skip navigation

More signal. Less noise.

Do you know the best practices for applying threat intelligence?

Threat intelligence is one of the most talked about areas of information security today, but how do you actually use it? Learn best practices for applying threat intelligence with Recorded Future's latest white paper. Download your free copy now.

Daily briefing.

Research Saturday launches tomorrow.

The CyberWire is pleased to announce that a new regular feature, our Research Saturday podcast, will launch tomorrow. Every week we'll feature research into cyber threats, vulnerabilities, and mitigations—any topics relevant to operating safely and securely in cyberspace. In our inaugural edition we speak with Deepen Desai from ZScaler about their research into Cobian RAT. There's no justice, but in this case that may not be entirely a bad thing: the RAT has a backdoor, allowing the original author to gain access and control over all of the installations in the wild. So the bad guys who go for this free tool are being played by the alpha bad guy.

Scotland's Parliament continues to work against a long-running cyber campaign against Holyrood.

A misconfigured cloud database compiled by TargetSmart, a political campaign data broker, has exposed information about Alaska voters online. TargetSmart blames a third-party vendor.

Equifax has confirmed that a known but unpatched Apache Struts vulnerability lies at the root of the breach it disclosed last week. General outrage mounts, as the Equifax CEO is summoned to Capitol Hill amidst comparisons of his company to Enron. The Federal Trade Commission has, as expected, opened its own investigation.

The Equifax breach has prompted calls for more regulation of data collection—Bruce Schneier calls it a problem the market can't solve.

Eugene Kaspersky has also accepted an invitation to testify before Congress. He maintains this week's ban on his eponymous company's security software by the US Department of Homeland Security is unfair, that they've been caught up in a Russo-American geopolitical squabble. 

The US Navy has dispatched a cyber investigation team to look into the USS McCain's collision with a merchant ship near Singapore. No evidence of hacking is so far known, but absence of evidence isn't (yet) being taken as evidence of absence.

WikiLeaks is doing some trolling of US DCI Pompeo over Pompeo's complaint to Harvard that the university's offer of a Kennedy School fellowship to Chelsea Manning disgracefully honored someone who betrayed the US and the warrior ethos. WikiLeak's Assange thinks the outrage selective. (Harvard has since withdrawn its offer.) Assange's trolling gets some enthusiastic meta-trolling from RT.

Notes.

Today's issue includes events affecting Argentina, Australia, China, India, Iraq, Russia, Syria, Ukraine, United Kingdom, United States, and Venezuela.

Third party breaches are here to stay – here’s how to stop the threat.

Threat actors are always looking for the easiest, fastest, and most inexpensive way to get what they want – enter third party breaches. How can organizations prioritize their efforts to reduce third party risk? Learn more in a webinar with LookingGlass Cyber Solutions’ Senior Sales Engineer Ryan Curran on Thursday, September 14 @ 2pm ET. Ryan will discuss how to tell if your vendors are already compromised, and how to use threat intelligence for actionable intelligence on your vendors’ vulnerabilities. Sign up now.

In today's podcast, we talk with Justin Harvey from our partners at Accenture on what it’s like to be on an incident response team. Our guest is Luke Beeson from BT on the challenges large organizations like BT face protecting themselves and their clients.

EAGB Breakfast Series: Leading the Cyber Transformation (Baltimore, Maryland, USA, September 19, 2017) Join us to discuss how the Baltimore-Washington region’s ‘tech hub’ reputation has helped build a solid foundation in cyber activities. Our panelists will discuss the transformation that is underway on the commercial side of cyber.

Earn a master’s degree in cybersecurity from SANS (Online, September 28, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Thursday, September 28th, at 12:00 pm (noon) ET. For complete information on master’s degree and graduate certificate programs, visit www.sans.edu.

Maryland Cyber Day Marketplace: Information. Connections. Solutions. (Baltimore, Maryland, USA, October 10, 2017) Register today to participate. Hundreds of cybersecurity providers and buyers in one location on one day. Maryland Cyber Day Marketplace provides the opportunity for CYBERSECURITY BUYERS (commercial businesses, government agencies, academic institutions and non-profit organizations of any size in any industry) to connect with, get to know and purchase cybersecurity solutions from Maryland's CYBERSECURITY PROVIDERS. The day will be a combination of face-to-face meetings, technology demos, brief educational sessions, "Ask an Expert" information stations, networking and a wrap-up luncheon with a keynote speaker. Presented with our program partner the Better Business Bureau of Greater Maryland.

Florida’s Annual Cybersecurity Conference (Tampa, Florida, USA, October 27, 2017) Networking the Future, the Florida Center for Cybersecurity's fourth annual conference, will host hundreds of technical and non-technical stakeholders from industry, government, the military, and academia to explore emerging threats, best practices, and the latest research and trends.

Dateline Billington CyberSecurity Summit

Cyber strategy: an old story of competition transposed to a new domain. (The CyberWire) Director of National Intelligence Coats set the tone for the day's proceedings when he called out cyberthreats as one of the prime, enduring dangers the United States faces. He focused on the exposure of critical infrastructure and the fragility of public trust—how it might be fractured by disruption or disinformation.

Cyber operational art: where to reduce friction, and where to increase it. (The CyberWire) Rob Joyce, White House Cybersecurity Coordinator, said, "In an environment like the one we have, we're going to get hacked, and we need to be able to bounce back rapidly." And indeed resilience was a common theme, which suggested strongly how the traditional dilemma Clausewitz formulated—will you concentrate on reducing your own friction, or increasing that of the enemy—is resolved in current thinking.

Cyber tactics: risk, and how to manage it. (The CyberWire) What then, of tactics? The consensus among those who spoke at the Summit was that tactics in cyberspace had to be informed by sound, disciplined risk management. This seems as true of offense as it does of defense, especially given the "inherently dual-use" nature of cyber tools several panelists alluded to.

U.S. ‘incredibly lucky’ to have avoided cyber calamity this long (News & Observer) State hackers in China and Russia are capable of sabotaging critical U.S. utilities, experts say. But they don’t do so because it would be seen as act of war.

Federal CISOs want more education and training to help boost incident response (FCW) To get ahead of cyberthreats, agency CIOs and CISOs want to focus on reducing response times from weeks and months to minutes.

Cyber is being normalized with traditional military operations (Fifth Domain) Cyber effects are being normalized and integrated into traditional operations, especially in the Middle East, according to the region's top U.S. military commander.

Cyber Attacks, Threats, and Vulnerabilities

NSA once spied on your *NSYNC downloads from Kazaa (Engadget) Spies in the aughts were really into downloading, apparently.

Assange trolls ‘triggered’ Pompeo for ‘WikiLeaks an enemy of the US’ claim (RT International) WikiLeaks is an enemy of the US, according to CIA head Mike Pompeo, who was trolled mercilessly by Julian Assange and others unimpressed by his perceived hypocrisy.

Yet another trove of sensitive of US voter records has leaked (ZDNet) Each record contained details on voters, including names, addresses, dates of birth, their ethnic identity, whether an individual is married, and the individual's voting preferences.

Ministers on defensive as hackers target Holyrood (Times) Hackers have made repeated attempts to break into the Scottish government’s computer networks in the past two years, forcing ministers to spend £2 million of taxpayers’ money to protect the public.

Equifax confirms unpatched Apache Struts flaw was exploited in massive data breach (Computing) Apache Struts patch released two months before hackers struck

What We Know and Don’t Know About the Equifax Hack (New York Times) The credit reporting company says hackers exploited a bug in popular software for building websites. But the identity of the attackers remains a mystery.

The big data breach suffered by Equifax has alarming implications (The Economist) The financial industry worries about who is next

Equifax breach happened because of a missed patch (Help Net Security) The attackers who breached Equifax managed to do so by exploiting a vulnerability in its US website, the company has finally confirmed.

Equifax had patch 2 months before hack and didn’t install it, security group says (USA TODAY) Security workers discovered, and created a fix for, the flaw that allowed attackers into Equifax two months before the company was hit by hackers.

Equifax suffers fresh data breach (BBC News) Credit report firm is accused of using "admin" as a login and password for its Argentine business.

Experian Was Vulnerable to Equifax Breach Attack (Tom's Guide) Another major credit-reporting agency, Experian, may have been vulnerable to the same attack that led to the massive Equifax data breach.

Equifax Hack Could Lead to Phishing, Medical Fraud (Financial Advisor IQ) A recent hack at Equifax...

Your Equifax Credit Freeze May Not Be Secure (Bankrate) The credit bureau moved to fix weak PINs, but some consumers still have cause to worry.

Equifax data breach: I tried to freeze my credit. There were problems. (USA TODAY) We were told this is how to protect ourselves from identity thieves. Too bad we can't

Dark Web Markets, Equifax Breach Raise Authentication Concerns (SurfWatch Labs, Inc.) The recent Equifax breach once again has the whole nation talking about cybercrime — and the widespread fraud and identity theft likely to follow in the wake of 143 million compromised consum…

POS Attacks Possible as Different Types of Malware Infect 4,000 ElasticSearch Servers (Security Intelligence) Kromtech Security found different types of malware that infected more than 4,000 ElasticSearch servers. Other security experts found additional risks.

Bluetooth ache: Protocol's security not sufficiently researched, experts claim after 'BlueBorne' disclosure (SC Media US) The security community is still trying to wrap its collective head around the sheer magnitude and scope of BlueBorne, a series of vulnerabilities found in

Windows 10 security solutions powerless against 'bashware' (Security Brief) Every security solution on the market may be completely powerless to stop a vulnerability that could allow any malware to bypass Windows 10 systems.

New Reports: North Korean Interest in Cryptocurrency Rising (DCEBrief) As the United States and the international community continue their efforts to isolate North Korea by tightening the existing sanctions regime, recent reports suggest that the country’s government may be pursuing alternative means for financing its nuclear goals. CNBC and CNN recently reported on intelligence indicating that the rogue nation is increasingly focused on mining and stealing Bitcoin.

Bitcoin 'mining': A new way for North Korea to generate funds for the regime (CNBC) North Korea appears to be "mining" bitcoin to fund the regime.

TrickBot Banking Trojan Now Targets Coinbase Users (The Merkle) In the world of malicious software, banking Trojans are nothing new. In fact, this type of malware has been around for as long as most people can remember. What is rather peculiar is how the TrickBot

The hidden danger of cryptocurrency mining in the enterprise (SC Media UK) New research finds cryptocurrency mining software has already infected at least 1.65 million endpoints this year. Should the enterprise be worried?

Navy Deploys Cyber Security Team to Investigate USS John McCain Collision (Washington Free Beacon) The U.S. Navy has deployed a team of cyber security experts to join the military's ongoing investigation into the fatal collision of the USS John McCain.

ISIS Has an End-of-the-World Problem (Slate Magazine) Can ISIS survive its failed prophecies?

ISIS is near defeat in Iraq. Now comes the hard part. (Washington Post) A failure to manage the post-conflict landscape could tear the country apart again, perhaps before the militants have been fully vanquished.

Security Patches, Mitigations, and Software Updates

Malware Alerts Prompt Google to Purge Android Apps From Play Store (eWEEK) Google is again forced to purge malware-infected Apps from its Android store after Check Point Software and Trend Micro issue separated advisories about the malicious apps.

Microsoft patches second FinSpy zero-day exploit this year (Naked Security) This week saw a veritable patchwork quilt of updates to Microsoft products – including one zero-day

Google reveals formal plan to distrust Symantec certificates in 2018 (ZDNet) The shift will begin with a new version of the Chrome web browser.

Cyber Trends

User-targeted threats at all-time high despite rising education spend (Help Net Security) The cost of security education for large enterprises at an all-time-high of $290,033 per year per organization, and user education is rocketing up the CIO’

UK’s critical services ‘skipping cyber guidelines’ (Energy Live News) Up to 39% of critical infrastructure organisations in the UK, including energy firms, have not completed basic cyber security standards.

The Second Annual Ponemon Study - The Value of Threat Intelligence (Anomali) Today we released our findings from the Ponemon Study, “The Value of Threat Intelligence: The Second Annual Study of North American and United Kingdom Companies." The Ponemon Institute surveyed over a thousand IT security professionals on a range of threat intelligence topics. Results show that organizations are rapidly incorporating threat intelligence into their security programs, with 80% of North American respondents using threat intelligence (up from 65% in 2016). Whether or not their

Rapid7 CEO: Break the shackles of the past and master automation (Computer Business Review) The CEO of Rapid7 believes that organisations should learn from the past, but break from its shackles and focus on a new approach.

Marketplace

Kaspersky: You can trust us despite ban (BBC News) The Russian cyber-security firm's chief reacts to the US government dropping its products.

Exclusive: Eugene Kaspersky Says Company Unfairly Caught In Geopolitical Fight (Forbes) For nearly five years, Kaspersky Lab has been in the line of fire from a handful of sources, which falsely report that we have covert and unethical ties to government organizations, possibly pose a threat to U.S. national security and/or our U.S. business is failing.

Kaspersky Lab considers changes to US business amid accusation of Russian influence (CRN Australia) Still planning to open new offices next year.

Micro Focus updates its security portfolio after HPE merger (Software Development Times) When Micro Focus completed its spin-merger with Hewlett Packard Enterprise, the company claims it created the seventh-largest pure-play software company in the world. It also is now among the largest security companies. At its Protect 2017 user conference this week, Micro Focus is making a number of announcements regarding its security portfolio, to address security …

Leidos wins $684M DHS info sharing support order (Washington Technology) Leidos wins a potential six-year, $684 million task order to help operate and maintain a pair of Homeland Security Department networks in support of DHS' information sharing efforts.

NSA Quietly Awards a Classified $2.4B Tech Contract, With More to Come (Defense One) CSRA won the first of three NSA Groundbreaker contracts to upgrade parts of the intelligence community’s IT infrastructure.

Jobs boost for Malvern high-tech employer QinetiQ (Malvern Gazette) Technology company QinetiQ is set to create over 100 new high-tech jobs - with many of them likely to be in Malvern.

Cylance claims naming rights to 400 Spectrum skyscraper, now open for business (Orange County Register) The Irvine Co. unveiled its latest high-rise office tower at the Irvine Spectrum Wednesday, which together with its twin make up two of Orange County’s tallest buildings. The new 20-story 400…

"Unicorn" startup Tanium plans further secondary share sales before IPO (City A.M.) Tanium, the world’s most highly valued cyber security startup, is planning further secondary share sales signalling plans to go public are further on

'Cybersecurity' term might be scaring off young talent (Healthcare IT News) While 18- to 26-year-olds are showing interest in cybersecurity, there’s a disconnect in the language around the field, skills and opportunities.

CrowdStrike Expands Operations and Leadership Team in India and SAARC (World News) Company launches state-of-the-art Engineering and Operations Center; actively recruiting regional talent

JASK Looks To Disrupt Security Operations Centers With AI (Forbes) There's a new kid on the block, and this company is on a mission. JASK is on a mission to transform the traditional SOC (security operations center) through the use of machine learning (ML) and artificial intelligence (AI). To help out with that endeavor, the company announced that Stuart McClure, co-founder and CEO of Cylance, has joined the JASK board of directors.

The Top 10 Israeli Artificial Intelligence Startups (Nanalyze) Israel is a country full of smart people who build successful companies. Let's look at the top 10 Israeli artificial intelligence (AI) startups by funding.

Firm offers up to $1 million for Tor zero-day exploits - but who will they sell them to? (Graham Cluley) A company is offering up to one million dollars in bounties for anyone who finds and reports exploitable zero-day flaws in the Tor Browser.

Prevoty is Named 2018 TAG Cyber Distinguished Vendor (Marketwired) The maker of application security solutions is recognized for developing the world's first autonomous application protection technology that enables applications to defend themselves from threats in real-time.

Skyport Systems Named a 2018 TAG Cyber Distinguished Vendor (BusinessWire) Skyport Systems, a leading secure hyperconverged infrastructure provider for the hybrid enterprise is proud to announce its designation as a Distingui

ZeroFOX Recognized as a 2018 TAG Cyber Distinguished Innovator (Sys-Con Media) ZeroFOX, the innovator of social media and digital security, is proud to announce its designation as a Distinguished Vendor in the 2018 TAG Cyber Security Annual. The annual report is designed to serve as “structured learning for Chief Information Security Officers (CISOs)” and covers key technology vendors, industry trends and outlooks for 50 top security controls.

Products, Services, and Solutions

Wombat Security Reveals Product Updates to Provide Most Advanced and Effective Training Solution for Recognizing and Avoiding Cyber Attacks (KAVU Newscenter 25) Comprehensive additions include new training content and localized translations to advanced reporting features and end user phishing reporting features, and a new user interface.

Spirent Gives Customers a Head Start in Validating and Testing New Transport Layer Security (TLS 1.3) Infrastructure (BusinessWire) CyberFlood is the first security test product to support TLS 1.3, a new encryption protocol that improves Internet security and privacy for users.

Lockheed Martin Selects Blue Cedar to Secure Its Universal Communications Platform™ (UCP™) Communicator Mobile App (BusinessWire) Blue Cedar’s mobile security technology will be included in Lockheed Martin’s Universal Communications Platform (UCP) mobile app, or UCP C

Comodo and StackPath collaborate on security platform (Enterprise Times) Comodo and StackPath integrate some of their products into what they are calling a best-of-breed cybersecurity platform that both companies will sell

Iron Mountain Expands Partnership with Virtustream (Business Insider) Iron Mountain Incorporated® (NYSE: IRM), the global leader for storage and information management services, today announced that Virtustream, the enterprise-class cloud company and a Dell Technologies business, has chosen to expand its cloud footprint by locating in Iron Mountain's Northern Virginia data center (or "VA-1").

Ichidan Is a Shodan-Like Search Engine for the Dark Web (BleepingComputer) Two days ago, Bleeping Computer came across a new Dark Web portal that allows users to search Tor Onion sites in the same way users utilize Shodan to discover Internet-exposed services.

Microsoft teams with Intel on cloud-based security ‘black boxes’ (The Mercury News) Microsoft links up with Intel on new cloud-based security technology meant to keep hackers, and the government, out of companies’ “black boxes.”

enSilo Partners with Coalfire to Enhance PCI DSS and HIPAA Security Programs for Endpoint Security Platform (Business Insider) enSilo, the company that protects endpoints pre- and post-infection in real time, announced today that the enSilo Endpoint Security Platform had a technical controls review conducted by Coalfire, leading provider of independent, comprehensive cybersecurity advisory services, to deliver stringent security measures required under PCI DSS and HIPAA regulations.

Infoblox Enhances Partner Program to Expand Benefits for Valued Channel Partners (business Insider) Infoblox Inc., the network control company that provides Actionable Network Intelligence, today announced enhancements to its partner program, BuildingBLOX, to offer additional benefits and training for valued channel partners.

Inmarsat launches new cyber security management product (Marine Electronics & Communications) Mobile satellite company Inmarsat brought its new unified threat management (UTM) service to London International Shipping Week, promising shipowners ‘fully-managed’ protection from cyber attacks.

Elcomsoft Phone Breaker 8.0 Adds Forensic Support for iOS 11 and New Apple Devices (markets.businessinsider.com) Elcomsoft Co. Ltd. updates Elcomsoft Phone Breaker, the company's forensic extraction tool.

Technologies, Techniques, and Standards

US Military Preparing for Digital Arms Race (VOA) One intelligence agency is studying artificial intelligence: the ability of machines to think like human beings.

For DoD cyber warriors, offense and defense is interchangeable (Fifth Domain) Creating a cyber warrior class, the Department of Defense and Cyber Command sought offensive and defensive forces trained to the same joint standards, allowing them the ability to switch roles and to better understand each other.

If Russia started World War III, here’s how it would go down (Military Times) The U.S. and NATO forces on Europe's eastern border are vastly outnumbered by the Russian military and could be quickly overwhelmed if Moscow mounted an aggressive assault into the Baltic region.

Hey, Turn Bluetooth Off When You're Not Using It (WIRED) In light of the latest Bluetooth-related security meltdown, a friendly PSA.

How to: Protect Systems From BlueBorne Attacks? (Vulns) No matter what part of the world you live in, I’m sure that you must have at least heard about the latest Bluetooth attack making rounds - BlueBorne.

Attorney general offers consumers resources after Equifax security breach (AdVantageNEWS.com) Company says personal information may be compromised for 5.4 million Illinoisans.

Information security is not information technology (CSO Online) NSA and Cyber Command are finally splitting. The two organizations have always had very different goals and are even governed by different laws. It wouldn't have even made sense to combine them, except for an overlap of the skills and tools required. Businesses are making this same mistake.

Using External Intelligence to Uncover Insider Threats (Recorded Future) Insider threats are an increasing risk to companies. Addressing the problem requires a fusion of security teams, business operational teams, and technology.

How NYC fends off hackers (City amd State) In July, New York City Mayor Bill de Blasio signed an executive order establishing the New York City Cyber Command to lead city agencies in cyber defense and response. As chief information security officer at the city Department of Information Technology and Telecommunications, Geoff Brown was tapped to lead this new task force. Brown talked about the cybersecurity threats New York is facing, and how the city is working to mitigate these risks.

Organizations struggle to maximize the value of threat intelligence (Help Net Security) Many organizations struggle with threat data and lack of staff expertise, which diminish the effectiveness of their threat inteligence programs.

Design and Innovation

How Anonymous Zcash Cryptocurrency Actually Works (International Business Times) How zcash combines encryption with blockchain technology.

Top state officials join bipartisan fight against election hacking (POLITICO) The project is in part fueled by the presidential campaign experiences of former Clinton and Romney managers.

Why your security scars are the key to innovation (CSO Online) Ben Johnson lines up for a Security Slap Shot on driving innovation in security and business based on experience

How facial recognition systems will reshape your daily life (NBC News) New systems are expected to transform shopping, banking, travel, and more.

Research and Development

Toshiba Pushes Quantum Key Distribution Speed Beyond 10Mbps (BusinessWire) Toshiba and Toshiba Research Europe Limited have developed the world's fastest quantum key distribution device.

Nascent Quantum Computing Poses Threat to Cybersecurity (Wall Street Journal) The threat of a cyber attack by hackers or rogue nation states with access to quantum computers is becoming real enough that scientists and public officials are convening in London this week in part to urge companies to develop a plan for defense.

Academia

SFA’s College of Sciences and Mathematics to offer Master of Science in Cybersecurity (Gilmer Mirror) People wanting to earn a master’s degree in cybersecurity will soon have the opportunity to do so at Stephen F. Austin State University....

Former acting CIA director resigns from Harvard after Chelsea Manning named as visiting fellow (Military Times) Morell said he couldn't be part of an organization

Legislation, Policy, and Regulation

The Frontlines of Cyber Repression: the Venezuelan Digital Caudillo (Niskanen Center) To say that public discontent in Venezuela reached new heights over the past few months is an understatement. The state is on the verge of collapse and the internal response is to batten down the hatches with both violent reactions and online attacks.

Hacking for the government: Germany opens ZITiS cyber surveillance agency (Deutsche Welle) The German Interior Ministry has officially opened ZITiS, a surveillance agency independent of both the police and the secret service. Critics say anyone with a smartphone is now vulnerable to state snooping.

European Commission wants ENISA to introduce EU-wide cybersecurity certification scheme (Help Net Security) The European Union needs a strong cybersecurity agency, and the Commission proposed a regulation aimed at strengthening the role of ENISA.

Confusion and lack of preparation in the face of looming GDPR deadline (Help Net Security) With the GDPR deadline set for 25 May next year, many organisations are ill-prepared due to uncertainty about the criteria for compliance. 37 percent of re

The market can't - and won't - deal with IT security, it must be regulated, argues Bruce Schneier (Computing) Regulate the security practices of companies that store data, fine them if they fail to comply and let people sue if companies spill personal information, argues Schneier

Donald Trump blocks Chinese deal to buy U.S. chips with military uses (The Washington Times) President Trump blocked a Chinese firm from buying a U.S. computer chip maker Wednesday, demonstrating to Beijing that he will oppose its acquisition of technology with potential military applications.

Trump's Tech Crackdown on China Has Begun (Defense One) The White House just blocked a $1.3 billion plan to sell an Oregon-based semiconductor company to a Chinese equity firm, citing possible technology risks to national security.

ISPs claim a privacy law would weaken online security and increase pop-ups (Ars Technica) California to vote on privacy law opposed by AT&T, Comcast, Charter, and Verizon.

Admiral: US tolerated cyber 'acts of war' over last decade (Washington Examiner) 'The international community did not even really come out strongly and say, 'this is unacceptable, you cannot go after critical infrastructu...

Analysis: US Cyber Command matures steadily (Shephard) President Trump has elevated the status of the US Cyber Command (USCYBERCOM) to a unified combatant command it was announced in an August statement.

Litigation, Investigation, and Law Enforcement

The FTC is investigating the Equifax breach. Here’s why that’s a big deal. (Washington Post) It's rare for the FTC to disclose an ongoing probe.

Equifax CEO called to testify to Congress as the company is likened to Enron (Computing) Equifax facing multiple investigations

Top House Dem asks Equifax rivals about security measures after record breach (TheHill) A top Democrat on the House Financial Services Committee asked Equifax’s competitors on Wednesday whether they’ve taken steps to prevent a similar security breach.

Kaspersky boss Eugene Kaspersky accepts invitation to testify to US Congress (CRN Australia) Will address issues surrounding Russian espionage accusations.

Senators Want Answers From Equifax Over Its Massive Data Breach (Fortune) Just what data security processes and procedures did Equifax have in place anyway?

FBI reveals expanded use of grand jury subpoenas in Hillary Clinton email probe: Report (Washington Examiner) Grand jury subpoenas were used in the process of accessing Clinton's records from her accounts, and also those of people she communicated wi...

Opinion | Sessions wants a leak investigation rule-change. That could cripple the free press. (Washington Post) We wrote the current rules, and they work.

H.R. McMaster memo on stopping leaks gets leaked (Washington Examiner) Leaks have been a nagging issue impacting the Trump administration and its policy agency, prompting efforts to crack down.

US Homeland Security Sued Over Warrantless Search of Electronics (VOA) The lawsuit calls for stricter legal guidelines for searches of electronic devices

White House Press Secretary Says Comey Violated Privacy Act (New York Law Journal) The government could face an uphill fight pursuing Privacy Act violations against former FBI Director James Comey based on previous history.

Former Trump Campaign Adviser Page Sues Yahoo Parent Over Story on Russia Connections (New York Law Journal) Carter Page described a Sept. 23, 2016, story published by Yahoo as 'perhaps the most dangerous, reckless, irresponsible and historically-instrumental moment...

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Cyber Security Summit: New York (New York, New York, USA, September 15, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: New York. Receive...

Cyber Security Conference for Executives (Baltimore, Maryland, USA, September 19, 2017) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 4th Annual Cyber Security Conference for Executives on Tuesday, September, 19. It will be held on...

4th Annual Industrial Control Cybersecurity Europe (London, England, UK, September 19 - 20, 2017) Against a backdrop of targeted Industrial Control System cyber attacks against energy firms in the Ukraine power industry, the massive attacks against the Norway oil and gas industry, cyber attacks on...

Cyber Everywhere: Collaboration, Integration, Automatio (Washington, DC, USA, September 20, 2017) We’ve seen all of the cyber headlines this year – new policies emerging, old policies evolving, the cyber workforce is multiplying, and rapidly growing connected devices are complicating governance. While...

10th Cyber Defence Summit (Dubai, UAE, September 20, 2017) Naseba’s 10th Cyber Defence Summit will address the importance of protecting critical infrastructure and sensitive information, help companies procure cyber security solutions and services, and create...

Maine Cyber Safety Institute (Waterville, Maine, USA, September 20 - 21, 2017) The Summit intends to help business protect themselves from possible losses. The Information Security Community, representing cyber professionals, found that 54% of anticipated cyberattacks against their...

2017 Washington, D.C. CISO Executive Leadership Summit (Washington, DC, USA, September 21, 2017) Highly interactive sessions will provide many opportunities for attendees, speakers and panelists to be engaged in both learning and discussion. The objective for the day is to deliver high quality useful...

Connect Security World (Marseille, France, September 25, 2017 - 27, 2014) As IoT solutions are transitioning from hype to real deployments, the “Internet of insecure things” threat is gaining ground. To address unlimited risks, threats and vulnerabilities surrounding IoT, a...

(ISC)2 Security Congress (Austin, Texas, USA, September 25 - 27, 2017) (ISC)² Security Congress cybersecurity conference brings together nearly 1,500 cybersecurity professionals, offers 100+ educational and thought-leadership sessions, and fosters collaboration with forward-thinking...

Connect Security World (Marseille, France, September 25 - 27, 2017) As IoT solutions are transitioning from hype to real deployments, the “Internet of insecure things” threat is gaining ground. To address unlimited risks, threats and vulnerabilities surrounding IoT, a...

SINET61 2017 (Sydney, Australia, September 26 - 27, 2017) Promoting cybersecurity on a global scale. SINET – Sydney provides a venue where international solution providers can engage with leaders of government, business and the investment community to advance...

O'Reilly Velocity Conference (New York, New York, USA, October 1 - 4, 2017) Learn how to manage, grow, and evolve your systems. If you're building and managing complex distributed systems and want to learn how to bake in resiliency, you need to be at Velocity.

24th International Computer Security Symposium and 9th SABSA World Congress (COSAC 2017) (Naas, County Kildare, Ireland, October 1 - 5, 2017) If you thought symposiums on information security and risk were all the same, look again! COSAC is an entirely different experience. Conceived by practising professionals for experienced professionals,...

Cybersecurity Nexus North America 2017 (CSX) (Washington, DC, USA, October 2 - 4, 2017) Be a part of a global conversation with professionals facing the same challenges as you at the nexus—where all things cyber security meet. Cyber security doesn’t take a vacation and it doesn’t sleep. You...

Atlanta Cyber Week (Atlanta, Georgia, USA, October 2 - 6, 2017) Atlanta Cyber Week is a public-private collaboration hosting multiple events during the first week of October that highlight the pillars of the region’s cybersecurity ecosystem and create an opportunity...

4th Annual Industrial Control Cyber Security USA Summit (Sacramento, California, USA, October 3 - 4, 2017) Against a backdrop of targeted Industrial Control System cyber attacks, such as those against energy firms in the Ukraine power industry, the massive attacks against the Norway oil and gas industry, cyber...

4th Annual Industrial Control Cyber Security Summit USA (Sacramento, California, USA, October 3 - 4, 2017) Against a backdrop of continued ICS targeted cyber attacks against energy firms in the Ukraine power industry (CRASHOVERRIDE), the massive attacks against the Norway oil and gas industry, cyber attacks...

CyberSecurity4Rail (Brussels, Belgium, October 4, 2017) Facilitated by Hit Rail, this conference will bring together experts in cybercrime and digital security, plus leaders in ICT and representatives from transport and railway companies, European organisations...

Infosecurity North America (Boston, Massachusetts, USA, October 4 - 5, 2017) Organized by Infosecurity Group, which has provided the global information security community with some of the largest, longest established conferences and expos over the past 22 years including Infosecurity...

Hacker Halted (Atlanta, Georgia, USA, October 9 - 10, 2017) The theme for Hacker Halted 2017 is The Art of Cyber War: Lessons from Sun Tzu. 2,500 years ago, Sun Tzu wrote 13 chapters on military strategy. Fast forward to today and we are still learning from those...

European Cybersecurity Forum – CYBERSEC (Krakow, Poland, October 9 - 10, 2017) The Fourth Industrial Revolution is in full swing, giving a strong impulse to the growth of Europe’s innovation-driven economy that can compete with world’s economic superpowers. Let’s start the dialogue...

2017 ISSA International Conference (San Diego, California, USA, October 9 - 11, 2017) Each day, cyber threats become increasingly intricate and difficult to detect. Over the past year, we saw that with the rise of device connectivity came boundless opportunities for malicious hackers to...

Maryland Cyber Day Marketplace (Baltimore, Maryland, USA, October 10, 2017) Hundreds of cybersecurity providers and buyers in one location on one day. Maryland Cyber Day Marketplace provides the opportunity for cybersecurity buyers to connect with, get to know and purchase cybersecurity...

Cyber at the Crossroads (Adelphi, Maryland, USA, October 10, 2017) Join the Cyber Center for Education & Innovation (CCEI), Home of the National Cryptologic Museum (NCM) for a one-day symposium of renowned national cybersecurity leaders, including experts from past and...

ManuSec USA (Chicago, Illinois, USA, October 11 - 12, 2017) This series will bridge the gap between the process control and corporate IT senior level professionals, allowing them to discuss challenges, critical issues and debate best practice guidelines.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.