skip navigation

More signal. Less noise.

Get trending threat insights delivered to your inbox.

Do you want trending information on hackers, exploits, and vulnerabilities every day for free? Subscribe now to the Recorded Future Cyber Daily.

Daily briefing.

Ukrainian authorities say they've detected and stopped a VPNFilter attack against a chemical plant engaged in chlorine distribution to water purification plants. Details are still emerging, and the investigation is in its early stages. VPNFilter is a modular attack platform that shares some features with DarkEnergy, well-adapted to information stealing. It's not clear whether (or how) the attack might have produced physical damage, but a cyber operation that touches water distribution is alarming.

NATO's meetings arrived at some resolutions committing to operations in cyberspace. The discussions were particularly direct in calling out hostile "disinformation" campaigns as a threat. Reports this week offer new details on probable Russian information operations directed against French and US elections.

Comment spam has resurfaced on WordPress blogs. The malicious comments direct the unwary to World Cup betting sites.

Intel releases notes on patches and mitigations for newly disclosed speculative execution side-channel vulnerabilities. Chrome's site isolation feature is offered as a mitigation for Spectre-class bugs.

Russia resumes its path towards Internet autarky, with its "parallel Internet" set to reach significant initial milestones at the beginning of August. It may not make economic sense, but that's not the point.

Australia has succeeded in excluding Huawei from an undersea communications cable that would serve the Solomon Islands and Papua New Guinea.

The US Army, as planned, has issued its first two direct commissions into its new Cyber Branch. The officers enter as first lieutenants. Such direct commissions have been offered for some years to medical and legal professionals.


Today's issue includes events affecting Australia, China, France, Namibia, NATO/OTAN, Papua New Guinea, Russia, Solomon Islands, United States.

Is your malware lab a pain to use? Want a ridiculously easy to use malware lab?

Security teams who use a cloud browser can reduce the time spent investigating cases by more than 50%. Instead of wasting time spinning up a VDI, using Tor or connecting to a jumpbox, get online in seconds with Silo, a secure cloud browser and egress from hundreds of points of presence around the world.

In today's podcast, we hear from our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin discusses California’s consumer privacy ballot measure. Our guest is Martin Hellman, professor emeritus at Stanford University and well-known for his co-creation of Diffie–Hellman key exchange. Among other things he'll talk about his new book, A New Map for Relationships: Creating True Love at Home and Peace on the Planet.

The Cyber Security Summit: Seattle on July 19 and Chicago on August 29 (Seattle, Washington, United States, July 19, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, The NSA, Dell, CenturyLink and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350).

Dragos Industrial Security Conference (DISC) 11/5/18 (Hanover, Maryland, United States, November 5, 2018) Reserve your spot now for the Dragos Industrial Security Conference (DISC) on November 5th, 2018. DISC is a free, annual event for our customers, partners, and those from the ICS asset community. Visit for more information.

Cyber Attacks, Threats, and Vulnerabilities

Ukraine Security Service Stops VPNFilter Attack at Chlorine Station (Dark Reading) The facility's process control system and emergency-detection system were infected, Interfax Ukraine reports.

VPNFilter-affected Devices Still Riddled with 19 Vulnerabilities (TrendLabs Security Intelligence Blog) This blog tackles the recently ill-famed VPNFilter malware and if deployed devices are vulnerable to it. VPNFilter is a newly discovered, multi-stage malware (detected by Trend Micro as ELF_VPNFILT.A, ELF_VPNFILT.B, ELF_VPNFILT.C, and ELF_VPNFILT.D) that affects many models of connected devices. Based on our data from June 1 to July 12, plenty of the devices are still using old firmware versions. In fact, 19 known vulnerabilities, not only taken advantage of by VPNFilter but other malware as well, can still be detected in devices up to this day.

Uncovering Foreign Trolls (Trying) To Influence French Elections on Twitter (Just another infosec blog type of thing) An inside look at a cyber psychological operation against France

Russian Influence Campaign Sought To Exploit Americans' Trust In Local News ( Russian influence-mongers appear to have created a number of fake local news Twitter accounts — and spent years posting real headlines.

Advanced Mobile Malware Campaign in India uses Malicious MDM (Cisco Talos) Cisco Talos has identified a highly targeted campaign against 13 iPhones which appears to be focused on India.

A Wordpress SPAMbot Wants You to Bet on the 2018 FIFA World Cup (Blog | Imperva) Our researchers recently picked up on a spike in SPAM activity directed at sites powered by WordPress, which, naturally, led us to investigate.

Cyber attackers cashing in on ‘hidden’ attack surface ( Cyber attackers are cashing in on organisations’ lack of visibility into all online interactions that can involve multiple third parties, a report reveals

Facebook privacy loophole allowed personal data of 'closed' group members to be downloaded (Computing) Chrome extension allowed sensitive data to be accessed by marketers

Dark web marketplace found selling access to airport's security system (HackRead) According to researchers at McAfee dark web marketplaces are selling remote desktop protocol (RDP) access of a major airport.

Researchers Tricked AI Into Doing Free Computations It Wasn't Trained to Do (Motherboard) Google researchers demonstrated that a neural network could be tricked into performing free computations for an attacker. They worry that this could one day be used to turn our smartphones into botnets by exposing them to images.

What is cross-site scripting (XSS)? Low-hanging fruit for both attackers and defenders (CSO Online) With XSS, attackers enter malicious code into a web form or web app URL to trick the application into doing something it's not supposed to do.

Cryptominer Delivered Though Compromized JavaScript File (SANS Internet Storm Center) Yesterday I found an interesting compromised JavaScript file that contains extra code to perform crypto mining activities. It started with a customer's IDS alerts on the following URL...

Analysis | The Cybersecurity 202: House Democrats list states with weakest election security in new report (Washington Post) But no Republicans signed on.

Ransomware technique uses your real passwords to trick you (TechCrunch) A few folks have reported a new ransomware technique that preys upon corporate inability to keep passwords safe. The notes – which are usually aimed at instilling fear – are simple: the hacker says “I know that your password is X. Give me a bitcoin and I won’t blackmail you.…

Sextortion Scam Uses Recipient’s Hacked Passwords (KrebsOnSecurity) Here’s a clever new twist on an old email scam that could serve to make the con far more believable.

Security Patches, Mitigations, and Software Updates

Intel Announces Spectre Patch Release Schedule For Newly Discovered Side-Channel Exploit (HotHardware) Security researchers have discovered another side-channel vulnerability, for which Intel is patching.

Chrome Now Features Site Isolation to Defend Against Spectre (Threatpost) A new feature called site isolation is being tapped to protect Chrome users against Spectre.

Cisco Patches High-Severity Bug in VoIP Phones (Threatpost) Cisco also patched three medium-security flaws in its network security offerings; and, it issued a fix for a high-severity bug in its platform for mobile operator routers, StarOS.

Security Advisory - Use After Free Vulnerability on Smartphone (Huawei) There is a use after free vulnerability on mediaserver component in smartphone.

Cyber Trends

IBM Study: Hidden Costs of Data Breaches Increase Expenses for Businesses (IBM News Room) IBM (NYSE: IBM) Security today announced the results of a global study examining the full financial impact of a data breach on a company's bottom line. Overall, the study found that hidden costs...

IoT security spend to reach $6 billion by 2023 (Help Net Security) A new study from Juniper Research found that spending on IoT cybersecurity solutions is set to reach over $6 billion globally by 2023. It highlighted

42% of organizations globally hit by cryptomining attacks (Help Net Security) Cybercriminals are aggressively targeting organizations using cryptomining malware to develop illegal revenue streams, according to Check Point.

The West Set to Lose Nearly $19bn to Fraud in 2018 (Infosecurity Magazine) The West Set to Lose Nearly $19bn to Fraud in 2018. Forrester claims blockchain might hold the answer

Nice Quotes, But I Wouldn’t Take Cybersecurity Advice from Alphonse Karr (Infosecurity Magazine) Changes are both the enemy and the ally of cybersecurity, but in both cases, it is absolutely not the case that security is unaffected by change.


What Do VCs Want in Security Startups? Dell Tech Capital Dishes - (SDxCentral) Dell Technologies’ venture arm invests about $100 million annually in technology startups, and about a quarter goes to security companies.

Building the Next Generation of Cybersecurity Talent (Infosecurity Magazine) Let's embrace the talent we already have and get them into apprenticeships early in their careers while they’re still malleable

Lessons from My Strange Journey into InfoSec (Dark Reading) Establishing an entree into the security world can be a maddeningly slow process. For those of us already here, it can be an opportunity to help others.

Huawei shut out from Pacific internet cable scheme as PNG, Solomon Islands sign on (CRN Australia) PNG and Solomon Islands sign up for undersea cable project.

ZTE back in business within days after signing agreement with US government (Computing) ZTE close to lifting US 'denial order' that brought production lines juddering to a halt

L3 Strengthens Intelligence Collection and Surveillance Capabilities With Cyber Acquisitions (BusinessWire) L3 Technologies (NYSE:LLL) announced today that it has entered into a definitive agreement to acquire Azimuth Security and Linchpin Labs, two informat

L3 Technologies announces Cyber acquisitions (Seeking Alpha) L3 Technologies (LLL -0.2%) agrees to acquire two information security businesses, Azimuth Security and Linchpin Labs that strengthens L3’s existing C6ISR capabilities.

Two more deals for L3's defense makeover -- Washington Technology (Washington Technology) L3 Technologies' latest acquisitions highlight the strategy to recast the company as a more formidable defense technology player.

Broadcom loses US$19 billion in market value after bid to buy CA (CRN Australia) Investors and analysts struggling to find clear reason for the deal.

Intel buys low-power chip maker eASIC for high-performance computing (CRN Australia) Nearly 20-year-old semiconductor company once tried to go public.

Making cybersecurity work, one state at a time, starting with Virginia (CIO Dive) State officials need to ensure that businesses know what supply chains, and thereby threat networks, they are a part of.

ManTech scores $1B NSA IT win (Washington Technology) ManTech International wins an almost $1 billion National Security Agency contract for global enterprise IT services.

TLDR Capital launches security division led by veteran FBI Special Agents and Navy SEALs ( Leading crypto investment and advisory firm brings specialized cyber and physical security to at-risk market participants

Northrop Grumman Announces CEO Transition (Northrop Grumman Newsroom) Northrop Grumman (NYSE: NOC) chairman and chief executive officer Wes Bush announced today that he will step down from the position of chief executive officer effective Jan. 1, 2019. He will remain chairman through...

Accenture hires Army, industry veteran as defense and intelligence head (Defense News) The industry veteran will use his experience to streamline Accenture's development of new technology platforms for the U.S. Defense Department.

(ISC)2 Appoints Mark Johnson Director of Cybersecurity Advocacy for EMEA Region (PRNewswire) 40-year security industry veteran will focus on improving cyber awareness among government, education and private organizations

Syniverse appoints former FBI agent as its new Chief Security and Risk Operator (Totaltelecom) Syniverse's new CRO is a decorated security veteran who has served as the FBI's Special Agent in Charge and as the FBI’s senior representative to the National Security Agency

Products, Services, and Solutions

Accenture Touchless Testing Platform integrates AI technology (Help Net Security) The AI technology will be integrated into the Accenture Touchless Testing Platform, further strengthening its analytics and cognitive capabilities.

Proofpoint Launches Innovative Cloud Account Defense Solution to Detect and Respond to Compromised Microsoft Office 365 Accounts (GlobeNewswire News Room) Cybersecurity leader enables organizations to detect, investigate, and remediate Microsoft Office 365 credential theft, mitigating financial and data loss

Check Point and WireX Systems partner to improve network security (PRNewswire) Check Point and WireX Systems today announced a strategic partnership to accelerate their customers' ability to monitor, detect and neutralize security threats. T

Decatur launches computer based maritime cyber security training (Marinelog) Dulles, VA, headquartered Decatur Marine Audit & Survey has launched a maritime cyber security computer based training (CBT) program that provides a comprehensive overview of cyber-security issues.

CyberArk Privileged Access Security Solution is available on AWS Marketplace (Help Net Security) CyberArk is delivering flexibility for AWS customers that are prioritizing risk reduction and want to simplify and automate privileged credential protection for the cloud.

ThreatMetrix Summer '18 Release Delivers Two Big New Security Features (Mobile ID World) ThreatMetrix has upgraded its eponymous digital security platform with a couple of important new features. One is the implementation of...

Secret Server Vault Edition Makes Enterprise-Class Privileged Account Management Accessible for Organizations of All Sizes (PRNewswire) Thycotic Empowers Small, Mid-size and Enterprise-class Organizations to Protect the Most Vulnerable Parts of their Attack Surface

BeyondTrust and Thales to deliver joint security product ( Joint product to offer better security to control passwords and the privileges associated with data access.

Alcinéo selects Trustonic platform to protect mPOS apps (Electronic Payments International) Payment solutions developer Alcinéo has selected Trustonic solution in a step to secure its mobile point of sale (mPOS) apps.

Technologies, Techniques, and Standards

Don’t assume artificial intelligence is either artificial or intelligent | Opinion (Research Live) AI may lure people into thinking it's impartial, but it can't exist without human intervention, so it should be treated with the same caution as any form of analysis. 

Cloud security - who should take ownership in the enterprise? (Information Age) Gary Marsden, Senior Director, Data Protection Services at Gemalto, explains who should be most responsible for protecting data in the cloud

An overview of the OT/ICS landscape for cyber professionals (Help Net Security) Most cyber security professionals take for granted the information technology or IT nature of their work. That is, when designing cyber protections for

Want to avoid GDPR fines? Adjust your IT procurement methods (Help Net Security) Gartner advises sourcing and vendor management (SVM) leaders to review all IT contracts in order to stay compliant and avoid GDPR fines.

How can SMEs recover customers’ trust after a cyber attack (Elite Business Magazine) Hack attacks threaten companies once every two and a half minutes. But the question is how they can recover people’s confidence when they’ve been breached

SOCs Use Automation to Compensate for Training, Technology Issues (Dark Reading) Executives and front-line SOC teams see human and technology issues in much different ways, according to two new reports.

Design and Innovation

This is the city the Army has picked for its new Futures Command (Defense News) The Army's new four-star command designed to tackle its most pressing modernization priorities is about to get weird.

Facebook would make a martyr by banning Infowars (TechCrunch) Alex Jones’ InfoWars is a fake news-peddler. But Facebook deleting its Page could ignite a fire that consumes the network. Still, some critics are asking why it hasn’t done so already. This week Facebook held an event with journalists to discuss how it combats fake news. The company’s r…

Research and Development

Gargoyle: Innovative solution for preventing insider attacks (Help Net Security) A group of researchers has released a paper on Gargoyle, a new and very promising network-based solution for preventing insider attacks.

Researchers find that filters don’t prevent p[0]rn (TechCrunch) In a paper entitled Internet Filtering and Adolescent Exposure to Online Sexual Material, Oxford Internet Institute researchers Victoria Nash and Andrew Przybylski found that Internet filters rarely work to keep adolescents away from online porn. “It’s important to consider the efficacy…


Delta School competes against the best in Collegiate Cyber Defence Invitational – bags award (Namibia Economist) Namibia participated in the International Collegiate Cyber Defence Invitational and was represented by Delta Secondary School (DSS) which went on to win the Att

Legislation, Policy, and Regulation

Is Russia about to launch a parallel internet? (Fifth Domain) Russia's crazy plan to control a second internet is a sign that Russian digital aggression is set to continue.

NATO summit boosts cybersecurity amid uncertainty (Fifth Domain) In what appears to be a first for NATO, leaders twice mentioned the threat of “disinformation campaigns,” that have spread chaos through western countries.

Is the Threat of Escalation Viable Cyber Deterrence? (CyberDB) The question that governments ask is how to deter hostile acts in cyberspace? Perhaps the reality is that there is no viable answer...

European Parliament Votes for Cybersecurity Labelling Scheme (Computer Business Review) A European parliamentary committee has voted overwhelmingly in favour of giving more power and a greater budget to EU cybersecurity agency ENISA.

Innovation board has a dozen ideas to help fix DoD's software acquisition ( The Defense Innovation Board, tasked by Congress with finding ways to lower DoD's software acquisition costs and speed projects up, says the department needs to begin by asking different questions of its development teams.

House puts aside Peter Strzok fight to authorize US intelligence programs (Washington Examiner) The House on Thursday passed a bipartisan bill reauthorizing policies and spending for the nation’s intelligence community for two years.

Army commissions first cyber officers but hurdles remain (Fifth Domain) The Army has commissioned its first two officers as part of a new direct commissioning pilot for cyber personnel.

Litigation, Investigation, and Law Enforcement

China Arrests Trojan Developers Who Controlled over 1 Million Computers for Mining (CoinCentral)  

Senate To Probe Growing Cybersecurity Threats, Is Energy Infrastructure Safe? (Forbes) With cyberattacks and information theft reaching millions of Americans each day, just how safe are America's electric and natural gas systems?

AFP investigating airport security card data hack (ABC News) A company that issues Aviation Security Identity Cards has been hacked, leading to concerns airport security has been compromised.

Analysis | 7 key moments from Peter Strzok’s wild hearing (Washington Post) Anger boils over into threats of holding Strzok in contempt and Democrats accusing Republicans of holding a mockery of a hearing.

Sen. Feinstein failed to disclose husband’s Facebook stock before Zuckerberg testified: report (The Mercury News) Sen. Dianne Feinstein, D-Calif., failed to disclose her husband owned more than $100,000 in Facebook shares before Facebook CEO Mark Zuckerberg testified to the Senate in April, according to a new …

The Trump Administration Is Hiding a Crucial Report on NSA Spying Practices (American Civil Liberties Union) Despite requests from a senator and the European Union, the Trump administration is refusing to make public an important report by a federal privacy watchdog about how the U.S. government handles personal information swept up by its surveillance.

CACI settles NSA case for $1.5 million ( CACI Technologies has agreed to pay the U.S. government $1.5 million to settle an allegation that it breached a contract with the National Security Agency, the Justice Department announced earlier this month.

Hacker Compromises Air Force Captain to Steal Sensitive Drone Info (Threatpost) The thief also had a second dataset, including the M1 Abrams maintenance manual, a tank platoon training course, a crew survival course and documentation on improvised explosive device (IED) mitigation tactics.

How the US Government Secretly Sold 'Spy Phones' to Suspects (WIRED) In at least one instance, DEA agents sold an encrypted BlackBerry to a suspected drug smuggler—and kept the encryption key.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

PCI Security Standards North America Community Meeting (Las Vegas, Nevada, USA, September 25 - 27, 2018) The PCI Security Standards Council’s 2018 North America Community Meeting is THE place to be. We provide you the information and tools to help secure payment data. We lead a global, cross industry effort...

Zero Day Con: Hacking Democracy (Washington, DC, USA, October 16, 2018) Join Zero Day Con and Strategic Cyber Ventures on October 16th in Washington, D.C. to examine the path forward in reducing our attack surface, managing risk, regaining control of our networks and data,...

PCI Security Standards Europe Community Meeting (London, England, UK, October 16 - 18, 2018) The PCI Security Standards Council’s 2018 Europe Community Meeting is THE place to be. We will provide you with the information and tools to help secure payment data. We lead a global, cross industry effort...

Symposium on Securing the IoT (Boston, Massachussetts, USA, October 29 - 31, 2018) Join us for the Symposium on Securing The Internet of Things, featuring keynote speakers from the leading industry companies who are solving the issues of IoT and secure connectivity. There will also be...

Upcoming Events

Cyber Security Summit 2018 (Newport, Rhode Island, USA, July 18 - 20, 2018) Join us for Opal Group’s Cyber Security Summit – set in Newport, RI, this premier event will gather C-Level & Senior Executives responsible for defending their companies’ critical infrastructures together...

The Cyber Security Summit: Seattle (Seattle, Washington, USA, July 19, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.

Health Cybersecurity Summit 2018 (Santa Clara, California, USA, July 20, 2018) Worried about being hacked? Not sure how to respond to a cyber incursion? The first line of defense is a cyber threat preparedness strategy that includes coordination with critical infrastructure and emergency...

Global Cyber Security Summit (Kathmandu, Nepal, July 27 - 28, 2018) Information Security Response Team Nepal (NPCERT) is all set to host a Global Cyber Security Summit (GCSS) on July 27 with the theme “Building Global Alliance for Cyber Resilience”. The two-day event aims...

SINET61 2018 (Melbourne, Victoria, Australia, July 31 - August 1, 2018) Promoting cybersecurity on a global scale. SINET – Melbourne provides a venue where international solution providers can engage with leaders of government, business and the investment community to advance...

Community College Cyber Summit (3CS) (Gresham, Oregon, USA, August 2 - 4, 2018) 3CS is the only national academic conference focused on cybersecurity education at community colleges. Who should attend 3CS? College faculty and administrators, IT faculty who are involved or who would...

2018 Community College Cyber Summit (3CS) (Gresham and Portland, Oregon, USA, August 2 - 4, 2018) 3CS is organized and produced by the National CyberWatch Center, National Resource Center for Systems Security and Information Assurance (CSSIA), CyberWatch West (CWW), and Broadening Advanced Technological...

2nd Billington Automotive Cybersecurity Summit (Detroit, Michigan, USA, August 3, 2018) The 2nd summit on August 3 in Detroit, MI will be the top leadership summit on auto cybersecurity convening a who’s who of speakers in the automotive cybersecurity ecosystem. The inaugural summit included,...

2nd Billington Automotive Cybersecurity Summit (Detroit, Michigan, USA, August 3, 2018) The 2nd summit on August 3 in Detroit, MI will be the top leadership summit on auto cybersecurity convening a who’s who of speakers in the automotive cybersecurity ecosystem. The inaugural summit included,...

Black Hat USA 2018 (Las Vegas, Nevada, USA, August 4 - 9, 2018) Now in its 21st year, Black Hat USA is the world's leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2018 opens with four days...

Audit Your Digital Risk (Washington, DC, USA, August 7 - 8, 2018) Recent reports indicate that manufacturing is the most heavily targeted industry for cyber attacks in the past year. According to a study released by NTT Security, 34% of all documented cyber attacks in...

DefCon 26 (Las Vegas, Nevada, USA, August 9 - 12, 2018) DEF CON has been a part of the hacker community for over two decades. $280.00 USD, cash for all four days. Everyone pays the same: The government, the media, the ‘well known hackers’, the unknown script...

CyberTexas 2018 (San Antonio, Texas, USA, August 14 - 15, 2018) The 2018 CyberTexas Conference will bring members of the CyberUSA community together with industry and government members of Texas to create long-term values for the cybersecurity ecosystem in San Antonio...

SecureWorld Bay Area (Santa Clara, California, USA, August 21, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

The Air Force Information Technology & Cyberpower Conference (Montgomery, Alabama, USA, August 27 - 29, 2018) As the premiere Air Force cyber security annual event, the Air Force Information Technology & Cyberpower Conference (AFITC) returns to Montgomery, Alabama in August of 2018. As a critical intersection...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.