skip navigation

More signal. Less noise.

Are you investing wisely in threat intelligence?

Download this free guide from Recorded Future to learn the 11 questions you must answer before buying threat intelligence.

Daily briefing.

According to McAfee, North Korean threat actor Hidden Cobra is prospecting Turkish financial institutions. The campaign appears to be reconnaissance for some larger, future operation yet to develop.

Something that's not Pyongyang's work is the series of attacks surrounding last month's Winter Olympics. Signs pointing toward North Korea in those attacks are now generally regarded as false flags, probably hoisted by Russian state operators.

Recorded Future has a report on China's National Vulnerability Database (CNNVDB). Dating in that database seems to have been altered in ways designed to obscure Chinese government hacking.

At midweek Microsoft succeeded in stopping a large-scale cryptojacking infestation that attempted to infect some four-hundred-thousand users over the space of a few hours. The mining software was carried as the payload of the Dofoil (or Smoke Loader) Trojan. The mining application supports NiceHash, and so can work with a variety of cryptocurrencies.

Memcrash distributed denial-of-service attacks have spread across a variety of targets. In addition to the well-known attack on GitHub, other victims have included Google, the National Rifle Association, PlayStation Network, Amazon, and Kaspersky.

A debugging app appears to have been left on OnePlus phones, leaving them open to attackers who could abuse the app to obtain root access.

Adobe has patched Flash Player, and also Acrobat and Reader.

In the US, White House officials note that cybersecurity reports required of Federal agencies under Executive Order 13800 are for the most part in, and that the public can expect to see policy changes as a result.


Today's issue includes events affecting Democratic Peoples Republic of Korea, Republic of Korea, Netherlands, Russia, Turkey, United States.

A note to our readers: the CyberWire is happy to have been chosen as a finalist for the Maryland Cybersecurity Diversity Award (and the Cybersecurity Association of Maryland's People's Choice Award). You can find out more about the awards (and how to vote for us, if you'd like) here.

Thanks to those of you who pointed out some repetition of articles in yesterday's CyberWire. It was an email error; you'll find the corrected issue up on our site.

How seamlessly is your data ingested across vendors?

To successfully fend off increasingly sophisticated cyber attacks, organizations need security tools that work effectively and efficiently across vendors. Join LookingGlass’ webinar with IBM and Cisco overviewing how STIX/TAXII2 standards-based technologies support solving those challenges in a new and effective manner. Sign up now!

In today's podcast we speak with our partners at Terbium Labs, as Emily Wilson talks about the issues surrounding attempts to spend our way to security. Our guest,  Priscilla Moriuchi from Recorded Future, describes their research documenting a backdating issue in the CNNVD, China’s National Vulnerability Database.

How to Sell Your Cyber Startup's Software to Large Fortune 500 Companies (Fulton, Maryland, USA, March 15, 2018) Joe Silva, VP Cyber Threat & Intelligence at TransUnion, will share his perspective on how large Fortune 500 companies approach buying software from cyber start-ups. Early stage founders and technology innovators come to learn, network & enjoy free food & beverages.

Billington International Cybersecurity Summit (Washington, DC, USA, March 21, 2018) Billington International Cybersecurity Summit, March 21, Washington, D.C. Cybersecurity leaders from Asia, Europe, the Middle and U.S. on global threats and best practices, including Acting DoD CIO and Singapore Cyber Commissioner-designate. Sponsor Opportunities: Sandy Nuwar at 443-994-9832

Cyber Security Summits: Denver on March 22 & May 15 in Dallas (Denver, Colorado, USA, March 22, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Darktrace, IBM and more. Register with promo code cyberwire50 for half off your admission (Regular price $350)

Third Annual Cyber Investing Summit 5/15/18 (New York, New York, USA, May 15, 2018) Renowned cyber security executive David DeWalt will deliver the keynote address at the Third Annual Cyber Investing Summit. The Cyber Investing Summit is a unique all-day conference focused on the financial opportunities available in the rapidly growing cyber security industry. Panels will explore sector investment strategies, market growth forecasts, equity valuations, merger and acquisition activity, cryptocurrency protection, funding for startups, and more. Speakers include leading Chief Information Security Officers, VC founders, financial analysts, cyber security innovators from publicly traded and privately held companies, and government experts.


SINET ITSEF 2018: The current state of cybersecurity. (The CyberWire) SINET ITSEF takes as its mission "bridging the gap between Silicon Valley and the Beltway," convening leaders in technology, investment, government, and business to discuss challenges and opportunities in cybersecurity. Panels and workshops take up questions of immediate and enduring concern to the security industry and its stakeholders.

RiskSense CEO to Discuss the Need for Bug Bounty Reform at SINET ITSEF 2018 (PR Newswire) RiskSense®, Inc., the pioneer in intelligent...

Cyber Attacks, Threats, and Vulnerabilities

North Korea Threat Group Targeting Turkish Financial Orgs (Dark Reading) Hidden Cobra appears to be collecting information for a later strike, McAfee says.

US intel chief: North Korea is the ‘hardest intelligence collection target’ (Defense News) The head of the U.S. Defense Intelligence Agency has warned lawmakers of North Korea's and China's military ambitions.

Surprise: Norks not actually behind Olympic Destroyer malware outbreak – Kaspersky (Register) Who framed Pyongyang, then, we wonder

Russian group 'more likely' behind Seoul Games attack (iTWire) A cyber attack during the opening ceremony of last month's Winter Olympics appears to have been carried out using sophisticated malware that has the h...

Chinese Backdated Bug Disclosures to Hide State Hacking: Report (Infosecurity Magazine) Chinese Backdated Bug Disclosures to Hide State Hacking: Report. Don’t trust Beijing’s national vulnerability database, says Recorded Future

China Altered Public Vulnerability Data to Conceal MSS Influence (Recorded Futrue) In November 2017 Recorded Future published research examining the publication speed for China's National Vulnerability Database (CNNVDB).

Router-Hacking 'Slingshot' Spy Operation Compromised More Than 100 Targets (WIRED) A sophisticated hacking campaign used routers as a stepping stone to plant spyware deep in target machines across the Middle East and Africa.

Windows security: Microsoft fights massive cryptocoin miner malware outbreak (ZDNet) Microsoft has blocked a malware outbreak that could have earned big bucks for one criminal group.

Microsoft Stops Malware Campaign That Tried to Infect 400,000 Users in 12 Hours (BleepingComputer) Microsoft revealed today that Windows Defender stopped a massive malware distribution campaign that attempted to infect over 400,000 users with a cryptocurrency miner during a 12-hour period on March 6, 2018.

Massive Coin-Mining Attempt Targets Nearly Half a Million PCs (Infosecurity Magazine) Dofoil uses a customized mining application that supports NiceHash, so it can mine different cryptocurrencies.

Windows 10 flaw allowed attackers to open malicious websites… even... (HOTforSecurity) You may think your Windows 10 computer is locked, but is it really? Israeli researchers Tal Be’ery and Amichai Shulman have discovered a way of just using voice commands to make locked Windows 10 computers visit a website under the control of malicious... #cortana #voiceassistant #windows10flaw

Vulnerable Apache Solr, Redis, Windows servers hit with cryptominers (Help Net Security) Vulnerable servers of all kinds are being targeted, compromised and made to mine cryptocurrencies for the attackers, as SANS ISC handler Renato Marihno warns about an active campaign.

Apache SOLR: the new target for cryptominers (SANS Internet Storm Center) Earlier this year, I wrote about a campaign targeting vulnerable Oracle WebLogic installations to deploy cryptocurrency miners

Researchers develop 'SgxSpectre' security exploit that can crack Intel's SGX secure environment | Computing (Computing) Intel security feature cracked wide open by university researchers exploiting Spectre CPU security flaw

Russian Propaganda Remains on Reddit (WIRED) Reddit has deleted hundreds of Russian troll accounts, but the links they shared remain, forming a digital trail of the Internet Research Agency's actions on the platform.

Tennessee Senate Campaign Sees Possible Hack (Dark Reading) Phil Bredesen's campaign for US senate sees a hacker's hand in email messages

Debugging Tool Left on OnePlus Phones, Enables Root Access (Threatpost) Phone maker OnePlus is being blasted for leaving a developer debugging app on its handsets allowing phones to be rooted by an attacker with physical access to the device.

Google, PlayStation & NRA suffered DDoS attacks via Memcached servers (HackRead) It turns out other than GitHub, Google, NRA, PSN, Amazon, Kaspersky, and others have also suffered DDoS attacks via Memcached servers.

NRA Websites Heavily Targeted by Memcached-Based DDoS Attacks (BleepingComputer) Websites associated with the US National Rifle Association (NRA) have often been the targets of Memcached-based DDoS attacks, according to Qihoo 360's Network Security Research Laboratory (Netlab).

Rift keels over after Oculus forgets to renew security certificate (Naked Security) Users got an unwelcome dose of non-virtual reality: “Can’t reach Oculus Runtime Service”

Look-Alike Domains and Visual Confusion (KrebsOnSecurity) How good are you at telling the difference between domain names you know and trust and impostor or look-alike domains?

Universities Lag in DMARC Adoption (Infosecurity Magazine) Only 11.2% have adopted the DMARC email security framework

Addenbrooke's computer system failures 'not related to cyber attack' (Cambridge News) Planned surgeries were cancelled and ambulances were diverted to other hospitals across the region

Security Patches, Mitigations, and Software Updates

Adobe Patches Flash Player, 56 Bugs in Reader and Acrobat (Threatpost) Adobe released a monster update for Acrobat and Reader patching dozens of remote code execution vulnerabilities, along with a Flash Player update addressing a handful of critical flaws.

Facebook says “let me get that for you”, secures your links (Naked Security) The campaign to make HTTPS universal scored a huge win this week.

Hardcoded password and Java deserialization flaws found in Cisco products (CP Blog) The set of security updates recently released by Cisco also includes two advisories for critical vulnerabilities, a hardcoded password, and a Java deserialization flaw. The lasters set of security updates released by Cisco also includes two advisories for critical vulnerabilities. The first issue is a hardcoded password, tracked as CVE-2018-0141, that affects Cisco’s Prime Collaboration Provisioning … The post Hardcoded password and Java deserialization flaws found in Cisco products appeared first on Security Affairs.

Cyber Trends

It’s Time to Drop “Cyber” from Our Vocabulary (TechNative) “Cyber” is a lazy term that references anything connected to a computer, network, the Internet, or information technology writ large

Cyber sector tries to shake off ‘men in hoodies’ image (Financial Times) Looking beyond science graduates helps companies boost female intake


Cybersecurity: NY's Midsize Law Firms to Face Increased Scrutiny (New York Law Journal) Big banks put the pressure on Big Law first when concerns about cybersecurity came to the forefront experts say. But now midsize law firms that have successfully competed for some of that business will lose those clients if they don't meet the same cybersecurity standards as the big firms do.

Startup Attacks Splunk In $6B Cyberthreat Data Market (Forbes) Why would a company buy software from a startup when a large publicly-traded supplier is happy to sell it to you? The answer is easy to say and hard to do—companies buy from startups that beat the incumbent with a better solution to their problem at a lower cost.

Why Investors Should Hold On To Palo Alto (PANW) Stock Now? ( Of late, shares of Palo Alto Networks Inc. PANW have been on an upswing. The stock has been on a bullish run, appreciating 28.5% in the year so far..

Products, Services, and Solutions

New infosec products of the week​: March 9, 2018 (Help Net Security) This week's featured infosec products contain releases from the following vendors: Nehemiah Security, StreamSets, Veritas Technologies, and Aqua Security.

Leonardo Teams with Nozomi Networks to Secure Critical Infrastructures for its International Customers (Nozomi Networks) Critical and industrial infrastructure and related control systems (Industrial Control Systems) are increasingly exposed to cyber attacks and therefore require greater levels of detection to develop more effective protection and response capabilities.

Sikur’s COO: Hacker Diversity Essential in Securing SIKURPhone (HackerOne) German cybersecurity company, Sikur, has high demands for security - it’s Secure Communication Platform is utilized by governments, corporations, and high-level executives. In addition, the company just announced a new cryptocurrency wallet for its secure mobile device, SIKURPhone at Mobile World Congress in Barcelona.

How Did Government Agencies and Companies Prevent over 250,000 Data Breach Incidents in 2017 (Secure Data Destruction, Hard Drive Shredding and Electronics Recycling) In 2017, government agencies and companies of all sizes used a Maryland Cyber Security firm - eEnd - to destroy over 250,000 computer hard drives which contained several million records.

Facebook-owned Onavo quietly launches Bolt App Lock, a data-tracking app that locks other apps (TechCrunch) Onavo, the data-security app maker Facebook acquired in 2013 in order gain insights into mobile user activity across apps, has quietly launched a new app..

Amazon’s trying to get Alexa to stop laughing at us (Naked Security) Amazon’s Alexa has been startling people by randomly laughing.

Hilltop Cybersecurity to Launch Early Warning System for a New Form of Cyber Attack (GlobeNewswire News Room) Hilltop Cybersecurity Inc, (“Hilltop” or the “Company”). (CSE:CYBX) (OTC:BGGWF), is pleased to announce that it has begun pre-launch testing of its prototype Early Warning System for advanced cyber-threats.

Comodo CA Launches Industry Leading Certificate Manager 6.0 for Next Generation Digital Certificate Management & Automation (GlobeNewswire News Room) Automatic provisioning for F5 BIG-IP including WildCard and Multi-Domain as well as Microsoft CA certificates discovery, management and replacement through a single interface

Technologies, Techniques, and Standards

Entropy sources: How do NIST rules impact risk assessments? (SearchSecurity) New NIST guidelines highlight the importance of testing entropy sources during a risk assessment. Learn how this benefits the enterprise with Judith Myerson.


UWF partners with National Security Agency to improve cyber security training (Pensacola News Journal) UWF partners with National Security Agency to improve cyber security training

Military members earning college credits with cyber analysis course (WEAR) The University of West Florida is teaming up with the National Security Agency to help military members earn degrees in cybersecurity.Active military members who complete the NSA's Joint Cyber Analysis Course will now be able to earn college credit at UWF.

Legislation, Policy, and Regulation

Cyber Operations and the U.S. Definition of “Armed Attack” (Just Security) What are the real world effects of the unusual U.S. view of the scope of any nation's right to use military force in self-defense.

US Not Effectively Countering Russia Cyber Threat, Top General Says (CBS Baltimore) The top US general in Europe has said he does not believe there is a unified effort across the US government to confront Russian cyberthreats.

China Spends More on Domestic Security as Xi’s Powers Grow (Wall Street Journal) Beijing has substantially increased spending on domestic security, reflecting concern about threats inside its borders as President Xi moves to acquire more power and reassert Communist Party authority.

White House hints at new cyber policies (FCW) Changes sparked by the cybersecurity executive order are on the horizon, a top administration official said, as cyber workforce issues continue to challenge agencies.

U.S. Hasn't Shared Enough About Cyber Risks, Official Says ( The U.S. government has failed to share enough information about cyber threats, including risks to election systems, with federal agencies and states, according to a top Trump administration intelligence official.

GAO: Homeland Security too slow in hiring cyber workers (Fifth Domain) The Department of Homeland Security has failed to hire needed cybersecurity professionals even though it was given approval to do so by Congress in 2014, according to a report released March 8 by the Government Accountability Office.

Litigation, Investigation, and Law Enforcement

Russian state TV anchor warns 'traitors' (BBC News) Top TV channels end a near-silence on the UK spy poisoning with a "warning to traitors".

Keep those nuclear secrets secret. OK, I'll hoard them in my attic (CSO Online) Weldon Marshall recently pled guilty to stealing U.S government secrets associated with the U.S. nuclear weapons systems and keeping them in his Texas home.

Best Buy's Geek Squad and the FBI have been in bed together for years (CSO Online) The FBI has been paying Geek Squad employees to act as informants, according to documents obtained by the EFF via a Freedom of Information Act lawsuit.

Operation Bayonet: Inside the Sting That Hijacked an Entire Dark Web Drug Market (WIRED) Dutch police detail for the first time how they secretly hijacked Hansa, Europe's most popular dark web market.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

PCI Security Standards Council Middle East and Africa Forum (Cape Town, South Africa, March 14 - 15, 2018) Don’t miss the data security event of the year for the payment card industry. Join us for: networking opportunities, updates on industry trends, insights and strategies on best practices, engaging keynotes...

SecureWorld Boston (Boston, Massachussetts, USA, March 14 - 15, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

Cyber 9-12 (Washington, DC, USA, March 16 - 17, 2018) Now entering its fifth year, the Cyber 9/12 Student Challenge is a one-of-a-kind competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges...

Infosecurity Magazine Spring Virtual Conference (Online, March 21, 2018) Tune in on Wednesday March 21 for day two of our two-day online event to learn what’s going on at the heart of the industry. Our easy to digest format offers a mix of short sessions, panel debates and...

3rd Annual Billington International Cybersecurity Summit (Washington, DC, USA, March 21, 2018) With confirmed speakers from Estonia, Romania, Singapore, Sweden, the United States, and Kuwait, and with attendees from many more countries, this summit brings together world-class cybersecurity thought...

Infosecurity Magazine North America Virtual Conference (Online, March 21 - 22, 2018) Tune in on Wednesday March 21 for day two of our two-day online event to learn what’s going on at the heart of the industry. Our easy to digest format offers a mix of short sessions, panel debates and...

The Cyber Security Summit: Denver (Denver, Colorado, USA, March 22, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.

Women in CyberSecurity 2018 (Chicago, Illinois, USA, March 23 - 24, 2018) Through the WiCyS community and activities we expect to raise awareness about the importance and nature of cybersecurity career. We hope to generate interest among students to consider cybersecurity as...

Northeast Regional Security Education Symposium (Jersey City, New Jersey, USA, March 23, 2018) The Professional Security Studies Department at New Jersey City University (NJCU) will hold its Northeast Regional Security Education Symposium on Friday, March 23, 2018, from 8 am to 2 pm. The symposium...

KNOW Identity Conference 2018 (Washington, DC, USA, March 26 - 28, 2018) The premier global event for the identity industry, the KNOW Identity Conference is the nexus for identity innovation, offering a uniquely differentiated, powerful, and immersive event that convenes the...

SecureWorld Philadelphia (Philadelphia, Pennsylvania, USA, March 28 - 29, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

National Cyber League Spring Season (Chevy Chase, Maryland, USA, March 30 - May 25, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...

4th Middle East Cyber Security Summit (Riyadh, Saudi Arabia, April 4 - 5, 2018) The summit will feature state of the art presentations, hackathons and technology showcasing from regional and international experts and leading technology providers. One of the focus areas of the summit...

Cybersecurity: A Shared Responsibility (Auburn, Alabama, USA, April 8 - 10, 2018) During the 2018 SEC Academic Conference, we will explore three themes within cyber security: the underlying computer and communication technology; the economic and physical systems that are controlled...

Sea-Air-Space: The Navy League’s Global Maritime Exposition (National Harbor, Maryland, USA, April 9 - 11, 2018) Join us this April for Sea-Air-Space, the largest maritime exposition in the U.S., with 275+ exhibitors displaying the latest in maritime, defense and energy technology. This year’s theme, “Learn. Compete.

2018 Mississippi College Cybersecurity Summit (Clinton, Mississippi, USA, April 10 - 11, 2018) The 2018 Mississippi College Cybersecurity Summit is a conference designed to engage, educate, and raise awareness about cybersecurity across the nation. The 2018 Cybersecurity Summit will provide valuable...

ISC West 2018 (Las Vegas, Nevada, USA, April 11 - 13, 2018) ISC West is THE largest security industry trade show in the U.S. At ISC West, you will have the chance to network with over 30,000 security professionals through New Products & Technologies encompassing...

CYBERTACOS San Francisco (San Francisco, California, USA, April 16, 2018) CYBERTACOS is back and becoming one of the biggest cybersecurity networking events! Register today and join us for networking, food and drinks. This event includes a 45-minute meet the press panel made...

RSA Conference 2018 (San Francisco, California, USA, April 16 - 20, 2018) Take this opportunity to learn about new approaches to info security, discover the latest technology and interact with top security leaders and pioneers. Hands-on sessions, keynotes and informal gatherings...

Our Security Advocates (San Francisco, California, USA, April 17, 2018) OUR Security Advocates highlights a diverse set of experts from across information security, safety, trust, and other related fields. OURSA is a single-track, one-day conference with four topic sessions.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.