skip navigation

More signal. Less noise.

Get the top 10 vulnerabilities used by cybercriminals.

Recorded Future researchers have scoured open web, dark web, and technical sources to discover which vulnerabilities are being actively exploited by cybercriminals. Download the report now.

Daily briefing.

Magecart strikes again, hitting customer-engagement shop Feedify's shared Javascript library.

Malwarebytes notes the appearance of an "evil cursor" attack that affects recent versions of the Chrome browser. It prevents users from closing a window or a tab by clicking the usual "x" at the top, instead displaying a scare pop-up to drive nervous users to the criminals' bogus service offerings. A number of organized criminal groups are using the evil cursor attack, with the "Partnerstroka" gang first among equals.

Check Point has been following the Ramnit banking Trojan, and they see a seasonal pattern: it peaks during the summer. Why isn't clear: some speculate school-age skids are on summer break with time on their hands.

The Safari browser flaw reported this week does make url spoofing easier, but it's more likely to be a nuisance than a major threat. An easy protection, Sophos says, is to stay clear of easily impersonated http sites.

North Korea denounces the US indictment of one of its Lazarus Group hackers as a "smear campaign," which of course North Korea would. The indictment is part of a long-running American policy of charging officers of foreign government with hacking offenses.

There's much mutually amplifying woofing in social media to the effect that gas explosions in the US Commonwealth of Massachusetts were the result of cyberattacks. This is grossly premature speculation. The incident is under investigation, and such inquiries take time. There are plenty of accidents, and most of them are just that, so wait and see.


Today's issue includes events affecting Australia, Estonia, European Union, Democratic Peoples Republic of Korea, NATO/OTAN, Russia, United Kingdom, United States.

$8.76 million: The average yearly cost of insider threats. Get the report.

Insider threat incidents come with a hefty price tag, according to the “2018 Cost of Insider Threats: Global Organizations” report released by independent research group, The Ponemon Institute. Make sure that you understand the full context (and cost) of these threats by downloading the full report. Get your copy today.

In today's podcast, we talk with our partners at the Johns Hopkins University's Information Security Institute, as Joe Carrigan shares his frustrations with his bank’s insufficient password practices. Our guest is Ron Gula, former CEO and co-founder of Tenable Network Security, currently President of Gula Tech Adventures, which advises and invests in two dozen cybersecurity companies.

Rapid Prototyping Event: The Chameleon and the Snake (Columbia, Maryland, United States, September 17 - 20, 2018) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Protoyping Event that specifically targets malware signature diversity and signature measurement for Microsoft Windows in a simulated operational environment at a realistic pace. Join us September 17-20, 2018 at UMBC Training Center in Columbia, MD.

The force is stronger when MSPs and MSSPs come together. (Webinar, September 19, 2018) The managed service market has grown tremendously, with the demand for managed security being unprecedented. For managed service providers (MSPs) looking to answer those demands, partnering with a managed security services provider (MSSP) expands access to highly-skilled cyber security analysts and a full suite of security solutions. Join Delta Risk’s webinar, September 19 at 1 PM ET, to learn how the two sides can join forces.

The Browser Can Win and Lose Midterm Elections (Washington, DC, United States, September 20, 2018) Join Authentic8 in DC for a happy hour and appetizers. Come learn how a browser can be tracked and used for campaign targeting, what technical hurdles are in the current campaign targeting landscape, and how you can protect yourself.

Cyber Security Summits: September 25 in NYC on October 16 in Phoenix (New York, New York, United States, September 25, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, The NSA, Google, IBM, Darktrace, CenturyLink and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350)

FireEye Cyber Defense Summit 2018 (Washington, DC, United States, October 1 - 4, 2018) Get trained by a FireEye expert at our annual Cyber Defense Summit. Training opportunities at this event offer attendees hands-on, small-group, interactive sessions with some of the most experienced FireEye cyber security experts.

Dragos Industrial Security Conference (DISC) 11/5/18 (Hanover, Maryland, United States, November 5, 2018) Reserve your spot now for the Dragos Industrial Security Conference (DISC) on November 5th, 2018. DISC is a free, annual event for our customers, partners, and those from the ICS asset community. Visit for more information.

Cyber Attacks, Threats, and Vulnerabilities

Magecart Back Again as Feedify is Hit (Infosecurity Magazine) Malicious script injected into supplier’s JavaScript library

Ramnit Trojan reveals overlooked seasonal threat to the enterprise (SC Magazine) There is a seasonal pattern to malware attacks which is particularly clear from analysing the behaviour of the Ramnit banking Trojan, according to researchers at Check Point.

Browser security hole on Macs and iPhones – just how bad is it? (Naked Security) A URL spoofing bug in Safari is being reported with the word BEWARE! – we explain how bad it really is, and what to do about it.

Tech support scammers leverage "evil cursor" technique to "lock" Chrome (Help Net Security) Tech scammers are constantly coming up with new techniques to make users panic. In the latest one they make it seem like the cursor doesn't work.

Veeam contacts partners after data leak (CRN) Vendor tells partners that 'human error' led to the exposure of data

Really old computer viruses are still infecting new machines (Fifth Domain) Researchers say that known vulnerabilities are still attacking machines, shedding light on poor cyber hygiene.

Is Huawei a Genuine Security Threat? (TechCo) Huawei phones are effectively banned from sale in the US, due to suspicion of ties to the Chinese state and military. Would you be safe buying a Huawei phone?

Phishing from Beyond the Grave... (KnowBe4) Phishing from Beyond the Grave...

Security Patches, Mitigations, and Software Updates

Root KSK Roll: Replacing the Root of Trust for the DNS (Akamai) On October 11, 2018 -- for the first time ever -- the Root Key Signing Key (Root KSK), that is the single root of trust used to verify all DNSSEC responses, is scheduled to change. Validating resolvers...

Cyber Trends

Cyber attack on financial system could trigger next crisis, Charles Schwab strategist says (CNBC) Michael Farr of Farr, Miller and Washington and Liz Ann Sonders, chief investment strategist with Charles Schwab, discussed whether or not a cyber attack could trigger the next financial crisis. Sonders said that a cyber attack on the financial system could create fear in investors and trigger a crisis. Farr agreed, but added that cybersecurity is not the only threat to the economy.

Analysis of half-a-billion emails reveals malware-less email attacks are on the rise (Help Net Security) The analysis of over half-a-billion emails from 1H reveals that malware-less email attacks are on the rise and impersonation attacks have gone mainstream.

Lawmaker: If You Think Patching is Tough Now, It’s Going to Get Worse ( Without security standards for the internet of things, the government is leaving open billions of “stupid” vulnerabilities, said Sen. Mark Warner.

#44CON: In a Time of Genuine Threats, Talk Sensibly and Act Efficiently (Infosecurity Magazine) Let’s change the way we talk about security, as global news and incidents are creating new threats.


Apple Has Started Paying Hackers for iPhone Exploits (Motherboard) Despite their value in the grey market, security researchers are reporting bugs as part of the Apple iOS Bug Bounty program, and some are getting rewards.

Justin King: 'Tech firms behave in a way that would be unacceptable in any other industry' (Computing) We're 'past the point of peak tech'. Legislators will act on the monopolies controlled by Amazon and Google, says former Sainsbury's CEO King

Senior Google Scientist Resigns Over “Forfeiture of Our Values” in China (The Intercept) The specialist said that the plan to resume the censored search engine project in China could endanger dissidents and encourage online repression elsewhere.

Google Is Handing the Future of the Internet to China (Foreign Policy) The company has been quietly collaborating with the Chinese government on a new, censored search engine—and abandoning its own ideals in the process.

Why Big Tech and the Government Need to Work Together (WIRED) Opinion: Former Secretary of Defense Ash Carter argues for cooperation between tech workers and the DoD

Why the Military Must Learn to Love Silicon Valley (Foreign Policy) The U.S. Defense Department and big tech need each other—but getting along won’t be easy

How Malwarebytes founder Marcin Kleczynski turned an infected family computer into a multimillion-dollar cyber security company (SmartCompany) Malwarebytes co-founder Marcin Kleczynski was inspired to found the multimillion-dollar cyber security company after fixing his family's computer.

Microsoft bolsters its AI portfolio with latest acquisition (CRN) Vendor's buyout of Lobe marks its third acquisition of an AI startup this year

Second Cyrise cohort attracting “more mature” cybersecurity startups (CSO) Australian cybersecurity startups are “a lot more mature” this year and many are ready to go to market as they push for support under the auspices of cybersecurity incubator Cyrise, the firm’s head has noted as the firm counts down the last days for applications to its second round of funding.

Webroot's Market Momentum Continues with Double-Digit Growth in Fiscal Year 2018 (PRNewswire) Webroot, the Smarter Cybersecurity® company, announced 12 percent annual recurring revenue (ARR) growth for its fiscal year ending on June 30, 2018, marking the company's eighteenth consecutive quarter of double-digit company growth.

Bitdefender moves closer to IPO with latest acquisition (Axios) It's acquired its local partner in Australia and New Zealand.

Why Cisco’s Cybersecurity Business Is About to Take Off (The Motley Fool) The networking giant is all set to tighten its grip over the cybersecurity space.

British Airways hack upgrades cyber risk pipeline (iTnews) Supply chain risk spend to increase.

Multi-Billion Dollar ICO Market down to a Few Hundred Million (CoinCentral) The Initial Coin Offering (ICO) market is currently experiencing a sharp decline according to August statistics. The industry, which peaked during the months of January, February, and March is believed to be moving down in lockstep with the current floundering cryptocurrency market.

Crypto’s second bubble, Juul has 60 days and three Chinese IPOs (TechCrunch) Hello and welcome back to Equity, TechCrunch’s venture capital-focused podcast where we unpack the numbers behind the headlines. After a long run of having guests climb aboard each week, we took a pause on that front, bringing together three of our regular hosts instead: Connie Loizos, Danny Chrich…

FBI loses another cybersecurity expert to private sector (Cyberscoop) Trent Teyema has been named senior vice president and chief technology officer for the government-focused wing of Parsons Corporation.

Products, Services, and Solutions

New infosec products of the week​: September 14, 2018 (Help Net Security) Exabeam adds updated Case Management module to behavioral analytics product Exabeam Case Management is a module that provides a user interface designed

Safe-T Announces FIPS 140-2 Compliance and Additional Feature Integrations with Release of SDE Version 7.3 (PRNewswire) Features include new third party security and cloud feature integrations; delivers cryptographic functionality allowing federal government deployment.

eSentire Launches Integrated MDR and SIEM Platform for Full Threat Visibility and Rapid Response (eSentire) eSentire, Inc., the largest pure-play Managed Detection and Response (MDR) provider, today announce...

Digital Defense, Inc. Achieves Certified Integration with McAfee ePolicy Orchestrator Through the McAfee Security Innovation Alliance (Digital Defense) Integrated Solutions Deliver Enhanced Security Capabilities to Provide Real-Time Visibility

What every OT and IT leader should know about protecting industrial control systems and critical infrastructure (Forcepoint) Forcepoint's approach to cybersecurity within critical infrastructure provides the end-user an option to quickly move from visibility to control with Forcepoint NGFW and Forcepoint Data Guard to provide robust network defense and secure segmented network communications. Leveraging defense-grade approaches which are used by top government agencies, customers can deploy a variety of solutions for highly sensitive areas like nuclear and power generation, or meet simple DMZ and remote access requirements.

Rambus Token Gateway for E-Commerce Certified “Visa Ready” (Rambus) Rambus Inc. (NASDAQ: RMBS) today announced that its Token Gateway for e-commerce solution is one of the first to be qualified under the “Visa Ready” for Tokenization program.

The Security Maturity Model Knowledge Center (Secureworks) The Secureworks Security Maturity Model is a pragmatic methodology for evaluating your cybersecurity maturity and identifying next steps in your organization's security journey.

Universal Reward Protocol | A Blockchain-Based Protocol Where Retailers Reward Shoppers For Sharing Their Behavioral Data (URP) Universal Reward Protocol is a blockchain-based protocol for retailers to reward shoppers sharing their data by tailoring exclusive and personalised offers.

You didn’t buy ‘your’ iTunes movies; Apple can delete them anytime (Naked Security) It’s in the terms of service, as one man found out after Apple removed three movies from his iTunes library.

Technologies, Techniques, and Standards

Agencies Should Rethink Their Communications in an Era of Leaks ( Both government organizations and political campaigns must rethink how they communicate, as channels once thought to be secure are not.

New voting machines will provide ‘paper trail’ (Delaware State News) Delaware is set to have new voting machines for the 2020 presidential election, with the goal of putting them in place by May’s school board elections. A task force given the responsibility of approving a contract with a vendor to replace the current machines unanimously approved the selection Tuesday, although the choice …

‘Cyber Fog’ exercise aims to strengthen US and Estonian defences (Jane's 360) US and Estonian militaries conducted a joint cyber exercise aimed at boosting their co-ordination and communication in combined cyberspace operations. The two-day ‘Cyber Fog’ exercise took place in late July/early August at the Estonia Defence Forces Cyber Command in Tallinn. US Navy

What is the difference between sandboxing and honeypots? (Panda Security Mediacenter) Today we take a look at two strategies that are very common in the sector: honeypots and sandboxing, two IT risk prevention strategies.

Design and Innovation

Preventing exfiltration of sensitive docs by flooding systems with hard-to-detect fakes (Help Net Security) A group of researchers from Queen's University (Canada) have proposed a new approach for keeping important documents safe: creating so many believable

This Twitter Bot Will Tell You if a Login Page is Phishing (Motherboard) @isthisphish takes submissions from users, then generates a report on how suspicious the domain seems to be.

Solid password practice on Capital One's site? Don't bank on it (Register) What's in your wallet? Definitely not a password manager

Research and Development

Researchers exploring how IoT apps can to imitate human decisions (Help Net Security) CA Technologies is participating in scientific research to discover how IoT apps can use a type of AI known as ‘deep learning’ to imitate human decisions.


Cornell Beats Other Ivies in Cryptocurrency Course Offerings (The Cornell Daily Sun) Cornell is among several other higher education institutions in actively meeting the rising academic interest in this field by offering a total of 28 relevant courses — the largest amount among the world’s top 50 universities as ranked by U.S. News and World Report, beating other Ivy League universities.

University of South Wales is closing the skills gap, say IT professionals (Computing) The Cyber Academy prepares graduates for work through industry partnerships

University harnesses AI to counter cyber threats (Police Professional) Cardiff University has been named as an Academic Centre of Excellence in Cyber Security Research by the UK’s National Cyber Security Centre (NCSC) – the first institution in Wales to be given this status.

Legislation, Policy, and Regulation

N. Korea says U.S. ‘smear campaign’ over hacking undercuts Trump-Kim accord (Washington Post) At the same time, the two Koreas opened their first joint liaison office in the North.

Australia ‘wide open’ to damage from cyberattack (Government News) Governments must move quickly to address potentially catastrophic cybersecurity vulnerability, a state government chief information security officer has warned.

Australia should reverse its Huawei 5G ban (South China Morning Post) The ban was made under the pretext of protecting national security, yet there is no evidence that Huawei gear is insecure

Talking UK Cyberwar With Sir David Omand (SecurityWeek) SecurityWeek talked to Professor Sir David Omand to get a better understanding of the UK viewpoint on the notion that a cyber attack that resulted in actual or threatened loss of life could legally elicit a kinetic military response.

Hackers wage a new Cold War (Help Net Security) Many believe the US and Russia have returned to a Cold War footing, one that promises to re-imagine war. The new Cold War incorporates cyber tactics.

Coercion And Cyberspace – Analysis (Eurasia Review) Cyberspace is a new domain for coercive operations in support of foreign policy and security with advantages for offensive actions and hindrances to its success. By Miguel Alberto Gomez* Over the p…

Venafi Black Hat Survey - Cyber War (Venafi) Venafi conducted a survey at Black Hat 2018 on cyber war and nation state security. Over 500 IT security professionals participated.

Senators: Why we need a better cyber Paul Revere (CNN) Senators Rob Portman and Maggie Hassan write that two bipartisan legislative proposals, the Hack DHS Act and the DHS Cyber Incident Response Teams Act, are necessary to develop a "one if by land, two if by sea"-style warning system for hacking vulnerabilities in the US.

They’re Crying in the Cyber Wilderness (Roll Call) Attacking the United States and its institutions has become a lot simpler since 9/11: a few strokes on a keyboard can now shut it all down.

Trump’s Election Meddling Sanctions Will Not Deter Russia (Atlantic Council) US President Donald J. Trump on September 12 issued a new executive order (EO) authorizing sanctions in response to interference in US elections, likely as an attempt to stave off two bipartisan bills circulating in the Senate that would mandate...

Analysis | The Cybersecurity 202: Lawmakers want intelligence chiefs to help counter threat from doctored videos (Washington Post) There's no easy way to rein in deepfakes through legislation.

Corruption in counterterrorism aid programs fuels extremist groups, says new report (Defense News) The report finds two-thirds of the recipients of U.S. counterterrorism aid pose

Declassified Report Describes Confusion Around Military Cyber Responsibilities in 2014 ( The inspector general’s report describes poor communication and combatant commanders who hadn’t tallied up their cyber resources.

U.S. Cyber Command looks to grow its acquisition capacity (FCW) U.S. Cyber Command's contracting office is in its 'infancy' with a handful of staff and is looking to expand while showing Congress it knows what it's doing.

Here’s how the Army is grooming and elite cadre of (electronic) cyber soldiers (Fifth Domain) The Army will have cyber soldiers trained in a multitude of electronic disciplines.

Dem introduces bill to create federal cybersecurity apprenticeship program (The Hill) Rep. Jacky Rosen (D-Nev.) on Thursday unveiled legislation to create a Department of Labor grant program for apprenticeships in cybersecurity.

California bill regulates IoT for first time in US (Naked Security) California looks set to regulate IoT devices, becoming the first US state to do so and beating the Federal Government to the post.

Experts Bemoan Shortcomings with IoT Security Bill (Threatpost) The infosec community say California's IoT security bill is "nice," but doesn't hit on the important issues.

An Executive Guide to the Network and Information Security (NIS) Directive (CyberX) Get a free copy of 2017 global ICS & IIoT Risk Report: Data-driven analysis of ICS, SCADA and IIoT vulnerabilities based on the analysis of 375 OT networks.

McRaven, former SOCOM head, resigns from Pentagon board following Trump criticism (Defense News) The retired four-star admiral who once lead U.S. Special Operations Command resigned from the Defense Innovation Board four days after he posted a scathing op-ed in the Washington Post calling out Trump for revoking the security clearance of former CIA director John Brennan.

Litigation, Investigation, and Law Enforcement

Salisbury novichok attack: We were sports nutritionists on a tourist trip, suspects tell Russian TV (Times) Claims by two suspected Russian hitmen that they were in Salisbury as tourists were dismissed as “ludicrous” by a Whitehall source yesterday. The men, who identified themselves as Alexander Petrov...

GCHQ data collection regime violated human rights, court rules (the Guardian) Surveillance system revealed by Snowden breached right to privacy, Strasbourg judges say

“Bulk interception” by GCHQ (and NSA) violated human rights charter, European court rules (Ars Technica) Privacy was violated at moment of collection, not when humans viewed data, ECHR rules.

America’s government is putting foreign cyber-spies in the dock (The Economist) Some of its own hackers are not pleased

Evolving Threats to the Homeland (House Homeland Security & Governmental Affairs Committee) Full committee hearing

Paul Manafort and special counsel reach plea agreement to avert second trial (San Diego Union Tribune) Paul Manafort, Trump's former campaign chairman, is in discussions over a potential plea to avert a second trial on a variety of charges.

Contractor gets prison for sabotaging Army computer program (Fifth Domain) An Atlanta man convicted of sabotaging a computer program housed on servers at an Army base in North Carolina has been sentenced to two years federal prison.

Blockchain hustler beats the house with smart contract hack (Naked Security) A hacker used their own code to tamper with a smart contract run by a betting company, and walked off with $24,000.

Review that! Fake TripAdvisor review peddler sent to jail (Naked Security) Jail time for fake reviews is “a landmark ruling for the Internet,” TripAdvisor said.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

FutureTech Expo (Dallas, Texas, USA, September 14 - 16, 2018) With over 2,000 expected attendees, 70 top-notch speakers and 100+ exhibitors from the Blockchain & Bitcoin, Artificial Intelligence, Cyber Security / Hacking, Quantum Computing, 3D Printing, and Virtual...

Insider Threat Program Development-Management Training Course (San Antonio, Texas, USA, September 17 - 18, 2018) Insider Threat Defense will hold its highly sought-after Insider Threat Program Development-Management Training Course, in San Antonio, Texas, on September 17-18, 2018. This two-day training course will...

International Consortium of Minority Cybersecurity Professionals (ICMCP) 3rd Annual National Conference (Atlanta, Georgia, USA, September 17 - 19, 2018) The International Consortium of Minority Cybersecurity Professionals (ICMCP) 3rd Annual National Conference continues to elevate the national dialogue on the very necessary strategic, tactical and operational...

Air Space & Cyber Conference (National Harbor, Maryland, USA, September 17 - 19, 2018) Gain new insights and skills to advance your career. Be among the first to see the latest innovations in airpower, space, and cyber capabilities all the while bonding with your fellow Airmen. Inspiring...

SecureWorld St. Louis (St. Louis, Missouri, USA, September 18 - 19, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

SINET Global Cybersecurity Innovation Summit (London, England, UK, September 18 - 19, 2018) SINET, an organization focused on advancing cybersecurity innovation through public-private collaboration, today announced that its annual Global Cybersecurity Innovation Summit (GCIS), will take place...

5th Annual Industrial Control Cyber Security USA (Sacramento, California, USA, September 18 - 19, 2018) Now in its 5th year, this two day executive forum will include presentations, roundtable working groups and panel sessions. Together we will address the escalating cyber risk and resilience challenges...

Security in our Connected World (Beijing, China, September 19, 2018) This year’s seminar will not only examine critical security technologies, such as the Trusted Execution Environment (TEE) and Secure Element (SE), but will also delve into their associated business and...

Detect 18 (National Harbor, Maryland, USA, September 19 - 21, 2018) Detect '18 is the single largest conference dedicated to threat intelligence. This year we're calling on fellow "Threatbusters" to wage a high-tech battle against apparitions (aka bad actors) and learn...

Cyber Beacon (Washington, DC, USA, September 20, 2018) Cyber Beacon is the flagship event of the National Defense University's College of Information and Cyberspace (NDU CIC). The conference brings together cyber experts from across the national security community,...

IT Security Leadership Exchange (Phoenix, Arizona, USA, September 23 - 25, 2018) IT Security Leadership Exchange is an invitation-only, strategic business summit that gathers Chief Information Security Officers (CISOs), senior decision-makers, and industry experts to address the unique...

Global Security Exchange (Las Vegas, Nevada, USA, September 23 - 27, 2018) Global Security Exchange—formerly the ASIS Annual Seminar and Exhibits—delivers new opportunities to exchange key ideas and best practices, expand global connections, and experience innovations. The GSX...

Merging of Cyber Criminal and Nation State Techniques: A Look at the Lazarus Group (Loudon, Virginia, USA, September 24, 2018) This presentation on North Korea's Lazarus Group as a case study of the convergence of organized cyber crime and nation-state intelligence services will be led by Allan Liska, a solutions architect at...

Connect Security World 2018 (Marseilles, France, September 24 - 26, 2018) While the number of IoT devices predicted by 2020 varies within tens of billions, all analysts agree that security is now the top concern of organizations looking at deploying IoT solutions. To address...

The Cyber Security Summit: New York (New York, New York, USA, September 25, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.