skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

Cisco Talos reported this morning that criminal groups are working openly on Facebook, connecting, trading, and cooperating. Their activity isn't hidden, but rather quite overt. Some of the groups have been operating for as long as eight years, in the process attracting tens of thousands of members. It's obvious, not occulted, and the obvious names (like "Spam Professional," "Spammer & Hacker Professional," "Buy Cvv On THIS SHOP PAYMENT BY BTC," and "Facebook hack (Phishing)") haven't been enough to get them ejected from the social network.

Check Point yesterday announced its discovery of a man-in-the-middle vulnerability in a security application that comes pre-installed with Xiaomi phones. Xiaomi has patched the problem, according to SiliconANGLE.

The US House Committee on Science, Space, and Technology has asked the Federal Emergency Management Agency (FEMA) to explain how FEMA lost control of disaster victims' private information.

KrebsOnSecurity reports that the alleged head of a Romanian ATM-skimming gang has been arrested in Mexico.

Reuters reports that some of the evidence the US collected against Huawei CFO Meng Wanzhou was gathered under Foreign Intelligence Surveillance Act (FISA) warrants. Charged by the US with sanctions violations, Ms Meng is in Canada fighting extradition.

WikiLeaks has been tweeting that Ecuador is getting ready to show Julian Assange the door, inviting him to depart that country's London embassy. Mr. Assange could be back on the street in "hours to days," if the Twitter feed is to be believed. CNN says Mr. Assange's lawyers maintain his eviction would contravene international law.


Today's issue includes events affecting Australia, Canada, China, Ecuador, Germany, Mexico, NATO/OTAN, Romania, Russia, Ukraine, United Kingdom, United States, Venezuela, and Vietnam.

A note to our readers: The CyberWire is a finalist in the Cybersecurity Association of Maryland's 2019 Awards, eligible to win the 2019 People's Choice Award, and we'd appreciate your support. Please vote for us here, and feel free to spread the word. The deadline for voting is 4:00 PM Eastern Time on April 11th. Thanks for your support.

Outsmarting Attackers with Deep Learning

Adversaries are creating new attacks at such a speed and volume that signature and sandbox-based threat detection can’t keep up. Deep learning can help. By exposing neural nets to threat data, deep learning can learn to identify malicious traffic, even zero days seen for the first time. But why are advances possible today? How does deep learning differ from machine learning? Where’s the best place to apply deep learning? Get the answers here.

In today's podcast, out later this afternoon, we speak with our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin talks about predictive policing software. Our guest is Ambassador Rob Strayer, Deputy Assistant US Secretary of State for Cyber and International Communications and Information Policy, who discusses security challenges in the global supply chain.

Cyber Attacks, Threats, and Vulnerabilities

Russia Is Tricking GPS to Protect Putin (Foreign Policy) The Kremlin’s manipulation of global navigation systems is more extensive than previously understood.

Bayer contains cyber attack it says bore Chinese hallmarks (Reuters) German drugmaker Bayer has contained a cyber attack it believes was hatched in C...

Twenty-eight million users affected by backdoor vulnerability in popular web development tool (Computing) Warning over compromised 'bootstrap-sass' development package published on the RubyGems repository

Researcher publishes Google Chrome exploit (ZDNet) Vulnerability patched in Chrome's V8 JavaScript engine, but the fix has not yet reached the Chrome stable branch.

The evolution of phishing kits (Zscaler) Zscaler ThreatLabZ has observed evolution with phishing kits and phishing campaigns which are detected and blocked across the Zscaler cloud. We have covered different phishing kits and evasion tactics used by threat actors.

Threat Group Employs Amazon-Style Fulfillment Model to Distribute Malware (Dark Reading) The operators of the Necurs botnet are using a collection of US-based servers to send out banking Trojans, ransomware, and other malware on behalf of other cybercriminals.

U.S.-Based Malware Hosting Setup Possibly Tied to Necurs Botnet (Decipher) Bromium researchers have been tracking a phishing and malware campaign, possibly linked to the Necurs botnet, that uses infrastructure in the U.S.

Necurs botnet suspected of spreading 10 malware families with US web servers. (IT Security Guru) Researchers have uncovered over a dozen servers, unusually registered in the United States, which are hosting ten different malware families

Researchers unearth 74 Facebook cybercrime groups with 385,000 members (Ars Technica) Already under scrutiny for spreading hate, social network also helps peddle spam and fraud.

Facebook is connecting not only old friends, but also new criminals. (NBC News) The social media platform is connecting not only old friends, but also new criminals.

Hiding in Plain Sight (Cisco Talos) Cisco Talos is continually working to ensure that our threat intelligence not only accounts for the latest threats but also new versions of old threats, such as spam.

The One Cybersecurity Risk You're Probably Not Even Thinking About (Entrepreneur) Printers may be the last thing on your mind, but they're a vulnerable point of entry.

Vulnerability in Xiaomi Pre-Installed Security App (Check Point Research) Smartphones usually come with pre-installed apps, some of which are useful and some that never get used at all. What a user does not expect, however, is for a preinstalled app to be an actual liability to their privacy and security. Check Point Research recently discovered a vulnerability in one...

Kaspersky unlikely to reveal details of American APTs at summit (iTWire) ANALYSIS Predicting the future is generally a game for mugs but it is possible to say with a high degree of certainty that there will be no details of...

Outdated software leaves NHS 'vulnerable to cyber attack' (Digital Health) Internet of Things (IoT) devices were identified as the weakest link in an IT network, according to research from software technologies company Check Point.

Rockwell Automation Stratix 5950 (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 8.6ATTENTION: Exploitable remotely/low skill level to exploitVendor: Rockwell AutomationEquipment: Stratix 5950Vulnerability: Improper Input Validation2. RISK EVALUATIONSuccessful exploitation of this vulnerability could allow a remote attacker to cause an affected device to reload.

Rockwell Automation Stratix 5400/5410/5700/8000/8300 and ArmorStratix 5700 (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 8.6ATTENTION: Exploitable remotely/low skill level to exploitVendor: Rockwell AutomationEquipment: Stratix 5400/5410/5700/8000/8300, ArmorStratix 5700Vulnerabilities: Resource Management Errors, Improper Input Validation2.

Omron CX-Programmer (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 6.6ATTENTION: Low skill level to exploitVendor: OmronEquipment: CX-Programmer within CX-OneVulnerability: Use After Free2. RISK EVALUATIONSuccessful exploitation of this vulnerability could allow an attacker to execute code under the privileges of the application.

IResponse to IEncrypt (Guardicore) A detailed investigation into an IEncrypt ransomware attack, analysis of the decryption process and the decryptor. Also providing a safe to use version of Guardicore’s IEncrypt decryptor

Could a few stickers fool military vehicles of the future? (C4ISRNET) Military planners should watch what adversarial research can discover in commercial autonomous systems.

Could We Blow Up the Internet? (Motherboard) Is it possible to take down the internet by physically attacking its infrastructure?

Security Patches, Mitigations, and Software Updates

Xiaomi quickly patches serious vulnerability found in its security app (SiliconANGLE) Xiaomi quickly patches serious vulnerability found in its security app

Cyber Trends

Nine out of Ten Critical Infrastructure Security Professionals Say Their Environments Have Been Damaged by a Cyberattack in the Last Two Years (Tenable®) Report by Ponemon Institute for Tenable finds 62% of respondents said their organizations have suffered multiple attacks Tenable®, Inc., the Cyber Exposure company, today released the ‘Cybersecurity in Operational Technology: 7 Insights You Need to Know’ report, an independent study by the Ponemon Institute. The study identifies the true extent of cyberattacks experienced by critical infrastructure operators — professionals in industries using industrial control systems (ICS) and operational technology (OT). It found that 90% of respondents stated their environments had been damaged by at least one cyberattack over the past two years, with 62% experiencing two or more attacks. Key highlights from the study include:

Cybersecurity Pros Face Significant Challenges with OT Security: Ponemon Report (Tenable®) A new report from Ponemon Institute and Tenable reveals that 62% of organizations in industries relying on operational technology experienced two or more business-impacting cyber attacks in the pas

Americans Hate Social Media but Can’t Give It Up, WSJ/NBC News Poll Finds (Wall Street Journal) Americans have a paradoxical attachment to social media, a new Wall Street Journal/NBC News poll finds, saying they regard services like Facebook to be divisive and a privacy threat but continue to use them daily.


Defense Industry Companies Launch Supply Chain Cybersecurity Task Force (AiThority) The DIB Sector Coordinating Council (SCC) announced today the chartering of the Supply Chain Cybersecurity Industry Task Force to identify

5 Cybersecurity Stocks to Watch As the Trend Heats Up (InvestorPlace) Cybersecurity stocks have been big winners in recent years. And investors betting that the trend will continue have no shortage of options.

Huawei May Have Claimed 5G Victory Over The U.S. But Is Now In A Street Fight (Forbes) As Huawei claims victory against the U.S. in its fight to maintain a leading role in 5G networks worldwide, the battle turns from the media to the shadowy world of espionage and counter-espionage. And that might be a much harder war for them to win.

New Intel CEO dishes on 5G, more acquisitions and moving his 50-year-old company forward (Silicon Valley Business Journal) 'Only the paranoid will survive' as Intel looks beyond computer chips

Akamai Inks Deal With Microsoft for an Undisclosed Amount (Nasdaq) Akamai Technologies Inc AKAM is strengthening its product portfolio.

Cyren's Voluntary Delisting from the Tel Aviv Stock Exchange - Reminder (PR Newswire) Cyren (NASDAQ: CYRN), a leader in cloud security, today announced that further to its press release dated January...

Bitcoin fees, security, and adoption have improved since the last bull market (CryptoSlate) Compared to the last bull market, Bitcoin’s transaction fees, network hashrate, and adoption have improved—despite what naysayers might say.

Varo Appoints Philippa Girling as Chief Risk Officer (Varo Money) Mobile banking startup Varo Money, Inc. today announced the hire of Philippa Girling as Chief Risk Officer. Girling will lead Varo’s Credit and Operational Risk, Information Security, Compliance, BSA/AML, and Fraud teams. She is a seasoned bank executive with more than 20 years experience in the global financial … Continued

Raytheon News Release Archive (Raytheon News Release Archive) Operates four businesses. Technology and innovation leader specializing in defense, security and civil markets throughout the world.

Products, Services, and Solutions

New infosec products of the week: April 5, 2019 (Help Net Security) Featured products for this week include releases from Acros Security, Cynet, iovation and KnowBe4.

Protego Labs Joins Amazon Web Services Partner Network (PRWeb) Protego Labs today announced that it has joined the Amazon Web Services (AWS) Partner Network as an Advanced qualified Technology Partner. The AWS Partner Network

DOSarrest Launches New Cloud Based Network Traffic Analyzer Service ( News) VANCOUVER, British Columbia: DOSarrest Internet Security announced today that they have released a new service offering called DOSarrest Traffic Analyzer DTA.

Technologies, Techniques, and Standards

The Promise and Limitations of AI in Cybersecurity ( In the cybersecurity arena, hype runs deep, and AI is no exception.

How to Reverse Malware on macOS Without Getting Infected | Part 1 (Security Boulevard) Ever wanted to learn how to reverse malware on Apple macOS? This is the place to start! Join us in this 3-part series on macOS reverse engineering skills.

Introducing the Shellcode Signatures Series (Booz Allen Hamilton) A deep-dive series on detecting evasive shellcode techniques

The x86 Countdown Encoder, Explained (Booz Allen Hamilton) An overview of the x86 Countdown Encoder, including several shellcode techniques for security practitioners to reference when defending against cyber threats.

The Zutto Dekiru Encoder, Explained (Booz Allen Hamilton) Get a technical overview of the Zutto Dekiru encoder and build a Yara signature.

The x64 XOR Encoder, Explained (Booz Allen Hamilton) Get a technical overview of the x64 XOR Encoder and learn how it decodes its payloads.

The Shikata Ga Nai Encoder (Booz Allen Hamilton) Our top analysts review the components of the popular Metasploit shellcode encoder, Shikata Ga Nai.

The x86 Jmp Call Additive Encoder, Explained (Booz Allen Hamilton) Get a technical overview of the popular Metasploit encoder: x86_jmp_call_additive.

A Dive Into The OWASP ZSC Project (Booz Allen Hamilton) Learn the inner-workings of the OWASP Security Project and uncover methods useful to understanding how shellcode is written, modified, and obfuscated.

Research and Development

Photons trained for optical fiber obstacle course will deliver stronger cyber security (ScienceDaily) Researchers demonstrate a way to improve quantum key distribution over fiber networks.


Opinion | America’s universities are finally waking up to the China threat (Washington Post) Higher ed is taking a sober look at the Chinese government presence on campus.

Legislation, Policy, and Regulation

NATO approves measures to counter Russia amid internal rifts (Military Times) NATO foreign ministers approved a series of measures Thursday aimed at countering Russia in the Black Sea region, an agreement that comes amid public rifts between the United States and several of the other 28 members on security and trade issues.

Pompeo warns that NATO should confront ‘emerging threats’ from Russia and China (Public Radio International) US Secretary of State Mike Pompeo on Thursday called on NATO allies to adapt to confront emerging threats, including Russia's military interventions in places such as Venezuela, Chinese strategic competition and cyberthreats.

China’s dire clampdown on religious freedom (Asia Times) Persecution of Christians, Uighurs, Tibetans and other religious followers has been ramped up under Xi and the CCP

Newt Gingrich: China is poised to take over the internet—this should terrify anyone who believes in freedom | Opinion (Newsweek) If the U.S. does not get its act together, we should expect to suffer a strategic defeat in the emergence of a Chinese controlled internet which may define the next half century.

Why China’s Intellectual Property Theft Is a Concern for National Security (The Daily Signal) Temp.Periscope has been blamed for cyberattacks that have resulted in the compromise of sensitive material related to military technology.

Federal govt to create AI ethics guidelines (iTnews) Wants feedback on which values to embed in tech.

Cyberspace protection in VN needs closer collaboration (SGGP English Edition) The Vietnam Computer Emergency Response Team (VNCERT) has recently issued a warning on the newest grave attack of ransomware GandCrab 5.2 in Vietnam. This has given a wake-up call to all organizations in the country regarding a necessary cooperation to further strengthen cyber security.

Maduro Says Venezuela Turned Into Testing Ground For Cyber, Electromagnetic Weapons (UrduPoint) Venezuela has become a testing ground for new kinds of cyber and electromagnetic weapons, which target the countrys critical infrastructure, Venezuelan President Nicolas Maduro said

How a merger will expand the Air Force’s cyber edge (Fifth Domain) 24th and 25th Air Force will integrate, creating the service's first information warfare numbered Air Force.

The Air Force Has a New Cyber Security Defense Plan (The National Interest) Adversaries who want to steal American data should beware.

DHS Cyber Chief is Ready to Update Federal Tech Hiring ( The department is preparing to roll out a new personnel system that will let officials “hire people based on their skill sets, not what’s on a piece of paper,” said Chris Krebs.

See us if you can? GCHQ surveillance agency reveals London base (Reuters) A nondescript red brick building tucked away beside a pub near a park in central...

Analysis | The Cybersecurity 202: States spent just a fraction of $380 million in election security money before midterms (Washington Post) And is Julian Assange about to be expelled from the Ecuadorean embassy in London?

Georgia Gov. Kemp signs new touchscreen voting machines bill (Washington Post) Georgia Gov. Brian Kemp has quietly signed a wide-ranging elections bill authorizing the statewide purchase of touchscreen voting machines that print a paper ballot

Litigation, Investigation, and Law Enforcement

Investigating Foreign Electoral Interference in Cold War Germany (Foreign Affairs) The history of a 1972 Stasi operation suggests Mueller's report won't provide all the answers.

In Ukraine’s Election, Pro-Russian Candidates Can’t Win (Foreign Policy) By occupying the regions of the country that most favor it, Moscow has undermined its own position in Ukrainian politics. Here’s why it still won’t…

Assange expulsion from Ecuador embassy would be 'illegal,' his legal team says (CNN) Ecuador's Foreign Ministry has refused to comment on claims from WikiLeaks that its founder Julian Assange will soon be expelled from the country's embassy in London.

US government claims to have found evidence against Huawei via secret surveillance (Computing) US invoked FISA surveillance powers to help build case against Huawei CFO Meng Wanzhou

DHS tech manager admits stealing data on 150,000 internal investigations, nearly 250,000 workers (Washington Post) A Virginia woman pleaded guilty to conspiring with a former DHS acting inspector general.

Mar-a-Lago's Security Problems Go Way Beyond a Thumb Drive (WIRED) A Chinese woman was arrested for sneaking into Trump's "Winter White House," a reminder of how exposed the president's private club is to physical and cybersecurity risks.

Analysis | The plot just thickened on William Barr and the Mueller report (Washington Post) The previously leakproof Mueller team is suddenly sprouting leaks, which suggests it's truly worried about what Attorney General William Barr is doing.

Alleged Chief of Romanian ATM Skimming Gang Arrested in Mexico (KrebsOnSecurity) An alleged top boss of a Romanian crime syndicate that U.S. authorities say is responsible for deploying card-skimming devices at Automated Teller Machines (ATMs) throughout North America was arrested in Mexico last week on firearms charges.

Who Gets Access? The Flap over White House Security Clearances (Foreign Policy Research Institute) Earlier this week, The New York Times reported that a “whistle-blower” working inside the White House’s Personnel Security Office had met privately with staff from the House Oversight and Reform Committee and revealed that 25 individuals, including two current senior White House officials, had been granted security clearances after their…

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

IMPACT ’19 (Chantilly, Virginia, USA, April 15 - 17, 2019) Prepare for the changes ahead and get out in front of the compliance curve by attending the 34th annual NSI IMPACT Forum on April 15-17 at the Westfields Marriott in Chantilly, VA. The theme of this year’s...

Upcoming Events

QuBit Conference Prague 2019 (Prague, Czech Republic, April 9 - 11, 2019) Over the past 5 years, QuBit has grown to be a leading cyber security community event in CEE region. This year's highlights include: excellent speakers and educational sessions, popular networking events,...

Mississippi College Cybersecurity Summit (Clinton, MIssissippi, USA, April 10, 2019) The 2019 Mississippi College Cybersecurity Summit is a conference designed to engage, educate, and raise awareness about cybersecurity across the nation. It will provide valuable cybersecurity tools and...

SecureWorld Philadelphia (Philadelphia, Pennsylvania, USA, April 10 - 11, 2019) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry...

ISC West 2019 (Las Vegas, Nevada, USA, April 10 - 12, 2019) ISC West is THE largest security industry trade show in the U.S. At ISC West, you will have the chance to network with over 30,000 security professionals through New Products & Technologies encompassing...

Maryland Cyber Day (Hanover, Maryland, United States, April 11, 2019) Maryland Cyber Day is a combination of two events, MD Cyber Day Marketplace followed by MD Cybersecurity Awards Celebration. Marketplace features cybersecurity innovation, an expo, technology demos, “Ask...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.