skip navigation

More signal. Less noise.

Who Ya Gonna Call? Threatbusters!

The threat intelligence event of the year is just around the corner—Detect '18! Join team ANOMALI and your fellow professionals at the Gaylord National Resort & Convention Center September 19-21, 2018 in National Harbor, Maryland for timely education and training on today’s most compelling, relevant threat intelligence topics, breakout sessions designed for all levels of experience, and insights from compelling customer presentations highlighting real-world threat intelligence big data issues. Register today!

Daily briefing.

We may be seeing something that amounts, almost, to declared cyberwar between the UK and Russia. British Prime Minister May told Commons yesterday that the Government had identified the attackers responsible for the Novichok nerve agent attacks. She named Alexander Petrov and Ruslan Boshirov, characterizing them as GRU operatives. She said the attacks were "almost certainly" approved at a high level, and that "the full range of tools from across our national security apparatus" will be used against the GRU. That full range of tools is understood to encompass, principally, offensive cyber operations. The Prime Minister briefed President Trump and will communicate with the United Nations Security Council today.

Hearings on social media held yesterday by the Senate Select Committee on Intelligence elicited from Facebook's Sheryl Sandberg her example of what might companies like hers might be expected to do against foreign influence operations: suspend inauthentic accounts, the way Facebook, Google, and Twitter did when FireEye tipped them to such accounts' links to Iran's government. "In our mind that’s the system working," she said. But larger questions about disinfecting online nastiness remained unanswered, quite possibly because they're unanswerable.

The US Department of Justice announced that it will be looking at social media providers for signs of suppressing certain kinds of expression and for engaging in anti-competitive practices.

Qihoo 360 warns of multiple malware attacks spreading across vulnerable, unpatched MikroTik routers.

Palo Alto Networks reports that Iranian threat actor OilRig has adopted a more evasive variant of the OopsIE Trojan.


Today's issue includes events affecting Australia, China, Iran, Latvia, United Nations, Russia, South Africa, Ukraine, United Arab Emirates, United Kingdom, United States, and Vietnam.

Leaving trails when you do online research?

Traditional browsers betray you by revealing your identity.  Security teams who use a cloud browser manage attribution and can reduce the time spent investigating cases by more than 50%. Instead of wasting time spinning up a VDI, using Tor or connecting to a jumpbox, get online in seconds with Authentic8 Silo, a secure cloud browser and egress from hundreds of points of presence around the world.

In today's podcast, we speak with our partners at the Johns Hopkins University, as Joe Carrigan discusses biometric scanners tagging travelers at the border. Our guest is Robert Anderson from the Chertoff Group, with insights into the encryption debate.

And this week's Hacking Humans podcast is up. In this edition, Dave gets scammed on an exit ramp. Joe describes real estate transaction scams. Is LinkedIn moonlighting in Himalayan tourism? Our guest, Asaf Cidon from Barracuda Networks, shares the social engineering trends his team is tracking.

Rapid Prototyping Event: The Chameleon and the Snake (Columbia, Maryland, United States, September 17 - 20, 2018) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Protoyping Event that specifically targets malware signature diversity and signature measurement for Microsoft Windows in a simulated operational environment at a realistic pace. Join us September 17-20, 2018 at UMBC Training Center in Columbia, MD.

The force is stronger when MSPs and MSSPs come together. (Webinar, September 19, 2018) The managed service market has grown tremendously, with the demand for managed security being unprecedented. For managed service providers (MSPs) looking to answer those demands, partnering with a managed security services provider (MSSP) expands access to highly-skilled cyber security analysts and a full suite of security solutions. Join Delta Risk’s webinar, September 19 at 1 PM ET, to learn how the two sides can join forces.

FireEye Cyber Defense Summit 2018 (Washington, DC, United States, October 1 - 4, 2018) Get trained by a FireEye expert at our annual Cyber Defense Summit. Training opportunities at this event offer attendees hands-on, small-group, interactive sessions with some of the most experienced FireEye cyber security experts.

5th Annual Cyber Security Conference for Executives (Baltimore, Maryland, United States, October 2, 2018) The 5th Annual Cyber Security Conference for Executives, hosted this year by The Johns Hopkins University Information Security Institute and Ankura, will be held on Tuesday, October 2nd, in Baltimore, Maryland. This year’s theme is cybersecurity compliance and regulatory trends, and the conference will feature discussions with thought leaders across a variety of sectors. Join the discussion and learn about current and emerging cyber security threats to organizations, and how executives can better protect their enterprises. To receive the early-bird rate, register now!

Dragos Industrial Security Conference (DISC) 11/5/18 (Hanover, Maryland, United States, November 5, 2018) Reserve your spot now for the Dragos Industrial Security Conference (DISC) on November 5th, 2018. DISC is a free, annual event for our customers, partners, and those from the ICS asset community. Visit for more information.

Dateline 9th Annual Billington Cybersecurity Summit

Gen. Paul Nakasone and GCHQ Director Jeremy Fleming to Keynote at 9th Billington CyberSecurity Summit Sept. 6 (PRNewswire) Five Cyber Commanders and CIOs of DOD and DHS to Speak at 9th Annual Summit Sept. 6, Walter Washington Convention Center

ISARA Corp. to Present Quantum-Safe Readiness at 9th Annual Billington CyberSecurity Summit (GlobeNewswire News Room) Global Leader in Quantum-Safe Security Presents How Crypto-Agility Helps Organizations Integrate Encryption Resistant to Quantum Attack Today

Cyber Attacks, Threats, and Vulnerabilities

GOBLIN PANDA Targets Vietnam Again (SecurityWeek) CrowdStrike security researchers have observed renewed activity associated with GOBLIN PANDA, a threat actor mainly targeting entities in Southeast Asia.

Iranian Hackers Improve Recently Used Cyber Weapon (SecurityWeek) The Iran-linked cyberespionage group OilRig was recently observed using a variant of the OopsIE Trojan that was updated with new evasion capabilities, Palo Alto Networks reports.

'Our House Is on Fire.' Elections Officials Worry About Midterms Security (Time) "This is an all-hands-on-deck moment for American democracy."

Phishing for political secrets: Hackers take aim at midterm campaigns (CBS News) How hackers target political campaigns with simple but sophisticated email attacks

Understanding the Chinese Communist Party’s Approach to Cyber-Enabled Economic Warfare (Foundation for Defense of Democracies) American prosperity and security are challenged by an economic competition playing out in a broader strategic context …

U.S.' top spy-catcher: China brings "ungodly resources" to espionage (CBS News) On "Intelligence Matters" this week, William Evanina talks with host Michael Morell about espionage threats to U.S.

Unpatched routers being used to build vast proxy army, spy on networks (Ars Technica) Multiple malware campaigns are spreading hacks of MikroTik gear, including failed Monero miners.

Windows Zero-Day Exploited in Targeted Attacks by 'PowerPool' Group (SecurityWeek) Windows zero-day vulnerability exploited by a group dubbed 'PowerPool' in targeted attacks. Flaw leveraged to elevate privileges of second-stage malware

Misconfigured Tor sites using SSL certificates exposing public IP addresses (HackRead) Follow us on Twitter @HackRead

Researcher unsure if Apple has acted to curb malware (iTWire) A researcher based in the United Arab Emirates says he notified Apple about an attack group known as WindShift that had been using vulnerabilities in...

Browser Extensions: Are They Worth the Risk? (KrebsOnSecurity) Popular file-sharing site is warning users that cybercriminals hacked its browser extension for Google Chrome so that usernames and passwords submitted through the browser were copied and forwarded to a rogue server in Ukraine.

Security Patches, Mitigations, and Software Updates

Latest Version of Chrome Improves Password Management, Patches 40 Flaws (SecurityWeek) Google celebrates 10 years of its Chrome web browser with the release of a new version that provides users with security improvements, new features, and patches for 40 vulnerabilities.

Critical Start's Section 8 Researchers Identify Vulnerabilities In Cisco Umbrella (PRNewswire) Threat intelligence and penetration testing team finds local privilege escalation issues in cloud-based secure internet gateway product; Cisco issues security advisory

Opsview Monitor Multiple Vulnerabilities (Core Security) Opsview Monitor Multiple Vulnerabilities

Cyber Trends

Endpoints a Top Security Concern for Industrial Organizations: IIoT Survey (SecurityWeek) Concerns about endpoint security in industrial environments, especially among OT personnel, are being driven by the demise of the traditional air gapping of OT infrastructures.

Smart Home Users Failing on Security Basics (Infosecurity Magazine) Bitdefender report claims many don’t patch firmware

Think You Have Cybersecurity Taken Care Of? Think Again (Forbes) You know what they say: The first step is admitting you have a problem.

Are we heading towards cybersecurity Armageddon in SA? (News24) One of the biggest cybersecurity problems in South Africa is a feeble awareness among our workforce, including all level managers, and citizens.


Silicon Valley at war: Palantir, Microsoft workers divided over defence contracts (Financial Review) Silicon Valley workforces are agitating with their multinational employers to stop co-operating with government on defence.

44 Percent of Americans 18-27 Have Deleted the Facebook App This Year, Poll Finds (Motherboard) A new study shows that young people are moving away from the Facebook app and, at the very least, are changing their privacy settings.

Meeting of executive committee marks important step in Commonwealth Cyber Initiative (VT News) The state asked Virginia Tech to lead the initiative because of the university’s strengths in science and engineering, existing expertise in cybersecurity research and education, and its significant research presence in Northern Virginia.

H1-702 2018 makes history with over $500K in bounties paid! (HackerOne) Five straight nights of hacking with over 75 hackers representing 20+ countries hacked five targets earning over $500,000. It was the largest and most successful live hacking event ever.

Arkose Labs Empowers Enterprises to Stop Online Fraud and Abuse; Secures $6M in Series A Funding ( Sep 5, 2018--Arkose Labs, providers of online fraud prevention technology combining user risk assessment and sophisticated enforcement challenges, today announced it has successfully closed a $6 million round

Spectrum Equity Leads Investment in Offensive Security to Grow Community of Highly Skilled Penetration Testers (BusinessWire) Offensive Security, the leading provider of online penetration testing training and certification, today announced that it received a growth investmen

Former IBM Executive Joins GuardiCore as VP of Corporate Strategy (GuardiCore) Security Leader Ola Sergatchov to Drive and Execute Growth Trajectory on a Global Scale. Read More

Silverfort Expands Executive Leadership Team To Drive Accelerated Growth And Innovation (GlobeNewswire News Room) Next Generation Authentication Leader Onboards Executives to Scale Operations and Meet Growing Demand

Mozilla Appoints New Policy, Security Chief (SecurityWeek) Mozilla appoints Alan Davidson as new Vice President of Global Policy, Trust and Security. Davidson previously worked at the US Department of Commerce, New America and Google

SIMalliance Chair Re-elected as SIM Industry Commits to Champion the Importance of Security for Connected Devices (SIMalliance) Remy Cricco (IDEMIA) has been re-elected to serve a second term as the Chairman of SIMalliance, the non-profit association which represents approximately 90% of the global SIM industry.

Products, Services, and Solutions

BitSight unveils cybersecurity performance planning and analytics solution (Help Net Security) BitSight Forecasting is the analytics offering that helps customers identify the course of action to improve their cybersecurity risk posture.

Switchfast Launches MaxPro Secure for a Comprehensive Approach to SMB (PRWeb) Switchfast Technologies, the leading provider of managed IT services and security for small and mid-sized businesses in Chicago, today announced the launch of M

NTT Security to launch cloud-based threat mitigation service (Data Center Dynamics) Using new partner Symantec's software

Technologies, Techniques, and Standards

How risk-adaptive programs can boost government cybersecurity (Fifth Domain) The next steps in a critical government program will require how and when employees use data.

The Vulnerability Disclosure Process: Still Broken (Threatpost) Despite the advent to bug bounty programs and enlightened vendors, researchers still complain of abuse, threats and lawsuits.

IoT Category Added to Pwn2Own Hacking Contest (SecurityWeek) Mobile Pwn2Own renamed Pwn2Own Tokyo after ZDI adds IoT category, which includes Apple Watch, Amazon Echo, Google Home, Nest Cam IQ Indoor and Amazon Cloud Cam

Exclusive: SailPoint CEO on why bot identities need to be scrutinised (Security Brief) Bots today have access to mission-critical systems, applications and data, just like any other user within the organisation.

Less Is More: Why CISOs Should Consolidate Their Security Tools (Security Intelligence) CISOs need a broad range of security tools to fulfill their growing list of responsibilities. The more they can consolidate these solutions, the easier they are to manage and monitor.

Teaching Old Dogs New Tricks (Infosecurity Magazine) Security teams need to gain an understanding of each application within their network and find out how it interacts with external entities.

Design and Innovation

Google wants to get rid of URLs but doesn’t know what to use instead (Ars Technica) Their complexity makes them a security hazard; their ubiquity makes replacement nigh impossible.

Blockchain And Human Rights Projects Are Growing By The Day (CoinCentral) It may be some time before blockchain technology has solved all the world's problems, yet blockchain and human rights are showing good progress.

Research and Development

China is beating the US on AI, says noted investor Kai-Fu Lee (TechCrunch) America may have created AI, but China is taking the ball and running when it comes to one of the world’s most pivotal technology innovations. That’s according to Kai-Fu Lee, a world-renowned AI expert who founded Sinovation, a China-U.S. fund that raised its fourth fund worth $1 billio…


Top bachelors and masters cybersecurity degree programs (CSO Online) These are some of the best on-campus and online cybersecurity degree programs helping to meet the cybersecurity job demand.

Legislation, Policy, and Regulation

May vows revenge on Russia over Salisbury novichok poisonings (Times) Theresa May is preparing a cyberwar against Russia’s spy network after accusing two of its agents of carrying out the Salisbury nerve agent attack. Serving notice of new covert operations against...

Defence Innovation Hub keeps cyber among top investment priorities (ARN) ​Cyber security has been penned at the top of the list for the Department of Defence’s 2018 - 2019 investment priorities for its Defence Innovation Hub.

EU Cybersecurity Certification: a Missed Opportunity (Infosecurity Magazine) What about a standard for products, will the EU cybersecurity certification framework be a positive thing?

How election security became a Homeland Security priority (Federal Times) Election security wasn’t a mission initially envisioned for the Department of Homeland Security, the sprawling department creating after the Sept. 11 attacks. But it’s now one of the highest priorities, Secretary Kirstjen Nielsen said Wednesday.

What’s standing in the way of multidomain operations? (Defense News) Several hurdles remain for multidomain operations. So what are the U.S. armed services doing about it?

US Navy must be able to compete in ‘gray zone’ conflict, says top service officer (Defense News) China and Russia have employed tactics to harass neighbors and challenge the U.S. Navy.

Litigation, Investigation, and Law Enforcement

Novichok attack Russian 'agents' named (BBC News) Two men accused of the Salisbury poisonings are believed to be from Russia's military intelligence service.

Novichok attack: smiling Salisbury poisoning suspects take a toxic tour (Times) Walking nonchalantly down a quiet Salisbury street, two Russian military intelligence officers grin at each other after allegedly carrying out the first nerve agent attack in Europe since the...

Salisbury poisoning: Sergei Skripal had put danger and drama behind him ... or so he thought (Times) Before March of this year, few outside the inner ring of the spy world had ever heard of Sergei Skripal: a Russian former spy living in quiet anonymity in Salisbury, giving the occasional private...

Opinion | Working with Russia on cybercrime is like hiring a burglar to protect the family jewels (Washington Post) The Russians are pushing for international regulation of cyberspace — on their own terms.

West faces relentless threat to democracy, say Facebook and Twitter (Times) Western democracies face a relentless threat from hackers determined to undermine elections, social media leaders warned US senators yesterday. Senior company executives appeared before the Senate...

Google rebuked by Senate Intelligence Committee for not sending Page or Pichai to testify (TechCrunch) Alphabet’s decision to decline to send its CEO Larry Page to today’s Senate Intelligence Committee hearing — to answer questions about what social media platforms are doing to thwart foreign influence operations intended to sow political division in the U.S. — has earned it …

Facebook and Twitter's Biggest Problems Follow Them to Congress (WIRED) As Jack Dorsey and Sheryl Sandberg testified before Congress, some of Twitter and Facebook's most notorious trolls and misinformation artists watched on.

Journalists Are Not Social Media Platforms’ Unpaid Content Moderators (Motherboard) During a Senate Intelligence Committee hearing on Wednesday, Twitter CEO Jack Dorsey admitted how much the platform relies on reports from journalists on to counter offending content on the site.

Facebook COO Sheryl Sandberg: We’re Very Committed to Encryption in WhatsApp (Motherboard) During a Senate hearing, Sandberg said Facebook, which owns WhatsApp, is still using end-to-end encryption, but did leave room for potential changes.

Joe Manchin’s Suggestion of a FOSTA/SESTA Law for Drug Trafficking Is A Terrible Idea (Motherboard) The West Virginia Senator suggested the idea during the Senate Intelligence Committee hearing on social media.

Justice Department to Examine Whether Social-Media Giants Are ‘Intentionally Stifling’ Some Viewpoints (Wall Street Journal) Attorney General Jeff Sessions plans to gather state attorneys general to discuss whether social-media giants may be harming competition and “intentionally stifling” certain viewpoints, stepping up pressure on the platforms over alleged anticonservative bias.

DOJ: We will examine social media firms that “may be hurting competition” (Ars Technica) Meanwhile, Trump notes: "Maybe I did a better job because I'm good with the Twitter."

Justice Dept. says social media giants may be ‘intentionally stifling’ free speech (TechCrunch) The Justice Department has confirmed that Attorney General Jeff Sessions has expressed a “growing concern” that social media giants may be “hurting competition” and “intentionally stifling” free speech and expression. The comments come as Facebook chief operating…

Justice Department’s threat to social media giants is wrong (TechCrunch) Never has it been so clear that the attorneys charged with enforcing the laws of the country have a complete disregard for the very laws they’re meant to enforce. As executives of Twitter and Facebook took to the floor of the Senate to testify about their companies’ response to internat…

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Cyber Resilience & Infosec Conference (Abu Dhabi, UAE, September 5 - 6, 2018) Interact with the top-notch cyber security specialists, learn new strategies and protect your company's future efficiently

9th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 6, 2018) The mission of Billington CyberSecurity is to bring together thought leaders from all sectors to examine the state of cybersecurity and highlight ways to enhance best practices and strengthen cyber defenses...

SecureWorld Twin Cities (Minneapolis, Minnesota, USA, September 6, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

CornCon IV: Quad Cities Cybersecurity Conference & Kids' Hacker Camp (Davenport, Iowa, USA, September 7 - 8, 2018) CornCon is a 2-day conference held in Davenport, Iowa including a professional development workshop on Friday and a full-day cybersecurity conference on Saturday. The workshop covers enterprise risk, privacy...

2018 International Information Sharing Conference (Tysons Corner, Virginia, USA, September 11 - 12, 2018) Join representatives from fellow information sharing groups with all levels of expertise, security practitioners, major technology innovators, and well-established cybersecurity organizations, as they...

SecureWorld Detroit (Detroit, MIchigan, USA, September 12 - 13, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

Cybersecurity for Small & Medium Sized Businesses (Gaithersburg, Maryland, USA, September 13, 2018) Learn about technical, legal, cultural and policy cybersecurity issues facing small and medium sized businesses. Panelists include: Markus Rauschecker, J.D. University of MD. Center for Health and Homeland...

FutureTech Expo (Dallas, Texas, USA, September 14 - 16, 2018) With over 2,000 expected attendees, 70 top-notch speakers and 100+ exhibitors from the Blockchain & Bitcoin, Artificial Intelligence, Cyber Security / Hacking, Quantum Computing, 3D Printing, and Virtual...

Insider Threat Program Development-Management Training Course (San Antonio, Texas, USA, September 17 - 18, 2018) Insider Threat Defense will hold its highly sought-after Insider Threat Program Development-Management Training Course, in San Antonio, Texas, on September 17-18, 2018. This two-day training course will...

International Consortium of Minority Cybersecurity Professionals (ICMCP) 3rd Annual National Conference (Atlanta, Georgia, USA, September 17 - 19, 2018) The International Consortium of Minority Cybersecurity Professionals (ICMCP) 3rd Annual National Conference continues to elevate the national dialogue on the very necessary strategic, tactical and operational...

Air Space & Cyber Conference (National Harbor, Maryland, USA, September 17 - 19, 2018) Gain new insights and skills to advance your career. Be among the first to see the latest innovations in airpower, space, and cyber capabilities all the while bonding with your fellow Airmen. Inspiring...

SecureWorld St. Louis (St. Louis, Missouri, USA, September 18 - 19, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

SINET Global Cybersecurity Innovation Summit (London, England, UK, September 18 - 19, 2018) SINET, an organization focused on advancing cybersecurity innovation through public-private collaboration, today announced that its annual Global Cybersecurity Innovation Summit (GCIS), will take place...

5th Annual Industrial Control Cyber Security USA (Sacramento, California, USA, September 18 - 19, 2018) Now in its 5th year, this two day executive forum will include presentations, roundtable working groups and panel sessions. Together we will address the escalating cyber risk and resilience challenges...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.