skip navigation

More signal. Less noise.

Who Ya Gonna Call? Threatbusters!

The threat intelligence event of the year is just around the corner—Detect '18! Join team ANOMALI and your fellow professionals at the Gaylord National Resort & Convention Center September 19-21, 2018 in National Harbor, Maryland for timely education and training on today’s most compelling, relevant threat intelligence topics, breakout sessions designed for all levels of experience, and insights from compelling customer presentations highlighting real-world threat intelligence big data issues. Register today!

Daily briefing.

The Apache Struts vulnerability patched last week is now undergoing active exploitation in the wild. Volexity reports that it's being used to run a cryptojacking campaign against unpatched systems.

A previously unknown Microsoft Windows local privilege escalation zero-day was announced on Twitter late Monday by "SandboxEscaper," whose Twitter account disappeared shortly thereafter. CERT/CC quickly verified that the zero-day was real, and that it worked against "a fully-patched 64-bit Windows 10 system." The vulnerability exists in Windows' Task Scheduler and has been given a CVSS score of 6.4—6.8. There are no known work-arounds, but Microsoft has also confirmed the issue, and is believed to be working on a patch.

The complexity of attribution and the correspondingly complicated connections among threat groups are on display in a Trend Micro account of "Urpage," whose activities are interestingly similar to those of Confucius, Patchwork, and Bahamut.

TheTruthSpy, which Motherboard and others call a "stalkerware" vendor, was hacked, losing logins, audio, images, text messages, and other data. 

As operational technology experts at Applied Control Solutions continue to warn of potential security issues with power plant's process sensors, researchers at Cybereason point out that criminals also pose a threat to the grid. Unlike nation-states, cybercriminals may not mean to turn the power off, but they might do so inadvertently.

Reuters reports that an Iranian influence campaign major social media platforms have struggled with is bigger than initially believed. One indication of its size is the effort's linguistic reach: Reuters counts Iranian information operations in eleven languages.

Notes.

Today's edition of the CyberWire reports events affecting Australia, Belarus, Brazil, China, Ecuador, European Union, Iran, Poland, Russia, United Kingdom, United States.

Find out what solutions are emerging, peaking and working for cyber risk managers.

In this recently-released report, Gartner Research analysts apply their “hype cycle” framework to describe the related services, software platforms, applications, methods and tools that organizations can use to develop programs to withstand risk events or take advantage of risk-related opportunities. Read the Gartner report, “Hype Cycle for Risk Management, 2018” courtesy of Coalfire.

In today's podcast, we hear from our partners at the University of Maryland, as  Jonathan Katz talks about issues with Intel processors’ secure enclave. Our guest, Fred Kneip from CyberGRX, discusses third-party risk.

IR18: Don’t Forget to Register for the first and only community-driven IR conference! Built by the community, for the community. (Arlington, Virginia, United States, September 5 - 6, 2018) IR18 is a conference for cybersecurity professionals to learn and develop playbooks to improve incident response processes. Receive 20+ hours of practical training on today’s best practices in IR topics, including 36 breakout sessions designed for all levels of experience.

Rapid Prototyping Event: The Chameleon and the Snake (Columbia, Maryland, United States, September 17 - 20, 2018) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Protoyping Event that specifically targets malware signature diversity and signature measurement for Microsoft Windows in a simulated operational environment at a realistic pace. Join us September 17-20, 2018 at UMBC Training Center in Columbia, MD.

Wombat Wisdom Conference, September 18 to 20, 2018, Pittsburgh, PA (Pittsburgh, Pennsylvania, United States, September 18 - 20, 2018) Gain expert insights for strengthening your security awareness program at the Wombat Wisdom Conference, Sept. 18-20, 2018. Ideal for CISOs and infosec professionals looking to share ideas and actionable concepts for improving security awareness and training.

The force is stronger when MSPs and MSSPs come together. (Webinar, September 19, 2018) The managed service market has grown tremendously, with the demand for managed security being unprecedented. For managed service providers (MSPs) looking to answer those demands, partnering with a managed security services provider (MSSP) expands access to highly-skilled cyber security analysts and a full suite of security solutions. Join Delta Risk’s webinar, September 19 at 1 PM ET, to learn how the two sides can join forces.

5th Annual Cyber Security Conference for Executives (Baltimore, Maryland, United States, October 2, 2018) The 5th Annual Cyber Security Conference for Executives, hosted this year by The Johns Hopkins University Information Security Institute and Ankura, will be held on Tuesday, October 2nd, in Baltimore, Maryland. This year’s theme is cybersecurity compliance and regulatory trends, and the conference will feature discussions with thought leaders across a variety of sectors. Join the discussion and learn about current and emerging cyber security threats to organizations, and how executives can better protect their enterprises. To receive the early-bird rate, register now!

Dragos Industrial Security Conference (DISC) 11/5/18 (Hanover, Maryland, United States, November 5, 2018) Reserve your spot now for the Dragos Industrial Security Conference (DISC) on November 5th, 2018. DISC is a free, annual event for our customers, partners, and those from the ICS asset community. Visit https://dragos.com/disc/ for more information.

Cyber Attacks, Threats, and Vulnerabilities

Exclusive: Iran-based political influence operation - bigger, persistent, global (Reuters) An apparent Iranian influence operation targeting internet users worldwide is significantly bigger than previously identified, Reuters has found, encompassing a sprawling network of anonymous websites and social media accounts in 11 different languages.

Critical Apache Struts Vulnerability Exploited in Live Attacks (SecurityWeek) Critical remote code execution vulnerability (CVE-2018-11776) in Apache Struts 2 is being exploited in malicious attacks, threat intelligence firm Volexity warns.

Hackers drop crypto mining on vulnerable Struts (iTnews) Active scanning and exploitation of unpatched boxes afoot.

Exploit Published for Windows Task Scheduler Zero-Day (SecurityWeek) Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the Advanced Local Procedure Call (ALPC) interface, which can allow a local user to obtain SYSTEM privileges.

Critical Windows zero-day security flaw revealed anonymously on Twitter (Computing) Microsoft working on a fix to the verified security flaw

Microsoft Windows zero-day vulnerability disclosed through Twitter (ZDNet) Updated: There is no known workaround for the security flaw.

The Urpage Connection to Bahamut, Confucius and Patchwork (TrendLabs Security Intelligence Blog) We dig deeper into the possible connection between cyberattacks by focusing on the similarities an unnamed threat actor shares with Confucius, Patchwork, and another threat actor called Bahamut. For the sake of this report, we will call this unnamed threat actor “Urpage.”

Facebook Flaw Allowed Remote Commands (Threatpost) Facebook failed to fully sanitize error data returned by a public facing web app.

Fiserv Flaw Exposed Customer Data at Hundreds of Banks (KrebsOnSecurity) Fiserv, Inc., a major provider of technology services to financial institutions, just fixed a glaring weakness in its Web platform that exposed personal and financial details of countless customers across hundreds of bank Web sites, KrebsOnSecurity has learned.

Brazilian Crypto exchange hacked; private data of over 264,000 users exposed (HackRead) Follow us on Twitter @HackRead

Hackers Breach Cryptocurrency Platform Atlas Quantum (SecurityWeek) The information of over 260,000 users was stolen after hackers managed to compromise the cryptocurrency investment platform Atlas Quantum.

Old "Misfortune Cookie" flaw opens medical gateway and devices to attack (Help Net Security) A medical gateway device vulnerability can be easily exploited to allow attackers to execute unauthorized code to obtain administrator-level privileges.

Spyware Company That Marketed To Domestic Abusers Gets Hacked (Motherboard) A hacker broke into the servers of TheTruthSpy, one of the most notorious stalkerware companies out there, and stole logins, audio recordings, pictures, and text messages, among other data.

Analysis | The Cybersecurity 202: These researchers worry more about cybercriminals hacking the grid than nation-state hackers (Washington Post) Here's why.

Nuclear Plants are not cyber secure and it can affect nuclear safety (Control Global) Nuclear plant cyber security requirements still do not address process sensors. This can directly affect nuclear safety.

Graphus detects sophisticated SharePoint phishing attacks (Graphus) Graphus has detected several SharePoint attacks for our customers. These are newer attack types that are extremely well crafted and difficult to detect.

Remote Code Execution on packagist.org (Max Justicz) tl;dr There was a remote code execution vulnerability on packagist.org, the default package server behind Composer, a PHP package manager. Packagist currentl...

Your data center's IT is lock-tight, are the facility's operations? (Help Net Security) Securing data centers is important, and operators are doing themselves a disservice by focusing on IT as the only line of defense against attacks.

Scammers Threaten to Review Bomb a Travel Company Unless it Pays Ransom (Motherboard) Twitter bots, fake reviews, and Instagram comments are the tools of a black hat SEO extortion attempt.

Researchers find way to spy on remote screens—through the webcam mic (Ars Technica) Remote audio plus machine learning equals rudimentary remote screen viewing.

Air Canada confirms mobile app data breach (TechCrunch) Air Canada has confirmed a data breach on its mobile app, which the airline said may affect 20,000 people — or 1 percent — of its 1.7 million app users. The company said it had “detected unusual log-in behavior” occurring between August 22-24. According to an email to customers, attacke…

Google created “unnecessary risk” for Fortnite users, claims Epic boss (Naked Security) Google disclosed the bug “in order to score cheap PR points”, said Epic CEO and founder Tim Sweeney,

Security Patches, Mitigations, and Software Updates

Instagram finally supports third-party 2FA apps for greater account security (Graham Cluley) Instagram has entered the 21st century, and finally added support for third-party 2FA apps like Google Authenticator, Duo Mobile, and Authy. Please turn it on.

Cyber Trends

Cybercriminals shift tools, tactics and procedures to improve infection rates (Help Net Security) Cybercriminals are moving away from attention-grabbing ransomware attacks to more covert methods intended to steal money and valuable computing resources.

Cybercriminals Changing Tactics as Seen in First Half Report (Trend Micro) Today, Trend Micro released its first half 2018 security roundup report in which we want to share the threat intelligence we discovered through the Trend Micro™ Smart Protection Network™ that allows us to identify the threats that have targeted our customer base. Below are some thoughts I’d like to share with you about these trends...

Cryptomining Malware Soars 956% in a Year (Infosecurity Magazine) Trend Micro blocked over 20 billion threats in the first six months of 2018

77% of Businesses Have Experienced Cyber Attack in the Past 12 Months (Security Boulevard) The vast majority of businesses think data protection is important or mission-critical for digital and IT transformation projects, but they lack the technological provisions to provide good data protection assurance.

5 ways the World Economic Forum says AI is changing banking (American Banker) The forum, which is best known for its annual Davos economic conference, offers insights on what many get wrong about artificial intelligence and how banks should be thinking about using it.

Deloitte Publishes Report About Major Blockchain Trends (CryptoNews) Cryptocurrencies came along almost ten years ago, and it caused quite a stir in the global financial markets. Blockchains also gathered a lot of attention [...]

Banks should not assume fraud victims are at fault, UK watchdog says (Reuters) Banks should not assume that customers have been negligent when they fall for scams peddled by increasingly sophisticated fraudsters, Britain's financial ombudsman said on Wednesday.

UK Watchdog Warns Banks Scams Are Not Users Fault (Information Security Buzz) In response to the news that the financial ombudsman has come out today saying that banks should not assume victims are at fault, James Romer, Chief Security Architect at SecureAuth + Core Security and David Kennerley, Director of Threat Research at Webroot commented below. James Romer, Chief Security Architect at SecureAuth + Core Security: “Cybercriminals dedicate …

The four ways that ex-internet idealists explain where it all went wrong (MIT Technology Review) 21st-century digital evangelists had a lot in common with early Christians and Russian revolutionaries.

Marketplace

Yahoo, Bucking Industry, Scans Emails for Data to Sell Advertisers (Wall Street Journal) The web giant owned by Verizon analyzes more than 200 million inboxes for clues about what products people might buy—a practice much of Silicon Valley has declared off-limits.

Facebook: It’s too tough to find personal data in our huge warehouse (Naked Security) GDPR: it means give users their data when they ask for it, and Facebook’s refusal to do so has provoked an inquiry by the Irish DPC.

Risks and Rewards of Google's Improving Security (Infosecurity Magazine) A Google tool detects bad actors and defends against nation-state threats.

Senators Criticize Google CEO for Declining to Testify (BloombergQuint) Google’s Sundar Pichai is facing bipartisan criticism for refusing to testify at a Senate Intelligence Committee hearing next week, but the panel’s chairman signaled he’s unlikely to issue a subpoena to force the chief executive officer to appear.

World’s Leading Human Rights Groups Tell Google to Cancel Its China Censorship Plan (The Intercept) A blistering letter from Amnesty International and Human Rights Watch calls a forthcoming search engine with blacklists “an alarming capitulation by Google on human rights.”

We should all be worried about Google’s power (New York Post) Tuesday brought endless commentary and reporting on how President Trump was being utterly ridiculous and conspiratorial to accuse Google of bias in its search algorithms. Funny: Just over a year ag…

Opinion | Google is on the verge of making a huge mistake with China (Washington Post) A Google project appalls Chinese fans who thought the company stood for something higher.

Facebook has restored the cross-posted tweets that were removed from users’ profiles (TechCrunch) Facebook says it has corrected the issue of users’ deleted posts, which had affected those who had previously cross-posted their Tweets to their Facebook profile – a feature that’s no longer supported. Earlier this month, Facebook locked down its API to prevent third-party apps fr…

Allstate Accelerates Expansion into Identity Protection with Acquisition of InfoArmor (Arizona Daily Star) The Allstate Corporation (NYSE: ALL) has agreed to acquire InfoArmor, Inc., a leading provider of employee identity protection to more than 1 million employees and their family members at over 1,400 firms, including more than 100 of the Fortune 500 companies.

Lacework Raises $24 Million to Expand Cloud Security Business (SecurityWeek) Cloud security firm Lacework has raised $24 million through Series B funding round with Sutter Hill Ventures, bringing the total raised to $32 million.

Industrial Cybersecurity Firm Indegy Raises $18 Million (SecurityWeek) Industrial cybersecurity firm Indegy has raised $18 million through a Series B funding round, bringing the total amount raised by the company to $36 million.

Bark brings in $9M to help parents track their kids’ online activity (TechCrunch) Not to be confused with a dog-walking startup, Bark is a watchdog for kids’ and teens' internet security. Today it announces a $9 million Series A led by Signal Peak Ventures, with participation from Two Sigma Ventures, Symmetrical Ventures, Fuel Capital, Hallett Capital and Atlanta Seed Company. …

Terra is an ambitious crypto project to build a stable coin through e-commerce (TechCrunch) Four of the world’s largest crypto exchanges are leading a $32 million investment in an ambitious venture out of Korea that’s aiming to develop a new stable coin using e-commerce as the lynchpin. Global exchanges Binance Labs, OKEx, Huobi Capital, and Dunamu — the firm behind Kore…

FireEye May Have Just Found The Key To Profit (Seeking Alpha) FireEye's most recent financial report shows a company that is on the verge of breaking into profitable territory. The company made headlines on Thursday by ass

Should FireEye Investors Start Jumping Ship? (The Motley Fool) FireEye investors aren't buying the company's story because of these red flags.

Splunk Growth Outpacing Competitors (BusinessWire) Splunk Inc. (NASDAQ: SPLK), first in delivering “aha” moments from machine data, today announced the company's continued growth in IT Operations Analy

Qualys Boosts Its Government Platform (Seeking Alpha) In June, Qualys announced that it entered into a non-binding letter of intent to purchase Second Front Systems. The acquisition is expected to provide increased

MITRE names new cyber and security chief (Fifth Domain) The position is responsible for the cyber strategy and protection from physical and digital attacks of the MITRE corporation, a nonprofit organization that manages federal research.

Vera welcomes Carlos Delatorre as CEO (Help Net Security) In his new role as CEO, Carlos Delatorre brings to Vera go-to-market knowledge along with strong operational expertise.

Products, Services, and Solutions

Varonis Announces Q2 Winners of Channel Partner Awards (GlobeNewswire News Room) Awards recognize channel partners for their commitment to helping customers protect data from insider threats and cyberattacks

Digital Shadows SearchLight Enhances Threat Intelligence for its Clients by Integrating with Webroot BrightCloud® Threat Intelligence Services (PRNewswire) Partnership Boosts Market‐leading Risk Analysis Platform with Industry Leading Digital Risk Management Service.

ButterflyVPN: World's Tiniest VPN Router and Most Travel-Friendly Available for Retail Purchase (Digital Journal) U-Disk VPN solution for travelers, Plug and Play, 10 plus devices supported at an affordable price

Tool and resources to help small merchants improve payment card data security (Help Net Security) The PCI Security Standards Council launched updated educational resources and a new tool to help small businesses improve payment card data security.

TP-Link introduces AC2600 Wi-Fi router with enhanced security (Help Net Security) With Intel technology, the Archer C2700 optimizes entire WiFi network for traffic and provides bandwidth for multiple devices.

Navisite upgrades its Managed DaaS solutions with VMware Horizon DaaS 8.0 (Help Net Security) With new DaaS solution and the VMware Horizon DaaS 8.0 and Microsoft Windows 10, the desktop in the cloud becomes a reality.

Comtech EF Data releases new Durostream WAN Optimization appliances (Help Net Security) Comtech EF Data announced the new Durostream AHA725 and AHA723 WAN Optimization appliances with packet protection from its AHA Products Group.

NEXT Biometrics to provide software customization with FingerCell algorithm (Help Net Security) The FingerCell algorithm allows developers of solutions incorporating NEXT Biometrics fingerprint sensor technology to customize their own products.

Minerva Labs Achieves Certified Integration with McAfee ePO™ Through the McAfee Security Innovation Alliance (PRWeb) Minerva Labs, announced today that it has achieved technical integration of its Anti-Evasion Platform with McAfee ePolicy Orchestrator™(ePO), enabling

Experian Rolls Out Child Identity Theft Scan (PYMNTS.com) To help parents protect against child identity theft, Experian is rolling out a Child ID scan. The service comes as 1 million children had their identities stolen last year, and Experian has designated Saturday (Sept. 1) as Child Identity Theft Awareness Day, the company said in an announcement. The scan seeks to find if a […]

Perfect Privacy review: The price is high, but the speeds are good (PCWorld) Perfect Privacy is a little known VPN with a shadowy ownership structure but good performance and an antiquated interface.

Digital Shadows SearchLight Enhances Threat Intelligence for its Clients by Integrating with Webroot BrightCloud(R) Threat Intelligence Services (IT News Online) Partnership Boosts Market leading Risk Analysis Platform with Industry Leading Digital Risk Management Service.

Bugcrowd announces free training platform (SC Media US) Bugcrowd crowdsourcing platform last week launched a free educational platform for security researchers called Bugcrowd University.

Symantec Simplifies Cloud Migration with Management Center 2.0 (Markets Insider) Symantec Corp. (NASDAQ: SYMC), the world’s leading cyber security company, has announced significant enhancements to Symantec Management Center. Symantec Corp. (NASDAQ: SYMC), the world’s leading cyber security company, has announced significant enhancements to Symantec ...

Technologies, Techniques, and Standards

Why reversible cyberattacks could become standard in digital warfare (Fifth Domain) Reversible cyber operations have been praised as a warfare tactic of the future, and some have argued attacks whose affects cannot be restored may violate the laws of war in years to come.

Will you still need a VPN with WPA3? (Security Boulevard) Behold, the dawn of WPA3! Well... actually, there’s nothing much to see yet.

CISOs Reveal the Most Likely Culprits for Data Leaks (Infosecurity Magazine) Data security issues can be profoundly damaging. How can your organization avoid them?

Understanding the threat key to good cyber defence (The Business Times) ONE indirect result of the SingHealth cyberbreach - in which digital records of 1.5 million patients were stolen - has been that there is now growing realisation within South-east Asia that data breaches and cyber attacks do not happen only in the West.

How One Company's Cybersecurity Problem Becomes Another's Fraud Problem (Dark Reading) The solution: When security teams see something in cyberspace, they need to say something.

7 Steps to Start Searching with Shodan (Dark Reading) The right know-how can turn the search engine for Internet-connected devices into a powerful tool for security professionals.

Design and Innovation

The terrifying, hidden reality of Ridiculously Complicated Algorithms (TheTLS) 'Algorithms have changed, from Really Simple to Ridiculously Complicated. They are capable of accomplishing tasks and tackling problems that they’ve never been able to do before.'

Academia

University College Oxford Launches Blockchain Research Centre (PRNewswire) Director says the new centre aims to bring Blockchain to the mainstream

Norwich gets $3.5 million NSF grant for cybersecurity scholarships (Vermont Business Magazine) Vermont Business Magazine Norwich University has received a $3.58 million grant from the National Science Foundation (NSF) as part of a “Scholarship for Service” program, in which student-recipients majoring in computer security and information assurance commit to work for the federal government following graduation.

Legislation, Policy, and Regulation

NIS Directive Met, Polish Cybersecurity in Effect (Infosecurity Magazine) One of 17 countries to miss the NIS Directive deadline, Poland's National Cybersecurity System Act is now in effect

Governments want your smart devices to have stupid security flaws (Nature) Steven Aftergood assesses a warning about the future of the Internet.

Surveillance legislation: Government’s ‘lip service’ on backdoors (Computerworld) Draft government legislation intended to increase law enforcement organisations’ ability to monitor the use of online communications services pays “some lip service to not creating backdoors”, according to Robin Doherty, a privacy advocate and a security champion at software consultancy ThoughtWorks.

Marise Payne defends 5G ban on Chinese telcos Huawei and ZTE (the Guardian) Excluding the companies from the Australian network has angered Beijing, but foreign minister says it protects national security

China intensifies criticism of Australia's Huawei 5G ban (Financial Review) Beijing has ramped up criticism of Australia's ban on Huawei bidding for 5G mobile phone network contracts, accusing the Morrison government of 'double standards'.

Opinion | America Goes on the Cyberoffensive (Wall Street Journal) U.S. government hackers will now have greater latitude to deter and answer attacks.

Feds, Facebook and Microsoft brief state election officials on cyberthreats (StateScoop) The call focused on bringing public and private resources together to push back against foreign threats against voting systems.

“Your voter data is secure,” Oklahoma agencies prepare for runoff elections (KFOR.com) As Oklahomans prepare to vote in the runoff primary election Tuesday, the state's election board said there are "no specific threats" to security. "We’re working with our partner agencies to make sure we’re doing everything we can to protect the integrity and security of elections in Oklahoma," said Paul Ziriax, secretary of the Oklahoma State Election Board.

A Proposed Agenda for a New PCLOB (Lawfare) The inquorate privacy watchdog may be back in action soon. If so, it should review the NSA’s call detail records program, Section 702, and the disparate impact of surveillance on minorities.

Focusing on the long tail of cybersecurity (FCW) DHS wants to use its new risk management center to buy down cybersecurity risks over the long term while leaving operational cyber incident response duties to the NCCIC.

Trump Accuses Google of Suppressing Positive News About His Presidency (Wall Street Journal) President Trump accused Google of elevating critical stories about him, calling it a “very serious situation” that will be addressed. Google said “we don’t bias our results toward any political ideology.”

New bill looks to end Trump’s security clearance threats (Federal Times) Members of Congress introduced a bill that would prevent Trump from using the revocation of security clearances to threaten retired members of the intelligence community that critique him.

The Fight Over California's Privacy Bill Has Only Just Begun (WIRED) The tech industry lobby has made it clear that they want changes to California's sweeping privacy protections—and they've got plenty of time left to get them made.

Litigation, Investigation, and Law Enforcement

Notorious Cybercriminal Released From Prison (SecurityWeek) Earlier this month, Belarusian authorities released from prison Sergey Yarets, a notorious cybercriminal and co-developer of the Andromeda botnet.

Andromeda Botnet Operator Released With a Slap on the Wrist (BleepingComputer) Sergey Yarets, also known as Ar3s, a hacker arrested last year for running an instance of the Andromeda botnet, was released by Belarusian authorities with nothing more than a slap on the wrist.

Ar3s Avoids Lengthy Prison Term After Cooperating With Authorities (Recorded Future) Insikt Group offers new details based on recently disclosed information about the prison release of Ar3s, known as the co-developer of the Andromeda botnet.

Extreme prejudice: how the Kremlin is cracking down on discontent (Times) They created a group to chat in a messenger app and met occasionally at a McDonald’s restaurant to talk about politics; ten young people in Moscow with grumbles about President Putin and the...

Telegram Says to Cooperate in Terror Probes, Except in Russia (SecurityWeek) The Telegram encrypted messenger app said said it would cooperate with investigators in terror probes when ordered by courts, except in Russia where it is locked in an ongoing battle with authorities.

Devin Nunes’s Curious Trip to London (The Atlantic) The chairman of the House Intelligence Committee flew to London to gather intel on Christopher Steele, the former British intelligence officer who compiled the dossier alleging Trump-campaign ties with Russia. But MI5, MI6, and GCHQ didn’t seem interested.

Attorney: Accused Russian agent and GOP operative had genuine romance (TheHill) The lawyer of alleged Russian agent Maria Butina on Tuesday released a video of her singing a Disney song with GOP political operative Paul Erickson in order to prove the two had a genuine romantic relationship.

Trump, without evidence, blames China for hacking Clinton emails (Reuters) U.S. President Donald Trump said on Twitter early on Wednesday China hacked the emails of 2016 Democratic presidential candidate Hillary Clinton but did not offer any evidence or further information.

Man Accused of Hacking Into Bank Account, Stealing $300,000 (SecurityWeek) Hartford police say 36-year-old Kwadjo Osei-Wusu, of Manchester, was arrested Friday and charged with money laundering, larceny and conspiracy to commit identity theft.

Alleged Facebook scammer arrested in Ecuador, will resist extradition (Ars Technica) Paul Ceglia claims CEO Mark Zuckerberg promised him half of Facebook years ago.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

The Air Force Information Technology & Cyberpower Conference (Montgomery, Alabama, USA, August 27 - 29, 2018) As the premiere Air Force cyber security annual event, the Air Force Information Technology & Cyberpower Conference (AFITC) returns to Montgomery, Alabama in August of 2018. As a critical intersection...

National Cyber League Fall Season (Chevy Chase, Maryland, USA, December 15, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...

The Cyber Security Summit: Chicago (Chicago, Illinois, USA, August 29, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.

Intelligence & National Security Summit (National Harbor, Maryland, USA, September 4 - 5, 2018) The Intelligence & National Security Summit is the premier forum for unclassified, public dialogue between the U.S. Government and its partners in the private and academic sectors. The 2018 Summit will...

Cyber Resilience & Infosec Conference (Abu Dhabi, UAE, September 5 - 6, 2018) Interact with the top-notch cyber security specialists, learn new strategies and protect your company's future efficiently

Incident Response 18 (Arlington, Virginia, USA, September 5 - 6, 2018) If you work for a vendor or product company, please understand this is not a sales event. IR18 is a community-driven event that aims to disrupt the traditional approach and is more focused on community,...

9th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 6, 2018) The mission of Billington CyberSecurity is to bring together thought leaders from all sectors to examine the state of cybersecurity and highlight ways to enhance best practices and strengthen cyber defenses...

SecureWorld Twin Cities (Minneapolis, Minnesota, USA, September 6, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

CornCon IV: Quad Cities Cybersecurity Conference & Kids' Hacker Camp (Davenport, Iowa, USA, September 7 - 8, 2018) CornCon is a 2-day conference held in Davenport, Iowa including a professional development workshop on Friday and a full-day cybersecurity conference on Saturday. The workshop covers enterprise risk, privacy...

2018 International Information Sharing Conference (Tysons Corner, Virginia, USA, September 11 - 12, 2018) Join representatives from fellow information sharing groups with all levels of expertise, security practitioners, major technology innovators, and well-established cybersecurity organizations, as they...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.