skip navigation

More signal. Less noise.

Do you know the best practices for applying threat intelligence?

Threat intelligence is one of the most talked about areas of information security today, but how do you actually use it? Learn best practices for applying threat intelligence with Recorded Future's latest white paper. Download your free copy now.

Daily briefing.

Fancy Bear (APT28, or, to name it directly, Russia's GRU) is snuffling around people thinking about attending next month's CyCon conference in Washington, DC. Sponsored jointly by the US Army Cyber Institute and NATO's Cooperative Cyber Defence Centre of Excellence, this year the well-known conference takes "the future of cyber conflict" as its theme. Fancy Bear is phishing for prospective attendees with a baited Word document that carries Seduploader as its payload. Seduploader is a reconnaissance tool useful in determining which targets deserve closer attention. The phishbait document, a cut-and-paste job designed to look like an event flier, is "Conference_on_Cyber_Conflict.doc." Stay away from it and the malicious Visual Basic for Applications (VBA) macro it contains.

Security experts are still waiting for the Reaper (also called "IoTroop") IoT botnet storm to hit. Many think the distributed denial-of-service campaign Reaper appears being readied for to dwarf Mirai's.

Kaspersky's counter to the US Government's ejection of the company's software from Federal networks (and the non-governmental users who are following suit) is an offer of a "Global Transparency Initiative," in which the company would offer its source code for public, independent inspection.

A Twitter executive was apparently successfully trolled by Russian influence operators in 2016, induced to retweet positive stories from a bogus Black Lives Matter activist. Observers take the incident as a cautionary tale of how grooming influencers works.

Two active malware campaigns bear watching in the wild: MacOS Proton backdoors distributed through Trojanized Elmedia players, and Magniber ransomware circulating through East Asia.


Today's issue includes events affecting Australia, Brazil, China, India, Ireland, Israel, Democratic Peoples Republic of Korea, Republic of Korea, Russia, Spain, Taiwan, United Arab Emirates, United Kingdom, United States.

Maturing a threat intelligence program.

Whether you are getting started with threat intelligence or seeking to expand an existing program, the Threat Intelligence Maturity Model provides a systematic guide to help you understand where your organization resides on the path to a mature threat intelligence program. Download this white paper to learn how to apply threat intelligence to identify adversaries, prioritize your efforts, and take decisive action to keep your business on course.

Remember to check out today's podcast. Today we hear from our partners at Level 3 Communications, as Dale Drew discusses supply chain security management. And if you haven't heard it yet, give a listen to this weekend's Research Saturday, featuring Cloudflare's head of Trust and Safety, Justin Paine, who talks us through the story of the WireX botnet.

Earn a master’s degree in cybersecurity from SANS (Online, October 30, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Monday, October 30th, at 3:00 pm ET. For complete information on master’s degree and graduate certificate programs, visit

Cyber Security Summit: Boston and Los Angeles (Boston, Massachusetts, USA, November 8, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security on November 8 in Boston and November 29 in Los Angeles. Register with promo code cyberwire50 for half off your admission (Regular price $350).

Dateline ICS Security Conference

2017 ICS Cyber Security Conference (Control Global) The 17th ICS Cyber Security Conference will be held the week of October 23rd in Atlanta, GA (

Panel session on using cyber to manipulate physics to cause kinetic damage (Control Global) October 25th at the 2017 ICS Cyber Security Conference in Atlanta, Neil Holloran, Ken Loparo from Case Western, and myself will host a panel session on using cyber means to manipulate physics.

Cyber Attacks, Threats, and Vulnerabilities

Russia’s Election Hackers Use D.C. Cyber Warfare Conference as Bait (The Daily Beast) The Kremlin’s top hackers are turning a gathering packed with NATO and U.S. military cyber defenders into an opportunity for more attacks.

“Cyber Conflict” Decoy Document Used In Real Cyber Conflict (Talos Intelligence Blog) Cisco Talos discovered a new malicious campaign from the well known actor Group 74 (aka Tsar Team, Sofacy, APT28, Fancy Bear…).

Twitter CEO Jack Dorsey Retweeted Alleged Russian Trolls (The Daily Beast) Even Jack Dorsey fell for Moscow’s propaganda, it appears. He retweeted messages from an account identified by an independent Russian news agency as Kremlin-created.

Report: Twitter CEO took a Russian impostor’s bait in 2016 (Ars Technica) The retweets were for innocent, “positive" stories.” And that was the point.

Antisocial media? (TechCrunch) As Facebook finds itself publicly on the hook for enabling Russian agents to spread divisive propaganda via its platform, be it in the form of fake news,..

GCHQ foils Northern Ireland cyber attack ( Northern Ireland infrastructure has been hit by

U.S. warns public about attacks on energy, industrial firms (Reuters) The U.S government issued a rare public warning that sophisticated hackers are targeting energy and industrial firms, the latest sign that cyber attacks present an increasing threat to the power industry and other public infrastructure.

US DHS Warns CNI Firms of Dragonfly Attacks (Infosecurity Magazine) US DHS Warns CNI Firms of Dragonfly Attacks. New campaign focused on stealing ICS and SCADA data

India is an unexpected axis of North Korea's suspect cyber activity (Quartz) Researchers have discovered patters of internet use that mirror those of hackers based in China.

‘IOTroop’ Botnet Could Dwarf Mirai in Size and Devastation, Says Researcher (Threatpost) Malware dubbed IOTroop that researchers say is 'worse than Mirai' has already infected one million businesses worldwide.

Hackers scanning for unsecured SSH private keys on WordPress sites (SC Magazine) Lack of key security allows criminals keys to the kingdom after scanning 25,000 systems per day to find unsecured SSH private keys.

Hackers Distribute Malware-Infected Media Player to Hundreds of Mac Users (Motherboard) Yet another software supply-chain attack hits popular applications.

MacOS Proton backdoor delivered via Trojanized media player app (Help Net Security) A Trojanized version of Elmedia Player software for Mac was available for download for who knows how long from the developer's official site.

New Magniber Ransomware Targets South Korea, Asia Pacific (Threatpost) Researchers identified a new ransomware family called Magniber that uniquely only targets users in South Korea and the Asia Pacific regions.

Security Experts Disturbed by Magniber Ransomware (Virus Guides) Security researchers got disturbed by a brand new ransomware family, called Magniber. The malicious threat is being distributed via the Magnitude exploit k

Malware Invaders - Is Your OS at Risk? (AlienVault) Malware Invaders - Is Your OS at Risk?

Kaspersky Lab Hits Back with Global Transparency Initiative (Infosecurity Magazine) Kaspersky Lab Hits Back with Global Transparency Initiative. Russian AV giant will offer source code for independent review

Take our word (Kaspersky Lab) Kaspersky Lab announces comprehensive transparency initiative

Kaspersky Software Hack of US Intelligence Is a New Type of ‘Trojan Horse’ (In Homeland Security) Americans paid Kaspersky Lab for the privilege of using its antivirus software that sucked out their information and sent it to Russia.

Is a telco in Brazil hosting an epidemic of open SOCKS proxies? (SANS Internet Storm Center) I became interested in how criminals and bad actors conceal the origin point of their Internet traffic. TOR, The Onion Router project, is one common way to anonymize Internet traffic. TOR nodes allow any proxy-aware application to send traffic through the encrypted anonymity tunnel...

Cloud Security Alliance Releases Updates to 'The Treacherous 12: Cloud Computing Top Threats in 2016' (PRNewswire) The Cloud Security Alliance (CSA), the world's leading organization dedicated...

Top Threats to Cloud Computing Plus: Industry Insights - Cloud Security Alliance (Cloud Security Alliance) Abstract: The Top Threats to Cloud Computing Plus: Industry Insights serves as a validation of the relevance of security issues discussed in the earlier document as wells as provides references and overviews of these incidents. In total, 21 anecdotes and examples are featured in the document. The references and overview of each anecdote and example...

Cybercriminals focus on the shipping and cloud storage sectors (Help Net Security) APWG found upticks in phishing attacks against companies in the Logistics & Shipping as well Cloud Storage & File Hosting sectors.

How I Socially Engineer Myself Into High Security Facilities (Motherboard) A pentester shares a story that shows how social engineering can get you anywhere.

In leaked audio, Facebook security chief says its corporate network is run "like a college campus" (ZDNet) The source of the recording said Facebook's senior management and executives were apathetic to matters of cybersecurity. Alex Stamos said he used one of the remarks "as a figure of speech."

Infosec shouldn't eat their own, we're better than this (Help Net Security) The foundation of a work relationship is trust. In the absence of trust, there is chaos. In the absence of trust, we all lose.

NBN attacked by pirate internet operators installing shadow networks (Australian) Pirate internet providers who are installing shadow networks for thousands of new apartments around Australia have cost the National Broadband Network tens of millions of dollars in wasted connection fees and are causing the taxpayer-owned company to lose millions more each year in lost subscriptions.

Hackers Take Over Funeral Home's Email Account and Run Online Scams (BleepingComputer) Hackers have taken over the email account of a Louisiana funeral home and are sending email scams to the company's customers, asking for money.

Security Patches, Mitigations, and Software Updates

Google might block embedded cryptocurrency mining with new Chrome feature (HackRead) Google Aims to Put an End to Secret Cryptojacking by Making In-Browser Permissions Necessary. In-browser cryptocurrency mining has become the latest obsess

Cyber Trends

The cyber man v state hackers (Times) Cyber security expert Paul C Dwyer expected a certain amount of scrutiny when he contacted whistle-blower Edward Snowden to ask him to speak at next week’s Cyber Threat Summit conference in Dublin...

Research highlights a record number of conveyancing related cyber thefts (Today's Conveyancer) The Law Society has published its latest roundup, highlighting recent research on the legal services market. The roundup covers information from legal sector bodies, the Ministry of Justice, academics and others interested in the sector. According to the report, the Solicitors Regulation Authority (SRA) has seen a record number of reports of cyber thefts from …

Aviation must rally to fight intensifying cyber threats (tnooz) Aviation industry leaders must fight growing cybersecurity threats according to a leading industry figure.

Cybersecurity tops list of concerns for IN fabricators (KPCNews)


Surveying 17 Anti-Virus Firms on Their Security Practices (BankInfo Security) The Kaspersky Lab saga raises questions about how vulnerable any anti-virus products and back-end cloud networks might be to hacking. Asked to detail exactly what

Cybersecurity Tops Venture Capital Funding ( With more than $172 million raised in total, it was a healthy week for B2B startups, though one clear winner emerged: cybersecurity, which landed nearly 70 percent of the total funding. Two cybersecurity companies came out on top, but they both focus their enterprise security efforts in different ways. It’s probably a good thing, too, […]

Is Your Business Insured Against A Cyber Attack? (JD Supra) Your business has insurance coverage for flood and fire damage. You are protected if an employee gets into a car accident. But are you covered for a cyber...

Booz Allen Hamilton (BAH) to Acquire Morphick, Inc (Street Insider) Booz Allen Hamilton (NYSE: BAH) today announced that it has entered into an agreement to acquire technology firm Morphick, Inc., a leader in managed detection and response (MDR) services.

Tech Giants Are Paying Huge Salaries for Scarce A.I. Talent (New York Times) Nearly all big tech companies have an artificial intelligence project, and they are willing to pay experts millions of dollars to help get it done.

Google partners with bug bounty platform HackerOne to reward researchers to fix Play Store apps (The Drum) To step up safety of Play Store, Google has announced a $1,000 (£760) bounty for security researchers to hack and fix the apps as part of its Google Play Security Reward Program.

IBM to boost cybersecurity awareness with start-ups (Business Standard) Globally, companies noticed a 10% drop in data breach cost

NATO’s cyber security hampered by old-style cost models and acquisition delays (Jane's 360) Officials at the NATO Communications and Information Agency (NCIA), the alliance’s cyber and information and communications technology (ICT) procurement wing, say they intend to push down the cost of NATO’s contracted cyber security products and services by, among other things, targeting the operations and maintenance (O&M) side to cyber security and shifting more of NATO’s ICT functions to the cloud.

Is Raytheon a Buy? ( Raytheon (NYSE: RTN) is a strong company with a healthy order book, yet it is also currently trading at a historically high multiple to earnings. So is now a good

Tourism attracts new Cyber security firm to Savannah (Savannah Now) Savannah’s tourism industry has played a role in attracting a new business to Bull Street.

Cohesive Networks CFO Takes National Role in Fighting Cybersecurity RisksDwight Koop Elected Treasurer of FBI's InfraGard National Member Alliance (Business Insider) Dwight Koop, Cohesive Networks’ COO and CFO, was elected to the Treasurer of the FBI's InfraGard National Member Alliance. Mr. Koop was elected at the InfraGard National Congress in Dallas September 25 - 28, 2017.

Nominet names Whitburn as SVP for cyber security (Capacity Media) Nominet has named Simon Whitburn as its new senior vice president for cyber security services as it looks to expand its presence in the sector on a global level.

Products, Services, and Solutions

Imperva Expands Global Incapsula Network to Increase Performance and Speed Attack Mitigation (BusinessWire) Imperva expands global Incapsula network to increase performance and speed attack mitigation

Find your unprotected Amazon S3 buckets with this free tool (The Next Web) Left your S3 Bucket set to public? I wouldn't.

Technologies, Techniques, and Standards

Breached? The Need for Speed in the Golden Hour (TEISS) The critical first hour or 'golden hour' is after something does slip through the net from a technical and organisational perspective

Boards need battleplan to combat cyber-attacks (Asset Finance International) More than two-thirds of FTSE 350 boards have never received any training to deal with a cyber-attack and 10% have no plans in place to respond to an incident, UK government research has revealed.

What knowledge factors qualify for true two-factor authentication? (SearchSecurity) Applying two-factor authentication to a mobile device can create confusion. Michael Cobb clears the air around knowledge factors and BYOD.

Dev writes Ethereum code for insecure SHA-1 crypto hash function (Register) Interaction with legacy systems but not all think it's a good idea

Code Signing in the Age of Cloud and IoT (Infosecurity Magazine) Code signing is the key to unlocking the IoT’s true potential, ensuring security and safety are embedded in every device.

The 10 misconceptions of using a policy-based approach for access control (Help Net Security) Attribute Based Access Control is the evolution from simple access control lists and role-based access control, to a highly flexible system.

Cyber-security means empowering staff - right down to the caretaker (Independent) The castle wall - the ultimate in safety and protection. And not just as a medieval fortress. For many years now, the castle has been used as a metaphor to teach the basic concepts...

Research and Development

‘Unhackable’ electronic chip being developed in Abu Dhabi (The National) New York University Abu Dhabi researcher says the chip, which could be used in phones, is the first prototype to have security features built into the hardware and he is inviting hackers to try to break the code

Rumbles of the Quantum Computing Revolution in Security (The Cipher Brief) Theoretical ideas appear to be on the brink of spurring a revolution in quantum technologies and, as a result, defense and national security.

Legislation, Policy, and Regulation

China goes looking online for government secrets (CSO Online) China’s president painted a picture of openness and diplomacy, but cyber activity that seems to come from the country indicate Chinese hackers pose a threat.

Hack-back bill would legalize companies hacking their attackers (Naked Security) What could possibly go wrong?

Companies Need to ‘Think Twice’ Before Retaliating Against Hackers (The Cipher Brief) While hacking back may be the most sexy of options, it is one that we should rarely employ.

Rosenstein's "Responsible Encryption" a Fallacy, Experts Say (Bigger Law Firm Magazine) U.S. Deputy Attorney General Rod Rosenstein recently reignited debate around digital encryption and its ability to thwart investigations into increasingly many crimes. In remarks delivered at the United States Naval Academy in Annapolis, Maryland, Rosenstein took Silicon Valley to task, characterizing tech companies as standing in the way of public safety.

Lady officers to be Indian Army's cyber warriors (Business Today) Seeking to open new avenues for women officers in the force, the Indian Army is planning to deploy them as cyber warriors to deal with the threats in the domain.

Litigation, Investigation, and Law Enforcement

Europol calls for cooperation on Darkweb and IOT use by criminals (SC Media UK) A coordinated law enforcement approach to Dark Web called for by Europol and Interpol; Europol/ ENISA warn of IOT use by criminals

Today’s bank heists aren't what they used to be with the battle now fought out in cyberspace (The Telegraph) Bank heists aren’t what they used to be.

UK Fraud Dominated By Cyber (Infosecurity Magazine) The most common type of fraud reported was bank and credit-card fraud, with more than 2.5 million incidents in the period.

Websites 'complicit in cyber-crime' (BBC News) A police chief calls for more to be done to tackle cyber-crime on sites such as Craigslist.

Man arrested after ‘good morning’ post was mistranslated by Facebook as ‘attack them’ (CSO Online) Israeli police arrested a Palestinian man after his “good morning” post was translated by Facebook as “attack them.”

Teen hacker sentenced for serious disruption of Phoenix 911 system (Naked Security) He intended to build a “non-harmful but annoying bug that he believed was ‘funny.’”

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Cyber Security Indonesia 2017: Shaping National Capacity for Cyber Security (Jakarta, Indonesia, December 6 - 7, 2017) Cyber Security Indonesia 2017 exhibition and conference, brought to you by the organisers of the Indonesia Infrastructure Week, will bring cyber security solutions providers together with key government...

National Insider Threat Special Interest Group Meeting (Virginia Chapter) (Herndon, Virginia, USA, December 5, 2017) The National Insider Threat Special Interest Group (NITSIG) is excited to announce it has established a Virginia Chapter. NITSIG Members and others may attend meetings at no charge. Attendees will receive...

Cyber Security Summit Los Angeles (Los Angeles, California, USA, November 30, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Los Angeles. Receive...

Cyber Security, Oil, Gas & Power 2017 (London, England, UK, November 29 - 30, 2017) ACI’s Cyber Security - Oil, Gas, Power Conference will bring together key stakeholders from energy majors and technology industries, to discuss the challenges and opportunities found in the current systems.

INsecurity (National Harbor, Maryland, USA, November 29 - 30, 2017) INsecurity is for the defenders of enterprise security—those defending corporate networks—and offers real-world case studies, peer sharing and practical, actionable content for IT professionals grappling...

INsecurity (National Harbor, Maryland, USA, November 29 - 30, 2017) Organized by Dark Reading, the web’s most trusted online community for the exchange of information about cybersecurity issues. INsecurity focuses on the everyday practices of the IT security department,...

AutoMobility LA (Los Angeles, California, USA, November 27 - 30, 2017) The Los Angeles Auto Show Press & Trade Days and Connected Car Expo have MERGED to form AutoMobility LA, the new auto industry’s first true trade show. Register to join us in Los Angeles this November.

Global Conference on Cyberspace (GCCS) (New Dehli, India, November 23 - 24, 2017) The Global Conference on Cyberspace (GCCS) aims to deliberate on the issues related to promotion of cooperation in cyberspace, norms for responsible behaviors in cyberspace and to enhance cyber capacity...

Aviation Cyber Security (London, England, UK, November 21 - 22, 2017) Join us on November 21/22 in London, England for the Cyber Senate Aviation Cyber Security Summit. We will address key issues such as the importance of information sharing and collaboration, supply chain...

Cyber Security Opportunities in Mexico Webinar (Washington, DC, USA, November 15, 2017) Learn about the cyber security opportunities in Mexico. Mexico is ranked 28th out of 164 countries in the ITU's 2017 Global Cyber Security Index. Companies spend approximately 3.5% of their IT budgets...

Federal IT Security Conference (Columbia, Maryland, USA, November 14, 2017) The Federal IT Security Institute (FITSI) in partnership with Phoenix TS in Columbia, MD is hosting the second annual Federal IT Security Conference. Speakers from NIST, DHS, the Defense Department as...

Sector (Toronto, Ontario, Canada, November 13 - 15, 2017) Illuminating the Black Art of Security. Now entering its 11th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving...

Countermeasure (Ottawa, Ontario, Canada, November 9 - 10, 2017) Now into its sixth year in Ottawa, and consistently advancing in both size and content quality, COUNTERMEASURE continues to be the national capital's premier IT security event. As in years past, attendees...

2017 ICIT Gala & Benefit (Washington, DC, USA, November 9, 2017) The Annual ICIT Gala and Benefit is the year’s most prestigious and intimate gathering of legislative, agency and private sector leaders committed to protecting our Nation’s critical infrastructures. This...

4th Annual Journal of Law & Cyber Warfare Conference (New York, New York, USA, November 9, 2017) Join thought leaders across the industry for a day of collaboration and education with an outstanding group of cyber security experts. In this one-day program, we continue JLCW's 5+ year reputation for...

Fourth Annual JLCW Conference (New York, New York, USA, November 9, 2017) The 2017 Journal of Law and Cyber Warfare symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from...

SINET Showcase 2017 (Washington, DC, USA, November 8 - 9, 2017) SINET – Washington DC provides a platform to identify and highlight “best-of-class” security companies that are addressing the most pressing needs and requirements in Cybersecurity. As always, this event...

Connected Medical Device & IOT Security Summit (Baltimore, Maryland, USA, January 25 - 26, 2018) The Summit will offer practical solutions to many of the daunting security challenges facing medical device and connected health technology companies, healthcare providers, payers and patients. The program...

CyCon US (Washington, DC, USA, November 7 - 8, 2017) The 2017 International Conference on Cyber Conflict U.S. (CyCon U.S.) will take place 7-8 Nov 2017 at the Ronald Reagan Building in Washington D.C. CyCon U.S. facilitates knowledge generation and information...

RSA Conference 2017 Abu Dhabi (Abu Dhabi, UAE, November 7 - 8, 2017) RSA Conference 2017 Abu Dhabi is the leading information security event in the region. This year's Conference will take place 7 to 8 November at the Emirates Palace in Abu Dhabi. Join us for two days of...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.