Attendees will receive...

Upcoming Events

Federal IT Security Conference (Columbia, Maryland, USA, November 14, 2017) The Federal IT Security Institute (FITSI) in partnership with Phoenix TS in Columbia, MD is hosting the second annual Federal IT Security Conference. Speakers from NIST, DHS, the Defense Department as...

Sector (Toronto, Ontario, Canada, November 13 - 15, 2017) Illuminating the Black Art of Security. Now entering its 11th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving...

Countermeasure (Ottawa, Ontario, Canada, November 9 - 10, 2017) Now into its sixth year in Ottawa, and consistently advancing in both size and content quality, COUNTERMEASURE continues to be the national capital's premier IT security event. As in years past, attendees...

2017 ICIT Gala & Benefit (Washington, DC, USA, November 9, 2017) The Annual ICIT Gala and Benefit is the year’s most prestigious and intimate gathering of legislative, agency and private sector leaders committed to protecting our Nation’s critical infrastructures. This...

4th Annual Journal of Law & Cyber Warfare Conference (New York, New York, USA, November 9, 2017) Join thought leaders across the industry for a day of collaboration and education with an outstanding group of cyber security experts. In this one-day program, we continue JLCW's 5+ year reputation for...

CyCon US (Washington, DC, USA, November 7 - 8, 2017) The 2017 International Conference on Cyber Conflict U.S. (CyCon U.S.) will take place 7-8 Nov 2017 at the Ronald Reagan Building in Washington D.C. CyCon U.S. facilitates knowledge generation and information...

RSA Conference 2017 Abu Dhabi (Abu Dhabi, UAE, November 7 - 8, 2017) RSA Conference 2017 Abu Dhabi is the leading information security event in the region. This year's Conference will take place 7 to 8 November at the Emirates Palace in Abu Dhabi. Join us for two days of...

National Initiative for Cybersecurity Education Conference and Expo (Dayton, Ohio, USA, November 7 - 8, 2017) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. The demand for cybersecurity positions in both the public and private sector is large and growing,...

POC 2017 (Seoul, Korea, November 2 - 3, 2017) POC started in 2006 and has been organized by Korean hackers & security experts. It is an international security & hacking conference in Korea. POC doesn't pursue money. POC concentrates on technical and...

Cyber Security Summit: Boston (Boston, Massachusetts, USA, November 1, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Boston. Receive...

2017 International Information Sharing Conference (Washington, DC, USA, October 31 - November 1, 2017) Join us for the inaugural International Information Sharing Conference hosted by the Information Sharing and Analysis Organization Standards Organization (ISAO SO), with participation from the Department...

2017 International Information Sharing Conference (Washington, DC, USA, October 31 - November 1, 2017) Join us for the inaugural International Information Sharing Conference hosted by the Information Sharing and Analysis Organization Standards Organization (ISAO SO), with participation from the Department...

2017 Annual Conference: Networking the Future (Tampa, Florida, USA, October 27, 2017) Networking the Future is the Florida Center for Cybersecurity's fourth annual conference and will host hundreds of cybersecurity technical and non-technical stakeholders from industry, government, the...

RETR3AT Cybersecurity Conference (Montreat, North Carolina, USA, October 27, 2017) Each year, Montreat College’s Center for Cybersecurity Education and Leadership hosts RETR3AT, a conference designed to engage, educate, and raise awareness about cybersecurity in Western North Carolina...

RETR3AT Cybersecurity Conference (Montreat, North Carolina, USA, October 27, 2017) Each year, Montreat College’s Center for Cybersecurity Education and Leadership hosts RETR3AT, a conference designed to engage, educate, and raise awareness about cybersecurity in Western North Carolina...

Digital Risk Summit (Washington, DC, USA, October 25 - 27, 2017) Hosted by Neustar, the Digital Risk Summit is a forward-looking educational conference packed with actionable intelligence and best practices for all types of organizations. If you interact with consumers,...

European Smart Homes 2017 (London, England, UK, October 25 - 26, 2017) ACI’s European Smart Homes 2017 will will bring together key industry stakeholders from the energy industry, IT, telecoms operators, retailers, solution distributors utilities, insurance and property management...

PCI Security Standards Council: 2017 Europe Community Meeting (Barcelona, Spain, October 24 - 26, 2017) Three days of networking and one-of-a-kind partnership opportunities await you. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll find it all at the...

Industrial Control Systems (ICS) Cyber Security Conference USA (Atlanta, Georgia, USA, October 23 - 26, 2017) Since 2002, the ICS Cyber Security Conference has gathered ICS cyber security stakeholders across various industries and attracts operations and control engineers, IT, government, vendors and academics.

Cyber Security Summit 2017 (Minneapolis, Minnesota, USA, October 23 - 25, 2017) Cyber Security Summit is a public-private collaboration with support from industry, government, and university leaders who gather to discuss security trends and solutions. The 7th Annual Summit will bring...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.