skip navigation

More signal. Less noise.

It Starts with Enrich. Enable. Excel.

Everything we do at (ISC)² is focused on helping you strengthen your career. In 2018, it starts with Enrich. Enable. Excel. Join us in New Orleans October 8 – 10 for our 8th Annual Security Congress. We’ve packed a powerful agenda, so you’ll leave empowered to excel professionally.

Daily briefing.

Ukraine takes the occasion of a counter-terrorist officials meeting at the UN to outline its experience of Russian hybrid warfare, especially information operations and the use of nominally irregular and thus deniable forces on the ground.

ProtonMail says that the distributed denial-of-service attacks it has sustained continue, and that users may experience periodic outages.

Sentiment against entanglement with Huawei continues to run through Australian opinion. Fears there, as in the US and elsewhere, center on the company's alleged closeness with Chinese intelligence and security services. There may be other concerns as well: South Korean media note reports by CVE Details that Huawei devices may suffer from an uncomfortably large number of security issues.

Huawei has defenders. A US wireless telecom provider based in Kansas, United TelCom, says that it would have to suspend service if a proposed FCC ban on the Chinese company's devices were to proceed.

The US Administration takes aim at another Chinese company. China Mobile has been denied a Section 214 license on security grounds.

Typeform, whose widely used app delivers online quizzes businesses use to make their sites stickier, has disclosed that it discovered a data breach last week, compromising names, email addresses, and other information entered by quiz-takers.  

Adidas continues to investigate customer data exposure. It's not alone: Fortnum & Mason has sustained a breach, and a third-party recruiting service used by Whitbread may have lost applicants' data.

US Federal law enforcement and regulatory agencies are picking over Facebook's long response to Congress on data abuse.

Notes.

Today's issue includes events affecting Australia, China, European Union, Iran, Democratic Peoples Republic of Korea, NATO/OTAN, Russia, Ukraine, United Kingdom, United States.

A note to our readers: We'll be taking tomorrow off to relax and celebrate Independence Day. We'll be back as usual on Thursday. Enjoy the Fourth.

Is your malware lab a pain to use? Want a ridiculously easy to use malware lab?

Security teams who use a cloud browser can reduce the time spent investigating cases by more than 50%. Instead of wasting time spinning up a VDI, using Tor or connecting to a jumpbox, get online in seconds with Silo, a secure cloud browser and egress from hundreds of points of presence around the world.

In today's podcast we hear from our partners at Palo Alto Networks, as Rick Howard describes the Cyber Threat Alliance. Our guest is Vince Arneja from 5nine on secure cloud implementations. 

And Recorded Future's podcast, prepared in cooperation with the CyberWire, is also up. This edition deals with protecting critical infrastructure.

Dragos Industrial Security Conference (DISC) 11/5/18 (Hanover, Maryland, United States, November 5, 2018) Reserve your spot now for the Dragos Industrial Security Conference (DISC) on November 5th, 2018. DISC is a free, annual event for our customers, partners, and those from the ICS asset community. Visit https://dragos.com/disc/ for more information.

Cyber Attacks, Threats, and Vulnerabilities

More Americans Evacuated From China Over Mysterious Ailments (NYTimes) At least 11 Americans have been moved out of the country after “abnormal” sounds were reported by consulate employees in Guangzhou.

Brain injury, sound-attack fears spread in China as more Americans evacuated (Ars Technica) Officials are still baffled amid new cases and reports of abnormal sounds, sensations.

Russia to keep using cyber attacks for geopolitical influence, - Ukraine's SBU (112 UA) The first conference of leaders of counter-terrorism agencies of UN member states took place in New York

Russian hacking could affect U.S. agriculture systems, says Auburn professor (The Auburn Plainsman) Norton added that Russia is not the only country of concern and not necessarily the most substantial. There are four foreign adversaries that the U.S. is concerned about: Russia, China, Iran and North Korea.

Huawei Products’ Security Performance Called into Question (BusinessKorea) The security vulnerabilities of Huawei products have been rapidly increasing every year. Huawei recently said that there was no security problem with its products, reassuring Korean mobile operators who have to select equipment suppliers to build their 5G networks. But analysts are saying that Huawe

Typeform data breach exposes users of many websites (Graham Cluley) You may have never heard of Typeform, but they may have just lost some of your personal data.

Customer Bids Farewell to Typeform Post-Breach (Infosecurity Magazine) Data breach shows signs of impacting brand reputation

iOS 12 2FA Feature May Carry Bank Fraud Risk (Dark Reading) Making two-factor authentication faster could also make it less secure.

Facebook bug temporarily unblocked people from 800,000+ block lists (TechCrunch) If you block someone on Facebook, you probably want them to… you know, stay blocked. At least until you say otherwise. Facebook has just disclosed that around 800,000 users were impacted by a bug that silently unblocked “some” people they had blocked. The bug was live from May 29 …

Some Samsung users say their phones randomly sent photos to contacts (TechCrunch) Some Samsung users are complaining that their smartphones randomly sent photos and scheduled texts to contacts. According to posts on Reddit and Samsung’s official support boards first spotted by Gizmodo, the devices affected include the Galaxy S9 and Galaxy Note 8. Their owners say that Samsung Me…

Android devices since 2012 vulnerable to RAMpage vulnerability (HackRead) Dubbed RAMpage by researchers, the vulnerability can allow hackers to steal sensitive data including photies and documents.

Down but Not Out: A Look Into Recent Exploit Kit Activities (TrendLabs Security Intelligence Blog) Exploit kits may be down, but they’re not out. Their latest activity: roping in relatively recent vulnerabilities to deliver a plethora of malware.

Hackers Implant Digital Grenades in Industrial Networks (Military.com) Cyber experts see foreign hackers probing U.S. networks that control power grids and other industrial facilities.

How to protect yourself from risks surrounding public WiFi network (HackRead) Research has revealed that public a WiFi network is more dangerous than one might realize - Here's how to protect against this threat.

Cryptocurrency users on Discord & Slack hit by MacOS malware (HackRead) Hackers are using a new MacOS malware aimed at cryptocurrency investors on Discord and Slack group chat communities.

Hackers steal millions of customers' data from Adidas US website (HackRead) Hackers have targeted Adidas US website and stole personal details of millions of customers including contact details.

New LTE attacks can reveal accessed websites, direct victims to malicious sites (Help Net Security) Three new LTE 4G target the technology's data link layer protocols and impair the confidentiality and/or privacy of LTE communication.

ProtonMail CEO: ‘The attacks are continuing’ (Fifth Domain) The popular encrypted email messaging service says it is “under heavy” distributed denial-of-service attacks and “there may be intermittent connection problems.”

Whitbread Sounds Breach Alarm After PageUp Incident (Infosecurity Magazine) Costa Coffee owner claims recruitment data may have been compromised

Costa Coffee job applicants' details exposed in cyber attack on recruitment website (The Telegraph) Whitbread, the parent company of businesses including Costa Coffee and Premier Inn, has suffered a data breach which exposed the personal information of people who had applied for jobs at its portfolio companies.

Fortnum & Mason: 23,000 Affected by Data Hack (Infosecurity Magazine) Luxury retailer the latest big brand to be involved in a significant data breach

Let’s Steal a Coin (Infosecurity Magazine) How can a cryptocurrency coin be stolen, first you must identify certain types of Blockchain developer.

When ‘The World’s Most Famous Hacker’ Hacked a McDonald’s Restaurant Drive-In (Motherboard) When he was only 16, Kevin Mitnick hacked the drive-up windows of a local McDonald’s. To this day, he says this is his favorite hack ever.

Security Patches, Mitigations, and Software Updates

Azure IoT Edge Exits Preview with Security Updates (Dark Reading) Microsoft rolls out its cloud-based IoT service to the general public, while upping data protection with new categories including device management and security.

Cyber Trends

Consumers still happy to exchange data with businesses if there's a benefit (Help Net Security) Globally, more than half of consumers are still happy to exchange their data with businesses, as long as there is a clear benefit for doing so.

6 Drivers of Mental and Emotional Stress in Infosec (Dark Reading) Pressure comes in many forms but often with the same impact: stress and burnout within the security community.

US ‘most vulnerable in the world’ to cyberattacks (Fifth Domain) A former Obama administration official said that the U.S. is vulnerable to cyberattacks because

Over a Third of UK CEOs See Cyber-Attacks as Inevitable (Infosecurity Magazine) KPMG survey finds UK business leaders more optimistic than global average

Marketplace

Kansas wireless carrier: A ban on Huawei could put us out of business (Fierce Wireless) United TelCom said that the FCC’s proposed action against Huawei could force the operator to shut off its wireless service.

The Navy’s new acquisition tool speeds up tech prototyping (C4ISRNET) The Space and Naval Warfare Systems Center Atlantic is using an other transaction authority to facilitate the management of a consortium to prototype naval information warfare capabilities.

French firm makes moves to fund cybersecurity expansion (Fifth Domain) Communications & Systèmes is issuing new stock, among other moves, to finance its strategic Ambition 2021 growth plan.

Palo Alto Networks: Solid Leadership To Accelerate Growth (Seeking Alpha) Palo Alto Networks (PANW) offers a differentiated business model with significant competitive advantage, making it an expensive stock. The structural change of

Could Tenable lead the way for other Maryland cyber IPOs? (Baltimore Business Journal) It has taken Tenable 16 years to grow to be IPO-ready, with nearly $190 million in annual revenue and 1,054 employees.

Virginia’s path to shine in cybersecurity: The Commonwealth Cyber Initiative (CyberX) (Virginia Business) Virginia’s efforts to grow its cybersecurity sector and cyber workforce received a major boost recently. Virginia’s budget includes $25 million to establish the Commonwealth Cyber Initiative (CyberX).

Cyber security new focus at KPMG (Manx Radio) Former UK government advisor takes on challenge

IBM snaps up £30m cyber security contract from NHS Digital (Digital Health) The three-year partnership will see IBM provide a range of enhanced cyber security services to NHS Digital’s security operations centre.

NHS asks IBM to boost its cyber security defences after WannaCry (IT PRO) Health organisation calls in experts, having failed to meet basic security standards on its own

Products, Services, and Solutions

Trustonic Awarded Cybersecurity Certification By French Government (Trustonic) Trustonic has been awarded the new Security Visa by the French National Cybersecurity Agency. This prestigious stamp of approval is used by the Agence nationale de la sécurité des systèmes d’information (ANSSI) to help commercial businesses and government organizations make informed decisions about cybersecurity solutions.

R9B Awarded Training Contract for U.S. Army Warrant Officer Advanced Course (Markets Insider) R9B (root9B, LLC), a leading provider of advanced cybersecurity products, services, and training annou...

Access Professional Edition 3.7: Personalized access control from Bosch (Help Net Security) Bosch APE 3.7 features: assembly points for emergency situations, personalized permanent open and output signals, supports companies in being compliant with the GDPR requirements.

Technologies, Techniques, and Standards

Preparing for Transport Layer Security 1.3 (Dark Reading) The long-awaited encryption standard update is almost here. Get ready while you can to ensure security, interoperability, and performance.

Top Ten Ways to Reduce Your Digital Footprint (Infosecurity Magazine) What are the options to reduce the size of your digital footprint and how can you take steps to make yourself less visible online?

Four common API vulnerabilities and how to prevent them (Help Net Security) It’s great for an API to give developers access to the data and functions they need to create apps, but only if those connections are protected.

The modern CSO: Future-proofing your organization in a disruptive world (Help Net Security) A modern CSO must have three essential skills. The first is knowledge of the business, the second is technical breadth, and the third is evangelism.

Cyber Resiliency a Feather in CROWS' Flight Cap (SIGNAL) The Air Force office elevates cybersecurity analysis of weapon systems.

The Army is bringing new electronic warfare prototypes home (C4ISRNET) Electronic warfare prototypes designed to counter Russian capabilities in Europe hit Army units stateside.

Design and Innovation

Hands-Off Weaponry Requires Hands-On Planning (SIGNAL) As artificial intelligence revolutionizes warfighting, military leaders must recognize the ramifications.

Intellectual Preparation for Future War: How Artificial Intelligence Will Change Professional Military Education (War on the Rocks) Is the dawn of artificial intelligence and autonomous weapons resulting in a new revolution in military affairs? That’s the question posed by a recent

Top cyber spy warns against dependence on artificial intelligence we don't understand (The Sydney Morning Herald) Artificial intelligence is bringing benefits, but the world isn't thinking enough about the possible pitfalls, an intelligence boss says.

Tech companies just woke up to a big problem with their AI (Quartz) A wave of announcements shows the whole industry is concerned.

The Inefficient Battle Against Phishing Attacks and the Technology to Turn the Tides of War (Infosecurity Magazine) It's important for providers to constantly adapt and block spammer accounts.

Semper Bumble: Are Marines taking to dating app to find new recruits? (Marine Corps Times) This was the experience for at least one unlucky Bumble user who screenshot the exchange.

Legislation, Policy, and Regulation

US Bans China Mobile on Security Concerns (Infosecurity Magazine) Beijing-backed telco denied Section 214 license

The government is right to be cautious about Huawei and China as a cyber threat (Financial Review) With China its largest trade partner, it's clear Australia has a lot to lose from a deteriorating relationship, but evidence shows it is right to be wary of cyber security threats.

Does DoD know how to supply intel for cyber ops? (Fifth Domain) The House Armed Services Committee is requiring a briefing on the Department of Defense's intelligence support to cyber operations.

Making it mandatory to declare data breaches (The Star Online) There needs to be a law to compel Malaysian companies to disclose data breaches, especially when personal information has been stolen.

Litigation, Investigation, and Law Enforcement

The FBI, FTC and SEC are joining the Justice Department’s inquiries into Facebook’s Cambridge Analytica disclosures (TechCrunch) An alphabet soup of federal agencies are now poring over Facebook’s disclosures and the company’s statements about its response to the improper use of its user information by the political consultancy Cambridge Analytica. The Federal Bureau of Investigation, the Federal Trade Commission…

In Newly Obtained Memo, Congress’ Top Cop Said House Democratic Caucus Server VANISHED (Daily Caller) A secret memo marked “URGENT” detailed how the House Democratic Caucus’s server went “missing” soon after it became evidence in a cybersecurity probe. The secret memo also said more than “40 House offices may have been victims of IT security violations.”

Former ICE Chief Counsel Sentenced to Four Years in Prison for Wire Fraud and Aggravated Identity Theft Scheme (US Department of Justice) Former Chief Counsel Raphael A. Sanchez of the U.S. Immigration and Customs Enforcement’s (ICE) Office of Principal Legal Advisor (OPLA) was sentenced to 48 months in prison for a wire fraud and aggravated identity theft scheme involving the identities of numerous aliens, announced Acting Assistant Attorney General John P. Cronan of the Justice Department’s Criminal Division and ICE Principal Legal Advisor Tracy Short.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Nuclear Asset Information Monitoring and Maintenance (Warrington, England, UK, July 3 - 4, 2018) On July 3rd and 4th in Warrington United Kingdom, nuclear industry leaders will meet for the IoE Events Nuclear Asset Information, Monitoring and Maintenance conference to further develop the sector’s...

Cyber Security Summit 2018 (Newport, Rhode Island, USA, July 18 - 20, 2018) Join us for Opal Group’s Cyber Security Summit – set in Newport, RI, this premier event will gather C-Level & Senior Executives responsible for defending their companies’ critical infrastructures together...

The Cyber Security Summit: Seattle (Seattle, Washington, USA, July 19, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.

Health Cybersecurity Summit 2018 (Santa Clara, California, USA, July 20, 2018) Worried about being hacked? Not sure how to respond to a cyber incursion? The first line of defense is a cyber threat preparedness strategy that includes coordination with critical infrastructure and emergency...

Global Cyber Security Summit (Kathmandu, Nepal, July 27 - 28, 2018) Information Security Response Team Nepal (NPCERT) is all set to host a Global Cyber Security Summit (GCSS) on July 27 with the theme “Building Global Alliance for Cyber Resilience”. The two-day event aims...

SINET61 2018 (Melbourne, Victoria, Australia, July 31 - August 1, 2018) Promoting cybersecurity on a global scale. SINET – Melbourne provides a venue where international solution providers can engage with leaders of government, business and the investment community to advance...

Community College Cyber Summit (3CS) (Gresham, Oregon, USA, August 2 - 4, 2018) 3CS is the only national academic conference focused on cybersecurity education at community colleges. Who should attend 3CS? College faculty and administrators, IT faculty who are involved or who would...

2018 Community College Cyber Summit (3CS) (Gresham and Portland, Oregon, USA, August 2 - 4, 2018) 3CS is organized and produced by the National CyberWatch Center, National Resource Center for Systems Security and Information Assurance (CSSIA), CyberWatch West (CWW), and Broadening Advanced Technological...

2nd Billington Automotive Cybersecurity Summit (Detroit, Michigan, USA, August 3, 2018) The 2nd summit on August 3 in Detroit, MI will be the top leadership summit on auto cybersecurity convening a who’s who of speakers in the automotive cybersecurity ecosystem. The inaugural summit included,...

2nd Billington Automotive Cybersecurity Summit (Detroit, Michigan, USA, August 3, 2018) The 2nd summit on August 3 in Detroit, MI will be the top leadership summit on auto cybersecurity convening a who’s who of speakers in the automotive cybersecurity ecosystem. The inaugural summit included,...

Black Hat USA 2018 (Las Vegas, Nevada, USA, August 4 - 9, 2018) Now in its 21st year, Black Hat USA is the world's leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2018 opens with four days...

Audit Your Digital Risk (Washington, DC, USA, August 7 - 8, 2018) Recent reports indicate that manufacturing is the most heavily targeted industry for cyber attacks in the past year. According to a study released by NTT Security, 34% of all documented cyber attacks in...

DefCon 26 (Las Vegas, Nevada, USA, August 9 - 12, 2018) DEF CON has been a part of the hacker community for over two decades. $280.00 USD, cash for all four days. Everyone pays the same: The government, the media, the ‘well known hackers’, the unknown script...

CyberTexas 2018 (San Antonio, Texas, USA, August 14 - 15, 2018) The 2018 CyberTexas Conference will bring members of the CyberUSA community together with industry and government members of Texas to create long-term values for the cybersecurity ecosystem in San Antonio...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.