skip navigation

More signal. Less noise.

Optimize your security teams with threat intelligence.

At Recorded Future, we believe every security team can benefit from threat intelligence. That's why we've launched our new Threat Intelligence Grader — so you can quickly assess your organization's threat intelligence maturity and get best practices for improving it. Get your Threat Intelligence Score™.

Daily briefing.

Hopes that diplomacy and the lure of becoming a more normal country might inhibit North Korean hacking seem to have faltered. Palo Alto Networks notes that Pyongyang's Reaper Group deployed malware ("NOKKI" and "DOGCALL") in June against a range of companies. The campaign involved exfiltration of screenshots, keylogging, and staging of further infestations. The motive was apparently the DPRK's usual one: financial gain.

Former Facebook executive Alex Stamos (now of Stanford University) tweeted that Facebook's breach indicates the effect of GDPR's coupling of heavy fines with a requirement for swift disclosure: "Announce & cop to max possible affected users," which produces confusion; "a month later truth is included in official filing." Thus public announcements are offered on the basis of incomplete investigation. Observers see a difficult trade-off: on the one hand early disclosure can help victims; on the other, it can impede investigation and effective response.

Google is having trouble keeping unwanted material off its platforms. YouTubers have posted instructions for hacking Facebook, and fraudsters are apparently still able to buy ads.

The University of Toronto's Citizen Lab reports finding Pegasus spyware in a Saudi dissident's phone. The affected person is a permanent resident of Canada. Citizen Lab attributes the infection to the Saudi government.

Tribhuvan International Airport in Nepal saw its official website taken offline between September 28th and 30th. It appears to have been a case of hacktivism, if counting coup for the lulz can be considered hacktivism: the unidentified hacker who claimed responsibility commented "Typical Idiot Security."

Notes.

Today's issue includes events affecting Australia, Canada, China, Cyprus, European Union, Indonesia, Democratic Peoples Republic of Korea, Nepal, New Zealand, Russia, Saudi Arabia, United Kingdom, United States.

Create a culture of cybersecurity awareness with Coachable Moments.

According to The Ponemon Institute, two out of three insider threat incidents are caused by employee or contractor mistakes. The good news is, these mistakes can easily be avoided ... with the right coaching. Just in time for Cybersecurity Awareness Month, the Coachable Moments series from ObserveIT gives cybersecurity teams the tools they need to empower people to understand the policies and best-practices intended to keep them safe. Check out Coachable Moments today to learn more.

In today's podcast, we speak with our partners at the Johns Hopkins University Information Security Institute, as Joe Carrigan discusses news that Android password managers are proving vulnerable to malicious apps. Our guest is Robb Reck from Ping Identity on the CISO Advisory Council's recently published white papers.

And the latest episode of Recorded Future's podcast, produced in cooperation with the CyberWire, is also up. Tod Beardsley of Rapid7 explains the belief that security professionals share a responsibility of instilling a sense of passion for security in others.

CyberMaryland Job Fair on October 9 in Baltimore, MD. (Baltimore, Maryland, United States, October 9, 2018) Cleared and non-cleared cybersecurity pros make your next career move at the CyberMaryland Job Fair, October 9 in Baltimore. Meet leading cyber employers including Bank of America, FireEye, NSA, Raytheon, USCYBERCOM and more. Visit ClearedJobs.Net or CyberSecJobs.com for more details.

Cyber Security Summits: October 16 in Phoenix and on November 29 in Los Angeles (Phoenix, Arizona, United States, October 16, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, The CIA, Verizon, AT&T, CenturyLink and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com

Cyber Attacks, Threats, and Vulnerabilities

After North Korean summit, cyberattacks continued (Fifth Domain) Analysts say that after North Korean leader Kim Jong-Un met President Donald Trump, the hermit kingdom's cyberattacks continued.

NOKKI Almost Ties the Knot with DOGCALL: Reaper Group Uses New Malware to Deploy RAT (Palo Alto Networks Blog) Reaper Group uses custom malware family called DOGCALL to deploy RAT. Get the full report.

The Kingdom Came to Canada: How Saudi-Linked Digital Espionage Reached Canadian Soil (The Citizen Lab) In this report, we describe how Canadian permanent resident and Saudi dissident Omar Abdulaziz was targeted with a fake package delivery notification. We assess with high confidence that Abdulaziz’s phone was infected with NSO’s Pegasus spyware. We attribute this infection to a Pegasus operator linked to Saudi Arabia.

Analysis | The Cybersecurity 202: Facebook disclosed a major hack very quickly. But the alert was short on details. (Washington Post) That's the tradeoff as companies face pressure to disclose breaches sooner.

40 million more likely affected by massive Facebook data leak - Bitdefender (Security Brief) Almost 50 million accounts have been compromised through a daisy-chained vulnerability in the View As feature, which allowed an unknown party to snatch authentication tokens of 50 million users.

Several Bugs Exploited in Massive Facebook Hack (SecurityWeek) Facebook shares more details about the massive hack affecting 50 million accounts, including the exploited bugs, impact on users, attack timeline, and impact on Facebook

Facebook can’t keep you safe (TechCrunch) Another day, another announcement from Facebook that it has failed to protect your personal information. Were you one of the 50 million (and likely far more, given the company's graduated disclosure style) users whose accounts were completely exposed by a coding error in play for more than a year? …

YouTube hosts 'how to hack Facebook' videos (The Telegraph) Google is hosting tutorials on how to hijack Facebook accounts using a similar method to the hackers who had gained access to the personal data of 50 million users.

Industry Reactions to Facebook Hack (SecurityWeek) Industry professionals comment on the Facebook data breach that affected 50 million accounts and resulted in the tokens of 90 million users being reset

Weak Passwords Abused for 'FruitFly' Mac Malware Distribution (SecurityWeek) FruitFly, a piece of Mac malware that infected thousands of machines over the course of more than 13 years, was being distributed via poorly protected external services

Vulnerable Android password managers make phishing attacks easier (Help Net Security) Vulnerable Android password managers can be tricked into entering valid login credentials into phishing apps, a group of researchers has discovered.

Telegram Leaks User IP Addresses (SecurityWeek) A vulnerability in Telegram Desktop results in the end-user public and private IP addresses being leaked during a call, a security researcher has discovered.

Google sells ads to fraudsters despite pledge to crack down (Times) Google is allowing fraudsters to advertise at the top of search results despite its pledge to tackle the practice, an investigation by The Times has found. The search giant has been condemned as...

Torii IoT Botnet Takes Mirai to a New Level (Infosecurity Magazine) Advanced modular threat targets several architectures

'Short, Brutal Lives': Life Expectancy for Malicious Domains (Dark Reading) Using a cooling-off period for domain names can help catch those registered by known bad actors.

RDP Increasingly Abused in Attacks: FBI (SecurityWeek) Hackers leveraging the remote desktop protocol (RDP) have been on the rise for the past couple of years, fueled by the emergence of dark markets selling RDP access, the FBI warns.

RDP attacks on the rise warns FBI, DHS (SC Media) The FBI and DHS issued a joint warning to consumers and business on the increasing use of the Remote Desktop Protocol (RDP) administration tool as an attack vector.

Tory App Snafu Exposes Ministers’ Personal Info (Infosecurity Magazine) Error led to defacements and prank calls

Ransomware Casts Anchor at the Port of San Diego (Infosecurity Magazine) No waterfront woes for ships and boats after Port of San Diego fell victim to ransomware

Cyber-attack Revisits Nepal Government Websites! (Nepali Sansar) A hacker has reportedly hacked the country’s only international airport’s, the Tribhuvan International Airport (TIA), official website on September 28, 2018

Cyber Trends

Synopsys Releases BSIMM9 Study Highlighting Impact of Cloud Transformation and Growth of Software Security Community (Synopsys) Synopsys, Inc. (Nasdaq: SNPS) today released BSIMM9, the latest version of the Building Security In Maturity Model (BSIMM) designed to help organizations plan, execute, and measure their software...

Marketplace

The Scandals Bedevilling Facebook (SecurityWeek) The incident affecting 50 million accounts is the latest in a series of scandals involving Facebook

Facebook pledges not to make Instagram a 'replica' of Facebook (The Telegraph) Facebook has pledged not to make Instagram “a replica of Facebook” following the sudden departure of its founders last week.

NYC wants to build a cyber army (TechCrunch) Empires rise and fall, and none more so than business empires. Whole industries that once dominated the planet are just a figment in memory’s eye, while new industries quietly grow into massive behemoths. New York City has certainly seen its share of empires. Today, the city is a global cente…

Northern Virginia firms merge to form new 'converged security' company (Washington Business Journal) Two Northern Virginia companies have combined to create a “converged security” company offering both cyber and physical security services to government and commercial clients.

Gremlin raises $18 million, announces Application Level Fault Injection (Help Net Security) Gremlin raises $18MSeries B and launches ALFI, enabling companies to build resilient serverless environments in production.

Belden and Claroty Announce Strategic Partnership (BusinessWire) Companies Deliver Integrated Cybersecurity Solution for Deep, End-to-End Visibility and Real-Time Monitoring Across Industrial Networks.

DXC Connect lands Cisco network security contract with Department of Parliamentary Services (CRN Australia) Department of Parliamentary Services awards $2.8m contract.

Intelligent Waves wins spot on US Army’s ITES-3S Services contract (Army Technology) Intelligent Waves has secured a contract position on the US Army’s Information Technology Enterprise Solutions—3 Services (ITES-3S) award.

Optiv Security Continues to Invest in Canada; Further Supports International Growth Strategy (Odessa American) Optiv Security, the world’s leading security solutions integrator, today announced its continued investment in the Canadian market with the hiring of seasoned information management and cyber security executive Michael Doucet as executive director, office of the CISO. Doucet will help public and private clients plan, create and execute security strategies, with a focus on reducing the complexity of their cyber security programs and realizing the efficacy and value of the in-place systems.

Is Akamai Technologies, Inc. a Buy? (The Motley Fool) The content distribution veteran is making some good moves, but how much higher can its stock fly?

Products, Services, and Solutions

Ntrepid Analysts Utilize Timestream Solution To Generate Detailed Case Study of Russian GRU Interference in 2016 U.S. Presidential Election (BusinessWire) Ntrepid today announced that analysts using Timestream have compiled a detailed case study of Russian GRU interference in the 2016 election.

Morphisec announces interoperability with RSA NetWitness Platform (Help Net Security) Morphisec’s Endpoint Threat Prevention Platform certified as ‘RSA Ready’ with RSA NetWitness SIEM for threat prevention visibility and analyst response.

Microsoft trademarks Pluton, their IoT security subsystem for Azure Sphere (MSPoweruser) Microsoft has applied for a trademark for Microsoft Pluton, their IoT security subsystem for Azure Sphere. Pluton is the secure boot system which ensures the firmware and hardware has not been compromised and ensures that communication with the Azure back-end is secure. It also controls the Wi-Fi hardware to ensure compromised IoT applications cannot be …

Microsoft encouraging backup via OneDrive using Windows Security Alerts (MSPoweruser) Microsoft is already offering protection of your important files from Ransonware via back-up to OneDrive, and now HTNovo reports that Microsoft will be using Windows Security Alerts to encourage users to enable this feature. The new feature is found in the Windows 10 October 2018 update and will alert users via the very effective yellow …

Upgrade Path for Microsoft Customers (Versasec) With Microsoft Pulling FIM/MIM Support, Versasec Builds Seamless Migration Path to vSEC:CMS

Technologies, Techniques, and Standards

TLS is Dead, Long Live TLS (Infosecurity Magazine) Why adoption of TLS 1.1 is being forced by the PCI council.

True password behaviors in the workplace revealed (Help Net Security) LastPass released the first annual, “2018 Global Password Security Report,” revealing true password behaviors in the workplace.

Introducing the 2018 Benchmark Security ScoreExplore the Data (Lastpass) Explore the state of password security in 2018 & what you can do to stay secure. LastPass has analyzed 43,000 business to show where password habits fall short.

How VMtech and Cylance prevented a trojan attack on the Sydney Opera House (CRN Australia) Approximately 1300 endpoints protected from attackers.

It only takes one data point to blow open a threat investigation (Help Net Security) Hackers are creatures of habit. Once you know how to connect the dots between the activity you’re seeing, you’ll be able to spot suspicious patterns.

Speed of Cyber Is Not Always in Milliseconds (SIGNAL) U.S. Army officials offer lessons learned from the third annual Cyber Blitz.

The Lie Generator: Inside The Black Mirror World of Polygraph Job Screenings (WIRED) Want to become a police officer, firefighter, or paramedic? A WIRED investigation finds government jobs are one of the last holdouts in using—and misusing—otherwise debunked polygraph technology.

Design and Innovation

Boffin: Dump hardware number generators for encryption and instead look within (Register) Chip timing could be as effective and harder to hack

Digital IDs Are More Dangerous Than You Think (WIRED) Opinion: Digital identification systems are meant to aid the marginalized. Actually, they're ripe for abuse.

The future of AI is not in sentient robots, but it might be in gaming (Computing) Recent developments, though impressive, showcase the weaknesses of today's artificial intelligence,Big Data and Analytics ,Gaming,OpenAI.com,OpenAI,Dota 2,eSports,datastrategy

Research and Development

Math Titans Clash Over Epic Proof of the ABC Conjecture (WIRED) Two mathematicians say they found a glaring hole in a proof that has convulsed the math community for years.

DARPA Blockchain Programs (CoinCentral) In September 2017, the Defense Advanced Research Projects Agency (DARPA) approved research into blockchain technology.

UTSA wins NSF grant to create machine-learning system to unmask malware attacks (EurekAlert!) The University of Texas at San Antonio, proposes the creation of a malware recognition algorithm which will unmask malicious software, and with a new grant from the National Science Foundation (NSF).

Academia

ReliaQuest commits $1 million to prepare students for careers in cybersecurity at the University of South Florida Muma College of Business (PR Newswire) ReliaQuest, the leader in security model management, today announced that it has committed a $1 million gift to the...

Legislation, Policy, and Regulation

Microsoft kicks off Digital Peace Now initiative to #stopcyberwarfare (Neowin) This weekend, Microsoft has launched a petition to unite digital citizens in calling upon the world's governments to protect the online world and its communities rather than weaponizing them.

NATO Ops Center Goes 24/7 To Counter Russians: Gen. Scaparrotti (Breaking Defense) NATO is dusting off Cold War concepts such as deterrence, rapid reinforcement and battle readiness as it faces a Russian destabilization campaign.

China's Global Propaganda Is Aimed at Bosses, Not Foreigners (Foreign Policy) Chinese reporters overseas are rewarded for whiny nationalism, not persuasive argument.

How the US cyber force is maturing (Fifth Domain) U.S. Cyber Command is moving past building to operational readiness.

Happy new (fiscal) year! Feds want more electronic warfare and cybersecurity tools (Fifth Domain) As the new federal fiscal year begins, cybersecurity firms and analysts predict that electronic warfare and managed services will be top priorities for the U.S. government.

Massive Facebook breach spurs calls for regulation (Fifth Domain) Facebook announced Sept. 28 that 50 million accounts have been infiltrated in a hack, which comes amid a storm of proposals that the social media giant should be regulated.

Advocates Call on Senate to Invite Consumer Privacy Experts to Testify (Center for Digital Democracy) Dear Chairman Thune and Ranking Member Nelson, We appreciate your interest in consumer privacy and the hearing you convened recently to explore this topic.

New Zealand’s ‘digital strip searches’: Give border agents your passwords or risk a $5,000 fine (Washington Post) Travelers who refuse to surrender passwords, codes and encryption keys could be fined up to $5,000, according to a law that took effect Monday.

Litigation, Investigation, and Law Enforcement

U.S. Takes on Russia’s Favorite Money Haven: Cyprus (Wall Street Journal) Washington regulators are cracking down on money laundering and penalizing wealthy Russians on a tiny Mediterranean island as they try to check Moscow’s power in Europe.

FBI Director Implores Corporate Boards to Join Cyber Fight (Nextgov.com) Companies should amp up protections and be wary of deals that expose U.S. intellectual property, FBI Director Chris Wray says.

The FBI and Corporate Directors: Working Together to Keep Companies Safe from Cyber Crime (Federal Bureau of Investigation) FBI Director Christopher Wray’s remarks at the National Association of Corporate Directors Global Board Leaders Summit, Washington, D.C.

EFF Pushes Back Against NSA Bid To End Spying Challenge (Law360) The Electronic Frontier Foundation has laid out additional evidence to support its long-running California federal lawsuit claiming that the National Security Agency unlawfully spied on hundreds of millions of unsuspecting Americans through mass surveillance programs, it said Monday.

SIE Europe: Data sharing initiative to combat cybercrime launches (Help Net Security) SIE Europe UG emerged from stealth mode to launch an initiative to enable European organisations to contribute and share Internet data.

Failure to Protect Data Costs Bupa £175,000 (Infosecurity Magazine) ICO fines Bupa the maximum penalty under Data Protection Act of 1998.

Tesco Bank FCA fine proves its not just the ICO that will fine companies for security breaches, say lawyers (Computing) Companies that don't take security seriously enough could be hit with multiple fines from different regulators.

Royal Commission scorns banks' compliance tools (CRN Australia) Banks had little visibility of compliance.

Cops Can Legally Force You to Unlock Your Phone With Your Face (WIRED) For the first publicly documented time, law enforcement has used Face ID to forcibly unlock someone's iPhone. It won't be the last.

Police to Seattle’s techies, streamers: Sign up for our anti-swatting service [Updated] (Ars Technica) Dept's video includes guns-drawn response to hoax call, "sounds... like swatting to me."

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

COSAC & SABSA World Congress (Kildare, Ireland, September 30 - October 4, 2018) For 25 years COSAC has delivered a trusted environment in which to deliver information security value from shared experience and intensive, productive, participative debate and development. Sales content...

Monterey Cyber Security Workshop 2018 (Pacific Grove, California, USA, October 1 - 2, 2018) People with special expertise interested in making progress on the subjects at hand meet at the Monterey Incubator for a workshop to build an understanding of vital issues of the day. The workshop follows...

Cyber Defense Summit 2018 (Washington, DC, USA, October 1 - 4, 2018) FireEye's annual Cyber Defense Summit will feature both training and an opportunity to hear from the experts. Introductory, intermediate and advanced training courses will be provided during the first...

Retail Cyber Intelligence Summit (Denver, Colorado, USA, October 2 - 3, 2018) Network with 250+ CISOs and their teams from retail and consumer facing industries: restaurants, hospitality, gaming, convenience, grocery and more. Share best practices, gain insights, network. This conference...

IP Expo Europe (London, England, UK, October 3 - 4, 2018) IP EXPO Europe is Europe's number ONE IT event for those looking to find out how the latest IT innovations can drive their business forward. IP EXPO Europe is co-located at Digital Transformation EXPO...

Borderless Cyber USA 2018 (Washington, DC, USA, October 3 - 5, 2018) How do you future proof your cybersecurity strategy? Can you identify and report cyber incidences so you can respond quickly to manage consequences? Public and private sector cyber experts from across...

Borderless Cyber USA (Washington, DC, USA, October 3 - 5, 2018) Automation, people, information sharing, intelligence, risk and the economics of risk have been identified as key cybersecurity strategy measures to focus on in order to keep pace with modern threats.

MSPWorld® Peer Group & Data Analytics Summit (Las Vegas, Nevada, USA, October 4 - 5, 2018) The MSPWorld® Peer Group & Data Analytics Summit is a revolutionary new concept for the managed services executive. Accessible only by MSPs, this conference will focus on small, peer lead groups exchanging...

4th International Cybersecurity Forum, HackIT 4.0: Exploit Blockchain (Kiev, Ukraine, October 8, 2018) The 4th International Cybersecurity Forum, HackIT 4.0: Exploit Blockchain will be held October 8 – 11, CEC Parkovy, Kyiv, Ukraine. The annual Hacken Cup – the onsite bug bounty marathon – happens on October...

4th European Cybersecurity Forum – CYBERSEC (Krakow, Poland, October 8 - 9, 2018) CYBERSEC Forum is an unique opportunity to meet and discuss the current issues of cyber disruption and ever-changing landscape of cybersecurity related threats. Our mission is to foster the building of...

4th European Cybersecurity Forum – CYBERSEC (Krakow, Poland, October 8 - 9, 2018) CYBERSEC is a public policy conference dedicated to strategic aspects of cyberspace and cybersecurity. CYBERSEC 2017 brought together record-breaking 150 speakers and more than 1,000 delegates from all...

8th Annual (ISC)2 Security Congress (New Orleans, Louisiana, USA, October 8 - 10, 2018) The (ISC)2 Security Congress brings together the sharpest minds in cyber and information security for over 100 educational sessions covering 17 tracks. Join us to learn from the experts, share best practices,...

CyberMaryland 2018 (Baltimore, Maryland, USA, October 9 - 10, 2018) The CyberMaryland Conference is an annual two-day event presented jointly by The National Cyber Security Hall of Fame and Federal Business Council (FBC) in conjunction with academia, government and private...

HoshoCon 2018 (Las Vegas, Nevada, USA, October 9 - 11, 2018) Over 3 days, attendees will gain firsthand knowledge about blockchain security. You are invited to converse with technologists working on blockchain and cryptocurrency projects, hear key insights from...

U.S. Department of Transportation Cybersecurity Symposium (Washington, DC, USA, October 9 - 10, 2018) The U.S. Department of Transportation (DOT) Cybersecurity Symposium is 2 days of training sessions and educational seminars focused on the mission of protecting government networks and privacy. Hosted...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.