skip navigation

More signal. Less noise.

Are you investing wisely in threat intelligence?

Download this free guide from Recorded Future to learn the 11 questions you must answer before buying threat intelligence.

Daily briefing.

North Korea's online operations are famous for having proceeded from vandalism to lucrative cybercrime, but their role in espionage shouldn't be discounted. Pyongyang's cyber operators are said to have hacked the UN panel responsible for administering economic sanctions leveled against the DPRK.

Dutch intelligence services report that state-directed cyberespionage has risen precipitously. Microsoft's president says we're witnessing a level of activity in cyberspace consistent with active warfare.

Quick Heal reports Chinese and Russian operators are showing a continued interest in Apache Struts exploits. Patching is strongly advised.

Another vulnerability affects servers: the Exim message transfer agent is susceptible to buffer overflow bugs. Devcore, which described the issue, recommends Exim users upgrade to version 4.90.1.

Palo Alto Networks reports finding a new, multi-functional cryptojacker in the wild. "ComboJack" steals Bitcoin, Litecoin, Monero, and Ethereum by replacing a wallet's legitimate address with the attacker's.

President Trump and Director of National Intelligence Coates say the US is fully determined to stop Russia (or anyone else) from interfering with midterm elections.

Two sad incidents display the lethal intersection of the informational and the kinetic. ISIS is using a video that purports to show the deaths of US special operations personnel during an ambush in Niger. The Caliphate has entered its terrorist diaspora phase. No longer able to maintain pretenses to governing, ISIS returns to its familiar online playbook of depraved inspiration. In the UK, police and intelligence organizations are treating the poisoning of a former Russian intelligence officer and his daughter as attempted assassinations.


Today's issue includes events affecting Armenia, China, European Union, Democratic Peoples Republic of Korea, Netherlands, Niger, Russia, United Kingdom, United Nations, United States.

A quick note to our readers: the CyberWire is pleased to have been chosen as a finalist for the Maryland Cybersecurity Diversity Award (and the Cybersecurity Association of Maryland's People's Choice Award). You can find out more about the awards (and how to vote for us, if you'd like) here. We'd very much appreciate your vote.

How seamlessly is your data ingested across vendors?

To successfully fend off increasingly sophisticated cyber attacks, organizations need security tools that work effectively and efficiently across vendors. Join LookingGlass’ webinar with IBM and Cisco overviewing how STIX/TAXII2 standards-based technologies support solving those challenges in a new and effective manner. Sign up now!

In today's podcast, we hear from our partners at Booz Allen Hamilton, as Chris Poulin discusses the coming generation IoT devices (including things like security robots). Our guest is Sylvain Gil from Exabeam talking about business-by-design, and the importance of the design process in security solutions.

Billington International Cybersecurity Summit (Washington, DC, USA, March 21, 2018) Billington International Cybersecurity Summit, March 21, Washington, D.C. Cybersecurity leaders from Asia, Europe, the Middle and U.S. on global threats and best practices, including Acting DoD CIO and Singapore Cyber Commissioner-designate. Sponsor Opportunities: Sandy Nuwar at 443-994-9832

Cyber Security Summits: Denver on March 22 & May 15 in Dallas (Denver, Colorado, USA, March 22, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Darktrace, IBM and more. Register with promo code cyberwire50 for half off your admission (Regular price $350)

Third Annual Cyber Investing Summit 5/15/18 (New York, New York, USA, May 15, 2018) Renowned cyber security executive David DeWalt will deliver the keynote address at the Third Annual Cyber Investing Summit. The Cyber Investing Summit is a unique all-day conference focused on the financial opportunities available in the rapidly growing cyber security industry. Panels will explore sector investment strategies, market growth forecasts, equity valuations, merger and acquisition activity, cryptocurrency protection, funding for startups, and more. Speakers include leading Chief Information Security Officers, VC founders, financial analysts, cyber security innovators from publicly traded and privately held companies, and government experts.


Acalvio Executive to Moderate Panel on Deception Technology at SINET 2018 (PR Newswire) Acalvio™ Technologies, an innovator in Advanced Threat Defense,...

Cyber Attacks, Threats, and Vulnerabilities

Leaked ISIS propaganda video allegedly shows deaths of US troops in Niger ambush (Military Times) The Islamic State released a propaganda video Sunday that allegedly depicts the Oct. 4 ambush near the village of Tongo Tongo, Niger, that killed four U.S. soldiers.

The Pentagon Says Everyone Who Watches Or Just Mentions A Disturbing Video Is Helping ISIS (Task & Purpose) The video includes footage from the soldiers’ helmet cameras that was later captured by the Islamic State.

U.N. issued trade sanctions against North Korea; then hackers infiltrated it (Chicago Tribune) The Washington Post reviewed a heavily redacted draft of a forthcoming report from the U.N. Panel of Experts, which includes the UN account of the attack.

Dutch intel agency: Volume, complexity of cyberattacks rises (Fifth Domain) The Dutch General Intelligence and Security Service said in its 2017 report a growing number of foreign powers are using cyber espionage “to acquire information that they use for (geo) political gain.”

Chinese, Russian hackers counting on Apache Struts vulnerabilities - a report by Quick Heal Security Labs (Seqrite Blog) Apache Struts is an open-source CMS based on MVC framework for developing Java EE Web Applications. Apache Struts has been widely used by many Fortune 100 companies and government agencies over the years for developing web applications. But, websites built using a CMS constantly need to upgrade the CMS versions in their web application servers, because vulnerabilities in the CMS framework directly …

400k servers may be at risk of serious code-execution attacks. Patch now (Ars Technica) Widely used message transfer agent patched buffer overflow last month.

Design Weakness in Microsoft CFG Allows Complete Bypass (Dark Reading) Researchers from Italy's University of Padua will demo a new technique to evade Control Flow Guard, the widely deployed security mechanism, at Black Hat Asia.

GandCrab Ransomware Version 2 Released With New .Crab Extension & Other Changes (BleepingComputer) GandCrab version 2 was released, which contains changes that supposedly make it more secure & allow us to differentiate it from the original version. In this article we will provide a quick overview as to what has changed & how you can identify that you are are infected with the new GandCrab version.

CryptoLurker hacker crew skulk about like cyberspies, earn $$$ (Register) Miner prying by minor spying

Coinminer Comes with a Process "Kill List" to Keep Competitors at Bay (BleepingComputer) Security researchers have spotted the first cryptocurrency miner that includes a "kill list" feature that shuts down the processes of other coinminers in an attempt to hog the infected computer's mining power only for itself.

"ComboJack" Malware Steals Multiple Virtual Currencies (SecurityWeek) ComboJack malware is capable of stealing a variety of crypto-coins from its victims by replacing legitimate wallet addresses with that of the attacker.

Flashpoint - Refund Fraud and Fake Receipts Proliferate on the Deep & Dark Web (Flashpoint) Refund fraud targeting a variety of retailers is openly discussed on the underground forums of the Deep & Dark Web (DDW), where illicit vendors offering fraudulent refund services are commonplace.

SonicWall seeing a Cambrian explosion of side-channel attacks (ZDNet) Attackers are testing the side-channel waters in the wake of Meltdown, and so far we have been lucky it is just proof of concepts.

Airlines Could Be Leaking Your Private Data (Fast Company) International airline Emirates was virtually handing over customers’ sensitive information to marketers and hackers, according to a data security engineer.

IoT Security Disconnect: As Attacks Spike, Device Patching Still Lags (Threatpost) More than half of businesses have faced IoT-related attacks, yet only a third consider IoT cyber security “very important.”

Five worrying cyberthreats to connected tech (Raconteur) As connected technology develops, potential threats to cybersecurity multiply. Here are five major areas of concern

W-2 information of Scottsboro City Schools employees compromised in phishing incident (KnowBe4) W-2 information of Scottsboro City Schools employees compromised in phishing incident

Facebook Onavo VPN app collects user data even when its off (HackRead) According to a security researcher, Facebook's Onavo VPN app is spying on users and collecting data even when the VPN app is turned off.

‘We know all about you’ – MoviePass CEO admits to tracking users (Naked Security) “We watch where you go afterwards,” Mitch Lowe said at an industry forum. “We know all about you.”

Security Patches, Mitigations, and Software Updates

Android's March 2018 Patches Fix Critical, High Risk Flaws (SecurityWeek) Google released its March 2018 set of security updates for Android to address numerous Critical and High severity vulnerabilities in the popular mobile operating system.

Windows 10 bug: Microsoft fixes issue that broke USB, built-in cameras, keyboards (ZDNet) Microsoft has addressed a USB and onboard device bug it introduced in its February security update.

Safer browsing coming soon to MacOS Chrome users (Naked Security) Google’s security team recently announced that Chrome is expanding its “Safe Browsing” capabilities to help protect MacOS users from Mac-specific threats and malware.

Cyber Trends

The Global State of Information Security Survey 2018 (PwC) Strengthening digital society against cyber shocks

Global Security Trends for 2018 (Versasec) Poll shows enterprises, SMEs will change global security strategies based on Europe's GDPR - more than half will add identity and access security solutions in 2018.

Netwrix Survey: Tech and IT Companies Are the Driving Force of Cloud Security Investments (Netwrix) Netwrix surveyed 853 companies to learn how companies in various industries and geography locations deal differently with cloud security risks

Microsoft president: Cyber is the new war (Axios) "These are the kinds of attacks that one would more typically associate with times of war."

FMs must step up fight against cyber hacking, conference told (FM World) The UK faces catastrophe if it does not step up cybersecurity measures, according to a cybersecurity consultant speaking at the BIFM London conference this week.

Hospitality industry is key infosec battleground (SC Media UK) The hospitality industry has become a front line in the cyber-security battle, as a combination of factors has seen attacks rise significantly.

Design and Innovation

Army to base new Futures Command in major city, blend tech and academic cultures (Army Times) The Army will start with a list of 30 possible cities due this week to the Army secretary and chief of staff, Undersecretary Ryan McCarthy said.

Research and Development

Here's a Discovery That Could Lead Us To Lightsabers (Nextgove) A new form of light could lead to breakthroughs in quantum computing ... and maybe lightsabers.

New Facial Recognition System Relies on the Speed of Light for Security (BleepingComputer) Academics have designed a new facial recognition system that relies on the way light patterns reflect off the human face to distinguish between individuals, and on the speed with which the system reads the reflected light to detect forgery attempts.

Legislation, Policy, and Regulation

Trump says he'll counteract any Russia meddling in midterms (Fifth Domain) Top intelligence officials, however, have said that so far, the U.S. has responded weakly to Russia’s disinformation campaign to sow discord in America and raise doubts about the integrity of the presidential election.

Top intel official insists White House ‘engaged’ on Russian threat to midterms (TheHill) Director of National Intelligence Dan Coats says the White House is concerned about Russian interference but acknowledges the executive branch has not put forth a 'coherent strategy.'

While U.S. ponders response to Russia, agencies' hands are tied in cyberspace, intelligence chief says (Cyberscoop) After senators repeatedly criticized him for the weak U.S. response to Russian cyberattacks and propaganda, the head of the intelligence community complained Tuesday that a lack of policy had stifled his agencies from taking action.

Playing Defence - Nuclear Posture Review allows nuclear response to cyber (SC Media UK) Calls from around the US pour into the White House Situation Room reporting power plants shutting down affecting tens of millions of people.

A date with data: Demystifying EU’s data protection regulations (Deccan Chronicle) The GDPR outlines a common regulatory framework pertaining to data security, under which they are held accountable for its security.

DISA approves sharing mission critical information via the cloud (C4ISRNET) DISA is working with CSRA to transition mission critical information to the cloud.

The IT crowd: FBI, HHS and DoD get new technology leaders (Federal Times) Some federal agencies will see appointments, nominations and career moves bringing fresh faces to important positions within their information technology offices.

Litigation, Investigation, and Law Enforcement

MI5 believes Russians tried to kill former spy Sergei Skripal (Times) The suspected poisoning of a former Kremlin double agent and his daughter is being treated as an assassination attempt linked to Russia, Whitehall sources said last night. Sergei Skripal, 66, and...

Judge raises doubts in NSA hoarder case (POLITICO) There’s little doubt that Hal Martin, a computer specialist who worked with an elite NSA hacking unit, had a large volume of classified information at his Maryland home.

Australian diplomat whose tip prompted FBI’s Russia-probe has tie to Clintons (TheHill) The Australian diplomat whose tip in 2016 prompted the Russia-Trump investigation previously arranged one of the largest foreign donations to Bill and Hillary Clinton’s charitable efforts, documents show. Former Australian Foreign Minister Alexander Downer’s role in securing $25 million in aid from his country to help the Clinton Foundation fight AIDS is chronicled in decade-old government memos archived on the Australian foreign ministry’s website.  

FBI's Aussie Trump-Russia Tipper Linked to Firm U.S. Intel Chiefs Distrust (LifeZette) Former Foreign Minister Alexander Downer was a member of the board of directors of Huawei Australia and aggressively denied its cyber-warfare involvement

If Andrew McCabe lied, could he be charged like Michael Flynn? (TheHill) Andrew McCabe may have misled investigators about a leak to the media on the Clinton investigation.

Devin Nunes: ‘We Know Exactly Who Was Getting Information From The Russians. It Was The Hillary Clinton Campaign’ (The Daily Caller) Republican California Rep. Devin Nunes made a stunning claim on Fox News Monday. "Democrats were trying to get information from Russians to use against the Trump campaign.

Opinion | The FBI's secret warrant against Carter Page should scare us (NBC News) A secret, non-adversarial system of judicial review is an insufficient check to our intelligence agencies and law enforcement.

Armenian national security agency detects forgers of official papers (ARKA) Armenia’s national security agency has detected an organized group made up of Armenian citizens and foreigners who have long been engaged in forgery of official documents.

Two Scammers, Five Mules Arrested in BEC Bust (SecurityWeek) A investigation led to the arrest of one French and one Belgian national for their part in large scale CEO fraud (also known as business email compromise -- BEC).

Facebook photos expose “sick” couple as food poisoning fakers (Naked Security) Thanks to happy Facebook holiday photos, fraudsters have lost their compensation battle with holiday company Tui.

Best Buy defends practice of informing FBI about child porn it finds (Ars Technica) New documents produced as a result of FOIA lawsuit brought by EFF.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

SINET ITSEF 2018 (Silicon Valley, California, USA, March 7 - 8, 2018) Bridging the gap between Silicon Valley and the Beltway. SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment...

AFFIRM and USCC 5th Annual Cybersecurity Summit (Arlington, Virginia, USA, March 8, 2018) The 5th Annual Cybersecurity Summit is a place for important discussions about the challenges with cyber-security and is also a significant benefit both for the AFFIRM scholarship program, which helps...

PCI Security Standards Council Middle East and Africa Forum (Cape Town, South Africa, March 14 - 15, 2018) Don’t miss the data security event of the year for the payment card industry. Join us for: networking opportunities, updates on industry trends, insights and strategies on best practices, engaging keynotes...

SecureWorld Boston (Boston, Massachussetts, USA, March 14 - 15, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

Cyber 9-12 (Washington, DC, USA, March 16 - 17, 2018) Now entering its fifth year, the Cyber 9/12 Student Challenge is a one-of-a-kind competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges...

Infosecurity Magazine Spring Virtual Conference (Online, March 21, 2018) Tune in on Wednesday March 21 for day two of our two-day online event to learn what’s going on at the heart of the industry. Our easy to digest format offers a mix of short sessions, panel debates and...

3rd Annual Billington International Cybersecurity Summit (Washington, DC, USA, March 21, 2018) With confirmed speakers from Estonia, Romania, Singapore, Sweden, the United States, and Kuwait, and with attendees from many more countries, this summit brings together world-class cybersecurity thought...

Infosecurity Magazine North America Virtual Conference (Online, March 21 - 22, 2018) Tune in on Wednesday March 21 for day two of our two-day online event to learn what’s going on at the heart of the industry. Our easy to digest format offers a mix of short sessions, panel debates and...

The Cyber Security Summit: Denver (Denver, Colorado, USA, March 22, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.

Women in CyberSecurity 2018 (Chicago, Illinois, USA, March 23 - 24, 2018) Through the WiCyS community and activities we expect to raise awareness about the importance and nature of cybersecurity career. We hope to generate interest among students to consider cybersecurity as...

Northeast Regional Security Education Symposium (Jersey City, New Jersey, USA, March 23, 2018) The Professional Security Studies Department at New Jersey City University (NJCU) will hold its Northeast Regional Security Education Symposium on Friday, March 23, 2018, from 8 am to 2 pm. The symposium...

SecureWorld Philadelphia (Philadelphia, Pennsylvania, USA, March 28 - 29, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

National Cyber League Spring Season (Chevy Chase, Maryland, USA, March 30 - May 25, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...

4th Middle East Cyber Security Summit (Riyadh, Saudi Arabia, April 4 - 5, 2018) The summit will feature state of the art presentations, hackathons and technology showcasing from regional and international experts and leading technology providers. One of the focus areas of the summit...

Cybersecurity: A Shared Responsibility (Auburn, Alabama, USA, April 8 - 10, 2018) During the 2018 SEC Academic Conference, we will explore three themes within cyber security: the underlying computer and communication technology; the economic and physical systems that are controlled...

Sea-Air-Space: The Navy League’s Global Maritime Exposition (National Harbor, Maryland, USA, April 9 - 11, 2018) Join us this April for Sea-Air-Space, the largest maritime exposition in the U.S., with 275+ exhibitors displaying the latest in maritime, defense and energy technology. This year’s theme, “Learn. Compete.

2018 Mississippi College Cybersecurity Summit (Clinton, Mississippi, USA, April 10 - 11, 2018) The 2018 Mississippi College Cybersecurity Summit is a conference designed to engage, educate, and raise awareness about cybersecurity across the nation. The 2018 Cybersecurity Summit will provide valuable...

ISC West 2018 (Las Vegas, Nevada, USA, April 11 - 13, 2018) ISC West is THE largest security industry trade show in the U.S. At ISC West, you will have the chance to network with over 30,000 security professionals through New Products & Technologies encompassing...

CYBERTACOS San Francisco (San Francisco, California, USA, April 16, 2018) CYBERTACOS is back and becoming one of the biggest cybersecurity networking events! Register today and join us for networking, food and drinks. This event includes a 45-minute meet the press panel made...

RSA Conference 2018 (San Francisco, California, USA, April 16 - 20, 2018) Take this opportunity to learn about new approaches to info security, discover the latest technology and interact with top security leaders and pioneers. Hands-on sessions, keynotes and informal gatherings...

Our Security Advocates (San Francisco, California, USA, April 17, 2018) OUR Security Advocates highlights a diverse set of experts from across information security, safety, trust, and other related fields. OURSA is a single-track, one-day conference with four topic sessions.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.