skip navigation

More signal. Less noise.

2017 cyberattacks proved more numerous, sophisticated, and ruthless than in years past.

WannaCry, NotPetya, ransomware-as-a-service, and fileless attacks abounded. And, that’s not everything. The victims of cybercrime ranged from private businesses to the fundamental practices of democracy. Read The Cylance Threat Report: 2017 Year in Review Report and learn about the threat trends and malware families their customers faced in 2017.

Daily briefing.

Citizen Lab has another report out on Pegasus spyware, NSO Group's lawful intercept product. They've found the tool in use in at least forty-five countries. Their scans aren't entirely clear—it's difficult to distinguish targets from users, for example—but Pegasus seems to be in widespread use. Observers note that while some of the regimes who employ the tool do so with lawful restraint, other, more repressive governments make more indiscriminate use of it.

Arbor’s Security Engineering & Response Team (ASERT) reports finding spearphishing emails targeting senior officials in Bahrain. They regard the campaign as similar to an OilRig distribution of the Bondupdater Trojan, discovered by Palo Alto Networks' Unit 42. OilRig is associated with the Iranian government.

Tenable has found a zero-day they're calling "Peekaboo" in the NUUO software widely used in networked video surveillance cameras. They think upwards of 100 brands and 2,500 different models of camera could be vulnerable. Exploitation of the flaw could yield access to the control management system, expose credentials for connected video cameras, and permit both disconnection of live feeds and image tampering. NUUO says a patch is being developed, and that in the meantime users should take steps to limit access to NUUO NVRMini2 deployments.

The theft of intellectual property from universities by hackers linked by SecureWorks researchers to Iran's government looks oddly like petty larceny. Papers are going for as little as £2 ($2.63) on WhatsApp.

Both major US political parties are working on a modus vivendi to control data abuse.

Notes.

Today's issue includes events affecting Algeria, Australia, Bahrain, Bangladesh, Brazil, Canada, China, Cote d’Ivoire, Egypt, France, Greece, India, Iraq, Israel, Japan, Jordan, Kazakhstan, Kenya, Kuwait, Kyrgyzstan, Latvia, Lebanon, Libya, Macedonia, Mexico, Morocco, Netherlands, Oman, Pakistan, Palestine, Poland, Qatar, Russia, Rwanda, Saudi Arabia, Singapore, South Africa, Switzerland, Tajikistan, Thailand, Togo, Tunisia, Turkey, Uganda, United Arab Emirates, United Kingdom, United States, Uzbekistan, Yemen, and Zambia.

Yesterday’s Scorecard Won’t Protect Your From Tomorrow’s Breach

With 56% of global organizations experiencing third party breaches, it’s no surprise that third party risk is the hottest cybersecurity topic. Threat actors will continue to target third parties as long as their vulnerabilities go unchecked. You need a 24x7x365 monitoring solution. Read LookingGlass’ eBook to learn how to build a successful third party risk program, so your organization isn’t left relying on old data to protect your employees, customers, and brand.

In today's podcast, we talk with our partners at Webroot, as David Dufour delivers a primer on quantum computing. Our guest is Sam Bisbee from Threat Stack on AWS breaches.

And you may also be interested in Recorded Future's podcast, produced in cooperation with the CyberWire. In this episode, Allan Liska takes a look at the last several months and thinks there may be reason to believe concerns about a GDPR-pumped rise in spam may not have panned out.

The force is stronger when MSPs and MSSPs come together. (Webinar, September 19, 2018) The managed service market has grown tremendously, with the demand for managed security being unprecedented. For managed service providers (MSPs) looking to answer those demands, partnering with a managed security services provider (MSSP) expands access to highly-skilled cyber security analysts and a full suite of security solutions. Join Delta Risk’s webinar, September 19 at 1 PM ET, to learn how the two sides can join forces.

The Browser Can Win and Lose Midterm Elections (Washington, DC, United States, September 20, 2018) Join Authentic8 in DC for a happy hour and appetizers. Come learn how a browser can be tracked and used for campaign targeting, what technical hurdles are in the current campaign targeting landscape, and how you can protect yourself.

Cyber Security Summits: September 25 in NYC on October 16 in Phoenix (New York, New York, United States, September 25, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, The NSA, Google, IBM, Darktrace, CenturyLink and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com

FireEye Cyber Defense Summit 2018 (Washington, DC, United States, October 1 - 4, 2018) Get trained by a FireEye expert at our annual Cyber Defense Summit. Training opportunities at this event offer attendees hands-on, small-group, interactive sessions with some of the most experienced FireEye cyber security experts.

Dragos Industrial Security Conference (DISC) 11/5/18 (Hanover, Maryland, United States, November 5, 2018) Reserve your spot now for the Dragos Industrial Security Conference (DISC) on November 5th, 2018. DISC is a free, annual event for our customers, partners, and those from the ICS asset community. Visit https://dragos.com/disc/ for more information.

Cyber Attacks, Threats, and Vulnerabilities

Hackers selling research phished from universities on WhatsApp (Naked Security) Millions of documents have been stolen from top UK universities and are being sold over WhatsApp for as little as £2.

Tunneling Under the Sands (Arbor Networks Threat Intelligence) Executive Summary ASERT recently came across spear-phishing emails targeting the Office of the First Deputy Prime Minister of Bahrain. A similar campaign uncovered by Palo Alto’s Unit 42 found the activity distributing an updated variant of BONDUPDATER, a PowerShell-based Trojan, which they attribute to Iranian APT

Cyber Sleuths Find Traces of Infamous iPhone and Android Spyware ‘Pegasus’ in 45 Countries (Motherboard) A new report by digital human rights researchers reveals that the infamous spyware Pegasus, made by NSO Group, has traces in 45 countries around the world, including the United States.

HIDE AND SEEK: Tracking NSO Group’s Pegasus Spyware to Operations in 45 Countries (The Citizen Lab) In this post, we develop new Internet scanning techniques to identify 45 countries in which operators of NSO Group’s Pegasus spyware may be conducting operations.

Mattis condemns Russian influence-peddling in Macedonia (Military Times) U.S. plans to expand its cooperation with Macedonia, defense secretary says.

State Department email breach exposed employees' personal information (POLITICO) The department has convened a task force to examine the breach.

Tenable Research Discovers “Peekaboo” Zero-Day Vulnerability in Global Video Surveillance Software (Tenable™) The vulnerability, which could affect up to hundreds of thousands of cameras worldwide, would allow cybercriminals to view and tamper with video surveillance footage

Wielding EternalBlue, Hackers Hit Major US Business (BankInfo Security) Attack code known as EternalBlue, designed to exploit a Windows SMB flaw, continues to work for attackers despite Microsoft having issued patches more than a year

Why the 'fixed' Windows EternalBlue exploit won't die (ZDNet) Cryptojacking, endless infection loops, and more are ensuring that the leaked NSA tool continues to disrupt the enterprise worldwide.

Old WordPress Plugin Being Exploited in RCE Attacks (Threatpost) Old instances of the popular WordPress Duplicator Plugin are leaving sites open to remote code execution attacks.

New Xbash Malware a Cocktail of Malicious Functions (Dark Reading) The new malware tool targeting Windows and Linux systems combines cryptomining, ransomware, botnet, and self-propagation capabilities.

Zero-Day Bug Allows Hackers to Access CCTV Surveillance Cameras (Threatpost) Firmware used in up to 800,000 CCTV cameras open to attack thanks to buffer overflow zero-day bug.

GovPayNow.com Leaks 14M+ Records (KrebsOnSecurity) Government Payment Service Inc. — a company used by thousands of U.S. state and local governments to accept online payments for everything from traffic citations and licensing fees to bail payments and court-ordered fines — has leaked more than 14 million customer records dating back at least six years, including names, addresses, phone numbers and the last four digits of the payer’s credit card.

RDP Access to Hacked Servers Still a Thriving Business on Deep & Dark Web (Flashpoint) Deep & Dark Web markets selling remote desktop protocol (RDP) access to hacked servers or tools that scan for and brute-force these instances continue to thrive for a number of reasons.

State Actor Cyber Reports Overshadow the Extensive Threat of Cyber Crime (CyberDB) There has been recent focus on alleged Iran cyber activity the past few weeks, spurned on by the publication of a vendor report on Iranian operations.

Cyber criminals try swiping email logins and bank data in single HRMC phishing scam (IT PRO) The hackers ask for every piece of your personal data including name, address, mother's maiden name bank and card details

Data centers have been damaged and they are not being adequately cyber secured (Control Global) The common thread between Aurora and the UPS attacks are that systems that were designed to protect mission critical systems have been co-opted to be used as attack vectors against the very systems they were meant to protect...

Hardware Security Revisited (Infosecurity Magazine) Hardware is no less vulnerable to attack than any other system because hardware is an often overlooked piece of the security puzzle.

Security Patches, Mitigations, and Software Updates

Safari & Firefox browser to block user data tracking with new security add-ons (HackRead) Follow us on Twitter @HackRead

Cyber Trends

Awareness and tendency towards risky online behavior (Help Net Security) ​Spanning Cloud Apps announced the results of a survey of U.S. employees on their awareness of and tendency towards risky online behavior.

Analysis | The Cybersecurity 202: A new poll shows voter views on election security largely line up with experts' positions (Washington Post) It's an encouraging snapshot ahead of the midterms.

Hackers as Heroes: How Ethical Hacking is Changing the Industry (Infosecurity Magazine) Hackers are often portrayed in movies as outsiders who use their computer skills to inflict harm and commit crime.

Marketplace

Insurance experts expect higher cyber-related losses (Help Net Security) Insurance companies are expecting increased cyber-related losses across all business lines over the next 12-months, according to Willis Towers Watson.

Facebook Broadens Its Bug Bounty to Help Fix Third-Party Apps (WIRED) Starting Monday, Facebook will pay at least $500 to researchers who spot third-party apps behaving badly on its platform.

SCYTHE Secures $3 Million in Initial Financing Round Led by Gula Tech Adventures (BusinessWire) Advanced attack simulation platform provider SCYTHE Inc. announced today that the company has raised an initial $3 million led by Gula Tech Adventures

Deloitte to Help Fuel Innovation in Government Through New Collaboration With Dcode (PRNewswire) Deloitte to assist with Dcode's growth of startup ecosystem, focus on information security and new space cohort

Can Senseon beat Darktrace at its own game? (ComputerworldUK) A breakaway company from British cyber security darlings Darktrace called Senseon claims it is plugging a gap in the infosec market that's sorely lacking

Products, Services, and Solutions

Covata Announces General Availability of SafeShare for ITAR (BusinessWire) Covata Limited, a data-centric security provider for on-premises and cloud unstructured data, today announced the general availability of SafeShare fo

CrowdStrike and Secureworks Form Strategic Partnership to Integrate Secureworks’ Red Cloak™ Behavioral Analytics with CrowdStrike’s Endpoint Protection Platform (BusinessWire) CrowdStrike® Inc. and Secureworks® partner to bring a new level of advanced endpoint threat detection and response to the marketplace.

5nine Announces Major Platform Enhancements to Help Microsoft Hybrid Cloud Users Strengthen Their Cloud Infrastructure (PRWeb) 5nine a provider of security and management solutions for the Microsoft Cloud, today announced major enhancements to its 5nine Unified platform, t

F-Secure TOTAL Expands to Protect You, Your Devices and Your Home (Global Security Mag Online) The era of protecting everything that goes online is here. F-Secure TOTAL has been expanded to provide premium cyber security to anyone who uses the internet, their devices and their homes.

InfoSec Global and WolfSSL Collaborate to Deliver the Industries first Quantum Safe, Agile TLS solution for IoT (Markets Insider) InfoSec Global (ISG) and WolfSSL today announced a collaboration that delivers ISG's crypto agility in WolfSSL ...

Quest enhances KACE SMA to meet demands of endpoint environments (Help Net Security) Quest Software KACE SMA 9.0 makes it easier for IT administrators to manage network-attached devices - from PCs, printers to IoT and mobile devices.

Cryptomathic supports Deutsche Post Qualified Electronic Signatures (Global Security Mag Online) Deutsche Post has entered the era of end-to-end digitalization by extending its Postident digital identity management services with Qualified Electronic Signatures (QES), enabling their clients to conduct all their business entirely online, with enhanced security and privacy and in full compliance with the eIDAS regulation.

Ava Group Company Solution Protects Major Military Closed Data Network From Threat Of Tampering And Tapping (Security Informed) Ava Group a provider of risk management services and technologies, announces that an Ava Group Company solution has been selected to protect a major military closed data network from the threat of...

Free Cyber Security Course Offered To Sudbury Residents (Sudbury, MA Patch) All Sudbury residents are welcome, and encouraged, to take this free cyber security class.

Cloudflare’s new ‘one-click’ DNSSEC setup will make it far more difficult to spoof websites (TechCrunch) Bad news first: the internet is broken for a while. The good news is that Cloudflare thinks it can make it slightly less broken. With “the click of one button,” the networking giant said Tuesday, its users can now switch on DNSSEC in their dashboard. In doing so, Cloudflare hopes it rem…

Bandura Receives First-Class Rating from SC Magazine (BusinessWire) Bandura was awarded 4.75 out of 5 stars by SC Magazine’s lab team during an independent review.

Technologies, Techniques, and Standards

Symantec offers free anti-spoofing services to US political campaigns and election groups (TechCrunch) Symantec is the latest private security company to offer its expertise to vulnerable political targets on the house. Today the company announced that it would extend its “Project Dolphin” service (dolphins eat phish, get it?) to political campaigns, candidates and election officials, al…

Subverting Democracy: How Cyber Attackers Try to Hack the Vote (Symantec) Everything you need to know about APT28 and APT29, the attackers that attempted to influence the U.S. presidential election.

Data Firms Team up to Prevent the Next Cambridge Analytica Scandal (WIRED) A new working group of Republican and Democratic firms is writing rules for their industry amid mounting scrutiny and consumer privacy concerns.

How to create a Hall of Fame caliber cybersecurity playbook (Help Net Security) SOC teams need to have something tangible they can consult based on available information. So, what exactly goes into the ideal cybersecurity playbook?

​Five computer security questions you must be able to answer right now (ZDNet) If you can't answer these basic questions, your security could be at risk.

You cannot keep ahead of future attacks without machine-speed response times, says Splunk (iT Wire) Automated responses to attacks on IT systems are the only way to stay ahead of those with malicious intentions, according to a senior official from&nb...

Using Certificate Transparency as an Attack / Defense Tool (SANS Internet Storm Center) Certificate Transparency is a program that we've all heard about, but might not have had direct contact with.

Design and Innovation

Don't Trust Artificial Intelligence? Time To Open The AI 'Black Box' (Forbes) Despite its promise, the growing field of Artificial Intelligence (AI) is experiencing a variety of growing pains. In addition to the problem of bias, there is also the ‘black box’ problem: if people don’t know how AI comes up with its decisions, they won’t trust it.

A.I. May Have Written This Article. But Is That Such a Bad Thing? (Forbes) Imagine how productive Woodward and Bernstein might have been if only they had robots to write their articles for the The Washington Post. With a little A.I. on their side, they might have taken down Nixon in days instead of years.

Cybersecurity decisions that can’t be automated (CSO Online) Encourage those inside and outside your team to identify and challenge daily assumptions in order to adapt to change, think differently and make smarter, faster security related decisions.

Research and Development

Congress’s Quantum Science Bill May Not Keep the US Military Ahead of China (Defense One) China aims to “leapfrog” US military in 10 years with unhackable computers and stealth-defeating radar.

Cryptocurrency researchers ask for XMR donations to secure Monero wallets (Hard Fork | The Next Web) Researchers are seeking $9,000 per month, each, in order to continue assisting in making critical developments to the Monero blockchain.

Legislation, Policy, and Regulation

China cries foul over move to block Huawei (The Australian) A leading Chinese academic has accused Canberra of violating the Law of the Sea treaty when it moved to block Chinese telecommunications company Huawei from building an undersea cable from the Solomon Islands to Australia.

Rogue states which hack into rival governments must be hauled before global courts, Lib Dems demand (The Sun) Rogue states who launch cyber attacks must face sanctions under new international laws, a senior Lib Dem has revealed. A global treaty must be set up to limit new technology such as modern warfare,…

Trump Eases Cyber Ops, But Safeguards Remain: Joint Staff (Breaking Defense) Fast doesn’t meant out of control. Brig. Gen. Grynkewich took pains to emphasize that civilian oversight remains intact and the Pentagon’s role will be rigorously defined under the new National Security Presidential Memorandum NSPM-13.

New cyber authority could make ‘all the difference in the world’ (Fifth Domain) Under a new policy, known as National Security Presidential Memorandum 13, the president can delegate certain cyber authorities to the Secretary of Defense for particular missions.

Think Tank: Urgent Oversight Needed for Police AI Use (Infosecurity Magazine) Think Tank: Urgent Oversight Needed for Police AI Use. RUSI says regulatory framework is essential

Litigation, Investigation, and Law Enforcement

Deterrence or waste of time? Experts at odds over DOJ's actions on North Korea - CyberScoop (Cyberscoop) There's a rift among legal and cybersecurity experts over the way in which government handled the recent complaint against North Korea.

You Didn’t Think the Sony Saga Was Over, Did You? (Risk Based Security) On November 24th, 2014 a Reddit post appeared stating that Sony Pictures had been breached and that their complete internal network, nationwide, had signs that the breach was carried out by a group calling themselves GOP, or The Guardians Of Peace.

Smirking Russians are now the butt of the joke (Times) Ah, the theories. The theories and the jokes. Last week, as you’ll know, the two Russian suspects accused of seeking to murder the former spy Sergei Skripal did a bizarre, hilarious interview on...

Judge to Georgia voting officials: You’re terrible at digital security (Ars Technica) "Advanced persistent threats… and ordinary hacking are unfortunately here to stay."

Altaba to settle lawsuits relating to Yahoo data breach for $47 million (TechCrunch) Altaba, the holding company of what Verizon left behind after its acquisition of Yahoo, said it has settled three ongoing legal cases relating to Yahoo’s previously disclosed data breaches. In a Monday filing with the Securities and Exchange Commission, the former web giant turned investment …

Why Russians Keep Visiting Mariia Butina in Prison (POLITICO Magazine) Take it from this former spook: It ain’t because they’re concerned about her well-being.

Lisa Page testimony: Collusion still unproven by time of Mueller's special counsel appointment (Fox News) More than nine months after the FBI opened its highly classified counterintelligence investigation into alleged coordination between the Trump campaign and Russia, FBI lawyer Lisa Page told a House committee that investigators still could not say whether there was collusion, according to a transcript of her recent closed-door deposition reviewed by Fox News.

NSA Must Give Up Info In Olympics Spy Suit, Attendees Say (Law360) A group of 2002 Winter Olympics attendees who claim they were spied on by the U.S. National Security Agency asked a Utah federal court to compel the agency to respond to their discovery requests, saying the NSA is hiding behind invalid state secret objections.

Government Can Spy on Journalists in the U.S. Using Invasive Foreign Intelligence Process (The Intercept) Newly released documents illuminate the little-known use of Foreign Intelligence Surveillance Court orders against journalists.

Government Gets Poor Marks Securing Students' Personal Info (Nextgov.com) The office isn’t effectively monitoring cyber protections after it shares student information, including with collection agencies.

WikiLeaks founder sought Russian visa in 2010, per AP report (Ars Technica) Internal documents leaked to AP include "Key Contacts" and an apparent escape plan.

91 “child friendly” Android apps accused of exploitation (Naked Security) New Mexico’s AG filed a lawsuit accusing a popular app maker, plus Google’s and Twitter’s ad platforms, of illegally collecting kids’ data.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

International Consortium of Minority Cybersecurity Professionals (ICMCP) 3rd Annual National Conference (Atlanta, Georgia, USA, September 17 - 19, 2018) The International Consortium of Minority Cybersecurity Professionals (ICMCP) 3rd Annual National Conference continues to elevate the national dialogue on the very necessary strategic, tactical and operational...

Air Space & Cyber Conference (National Harbor, Maryland, USA, September 17 - 19, 2018) Gain new insights and skills to advance your career. Be among the first to see the latest innovations in airpower, space, and cyber capabilities all the while bonding with your fellow Airmen. Inspiring...

SecureWorld St. Louis (St. Louis, Missouri, USA, September 18 - 19, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

SINET Global Cybersecurity Innovation Summit (London, England, UK, September 18 - 19, 2018) SINET, an organization focused on advancing cybersecurity innovation through public-private collaboration, today announced that its annual Global Cybersecurity Innovation Summit (GCIS), will take place...

5th Annual Industrial Control Cyber Security USA (Sacramento, California, USA, September 18 - 19, 2018) Now in its 5th year, this two day executive forum will include presentations, roundtable working groups and panel sessions. Together we will address the escalating cyber risk and resilience challenges...

Security in our Connected World (Beijing, China, September 19, 2018) This year’s seminar will not only examine critical security technologies, such as the Trusted Execution Environment (TEE) and Secure Element (SE), but will also delve into their associated business and...

Detect 18 (National Harbor, Maryland, USA, September 19 - 21, 2018) Detect '18 is the single largest conference dedicated to threat intelligence. This year we're calling on fellow "Threatbusters" to wage a high-tech battle against apparitions (aka bad actors) and learn...

Cyber Beacon (Washington, DC, USA, September 20, 2018) Cyber Beacon is the flagship event of the National Defense University's College of Information and Cyberspace (NDU CIC). The conference brings together cyber experts from across the national security community,...

IT Security Leadership Exchange (Phoenix, Arizona, USA, September 23 - 25, 2018) IT Security Leadership Exchange is an invitation-only, strategic business summit that gathers Chief Information Security Officers (CISOs), senior decision-makers, and industry experts to address the unique...

Global Security Exchange (Las Vegas, Nevada, USA, September 23 - 27, 2018) Global Security Exchange—formerly the ASIS Annual Seminar and Exhibits—delivers new opportunities to exchange key ideas and best practices, expand global connections, and experience innovations. The GSX...

Merging of Cyber Criminal and Nation State Techniques: A Look at the Lazarus Group (Loudon, Virginia, USA, September 24, 2018) This presentation on North Korea's Lazarus Group as a case study of the convergence of organized cyber crime and nation-state intelligence services will be led by Allan Liska, a solutions architect at...

Connect Security World 2018 (Marseilles, France, September 24 - 26, 2018) While the number of IoT devices predicted by 2020 varies within tens of billions, all analysts agree that security is now the top concern of organizations looking at deploying IoT solutions. To address...

The Cyber Security Summit: New York (New York, New York, USA, September 25, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.

5th Cyber Operations for National Defense Symposium (Washington, DC, USA, September 25 - 26, 2018) The 2018 Cyber Operations for National Defense Symposium will focus on the evolving nature of US Cyber policies and strategies. Cyber leaders from throughout the federal government will come together to...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.