skip navigation

More signal. Less noise.

Who Ya Gonna Call? Threatbusters!

The threat intelligence event of the year is just around the corner—Detect '18! Join team ANOMALI and your fellow professionals at the Gaylord National Resort & Convention Center September 19-21, 2018 in National Harbor, Maryland for timely education and training on today’s most compelling, relevant threat intelligence topics, breakout sessions designed for all levels of experience, and insights from compelling customer presentations highlighting real-world threat intelligence big data issues. Register today!

Daily briefing.

Senior US counterintelligence official William Evanina warned that Chinese intelligence services are actively using LinkedIn to recruit American agents. Much of the activity involves catphishing. British and German security authorities had earlier issued similar warnings.

A cyberspy crew called "WindShift" is exploiting MacOS vulnerabilities in an espionage campaign directed against the Gulf Cooperation Council (Saudi Arabia, Kuwait, the UAE, Qatar, Bahrain and Oman). The malware payload is distributed in spearphishing attacks. There's no further attribution from Dark Matter, the company announcing the discovery. They promise more details later.

Qihoo 360 warns that GlobeImposter ransomware is now out in more than twenty variants, and they expect it to continue to evolve and spread. The researchers consider it the most troubling family of ransomware currently in circulation.

Russia would like to block the Telegram encrypted messaging service, but their attempts have been unsuccessful. The organs haven't yet come up with a way of stopping Telegram without also stopping a lot of other traffic, and that's unacceptable collateral damage.

The Five Eyes met this week and reaffirmed their commitment to cooperating in cyberspace, especially with respect to counterterrorism, human trafficking, and law enforcement, but also to stop "foreign" (read here, mostly, "Russian," with a touch of the other Familiar Four) influence operations. They also indicate that there will be no near-term surrender in the Crypto Wars.

Google's Titan security key, introduced recently with pride and aplomb, is manufactured in China, which has prompted spoilsports to ask for some transparency about supply chain security.


Today's issue includes events affecting Australia, Bahrain, Brazil, Canada, China, Kenya, Kuwait, Lithuania, New Zealand, Oman, Qatar, Romania, Russia, Saudi Arabia, United Arab Emirates, United Kingdom, United States.

Monday is Labor Day here in the US, and we'll be observing the Federal holiday by taking the day off, probably to hit the Maryland State Fair up in Timonium. We'll resume normal publication and podcasting on Tuesday. Take a breather if you can, and see you next week.

Find out what solutions are emerging, peaking and working for cyber risk managers.

In this recently-released report, Gartner Research analysts apply their “hype cycle” framework to describe the related services, software platforms, applications, methods and tools that organizations can use to develop programs to withstand risk events or take advantage of risk-related opportunities. Read the Gartner report, “Hype Cycle for Risk Management, 2018” courtesy of Coalfire.

In today's podcast we speak with our partners at the SANS Institute and the ICS Stormcast, as Johannes Ullrich talks about iPhone unlocking techniques. Our guest,  Andy Greenberg from WIRED, discusses his recent report on the NotPetya malware campaign.

IR18: Don’t Forget to Register for the first and only community-driven IR conference! Built by the community, for the community. (Arlington, Virginia, United States, September 5 - 6, 2018) IR18 is a conference for cybersecurity professionals to learn and develop playbooks to improve incident response processes. Receive 20+ hours of practical training on today’s best practices in IR topics, including 36 breakout sessions designed for all levels of experience.

Rapid Prototyping Event: The Chameleon and the Snake (Columbia, Maryland, United States, September 17 - 20, 2018) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Protoyping Event that specifically targets malware signature diversity and signature measurement for Microsoft Windows in a simulated operational environment at a realistic pace. Join us September 17-20, 2018 at UMBC Training Center in Columbia, MD.

Wombat Wisdom Conference, September 18 to 20, 2018, Pittsburgh, PA (Pittsburgh, Pennsylvania, United States, September 18 - 20, 2018) Gain expert insights for strengthening your security awareness program at the Wombat Wisdom Conference, Sept. 18-20, 2018. Ideal for CISOs and infosec professionals looking to share ideas and actionable concepts for improving security awareness and training.

The force is stronger when MSPs and MSSPs come together. (Webinar, September 19, 2018) The managed service market has grown tremendously, with the demand for managed security being unprecedented. For managed service providers (MSPs) looking to answer those demands, partnering with a managed security services provider (MSSP) expands access to highly-skilled cyber security analysts and a full suite of security solutions. Join Delta Risk’s webinar, September 19 at 1 PM ET, to learn how the two sides can join forces.

5th Annual Cyber Security Conference for Executives (Baltimore, Maryland, United States, October 2, 2018) The 5th Annual Cyber Security Conference for Executives, hosted this year by The Johns Hopkins University Information Security Institute and Ankura, will be held on Tuesday, October 2nd, in Baltimore, Maryland. This year’s theme is cybersecurity compliance and regulatory trends, and the conference will feature discussions with thought leaders across a variety of sectors. Join the discussion and learn about current and emerging cyber security threats to organizations, and how executives can better protect their enterprises. To receive the early-bird rate, register now!

Dragos Industrial Security Conference (DISC) 11/5/18 (Hanover, Maryland, United States, November 5, 2018) Reserve your spot now for the Dragos Industrial Security Conference (DISC) on November 5th, 2018. DISC is a free, annual event for our customers, partners, and those from the ICS asset community. Visit for more information.

Cyber Attacks, Threats, and Vulnerabilities

Exclusive: Chief U.S. spy catcher says China using LinkedIn to recruit Americans (Reuters) The United States' top spy catcher said Chinese espionage agencies are using fake LinkedIn accounts to try to recruit Americans with access to government and commercial secrets, and the company should shut them down.

Hackers Are Exposing An Apple Mac Weakness In Middle East Espionage (Forbes) Apple Mac weakness affects all users, but has been used in limited attacks affecting the Middle East.

The anatomy of fake news: Rise of the bots (Help Net Security) Social SafeGuard analysed the impact and techniques leveraged by bots, and looked at bots attributed to Russian disinformation campaigns on Twitter.

Coming Soon to Facebook: Lots of Extreme Political Ads (Wall Street Journal) Campaign strategists are set to flood Facebook with polarizing ads heading into the midterms, saying its ad platform rewards extreme messaging more than other venues.

Russia Tries More Precise Technology to Block Telegram Messenger (NDTV Russia is experimenting with more precise technology to block individual online services after an attempt to shut down banned messaging service Telegram failed, but Moscow has yet to find a way to shut it down without hitting other traffic.

GlobeImposter which has more than 20 variants, is still wildly growing (360 Total Security Blog) Recently, 360 Security Team found the new variant of GlobeImposter ransomware family is actively spreading worldwide that has affected the great number of users. Moreover, the attack is expected to be more serious in the future.

New Cobalt Campaign Targets Russian and Romanian Banks (SecurityWeek) A new campaign by the Russia-based Cobalt hacking group has targeted NS Bank in Russia and Carpatica/Patria in Romania.

Double the Infection, Double the Fun (Arbor Networks Threat Intelligence) Executive Summary Cobalt Group (aka TEMP.Metastrike), active since at least late 2016, have been suspected in attacks across dozens of countries. The group primarily targets financial organizations, often with the use of ATM malware. Researchers also believe they are responsible for a series of attacks on the SWIFT

Loki Bot Attacks Target Corporate Mailboxes (SecurityWeek) Loki Bot’s operators targeting corporate mailboxes with their spam messages, Kaspersky Lab reports.

How Cybercriminals Are Using Blockchain to Their Advantage (SecurityWeek) Malicious actors have been experimenting with a blockchain domain name system (DNS) as a way of hiding their malicious activity and bullet-proofing their offerings.

How one man could have pwned all your PHP programs (Naked Security) Popular PHP package repository front end Packagist turned out to have an embarrassing command injection hole – now closed!

Barracuda Study Reveals BEC Targets Different Departments (Barracuda) These attacks are responsible for billions of dollars in fraud losses over the last few years, and the criminals keep getting better at scamming their victims. 

John McAfee's 'unhackable' Bitcoin wallet is hackable, company admits (CNET) Two weeks ago, it seemed safe to say that John McAfee's supposedly "unhackable" cryptocurrency wallet had been hacked. (It's been nearly four weeks since the first security researchers reached that conclusion.)

Malware brings county computers down for over a week (Benitolink: San Benito County News) San Benito County government computers have been down more than a week after the system was taken offline Aug. 18, when a malware virus was found in the system. Kevin O’Neill, manager of the San Benito County Office of Emergency Services, confirmed Aug. 27 that the county’s computer servers had been offline for nine days.

How Hackers Hit Printers (Dark Reading) New Booz Allen Hamilton report advises companies to include printers in their overall security strategy.

Security Patches, Mitigations, and Software Updates

Wireshark can be crashed via malicious packet trace files (Help Net Security) The Wireshark team has plugged three Wireshark DoS vulnerabilities that could allow an unauthenticated, remote attacker to crash vulnerable installations.

Philips Mitigation Plan for e-Alert Unit (ISS Source) Philips released one update that handles some vulnerabilities and will release another to take of other ones in its e-Alert Unit (non-medical device), according

Apple will require all apps to have a privacy policy as of October 3 (TechCrunch) Apple is cracking down on apps that don’t communicate to users how their personal data is used, secured or shared. In an announcement posted to developers through the App Store Connect portal, Apple says that all apps, including those still in testing, will be required to have a privacy polic…

Cyber Trends

The Expected Spike in Post-GDPR Spam Activity Hasn't Happened (SecurityWeek) The belief that spammers would rush to register new domains under new GDPR-enforced anonymity; and that spam would spike once GDPR became effective in May 2018. It hasn't happened.

90 Days of GDPR: Minimal Impact on Spam and Domain Registration (Recorded Future) Our researchers find that there has not only not been an increase in spam since the GDPR went into effect, but the volume of spam has been on the decline.

OWASP AppSec USA 2018 Conference Demonstrates Critical Business Need for Application Security Education (GlobeNewswire News Room) Industry conference bridges gap between cybersecurity and developer teams to protect digital applications with hands-on application security training sessions and panels.

Exclusive: Over half of ASX companies at risk of email fraud (IT Brief) Businesses can be more susceptible to phishing attacks and business email compromises (BEC) than they realise.

Brazilian Moviemakers Tackle Harms of Cyber Bullying (Folha de S.Paulo) When it comes to cyberbullying, Brazil is ranks at the very top. The country rates second in frequency of internet-based attacks, according to a recent Ipsos survey in 28 countries. Three in every ten Brazilian parents said that their children have been victims of this kind of bullying. Two new

Why Automation Will Free Security Pros to Do What They Do Best (Dark Reading) There are three reasons today's security talent pool is neither scalable nor effective in addressing the rapid evolution of cyberattacks.


Twitter will begin labeling political ads about issues such as immigration (Washington Post) Twitter announced Thursday that it would begin requiring organizations that purchase ads on topics like abortion healthcare reform and immigration to disclose more information about themselves to users as the tech giant looks to ensure that Russian agents don't spread propaganda ahead of the 2018 election.

Open Source Devs Reverse Decision to Block ICE Contractors From Using Software (Motherboard) Only a day after a software developer decided to revoke access to a popular open source program from any organization that collaborated with ICE, he was booted from the group and the license was changed back.

ZTE returns to profit after taking hit from US supplier ban (CRN Australia) Telco gear vendor made "worst-ever" loss in H1 2018.

Tesserent to acquire Melbourne's Asta Solutions for $3.8 million (CRN Australia) Will pick up Asta Solutions' 200 clients and 85 staff.

Dragos Expands Leadership Team to Advance Global Sales Footprint (Odessa American) Dragos, Inc., the trusted leader in industrial threat detection and response technology and services, announced today the addition of several notable individuals as the company scales its global sales and customer support footprint.

Products, Services, and Solutions

New infosec products of the week​: August 31, 2018 (Help Net Security) Moogsoft announces Observe expanding its AIOps platform capabilities Moogsoft Observe ingests time-series and metrics data in real-time and applies AI to

What Is AIOps? Introducing SysTrack 8.4 (Lakeside) Few times in a company’s lifetime does a new release introduce truly revolutionary functionality. Today, I am happy to share with you a bit more about our latest release promising just that: SysTrack 8.4.

Lenovo and Pivot3 optimize smart city security (Help Net Security) Lenovo and Pivot3 partner to develop, market and sell a new set of edge computing solutions optimized for mission-critical smart city security.

Vault, QuintessenceLabs and Ziroh Labs to create encryption to secure government data (Help Net Security) Ziroh’s homomorphic encryption, QuintessenceLabs’ quantum key generation and Vault’s protected cloud create a solution for the global security landscape.

Moogsoft announces Observe expanding its AIOps platform capabilities (Help Net Security) Moogsoft Observe gives IT teams observability into customer-impacting problems wherever they occur, across on-premises and cloud environments.

Monnit and Cradlepoint partner to deliver wireless connectivity solutions for IoT (Help Net Security) Monnit’s ALTA wireless sensor adapters integrate with Cradlepoint wireless edge routers to provide wireless sensor-to-cloud connectivity solutions for IoT.

Google releases Tink, a simple, cross-platform cryptography library (9to5Google) As (increasingly frequent) data leaks have proven, encryption is hard, and good encryption can be even harder. Today, Google has announced the first major release of Tink, an open-source, cross-pla…

Experts Call for Transparency Around Google’s Chinese-Made Security Keys (Motherboard) Google's Titan Security Keys, used to lock down accounts, are produced in China. Several experts want more answers on that supply chain process, for fears of tampering or security issues.

Technologies, Techniques, and Standards

Beyond the Firewall - Different Rules for East-West Traffic (CSO Online) Network firewalls were created to block unauthorized content and code from the network while ensuring the unimpeded flow of data packets vital to the operations of the enterprise. But they were designed to intercept external incursion, not prevent security issues inside the network.

Cyber attacks require preventative strategies from companies (Real Business) Cyber attacks are global, what companies can do to protect consumer data and brand confidence is to implement preventative and protective strategies.

Why Your Organization Should Invest in Cybersecurity Insurance (Security Intelligence) Despite the rising cost of a data breach, many organizations still believe they don't need cybersecurity insurance.

Will cyber insurance help with data breach? (AZ Big Media) An amended Arizona law that went into effect in August requires companies to notify consumers affected by a data breach within 45 days of the breach or face up to $500,000 in penalties. Your standard commercial insurance policy is written to ensure against injury or physical loss and will do little, if anything, to protect you from a data breach. So how can cyber insurance protect businesses? Az Business talked with Jennifer Chenault, sales executive for Lovitt!

Three Ways of Looking at Security Operations (SecurityWeek) The greater the partnership between security and operations, the better the chance your organization can deliver software faster and minimize breach damage.

The most important attributes of a cybersecurity platform (CSO Online) A cybersecurity platform should have coverage across major threat vectors, central management, and technologies for prevention, detection, and response in any security platform.

Design and Innovation

Australian security trio aim for unbreakable encrypted data environment (ZDNet) Vault, QuintessenceLabs, and Ziroh Labs have joined forces to build a system for strong encryption of user data for government.

Amazon is quietly doubling down on cryptographic security (TechCrunch) The growth of cloud services — with on-demand access to IT services over the Internet — has become one of the biggest evolutions in enterprise technology, but with it, so has the threat of security breaches and other cybercriminal activity. Now it appears that one of the leading compani…

BehavioSec says behavioral biometrics last line of defence against SIM swap attacks (BiometricUpdate) Behavioral biometrics are “the last line of defense” against SIM swap attacks, in which all text messages, voice calls, and two-factor authentication codes are directed to a new device, according t…

Legislation, Policy, and Regulation

Why the Five Eyes boosted intelligence sharing despite tension (Fifth Domain) America's closest intelligence allies agreed to boost cybersecurity and intelligence sharing despite political tension.

Five Country Ministerial 2018: Official Communiqué (Australian Government Department of Home Affairs) We, the Homeland Security, Public Safety, and Immigration Ministers of Australia, Canada, New Zealand, the United Kingdom, and the United States met on the Gold Coast, Australia, on August 28-29 2018, to discuss how we can better collaborate to meet our common security challenges.

Statement of Principles on Access to Evidence and Encryption (Australian Government Department of Home Affairs) The Governments of the United States, the United Kingdom, Canada, Australia and New Zealand are committed to personal rights and privacy, and support the role of encryption in protecting those rights. Encryption is vital to the digital economy and a secure cyberspace, and to the protection of personal, commercial and government information. However...

UK foreign minister attacks Google over 'child abuse content' (Reuters) British foreign minister Jeremy Hunt accused Google on Thursday of abandoning its moral values by failing to remove child abuse content while launching a version of its search engine in China that will block some websites.

Russia tries more precise technology to block Telegram messenger (Reuters) Russia is experimenting with more precise technology to block individual online services after an attempt to shut down banned messaging service Telegram failed, but Moscow has yet to find a way to shut it down without hitting other traffic.

Russia Is Co-opting Angry Young Men (Defense One) Fight clubs, neo-Nazi soccer hooligans, and motorcycle gangs serve as conduits for the Kremlin’s influence operations in Western countries.

Punishing Putin Just Makes Him Stronger (The Atlantic) Tougher sanctions will only make him double down on antagonizing the West.

Lithuanian Media Sign Pact With Govt to Counter Hackers (SecurityWeek) Lithuania's major online media outlets signed an agreement to share information and strategies with government, while press representatives will be able to attend meetings of the National Cyber Security Council.

This Music Theory Professor Just Showed How Stupid and Broken Copyright Filters Are (Motherboard) Automated takedown systems don’t work, stifle free expression online.

Analysis | The Cybersecurity 202: Why the latest election security bill is stalled in Congress (Washington Post) The Secure Elections Act may still move.

Proposed US law would require President to act against overseas hackers (Naked Security) A US senator has announced a bill that would force the President to punish overseas hackers found targeting the US, or explain why he hadn’t.

Luetkemeyer drafts narrow breach-notice bill focused on financial sector (Inside Cybersecurity) Rep. Blaine Luetkemeyer (R-MO), chairman of a Financial Services subcommittee, is drafting data security and breach notice legislation that would apply only to the financial sector, with an eye toward marking up the measure in September, according to a source close to the panel.

“Gold standard” net neutrality bill in US approved by California Assembly (Ars Technica) State Senate must act on net neutrality today before heading into recess.

Troops beware: New security clearance rules could bite you (Military Times) Questions remain about what triggers a move to revoke the clearance.

Litigation, Investigation, and Law Enforcement

Here's Why The FBI And Mueller Are Investigating "Suspicious" Transactions By Russian Diplomats (BuzzFeed News) The former Russian ambassador received a salary payment twice as large as past years, and bankers blocked a $150,000 withdrawal.

Senator to FTC: You guys really should look at Google one more time (Ars Technica) Meanwhile, President Trump claims Google, other firms are "unfair" to conservatives.

Justice Department Warns It Might Not Be Able to Prosecute Voting Machine Hackers (Motherboard) DoJ says current federal law against hacking doesn't apply to voting machines because they aren't connected to the internet; but this plus a proposed amendment could create a problem for prosecuting hacks of other computers not connected to the internet.

Forcing iPhone unlock violates Fifth Amendment, says Court of Appeals (Naked Security) Police want to unlock the iPhone of a woman who accused a man of rape after it was alleged that she was actually stalking him.

Hacking a Prince, an Emir and a Journalist to Impress a Client (New York Times) The NSO Group, a spyware maker, targeted the phones of powerful figures to show off its product, emails show. It’s now accused of illegal spying in lawsuits.

China Probes Suspected Customer Data Leak at Accor Partner (SecurityWeek) Shanghai police said they were investigating a suspected data leak at NASDAQ-listed Chinese hotelier Huazhu Group, the local partner of France-based AccorHotels.

National security veterans demand answers after candidate's sensitive information released (POLITICO) ‘It was with surprise, anger, and profound disappointment that we recently learned that our government ... violated the trust of one among our ranks,’ they wrote.

Duncan man files class-action lawsuit after cyber attack at Equifax (Vancouver Sun) Daniel Thalheimer was one of thousands of Canadians whose private information was breached following a 2017 cyber attack against Equifax, which provides a credit-monitoring service. He fears he may…

NSA leaker Reality Winner: Russia investigation a ‘little vindicating’ (Austin American Statesman) Former National Security Agency employee Reality Winner, who was sentenced to more than five years i...

NSA leaker thanks Trump for calling her sentence ‘unfair’ (New York Post) The former National Security Agency contractor jailed for leaking top-secret documents on Russia’s efforts to hack the 2016 election thanked President Trump on Thursday for calling her five-year se…

UK to build cyber centre in Kenya ‘to ensure British paedophiles have no place to hide’ (The Independent) Centre will be first of its kind in Africa amid rising number of child abuse cases

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Cyber Defense Summit 2018 (Washington, DC, USA, October 1 - 4, 2018) FireEye's annual Cyber Defense Summit will feature both training and an opportunity to hear from the experts. Introductory, intermediate and advanced training courses will be provided during the first...

Geneva Information Security Day (Geneva, Switzerland, October 12, 2018) Geneva Information Security Day (GISD) is a leading European cybersecurity conference created as a vendor-independent platform for open and actionable discussion of emerging digital threats and remedies,...

Wild West Hackin’ Fest (Deadwood, South Dakota, USA, October 25 - 26, 2018) We’re back for another year of amazing talks, great company and exciting hands-on hacking labs. It will be hard to top our amazing inaugural year, but we’ve taken your feedback and plan to make this event...

Upcoming Events

National Cyber League Fall Season (Chevy Chase, Maryland, USA, December 15, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...

Intelligence & National Security Summit (National Harbor, Maryland, USA, September 4 - 5, 2018) The Intelligence & National Security Summit is the premier forum for unclassified, public dialogue between the U.S. Government and its partners in the private and academic sectors. The 2018 Summit will...

Cyber Resilience & Infosec Conference (Abu Dhabi, UAE, September 5 - 6, 2018) Interact with the top-notch cyber security specialists, learn new strategies and protect your company's future efficiently

Incident Response 18 (Arlington, Virginia, USA, September 5 - 6, 2018) If you work for a vendor or product company, please understand this is not a sales event. IR18 is a community-driven event that aims to disrupt the traditional approach and is more focused on community,...

9th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 6, 2018) The mission of Billington CyberSecurity is to bring together thought leaders from all sectors to examine the state of cybersecurity and highlight ways to enhance best practices and strengthen cyber defenses...

SecureWorld Twin Cities (Minneapolis, Minnesota, USA, September 6, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

CornCon IV: Quad Cities Cybersecurity Conference & Kids' Hacker Camp (Davenport, Iowa, USA, September 7 - 8, 2018) CornCon is a 2-day conference held in Davenport, Iowa including a professional development workshop on Friday and a full-day cybersecurity conference on Saturday. The workshop covers enterprise risk, privacy...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.