skip navigation

More signal. Less noise.

2017 cyberattacks proved more numerous, sophisticated, and ruthless than in years past.

WannaCry, NotPetya, ransomware-as-a-service, and fileless attacks abounded. And, that’s not everything. The victims of cybercrime ranged from private businesses to the fundamental practices of democracy. Read The Cylance Threat Report: 2017 Year in Review Report and learn about the threat trends and malware families their customers faced in 2017.

Daily briefing.

Armis reports finding two zero-day flaws in Texas Instruments' Bluetooth Low-Energy chips, widely used in Wi-Fi access points. An attacker would need to be within one-hundred to three-hundred feet of a vulnerable device to gain unauthenticated access to the supported Wi-Fi networks. Armis calls the issue "Bleeding Bit." Texas Instruments has issued a patch for the flaws.

US Cyber Command continues to reach out to individual Russian trolls to deter more extensive information operations aimed at US elections. The direct, unconcealed approach is thought to be disconcerting enough (the US Government knows you, and where you are, and what you do, and it won't forget) to give individual operators (if not the Russian government) pause.

Despite efforts to screen accounts for coordinated inauthenticity, social networks continue to find that denying information operators and their bots access to social media is harder than it looks. Vice News tested Facebooks new commitment to transparency by sending them political ads that falsely represented themselves as being paid for by one-hundred US Senators (that's all the Senators there are). Facebook approved all of them. It's an inherently hard problem.

Dueling bots and fake news sites continue to push rival versions of the murder of Jamal Khashoggi.

Bitdefender's free decryptor for GandCrab ransomware is thought to have deprived the crooks of about a $1 million in ill-gotten revenue. That's not a death-blow to GandCrab, of course, but nonetheless, bravo Bitdefender.

Zscaler has found that the matchmaking app Soulmates, found on Google Play, is actually spyware.


Today's issue includes events affecting Australia, Canada, China, Russia, Saudi Arabia, Turkey, United Kingdom, United Nations, United States.

Create a culture of cybersecurity awareness with Coachable Moments.

According to The Ponemon Institute, two out of three insider threat incidents are caused by employee or contractor mistakes. The good news is, these mistakes can easily be avoided ... with the right coaching. Just in time for Cybersecurity Awareness Month, the Coachable Moments series from ObserveIT gives cybersecurity teams the tools they need to empower people to understand the policies and best-practices intended to keep them safe. Check out Coachable Moments today to learn more.

In today's podcast, up later this afternoon, we speak with our partners at the SANS Institute, as Johannes Ullrich of the ISC Stormcast podcast talks about how malware may be hidden in benign files. Our guest is Tara Combs from Alfresco, discussing coming US cyber regulations.

And Hacking Humans is up. In this week's episode, "Scams are fraud and fraud is crime," we get listener followup on the church pastor scam. Dave explores a phony investment web site. Joe explains phishing, spear phishing and whaling. Fake federal agents are featured in our catch of the day. And Carole Theriault interviews Max Bruce from Action Fraud UK.

Maryland Cybersecurity Career & Education Fair (Rockville, Maryland, United States, November 9 - 10, 2018) Join us for two dynamic days that put on display why Maryland is where cyber works. Friday will feature a career and education fair, connecting cybersecurity job seekers with opportunities across the state of Maryland. On Saturday, high school and undergraduate students compete in our cyber challenge.

Cyber Attacks, Threats, and Vulnerabilities

A pair of new Bluetooth security flaws expose wireless access points to attack (TechCrunch) Security researchers have found two severe vulnerabilities affecting several popular wireless access points, which — if exploited — could allow an attacker to compromise enterprise networks. The two bugs are found in Bluetooth Low Energy chips built by Texas Instruments, which networking device mak…

Two Zero-Day Bugs Open Millions of Wireless Access Points to Attack (Threatpost) Called BleedingBit, this vulnerability impacts wireless networks used in a large percentage of enterprise companies.

Nation-State Hackers Target Managed Service Providers to Access Large Companies (Wall Street Journal) Companies are reviewing basic security protocols following a Department of Homeland Security warning this month about active threats targeting managed service providers.

Beware: China may be reading your email (Asia Times) A new report alleges China uses key internet vulnerabilities to hijack traffic amid claims its technological success is ‘dependent on massive expropriation of foreign R&D’

Fake news network vs bots: the online war around Khashoggi killing (Reuters) On Oct. 20, Arabic-language website published a report that Saud...

Bolton says U.S. is conducting ‘offensive cyber’ action to thwart would-be election distrupters (Washington Post) Trump’s national security adviser also said the Pentagon will face funding challenges as it builds up to counter Russia and China.

U.S. Cyber Command Targeted Russian Operatives to Deter Election Meddling. Here’s Why. (Council on Foreign Relations) Although anonymity is generally prized for successful cyber operations, it might not be ideal in all cases, especially if the United States wants to deter an Russia spreading disinformation. 

Inside the Trump administration’s rudderless fight to counter election propaganda (POLITICO) In the absence of White House coordination, the administration is letting individual agencies respond to foreign governments’ attempts to undermine U.S. elections.

Opinion | The midterms will be the most secure elections we’ve ever held (Washington Post) Any suggestion otherwise is false and dangerous.

Here’s How Much Bots Drive Conversation During News Events (WIRED) About 60 percent of Twitter activity related to the caravan late last week was driven by bots, according to a new tool aimed at news organizations.

Analysis | The Cybersecurity 202: There is more phony political news on social media now than in 2016, report says (Washington Post) But Twitter and Facebook dispute the study's methodology.

Facebook is still approving fake political ads (Naked Security) Just a couple of weeks before the US midterm elections, journalists have revealed that Facebook is continuing to approve fake advertisements from fake sources.

We posed as 100 senators to run ads on Facebook. Facebook approved all of them. (VICE News) On the eve of the 2018 midterms, Facebook's "Paid for by" disclosure for political ads is easily manipulated.

Midterm election survey: Americans distrust news and social media (Express VPN) Results from an ExpressVPN survey before the midterm elections show a lack of faith in voting systems as well as information sources.

Critic's Notebook: 'Frontline' Doc 'The Facebook Dilemma' May Scare You Off Social Media (The Hollywood Reporter) The two-part 'Frontline' special presents a chilling portrait of a social media behemoth that cares more about profits than its users' privacy.

From Silicon Valley elite to social media hate: The radicalization that led to Gab (Washington Post) The founder of the social media platform, which has been linked to the Pittsburgh synagogue shooting suspect, created the site after he felt alienated by liberal Silicon Valley.

Microsoft accused of disclosing Indian banking information with US intelligence agencies (Computing) Indian press reports raise security questions about cloud computing.

Trickbot Shows Off New Trick: Password Grabber Module (TrendLabs Security Intelligence Blog) Trickbot (detected by Trend Micro as TSPY_TRICKBOT.THOIBEAI) now has a password grabber module that steals access from several applications and browsers.

Soulmate: A Dating App That Spies On You (Zscaler) Zscaler ThreatLabZ team came across a piece of spyware disguised as an Android app and hosted on Google Play, Google’s official Android app store. The app portrays itself as partner matching app but the app has capabilities of stealing contacts, tracing current and last-known location, and more

‘Stalkerware’ Website Let Anyone Intercept Texts of Tens of Thousands of People (Motherboard) A hacker exposes the awful security of two companies that sell spyware for consumers. By simply viewing the HTML of a particular website, anyone could log in and rummage through Facebook messages, texts, and phone call data.

SamSam Ransomware Goes on a Tear (Dark Reading) SamSam ransomware hasn't gone away and it's adapting to meet evolving defenses.

Eurostar forces all customers to reset passwords after data breach (The Telegraph) Eurostar has forced all of its customers to reset their passwords after detecting an "unauthorised attempt" to hack into its systems and access their accounts.

FIFA Braced for Revelations After Breach (Infosecurity Magazine) Attackers not thought to be Kremlin-linked

Private details are hacked in raid on Scottish trade hub (Times) Private details of almost 200 companies have been hacked in an attack on the Scottish government’s hub for businesses looking to do business in London. Information including bank details was...

GandCrab ransomware crew loses $1M after Bitdefender releases free decrypter (ZDNet) Bitdefender says over 1,700 victims successfully decrypted GandCrab-locked files within hours of the tool's release.

GandCrab: The most popular Multi-Million Dollar Ransomware of the Year (Security Boulevard) Ransomware has been around for years and has inflicted financial losses estimated in the billions of dollars. As one of the most lucrative types of malware, from a financial perspective, ransomware developers have invested considerable time, effort, and knowledge into perfecting both its delivery mechanisms and its capabilities. Traditional ransomware families such as CryptoWall and

Radisson Rewards Program Targeted in Data Breach (Dark Reading) It's the latest in a series of attacks targeting the travel industry, following incidents at British Airways and Cathay Pacific.

Anatomy of a sextortion scam (Cisco Talos) Since this July, attackers are increasingly spreading sextortion-type attacks across the internet

If Terrorists Launch a Major Cyberattack, We Won’t See It Coming (The Atlantic) National-security experts have been warning of terrorist cyberattacks for 15 years. Why hasn’t one happened yet?

Security Patches, Mitigations, and Software Updates

Apple Fixes Multiple macOS, iOS Bugs Including a Quirky FaceTime Bug (Threatpost) Security updates across all Apple platforms released alongside its new products.

Apple flaw leaves millions of devices exposed to 'ping of death' (The Telegraph) Millions of iPhones, iPads and Macbooks are vulnerable to a flaw that allows hackers to shut down any Apple devices sharing the same Wi-Fi network.

Cyber Trends

Digital Trust Insights (PwC) Digital businesses that lead in safety, security, reliability, privacy and data ethics will be the titans of tomorrow.

Proofpoint Quarterly Threat Report (Proofpoint) The Proofpoint Quarterly Threat Report highlights the threats, trends and key takeaways of threats we see within our large customer base and in the wider threat landscape.

Only half of the Fortune 500 use DMARC for email security (TechCrunch) When Homeland Security told all federal government departments last year to roll out a new email security policy to cut down on incoming spam and phishing emails, three-quarters of all federal domains were compliant by the time of their deadline just a few weeks ago. That’s far more than what…


Shape Security Raises $26M Round Led by Norwest Venture Partners, Joined by JetBlue Technology Ventures and Singtel Innov8 (Shape Security) Round brings Shape’s total raised to $132M, enables global expansion

Intersections Inc., Owner of Consumer Security Platform Identity Guard®, Signs Definitive Agreement to be Acquired by Joint Venture Formed by iSubscribed and Partners (MarketWatch) Acquisition expected to accelerate growth of iSubscribed's Intrusta brand, an integrated consumer security platform that manages digital threats

AI-Fueled Anti-Phishing Start-Up Emerges from Stealth as Almost Half of Phishing Emails Pass Traditional Anti-Spam Filters (PR Newswire) INKY, an email protection startup that leverages the power of unique computer vision and artificial intelligence...

Facebook Sketches a Future With a Diminished News Feed (WIRED) The social media giant expects growth from its Stories platform, plus Messenger and WhatsApp, as it confronts big challenges.

Facebook Growth Slows as It Revamps (Wall Street Journal) Facebook recorded lower revenue than expected as the social-media giant continues to adjust to slowing growth rates. Profit, though, rose more than forecast.

DICT partners with Kaspersky to boost cybersecurity in gov’t (Philippine News Agency) The Department of Information and Communications Technology (DICT) has partnered with international cybersecurity firm, Kaspersky Lab, to strengthen cybersecurity efforts in the government.The DICT has signed a Memorandum of Understanding (MOU) with Kaspersky,  which will enhance...

Department of Human Services awards $102 million in IT services contracts to DXC, Capgemini, Accenture (CRN Australia) As part of the department's ongoing welfare payments overhaul.

Bromium on hunt for new partners (Channelnomics) Cyber security vendor's CRO labels detection-based security as 'fundamentally flawed' as firm looks to grow channel

Products, Services, and Solutions

Tripwire IP360 Enterprise-Class Vulnerability Management Solution Re-Certified To Meet Most Current Common Criteria Certification Standards (Tripwire) Product is one of only 12 ‘Detection Devices and Systems’ recognized globally as being Common Criteria Certified

Bricata Delivers Improved Threat Hunting with Enhanced Network... (Bricata) Security Teams Can Fine Tune Metadata Granularity to Meet Their Unique Needs and Gain Greater Insight into the True Nature of Network Activity

FireMon Delivers Unrivaled Hybrid Cloud Security with New Visibility and Orchestration Capabilities (FireMon) Platform enhancements empower organizations with scalable cloud security and unrivaled business agility

The new Netwrix Auditor 9.7 enhances Prediction, Prevention, Detection and Remediation of security incidents (Netwrix) New features help organizations implement a risk-based security approach and balance their security investments

Covata's Enterprise Security Console to Provide Single Pane Visibility and Control over Sensitive Data (BusinessWire) Covata Limited (ASX: CVT), a data-centric security provider for on-premises and cloud unstructured data, today announced the availability of a unique

NanoLock and Winbond to Unveil Industry’s First Secure Cloud Controller Flash Memory for IoT Devices at electronica 2018 - Press Release (Digital Journal) Will debut the first ever solution to securely protect and manage IoT

DataVisor powers insight into fraud and abuse patterns for enterprise and mobile customers (Help Net Security) The DataVisor Threat Insights Dashboard improves customers’ ability to gain insight into the fraud and abuse impacting their business.

IKARUS Security Software partners with PolySwarm to advance early malware detection (Help Net Security) PolySwarm partners with IKARUS to expand its network of antivirus vendors and developers by uploading IKARUS’ engine into Polyswarm’s marketplace.

WindTalker launches cloud-based content security technology (Help Net Security) The WindTalker platform allows lawyers and business professionals to share documents by securely classifying, encrypting, and redacting sensitive content.

Endgame introduces Total Attack Lookback for incident review (Help Net Security) Endgame Total Attack Lookback provides a record of operating system events, to ensure assessment of the origin and extent of an attack.

Experian unveils the future of instant credit and identity management (PR Newswire) Experian senior executives were joined today by award-winning digital analyst Brian Solis for an open...

Equifax Has Chosen Experian. Wait, What? (KrebsOnSecurity) A year after offering free credit monitoring to all Americans on account of its massive data breach that exposed the personal information of nearly 148 million people,

Alaska Extends Contract with Gemalto to Enhance Driver’s License Security (BusinessWire) Gemalto (Euronext NL0000400653 GTO), and Alaska’s Division of Motor Vehicles will continue their work of providing credentials to citizens with the ad

LogRhythm Advances NextGen SIEM Security Platform With SOAR Features (eWEEK) LogRhythm is adding case playbooks and enhanced response and security operations center metrics to its NextGen SIEM platform.

Technologies, Techniques, and Standards

The case for high-frequency readiness (C4ISRNET) Alarmingly, as hostile near-peer adversaries reemerge, it is necessary to re-establish HF alternatives should very-high frequency, ultra-high frequency or SATCOM come under attack.

The true cost of a data breach (TechRadar) Falling victim to a data breach hurts your business' bottom line as well as its reputation

Design and Innovation

Automating security at AWS: How Amazon Web Services operates with no SOC (CSO Online) Amazon Web Services CISO Stephen Schmidt explains the company's recipe for combining security automation with ways to get management and staff to take security seriously.

How (and why) Microsoft is making its AI study Romeo and Juliet (CRN) Did Romeo actually suffer more emotionally than Juliet? Microsoft's AI thinks so, but it's not a fan of Hamlet,

Research and Development

Kaspersky Lab reveals research on future threat of memory hacking (Intelligent CIO Middle East) Kaspersky Lab has warned that the cyberattackers of the future may be able to exploit memory implants to steal, spy on, alter or control human memories. And while the most radical threats are several decades away, the essential technology already exists in the form of deep brain stimulation devices. Scientists are learning how memories are […]

Legislation, Policy, and Regulation

Estonia knows a lot about battling Russian spies, and the West is paying attention   (Washington Post) The small Baltic nation aims to rattle Moscow by naming and shaming suspected agents. 

Tim Berners-Lee proposes breaking up tech giants (Computing) Companies like Facebook and Amazon are too dominant and hold too much power, says the father of the World Wide Web

How Congress could rein in Google and Facebook (The Verge) Congress is getting ready to take on data privacy — here’s how.

Failure to report Canadian privacy breaches could mean big fines after Nov. 1 (CTVNews) After more than three years of legislative fine-tuning, Canadian businesses will be required as of Thursday to alert their customers and the federal privacy watchdog if there's a danger that personal information under an organization's control has fallen into the wrong hands.

The Personal Information Protection and Electronic Documents Act (PIPEDA) (Office of the Privacy Commissioner of Canada) Find information about Canada’s federal private-sector privacy law.

California Consumer Privacy Act of 2018 – Full Text (Cooley) For your ease of reference, we reproduce here a formatted, hyperlinked copy of the California Consumer Privacy Act of 2018 (CCPA), current as of October 15, 2018. We’ve included our own topic headi…

Budget 2018: US politicians and business groups attack UK Digital Services Tax (Computing) Chancellor Philip Hammond faces US backlash against Digital Services Tax proposal

HHS opens renamed cyber center after management debacle (Federal Times) The Department of Health and Human Services announced the opening of its Health Sector Cybersecurity Coordination Center over a year after debate over the cyber center's reporting structure caused upheaval at the agency.

Gen. Michael Hayden: Overclassification of Cyber Threats Puts Businesses at Risk (Wall Street Journal) “This is the most disruptive thing to happen to us as a species probably since the European discovery of the new world,” he said.

ITU Member States re-elect Houlin Zhao as ITU Secretary-General (ITU) Zhao to lead UN specialized agency for information and communication technology for next four years

Litigation, Investigation, and Law Enforcement

Passcodes are protected by Fifth Amendment, says court (Naked Security) The government isn’t really after the password, after all; it’s after any potential evidence it protects. In other words: fishing expedition.

Prosecutor says Khashoggi was strangled and dismembered, but fate of body still a mystery (Washington Post) Turkish investigators were pursuing the theory that Khashoggi’s body was destroyed in acid, a senior official said.

SingHealth cyber attack COI: Senior manager reluctant to report attack because he did not want to deal with pressure (The Straits Times) "Once we escalate to management, there will be no day no night," read one message from an internal chat retrieved from server log files.. Read more at

Plans to secure Internet access deferred before cyber attack (The Straits Times) A more secure way of accessing the Internet was meant to be put in place to protect public medical systems some time this year, but had to be pushed back to next year because of technical issues.. Read more at

Manhattan DA: Locked Phones Continue to Thwart Criminal Probes (Wall Street Journal) The Manhattan district attorney’s office says encrypted cellphones and tablets continue to hinder its investigations, preventing local prosecutors from solving crimes and winning cases.

RoboCops: AI on the rise in policing to predict crime and uncover lies (Naked Security) PrediPol uses predictive policing algorithms, VeriPol analyzes fake-report text. Who ya gonna call?

Feds accuse ex-CIA employee of continuing leaks from prison (Washington Post) Federal prosecutors have beefed up charges against a former CIA employee, saying he has leaked classified national defense materials while incarcerated

Pittsburgh synagogue suspect pleads not guilty (San Diego Union Tribune) Robert Bowers was arraigned one day after a grand jury issued a 44-count indictment that charges him.

FDIC Still Isn’t Protecting Its Sensitive Information, Audit Finds ( The agency isn’t patching vulnerabilities quickly enough or fixing longstanding information security weaknesses.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Cyber:Secured Forum 2019 (Dallas, Texas, USA, July 29 - 31, 2019) Cyber:Secured Forum delivers two days of in-depth content on cybersecurity trends and best practices related to the delivery of physical security systems and other integrated systems. Collaboratively developed...

Upcoming Events

SecureWorld Denver (Denver, Colorado, USA, October 31 - November 1, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

Cyber Security Dallas (Dallas, Texas, USA, October 31 - November 1, 2018) Cyber Security Dallas will bring top speakers and industry experts to the Dallas-Fort Worth (DFW) metroplex, which boasts one of the largest concentrations of corporate headquarters in the United States.

InfoWarCon 18 (Leesburg, Virginia, USA, November 1 - 3, 2018) InfoWarCon 18 brings together a highly elite group of political, military, academic, DIYer, and commercial cyber-leaders and thinkers from around the world. We examine the current, future, and potential...

RETR3AT Cybersecurity Conference (Montreat, North Carolina, USA, November 2, 2018) Each year, Montreat College’s Center for Cybersecurity Education and Leadership hosts RETR3AT, a conference designed to engage, educate, and raise awareness about cybersecurity in Western North Carolina...

4th Annual Cyber Southwest (CSW) Symposium (Tuscon, Arizona, USA, November 2, 2018) Be a part of the 4th Annual Cyber Southwest (CSW) Symposium set to take place at the University of Arizona, Eller College of Management - McClelland Hall in Tucson, AZ on Friday, November 2nd, 2018. CSW...

Hybrid Identity Protection Conference (New York, New York, USA, November 5 - 6, 2018) Learn what cutting-edge industry leaders are doing to improve identity protection in the modern organization and how they are boosting enterprise security. Network with the world’s leading identity experts...

Hybrid Identity Protection Conference 2018 (New York, New York, USA, November 5 - 6, 2018) The Hybrid Identity Protection Conference is the premier educational and networking event for identity experts. Learn what cutting-edge industry leaders are doing to improve identity protection in the...

Cyber Security & Artificial Intelligence MENA Summit (Dubai, UAE, November 6 - 7, 2018) Cyber Security and Artificial Intelligence MENA Summit has been designed to bring you a remarkable opportunity to gain fresh insights into areas such as artificial intelligence and machine learning impact...

2nd Annual Aviation Cyber Security Summit Summit (London, England, UK, November 6 - 7, 2018) Now in its 2nd year, the Cyber Senate Aviation Cyber Security and Resilience Summit (AVCIP2018) will take place on 6th and 7th in London United Kingdom 2018. This two-day executive forum will include presentations,...

Federal IT Security Conference: FITSC 2018 (College Park, Maryland, USA, November 7, 2018) Phoenix TS and Federal IT Security Institute (FITSI) are partnering to host the third annual Federal IT Security Conference (FITSC) this November. Speakers from NIST, DHS, the Defense Department as well...

SINET Showcase (Washington, DC, USA, November 7 - 8, 2018) Highlighting and advancing innovation. SINET Showcase provides a platform to identify and highlight “best-of-class” security companies that are addressing the most pressing needs and requirements in Cybersecurity.

SecureWorld Seattle (Seattle, Washington, USA, November 7 - 8, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

Infosecurity North America (New York, New York, USA, November 14 - 15, 2018) With 23+ years of global experience creating leading information security events, Infosecurity Group is coming to New York in November 2018. Infosecurity North America will provide a focussed business...

Kingdom Cyber Security (Riyadh, Saudi Arabia, November 20 - 21, 2018) Setting a game plan to boost cyber resilience at the national level.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.