skip navigation

More signal. Less noise.

Optimize your security teams with threat intelligence.

At Recorded Future, we believe every security team can benefit from threat intelligence. That's why we've launched our new Threat Intelligence Grader — so you can quickly assess your organization's threat intelligence maturity and get best practices for improving it. Get your Threat Intelligence Score™.

Daily briefing.

Phorpiex/Trik, a botnet with some worm functionality, is brute-forcing ransomware through port 5900. It finds vulnerable Remote Desktop Protocol and Virtual Networking Computing servers and runs through lists of commonly used credentials to gain access. Researchers at SecurityScorecard say the payload is typically a GrandCrab ransomware variant. 

The holiday season isn't here yet, but it's not too early to begin thinking about retail security. Venafi is observing an unpleasant expanse of look-alike domains being registered with the apparent intent of duping online shoppers.

The US Secret Service is warning banks that there's an increase in ATM wiretapping attacks that involve drilling a small hole in an ATM, inserting the skimmer (often with an endoscope) and then covering the hole. 

The Port of San Diego continues to struggle with a ransomware infestation in its business systems.

A hacker in Taiwan named Chang Chi-yuan says he's going to obliterate Mark Zuckerberg's Facebook page this weekend, and that he's live-streaming the hack. He says he's a white hat and he may well be, but on the other hand he does seem to get himself sued from time to time.

In the first case of its kind, the US Securities and Exchange Commission is bringing an enforcement action against Voya Financial Advisors for poor cybersecurity.

After receiving some tough love from Ecuador's London embassy, Julian Assange has stepped down as the leader of Wikileaks. Spokesperson Kristinn Hrafnsson will take over. Mr. Assange is still in the embassy, but Ecuador's taken away his internet access.


Today's issue includes events affecting Australia, Bangladesh, China, Ecuador, Estonia, Russia, Singapore, Taiwan, Turkey, United Kingdom, United States.

A quick note of thanks to all of you, our readers. Today is the CyberWire's sixth anniversary. We began publishing on this day in 2012. A lot of you have been with us from the early days. Thanks for reading and sharing (and please do keep sharing with your friends, family, colleagues, frenemies, stakeholders, attorneys, intelligence services, etc.). We hope to keep seeing you for another six years at least, and we wish you all a full hackerweight of good fortune.

Is your company passionate about empowering women to succeed in the cyber security industry?

The CyberWire’s 5th Annual Women in Cyber Security reception is a networking event that highlights and celebrates the value and successes of women in the cyber security industry. Leaders from the private sector, academia, and government from across the region and at varying points on the career spectrum can connect with each other to strengthen relationships while building new ones. Consider sponsoring the event. Limited sponsorships are available. Visit our website to learn more.

In today's podcast, we talk with our partners at the University of Maryland, as Jonathan Katz reviews Bluetooth pairing protocol vulnerabilities. Our guest, Andrea Little Limbago from Endgame, offers thoughts on the Internet's effect on global conflict.

FireEye Cyber Defense Summit 2018 (Washington, DC, United States, October 1 - 4, 2018) Get trained by a FireEye expert at our annual Cyber Defense Summit. Training opportunities at this event offer attendees hands-on, small-group, interactive sessions with some of the most experienced FireEye cyber security experts.

CyberMaryland Job Fair on October 9 in Baltimore, MD. (Baltimore, Maryland, United States, October 9, 2018) Cleared and non-cleared cybersecurity pros make your next career move at the CyberMaryland Job Fair, October 9 in Baltimore. Meet leading cyber employers including Bank of America, FireEye, NSA, Raytheon, USCYBERCOM and more. Visit ClearedJobs.Net or for more details.

Dragos Industrial Security Conference (DISC) 11/5/18 (Hanover, Maryland, United States, November 5, 2018) Reserve your spot now for the Dragos Industrial Security Conference (DISC) on November 5th, 2018. DISC is a free, annual event for our customers, partners, and those from the ICS asset community. Visit for more information.

Cyber Attacks, Threats, and Vulnerabilities

With his internet cut off, Julian Assange steps down as editor of WikiLeaks (TechCrunch) WikiLeaks has a new top dog. Its contentious figurehead and founder, Julian Assange, will step aside, letting former WikiLeaks spokesperson Kristinn Hrafnsson take the reins due to what WikiLeaks calls “extraordinary circumstances” that have seen Assange “held incommunicado.”…

Russia’s Elite Hackers Have a Clever New Trick That's Very Hard to Fix (WIRED) For the first time, a so-called UEFI rootkit has been spotted in the wild. And it appears to come from Russia.

Phorpiex bots target remote access servers to deliver ransomware (Help Net Security) Threat actors are brute-forcing their way into enterprise endpoints - they target remote access servers in an attempt to spread the GandCrab ransomware.

Local-Privilege Escalation Flaw in Linux Kernel Allows Root Access (Threatpost) Researchers said the vulnerability "is very easy to exploit."

Venafi Retail Research: Will Holiday Shoppers be Duped By Look-alike Domains? (Venafi) Venafi research reveals dramatic explosion of illegitimate look-alike domains targeting online retail customers.

Secret Service Warns of Surge in ATM ‘Wiretapping’ Attacks (KrebsOnSecurity) The U.S. Secret Service is warning financial institutions about a recent uptick in a form of ATM skimming that involves cutting cupcake-sized holes in a cash machine and then using a combination of magnets and medical devices to siphon customer account data directly from the card reader inside the ATM.

Mobile password managers vulnerable to phishing apps (Naked Security) Several leading Android-based password managers can be fooled into auto-filling login credentials on behalf of fake phishing apps.

SECURITY: Russian cybersecurity firm drew rare grid warning (E&E News) North American grid regulators share the U.S. government's misgivings about Moscow-based cybersecurity company Kaspersky Lab, according to a confidential alert sent to the power sector last year.

200,000+ MikroTik routers worldwide have been compromised to inject cryptojacking malware (Bad Packets Report) Over the last two months, the Bad Packets LLC team has been monitoring over 80 unique cryptojacking campaigns targeting vulnerable MikroTik routers. The latest statistics available from Censys and …

Sunny Cali goes ballistic, this ransomware is atrocious. Even our IT bill will be something quite ferocious (Register) Stay decrypted, San Diego

British Airways data theft demonstrates need for cross-site scripting restrictions (TechRepublic) A major airline suffered a data breach involving a cross-site scripting attack. Learn how it happened and how you can protect your organization.

COI on SingHealth cyber attack: Server accessed by hackers missed security updates for over a year (The Straits Times) A server exploited by hackers to reach SingHealth's critical system, leading to Singapore's worst data breach in June, had not received the necessary security software updates for more than a year.. Read more at

Hackers are finding creative ways to target connected medical devices (Help Net Security) Hackers are leveraging error messages from connected medical devices — including radiology, X-ray and other imaging systems — to gain valuable insights.

Someone on Capitol Hill just doxxed Republican Sens. Mike Lee, Orrin Hatch, and Lindsey Graham (Washington Examiner) Somebody working from a House of Representatives office is editing the Wikipedia pages of Republican senators to post what looks like their home addresses.

Hacker Says He'll Attempt to Wipe Out Mark Zuckerberg's Facebook Page—And You Can Watch It Live (Fortune) Self-professed bug bounty-hunter Chang Chi-yuan says he’ll live-stream the effort.

7 Most Prevalent Phishing Subject Lines (Dark Reading) The most popular subject lines crafted to trick targets into opening malicious messages, gleaned from thousands of phishing emails.

Why I’m done with Chrome (A Few Thoughts on Cryptographic Engineering) This blog is mainly reserved for cryptography, and I try to avoid filling it with random “someone is wrong on the Internet” posts. After all, that’s what Twitter is for! But from …

Cyber Trends

Attack Automation and Spray and Pray Posing Bigger Cyber Threat to Organisations (Computer Business Review) Alert Logic took into account over a quarter million verified security incidents from April 2017 June 2018 for the Critical Watch Report 2018.

An investigation into how cyber ready businesses really are (Help Net Security) The more cyber ready a business becomes, the better its overall business outcomes. Vodafone’s Cyber Ready Barometer notes 48% of cyber ready businesses


'I bought my house with hacking': Meet the ethical hackers getting rich at their keyboards (The Telegraph) At just 15, Ibram Marzouk bought his parents a house with money made finding bugs in websites.

WhatsApp cofounder: “I sold my users’ privacy” (Naked Security) Regretful WhatsApp cofounder Brian Acton has joined the ranks of the Silicon Valley mea-culpa-rati.

SolarWinds, Continuum: Similar Owners, Different MSP Security Strategies (ChannelE2E) SolarWinds MSP & Continuum, both backed by Thoma Bravo private equity, each outline strategies to help MSPs & MSSPs with security operations centers (SOCs). The similarities end there.

Multiven Celebrates €15 Million in ICO Pre-sale Milestone (Markets Insider) PARIS, September 26, 2018 /PRNewswire/ --Multiven, the developer of the world's first blockchain-based marketplace for the global Information Technology (IT...

NetDiligence Announces Strategic Alliance With InfoArmor (PRNewswire) Adds advanced threat intelligence to NetDiligence services

Veriato Names Pete Nourse as CMO (PRNewswire) Veriato, an innovator in actionable user behavior analytics and a global leader in user activity monitoring, has named Pete Nourse as Chief Marketing Officer. Nourse is responsible for Veriato's global marketing initiatives.

Ex-Skyhigh Networks Exec Named CEO Of Container Security Startup (CRN) New StackRox CEO Kamal Shah wants to make sure solution providers can not only handle product fulfillment, but also provide customers with expertise and services through the container deployment and rollout process.

Products, Services, and Solutions

New infosec products of the week​: September 28, 2018 (Help Net Security) Chronicle announces VirusTotal Enterprise with greater search and analysis capabilities Chronicle, the cybersecurity subsidiary of Google’s parent company

London-based bank touts safety of new online safety deposit box (The London Free Press) CEO asks London business community spread word of bank’s success

Rsam and Edwards Performance Solutions Partner to Improve Information Assurance and Cybersecurity for Small and Medium Enterprises (Rsam) Rsam, a leader in Governance, Risk Management and Compliance (GRC) solutions and Edwards Performance Solutions today announced a partnership to bring enterprise-caliber cybersecurity risk and compliance capabilities to small and medium organizations.

Microsoft Threat Protection Bundles Multiple Enterprise Security Solutions (Redmondmag) Microsoft Threat Protection, a newly assembled bundle of security solutions for enterprise organizations, was announced this week as part of the ongoing Microsoft Ignite event.

Lockpath Reveals New Risk Management Platform (Database Trends and Applications) Lockpath, a provider of integrated risk management solutions, unveiled a new risk management platform for configuration assessment and asset discovery. The product, Blacklight, allows customers to identify and assess configuration anomalies while maintaining a complete and accurate asset inventory.

Technologies, Techniques, and Standards

Homeland Security Wrestles with Defending a Disappearing Network Perimeter ( Homeland Security and administration officials are working on an update to the Trusted Internet Connection policy and keeping it tech-agnostic.

Analysis | The Cybersecurity 202: Def Con researchers came to Washington to poke holes in voting machine security (Washington Post) They showcased their new report.

Defcon Voting Village report: bug in one system could “flip Electoral College” (Ars Technica) High-speed tabulator vulnerable to remote attacks, and that's only part of the problem.

Vulnerabilities and architectural considerations in industrial control systems (Help Net Security) The reason SCADA security is so controversial stems primarily from the intense consequences that come from a compromise in this area. In this podcast,

Cryptojacking – coming to a server-laptop-phone near you (and how to stop it) (Naked Security) Cryptomining apps were banned from the Play Store some time ago – but that hasn’t stopped the crooks getting cryptojackers past Google…

Connected car security is improving, researchers say (Help Net Security) The automotive industry has apparently stepped up their game when it comes to improving connected car security, IOActive researchers have found.

10 Tactics For Teaching Cybersecurity Best Practices To Your Whole Company (Forbes) It's not just your tech team that needs to be well-versed in cybersecurity.

Michael Dell: It’s Prime Time For Public Cloud Repatriation (CRN) "Some big shops are giving us numbers that they've spent in the public cloud that are just astronomical," said Craig Manahan, practice manager at RoundTower Technologies.

Data breach risks and prevention for small businesses (TGDaily) 43% of all UK businesses suffered a data breach or attack in the 12 months between April 2017 and April 2018

How Data Security Improves When You Engage Employees in the Process (Dark Reading) When it comes to protecting information, we can all do better. But encouraging a can-do attitude goes a long way toward discouraging users' risky behaviors.

Design and Innovation

Hey Facebook: Quit discouraging people from using 2FA (CSO Online) Facebook is spying on user 2FA phone numbers to target them with ads. A non-trivial percentage of Facebook users will not use two-factor authentication as a result, a net loss to security.

Finally, a fix for the encrypted web’s Achilles’ heel (Naked Security) Everyone knew that SNI needed to be fixed sooner or later, but nobody was quite sure how.

How Egress is doing away with usernames and passwords, and making security frictionless (Computing) Tony Pepper, CEO of Egress, explains what he's doing to make security a help rather than a hindrance, and how his organisation is finding success at the highest levels of government

HMRC's successful blockchain proof-of-concept: the technology's the easy part (Computing) Initial trials 'very successful' says platform architect Richard Mander, but mind the policy gap

Blockchain update: Nick Szabo, inventor of the smart contract, on its evolution (Computing) Smart contracts will be negotiable and customisable,

Legislation, Policy, and Regulation

PM to world leaders: Show strong political resolve to secure cyberspace (Dhaka Tribune) 'Cooperation on cybersecurity between all nations is integral, as the misuse of cyberspace can pose a threat to international peace'

Turkish watchdog RTÜK set to censor internet platforms (Ahval) A by-law which will allow for Turkey’s state-run broadcasting watchdog to censor all internet broadcasting platforms has been approved, left-wing Evrensel daily reported.

The UK is an easy target for cyber-attackers — we must reboot our defences (Evening Standard) It all started with a statue. In late April 2007 the government in Estonia proposed to remove a controversial Soviet war memorial from the capital city Tallinn. Vladimir Putin wasn’t happy about this — it was yet more proof that the tiny country was turning away from Russia and towards the West. What happened next marked a new era in international relations.  On April 27 Estonia was hit by a powerful cyber-attack — the first example of such state-sponsored aggression in history. 

Trump's election meddling charge against China marks U.S. pressure... (Reuters) President Donald Trump’s accusation of Chinese meddling in upcoming U.S. election...

Trump Accuses China of Meddling in Midterms. It's All About Trade. (Atlantic Council) US President Donald J. Trump accused China of attempting to interfere in the US midterm elections in November at a meeting of the United Nations Security Council (UNSC) in New York on September 26. China does “not want me or [the Republicans] to...

Election Security is National Security (The Cipher Brief) Rob Joyce, Senior Advisor for Cyber Strategy at the National Security Agency writes about election security for The Cipher Brief

A Key to DoD’s Updated Cyber Strategy is at Grassroots (Meritalk) The Department of Defense’s release last week of its upgraded cyber strategy understandably drew attention for its focus on the threats from China and Russia in a re-emerging, artificial intelligence-fueled great power competition reminiscent of the Cold War.

Mattis predicts DoD will one day offer cyber protection to private sector (Fifth Domain) The top Pentagon official is predicting that the US government will offer cyber protection to the private sector and even individuals in light of technological advances.

Cyber Force Fights Training Shortfalls: NSA, IONs, & RIOT (Breaking Defense) The military’s new cyberspace force is working to overcome recruiting and retention shortfalls, training bottlenecks, and its dependence on the National Security Agency, officials told the Senate Armed Services Committee yesterday..

DOE Modernization: The Office of Cybersecurity, Energy Security, and Emergency Response - Energy and Commerce Committee (Energy and Commerce Committee) Subcommittee on EnergyMeeting Date: Thursday, September 27, 2018 10:15 AM 2322 RHOB

Schatz, Gardner Introduce Legislation To Improve Federal Government's Use Of Artificial Intelligence (Brian Schatz, US Senator for Hawai'i) The official U.S. Senate website of Senator Brian Schatz of Hawaii

NSW govt's first cyber security strategy emerges (CRN Australia) Promises to introduce mandatory incident reporting.

Litigation, Investigation, and Law Enforcement

Dems want briefing on Trump claims of Chinese election meddling (TheHill) Democrats on the House Intelligence Committee have requested a briefing on President Trump’s accusations that China has tried to interfere in the midterm elections.

House Judiciary panel subpoenas McCabe memos, Page surveillance documents (Washington Post) The committee demanded the Justice Department turn over memos that depict the deputy attorney general suggesting recording President Trump.

Google CEO Sundar Pichai will reportedly meet with Republican lawmakers this week (TechCrunch) Google CEO Sundar Pichai will meet in private with Republican lawmakers on Friday to discuss issues including its work in China and alleged political bias, reports the Wall Street Journal. The meeting was organized by House Majority leader Kevin McCarthy, who has accused Google of “controllin…

SEC Charges Firm With Deficient Cybersecurity Procedures (US Securities and Exchange Commission) The Securities and Exchange Commission today announced that a Des Moines-based broker-dealer and investment adviser has agreed to pay $1 million to settle charges related to its failures in cybersecurity policies and procedures surrounding a cyber intrusion that compromised personal information of thousands of customers.

Here is the SEC complaint against Elon Musk and Tesla (TechCrunch) Update: There’s a live stream of the SEC press conference detailing the complaint: The Securities and Exchange Commission lodged a complaint today against Elon Musk following tweets sent last month by the CEO involving a planned private takeover of the electric car company at $420 a share. Th…

Elon Musk faces possible exit from Tesla after SEC sues over tweets (San Diego Unio Ttribune) he Securities and Exchange Commission sued Elon Musk on Thursday, alleging that the Tesla chief's tweets about taking the electric-car company private at $420 a share were “false and misleading” — and asking the court to, in effect, force Musk out of Tesla’s leadership.

SEC’s Musk Lawsuit Highlights Dangers of Social Media Disclosures (Wall Street Journal) A Securities and Exchange Commission lawsuit against Tesla CEO Elon Musk highlights the compliance challenges companies face in an era of informal, immediate social media discourse.

Estonia sues Gemalto for 152 mln euros over ID card flaws (Reuters) Estonian police are seeking to recover 152 million euros ($178 mln) in a lawsuit...

Robocallers slapped with huge fines for using spoofed phone numbers (Naked Security) One poor woman whose phone number was hijacked by robocallers got several calls a day from irate consumers who thought she was trying to market to them.

Did the NSA snoop on Utahns during the 2002 Games? An attorney drops his lawsuit, says we’ll never find out. (The Salt Lake Tribune) A federal judge Thursday tossed a lawsuit filed by Utahns who allege the government used “blanket” warrantless surveillance of Salt Lake City-area residents and visitors during the 2002 Winter Olympics.

Australian teen who hacked into Apple and stole 90 GB of files avoids jail (The State of Security) An Australian teenager who hacked into Apple's network on multiple occasions over several months, and stole sensitive files, has been told that he will not be imprisoned.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

FAIRCON18 (Pittsburgh, Pennsylvania, USA, October 16 - 17, 2018) Hosted by the FAIR Institute and Carnegie Mellon University’s Software Engineering Institute (SEI) and the Heinz College of Information Systems and Public Policy, the 2018 FAIR Conference brings leaders...

Women in CyberSecurity (WiCyS) Conference (Pittsburgh, Pennsylvania, USA, March 28 - 30, 2019) The WiCyS Conference brings together women in cybersecurity from academia, research, government, and industry to share knowledge, experience, networking, and mentoring. The event's goal is to broaden participation...

Upcoming Events

COSAC & SABSA World Congress (Kildare, Ireland, September 30 - October 4, 2018) For 25 years COSAC has delivered a trusted environment in which to deliver information security value from shared experience and intensive, productive, participative debate and development. Sales content...

Monterey Cyber Security Workshop 2018 (Pacific Grove, California, USA, October 1 - 2, 2018) People with special expertise interested in making progress on the subjects at hand meet at the Monterey Incubator for a workshop to build an understanding of vital issues of the day. The workshop follows...

Cyber Defense Summit 2018 (Washington, DC, USA, October 1 - 4, 2018) FireEye's annual Cyber Defense Summit will feature both training and an opportunity to hear from the experts. Introductory, intermediate and advanced training courses will be provided during the first...

Retail Cyber Intelligence Summit (Denver, Colorado, USA, October 2 - 3, 2018) Network with 250+ CISOs and their teams from retail and consumer facing industries: restaurants, hospitality, gaming, convenience, grocery and more. Share best practices, gain insights, network. This conference...

IP Expo Europe (London, England, UK, October 3 - 4, 2018) IP EXPO Europe is Europe's number ONE IT event for those looking to find out how the latest IT innovations can drive their business forward. IP EXPO Europe is co-located at Digital Transformation EXPO...

Borderless Cyber USA 2018 (Washington, DC, USA, October 3 - 5, 2018) How do you future proof your cybersecurity strategy? Can you identify and report cyber incidences so you can respond quickly to manage consequences? Public and private sector cyber experts from across...

Borderless Cyber USA (Washington, DC, USA, October 3 - 5, 2018) Automation, people, information sharing, intelligence, risk and the economics of risk have been identified as key cybersecurity strategy measures to focus on in order to keep pace with modern threats.

MSPWorld® Peer Group & Data Analytics Summit (Las Vegas, Nevada, USA, October 4 - 5, 2018) The MSPWorld® Peer Group & Data Analytics Summit is a revolutionary new concept for the managed services executive. Accessible only by MSPs, this conference will focus on small, peer lead groups exchanging...

4th International Cybersecurity Forum, HackIT 4.0: Exploit Blockchain (Kiev, Ukraine, October 8, 2018) The 4th International Cybersecurity Forum, HackIT 4.0: Exploit Blockchain will be held October 8 – 11, CEC Parkovy, Kyiv, Ukraine. The annual Hacken Cup – the onsite bug bounty marathon – happens on October...

4th European Cybersecurity Forum – CYBERSEC (Krakow, Poland, October 8 - 9, 2018) CYBERSEC Forum is an unique opportunity to meet and discuss the current issues of cyber disruption and ever-changing landscape of cybersecurity related threats. Our mission is to foster the building of...

4th European Cybersecurity Forum – CYBERSEC (Krakow, Poland, October 8 - 9, 2018) CYBERSEC is a public policy conference dedicated to strategic aspects of cyberspace and cybersecurity. CYBERSEC 2017 brought together record-breaking 150 speakers and more than 1,000 delegates from all...

8th Annual (ISC)2 Security Congress (New Orleans, Louisiana, USA, October 8 - 10, 2018) The (ISC)2 Security Congress brings together the sharpest minds in cyber and information security for over 100 educational sessions covering 17 tracks. Join us to learn from the experts, share best practices,...

CyberMaryland 2018 (Baltimore, Maryland, USA, October 9 - 10, 2018) The CyberMaryland Conference is an annual two-day event presented jointly by The National Cyber Security Hall of Fame and Federal Business Council (FBC) in conjunction with academia, government and private...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.