skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

The discovery of lawful intercept tools concealed in apps available in Google Play may be on its way to becoming a major scandal in Italy. Threatpost reports that Google has removed the applications from its store. The twenty-five apps affected contained spyware that researchers believe may have been produced by Italian security company eSurv; as SecurityWeek notes, eSurv has been difficult to contact about the matter. Motherboard says that Italian prosecutors have opened an investigation into eSurv amid suspicion that the intercept tools were commissioned by the Italian government.

India's election season is in full swing, and according to the Wall Street Journal government attempts to restrain fake news have yielded disappointing results. Politically loaded hoaxes are rampant on WhatsApp, despite the Facebook subsidiary's attempts to control them. Much misinformation seems domestic in origin, pushed by rival parties.

The first round of Ukraine's presidential elections is over, with a runoff between front-runner Volodymyr Zelenskiy (television actor and political neophyte) and incumbent President Petro Poroshenko scheduled for April 21st. TASS is authorized to disclose that Russia may decline to recognize the election results, citing widespread fraud and intimidation. This seems more information operation than news; other observers saw no such problems.

Hacktivists of OpIsrael are expected to hit the Jewish state on Sunday in their annual protest against Israel, the Allgemeiner and other sources report.

Motherboard says that investigators retained by Jeff Bezos concluded that NSO Group hacked the Amazon founder on behalf of the Saudi government. NSO Group denies involvement.


Today's issue includes events affecting Canada, China, India, Israel, Italy, Bailiwick of Jersey, Russia, Syria, Ukraine, United Arab Emirates, United States.

A note to our readers: The CyberWire is a finalist in the Cybersecurity Association of Maryland's 2019 Awards, eligible to win the 2019 People's Choice Award, and we'd appreciate your support. Please vote for us here, and feel free to spread the word. The deadline for voting is 4:00 PM Eastern Time on April 11th. Thanks for your support.

Outsmarting Attackers with Deep Learning

Adversaries are creating new attacks at such a speed and volume that signature and sandbox-based threat detection can’t keep up. Deep learning can help. By exposing neural nets to threat data, deep learning can learn to identify malicious traffic, even zero days seen for the first time. But why are advances possible today? How does deep learning differ from machine learning? Where’s the best place to apply deep learning? Get the answers here.

In today's podcast, out later this afternoon, we speak with our partners at the University of Bristol, as Professor Awais Rashid discusses training people to work with cyber security complexity at scale. Our guest, Hank Thomas from Strategic Cyber Ventures, describes the current environment for VC funding in cyber security.

And Recorded Future's podcast, produced in cooperation with the CyberWire, is also up. This episode, "Questions to Ask When Shopping for Threat Intelligence," Brian Martin of Risk Based Security explains why companies shopping around for threat intelligence should be careful to ask the right questions.

Cyber Attacks, Threats, and Vulnerabilities

Fusion Center Report: Situational Awareness Ukraine Elections (EclecticIQ) EclecticIQ is a leader in collaborative Threat Intelligence Management. Empowering the Threat Analyst. Exchange intelligence based on STIX and TAXII.

Fake News Runs Wild on WhatsApp as India Elections Loom (Wall Street Journal) Viral fake news is lighting up Facebook’s WhatsApp messaging app as the world’s biggest democracy prepares for national elections in the coming weeks.

Exodus Android Spyware With Possible Links to Italian Government Analyzed (SecurityWeek) Android spyware known as Exodus has been found in more than 20 apps on Google Play Store. The malware is believed to have been developed by the Italian firm eSurv, which has commercial connections to the Italian government.

Google Play Italian Spyware Apps Infected Hundreds (Trheatpost) Google Play has removed 25 malicious apps that were downloading spyware, dubbed Exodus, onto victims' phones.

Netanyahu says ‘bots’ are real after news report finds campaign used social network to sway election (Washington Post) A nonprofit watchdog said hundreds of real and fake social media accounts were deployed to boost Israeli Prime Minister Benjamin Netanyahu’s election chances.

Israel Expected to be Hit by Annual Cyber Attack Next Week ( A keyboard. Photo: Wikimedia Commons. A major cyber attack on Israel is expected to take place on Sunday, April 7. …

Former NSA spies hacked BBC host, Al Jazeera chairman for UAE (Reuters) A team of former NSA cyber spies helped the United Arab Emirates break into the iPhones of at least 10 media figures, Reuters finds

Disrupt and discredit: Russia still has Ukrainian elections in sights (KyivPost) Exit polls from the first round of Ukraine’s presidential election, released late on March 31, seem to confirm what has long been believed: that no openly pro-Russian candidate has a chance to secure this Ukrainian presidency. But it doesn’t seem that will stop the Kremlin from having its voice heard, or from trying to have …

Kremlin Says Would Like to See Party of Peace in Power in Ukraine (Sputnik) Kremlin believes it is yet too early to comment on the results of the Ukrainian presidential election or congratulate any of the candidates on getting into the second round of the race, Kremlin Spokesman Dmitry Peskov said Monday.

Russia may not recognize Ukrainian presidential election results — senator (TASS) The final decision is to be made by Russian President Vladimir Putin

The big loser in Ukraine’s presidential election? Vladimir Putin (Los Angeles Times) Russian President Vladimir Putin wasn’t running in the Ukrainian presidential election. But he was by far the biggest loser of the night.

Russia accused of massive GPS spoofing campaign (Naked Security) Russia has been hijacking signals sent by Global Navigation Satellite Systems (GNSS) systems such as GPS, researchers claim.

Iran continues to be a major cyber threat to the Middle East (The National) Iranian hackers are linked to cyber attacks that targeted thousands of people at more than 200 companies globally

vxCrypter Is the First Ransomware to Delete Duplicate Files (BleepingComputer) The vxCrypter Ransomware could be the first ransomware infection that not only encrypts a victim's data, but also tidy's up their computer by deleting duplicate files.

vxCrypter Is the First Ransomware to Delete Duplicate Files (KnowBe4) vxCrypter Is the First Ransomware to Delete Duplicate Files

Cyber criminals using tactic to spread to other connected networks, research finds (TheHill) Cyber criminals who have infiltrated one group’s networks are increasingly using a tactic known as “island hopping” to enter other connected networks, security researchers warned Tuesday.

Attackers Store Malware in Hidden Directories of Compromised HTTPS Sites (SecurityWeek) Cybercriminals are utilizing hidden “well-known” directories of HTTPS sites to store and serve malicious payloads, Zscaler security researchers have discovered.

Serious Path Traversal Flaw Found in Kubernetes (SecurityWeek) Kubernetes vulnerability allows attackers to steal sensitive information from a user’s workstation or execute arbitrary code. Flaw exists due to an incomplete patch released last year.

Critical Flaw Allows Hackers to Take Control of PowerFlex AC Drives (SecurityWeek) Rockwell Automation’s Allen Bradley PowerFlex 525 AC drives are affected by a critical DoS vulnerability that allows hackers to gain control of devices.

Vulnerability Summary for the Week of March 25, 2019 (US-CERT) The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available. 

Android app warning over dodgy virus detectors that DON'T work – uninstall these apps now (The Sun) ANDROID phone owners are being warned to stay well away from a set of popular apps on the Google Play Store. Hundreds of dodgy antivirus apps have been flagged for providing a shocking lack of prot…

Full extent of cyberattack remains unknown for City of Albany (WTEN) The Mayor of Albany held a press conference Monday afternoon to discuss the ransomware cyberattack that hit the city over the weekend. 

New York Albany Capital Hit by Ransomware Attack (BleepingComputer) The City of Albany, the capital of the U.S. state of New York, was hit by a ransomware attack on March 30, with city officials working over the weekend to respond to the incident.

Security Patches, Mitigations, and Software Updates

VMware Patches Flaws Disclosed at Pwn2Own 2019 (SecurityWeek) Security updates released by VMware for its vCloud Director, ESXi, Workstation and Fusion products patch several vulnerabilities, including flaws disclosed recently at Pwn2Own 2019.

Boeing's software fix for the 737 Max needs more time (Quartz) The Federal Aviation Administration had originally said it would mandate airlines to deploy the software fix no later than April.

Cyber Trends

The Vulnerability Epidemic in Financial Services Mobile Apps (Arxan) Request a copy of "In Plain Sight: The Vulnerability Epidemic in Financial Mobile Apps" - new research by Aite Group on the state of financial services mobile app security.

Digital Enterprise Report: The How the World’s Largest Organizations Are Evolving with Technology (Okta) Welcome to Okta’s first Digital Enterprise Report, a survey of IT, Security, and Engineering decision makers from the world’s largest businesses.

The 2019 Data Privacy Maturity Study (Integris) How does your data privacy management program compare to top US enterprises?


CIA plans multibillion cloud buy for intelligence community (FCW) Six years after their initial cloud infrastructure push, the CIA is leading a multivendor expansion of cloud services for the entire intelligence community, with awards expected in 2021.

Mark Zuckerberg says Facebook may pay publishers to put their stuff in a dedicated news section (Recode) The Facebook CEO floated a "news tab to surface more high-quality news," and said he’s willing to write checks to support it.

The world's largest cybersecurity vendors ranked (CRN) Canalys says the cybersecurity industry was worth $37bn last year

Proxy Emerges From Stealth with $13.6 Million in Funding (SecurityWeek) Universal identity provider Proxy emerged from stealth with $13.6 million in Series A funding, which brings the company’s total funding to $16.6M to date.

Sqreen Closes $14 Million Series A Funding Round Led by Greylock Partners (West) Pioneer of Application Security Management (ASM), founded by Apple security veterans, already protects 500 companies

Jersey-based MSP acquires in Canada (CRN) Calligo makes third Canadian takeover

Renesas completes $6.7B acquisition of San Jose chipmaker IDT, installs new CEO (Silicon Valley Business Journal) The Japanese chip giant Renesas completed its $6.7 billion acquisition of San Jose-based Integrated Device Technology on Saturday, extending its reach into self-driving car chips.

Tokio Marine HCC Acquires Cyber Specialist NAS in California (Insurance Journal) Tokio Marine HCC has acquired in Encino, Calif.-based NAS Insurance Services LLC. Terms of the deal were not disclosed. The acquisition of NAS represents

Symantec demotes Ingram Micro from distie lineup (CRN Australia) Dicker Data and Arrow get the heavy lifting from now on, Ingram retains cloud.

ISACA Names David Samuelson CEO (ISACA) Technology, learning and media veteran to focus on growth, innovation and business execution at global association marking its 50th anniversary.

Gartner Analyst Deborah Kish Joins Fasoo Team (PR Newswire) Fasoo, a leader in data-centric security, announced today that Deborah Kish, former Senior Principal Analyst with...

Delve Labs Names Chief Operating Officer, Expands US Operations (Benzinga) Delve Labs, the pioneer in AI-Based vulnerability assessment and prioritization, today announced that Norman Menz has joined...

AIG Names Baich, Formerly with Wells Fargo and NSA, as Information Security Officer (Insurance Journal) American International Group announced that Rich Baich will join the company as senior vice president, chief information security officer, effective April

Products, Services, and Solutions

Okta Launches New Advanced Server Access Product to Bring Secure Access to Critical Infrastructure (Okta) New product delivers pervasive security for Amazon Web Services, Google Cloud Platform and Microsoft Azure

Sentryo Adds Cybersecurity Features to Ruggedcom Industrial Network Platform from Siemens (Global Security Mag Online) At the Hannover Messe, the world’s leading trade fair for industrial technology, SENTRYO announced availability of its industrial cybersecurity solution on the Ruggedcom Multi-Service Platform from Siemens AG.

PwC Netherlands Join Efforts with High-Tech Bridge to Provide DevSecOps and CI/CD Application Security Testing (AP NEWS) PwC Netherlands and High-Tech Bridge announce a strategic partnership and joint solution for rapid, cost-efficient and DevSecOps-enabled application penetration testing.

Wandera integrates with Microsoft Enterprise Mobility + Security to deliver robust security for the mobile-enabled workforce (West) Wandera, the leader in mobile security, has announced integrations within Microsoft’s Enterprise Mobility + Security suite to provide advanced mobile threat defense to security conscious enterprises.

Kingston Digital Introduces New High Endurance microSD Cards (BusinessWire) Kingston introduces its new High Endurance microSD card especially designed for write-intensive application such as home security and dash cams.

New Shodan Service Keeps Track of Internet-Exposed Systems (SecurityWeek) Shodan announces Monitor, a new service designed to help organizations keep track of systems connected to the Internet.

Renaissance, one of Ireland's Premier Value-Added Distributors and Cyber Security Service Providers Adds CyGlass' Network Defense as a Service (NDaaS) to its Portfolio (PR Newswire) CyGlass, a SaaS AI-driven network-centric threat detection solution, and Renaissance, a leader in...

Verve Industrial Protection - Announces Release of Version 7.0 The Next Phase in the Evolution of Operational Technology Systems Management (OTSM) (PR Newswire) Verve Industrial Protection, the global leader in operational technology (OT) cybersecurity, today announced the release ...

Someone’s listening: The real reasons you need to encrypt your calls and texts | WTOP (WTOP) This content is sponsored by Blackberry In the movies, it’s easy: the federal agent answers his phone and receives a tip, then calls his wife and apologizes for missing dinner, then dials his boss and…

ZNet Technologies signs distribution agreement with GlobalSign for PKI solutions (CRN - India) ZNet Technologies (a subsidiary of RP tech India) has announced that it has entered into IT security services distribution business by joining hands with GMO GlobalSign. GlobalSign is a leading provider of trusted identity and security solutions for the enterprises and one of the longest established Certificate Authority (CA) in the world. Becoming a distributor …

Phishing Wand soll Mitarbeiter für Cybergefahren sensibilisieren Fertigungsindustrie im Visier der Cyberkriminellen (Computerwelt) Ein neues Feature für die Businesslösungen von G Data überwacht den Umgang von Mitarbeitern mit Cybergefahren und zeigt, wer noch Nachholbedarf hat.

Technologies, Techniques, and Standards

Hackathons and Cash for Hackers: What the AV Industry Needs - Commercial Integrator (Commercial Integrator) AV, IoT and automation manufacturers need to better understand zero-day vulnerability. Trade show hackathons and cash for hackers should be considered.

How military hacking can improve (Fifth Domain) An Australian official details an offensive cyber operation undertaken against the Islamic State.

The Navy Is Assembling a Hacker Team to Fight Off Small Drones (Defense One) Engineers, researchers, and hackers will seek ways to protect warships and bases from hobby-type drones modified to kill.

How the Army will sustain its tactical network of the future (C4ISRNET) The rapid insertion of commercial off-the-shelf systems looks to revolutionize the Army's next-generation tactical network, but it also brings challenges for the sustainment community.

Design and Innovation

It's Time to Yap! Yappa Debuts First Audio/Video Social Commenting Tool to Encourage Less Toxic Online Interactions (PR Newswire) Toxic commentary, online bullying and anonymous web trolling may no longer be the plague that discourages ...

Google's AI Ethics Council faces staff opposition over Heritage Foundation member (Computing) 'Googlers Against Transphobia' demand removal of Heritage Foundation president from Google's newly established AI Ethics Council

Research and Development

Peter Cochrane: Quantum computing - a return to analogue computers? (Computing) Quantum computers are neither stable enough nor powerful enough to achieve very much at all at the moment, warns Professor Peter Cochrane

Legislation, Policy, and Regulation

Analysis | The Cybersecurity 202: This is Washington's Plan B as Huawei poised to gain major stake in 5G networks (Washington Post) Government seeks ways to work around "technology that we can't trust."

Politicians mistakenly vote the wrong way in controversial internet law (Naked Security) Members of the European Parliament appear to have materially affected the future of the internet by mistakenly voting the wrong way.

​Zuckerberg’s call to regulate Facebook explained (Silicon Valley Business Journal) In an op-ed over the weekend, Facebook CEO Mark Zuckerberg laid out a case for how he believes his company should be treated and discussed four policy areas which he said the government should focus attention on. Here’s an annotated analysis of Zuckerberg’s post and what he is seeking to do with each area.

Don’t fall for Mark Zuckerberg’s talk about regulation (Times) The hermit of Knightsbridge, otherwise known as Julian Assange, has a great analogy for state intervention in cyberspace. “It’s like having a tank in your bedroom,” he once wrote. Which is a...

Big Tech vs Congress: the issues Facebook, Google and Amazon lobby most (VPNMentor) Detailed analysis of the $500m Big Tech have spent lobbying the US government. Discover which issues matter most to Amazon, Apple, Facebook, Google and Microsoft.

Trump’s next Secretary of Defense needs to have these 10 things (Fox News) The increasing complexity of the national security landscape, coupled with the readiness challenge that still remains, underscores that the appointment of the right Secretary of Defense will be President Trump’s most important appointment for the remainder of his first term.

Litigation, Investigation, and Law Enforcement

Prosecutors Launch Investigation Into Company That Put Malware on Google Play Store (Motherboard) Italian government authorities have launched an inquiry into eSurv, a company that made spyware apps that it concealed as legitimate and innocuous-looking apps on the Google Play Store.

Investigator Says Amazon Chief's Phone Hacked by Saudis (SecurityWeek) The investigator hired to look into the release of intimate images of Jeff Bezos said he has concluded that Saudi Arabian authorities hacked the Amazon chief's phone to access his personal data.

NSO Group Says It Didn’t Hack Jeff Bezos On Behalf of Saudi Arabia (Motherboard) Spyware Vendor Denies Hacking Jeff Bezos On Behalf of Saudi Arabia

Taibbi: On Russiagate and Our Refusal to Face Why Trump Won (Rolling Stone) Faulty coverage of Donald Trump’s 2016 campaign later made foreign espionage a more plausible explanation for his ascent to power

Lindsey Graham Reveals AG Bill Barr 'Pretty Upset' Over Hillary Investigation And What He May Do About It (Daily Wire) Senate Judiciary Committee Chairman Lindsey Graham (R-SC) revealed during an interview on Sunday that Attorney General William Barr is "pretty upset" over the way the criminal investigation into Hillary Clinton was handled and that he hopes "there's a special counsel appointed to look at DOJ corr

Here's Why I Didn't Fall For The Russia-Trump Conspiracy (The Federalist) Media outlets regurgitated leaks from politicized intelligence officials to fuel the Russia-Trump conspiracy. They should have been far more skeptical.

Trump team overruled 25 clearance denials, official says (AP NEWS) A career official in the White House security office says dozens of people in President Donald Trump's administration were granted security clearances despite "disqualifying...

Audit of the Federal Bureau of Investigation's Cyber Victim Notification Process (Office of the Inspector General U.S. Department of Justice) The objective of this audit was to evaruata the Federal Bureau of Invastrgatlon's (FBI) processueand practices for notifying and engaging with victims of cyber Intrusions. Speclftcally, we examined the FBI's adherence to Executive Order 13636, Improving crttlcal Infrastructure Cybersecurlty, and the FBI Cyber Dlvlston Policy Guida 0853PG as well as other related polldes.

HP CEO Leo Apotheker didn't even read Autonomy's accounts before acquisition (Computing) Apotheker claims he didn't have time to read Autonomy's accounts prior to $11bn acquisition

Opinion | New York Launches a Cybercrime Brigade (Wall Street Journal) A new citywide initiative aims to coordinate digital law-enforcement efforts.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Insider Threat Program Management With Legal Guidance Training Course (Washington, DC, USA, May 13 - 14, 2019) The Insider Threat Defense Group will hold our highly sought after Insider Threat Program (ITP) Management With Legal Guidance Training Course, in Washington, DC, on May 13-14, 2019. This comprehensive...

Insider Threat Program Management 360 Training Course (Washington, DC, USA, June 25 - 26, 2019) The Insider Threat Defense Group will hold our most advanced training for Insider Threat Program (ITP) Management. This comprehensive 2 day training course covers all the aspects of an ITP, from A-Z; ITP...

Upcoming Events

InfoSec World 2019 (Lake Buena Vista, Florida, USA, April 1 - 3, 2019) Cybersecurity has come a long way in 25 years, and InfoSec World has been there through it all. That's right, InfoSec World 2019 Conference & Expo is returning to Disney's Contemporary Resort on April...

Dynamic Connection 2019 (Denver, Colorado, USA, April 2 - 4, 2019) Dynamic Connections 2019 will bring together over 1,000 attendees to learn, explore and create solutions needed today to help us thrive and operate successfully in the digital domain with confidence. Learn...

IP Expo Manchester (Manchester, England, UK, April 3 - 4, 2019) The event will showcase industry leaders and those at the forefront of technology, to encourage debate and inform attendees on the critical technological issues affecting modern business. IT and cyber...

QuBit Conference Prague 2019 (Prague, Czech Republic, April 9 - 11, 2019) Over the past 5 years, QuBit has grown to be a leading cyber security community event in CEE region. This year's highlights include: excellent speakers and educational sessions, popular networking events,...

Mississippi College Cybersecurity Summit (Clinton, MIssissippi, USA, April 10, 2019) The 2019 Mississippi College Cybersecurity Summit is a conference designed to engage, educate, and raise awareness about cybersecurity across the nation. It will provide valuable cybersecurity tools and...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.