skip navigation

More signal. Less noise.

Looking for an introduction to AI for security professionals?

Your wait is over. A new book is out from the Cylance data science team, covering artificial intelligence and machine learning techniques in practical situations to improve the security professional’s ability to thrive in a data driven world. Whether you are reviewing logs or analyzing malware, being able to derive meaningful results and improve productivity is key. Order your free copy today.

Daily briefing.

North Korea seems to be escalating a global "data reconnaissance campaign." McAfee researchers are tracking Operation GhostSecret, which they say is particularly interested in "critical infrastructure, entertainment, finance, health care, and telecommunications." They attribute the operation to Pyongyang's Hidden Cobra group.

In other North Korean news, Recorded Future reports that the DPRK elite is going to ground, virtually speaking, exiting Western social media and online services in favor of Chinese alternatives where they'll presumably be less accessible to hostile surveillance. It's not clear that Alibaba, Tencent, and Baidu are really that much more obscure than, say, Amazon or Facebook, but Pyongyang's bigshots are taking their trade elsewhere. They're also using more obfuscation services.

Fortinet is tracking a Python-based Monero miner. They're calling it "PyRoMine," and they say it uses ShadowBroker-leaked Equation Group tool EternalRomance to disable security systems enroute to cryptojacking. Disabling security systems could also enable PyRoMine's operators to stage further attacks.

Russian disinformation concerning Assad's nerve agent attacks against a civilian population is using year-and-a-half-old footage from a movie shot in Syria to "prove" that the attack is a Western hoax. 

A complex hijacking of cloud service IP addresses in Chicago raises concerns about not only the immediate crime—theft of about $150 thousand in cryptocurrency by spoofing MyEtherWallet—but of a more serious intrusion by Russian actors who may be staging an attack on commodity trading platforms or other financial infrastructure.

Huawei has joined ZTE in US crosshairs over sanctions violations.

Apple patches MacOS, iOS, and Safari.


Today's issue includes events affecting Bangladesh, Brazil, Canada, China, Croatia, European Union, Germany, India, Iran, Kenya, Malaysia, Mozambique, Nepal, New Zealand, Russia, Serbia, Thailand, United Kingdom, United States.

There's a better way to stop data loss. Learn more!

Data loss is a big problem. Every organization that deals with electronic data needs to have a data loss prevention strategy in place. ObserveIT’s white paper, Building a Strategy for the Post-DLP World, explores how organizations have been dealing with data loss to date, why these strategies are failing, and what a better path forward looks like. Get information you need to build a data loss prevention strategy that works for the modern organization. Download your free copy.

In today's podcast, we speak with our partners at Lancaster University as  Daniel Prince talks about security in the financial sector. Our guest, Joe Cincotta from the Thinking Studio, discusses how smart design leads to better security.

HackNYC2018 (New York, New York, United States, May 8 - 10, 2018) Cyber attacks are often called non-violent or non-kinetic attacks, but the simple truth is that there is a credible capability to use cyber attacks to achieve kinetic effects. Kinetic Cyber refers to a class of cyber attacks that can cause direct or indirect physical damage, injury or death solely through the exploitation of vulnerable information systems and processes. Use code CWIRE20 for 20% off the $50.00 individual ticket price.

8th Annual (ISC)2 Security Congress (New Orleans, Louisiana, United States, October 9 - 11, 2018) The (ISC)2 Security Congress brings together the sharpest minds in cyber and information security for over 100 educational sessions covering 17 tracks. Join us to learn from the experts, share best practices, and make invaluable connections. Your all-access conference pass includes educational sessions, workshops, keynotes, networking events, career coaching, expo hall and pre-conference training. Save your seat at

Cyber Attacks, Threats, and Vulnerabilities

‘Operation GhostSecret’: North Korea Is Suspected in Intensifying Global Cyberattack (Wall Street Journal) Pyongyang-linked data-theft campaign has hit 17 countries, including the U.S., report says

Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide (McAfee) McAfee Advanced Threat Research analysts have uncovered a global data reconnaissance campaign assaulting a wide number of industries including critical infrastructure, entertainment, finance, health care, and telecommunications.

North Korea’s Ruling Elite Adapt Internet Behavior to Foreign Scrutiny (Recorded Future) In-depth analysis of North Korean internet activity reveals the abandonment of Western social media and a dramatic increase in operational security practices.

Suspicious event hijacks Amazon traffic for 2 hours, steals cryptocurrency (Ars Technica) Almost 1,300 addresses for Amazon Route 53 rerouted for two hours.

Sounding The Alarm About A New Russian Cyber Threat ( The U.S. and U.K. governments say Russia is targeting infrastructure in the West with cyberattacks. Department of Homeland Security cybersecurity chief Jeanette Manfra explains.

Russia likely targeted all 50 states in 2016, but has yet to try again: DHS (ABC News) Current and former U.S. officials have repeatedly warned Americans to brace for another onslaught of Russian cyber-attacks against the 2018 midterm elections, but even with the campaign season underway the U.S. government has yet to detect any new cyber activity from Russia targeting election...

Filmmaker Slams Russian TV's Use Of Old Images To Claim Syrian Gas Attack Was Hoax (RadioFreeEurope/RadioLiberty) Russian state-run television used 18-month-old images from a film set in Syria to illustrate reports alleging that suspected chemical attacks are being staged in the war-torn country.

Russia’s Information Activities Are Ongoing – Ours Are Not (CyberDB) The online activities surrounding the 2016 U.S. Presidential election revealed a swath of suspicious postings on social media outlets that ranged from deliberate false information (e.g., one candidate running a child sex ring; another candidate’s followers making anti-Islam chants at a rally) to purchased ads on social media platforms like Facebook (e.g., promoting gay rights, issues related to the African-American community, immigration, to name just a few).

Mysterious “double kill” IE zero-day allegedly in the wild (Naked Security) Chinese security company announces Internet Explorer zero-day exploit that’s triggered by Word. So far… that’s all she wrote.

This cryptocurrency mining malware also disables your security services (ZDNet) A year on from the vulnerabilities being leaked, attackers are still using leaked NSA tools to power new attacks - this time with the newly uncovered PyRoMine.

PyRoMine uses NSA exploits to mine Monero and disable security features (SC Media US) In the age where cryptomining software is beating out ransomware as the go to for most hackers, a Python-based Monero miner is using stolen NSA exploits to gain an edge

Researchers Find Way to Create Master Keys to Hotels (Safe and Savvy Blog by F-Secure) Researchers find room keys at global hotel chains and hotels worldwide can be hacked to gain access to any room in the building.

TrickBot's Screenlocker Module Isn't Meant for Ransomware Ops (Bleeping Computer) The screen-locking feature added to a popular banking trojan was never intended to be used for ransomware-like operations, researchers from Fortinet revealed on Monday.

Meih Yibelo strikes again as SaferVPN vulnerability revealed (VPN Compare) An Ethiopian Security Researcher has uncovered a vulnerability in the SaferVPN Chrome Extension which could have leaked sensitive user data including real IP Address. The flaw, which has now been patched, enabled the extension to be crashed with a simple DoS attack.

Orangeworm cyber attack group targets health sector ( A cyber crime group is targeting the health sector and related industries in the US, Europe and Asia in a suspected corporate espionage campaign, researchers warn.

WannaCry, NotPetya, MBR-ONI and Friends: Tales of Wiper Attacks and Active Directory Destruction (Security Boulevard) Ransomware attacks on enterprises are escalating both in frequency and complexity. Many in the security space believe that WannaCry and NotPetya were only a sample of what’s coming. Increasingly, Active Directory (AD) is at the center of cyberattacks, with wipers like MBR-ONI utilizing AD to maximize the attack reach and, in some cases, wipers like NotPetya taking down AD completely.

Metamorfo Campaigns Targeting Brazilian Users (FireEye) FireEye Labs recently identified several widespread malspam (malware spam) campaigns targeting Brazilian companies with the goal of delivering banking Trojans. We are referring to these campaigns as Metamorfo.

Hacker Hijacks DNS Server of MyEtherWallet to Steal $160,000 (BleepingComputer) A hacker (or group of hackers) has hijacked the DNS servers of, a web-based Ether wallet service.

Exfiltrating private keys from air-gapped cold wallets (Help Net Security) Air-gapped cold wallets might be one of the safest options for keeping your cryptocurrency stash, but even they can be compromised. And, as demonstrated by security researchers from the Ben-Gurion University of the Negev, Israel, exfiltrating private keys from such a wallet can be done relatively easily.

The “unpatchable” Nintendo Switch prone to hacking (TechSprouts) A newly revealed “exploit chain” for Nvidia Tegra X1-based systems appears to define an apparently unpatchable method for running arbitrary code on all the presently available Nintendo Switch consoles.

Here’s What Facebook Won’t Let You Post (WIRED) Facebook's newly public, 27-page community standards document reveals the hard work of balancing toxic content with free speech.

Atlanta Spent $2.6M to Recover From a $52,000 Ransomware Scare (WIRED) Whether to pay ransomware is a complicated—and costly—calculation.

Ninety per cent of UK websites affected by 'serious' security flaws (Computing) Security firm CyberScanner claims that 117,638 of the top UK sites harbour security flaws

Not all malware is created equal (Help Net Security) Lastline's Q4 2017 Malscape Monitor Report delivers previously unavailable trends and actionable insights into malicious behaviors and how threats unfold.

Security Patches, Mitigations, and Software Updates

Apple Releases Security Updates for MacOS, iOS, and Safari (Bleeping Computer) Apple has released earlier today a quick batch of updates meant to fix security-related bugs in macOS, iOS, and the Safari browser.


Threat Intel: Finding Balance in an Overcrowded Market (Dark Reading) Industry insiders discuss how threat intelligence has changed and what may happen as the market becomes increasingly saturated.

Gartner Says Global Artificial Intelligence Business Value to Reach $1.2 Trillion in 2018 (Gartner) Global business value derived from artificial intelligence (AI) is projected to total $1.2 trillion in 2018, an increase of 70 percent from 2017, according to Gartner, Inc. AI-derived business value is forecast to reach $3.9 trillion in 2022.

As Germany’s Industrie 4.0 Matures, IoT Security Stays Top of Agenda (EE Times) IoT security news dominates at industrial and factory automation trade show in Germany.

‘Thales has no immediate plans to sell standalone cyber security solutions’ (Hindu Business Line) A cyber attack may happen within 20 days of detection of a breach in security or in hardware and it often takes nearly 200 days to upgrade the systems in the traditional set-up

Versasec Announces Gemalto Executive Carolina Martinez Joins Team (PRLog) Versasec Announces Gemalto Executive Carolina Martinez Joins Team. As Operations Director, She will Manage Fast-Growing Versasec Business in the Americas.

Stealth Security Adds Two Palo Alto Networks Veterans to Executive Team as President and CEO and VP of Worldwide Sales (BusinessWire) Two former Palo Alto Networks executives, Larry Link and Tony McIlvenna, have joined Stealth Security, Inc. as CEO and VP of Worldwide Sales.

Technologies, Techniques, and Standards

RSA: Cyber parenting (The CyberWire) Life online is just life, and children negotiate it in the ways they always have. The differences are in the techniques, and the gods of the copybook headings, "treat people the way you'd like to be treated," and "if you don't have anything good to say, don't say anything," are just as enduring in pixels as they are in print.

Why does a 2-year-old have a credit card? How to protect your children from identity theft. (Washington Post) When identity theft hits adults, it can be a long and frustrating battle to restore their good name.

Cyber risk assessment and disclosure requirements: What’s important to you? (Help Net Security) In this podcast recorded at RSA Conference 2018, Jerry Caponera, VP cyber risk strategy at Nehemiah Security, offers some interesting thoughts on cyber risk assessment and disclosure requirements.

SOCs require automation to avoid analyst fatigue for emerging threats (Help Net Security) While human expertise is pertinent, it is not effectively being deployed alongside automation tools. This leads cybersecurity analysts to experience alert fatigue, increasing the potential of a missed breach.

Police try (and fail) to unlock phone with a dead man’s finger (Naked Security) The practice doesn’t require a warrant but it left relatives feeling “disrespected and violated.”

Built in or Bolted On? (CIO) Cybersecurity or cyber-resilience? What are the critical differences between these two concepts, what the changing paradigm means for businesses, and critical questions that every enterprise must ask their server vendors before making an investment.

For critical systems, “just patch it” is a paradox (The Parallax) Software updates and security patches for critical-infrastructure systems like those of hospitals, 911 dispatchers, and power plants aren’t easy or cheap. But there’s no excuse, experts say, for neglecting them.

90 percent of malware given unhelpful labels by AV tools (BetaNews) According to a new study, 90 percent of malicious files are given generic labels by AV tools, such as 'trojan.generic', providing limited guidance for successful remediation and leaving enterprises exposed to subsequent attacks resulting from compromised credentials.

NATO Flexes Digital Defense Muscles With Massive Cyber Attack on 'Berylia' (Sputnik) It's April 2018 and the country of "Berylia" is under a cyberattack; internet service providers and military air bases have been breached and the nation's security is deteriorating.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Impact Optimize2018 (Rosemont, Illinois, USA, June 28, 2018) Impact Optimize2018, the first-ever IT and Business Security Summit hosted by Impact, will provide attendees with actionable steps that enable the betterment of information, network and cybersecurity.

Upcoming Events

Secutech (Taipei, Taiwan, April 25 - 27, 2018) To meet the rising demand for intelligent and customised solutions, Secutech converges security and safety, ICT, IoT, artificial intelligence, big data, edge computing, intelligent video analytics and...

Industrial Control Systems (ICS) Cyber Security Conference Asia (Singapore, April 25 - 27, 2018) The Central ICS/SCADA Cyber Security Event of the Year for the APAC Region. Three days of multi-track training & workshops for days for operations, control systems and IT security professionals to connect...

INFILTRATE (Miami Beach, Florida, USA, April 26 - 27, 2018) INFILTRATE is a "pure offense" security conference aimed at the experienced to advanced practitioner. With the late-90s hacker con as its inspiration, the event has limited attendance in order to foster...

Automotive Cybersecurity Summit 2018 (Chicago, Illinois, USA, May 1 - 8, 2018) Smart Vehicles. Smart Infrastructures. The 2nd annual Automotive Cybersecurity Summit brings together public and private-sector manufacturers, suppliers, assemblers, technology providers and V2X partners...

Application of the Law of War to Cyber Operations (Washington, DC, USA, May 3, 2018) Cyber law experts meeting at the George Washington University will cover Title 10 vs. Title 32 vs. Title 50 and the lawful and operational restrictions related to these authorities. The panelists will...

Global Cyber Security in Healthcare & Pharma Summit (London, England, UK, May 3 - 4, 2018) The number of cyber-attacks in healthcare is on the rise, and the industry must do more to prevent and respond to these incidents. The Global Cyber Security in Healthcare & Pharma Summit 2018 will bring...

Decompiling the Government: Getting Technologists and Policymakers to Speak the Same Language (New York, New York, USA, May 3, 2018) This event brings together technologists and leading policymakers, lawyers, and journalists to bridge the gap between non-technical and technical cyber professionals and features Lisa Monaco, former Assistant...

Secure Summit DC (Washington, DC, USA, May 7 - 8, 2018) (ISC)² Secure Summit DC will assemble the best minds in cybersecurity for two days of insightful discussions, workshops and best-practices sharing. The goal of the event is to equip security leaders to...

HACKNYC (New York, New York, USA, May 8 - 10, 2018) The recent flood of data breach news may numb us to the threat of attacks with kinetic effects--direct or indirect physical damage, injury, or death. Hack NYC focus’ on our preparation for, and resilience...

Insider Threat Program Management With Legal Guidance Training Course (Herndon, Virginia, USA, May 8 - 9, 2018) This training will provide the ITP Manager, Facility Security Officer, and others (CIO, CISO, Human Resources, IT, Etc.) supporting an ITP, with the knowledge and resources to develop, manage, or enhance...

SecureWorld Kansas CIty (Kansas City, Missouri, USA, May 9, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

Cyber Ready 2018 Cybersecurity/Intel Conference (MacDill Air Force Base, Florida, USA, May 14, 2018) Major General Mike Ennis (USMC, ret), CIA National Clandestine Service's first Deputy Director for Community Human Intelligence (HUMINT), will deliver the keynote. The conference will also feature an all-audience...

Cyber Investing Summit (New York, New York, USA, May 15, 2018) Now in its third year, the Cyber Investing Summit is an all-day conference focusing on investing in the cyber security industry, which is predicted to exceed $1 trillion in cumulative spending on products...

Third Annual Cyber Investing Summit (New York, New York, USA, May 15, 2018) Renowned cyber security executive David DeWalt will deliver the keynote address at the Third Annual Cyber Investing Summit. The Cyber Investing Summit is a unique all-day conference focused on the financial...

The Cyber Security Summit: Dallas (Dallas, Texas, USA, May 15, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.

Digital Utilitites Europe (Amserdam, the Netherlands, May 16 - 17, 2018) The conference will bring together key industry stakeholders to address the current challenges of the digitisation in the utilities sector. Join us in Amsterdam to hear latest business case studies and...

SecureWorld Houston (Houston, Texas, USA, May 17, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

Ignite18 (Anaheim, California, USA, May 21 - 24, 2018) Palo Alto Networks' sixth annual conference features highly technical insights based on firsthand experiences with next-generation security technologies, groundbreaking new threat research, or innovative...

AFCEA/GMU Critical Issues in C4I Symposium (Fairfax, Virginia, USA, May 22 - 23, 2018) The AFCEA/GMU Critical Issues in C4I Symposium brings academia, industry and government together annually to address important issues in technology and systems research and development. The agenda for...

3rd Annual Nuclear Industrial Control Cybersecurity and Resilience Overview (Warrington, England, UK, May 22 - 23, 2018) Now in its 3rd year, the Cyber Senate Nuclear Industrial Control Cyber Security and Resilience Conference will take place on May 22/23rd in Warrington United Kingdom. This two day executive forum will...

PCI Security Standards Council’s Asia-Pacific Community Meeting (Tokyo, Japan, May 23 - 24, 2018) Join us for: networking opportunities, updates on industry trends, insights and strategies on best practices, engaging keynotes and industry expert speakers. The PCI Security Standards Council’s 2018...

North American Financial Information Summit (New York, New York, USA, May 23, 2018) Data is the most vital asset of any financial services firm. With volumes increasing exponentially, and the complexity and structure continuously changing, it is more vital than ever to keep on top of...

SecureWorld Atlanta (Atlanta, Georgia, USA, May 30 - 31, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

RISKSEC (New York, New York, USA, May 31, 2018) Welcome to the 2018 New York City RiskSec Conference. As SC Media approaches our 30th anniversary, we fully understand the avalanche of cybersecurity-related problems, responsibilities and aspirations...

Cyber:Secured Forum (Denver, Colorado, USA, June 4 - 6, 2018) Cyber:Secured Forum will feature in-depth content on cybersecurity trends and best practices as related to the delivery of physical security systems and other integrated systems. Content is being collaboratively...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.