skip navigation

More signal. Less noise.

Do you know the best practices for applying threat intelligence?

Threat intelligence is one of the most talked about areas of information security today, but how do you actually use it? Learn best practices for applying threat intelligence with Recorded Future's latest white paper. Download your free copy now.

Daily briefing.

The European Union has prepared a draft diplomatic document—"Framework on a joint EU diplomatic response to malicious cyber activities"—that would recognize cyberattacks, under some conditions, as acts of war. This is less path-breaking than some reports would have it: the framework aligns basically with existing NATO recognition of cyberspace as a domain of conflict within which states can legitimately exercise their right to self-defense. Observers have pointed out, of course, that attribution remains difficult and problematic.

While attribution may be hard, the UK's attribution to North Korea of the WannaCry infestation that troubled Britain's National Health Service earlier this year is offered with high confidence. It drew a foreseeable response from Pyongyang: denial of involvement and righteous promises of retaliation against the slanderers. This puts the UK in the same boat as much of the rest of the civilized world, so when it comes to DPRK retaliation, take a number, Whitehall.

China appears to be shifting rather than limiting its cyber espionage directed against American targets. WIRED reports signs that the Sino-American agreement to limit mutual hacking is being tested by Beijing's recent operations.

Social media companies will testify on Capitol Hill this week, answering questions about how Russian influence operations may have played out in last year's US elections. It appears the Russian efforts were cheap, their effect magnified by intelligent sharing (and "liking").

Oracle has an emergency patch out for its Identity Management product.

No fresh developments in either the BadRabbit ransomware or Reaper botnet stories.


Today's issue includes events affecting Australia, China, European Union, Israel, Democratic Peoples Republic of Korea, NATO/OTAN, Qatar, Russia, United Kingdom, United States.

The IOC and IOA playbook: making sense of your indicators.

Acronyms such as IOCs (indicators of compromise) and IOAs (indicators of attack) are ubiquitous in the security industry. However, a recent SANS survey revealed a vast majority of security professionals don't even know how many indicators they receive or can use. Join DomainTools Senior Security Researcher Kyle Wilhoit to get clarification on the use and value of IOCs and IOAs and how they can enrich your investigations and overall security strategy.

In today's podcast, we speak with Rick Howard from Palo Alto Networks, who talks about how bad actors go after members of boards.

You'll also want to listen to Recorded Future's latest threat intelligence podcast (produced in partnership with the CyberWire), which asks why the US seems to lag China in vulnerability reporting, why it matters, and what might be done about it.

Cyber Security Summit: Boston and Los Angeles (Boston, Massachusetts, USA, November 8, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security on November 8 in Boston and November 29 in Los Angeles. Register with promo code cyberwire50 for half off your admission (Regular price $350).

Cyber Attacks, Threats, and Vulnerabilities

China Tests the Limits of Its US Hacking Truce (WIRED) As the Trump administration reups an anti-hacking agreement with China, security researchers say China is inching its toes up to that red line.

North Korea denies involvement in WannaCry cyber attack (The Financial Express) North Korea has slammed Britain for accusing it of being behind a global ransomware attack that hit the National Health Service, calling the allegation a "wicked attempt" to further tighten international sanctions against Pyongyang.

North Korea threat of above-ground bomb test serious, US says (Military Times) North Korea’s threat to detonate a hydrogen bomb above the Pacific Ocean is being treated as credible based on the regime’s past actions, U.S. officials here said.

Hamas-Linked 'Gaza Cybergang' Has New Tools, Targets (SecurityWeek) A threat actor believed to be linked to the Palestinian terrorist organization Hamas continues to target organizations in the Middle East and North Africa (MENA) region, and their operations now include some new tools and techniques, Kaspersky Lab reported on Monday.

Social Media: The Fifth Column in the Fifth Domain (The Cipher Brief) As representatives from Twitter, Facebook, and Google prepare to testify before Congress, we look at how these platforms fit into a larger Russian disinformation campaign.

Fakers have a free rein over political adverts (TImes) Imagine if a deluge of attractive women were to ask to be your friends on social media. Hundreds of them. All are pouting and have profile pictures of themselves in skimpy gym kits, holding coffee...

Google Bug Database Flaws Expose Severe Vulnerabilities (Dark Reading) A security researcher accessed the most critical bugs in Google products and services by spoofing a corporate email address.

Coinhive Miners Found in Android Apps, WordPress Sites (BleepingComputer) The malicious deployment of in-browser JavaScript-based cryptocurrency mining scripts has continued the past week, and we've seen them reach Android applications on the official Google Play Store, but we've also seen the first mass-deployment as part of a botnet of hacked WordPress sites.

Security Alert as USB Found Containing Heathrow Plans (Infosecurity Magazine) Security Alert as USB Found Containing Heathrow Plans. Unencrypted storage device featured highly sensitive info

Massive Identity Data Exposure Leads to Rising Tides of New Account Fraud — What's Next? (Security Intelligence) New account fraud is rising in popularity among cybercriminals due to the frequency with which users are opening new online banking accounts.

T-Mobile USA Calls Customers to Warn on SIM Hijacking (Infosecurity Magazine) A bug allowed hackers to access customers' email addresses, account numbers and phone IMSIs.

Dishwashers on the rampage: LG IoT security bug highlights risks of home automation (CIO) The discovery this week of a security vulnerability within SmartThinQ, a technology touted by LG for automating communication with its range of home appliances and devices, has reinforced the risks of remote Internet of Things (IoT) takeover as attackers progressively master new methods of attacking increasingly smart devices.

Hacking site hacked by hackers (Naked Security) It sounds funny, but remember: if hackers can be hacked, then so can you, if you aren’t careful

Dark Web Marketplace Offers Remote Access to Corporate PCs for $3-15 Each (eSecurity Planet) Ultimate Anonymity Services offers more than 35,000 RDPs for sale, including about 300 from the U.S.

Security Report: Median Price for DIY Ransomware Kit is $10.50 (MSP Mentor) The median price for a do-it-yourself (DIY) ransomware kit is just $10.50, helping to fuel a 2,502 percent year-over-year increase in the size of the ransomware marketplace on the dark web, according to new research from security vendor Carbon Black.

Report: Ransomware Authors Can Earn Double The Salary Of Legitimate Software Developers (Forbes) A recent report from cyber security firm Carbon Black says that software developers can make more money developing ransomware than at traditional software development jobs.

The Ransomware Economy (Carbon Black) How and why the Dark Web marketplace for ransomware Is growing at a rate of more than 2,500% per year

Majority of Employees Hit with Ransomware Personally Make Payment (Dark Reading) Office workers pay an average ransom of $1,400, according to a new report.

Security Patches, Mitigations, and Software Updates

Firefox takes a bite out of the canvas ‘super cookie’ (Naked Security) Finally, one of the major browsers is doing something about canvas fingerprinting

Oracle Patches Critical Flaw in Identity Manager (Security Week) Oracle informed customers on Friday that its Identity Manager product is affected by a critical vulnerability that can be easily exploited by malicious actors.

Oracle scores ten out of ten - for a critical security flaw in Oracle Identity Manager (Computing) Patch without delay, urges Oracle

Cyber Trends

A Lack of Cybersecurity Talent Is Driving Companies to Use AI against Online Attacks (MIT Technology Review) A shortage of humans to fight cybersecurity battles is causing companies to turn to machines.

Recorded Future Raises $25M From Insight Venture Partners to Further Extend Leading Position in Threat Intelligence (PRNewswire) Recorded Future, the leader in threat intelligence (TI), today announced it has...

Government cybersecurity trends and challenges (Enterprise Innovation) Joe Jarzombek was the former Director for Software and Supply Chain Assurance at the U.S. Department of Homeland Security, and former Deputy Director for Information Assurance at the U.S. Department of Defense. Mr Jarzombek shares his insights with eGov Innovation on government cybersecurity trends and the importance of building secure-quality software.


Grossman: Cyberinsurance market is like the 'Wild West' (SearchSecurity) SentinelOne's Jeremiah Grossman discusses cyberinsurance market growth and opportunities, as well as the prospect of software liability.

Deloitte continues enterprise technology acquisition spree with consultancy firm JKVine (CRN Australia) Four co-owners and 30 staff join Deloitte's platform engineering practice.

CenturyLink acquisition of Level 3 receives approval from Federal Communications Commission (CenturyLink) The Federal Communications Commission (FCC) has approved CenturyLink, Inc.'s (NYSE: CTL) pending acquisition of Level 3 Communications, Inc. (NYSE: LVLT). The FCC's approval follows prior...

Continental said to be in talks to buy Argus Cyber Security (Automotive News) Continental is in advanced talks to buy Israel's Argus Cyber Security, which has developed technology to protect connected cars from hacking, for about $400 million, Israeli media reported on Monday.

Moving Target Defense Startup Cryptonite Emerges From Stealth (Security Week) Cryptonite, a Rockville, Maryland-based startup that aims to prevent reconnaissance and lateral movement in the network using moving target defense and micro-segmentation technologies, has emerged from stealth mode.

Startups selected to participate in LaunchVic-backed cyber security accelerator program | OpenGovAsia (Open Gov Asia) Participants will work alongside Deakin University researchers with tech expertise and travel to Israel and the US.

World Class Cybersecurity Expert Joins WRFX As CEO Of Paranotek (TheStreet) WorldFlix, Inc. (OTC:WRFX), a mobile application and end-to-end encryption software company focused on corporate data security, today announced that international cybersecurity expert Mick Davis has been appointed as the new CEO of Paranotek, the company's wholly owned security subsidiary.

Cato Networks Expands Sales Leadership As Global Momentum Grows For Secure, Cloud-Based SD-WAN (Cato Networks) Nick Fan to serve as Vice President of Sales for Americas, Nate Grinnell to serve as Senior Director of Channel Sales

Products, Services, and Solutions

SentinelOne Announces Lateral Movement Detection Engine to Catch Unauthorized Network Movement from Malicious Actors   (SentinelOne) Real life customer story highlights threat of lateral network infiltration in wake of Bad Rabbit ransomware attack

IBM Trusteer New Account Fraud (IBM) Seamlessly assessing the risk of new digital identities

Technologies, Techniques, and Standards

Full Spectrum Highlights the Publication of New Wireless Standard for the Industrial Internet of Things (GlobeNewswire News Room) IEEE 802.16s – New wireless standard lays groundwork for adoption of the industrial internet, addressing key concerns related to security, reliability and robust coverage

Lessons learned from the most impactful breach (Channel Post MEA) Post Equifax threat, Alastair Paterson, CEO and Co-Founder at Digital Shadows reflects on the lessons we can learn before, during and after discovering a bre

Navy enhancing its electronic warfare systems (C4ISRNET) Engility Corp. has been awarded a modification on a five-year contract to perform EW services for U.S. Navy and Australian aircraft.

Blockchain courts will offer effective dispute resolution in smart contracts (The Next Web) Arbitration is a fundamental aspect of human relationships be it social, professional, or business relationships. The emotional and psychological composition of humans cannot be absolutely prevented from interfering during the execution of contractual agreements and processes. Contractual disputes Disputes over contracts aren’t always caused by ulterior motives or deliberate intentions to short-change another party. Sometimes, …

Design and Innovation

Can ARM save the Internet of Things? (Naked Security) Can the IoT be saved from its breakneck growth and breathtaking insecurity?

Research and Development

Artificial intelligence beats Captcha at its own game (Inquirer) Yes, it's been cracked. Again. But this time by a machine,Boffin Watch ,Boffin Watch,AI,Security

'Instant replay' for computer systems shows cyber attack details (Science Daily) Until now, assessing the extent and impact of network or computer system attacks has been largely a time-consuming manual process.


UMD students won a cybersecurity competition that was like virtual capture-the-flag (The Diamondback) More than 500 teams took part in the competition.

Legislation, Policy, and Regulation

EU to Declare Cyber-Attacks “Act of War” (Infosecurity Magazine) EU to Declare Cyber-Attacks “Act of War”. Member states set to sign new diplomatic framework

EU may struggle to prove cyber attack links, warns expert (ComputerWeekly) EU governments are reportedly planning to respond to cyber attacks as an act of war, but a cyber security expert says links to nation states may be hard to prove.

Attribution is what states make of it (European Council on Foreign Relations) It is high-time for the Europeans to wake up from their hopes and dreams to build norms and rules for state behaviour in cyberspace.

Cybercom Establishes Strategic Concepts to Mitigate Cyber Threats to Natl Security - Executive Gov (Executive Gov) The U.S. Cyber Command has developed an operational approach to defensive cyber operations and strat

The Cyber Cold War (Bulletin of the Atomic Scientists) Is the Cyber Mission Force prepared?

DHS Says Most Agencies On Track To Cut Kaspersky Products (Law360) Most federal agencies are on track to timely find and remove Kaspersky Lab products from their information systems in response to concerns about potential security risks, with less than half having identified Kaspersky products on their systems so far, a U.S. Department of Homeland Security official said Friday.

Agencies complete step one of DHS cyber directive, now comes the hard part ( The Homeland Security Department says agencies have 30 days to come up with a plan to remove Kaspersky Lab products from their networks.

Guide to Section 702 Value Examples (IC on the Record) Consistent with the Principles of Intelligence Transparency, the ODNI has released volumes of information to enhance public understanding of Section 702 of the Foreign Intelligence Surveillance Act (FISA).

Kemp Applying For Federal Security Clearance With US Homeland Security (90.1 FM WABE) If his application for “secret” level clearance is approved, Georgia’s top election official would be privy to intelligence from the U.S. Department of Hom

Aadhaar a threat to national security, will approach PM Modi: Subramanian Swamy (Zee News) Subramanian Swamy took to Twitter and tweeted that he will soon write a letter to PM Modi detailing how compulsory Aadhaar poses a threat to the country.

Mozilla Wants to Distrust Dutch HTTPS Provider Because of Local Dystopian Law (BleepingComputer) Mozilla engineers are discussing plans to remove support for a state-operated Dutch TLS/HTTPS provider after the Dutch government has voted a new law that grants local authorities the power to intercept Internet communications using "false keys."

Litigation, Investigation, and Law Enforcement

Robert Mueller’s Opening Salvo Is a Show of Strength (Foreign Policy) A quick and dirty analysis on the Manafort and Papadopoulos cases.

What the Papadopoulos Plea Says About Mueller's Next Moves (WIRED) With a plea agreement from Trump campaign adviser George Papadopoulos, special counsel Robert Mueller showed that he knows how to keep a secret—and that this investigation is just getting started.

Researchers Say Paul Manafort Referenced James Bond in His Adobe and Dropbox Passwords (Motherboard) The ex-Trump campaign chairman was indicted in special investigator Robert Mueller’s Russian probe Monday.

Tony Podesta stepping down from lobbying giant amid Mueller probe (POLITICO) Podesta announced his decision during a firm-wide meeting Monday morning and is alerting clients of his impending departure.

Week ahead: Tech giants to testify publicly on Russian interference (TheHill) Executives from Facebook, Twitter and Google will appear publicly before the House and Senate as lawmakers press forward with their investigations into Russian election interference.

Russian-backed content may have reached 126 million on Facebook (TechCrunch) Facebook has reportedly upped its estimate of how much content was produced by Russian-backed actors during the election and how widely that content was seen...

Tech Giants Disclose Russian Activity on Eve of Congressional Appearance (Wall Street Journal) Facebook, Google and Twitter are set to divulge new details showing that the scope of Russian-backed manipulation on their platforms before and after the U.S. presidential election was far greater than previously disclosed, reaching an estimated 126 million people on Facebook alone, according to people familiar with the matter, prepared copies of their testimonies and a company statement.

What Congress Should Ask Tech Executives About Russia (WIRED) Executives from Facebook, Google, and Twitter will testify to three congressional committees about Russia and the 2016 election.

Bulgarian official calls for integrated efforts against cybercrime (Xinhua) Bulgarian vice interior minister Milko Berner on Monday said responding to cybercrime required a comprehensive cross-border integration of efforts by public, private and non-governmental actors.

ESET research team assists FBI in Windigo case – Russian citizen sentenced to 46 months (WeLiveSecurity) Relating the collaboration between ESET experts and the FBI about the Windigo's operation, which ended with the sentencing of Maxim Senakh.

Police Probe Hack of London Plastic Surgery Clinic (Security Week) British police said Tuesday they were investigating the theft of data from a London plastic surgery clinic, with reports that sensitive images of celebrities have been stolen.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Third International Conference on Information Security and Digital Forensics (ISDF 2017) (Thessaloniki, Greece, December 8 - 10, 2017) A 3 day event, with presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures.

Cyber Security Indonesia 2017: Shaping National Capacity for Cyber Security (Jakarta, Indonesia, December 6 - 7, 2017) Cyber Security Indonesia 2017 exhibition and conference, brought to you by the organisers of the Indonesia Infrastructure Week, will bring cyber security solutions providers together with key government...

National Insider Threat Special Interest Group Meeting (Virginia Chapter) (Herndon, Virginia, USA, December 5, 2017) The National Insider Threat Special Interest Group (NITSIG) is excited to announce it has established a Virginia Chapter. NITSIG Members and others may attend meetings at no charge. Attendees will receive...

Cyber Security Summit Los Angeles (Los Angeles, California, USA, November 30, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Los Angeles. Receive...

Cyber Security, Oil, Gas & Power 2017 (London, England, UK, November 29 - 30, 2017) ACI’s Cyber Security - Oil, Gas, Power Conference will bring together key stakeholders from energy majors and technology industries, to discuss the challenges and opportunities found in the current systems.

INsecurity (National Harbor, Maryland, USA, November 29 - 30, 2017) INsecurity is for the defenders of enterprise security—those defending corporate networks—and offers real-world case studies, peer sharing and practical, actionable content for IT professionals grappling...

INsecurity (National Harbor, Maryland, USA, November 29 - 30, 2017) Organized by Dark Reading, the web’s most trusted online community for the exchange of information about cybersecurity issues. INsecurity focuses on the everyday practices of the IT security department,...

AutoMobility LA (Los Angeles, California, USA, November 27 - 30, 2017) The Los Angeles Auto Show Press & Trade Days and Connected Car Expo have MERGED to form AutoMobility LA, the new auto industry’s first true trade show. Register to join us in Los Angeles this November.

Global Conference on Cyberspace (GCCS) (New Dehli, India, November 23 - 24, 2017) The Global Conference on Cyberspace (GCCS) aims to deliberate on the issues related to promotion of cooperation in cyberspace, norms for responsible behaviors in cyberspace and to enhance cyber capacity...

Aviation Cyber Security (London, England, UK, November 21 - 22, 2017) Join us on November 21/22 in London, England for the Cyber Senate Aviation Cyber Security Summit. We will address key issues such as the importance of information sharing and collaboration, supply chain...

Cyber Security Opportunities in Mexico Webinar (Washington, DC, USA, November 15, 2017) Learn about the cyber security opportunities in Mexico. Mexico is ranked 28th out of 164 countries in the ITU's 2017 Global Cyber Security Index. Companies spend approximately 3.5% of their IT budgets...

Federal IT Security Conference (Columbia, Maryland, USA, November 14, 2017) The Federal IT Security Institute (FITSI) in partnership with Phoenix TS in Columbia, MD is hosting the second annual Federal IT Security Conference. Speakers from NIST, DHS, the Defense Department as...

Sector (Toronto, Ontario, Canada, November 13 - 15, 2017) Illuminating the Black Art of Security. Now entering its 11th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving...

Countermeasure (Ottawa, Ontario, Canada, November 9 - 10, 2017) Now into its sixth year in Ottawa, and consistently advancing in both size and content quality, COUNTERMEASURE continues to be the national capital's premier IT security event. As in years past, attendees...

2017 ICIT Gala & Benefit (Washington, DC, USA, November 9, 2017) The Annual ICIT Gala and Benefit is the year’s most prestigious and intimate gathering of legislative, agency and private sector leaders committed to protecting our Nation’s critical infrastructures. This...

4th Annual Journal of Law & Cyber Warfare Conference (New York, New York, USA, November 9, 2017) Join thought leaders across the industry for a day of collaboration and education with an outstanding group of cyber security experts. In this one-day program, we continue JLCW's 5+ year reputation for...

Fourth Annual JLCW Conference (New York, New York, USA, November 9, 2017) The 2017 Journal of Law and Cyber Warfare symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from...

SINET Showcase 2017 (Washington, DC, USA, November 8 - 9, 2017) SINET – Washington DC provides a platform to identify and highlight “best-of-class” security companies that are addressing the most pressing needs and requirements in Cybersecurity. As always, this event...

CyCon US (Washington, DC, USA, November 7 - 8, 2017) The 2017 International Conference on Cyber Conflict U.S. (CyCon U.S.) will take place 7-8 Nov 2017 at the Ronald Reagan Building in Washington D.C. CyCon U.S. facilitates knowledge generation and information...

RSA Conference 2017 Abu Dhabi (Abu Dhabi, UAE, November 7 - 8, 2017) RSA Conference 2017 Abu Dhabi is the leading information security event in the region. This year's Conference will take place 7 to 8 November at the Emirates Palace in Abu Dhabi. Join us for two days of...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.