skip navigation

More signal. Less noise.

Do you know the best practices for applying threat intelligence?

Threat intelligence is one of the most talked about areas of information security today, but how do you actually use it? Learn best practices for applying threat intelligence with Recorded Future's latest white paper. Download your free copy now.

Daily briefing.

BadRabbit seems, for now, quiet as a bunny, but it wouldn't do at all to expect that to continue. Cisco researchers found a variant of the (alleged) NSA Equation Group EternalRomance tool in BadRabbit's code, and consensus among security researchers in other companies is that BadRabbit is the work of the threat actors behind NotPetya. That would be the TeleBots APT, also known as Sandworm, which has in the past been associated with Russian security services, especially in operations directed against Ukraine. The damage done in BadRabbit's brief period of activity doesn't remotely approach that achieved by NotPetya, but, of course, BadRabbit could well return.

A majority of the targets BadRabbit hit were Russian (around 65%), but observers note that the high-value targets it clobbered were Ukrainian. Much reporting continues to treat BadRabbit as conventional criminal ransomware, but it's too early to tell, and TeleBots alleged involvement may point in a different direction.

The Reaper IoT botnet (also known as IoTroop) is still assembled and poised, but has yet to unleash the expected distributed denial-of-service attack. Researchers at NewSky Security, however, have observed disturbing signs in the cybercriminal underground that hackers are sharing malicious code suitable for integration with the botnet.

IOActive reports vulnerabilities in Inmarsat’s widely used maritime SATCOM systems.

Anonymous has surfaced, attacking Spanish government sites in apparent solidarity with the Catalan independence movement.

Twitter's newfound fastidiousness about accepting Russian ads has drawn protest from the Russian government, which feels this is unfair to Sputnik and RT.


Today's issue includes events affecting Bulgaria, Germany, Israel, Russia, Saudi Arabia, Spain, Syria, Turkey, Ukraine, United Kingdom, United States.

Maturing a threat intelligence program.

Whether you are getting started with threat intelligence or seeking to expand an existing program, the Threat Intelligence Maturity Model provides a systematic guide to help you understand where your organization resides on the path to a mature threat intelligence program. Download this white paper to learn how to apply threat intelligence to identify adversaries, prioritize your efforts, and take decisive action to keep your business on course.

In today's podcast we hear from our partners at Accenture, as Justin Harvey discusses monitoring cloud infrastructure. Our guest, Michael Sulmeyer, Director of the Cyber Security Project at the Harvard Kennedy School’s Belfer Center for Science and International Affairs, describes the Center's work.

Earn a master’s degree in cybersecurity from SANS (Online, October 30, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Monday, October 30th, at 3:00 pm ET. For complete information on master’s degree and graduate certificate programs, visit

Cyber Security Summit: Boston and Los Angeles (Boston, Massachusetts, USA, November 8, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security on November 8 in Boston and November 29 in Los Angeles. Register with promo code cyberwire50 for half off your admission (Regular price $350).

Dateline ICS Cybersecurity Conference

World's Most Common Industrial Control Protocol Dates From 1979 (BankInfo Security) Much of the world's critical infrastructure gets controlled by ICS or SCADA systems. But passive network traffic analysis by industrial control system security firm

DHS, FBI Identify Tactics in Cyberattack Campaign Targeting Industrial Control Systems (POWER Magazine) DHS and FBI warned an ongoing cyberattack campaign targeting the nuclear and energy sectors since at least May 2017 employs a number of disruptive tactics.

Quantum, darknet could solve energy sector’s cybersecurity problems (Fifth Domain) Protecting the U.S. energy grid from cyberattack requires the migration to cutting-edge technological tools such as dark fiber and quantum computing.

Cyber Attacks, Threats, and Vulnerabilities

Anonymous targets Spanish government sites in Catalan independence controversy (SC Media US) Hackers from the vigilante group Anonymous targeted websites run by Spain's Ministry of Public Works and Transport on Oct. 21 in support of the Catalan independence movement.

NATO chief says allies concerned about Russian phone jamming (C4ISRNET) A Russian communications ship in the Baltic Sea is suspected of disrupting phone services in Latvia, Norway and Sweden’s Oeland islands during the Sept. 14-20 Zapad exercises that Russia held with Belarus.

Hackers Prepping IOTroop Botnet with Exploits (Threatpost) Researchers warn that hackers have weaponized a vulnerability that could be used in an IOTroop (or Reaper) attack, bringing the likelihood of an attack one step closer.

IoT_reaper: A Few Updates (360 Netlab Blog) Here is a quick follow up post regarding to our initial blog. IoT_reaper Sample History The historical delivery of the IoT_reaper samples we observed through our honeypot are as follow: It is noticeable that most malicious samples for IoT_reaper are located at the following URL:

Infosec expert viewpoint: DDoS attacks (Help Net Security) Infosec experts from Arbor Networks, Corero Network Security, Kentik, Radware, and Trustwave, talk about the threat of modern DDoS attacks.

BACKSWING - Pulling a BADRABBIT Out of a Hat (FireEye) On Oct. 24, 2017, coordinated strategic web compromises started to distribute BADRABBIT ransomware to unwitting users. FireEye appliances detected the download attempts and blocked our user base from infection.

EternalRomance Exploit Found in Bad Rabbit Ransomware (Threatpost) Researchers at Cisco found a modified version of the leaked NSA exploit EternalRomance in this week’s Bad Rabbit attack.

Bad Rabbit Burrowing Into Networks (Infosecurity Magazine) Bad Rabbit is an example of how a small variant is enough to have similar effects comparable to previous scenarios.

Security Firms Say Bad Rabbit Attack Carried Out by NotPetya Group (BleepingComputer) Several security firms have come forward today with evidence that shows links connecting the Bad Rabbit ransomware outbreak that happened yesterday with the NotPetya ransomware outbreak that took place at the end of June, this year.

BadRabbit Attack Appeared To Be Months In Planning (BankInfo Security) The BadRabbit ransomware attack appears to have been designed for smokescreen, disruption or extortion purposes, if not all of the above. So who's gunning for

Ransomware like Bad Rabbit is big business (National Post) October is Cybersecurity Awareness month, which is being observed in the United States, Europe, and elsewhere around the world. Ironically, it began with updates about a large-scale hack, and is ending with a large-scale ransomware outbreak.

This malware turns itself into ransomware if you try to remove it (HackRead) IT security researchers at SfyLabs have discovered an Android banking malware called LokiBot that converts itself into a fully fledged ransomware once the

Lackadaisical NHS trusts to blame for WannaCry ransomware compromise, concludes National Audit Office (Computing) Department of Health warned of rising IT security risks a year before WannaCry, but NHS trusts ignored advice, claims NAO

NHS could have avoided WannaCry simply by patching Windows 7 or securing firewalls, claims NAO (Computing) All organisations infected by WannaCry shared the same vulnerability and could have taken relatively simple action to protect themselves

Regional Internet Registry Leaks WHOIS Database (Infosecurity Magazine) Regional Internet Registry Leaks WHOIS Database. APNIC blames technical error for privacy snafu

Ethereum Phishing Attack Nets Criminals 15K in Two Hours (BleepingComputer) A Ethereum phishing scam netted attackers over $15,000 in just two hours. This was done by creating a site pretended to be a popular online Ethereum wallet site and using it steal people's wallets..

Flashpoint - "Ultimate Anonymity Services" Shop Offers Cybercriminals International RDP Servers (Flashpoint) "Ultimate Anonymity Services" (UAS) is a popular Dark Web marketplace that sells access to compromised Remote Desktop Protocol (RDP) servers

Breaking: Equifax Knew of Security Flaws Months Before It Was Hacked (Motherboard) Last year, a security researcher alerted Equifax that anyone could have stolen the personal data of all Americans. The company failed to heed the warning.

Ursnif Banking Trojan Spreading In Japan (Threatpost) Threat actors behind the pervasive banking Trojan Ursnif made Japan one of their number one targets with fresh waves malspam attacks spotted last month.

Backdoor Account Found in Popular Ship Satellite Communications System (BleepingComputer) A popular satellite communications (SATCOM) system installed on ships across the world is affected by two serious security flaws — a hidden backdoor account with full system privileges access and an SQL injection in the login form.

Two Critical Vulnerabilities Found In Inmarsat's SATCOM Systems (Threatpost) Researchers are warning of two critical vulnerabilities in global satellite telecommunications company Inmarsat's SATCOM systems that could allow attackers to infiltrate a ship's on-board computer system.

Security flaw could have let hackers turn on smart ovens ( A security flaw in LG's smart home devices gave hackers a way to control the household appliances of millions of customers, including the ability to turn on ovens, a computer security firm revealed on Thursday.

Oklahoma's public utilities commission detects cyberattack (Sacramento Bee) Officials say a cyberattack on Oklahoma's public utilities commission mostly affected its information technology systems.

Coinhive breached due to old, reused password (Help Net Security) Coinhive's DNS records have been surreptitiously changed by attackers, allowing them to steal cryptocurrency mined via the project's script.

jQuery Blog Gets Hacked - Hackers Compromise CoinHive's DNS (HackRead) In two different incidents, security of high profile platforms was compromised. These platforms include jQuery and CoinHive. jQuery Earlier today, two hack

Apple's Machine Learning Engine Could Surface Your iPhone's Secrets (WIRED) Apple's Core ML is a boon for developers, but security experts worry that it also could make it easier for bad actors to snoop on your private data.

Online dating apps riddled with security risks (IT Pro Portal) Kaspersky Lab investigation finds major security vulnerabilities in popular dating apps which could allow criminals to read messages and even track down user locations.

The Little Black Box That Took Over Piracy (WIRED) After torrenting's long fade,"fully loaded" Kodi boxes became the pirate's method of choice. Now, a legal crackdown looks to stop its rise.

Famous malware threats: Where are they now? (CSO Online) The headlines may be dominated by news of NotPeyta and Wannacry, but watch out for the ‘golden oldie’ malware like Conficker and Zeus. They are still dangerous.

Security Patches, Mitigations, and Software Updates

Slack Plugs 'Severe' SAML User Authentication Hole (Threatpost) Cloud-based communications platform Slack finished patching a severe security hole Thursday affecting portions of its platform that used Security Assertion Markup Language for user authentication.

Cyber Trends

Cyberwarfare: The Most Stealthy Weapon Is Information (Northrop Grumman) Cyberwarfare accelerated over the last decade with stolen secrets, data breaches and even physical destruction of industrial systems. Here's more.

A Tale of An Industry: The Finance Sector & Data Breach Type Trends (BitSight) BitSight’s research on different types of breach trends in the Finance industry highlights a rise in web application compromise.

Lending industry faces higher fraud costs than e-commerce, retail and financial services (Help Net Security) Research has demonstrated that lending industry faces higher fraud costs. Large digital lenders, with over $50 million in revenue, are hit hardest by fraud.

Top threats impacting endpoint security decisions (Help Net Security) Research shows that the majority of businesses across the globe are either currently or planning to incorporate machine learning in their endpoint defenses.


McAfee stops allowing governments to review source code (TheHill) Disclosure follows revelation that U.S. companies allowed Moscow to review source code in order to sell products in Russia.

Unit 8200 hits the road in America (Jerusalem Post) A dozen women, along with seven start-up founders, to speed-date with US investors.

Goodbye uzi, hello big brother: The Israelis arming the world with sophisticated cyber-weapons (Haaretz) The NSO Group, founded by graduates of Israel’s prestigious military intelligence unit, sells surveillance tools to governments around the world – which occasionally use them for political persecution

5 paths to a career in cybersecurity (Naked Security) We asked some professionals how they got into cybersecurity.

A Diverse Cyber Workforce is Critical in the Next Era in Technology & Business (Tenable™) We are at a critical inflection point in technology and business today.

ForeScout IPO: 5 reasons this cybersecurity company will be successful (CSO Online) IoT security company ForeScout is going public today. Its products, its management and the growing IoT market put it in a prime position to succeed.

Zscaler confidentially filed for security IPO (TechCrunch) Zscaler, a nine-year-old, San Jose, Calif.-based company, has filed confidentially for IPO, multiple sources tell TechCrunch. The cloud security outfit is..

Raytheon hits 'big milestone' with $1.2B Domino cyber win (Washington Technology) Raytheon CEO Tom Kennedy is rejoicing that the company has cleared its final bid protest hurdle and can now move forward with the $1.2 billion Domino cybersecurity contract.

Email glitch kills ManTech's bid for $98M cloud contract (Washington Technology) ManTech did nothing wrong but an email glitch effectively killed its attempt to win a $97.8 million cloud migration contract with the National Geospatial-Intelligence Agency.

Security Startup Cryptonite Makes Networks ‘Invisible’ to Attacke (SDxCentral) Security startup Cryptonite emerged from stealth mode and released its flagship product, a network appliance with embedded security software.

ReversingLabs Inducted Into JPMorgan Chase Hall of Innovation (Digital Journal) ReversingLabs today announced that it was inducted into the JPMorgan Chase Hall of Innovation.

Products, Services, and Solutions

LockPath and RiskRecon Partner to Increase Visibility into Third-Party Risk Management ( Through this partnership, joint customers of LockPath and RiskRecon will be able to obtain a verifiable assessment of each third-party’s security practices.

Thales makes unlimited mobile connectivity at sea possible (Defence Web) In a connected, mobile world, naval personnel want to use smartphones at sea without compromising security.

Symantec Expands Endpoint Security with Deception Technology (eWEEK) Symantec refreshes its endpoint protection portfolio with new deception capabilities and a mobile security product based on technology acquired from Skycure.

SaaS Company Ensures the Security of Its Infrastructure while Significantly Reducing Auditing Time (Netwrix) Enhanced control over Active Directory empowers AppRiver to mitigate security risks and minimize business downtime

Bitdefender Security Technology Now Integrated into Leading Network Security Provider (PRNewswire) Bitdefender, a leading global cybersecurity technology company...

New Kudelski Security Suite Aims to Improve Planning, Management and Reporting for Cyber Executives (PRNewswire) Kudelski Security, the cybersecurity...

Technologies, Techniques, and Standards

New PCI standard lets card users self-authenticate by web or mobile (SC Media UK) EMV® 3DS standard lets consumers authenticate themselves with their card issuers when buying online by using web browsers or via mobile applications.

Can DOD overcome its 'data hoarding' problem? (FCW) A senior Pentagon tech official said that when it comes to data protection, the Defense Department and other organizations must learn how to harness their data if they want to stay secure.

Companies buying Dark Web intelligence (Enterprise Times) Recorded Future is seeing increased interest from customers in threat intelligence from the dark web allowing harden their cyber security

How your security budget helps hackers win (SD Times) How has application security spending fallen so far out of line with the actual threats companies now face?

Design and Innovation

Bot-hunting Twitter bot sniffs out bogus political tweets (TechCrunch) If you've ever wondered if the hashtag heavy, politically far afield Twitter user you're about to eviscerate in 140 characters is totally delusional or merely..

Twitter reveals plan for tackling abuse. Again. (Naked Security) A leaked memo detailed Twitter’s latest attempt to crack down on trolls.

Research and Development

The race to quantum supremacy and its cybersecurity impact (Help Net Security) The race to quantum supremacy is real: governmental R&D is accelerating the crystallization of the quantum computer, with $1.6 billion already invested.


Northrop Grumman engages with students at King Saud University vs cyber-attacks (Saudi Gazette) Northrop Grumman – one of the world leaders when it comes to aerospace, defense, cyber security, command and control, unmanned aircraft, logistics, supply chains and advanced security – underscores the importance of collaborating with the government, local communities and organizations to be successful.

Legislation, Policy, and Regulation

Russian government condemns Twitter’s ad ban for Russia Today and Sputnik (TechCrunch) The Russian government officially slammed Twitter’s decision to ban Sputnik and Russia Today from its advertising products. The Director of the Information..

Raising the Drawbridge with an "International Cyber Stability Board" (The Cipher Brief) Coordinated actions are required to meet global challenges. We propose an International Cyber Stability Board.

Getting Encryption onto the Front Burner (Lawfare) We are fast moving to a world in which customers and users of all stripes become the exclusive gatekeepers of their own data and communications.

Lawmakers: Kaspersky episode suggests need for NIST cyber framework to play greater role (Inside Cybersecurity) Members of the House Science oversight subcommittee expressed bipartisan interest in an expanded role for the National Institute of Standards and Technology in responding to recent revelations about the data vulnerabilities from Kaspersky Lab software products...

U.S. Transportation Command's trailblazing transition to cloud computing enhances cyber processes (US Army) U.S. Transportation Command is the first Department of Defense organization to initiate migration of its cyber domain to a commercial cloud provider to improve mission assurance, while strengthening information technolog...

The US quietly widened government surveillance to include 'homegrown violent extremists' (Business Insider) The US government has expanded its definition of who can be surveilled to include 'homegrown violent extremists.'

Pentagon tech advisers want special career track, ‘innovation elevator’ for big thinkers (Defense News) A group of tech industry heavyweights thinks it is past time for the Pentagon to create a specialized career track for high-tech jobs.

Michigan House votes to exempt cybersecurity info from FOIA (Fifth Domain) Supporters of the bill say the new exemptions are designed to ease companies’ concerns about divulging private and sensitive data to police investigators that could be made public under the Freedom of Information Act.

Litigation, Investigation, and Law Enforcement

Joining the cyber community to conduct independent analysis of the DNC Hack (ThreatConnect) Recently, an article purported that the Democratic National Committee (DNC) turned down requests from FBI forensic units to look at its server and instead opted to use ThreatConnect and two other cyber security firms. While we cannot speak to the veracity of the first part of that statement, we can with certainty say that we (ThreatConnect) were not contracted by, nor did we work on behalf of, the DNC

Congress promises more hearings on Kaspersky (Cyberscoop) Wednesday's Congressional hearing on the ongoing Kaspersky Labs saga offered little substance or identifiable information on why the U.S. government is so hard pressed to get Kaspersky out of the U.S.

NSA contractor leaked US hacking tools by mistake, Kaspersky says (Guardian) User downloaded malware while pirating Microsoft Office before running virus scan on machine containing confidential software, says Russian firm’s founder

How Kaspersky Lab got on the US government's bad side (CNET) Here's what we know so far about the investigation into the cybersecurity firm's ties to Russia.

Isis fighter from High Wycombe wants to return to face justice in UK (Times) Shabazz Suleman was a former grammar school pupil from Buckinghamshire who had recently secured a place at Keele University when he vanished on a family holiday to Turkey three years ago. Since...

Why police agencies should embrace secure cloud storage (PoliceOne) Captain Milton McKinnon of the Hermosa Beach PD says the future of policing is in the cloud, which offers agencies improved data security and technical

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Third International Conference on Information Security and Digital Forensics (ISDF 2017) (Thessaloniki, Greece, December 8 - 10, 2017) A 3 day event, with presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures.

Cyber Security Indonesia 2017: Shaping National Capacity for Cyber Security (Jakarta, Indonesia, December 6 - 7, 2017) Cyber Security Indonesia 2017 exhibition and conference, brought to you by the organisers of the Indonesia Infrastructure Week, will bring cyber security solutions providers together with key government...

National Insider Threat Special Interest Group Meeting (Virginia Chapter) (Herndon, Virginia, USA, December 5, 2017) The National Insider Threat Special Interest Group (NITSIG) is excited to announce it has established a Virginia Chapter. NITSIG Members and others may attend meetings at no charge. Attendees will receive...

Cyber Security Summit Los Angeles (Los Angeles, California, USA, November 30, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Los Angeles. Receive...

Cyber Security, Oil, Gas & Power 2017 (London, England, UK, November 29 - 30, 2017) ACI’s Cyber Security - Oil, Gas, Power Conference will bring together key stakeholders from energy majors and technology industries, to discuss the challenges and opportunities found in the current systems.

INsecurity (National Harbor, Maryland, USA, November 29 - 30, 2017) INsecurity is for the defenders of enterprise security—those defending corporate networks—and offers real-world case studies, peer sharing and practical, actionable content for IT professionals grappling...

INsecurity (National Harbor, Maryland, USA, November 29 - 30, 2017) Organized by Dark Reading, the web’s most trusted online community for the exchange of information about cybersecurity issues. INsecurity focuses on the everyday practices of the IT security department,...

AutoMobility LA (Los Angeles, California, USA, November 27 - 30, 2017) The Los Angeles Auto Show Press & Trade Days and Connected Car Expo have MERGED to form AutoMobility LA, the new auto industry’s first true trade show. Register to join us in Los Angeles this November.

Global Conference on Cyberspace (GCCS) (New Dehli, India, November 23 - 24, 2017) The Global Conference on Cyberspace (GCCS) aims to deliberate on the issues related to promotion of cooperation in cyberspace, norms for responsible behaviors in cyberspace and to enhance cyber capacity...

Aviation Cyber Security (London, England, UK, November 21 - 22, 2017) Join us on November 21/22 in London, England for the Cyber Senate Aviation Cyber Security Summit. We will address key issues such as the importance of information sharing and collaboration, supply chain...

Cyber Security Opportunities in Mexico Webinar (Washington, DC, USA, November 15, 2017) Learn about the cyber security opportunities in Mexico. Mexico is ranked 28th out of 164 countries in the ITU's 2017 Global Cyber Security Index. Companies spend approximately 3.5% of their IT budgets...

Federal IT Security Conference (Columbia, Maryland, USA, November 14, 2017) The Federal IT Security Institute (FITSI) in partnership with Phoenix TS in Columbia, MD is hosting the second annual Federal IT Security Conference. Speakers from NIST, DHS, the Defense Department as...

Sector (Toronto, Ontario, Canada, November 13 - 15, 2017) Illuminating the Black Art of Security. Now entering its 11th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving...

Countermeasure (Ottawa, Ontario, Canada, November 9 - 10, 2017) Now into its sixth year in Ottawa, and consistently advancing in both size and content quality, COUNTERMEASURE continues to be the national capital's premier IT security event. As in years past, attendees...

2017 ICIT Gala & Benefit (Washington, DC, USA, November 9, 2017) The Annual ICIT Gala and Benefit is the year’s most prestigious and intimate gathering of legislative, agency and private sector leaders committed to protecting our Nation’s critical infrastructures. This...

4th Annual Journal of Law & Cyber Warfare Conference (New York, New York, USA, November 9, 2017) Join thought leaders across the industry for a day of collaboration and education with an outstanding group of cyber security experts. In this one-day program, we continue JLCW's 5+ year reputation for...

Fourth Annual JLCW Conference (New York, New York, USA, November 9, 2017) The 2017 Journal of Law and Cyber Warfare symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from...

SINET Showcase 2017 (Washington, DC, USA, November 8 - 9, 2017) SINET – Washington DC provides a platform to identify and highlight “best-of-class” security companies that are addressing the most pressing needs and requirements in Cybersecurity. As always, this event...

CyCon US (Washington, DC, USA, November 7 - 8, 2017) The 2017 International Conference on Cyber Conflict U.S. (CyCon U.S.) will take place 7-8 Nov 2017 at the Ronald Reagan Building in Washington D.C. CyCon U.S. facilitates knowledge generation and information...

RSA Conference 2017 Abu Dhabi (Abu Dhabi, UAE, November 7 - 8, 2017) RSA Conference 2017 Abu Dhabi is the leading information security event in the region. This year's Conference will take place 7 to 8 November at the Emirates Palace in Abu Dhabi. Join us for two days of...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.