skip navigation

More signal. Less noise.

Daily briefing.

4th annual Women in Cyber Security Reception kicks off in Baltimore next week.

We are very pleased to see the tremendous response to our annual Women in Cyber Security Reception next week. It’s been immensely gratifying to see all the relationships, mentorships, and partnerships that have formed over the years, and are looking forward to seeing everyone again at the Columbus Center in Baltimore’s beautiful Inner Harbor. Many thanks to all our sponsors: CenturyLink, Cylance Inc., Exelon, E8 Security, IBM, LookingGlass Cyber, Booz Allen Hamilton, ClearedJobs.Net, CyberPoint International,, Delta Risk LLC, Defense Point Security and Creatrix.

Many thanks also to our event partner, the Cybersecurity Association of Maryland and to our arts partner, Maryland Art Place. There is still time to request an invitation, or to sponsor if you are interested in supporting the reception. (And enjoy our new welcome video.)

Amid tensions over North Korea's increasingly capable missile and nuclear arsenal, reports out of South Korea indicate that someone has successfully hacked into some of Seoul's defense planning files. Agence France Presse and the Chosun Ilbo say that some 235 gigabytes of sensitive data were accessed in September of last year. They included detailed war plans to be used in the event of a North Korean attack, including plans for a decapitation strike against North Korean leadership. Some sources indicate the hackers were based in China, and there's some uncertainty as to attribution, but North Korea seems the obvious suspect to observers. Some of Pyongyang's cyber operators are known to work from China.

Facebook initially seemed uncertain that Russia had been behind some of the election-season influence operations the social media company found itself enmeshed in last year, at first pulling attribution to Russia from early versions of its report on the matter. Google is also facing renewed scrutiny over Russian ad buys.

Chinese sources deny involvement in apparent cyber attacks directed against a Chinese businessman who's been critical of alleged corruption in PRC leadership.

Palo Alto Networks reports that the OilRig threat group, prominently involved in hacking Middle Eastern targets, is back, with an enhanced set of Trojans in its toolbag.

Forrester, the market research firm, has disclosed a breach in which unauthorized parties obtained access to the company's reports.

Proofpoint warns that purveyors of Kovter malware are running a newly aggressive campaign; its apparent goal is ad fraud. 


Today's issue includes events affecting Australia, Belgium, China, European Union, France, Germany, Hungary, India, Iran, Japan, Democratic Peoples Republic of Korea, Republic of Korea, Netherlands, Poland, Russia, Saudi Arabia, Sweden, Ukraine, United Kingdom, United States.

Survey says: frameworks are good, compliance could be better.

How does the public sector view the state of cyber risk management, IT modernization, and the role of cybersecurity standards in improving our nation’s cyber posture?  A survey of government and industry attendees at the 2017 AWS Public Sector Summit provides a unique window into the perceptions, challenges and opportunities for cyber risk management. Download your copy of the 2017 Public Sector Cyber Risk Management Report.

In today's podcast we hear from our partners at Booz Allen Hamilton, as Chris Poulin talks about medical device safety. Our guest is Yassir Abousselham from Okta on the challenges that surround establishing and managing identity.

You'll also want to check out Recorded Future's latest threat intelligence podcast (produced in partnership with the CyberWire), and get the facts on Equifax.

3rd European Cybersecurity Forum – CYBERSEC (Krakow, Poland, October 9 - 10, 2017) CYBERSEC is a unique Europe-wide, annual public policy conference dedicated to strategic aspects of cybersecurity. Conference’s mission is to foster the building of a Europe-wide cybsersecurity system and create a dedicated collaborative platform for governments, international organisations, and key private-sector organisations.

CyberMaryland Conference: Baltimore Convention Center October 11-12 (Baltimore, Maryland, USA, October 11 - 12, 2017) The CyberMaryland Conference is an annual two-day event that brings together academia, government and private industry organizations. The theme, “Leading the Cyber Generation,” emphasizes information sharing and networking opportunities for development of cyber assets on both the human and technological side.

Cyber Security Summit: Boston and Los Angeles (Boston, Massachusetts, USA, November 8, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security on November 8 in Boston and November 29 in Los Angeles. Register with promo code cyberwire50 for half off your admission (Regular price $350).

Dateline AUSA 2017

4 areas where military cyber forces should focus in cyberspace (Federal Times) Given the vastness of cyberspace, one academic offers his view of the areas within cyber on which the DoD must focus its resources to be most effective.

Army to Tackle 'Significant' Modernization (SIGNAL Magazine) The Army is set to modernize by standing up a new command to transform its acquisition processes, among other things.

Cyber Attacks, Threats, and Vulnerabilities

North Korea Hacked Seoul's War Plans: Report (Security Week) North Korean computer hackers have stolen hundreds of classified military documents from South Korea including detailed wartime operational plans involving its US ally, a report said Tuesday.

US and North Korea take their jousting into cyberspace (Nikkwi Asian Review) As Trump orders DDoS attacks, Pyongyang gains new net lifeline via Russia

OilRig Group Steps Up Attacks with New Delivery Documents and New Injector Trojan (Palo Alto Networks Blog) OilRig group steps up attacks with new delivery documents and new injector trojan.

Report: Facebook removed references to Russia from fake-news report (Ars Technica) Facebook decided it didn't have enough evidence to name Russia in April report.

Google Finds Accounts Connected to Russia Bought Election Ads (New York Times) The search giant is facing increased scrutiny over its role in the 2016 presidential campaign, and is one of a number of internet companies being examined.

Cyber Attacks Targeted Interests of Billionaire Chinese Dissident (Security Week) Two recent alleged cyber attacks have more to do with politics than cybercrime

China denies links to alleged cyber attacks in United States targeting exiled tycoon Guo (SWI China has denied responsibility for alleged cyber attacks in the United States appearing to target exiled tycoon Guo Wengui, ...

Market Research Firm Forrester Says Hackers Stole Sensitive Reports (BleepingComputer) Forrester, one of the world's leading market research and investment advisory firms, admitted late Friday afternoon to a security breach that took place during the past week.

Kovter Group malvertising campaign exposes millions to potential ad fraud malware infections (Proofpoint) Proofpoint researchers recently detected a large-scale malvertising attack by the so-called KovCoreG group, best known for distributing Kovter ad fraud malware and sitting atop the affiliate model that distributes Kovter more widely.

FIN7 Hackers Change Attack Techniques (Security Week) The financially-motivated FIN7 hacking group recently switched to a new delivery technique and has been employing a different malware obfuscation method, ICEBRG security researchers reveal.

Banking Trojan Exploits Chain of Trust to Deceive Security Tools (Infosecurity Magazine) It exploits an authentic VMware binary to deceive security tools into accepting errant activity.

Advanced Threat Report: Banks Under Attack (Trustwave) Trustwave SpiderLabs has uncovered a massive onslaught against the financial industry that is poised to spread globally.

A New Player Joins Coinhive on the Browser Cryptojacking Scene (BleepingComputer) The browser cryptojacking scene has just expanded from one player to two with the recent launch of the Crypto-Loot service, a website that's eerily similar to the now notorious Coinhive in-browser miner.

Money Doesn't Grow on Trees, but it’s Growing in the Cloud (RedLock) The RedLock CSI team identified a compromised Kubernetes container belonging to a British multinational insurance company which was being used to mine Bitcoins.

Cloud at risk from cryptocurrency miners (Computing) Malicious code can go undetected, pushing up cloud prices

Some Motherboards Plagued by BIOS Firmware Implementation Flaws (BleepingComputer) Alex Matrosov, a security researcher for Cylance, has discovered several flaws in how some motherboard vendors implemented Intel's UEFI BIOS firmware into their products.

Equifax Breach Fallout: Your Salary History (KrebsOnSecurity) In May, KrebsOnSecurity broke a story about lax security at a payroll division of big-three credit bureau Equifax that let identity thieves access personal and financial data on an unknown number of Americans.

The Facts on Equifax (Recorded Future) This episode focuses on what happened to Equifax, how it might have been prevented, and what a breach of this size means for all of us.

FreeMilk Phishing Scam Hijacks Active Email Conversations to Deploy Malware (HackRead) The IT security researchers at Palo Alto Networks Unit 42 have come to know about a new, targeted spear-phishing scheme, which is designed to intercept a g

Crazy but true – Apple’s “show hint” button reveals your actual password (Naked Security) Apple’s brand new High Sierra has a bug that sometimes stores your password as your password hint, so that the hint *is* your password!

Mattel withdraws kid-focused “smart hub” from market after complaints (Ars Technica) Lawmakers, child advocates expressed concern about caregiving being “outsourced.”

Statement from Atlantic Media General Counsel Aretae Wyler on Scam Using The Atlantic Names (The Atlantic) Across the last few months, individuals posing as our editors and senior leaders have sent fraudulent job offers to unwitting freelancers or jobseekers looking to work with The Atlantic.

Cyber Trends

“Negligent and unqualified” executives have killed online privacy. Get used to it. (CSO) Experts throw up their hands as impact of mass breaches reaches “epidemic” proportions

Kaspersky Antivirus Hack a Wake Up Call for Business (The Cipher Brief) Russian state-sponsored hackers were able to steal National Security Agency material on methods they use to conduct cyber espionage as well as how they help defend critical U.S. government networks, according to The Wall Street Journal...

2017 State of Privacy & Security Awareness (Mediapro) The 2017 State of Privacy & Security Awareness reveals the awareness proficiency of employed adults across a variety of privacy and security threat vectors.


Kaspersky: "Why didn’t they report it to us?" (CIO) Kaspersky Lab chief and co-founder, Eugene Kaspersky, has taken aim at government agencies in the United States after media reports emerged last week alleging that Kaspersky Lab software was used by Russia-backed hackers to steal classified US Government information.

'The nail in the coffin': Russia's top cyber firm may have made a 'catastrophic' mistake (Business Insider) Russian hackers reportedly stole top-secret intelligence from the National Security Agency by exploiting Kaspersky antivirus software.

Office Depot, Best Buy Pull Kaspersky Products From Shelves (BleepingComputer) Both Office Depot and Best Buy have removed Kaspersky Lab products from shelves.

Guidewire to Acquire Cyence (New Kerala) Guidewire Software, Inc. (NYSE:GWRE), a provider of software products to Property and Casualty (P and C) insurers, and Cyence, Inc., today announced that the companies have entered into a definitive agreement for Guidewire to acquire Cyence.

Marlin acquires AppRiver (PE Hub) Marlin Equity Partners has acquired a majority stake in Florida-based AppRiver, a provider of cloud-based cybersecurity and productivity software and services. No financial terms were disclosed.

AVentures Capital Made $500,000 Investment to Deliver Cloud Data Protection Technology ( AVentures Capital has become the first institutional investor and has led the round into Spinbackup with $500,000 investment. Spinbackup is a premier Cloud-to-Cloud Backup & Cloud Cybersecurity solutions provider for G Suite and Office 365.

Raytheon: No Competitors And Increases In U.S. Defense Spending (Seeking Alpha) Raytheon's industry positioning provides a great ROIC. U.S. defense spending increases, will benefit Raytheon. Raytheon has virtually no direct competitors.

What just happened with Northrop and Marvel Comics? (Defense News) Northrop Grumman and Marvel Entertainment were going to announce a new partnership. Then it got cancelled. Here's what happened.

Marvel's Defense Contractor Deal Wasn't That Unusual (Screen Rant) Marvel's short-lived partnership with Northrop Grumman was nothing new.

A former Goldman Sachs VP who founded a crypto hedge fund says betting on bitcoin is like betting on the internet in the 90s (Business Insider) Matthew Goetz, a former Goldman Sachs vice president, founded BlockTower Capital, a crypto hedge fund, this year.

DNS Solution Provider Secure64 Hires Industry Vet Thad Dupper as CEO (Hosting Journalist) Secure64, a provider of purpose-built, secured, DNS-based network security products, has appointed Thad Dupper as Chief Executive Officer (CEO) – joining the company’s Board of Directors. Joe Gersch, the former CEO, has retired from the company.

MasterPeace Solutions Hires 50th Engineer; Drives Opportunities for Growth, Innovation (BusinessWire) MasterPeace Solutions, a rapidly growing cyber and software company, today announced the hiring of its 50th engineer.

Products, Services, and Solutions

Soliton Systems Invests in LookingGlass Threat Intelligence Solutions Ahead of International Sporting Events (BusinessWire) LookingGlass Cyber Solutions announced that Soliton Systems has invested significantly in innovative security platforms developed by LookingGlass.

Nozomi Networks Selected by FireEye for ICS Protocol Depth and Technical Excellence (GlobeNewswire News Room) Partnership gives FireEye new capabilities for visibility into critical infrastructure and industrial control systems

Rohde & Schwarz Cybersecurity and Saint Security Fight Virus and Malware With Artificial Intelligence-Based Advanced Threat Protection Solution (Rohde & Schwarz) Saint Security uses Rohde & Schwarz Cybersecurity’s deep packet inspection (DPI) software R&S PACE 2 in its network-based advanced malware response solution MNX to identify, analyze, judge and block malicious activity.

Telarus Adds IGI, Creator of Nodeware Cybersecurity Solution, to Supplier Team (Channel Partners) Master agent Telarus has added Infinite Group Inc. (IGI), creator of the Nodeware vulnerability management system, to its supplier team, providing its network of agents with a valuable and affordable cybersecurity solution for their product portfolios.

enSilo and Matrix42 Form Partnership to Deliver Premier Managed Endpoint Security Services Solution (PRNewswire) enSilo, the company that protects endpoints pre- and post-infection...

TazTag, Integrated Biometrics release mobile fingerprint scanner with POS capabilities (BiometricUpdate) TazTag and Integrated Biometrics have released TazPoS, a mobile fingerprint scanner with built-in point-of-sale (PoS) capabilities for law enforcement in the developing world to validate identity i…

Announcing BitSight Executive Reports (BitSight) BitSight Executive Reports enable customers to identify & report on gaps in their risk & security programs & determine what resources are needed for improvement.

Technologies, Techniques, and Standards

FASTR Consortium Releases New Recommendations for Contributing to Automotive Security Research and Innovation (FASTR) Holistic view of emerging automotive security landscape covers physical supply chain, connected vehicles, autonomous vehicles, consumer electronics and beyond.

Design and Innovation

Microsoft Wants To Put Fingerprint Sensor In Keyboard Keys, Files Patent (Fossbytes) Microsoft might be working to integrate the fingerprint sensor into the keyboard keys itself.

Research and Development

BAE Systems Develops Cyber Defense Capabilities for Military Aircraft (Sys-Con Media) BAE Systems, a leader in advanced threat management solutions, is developing cyber defense capabilities to help aircraft detect and mitigate cyberattacks in real time.


Baltimore Cyber Summit teaches kids Internet safety (WMAR) Baltimore Cyber Summit is on a mission to strengthen students’ grades 7- 12 cyber IQ, which these organizers hope will inspire students to pursue careers in technology.

Legislation, Policy, and Regulation

German Foreign Office, Intelligence Services at odds over malware stance (Xinhua) The German Foreign Office and Federal Intelligence Service (BND) are at odds over their attitudes towards the official use of "Zero-Day-Exploits" malware, the newspaper "Zeit" reports on Monday.

Expert says Germany’s ‘hack back’ proposal is a slippery slope (Security Brief) German intelligence has urged to be granted legal authority to ‘hack back’ in the event of international cyberattacks - is it the right idea though?

France plans to issuing a position on ICOs (Toinnov) According to the regulator of domestic financial markets, France is rapidly moving towards the formulation of rules regarding token sales, or initial coin offerings.

Defending UK 'digital homeland' from cyber attack as important as spying and counter terrorism, says new GCHQ director (The Telegraph) Protecting Britain from hacking and cyber attacks is as important as spying and preventing terrorism, the new head of GCHQ has said.

Will Equifax breach spur real reform? Don’t hold your breath (Naked Security) It sounded like the wake-up call to end all wake-up calls.

Why Mandating Cyber Reporting, Basic Coverage Makes Sense: Cyence Exec (Insurance Journal) Matt Honea, cyber manager at Cyence, a San Mateo, Calif.-based cyber risk modeler, thinks a great way to get companies to report cyber attacks...

Congress must take action to protect whistleblowers from the NSA (TheHill) The agency's Section 702 surveillance authority is set to expire at the end of this year unless Congress takes action.

Factions forming as Congress attempts to curb US spy power (Stars and Stripes) Schisms are brewing on Capitol Hill over a new bipartisan effort to limit the authority and extend the timeline of the National Security Agency's ability to monitor the communications of suspected foreign agents abroad...

The 20-year climb to an elevated CyberCom (FCW) Former Defense Secretary William S. Cohen recounts how a 1997 military exercise sparked the eventual creation of a unified combatant command for cyber.

House Bill Calls for New FDA-Led Device Cybersecurity Panel (Regulatory Affairs Professional Society) Republican representatives David Trott (R-MI) and Susan Brooks (R-IN) last week introduced a bill calling for the US Food and Drug Administration (FDA) to lead a new public-private working group on medical device cybersecurity.

Litigation, Investigation, and Law Enforcement

Was ISIS Responsible for the Las Vegas Attack? (Foreign Affairs) Why a false claim regarding the massacre in Las Vegas seems at odds with ISIS’ strategy.

Petition to Look at Former CBS Lawyer Underscores Ethical Risks of Social Media (New York Law Journal) After being fired for a controversial Facebook post in the aftermath of the mass shooting in Las Vegas, former CBS lawyer Hayley Geftman-Gold is the subject ...

Treasury's IG probing allegations of illegal surveillance on US citizens (Federal Times) The Treasury Department’s inspector general said Friday it is looking into allegations that a Treasury Department agency has been illegally looking at the private financial records of U.S. citizens.

UK teenager admits attempt to hack into CIA chief's computer (Guardian) Kane Gamble, 18, pleads guilty to trying to hack into the computers of senior US government officials

INTERPOL & BT sign landmark data exchange agreement to combat cybercrime (Security Brief) “Interpol’s agreement with BT is an important step in our continued efforts to ensure law enforcement worldwide has access to information they need."

Cyberstalking Suspect Arrested After VPN Providers Shared Logs With the FBI (BleepingComputer) VPN providers often advertise their products as a method of surfing the web anonymously, claiming they never store logs of user activity, but a recent criminal case shows that at least some, do store user activity logs.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Florida Center for Cybersecurity 2017 Annual Conference (Tampa, Florida, USA, October 27, 2017) Networking the Future is the Florida Center for Cybersecurity's fourth annual conference and will host hundreds of cybersecurity technical and non-technical stakeholders from industry, government, the...

SINET Showcase 2017 (Washington, DC, USA, November 8 - 9, 2017) SINET – Washington DC provides a platform to identify and highlight “best-of-class” security companies that are addressing the most pressing needs and requirements in Cybersecurity. As always, this event...

Fourth Annual JLCW Conference (New York, New York, USA, November 9, 2017) The 2017 Journal of Law and Cyber Warfare symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from...

Upcoming Events

Global Conference on Cyberspace (GCCS) (New Dehli, India, November 23 - 24, 2017) The Global Conference on Cyberspace (GCCS) aims to deliberate on the issues related to promotion of cooperation in cyberspace, norms for responsible behaviors in cyberspace and to enhance cyber capacity...

Aviation Cyber Security (London, England, UK, November 21 - 22, 2017) Join us on November 21/22 in London, England for the Cyber Senate Aviation Cyber Security Summit. We will address key issues such as the importance of information sharing and collaboration, supply chain...

Federal IT Security Conference (Columbia, Maryland, USA, November 14, 2017) The Federal IT Security Institute (FITSI) in partnership with Phoenix TS in Columbia, MD is hosting the second annual Federal IT Security Conference. Speakers from NIST, DHS, the Defense Department as...

Sector (Toronto, Ontario, Canada, November 13 - 15, 2017) Illuminating the Black Art of Security. Now entering its 11th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving...

Countermeasure (Ottawa, Ontario, Canada, November 9 - 10, 2017) Now into its sixth year in Ottawa, and consistently advancing in both size and content quality, COUNTERMEASURE continues to be the national capital's premier IT security event. As in years past, attendees...

2017 ICIT Gala & Benefit (Washington, DC, USA, November 9, 2017) The Annual ICIT Gala and Benefit is the year’s most prestigious and intimate gathering of legislative, agency and private sector leaders committed to protecting our Nation’s critical infrastructures. This...

4th Annual Journal of Law & Cyber Warfare Conference (New York, New York, USA, November 9, 2017) Join thought leaders across the industry for a day of collaboration and education with an outstanding group of cyber security experts. In this one-day program, we continue JLCW's 5+ year reputation for...

CyCon US (Washington, DC, USA, November 7 - 8, 2017) The 2017 International Conference on Cyber Conflict U.S. (CyCon U.S.) will take place 7-8 Nov 2017 at the Ronald Reagan Building in Washington D.C. CyCon U.S. facilitates knowledge generation and information...

RSA Conference 2017 Abu Dhabi (Abu Dhabi, UAE, November 7 - 8, 2017) RSA Conference 2017 Abu Dhabi is the leading information security event in the region. This year's Conference will take place 7 to 8 November at the Emirates Palace in Abu Dhabi. Join us for two days of...

National Initiative for Cybersecurity Education Conference and Expo (Dayton, Ohio, USA, November 7 - 8, 2017) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. The demand for cybersecurity positions in both the public and private sector is large and growing,...

POC 2017 (Seoul, Korea, November 2 - 3, 2017) POC started in 2006 and has been organized by Korean hackers & security experts. It is an international security & hacking conference in Korea. POC doesn't pursue money. POC concentrates on technical and...

Cyber Security Summit: Boston (Boston, Massachusetts, USA, November 1, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Boston. Receive...

2017 International Information Sharing Conference (Washington, DC, USA, October 31 - November 1, 2017) Join us for the inaugural International Information Sharing Conference hosted by the Information Sharing and Analysis Organization Standards Organization (ISAO SO), with participation from the Department...

2017 International Information Sharing Conference (Washington, DC, USA, October 31 - November 1, 2017) Join us for the inaugural International Information Sharing Conference hosted by the Information Sharing and Analysis Organization Standards Organization (ISAO SO), with participation from the Department...

2017 Annual Conference: Networking the Future (Tampa, Florida, USA, October 27, 2017) Networking the Future is the Florida Center for Cybersecurity's fourth annual conference and will host hundreds of cybersecurity technical and non-technical stakeholders from industry, government, the...

RETR3AT Cybersecurity Conference (Montreat, North Carolina, USA, October 27, 2017) Each year, Montreat College’s Center for Cybersecurity Education and Leadership hosts RETR3AT, a conference designed to engage, educate, and raise awareness about cybersecurity in Western North Carolina...

RETR3AT Cybersecurity Conference (Montreat, North Carolina, USA, October 27, 2017) Each year, Montreat College’s Center for Cybersecurity Education and Leadership hosts RETR3AT, a conference designed to engage, educate, and raise awareness about cybersecurity in Western North Carolina...

Digital Risk Summit (Washington, DC, USA, October 25 - 27, 2017) Hosted by Neustar, the Digital Risk Summit is a forward-looking educational conference packed with actionable intelligence and best practices for all types of organizations. If you interact with consumers,...

European Smart Homes 2017 (London, England, UK, October 25 - 26, 2017) ACI’s European Smart Homes 2017 will will bring together key industry stakeholders from the energy industry, IT, telecoms operators, retailers, solution distributors utilities, insurance and property management...

PCI Security Standards Council: 2017 Europe Community Meeting (Barcelona, Spain, October 24 - 26, 2017) Three days of networking and one-of-a-kind partnership opportunities await you. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll find it all at the...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.