skip navigation

More signal. Less noise.

How do you take the guesswork out of evaluating anti-malware products in-house?

Anti-malware protection is a cornerstone of information security, so when it comes to testing, don’t take the vendor’s word for it. Test for yourself.

Daily briefing.

North Korean cyber operators are reported to be probing various US companies for vulnerability to attack. FireEye reports that it detected and stopped spearphishing attempts against utility company officers in late September. An attack on the North American power grid would of course be attractive to DPRK war planners, but doing so isn't as simple as zombie apocalypse tales might lead one to believe. ICS security firm Dragos, for one, regards the likelihood of a grid takedown as fairly remote.

Most of the press attention has understandably focused on targeting of electrical utilities, but the campaign is broader than that: Pyongyang appears interested in industrial control systems generally. South Korean sources are reporting an interesting twist on the North's approach to cyber operations. They think they're seeing hacktivism, which would seem difficult to foster in a country as closed and tightly controlled as the DPRK.

Revelations that Kaspersky security software appear to have been subverted into espionage tools prompt reflection on the risks anti-virus products present, given the access they typically require. This would seem an instance of the familiar dual-use problem (another instance would be the ease with which benign scanners could be converted into denial-of-service tools).

More inadvertent cloud exposures contribute to a growing mood of learned helplessness concerning personal and other sensitive data.

Google Home's Mini smart speakers appear to have been listening as well as speaking, and reporting conversations back to Mountain View. Google has patched to fix the privacy bug, but consumers find it unnerving. 


Today's issue includes events affecting Australia, China, European Union, Germany, Ireland, Israel, Democratic Peoples Republic of Korea, Republic of Korea, Panama, Russia, Syria, United Kingdom, United States.

A note to our readers: We'll have more extensive coverage of the Association of the United States Army annual meetings in upcoming issues. That conference wrapped up yesterday; we were able to attend many interesting sessions hosted by the Military Cyber Professionals Association. We'll also be offering an account of last night's release of a major study of cyber security policy by the Atlantic Council during an evening session in Washington, DC.

Survey says: frameworks are good, compliance could be better.

How does the public sector view the state of cyber risk management, IT modernization, and the role of cybersecurity standards in improving our nation’s cyber posture?  A survey of government and industry attendees at the 2017 AWS Public Sector Summit provides a unique window into the perceptions, challenges and opportunities for cyber risk management. Download your copy of the 2017 Public Sector Cyber Risk Management Report.

In today's podcast we speak with our partners at Palo Alto Networks, as Rick Howard updates us on the suggested reading in the Cybersecurity Canon (and he puts out a call to vote for your favorite books). Our guest is John Morello from Twistlock who talks us through the cloud-developer's challenge of securing container environments.

CyberMaryland Conference: Baltimore Convention Center October 11-12 (Baltimore, Maryland, USA, October 11 - 12, 2017) The CyberMaryland Conference is an annual two-day event that brings together academia, government and private industry organizations. The theme, “Leading the Cyber Generation,” emphasizes information sharing and networking opportunities for development of cyber assets on both the human and technological side.

Cyber Security Summit: Boston and Los Angeles (Boston, Massachusetts, USA, November 8, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security on November 8 in Boston and November 29 in Los Angeles. Register with promo code cyberwire50 for half off your admission (Regular price $350).

Dateline CyberMaryland

The message at Cyber Maryland? 'We have to work together to better secure our nation' (Baltimore Business Journal) The National Security Agency's best chance at facing a "daunting" future riddled with cyber attacks is to recruit and retain top cyber talent — and work with cyber experts outside the government, NSA Deputy Director George Barnes told an audience at the Baltimore Convention Center on Wednesday.

Maryland Commerce Hosts Midlands Engine (Baltimore City Biz List) Visit by U.K.’s premier cybersecurity cluster showcases opportunities to expand into U.S. market

Cyber Attacks, Threats, and Vulnerabilities

North Korean hackers allegedly probing US utilities for weaknesses (Register) Spear phishing emails thought to be affiliated with Pyongyang sent to electricity firms

North Korean Actors Spear Phish U.S. Electric Companies (FireEye) We can confirm that FireEye devices detected and stopped spear phishing emails sent on Sept. 22, 2017, to U.S. electric companies by known cyber threat actors likely affiliated with the North Korean government.

Hackers linked to North Korea targeted U.S. ICS companies, breached energy firm (Cyberscoop) Hackers possibly linked to North Korea were able to successfully gain access to the corporate network of at least one U.S.-based energy company in recent months, according to multiple sources with knowledge of a recent cyber threat intelligence report on the matter.

Could cyberattacks knock out lights in the US? Not so easily (ABC News) Hackers likely linked to the North Korean government targeted a U.S. electricity company late last month, according to a security firm that says it detected and stopped the attacks. John Hultquist, director of intelligence analysis for FireEye, said Wednesday that phishing emails were sent...

North Korea's evolving hacking capability poses threat to South Korea (Korea Herald) North Korea’s nuclear and missile programs are all over the news globally, but the country also has one low-profile tactic designed to bring significant disruption to its adversaries: hacktivism.

Kaspersky reportedly modified its AV to help Russia steal NSA secrets (Ars Technica) Hackers used company’s software to secretly scan for top-secret information, WSJ says.

Russia Has Turned Kaspersky Software Into Tool for Spying (Wall Street Journal) The Russian government used a popular antivirus software to secretly search computers around the world for classified U.S. government documents and top-secret information, according to current and former U.S. officials with knowledge of the matter.

Kaspersky in focus as US-Russia cyber-tensions rise (The Economic Times) The security software firm Kaspersky has become the focal point in an escalating conflict in cyberspace between the United States and Russia.

Kaspersky, Russia, and the Antivirus Paradox (WIRED) Reports that Russia used Kaspersky antivirus to probe US targets highlight the inherent risks of software that millions rely on for protection.

Russia is laughing at the subversion of the West (Times) I must have met Reuben Falber around the time that he last took money from the Soviets. From 1958 to 1978, every few months, the rather unassuming man with the thick spectacles who was the...

Does U.S. Media Help Russia Destabilize The United States? (The Federalist) These documents suggest Russia’s attempt to ‘hack’ the 2016 election was about more. A main target and beneficiary of that effort is the American press.

Isis ‘White Widow’ Sally Jones is killed by US drone strike (Times) Sally Jones, one of the world’s most wanted terrorists, has been killed in a US drone strike in Syria, it was revealed last night. The former punk rocker from Kent, who converted to Islam and...

ISIS’s Other Victims (Foreign Policy) The world needs a plan to deal with the wives and children of the Islamic State's defeated jihadis.

Joint Strike Fighter plans stolen in Australia cyber attack (Reuters) A hacker stole non-classified information about Australia's Joint Strike Fighter program and other military hardware last year after breaching the network of a defense contractor, the defense industry minister said on Thursday.

More than 316,000 patient blood tests exposed in breach linked to home monitoring company (Fierce Healthcare) Medical information, including blood test results associated with more than 150,000 people that used an in-home testing service, were leaked after an Amazon-hosted cloud repository was misconfigured to allow public access, according to a cybersecurity firm.

Another AWS configuration error exposes Dow Jones customer data (Techgenix) At least 2.2 million Dow Jones & Co. clients had their information exposed because of an AWS configuration error — an error that may be far too common.

Equifax: up to 15 million more at risk (Naked Security) Equifax now believes 15.2 million people in the UK were affected by its data breach

Equifax, Experian: how much of our data do they hold - and how safe is it? (The Telegraph) Between them Britain's two biggest credit agencies, Experian and Equifax, control billions of items of data relating to all of our borrowing and other financial commitments - and much else beside.

This cyber attack gives new meaning to the word ‘sophisticated’ (IT World Canada) Security experts recently have taken to noting the increased sophistication of the tactics of threat actors. A column this week from Cisco

Researcher Finds Unremovable Backdoor Accounts in FLIR Thermal Security Cameras (BleepingComputer) Gjoko Krstic, a security researcher with Zero Science Labs, has discovered secret hard-coded accounts in thermal security cameras manufactured by FLIR Systems, Inc., one of the largest vendor of such products.

OnePlus accused of GDPR-busting data slurp by security researcher (Computing) OnePlus the latest smartphone maker accused of surreptitiously sending user data back to base

Google Home Mini spied on user 'thousands of times a day,' sent recordings to Google (TechRepublic) Some Google Mini smart speakers were turning themselves on and spying on users multiple times per day. Google has patched the issue, but it raises concerns about privacy.

Watch out for these high-pressure Apple malware scams (Naked Security) One site, three different Mac malware scams – just because you’re an Apple user doesn’t mean they’re not out to get you.

Cyber-crime attack hits supermarkets (BBC News) Musgrave owns SuperValu, Centra and Mace and says hackers tried to steal credit and debit card details.

If you've ever been on P[0]rnhub, something very, very terrible might just have happened (The Independent) P[0]rnhub was hit by a hack that means anyone who used it could have contracted a virus.

Security Patches, Mitigations, and Software Updates

Google’s Home Mini needed a software patch to stop some of them from recording everything (The Verge) Not great

Foxit Reader vulnerabilities: What can be done to mitigate them? (SearchSecurity) Two Foxit Reader vulnerabilities put organizations that use the program at risk. Here's an explanation of the flaws and how to stop them.

Cyber Trends

Introducing the SiteLock Website Security Insider | (The SiteLock Blog) The SiteLock Website Security Insider Q2 2017 delivers exclusive analysis on the most common cyber threats based on data from over 6 million websites.


Akamai to Acquire DNS Security Firm Nominum (Security Week) Akamai Technologies announced on Wednesday that it has agreed to acquire Nominum, a privately-held provider of DNS security solutions for carriers and enterprises.

DXC to merge with Vencore, KeyPoint creating top 5 government services firm (Washington Business Journal) The board of Tysons-based IT services behemoth DXC Technology (NYSE: DXC) has unanimously backed a plan to merge its U.S. Public Sector business with Vencore Holding Corp. and KeyPoint Government Solutions to form a publicly traded, top 5 IT services provider to the U.S. government.

RunSafe Joins Virginia’s MACH37 Cyber Accelerator Program (RunSafe) RunSafe Security, Inc., a cybersecurity startup pioneering cyber hardening technology, announced that it has been selected to join Virginia’s MACH37 program.

Engility takes in $28M DoD acquisition, weapon system cyber contract -- Washington Technology (Washington Technology) Engility receives a potential five-year, $28 million contract for cyber services to Defense Department acquisition and weapons systems.

CenturyLink cybersecurity experts go on the road to champion National Cyber Security Awareness Month (NCSAM) (Multivu) NCSAM highlights awareness and education for consumers and businesses

Case in Ann Arbor: Midwest should be home to next wave of tech startups (Crain's Detroit Business) The former CEO of AOL brings his annual Rise of the Rest bus tour to Ann Arbor to put the focus on entrepreneurs and draw more venture capital. "We need to be louder and prouder."

Identity Authentication Leader Appoints Seasoned Technology Executive and Opens UK Headquarters (Trusona) Trusona, the leading solution in #NoPasswords identity authentication, today announced Oliver “Olly” Brough has been appointed to lead the expansion of Trusona’s #NoPasswords Identity Authentication solutions into Europe, Africa and Middle East markets.

Icon Ventures Raises $265 Million Fund (Bloomberg) Most venture capital firms like to invest early or late in a startup. Icon Ventures, however, goes for the “Valley of Death,’’ that middle stage of a company’s existence where some serious money could be at stake but the path to success is unclear.

Why Intel Fought to Keep the McAfee Brand (Market Realist) Intel spun off security business

President of AT&T Government Solutions resigns ( Kay Kapoor is leaving after more than four years leading the telecom giant’s federal, state, local government division.

Secureworks Announces Departure of Its Chief Revenue Officer (BusinessWire) Secureworks Announces Departure of its Chief Revenue Officer

Distil Networks Appoints Tiffany Olson Jones as CEO (Distil Networks) Veteran Cybersecurity Executive, Tiffany Olson Jones to Drive Next Stage of Growth for Bot Detection and Mitigation Leader

Exclusive: This cybersecurity company was looking for a new No. 2, but asked the top candidate to be CEO instead (San Francisco Business Times) Rami Essaid, co-founder of cybersecurity company Distil Networks, tried for months to recruit Tiffany Olson Jones to join Distil as chief operating officer, he said, but after finally talking with her he realized he’d rather have her take over as CEO.

Products, Services, and Solutions

ObserveIT Brings Industry-First Capabilities to Market in Latest Version of its Insider Threat Security Solution (BusinessWire) ObserveIT today unveiled the latest version of its insider threat solution.

High-Tech Bridge unveils Mobile X-Ray: free mobile application security testing service (High-Tech Bridge) The new service performs dynamic (DAST), static (SAST) and behavioral analysis of native and hybrid iOS and Android apps.

Interset 5.4 Distills Billions of Cybersecurity Events Into a Handful of Actionable Leads (PRNewswire) The release of Interset 5.4, from the security-analytics innovator,...

What’s the fuzz about? Microsoft unveils its latest security tool (Naked Security) Microsoft’s got a new fuzzer… but what is fuzzing and what’s behind the recent enthusiasm for it?

Secure Channels Inc. Offers New Protocol to Vastly Improve AES-256 Encryption (Sys-Con Media) Patented protocol offers 50 percent increase in bit strength

GigaTrust Announces Secure Document and Email Collaboration for the DoD Supply Chain (BusinessWire) GigaTrust™, a leading provider of endpoint security that delivers in-use protection of documents and emails, today announced the availability of

New England Regional Cyber Range Opens At Devens (PRNewswire) New England Regional Cyber Range, announced the opening of the new...

Gigamon Introduces New Integrations with Splunk and Phantom, Bringing Its Defender Lifecycle Model to Life (PRNewswire) Gigamon Inc. (NYSE: GIMO), the industry leader in visibility...

Locking Bracket for Surface Book_October 2017 (Flickr) Explore this photo album by Kensington The Professionals' Choice on Flickr!

Technologies, Techniques, and Standards

Lessons Learned from Analyst Breaches (LookingGlass Cyber Solutions Inc.) Security analysts are the cornerstone of many business cybersecurity programs. Having experienced analysts vet threats is the catalyst for delivering timel, October 10, 2017

Write This Down. What Did We Learn From Petya And WannaCry? (ITSP Magazine) On May 12th, 2017, the first case of WannaCry ransomware was discovered and within a day, over 230,000 machines were estimated to have been infected in more than 150 countries. The scale and speed of this attack left the industry stunned.

CIS to Lead Development of Best Practices Handbook For Securing U.S. Elections Infrastructure (Markets Insider) CIS announced the development of a best practices handbook for election infrastructure to complement the U.S. Department of Homeland Security's (DHS), National Institute of Standards and Technology (NIST), and the Elections Assistance Commission's (EAC) initiatives to improve the nation's elections systems on October 10, 2017.

Legislation, Policy, and Regulation

Trump names top Kelly aide, a cybersecurity expert, to run Homeland Security (Los Angeles Times) President Trump plans to name a top aide to his chief of staff, John Kelly, as the new secretary of Homeland Security. Kirstjen Nielsen, an expert on cyber security, is expected to continue the tough enforcement policies that made Kelly a favorite of Trump's.

Trump to appoint Lockheed Martin executive to top Pentagon policy job (TheHill) President Trump plans to name John Rood, a Lockheed Martin executive and former State Department official, to the Pentagon's top policy post. 

Litigation, Investigation, and Law Enforcement

Panama Papers: German authorities carry out first raids in connection with tax leaks | News | DW | 11.10.2017 (Deutsche Welle) German officials have reportedly seized €2 million from funds embezzled by a former manager at Siemens. The German company's slush fund was disclosed in last year's leaked Panama Papers.

2 Ex-heads of Cyber Command Questioned over Alleged Election Intervention (KBS) The prosecution has summoned two former heads of the military cyberwarfare command as part of its investigation into the military body’s alleged pol

US Treasury denies domestic spying (Naked Security) An official Treasury statement describes the allegations as “flat out wrong … unfounded and completely off-base”

NSA Declassifies Internet Surveillance Files from 2011 Case (New York Times) The National Security Agency has declassified a batch of previously secret documents related to its "upstream" Internet surveillance system. The New York Times had sought the files in a Freedom of Information Act lawsuit.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Global Conference on Cyberspace (GCCS) (New Dehli, India, November 23 - 24, 2017) The Global Conference on Cyberspace (GCCS) aims to deliberate on the issues related to promotion of cooperation in cyberspace, norms for responsible behaviors in cyberspace and to enhance cyber capacity...

Aviation Cyber Security (London, England, UK, November 21 - 22, 2017) Join us on November 21/22 in London, England for the Cyber Senate Aviation Cyber Security Summit. We will address key issues such as the importance of information sharing and collaboration, supply chain...

Federal IT Security Conference (Columbia, Maryland, USA, November 14, 2017) The Federal IT Security Institute (FITSI) in partnership with Phoenix TS in Columbia, MD is hosting the second annual Federal IT Security Conference. Speakers from NIST, DHS, the Defense Department as...

Sector (Toronto, Ontario, Canada, November 13 - 15, 2017) Illuminating the Black Art of Security. Now entering its 11th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving...

Countermeasure (Ottawa, Ontario, Canada, November 9 - 10, 2017) Now into its sixth year in Ottawa, and consistently advancing in both size and content quality, COUNTERMEASURE continues to be the national capital's premier IT security event. As in years past, attendees...

2017 ICIT Gala & Benefit (Washington, DC, USA, November 9, 2017) The Annual ICIT Gala and Benefit is the year’s most prestigious and intimate gathering of legislative, agency and private sector leaders committed to protecting our Nation’s critical infrastructures. This...

4th Annual Journal of Law & Cyber Warfare Conference (New York, New York, USA, November 9, 2017) Join thought leaders across the industry for a day of collaboration and education with an outstanding group of cyber security experts. In this one-day program, we continue JLCW's 5+ year reputation for...

Fourth Annual JLCW Conference (New York, New York, USA, November 9, 2017) The 2017 Journal of Law and Cyber Warfare symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from...

SINET Showcase 2017 (Washington, DC, USA, November 8 - 9, 2017) SINET – Washington DC provides a platform to identify and highlight “best-of-class” security companies that are addressing the most pressing needs and requirements in Cybersecurity. As always, this event...

CyCon US (Washington, DC, USA, November 7 - 8, 2017) The 2017 International Conference on Cyber Conflict U.S. (CyCon U.S.) will take place 7-8 Nov 2017 at the Ronald Reagan Building in Washington D.C. CyCon U.S. facilitates knowledge generation and information...

RSA Conference 2017 Abu Dhabi (Abu Dhabi, UAE, November 7 - 8, 2017) RSA Conference 2017 Abu Dhabi is the leading information security event in the region. This year's Conference will take place 7 to 8 November at the Emirates Palace in Abu Dhabi. Join us for two days of...

National Initiative for Cybersecurity Education Conference and Expo (Dayton, Ohio, USA, November 7 - 8, 2017) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. The demand for cybersecurity positions in both the public and private sector is large and growing,...

POC 2017 (Seoul, Korea, November 2 - 3, 2017) POC started in 2006 and has been organized by Korean hackers & security experts. It is an international security & hacking conference in Korea. POC doesn't pursue money. POC concentrates on technical and...

Exploring Health IT Innovation and Cybersecurity in the Digital Era (Kalamzoo, MIchigan, USA, November 2 - 3, 2017) Government, industry and academic leaders in health information technology and cybersecurity will headline a conference focused on "Exploring Health IT Innovation and Cybersecurity in the Digital Era"...

Cyber Security Summit: Boston (Boston, Massachusetts, USA, November 1, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Boston. Receive...

2017 International Information Sharing Conference (Washington, DC, USA, October 31 - November 1, 2017) Join us for the inaugural International Information Sharing Conference hosted by the Information Sharing and Analysis Organization Standards Organization (ISAO SO), with participation from the Department...

2017 International Information Sharing Conference (Washington, DC, USA, October 31 - November 1, 2017) Join us for the inaugural International Information Sharing Conference hosted by the Information Sharing and Analysis Organization Standards Organization (ISAO SO), with participation from the Department...

2017 Annual Conference: Networking the Future (Tampa, Florida, USA, October 27, 2017) Networking the Future is the Florida Center for Cybersecurity's fourth annual conference and will host hundreds of cybersecurity technical and non-technical stakeholders from industry, government, the...

RETR3AT Cybersecurity Conference (Montreat, North Carolina, USA, October 27, 2017) Each year, Montreat College’s Center for Cybersecurity Education and Leadership hosts RETR3AT, a conference designed to engage, educate, and raise awareness about cybersecurity in Western North Carolina...

RETR3AT Cybersecurity Conference (Montreat, North Carolina, USA, October 27, 2017) Each year, Montreat College’s Center for Cybersecurity Education and Leadership hosts RETR3AT, a conference designed to engage, educate, and raise awareness about cybersecurity in Western North Carolina...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.