skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

Reports of a Chinese supply-chain seeding attack continue to lose credibility. The US Director of National Intelligence says that, while of course the prospect of such attacks is worrisome, the Intelligence Community can't find any evidence that this one actually happened. And Supermicro, the firm whose motherboards Bloomberg reported had been salted with spy chips, has replied to an inquiry from US Senators with a categorical denial that it sustained a supply chain attack.

Twitter has blocked a botnet that was pushing what appeared to be Saudi government talking points concerning journalist Jamal Khashoggi's apparent murder. 

Latvian sources say the country sustained, but parried, cyberattacks apparently directed at affected the October 6th elections. Some of the temporarily successful attacks posted pro-Russian messages in social media.

Cylance reports that Vietnam's cyber espionage threat group, OceanLotus (also known as APT32 or Cobalt Kitty) has shown renewed activity and upped its game in several respects, including through its use of obfuscated CobaltStrike Beacon payloads for command-and-control. 

The town of West Haven, Connecticut, suffered a ransomware attack. Unable to think of any better option, the town decided to pay the $2000 the hackers demanded. The mayor says the criminals have restored West Haven's access to its data.

The hoods behind the GrandCrab ransomware have released decryption keys to a Syrian man who said they'd deprived him of photos of his sons, killed in that country's civil war. The extortionists also sent some ambiguous signals that they might remove Syrian targets from their hit list.

Notes.

Today's issue includes events affecting Australia, China, Holy See, Latvia, New Zealand, Russia, Saudi Arabia, Ukraine, United Kingdom, United States, and Vietnam.

Through the LookingGlass™: Top Trends to Keep Your Organization Cyber Aware

It’s 2018 and threat actors continue to leverage the same tactics – phishing, ransomware, social engineering – against their targets. The best way to fight these threats is to start with the basics. Join LookingGlass on Wednesday, October 24 @ 2PM ET for a discussion on how cyber criminals are leveraging ‘old’ tactics in ‘new’ ways. We’ll give you tips and tricks to avoid being a victim to the same old schemes. Sign up now!

In today's podcast, out later this afternoon, we speak with our partners at the SANS Institute, as Johannes Ullrich (Dean of Research and proprietor of the Internet Stormcast podcast) discusses DNSSEC root key rollover. Our guest,  Mike Horning from Virginia Tech, shares the results of a study on the implications of regulating social media.

SecurityWeek 2018 Industrial Control Systems (ICS) Cyber Security Conference (Atlanta, Georgia, United States, October 22 - 25, 2018) SecurityWeek’s ICS Cyber Security Conference is the conference where ICS users, ICS vendors, system security providers and government representatives meet to discuss the latest cyber-incidents, analyze their causes and cooperate on solutions. Register today for the original ICS/SCADA Cyber Security Conference – October 22-25 in Atlanta.

Maryland Cybersecurity Career & Education Fair (Rockville, Maryland, United States, November 9 - 10, 2018) Join us for two dynamic days that put on display why Maryland is where cyber works. Friday will feature a career and education fair, connecting cybersecurity job seekers with opportunities across the state of Maryland. On Saturday, high school and undergraduate students compete in our cyber challenge.

Cyber Attacks, Threats, and Vulnerabilities

Coats: ODNI has seen 'no evidence' of supply chain hack detailed in Bloomberg story (Cyberscoop) Director of National Intelligence Dan Coats says that he’s seen no evidence of Chinese actors tampering with motherboards made by Super Micro Computer.

Super Micro Tells Senators No Evidence of Chinese Hardware Hack (Bloomberg) Company says no U.S. agency has said it found hacked hardware. Super Micro comments come in letter to Rubio, Blumenthal.

Ex-NSA Chief Mike Rogers: How Chinese Hackers Target American Democracy (Forbes) Ex-NSA chief Mike Rogers explains to Forbes what he saw as Chinese hacker attempts on American democracy.

FireEye analyst: Trade tensions with China will hike cybersecurity risks for aviation sector (Inside Cybersecurity) Heightened tensions between China and the Trump administration over trade policies will likely drive up cyber attacks on a wider range targets affecting aviation, in part because of the industry's close ties with the military and its symbolism as a port of entry to the country, according to a chief analyst at security firm FireEye.

Hackers accused of ties to Russia hit 3 E.European companies-... (Reuters) Hackers have infected three energy and transport companies in Ukraine and Poland...

GreyEnergy Spy APT Mounts Sophisticated Effort Against Critical Infrastructure (Threatpost) The group is a successor to BlackEnergy and a subset of the TeleBots gang--and its activity is potentially a prelude to a much more destructive attack.

Latvia repulsed election day cyber-attack (Public broadcasting of Latvia) While the hacking of a social media site in Latvia on Saeima election day, October 6, made headlines, in fact the country was subjected to - and successfully repulsed - a wider cyber attack, reports Olga Dragileva of LTV's De Facto weekly investigative show.

Exclusive: Twitter pulls down bot network that pushed pro-Saudi talking points about disappeared journalist (NBC News) Twitter became aware of some of the bots on Thursday when NBC News presented the company with evidence of coordinated activity.

Twitter's Dated Data Dump Doesn’t Tell Us About Future Meddling (WIRED) Twitter's release of more than 10 million tweets from Russia's Internet Research Agency and Iran sheds little light on those agencies' current tactics, researchers say.

New research highlights Vietnamese group's custom hacking tools (Cyberscoop) Cybersecurity researchers have uncovered remote access tools, or backdoors, linked to an infamous Vietnamese hacking group with a history of targeting government organizations and intellectual-property-rich companies.

Report: The SpyRATs of OceanLotus (Cylance) During an incident response investigation, our threat researchers and incident responders uncovered several bespoke backdoors deployed by OceanLotus Group (a.k.a. APT32, Cobalt Kitty), as well as evidence of the threat actor using obfuscated CobaltStrike Beacon payloads to perform C2. This white paper is dedicated to in-depth technical analysis of the malware, C2 protocols, TTPs and general observations.

Gemalto withdraws report that claimed data breach at Aadhaar (The Times of India) Digital security firm Gemalto Thursday withdrew its report which claimed that data breach incidences in India were the second hig

Serious SSH bug lets crooks log in just by asking nicely… (Naked Security) A serious bug in libssh could allow crooks to connect to your server – with no password requested or required. Here’s what you need to know.

Hacker: I'm logged in. New LibSSH Vulnerability: OK! I believe you. (BleepingComputer) Newly released versions of the libssh library fix an authentication bypass flaw that grants access to the server by just telling it that the procedure was a success.

Vulnerable controllers could allow attackers to manipulate marine diesel engines (Help Net Security) Researchers have found several authentication and encryption vulnerabilities that could allow them to manipulate marine diesel engines.

VestaCP users warned about possible server compromise (Help Net Security) Unknown attackers have compromised the official distribution of the VestaCP hosting control panel solution to harvest web server IPs and admin credentials.

Spyware Pushers Modify Equation Editor Exploit to Bypass AV Detection (Security Boulevard) In a case that shows you can teach an old exploit new tricks, a group of attackers who push information-stealing malware modified a well-known exploit in A group of attackers have modified a well-known exploit in a way that it bypasses detection by most antivirus programs.

Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox (Cisco Talos) A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group

SEO Poisoning Campaign Targeting U.S. Midterm Election Keywords (BleepingComputer) A new SEO poisoning campaign has been discovered that is targeting keywords associated with the U.S. midterm elections. Users who are enticed to visit these pages will then be redirected to a variety of scam sites, adult sites, and sites pushing unwanted software.

US Voter Leak Hits Tea Party Organization (Infosecurity Magazine) Fund-raising super PAC spills details on half a million voters

Ex-CIA chief’s take on election security: Don’t panic, do stay paranoid (Yahoo) Former CIA director John Brennan says we shouldn't freak out about election security, but should be careful.

Popular Lawfare Blog Hit by DDoS Attack — Here’s What We Know (Law and Crime) Apparently, it has happened before. 

Who gets spear phished, and why? (Help Net Security) Spear phishing is one of the most successful methods of cyberattack. It is a reliable way for malicious actors to access protected digital assets.

Hold the phone: The robocall epidemic is getting worse in America (NBC News) Robo-dialers are busier than ever. Here’s how we got to this point.

GandCrab Devs Release Decryption Keys for Syrian Victims (BleepingComputer) In a post to an underground hacking and cybercrime forum, the GandCrab developers have released the decryption keys for Syrian victims. The release of these decryption keys was in response to a Tweet where a Syrian victim asked for help after images of his deceased children were encrypted.

West Haven officials pay ransom after cyber attack disables 23 servers at city hall (WTNH) West Haven City Hall recently fell victim to a cyber attack.

Advertising frauds that continue to tarnish cryptography (Crypto Economy) Regarding the issue related to advertising frauds, without stopping to remember the collective ban that ICOs made at the beginning of this year, the lack of modesty of some malicious people does not respect the legitimate authorities of the countries

Honeywell Hides Selling US Gov Banned Chinese Video Surveillance (IPVM) Proof of why Honeywell is deceiving buyers and putting US security at risk.

Security Patches, Mitigations, and Software Updates

Apple will let users see and delete data it has collected (CRN Australia) New tool will let customers download, change or delete all data.

Shopping online gets a security upgrade from Mastercard (Help Net Security) Mastercard introduces Digital Commerce Solutions a suite of offerings that enhance the security of stored card credentials.

GitHub Adds Security Alerts for Java and .NET (ADTmag) The popular code repository and social coding platform recently acquired by Microsoft launched the feature last year, initially covering JavaScript and Ruby. Python coverage was added earlier this year.

Cyber Trends

ONS Reveals Major Drop in Household Cybercrime (Infosecurity Magazine) Under-reporting may be seriously skewing ONS results

The Cat-and-Mouse Game Between Regulators and Data Stewards (Fortune) Life after GDPR.

Janrain Survey Shows Consumers Still Trust Brands but Want More Control over Data (Janrain) U.S. Public Surprisingly Forgiving Despite Data Breaches and Controversies as Long as Companies Demonstrate Good Faith; Consumers Welcome Consent-Based Marketing

How to Get Consumers to Forgive You for a Breach (Dark Reading) It starts with already-established trust, a new survey shows.

Most executives around the world see untrained staff as the greatest cyber risk (Help Net Security) The majority of executives (87%) around the world believe that untrained staff poses cyber risk to their business, according to a new report.

What the New Workforce Numbers Mean for Cyber (Advanced Cyber Security Center) The (ISC)2 published an updated survey of 1,500 cyber professionals on their thoughts on workforce development.

Post-Brexit Britain Could Be A Cybersecurity Nightmare With Or Without A Deal (Forbes) Cybersecurity might not be the first subject that springs to mind when thinking about Brexit, but it certainly shouldn't be ignored. I've been finding out what is worrying cybersecurity thought leaders the most...

Marketplace

Top US intelligence official takes veiled shot at Google (Fifth Domain) Dan Coats seemed to criticize Google, questioning the logic of American companies who refuse to work with the U.S. government but partner with China.

Data miner Palantir gathers the intelligence on flotation (Times) A secretive Silicon Valley data mining company that works with American spy agencies and the Pentagon is planning a flotation that is likely to be one of the biggest in recent years. Palantir...

Port Covington Set to Become a Global Cybersecurity Hub (PRWeb) The Port Covington Development Team, along with the Governor of Maryland and Mayor of Baltimore, announced today that Port Covington is set to become one of the...

Team8 taps ex-NSA director for board of advisors (PE Hub) Team8, a cybersecurity think tank and company creation platform, has named Mike Rogers to its board of advisors. A former U.S. Navy admiral, Roger is the former ex-director of the National Security Agency and ex-chief of the Central Security Service. Team8's backers include Eric Schmidt’s Innovation Endeavors.

Products, Services, and Solutions

New infosec products of the week​: October 19, 2018 (Help Net Security) IBM rolls out cybersecurity operations center on wheels IBM Security launched the mobile Security Operations Center, capable of traveling onsite for

McAfee accelerates and improves data protection and threat prevention across device to cloud (Help Net Security) Expanded MVISION portfolio provides visibility and control across cloud services, delivering data protection, detection and blocking of threats.

BigID adds consent governance capabilities ahead of CCPA (Help Net Security) The BigID enhancements help organizations correlate consent logs from existing applications with data and people to provide a centralized view of consent.

McAfee Building Tool To Pinpoint Relevant Zero-Day Threat Campaigns (CRN) McAfee CTO Steve Grobman says the Apollo research project will focus on the intersection between what's happening in a user's organization and the latest developments in the global threat landscape.

DisruptOps Introduces Cloud Management Platform for Automated Security and Operations (PR Newswire) DisruptOps Inc. today introduces its SaaS-based cloud management platform to implement automated control of...

High-Tech Bridge to Uberize AI for Application Security Testing (CSO) ImmuniWeb® AI platform now offers fully customizable packages to proof test security and privacy of any web, mobile or IoT app, all purchasable in few clicks from any device. An average time of a sales transaction, including various human interactions, goes down from 15 hours to 8 minutes, saving almost two business days of buyer’s time.

Bugcrowd and Arlo Partner To Bring Hands-On Cybersecurity Learning To Cal Poly With Internet Of Things Lab (GlobeNewswire News Room) Cal Poly’s California Cybersecurity Institute today announced its Internet of Things (IoT) Lab donated by Arlo and Bugcrowd.

Intercede announces new guide to mobile device authentication for federal agencies (BiometricUpdate) Intercede has announced the launch of a cybersecurity guidance resource for federal agencies required to authenticate individuals through mobile devices for access to information systems and applic…

Technologies, Techniques, and Standards

Cybersecurity pact for Europe’s energy sector (Power Engineering) A European cybersecurity pact has been agreed that is intended to make “the tools of the energy transition safe for citizens and secure for providers”.

Little progress has been made on control system cyber security that impacts safety and reliability (Control Global) Little progress has been made on control system cyber security and its impacts on safety and reliability. That is, the focus has been on network anomaly detection not process anomaly detection. The recent Columbia Gas natural gas over-pressurization event demonstrates the need for process anomaly detection.

APIs: Risks, Potential and Security Solutions (Infosecurity Magazine) APIs are becoming ever more important, and making sure those APIs stay secure is critical

How to Problem Solve Like a Hacker (Panda Security Mediacenter) Learn how to tackle difficult situations and navigate competitiors with our visual on how to solve problems at work like a hacker.

How do cyber-criminals hack small business startups? Here's what we learned from Microsoft (USA TODAY) Two very smart entrepreneurs found out their online small business wasn't as secure as they thought. Here's how to head off a cyber-attack.

How to remove fileless malware (Security Boulevard) What is fileless malware? How can you identify it? And how can you remove it from your system? Find out how to identify and manually remove this type of threat.

How To Avoid An Insider Threat Nightmare (Information Security Buzz) David Higgins, CyberArk offers his tips and recommendations to mitigate insider threat this Halloween… As Halloween looms, it would certainly feel like the right time to think of our favourite horror stories. From an enterprise IT perspective, there are too many to keep up with these days. From the constant threat of cyber attacks from …

Design and Innovation

Data science is changing how cybersecurity teams hunt threats (Silicon Republic) While data science can be helpful to countless industries, it is especially useful in the ever-changing world of cybersecurity.

Why automation and next-gen authentication can solve identity management in 2019 (Fifth Domain) Identity and access management sounds simple, but the federal government has struggled to give the right people the right access.

Microsoft AI Ethicist Guides Businesses on Responsible Algorithm Design (WSJ) Microsoft has created a new position to help companies deploying AI to learn how to prioritize ethical principles including fairness, accountability and transparency in the development of the algorithms. “A lot of customers we engage with are grappling with the ethics discussion potentially for the first time,” says Tim O’Brien, Microsoft’s general manager of AI programs.

Research and Development

Researchers Finally Proved Quantum Computers are More Powerful Than Classical Computers (Motherboard) Until this week there was no conclusive proof that quantum computers have an advantage over classical computers

Legislation, Policy, and Regulation

Ukraine sets up group to stop any attempt by Russia to influence... (Reuters) Ukraine has set up a group to stop any attempt by Russia to influence next year&...

Analysis | The Cybersecurity 202: U.S. tech firms slam Australian bill that could weaken encryption (Washington Post) Big players are making their case Down Under.

UK ISPs: Government Must Take Lead on Cybersecurity (Infosecurity Magazine) ISPA calls for simplified reporting and regulatory environment

States and feds unite on election security after '16 clashes (AP NEWS) Weeks before the 2016 election, federal officials started making mysterious calls to the head of elections in Inyo County, California.

Litigation, Investigation, and Law Enforcement

Hunt for remains of Jamal Khashoggi extended to farm and forest (Times) Turkish police were preparing to search a forest on the outskirts of Istanbul and a farm south of the city last night in their widening hunt for remains of the missing journalist Jamal Khashoggi.

Saudi Silence on Khashoggi Must End (Atlantic Council) For many months, Trump administration officials have worried privately that Saudi Arabia's young prince Mohammed Bin Salman – in whom President Donald Trump and his son-in-law Jared Kushner had invested so much – was through rash actions...

Intel: Can the Khashoggi case really spell the end of MBS? (Al-Monitor) Sen. Lindsey Graham, R-S.C., raised eyebrows this week when the stalwart Saudi supporter told Fox News that Crown Prince Mohammed bin Salman “has got to go.” Now French newspaper Le Figaro is reporting that at least seven representatives of the clans that make up the royal family are meeting in “utmost discretion” to chart a course out of the diplomatic mess created by the disappearance...

Former FBI agent gets four years in prison for leaking classified documents (Washington Post) Terry J. Albury said he was motivated to leak by the racism and profiling he saw in the FBI.

Jeff Sessions touts prison for second Trump-era source: 'A warning to every would-be leaker' (Washington Examiner) Attorney General Jeff Sessions celebrated the four-year prison sentence handed down Thursday for former FBI agent Terry Albury, calling it "a warning to every would-be leaker."

U.S. Startup Accuses China’s Huawei of Trying to Steal Semiconductor Technology (Wall Street Journal) An escalating battle between the U.S. and China for tech supremacy is playing out in federal court between Huawei and a Silicon Valley startup backed by Microsoft.

AI - where does the liability lie? (Computing) Emma Stevens, a dispute resolution specialist at law firm Coffin Mew, explains who should be responsible when AI goes wrong

Updated Guide to Posted Documents Regarding Use of National Security Authorities (IC on the Record) On September 19, 2017, we posted a guide with links to certain officially released documents related to the use by the Intelligence Community (IC) of national security authorities. Today, we have once again updated that Guide to include links to additional officially released documents..

Swedish court tells ISP to block The Pirate Bay in the country (HackRead) Another day, another court order against The Pirate Bay (TPB). This time, the Patent and Market Court of Sweden has ordered the telephone company and mobile network operator Telia to block The Pirate Bay and other torrenting websites including NyaFilmer, FMovies, and Dreamfilm in the country.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

National Insider Threat Special Interest Group (NITSIG) - Insider Threat Symposium & Expo (Laurel, Maryland, USA, October 19, 2018) The NITSIG will hold an Insider Threat Symposium & Expo (ITS&E), on October 19, 2018, at the Johns Hopkins University Applied Physics Laboratory, in Laurel, Maryland. This is a must attend event if you...

2018 ICS Cyber Security Conference USA (Atlanta, Georgia, USA, October 22 - 25, 2018) SecurityWeek’s Industrial Control Systems (ICS) Cyber Security Conference is the largest and longest-running event series focused on industrial cybersecurity. Since 2002, the conference has gathered ICS...

Energy Tech 2018 (Cleveland, Ohio, USA, October 22 - 26, 2018) The annual EnergyTech Conference & Expo is an organized event, supported by NASA and INCOSE, highlighting advancements in Energy, Smart-Grids and Microgrids, Aerospace, Critical Infrastructure, Security...

Cryptocurrency, Cybersecurity and the Law (Annandale, VIrginia, USA, October 24, 2018) Legal and security considerations for users of cryptocurrencies and blockchain technology.

Global Resilience Federation Summit on Third-Party Risk (Leesburg, Virginia, USA, October 24 - 26, 2018) The purpose of the GRF Summit on Third-Party Risk is to increase awareness of security best practices, offer an opportunity for collaboration among third-party vendors and organizations’ risk management other to improve holistic security. The Summit will provide training, education and networking on the critical cyber and physical security issues facing organizations, their vendors, and the areas where the two groups intersect. Space is limited for this complimentary event, and registration will be capped and by-approval only. Attendees will include ISAC/ISAO member organizations plus third-party vendors and suppliers.

Wild West Hackin’ Fest (Deadwood, South Dakota, USA, October 25 - 26, 2018) We’re back for another year of amazing talks, great company and exciting hands-on hacking labs. It will be hard to top our amazing inaugural year, but we’ve taken your feedback and plan to make this event...

Symposium on Securing the IoT (Boston, Massachussetts, USA, October 29 - 31, 2018) Join us for the Symposium on Securing The Internet of Things, featuring keynote speakers from the leading industry companies who are solving the issues of IoT and secure connectivity. There will also be...

SecureWorld Denver (Denver, Colorado, USA, October 31 - November 1, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

Cyber Security Dallas (Dallas, Texas, USA, October 31 - November 1, 2018) Cyber Security Dallas will bring top speakers and industry experts to the Dallas-Fort Worth (DFW) metroplex, which boasts one of the largest concentrations of corporate headquarters in the United States.

InfoWarCon 18 (Leesburg, Virginia, USA, November 1 - 3, 2018) InfoWarCon 18 brings together a highly elite group of political, military, academic, DIYer, and commercial cyber-leaders and thinkers from around the world. We examine the current, future, and potential...

RETR3AT Cybersecurity Conference (Montreat, North Carolina, USA, November 2, 2018) Each year, Montreat College’s Center for Cybersecurity Education and Leadership hosts RETR3AT, a conference designed to engage, educate, and raise awareness about cybersecurity in Western North Carolina...

4th Annual Cyber Southwest (CSW) Symposium (Tuscon, Arizona, USA, November 2, 2018) Be a part of the 4th Annual Cyber Southwest (CSW) Symposium set to take place at the University of Arizona, Eller College of Management - McClelland Hall in Tucson, AZ on Friday, November 2nd, 2018. CSW...

Hybrid Identity Protection Conference (New York, New York, USA, November 5 - 6, 2018) Learn what cutting-edge industry leaders are doing to improve identity protection in the modern organization and how they are boosting enterprise security. Network with the world’s leading identity experts...

Cyber Security & Artificial Intelligence MENA Summit (Dubai, UAE, November 6 - 7, 2018) Cyber Security and Artificial Intelligence MENA Summit has been designed to bring you a remarkable opportunity to gain fresh insights into areas such as artificial intelligence and machine learning impact...

2nd Annual Aviation Cyber Security Summit Summit (London, England, UK, November 6 - 7, 2018) Now in its 2nd year, the Cyber Senate Aviation Cyber Security and Resilience Summit (AVCIP2018) will take place on 6th and 7th in London United Kingdom 2018. This two-day executive forum will include presentations,...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.