skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

A CyberWire Daily News Briefing redesign is coming.

Over the next two weeks we'll be rolling out a new design for our email, the better to avoid falling into spam traps or becoming enmeshed in the array of anti-phishing measures enterprises increasingly deploy. You've seen some of the changes already with our addition of inline links to our summary.

When the redesign is complete, you'll see fewer links to suggested reading in the email itself. That selected reading will remain present in its entirety on our website, posted as always with the appropriate Daily News Briefing. We hope you'll find the new format more user-friendly. We'll announce the date of the rollout as it approaches. And, as always, thanks for subscribing and reading.

Several malicious apps have been found in Google Play. Eight of them, according to researchers at Kochava, are ad-fraud fronts associated with two Chinese firms that also operate in the US: Cheetah Mobile and Kika Tech (Buzzfeed). Trend Micro also reports malware posing as Android voice apps. They suggest this foreshadows formation of a significant botnet. Some, but not all, of the malicious apps have been taken down.

Facebook receives a Parliamentary grilling in the UK today (Guardian). Both Facebook and Google have come in for criticism recently in Europe, the former for alleged data abuse and “fake news,” the latter mostly for alleged monopolistic practices. Paradoxically, GDPR has seemed to work in the two companies’ favor, as the EU data protection regime may have suppressed upstart competitors (Politico).

Citizen Lab reports that associates of slain Mexican journalist Javier Valdez Cárdenas received texts carrying NSO Group Pegasus spyware. Cárdenas was murdered in 2017, apparently by drug cartels. Citizen Lab notes that Mexico’s government has been an NSO customer.

Russia’s guttering war against Ukraine erupted in naval attacks against Ukrainian ships in the Sea of Azov (Times). Ukraine says Russia’s intent is to consolidate its control of Crimea and ultimately establish sovereignty over the Black Sea as a whole. Ukraine has declared martial law. Expect an escalation in the hybrid conflict's cyber operations.

Privacy? Bah. Not only might your smart speaker be spying on you (Motherboard), but that smart lightbulb could have its metaphorical eye on your data as well (SecurityWeek).


Today's issue includes events affecting Australia, China, European Union, India, Mexico, Netherlands, Nigeria, Russia, Ukraine, United Arab Emirates, United Kingdom, United States.

How to Budget for Insider Threat Management, Proactively

According to a Ponemon Institute study, 34% of cybersecurity professionals said a lack of budget was a major barrier to effective insider threat management. So, how do you ask for the budget you need to proactively detect and stop insider threats? The latest guide from ObserveIT gives you the in-depth information you need to ask for a dedicated insider threat line item in your cybersecurity budget. Download The Guide to Budgeting for Insider Threat Management today.

In today's podcast, we speak with our partners at the SANS Institute, as Johannes Ullrich (proprietor of the ISC Stormcast podcast) talks about DNS over HTTPS and network visibility. Our guest is Shaun Bierweiler from Hortonworks, who discusses the use of open source software in the federal space.

And the Recorded Future podcast, produced in cooperation with the CyberWire, is also up. This episode is on "Bringing Intelligence Community Expertise to the Private Sector."

International Spy Museum's 2nd Annual William H. Webster Distinguished Service Award Dinner (Washington, DC, United States, November 28, 2018) Join the Spy Museum for the second annual William H. Webster Distinguished Service Award Dinner honoring Admiral William H. McRaven on Wednesday, November 28 at The Ritz-Carlton. For tickets, visit

Cyber Security Summit: November 29 in Los Angeles (Los Angeles, California, United States, November 29, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The CIA, The City of Los Angeles, Verizon, CenturyLink and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350)

Rapid Prototyping Event: The Turing Test (Columbia, Maryland, United States, December 11 - 13, 2018) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Prototyping Event in which participants implement an automated process to interact with a Microsoft Windows machine just as a human user may do with the goal being to fool a human judge who is monitoring target computers via Remote Desktop Protocol (RDP) or Virtual Network Computing (VNC) into thinking a normal user is interacting with that machine and not an automated program or process.

Cyber Attacks, Threats, and Vulnerabilities

A Journalist Was Killed in Mexico. Then His Colleagues Were Hacked. (New York Times) Text messages sent to them were infected with a spyware that the Mexican government bought from an Israeli cyber arms dealer, according to a forensic analysis.

Reckless VI: Mexican Journalists Investigating Cartels Targeted with NSO Spyware Following Assassination of Colleague (The Citizen Lab) Two days after the murder of award-winning Mexican journalist Javier Valdez Cárdenas, two of his colleagues began receiving text messages laden with NSO Group's Pegasus spyware. To date, 24 targets of Pegasus have been identified in Mexico. This case additionally illustrates an alarming trend of spyware attacks around the world specifically aimed at journalists.

Widely used open source software contained bitcoin-stealing backdoor (Ars Technica) Malicious code that crept into event-stream JavaScript library went undetected for weeks.

Bypassing CVE-2018-15442: Another case of DLL Hijacking (SecureAuth) As an exploit writer, one of my tasks consists of gathering common vulnerabilities and exposures (CVE) and all of the information related to them in order to design an exploit for Core Impact. As part of this process I stumbled across CVE-2018-15422: A vulnerability in the update service of Cisco WebEx Meetings Desktop App for Windows.   

Fake Voice Apps on Google Play, Botnet Likely in Development (TrendLabs Security Intelligence Blog) Several apps on Google Play posing as legitimate voice messenger platforms have automated functions such as fake survey pop-ups and fraudulent ad clicks.

These Hugely Popular Android Apps Have Been Committing Ad Fraud Behind Users’ Backs (BuzzFeed News) “Why isn't Google immediately dropping such apps from the Play store and advising users to uninstall them?” one analyst asked.

AutoIt-Compiled Worm Affecting Removable Media Delivers Fileless Version of BLADABINDI/njRAT Backdoor (TrendLabs Security Intelligence Blog) We came across a worm that propagates through removable drives and installs a fileless version of the BLADABINDI/njRAT backdoor.

Researchers Use Smart Bulb for Data Exfiltration (SecurityWeek) Researchers with software risk measurement and management company Checkmarx were able to create two mobile applications that abuse the functionality of smart bulbs for data exfiltration.

People Who Buy Smart Speakers Have Given Up on Privacy, Researchers Find (Motherboard) Smart speakers raise a number of privacy questions, which owners are choosing to just shrug off.

Email Scammers Leverage California Wildfire Tragedy (Agari) With multiple dead, hundreds missing, and homes destroyed, those affected by the California Camp Fire are looking for help. But be cautious—fraudsters are using email to scam helpful citizens out of money.

Attackers Are Landing Email Inboxes Without the Need to Phish (SecurityWeek) With the right combination of people, processes and technology, organizations can mitigate the risk of Business Email Compromise (BEC) attacks and scams.

Fraudsters changing contact details of banks on Google Maps to scam users (HackRead) Don’t trust Google Maps for banks’ contact details – At least not for now.

Obfuscated bash script targeting QNap boxes (SANS Internet Storm Center) One of our readers, Nathaniel Vos, shared an interesting shell script with us and thanks to him!

Edinburgh Napier University Student Named as 2018 Cyber Security Challenge Champion (Infosecurity Magazine) Student Charlie Hosier has been named as the 2018 Cyber Security Challenge champion

Presumed technical issue disrupts Google Adsense payouts worldwide (HackRead) Still didn’t receive your Google Adsense payouts? Don’t worry, you are not alone.

Mobile Rotexy Malware Touts Ransomware, Banking Trojan Functions (Threatpost) A mobile malware has accelerated its activity in 2018, launching more than 70k attacks in August through October.

ATM attackers strike again: Are you at risk? (Help Net Security) The United States National ATM Council recently released information about a series of ATM attacks using rogue network devices. The criminals opened the

USPS, Amazon Data Leaks Showcase API Weaknesses (Threatpost) The incidents affected millions, just as Black Friday, Cyber Monday and the holiday shopping season kicked off.

Amazon 'technical error' exposes customer names and emails (CSO Online) Amazon isn't saying how many customers had their names and email addresses exposed due to a data leak caused by an unexplained technical error.

Ransomware Attack Forced Ohio Hospital System to Divert ER Patients (Dark Reading) Malware infection fallout sent ambulances away from East Ohio Regional Hospital and Ohio Valley Medical Center over the Thanksgiving weekend.

More details on One Planet York app vulnerability don't paint council in a good light (Graham Cluley) New information has come to light which makes it more difficult to defend York city council’s actions and communications in response to being told about a vulnerability in its One Planet York app.

Parents slam “weirdo” fraudsters for using child’s Facebook pic for cash (Naked Security) Did you help spread the viral scowling Pop-Tart™-deprived kid photo last week? Can’t be helped, mom said, but using it to raise cash was “lame.”

Security Patches, Mitigations, and Software Updates

USPS Fixed Vulnerability That Exposed The Data of 60 Million People ( Just in time for the mail deluge of the holidays.

Google makes good on promise to remove some Symantec PKI certificates (CSO Online) If you get this digital certificate error using Chrome, then Google now considers that website's Symantec PKI certificate untrustworthy.

Cyber Trends

High-Level Cybersecurity Meeting Warns of Dire Effects of Cyberattacks on Prosperity, Innovation and Global Collaboration (World Economic Forum) Georg Schmitt, Head of Corporate Affairs, World Economic Forum: Tel.: +41 (0)79 571 8287; Email:

GDPR's impact: The first six months (Help Net Security) GDPR is now six months old – it’s time to take an assessment of the regulation’s impact so far. At first blush it would appear very little has changed.

Buckle Up: A Closer Look at Airline Security Breaches (Dark Reading) Cyberattacks on airports and airlines are often unrelated to passenger safety - but that's no reason to dismiss them, experts say.

The current state of cybersecurity in the connected hospital (Help Net Security) Abbott and The Chertoff Group shared key findings from a recent study of 300 physicians and 100 hospital administrators on cybersecurity challenges.


CYBERCOM Has a Vendor In Mind For Its Big Data Platform But Is Open to Options ( The military’s cyber branch plans to award a sole-source contract to manage and enhance its Big Data Platform but wants to know if other vendors are capable of bidding.

Why cyber compounds Pentagon purchasing problems (Fifth Domain) The Pentagon's cyber acquisition process is “too slow,” a “support nightmare,” and one that “puts the warfighter at risk,” an upcoming paper argues.

Huawei to Complete Network Project Despite Fierce U.S. Opposition (WSJ) Chinese telecom giant Huawei will complete construction of an internet network in Papua New Guinea despite opposition from Australia, Japan and the U.S.

Connected Intelligence firm eyes growth with new funding (Growth Business) Connected intelligence firm Alva plans growth with new funding injection from Clydesdale and Yorkshire Bank

Facebook denies report that election war room was disbanded (TechCrunch) Facebook’s election war room monitors and dashboards remain, since so does the threat of election interference. Facebook has confirmed to TechCrunch that its election war room that it paraded reporters through in October has not been disbanded and will be used again for future elections. That…

Six months in, Europe’s privacy revolution favors Google, Facebook (POLITICO) GDPR awakened the world to the importance of data — but it’s dampened investment in European tech startups.

Here are the winners of the Security Excellence Awards (Computing) It was a hotly-contested year - here are the companies that made it big on the night

Products, Services, and Solutions

Silverfort Launches First Holistic AI-Driven Adaptive Authentication Engine for Securing Corporate Identities without Impacting Usability (AP NEWS) Silverfort, the provider of next-generation multi-factor authentication solutions, today announced a first-of-its-kind AI-based risk engine that analyzes activities across all on-premises and cloud environments, to dynamically calculate the most accurate risk score per user, device and resource, and apply effective authentication policies.

CyberPolicy’s Cyber Insurance Options Now Available Through Progressive Insurance (GlobeNewswire News Room) CyberPolicy, the world's first marketplace to help small business owners compare, quote and buy cyber insurance online, is proud to provide a seamless, high touch experience when purchasing cyber insurance, alongside other small business coverages, through Progressive Insurance.

Infineon’s Blockchain Security 2Go starter kit protects digital transactions - Infineon Technologies (Infineon Technologies AG) Digital transactions require secured yet user-friendly solutions.

Rohde & Schwarz adds SSH classification to R&S PACE 2 DPI engine (Advanced Television) ipoque GmbH, a Rohde & Schwarz company, has announced new Secure Shell (SSH) metadata extraction capabilities for its acclaimed R&S PACE 2 deep packet i

Product showcase: Cynet 360 Security Platform (Help Net Security) The Cynet 360 Security Platform supports four deployment methods: On-premise, IAAS, SAAS and hybrid mode. Deployment takes only a few minutes.

GLESEC Launches New Advanced Detection and Response Incident Management Service (EDR) (PR Newswire) International Cyber-Security Firm GLESEC announces the launching of its Managed End Point Incident Response...

Siemens teams with Aruba to merge OT and IT - Tracking The Internet of Things (Tracking The Internet of Things) Siemens and Hewlett Packard Enterprise's networking subsidiary Aruba have formed a partnership to bridge the worlds of operational technology and information technology.

10 Slack security tools compared (CSO Online) Slack does a good job of protecting its own code, but you'll need help to stop malware delivered through Slack messages or to avoid exposing personal information.

Technologies, Techniques, and Standards

Why cyberspace demands an always-on approach (Fifth Domain) Cyber Command has said that the constant threat from adversaries will require persistent engagement below the threshold of conflict.

The Army’s ‘new’ network isn’t actually new (C4ISRNET) The Army has outlined a different network design based on a series of programs and systems making the Army more lethal and faster.

Why Deep Defense Should Start with Detecting Compromised Credentials (Infosecurity Magazine) Obtaining valid credentials using multiple mechanisms and tools continues to be extremely lucrative for a cyber-criminal

Protecting Your Website Visitors from Magecart: Trust but Verify (Akamai) There have been many news reports recently which outline how cyber criminals have successfully injected credit card skimming JavaScript code into the checkout process pages of various websites. Dubbed Magecart, these attacks refer to a number of threat actors who...

IT leaders admit their biggest security mistakes (Computing) A panel of IT leaders at Computing's recent Enterprise Security and Risk Management Live conference discuss their biggest security failings

Why you shouldn't be worried about UPnP port masking (Help Net Security) If your mitigation fails to protect against randomized ports, it's not sufficient. Hype around UPnP port masking confuses real DDoS protection issues.

How to keep your kids safe from toys and apps that pry into their lives (CNBC) As the holiday season kicks into gear, it's important to understand that a lot of kids' toys and apps collect and store information about them, often with little regard for privacy and security. Here's how to make wise choices.

Hawaii’s false missile alert leads to new recommendations to prevent mistakes (Military Times) Multiple investigations blamed the alert on human error and inadequate safeguards.

New campaign launched to fight festive fraud (Action Fraud) This Christmas, Action Fraud and City of London Police are reminding shoppers to take extra care when shopping for gifts online. As consumers search online for bargains and gifts for loved ones, fraudsters are seeing this as an opportunity to trick people with the promise of great deals and big cash savings.

Design and Innovation

Google Wants to Ensure Integrity of EU Parliamentary Elections (SecurityWeek) Google is rolling out new tools to ensure Europeans receive the information they need for the 2019 Parliamentary elections in the European Union (EU).


Edinburgh Napier University Student Named as 2018 Cyber Security Challenge Champion (Infosecurity Magazine) Student Charlie Hosier has been named as the 2018 Cyber Security Challenge champion

Legislation, Policy, and Regulation

Ukraine counters Russian threat with martial law (Times) President Poroshenko won approval in parliament last night for martial law as a response to Russia’s attack on Ukrainian naval vessels in the Black Sea. Ukrainian regions “subject to Russian...

The Nigerian Cyber Warfare Command: Waging War In Cyberspace (Forbes) The newly-launched Nigerian cyber army wants to monitor, defend and assault in cyberspace through DDoS attacks on criminals, nation states and terrorists. Can it succeed?

Australia launches joint cyber centre (Jane's 360) Australia has launched a Joint Cyber Security Centre (JCSC) to provide enhanced protection for its critical infrastructure, including its national defence industry, the government announced on 23 November.

Congress raises 15 questions to the PM on the state of national security (National Herald) The Congress slammed the PM for having played ‘despicable politics’ during the Mumbai terror attack

Trump pick to lead intelligence post remains in congressional limbo (Fifth Domain) William Evanina, Trump’s choice to lead the National Counterintelligence and Security Center, has not been confirmed by the Senate months after being nominated.

Analysis | The Cybersecurity 202: Lawmakers seek to quash ‘Grinch bots' inflating holiday toy prices (Washington Post) "That’s not how the marketplace is supposed to work," says Sen. Tom Udall.

New Law Could Give U.K. Unconstitutional Access to Americans’ Personal Data, Human Rights Groups Warn (The Intercept) This form of international data-sharing could put Americans’ privacy at risk and expose citizens to potential Fourth Amendment abuses, critics say.

Litigation, Investigation, and Law Enforcement

Fake news inquiry: Facebook questioned by MPs from around the world – as it happened (the Guardian) Rolling updates as representatives from nine parliaments question the social media company, who refused to send CEO Mark Zuckerberg

MPs to grill Facebook over data scandals as Damian Collins threatens to expose firm's private emails (The Telegraph) Belgium and France will join an international grand committee on “fake news” that will today question Facebook’s actions in a series of recent data breaches at a hearing in Parliament.

Six4Three exec “panicked” in UK MP’s office, gave up Facebook internal files (Ars Technica) App maker had been ordered to not share docs obtained via discovery, but did anyway.

Canadian MPs criticize Facebook's Zuckerberg for U.K. parliament no-show (CBC) Facebook comes under fire from lawmakers from several countries — including Canada — who accuse the firm of undermining democratic institutions. CEO Mark Zuckerberg takes the brunt of it.

Manafort Breached Plea Deal by Repeatedly Lying, Mueller Says (New York Times) Mr. Manafort, President Trump’s onetime campaign chairman, breached his plea agreement by repeatedly lying to investigators, Mr. Mueller said.

Analysis | Could Robert Mueller be about to tell us something big? (Washington Post) Mueller has accused Paul Manafort of lying — and is going to tell us what he lied about.

Student accused of spying thanks wife on return from UAE (Times) The PhD student pardoned after being convicted of being an MI6 spy in the United Arab Emirates has landed back in Britain. Matthew Hedges, who was freed from a prison in Abu Dhabi yesterday after...

Assange Case, If It Exists, Can't Be Made Public, U.S. Argues (Bloomberg) The news media has no legal right to learn whether WikiLeaks founder Julian Assange was charged in a sealed proceeding, despite an inadvertent filing in an unrelated case that said the Justice Department has accused him of wrongdoing, the U.S. said.

Alleged LinkedIn hacker to undergo psychiatric evaluation, trial pushed to February (Cyberscoop) Yevgeniy Nikulin is scheduled to visit a psychiatric facility, where a doctor will determine whether he is fit to stand trial.

Russia opens civil case against Google over search results (Reuters) Russia has launched a civil case against Google , accusing it of failing to comp...

European consumer groups want regulators to act against Google... (Reuters) Consumer agencies in the Netherlands, Poland and five other European Union count...

British and Dutch regulators fine Uber for 2016 hack (Computing) Regulators fined the ride-hailing firm more than £900,000

Supreme Court Weighs Whether Apple’s App Store Is a Monopoly (Motherboard) Looming Supreme Court ruling could impact antitrust enforcement for years.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Army Autonomy and Artificial Intelligence Symposium and Exposition (Detroit, Michigan, USA, November 28 - 29, 2018) This symposium will explore and showcase innovative ways the U.S. Army is developing critical capabilities in robotics, autonomy, machine learning, and artificial intelligence. The goals are to explore...

The Cyber Security Summit: Los Angeles (Los Angeles, California, USA, November 29, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.

IEEE WIE Forum USA East (White Plains, New York, United States, November 29 - December 1, 2018) IEEE WIE Forum USA East 2018 focuses on developing and improving leadership skills for individuals at all stages of their careers. Attendees will have the opportunity to hear inspirational and empowering...

Securing Digital ID 2018 (Alexandria, Virginia, USA, December 4 - 5, 2018) As an increasing number of transactions move online and are mobile-enabled, the conference will explore today’s complex world of digital identities and how they are used for strong authentication and remote...

First Annual Maryland InfraGard Cybersecurity Conference (College Park, Maryland, USA, December 5, 2018) InfraGard is a partnership between the FBI and members of the private sector. The InfraGard program provides a vehicle for seamless public-private collaboration with government that expedites the timely...

International Cyber Risk Management Conference (Hamilton, Bermuda, December 6 - 7, 2018) Now in its fourth year in Canada, the International Cyber Risk Management Conference (ICRMC) has earned a reputation as one of the world’s most trusted cyber security forums. We are proud to bring ICRMC...

2018 Cloud Security Alliance Congress (Orlando, Florida, USA, December 10 - 12, 2018) Today, cloud represents the central IT system by which organizations will transform themselves over the coming years. As cloud represents the future of an agile enterprise, new technology trends, such...

Wall Street Journal Pro CyberSecurity Executive Forum (New York, New York, USA, December 11, 2018) The WSJ Pro Cybersecurity Executive Forum will bring together senior figures from industry and government to discuss how senior executives can best prepare for hacking threats, manage breaches, and work...

National Cyber League Fall Season (Chevy Chase, Maryland, USA, December 15, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.