skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

As the face of WikiLeaks begins his efforts to resist extradition to the US, observers comment on the charge confronting him, which is, essentially, conspiracy to hack into a noncompliant computer in violation of the Computer Fraud and Abuse Act. Mr. Assange, the US maintains, offered to help then-US-Army-Specialist Manning crack passwords to gain access to classified files. He's not charged with espionage, or with possession of classified material. Those sympathetic to Mr. Assange (like Edward Snowden, WikiLeaks itself, and Britain's shadow home secretary) see the indictment as a way of railroading him, especially since the offer to help then-Specialist Manning break into Government systems seems more an act of stumblebum hubris than the sinister act of a criminal mastermind.

As the Washington Post notes, many security experts have long thought the Computer Fraud and Abuse Act outmoded and overly broad. But the prosecution would not appear, taken by itself, to represent a threat to journalists' First Amendment rights. Besides, as former NSA Associate General Counsel April Doss told Quartz, such hacking isn't a generally accepted journalistic legitimate practice. Many agree with her.

University researchers report that secure wi-fi protocol WPA3's SAE handshake may be susceptible to the same kind of exploitation as its predecessor, WPA2, was. One of the problems lies in the transition mode designed to ensure backward compatibility with the older protocol.

Carbon Black continues to track the maturation of the dark web's black market in tax-fraud and identity-theft tools. They're increasingly commodified and cheaper than ever.


Today's issue includes events affecting China, Ecuador, Germany, Iran, Israel, New Zealand, Russia, United Kingdom, United States.

A quick note: congratulations to all who were honored by the Cybersecurity Association of Maryland last night, and thanks to CAMI for this and all of its other programs.

Get a Backstage Pass to LookingGlass’ Digital Business Risk Roadshow

When it comes to digital business risk, you don’t want a general admission perspective. Get a backstage pass for the LookingGlass Digital Business Risk Roadshow to learn the industry-latest on effective third party risk management, taking a proactive security approach, and get a cybercriminal mastermind's insights on manipulating your organization’s cyber strengths and weaknesses. Come see us in a city near you. The tour includes San Francisco, NYC, D.C., and Houston!

In today's podcast, up later this afternoon, we speak with our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin discusses pending state legislation that would restrict law enforcement use of DNA data. Our guest is Eric O’Neill, attorney and former FBI operative. He's also the author of Gray Day: My Undercover Mission to Expose America’s First Cyber Spy. Today's interview is a preview of the full interview that will run as a special edition this Sunday in which Mr. O'Neill describes what he saw during the Robert Hanssen espionage investigation.

Global Cyber Innovation Summit (Baltimore, Maryland, United States, May 1 - 2, 2019) This unique, invitation-only forum brings together a preeminent group of leading Global 2000 CISO executives, cyber technology innovators, policy thought leaders, and members of the cyber investment community to catalyze the industry into creating more effective cyber defenses. Request an invitation today.

Cybersecurity Impact Awards (Arlington, Virginia, United States, May 14, 2019) The inaugural Cybersecurity Impact Awards are open for nominations until April 12 and are dedicated to recognizing companies that have corporate or Federal headquarters in the DMV area for their leadership and innovation within the cybersecurity industry. Award winners will be honored during an awards ceremony on May 14.

Cyber Attacks, Threats, and Vulnerabilities

Election results by midnight: No cyber attack but technology failure (Jerusalem Post) Elections Committee Chairman Judge Hanan Melcer said that the committee will publish the election results by midnight, but changes could be made later.

A Peek Into the Toolkit of the Dangerous Triton Hackers (WIRED) Security firm FireEye is naming a collection of tools it says might help identify more active Triton intrusions.

MuddyWater Group Using Spam Campaign to Hijack Victims’ Computers (Security Boulevard) The MuddyWater threat attack group is using a spam campaign to hijack victims’ computers and steal sensitive information. Discovered by Heimdal Security in early April, the campaign begins when malicious actors use social engineering techniques to trick a user into opening a malicious Microsoft Office document attached to a phishing email. The document contains VBA … Read More The post MuddyWater Group Using Spam Campaign to Hijack Victims’ Computers appeared first on The State of Security.

LockerGoga: What We Know and What You Should Do (CyberX) News of the ransomware attack on Norsk Hydro broke on March 19th and thanks to the admirable transparency shown by Norsk Hydro, the security world knows about the $41m USD in losses incurred in the first week, as well as the ways in which the company responded to the attack.

New Super-Secure Wifi Is Actually Full of Security Holes (Gizmodo) When the Wi-Fi Alliance released its next-generation WPA3 wifi security protocol last January, it was touted as being nigh impossible to crack. That made it a serious upgrade over WPA2, the current protocol used by modern wifi networks—including the one you’re probably reading this on. Except, researchers on Wednesday published findings that show WPA3 actually has several serious design flaws that leave it vulnerable to the same attacks that plagued WPA2.

How HTML5 Ping Is Used in DDoS Attacks (eWEEK) Imperva has discovered a new attack in which hackers abused a commonly used HTML5 attribute to launch a DDoS attack that generated 70 million requests hitting a target website in a four-hour span.

The Ping is the Thing: Popular HTML5 Feature Used to Trick Chinese Mobile Users into Joining Latest DDoS Attack (Imperva) DDoS attacks have always been a major threat to network infrastructure and web applications. Attackers are always creating new ways to exploit legitimate services for malicious purposes, forcing us to constantly research DDoS attacks in our CDN to build advanced mitigations. We recently investigated a DDoS attack which was generated mainly from users in Asia. …

VSDC Site Hacked Again to Spread Password Stealing Malware (BleepingComputer) The website of the free multimedia editor VSDC was breached again by hackers, this time the download links being used to distribute a banking trojan and an info stealer.

Microsoft: WinRAR exploit gives attackers 'full control' of Windows PC (ZDNet) Microsoft shines a light on the handiwork of an advanced threat group known as MuddyWater

New Baldr information stealer could target businesses (SearchSecurity) Malwarebytes' Jérôme Segura highlights the key features of the new information stealer called Baldr and shares best practices for defending against such stealers.

VPN apps found storing session cookies insecurly (SC Media) Researchers with National Defense ISAC Remote Access Working Group discovered multiple Virtual Private Networks (VPN) applications were insecurely storing Researchers with National Defense ISAC Remote Access Working Group discovered multiple (VPN) apps improperly storing session cookies.

App could have let attackers locate and take control of users’ cars (Naked Security) A smartphone app used to control vehicles across North America left them wide open to attackers, it was revealed this week.

Master of web puppets: abusing web browsers for persistent and stealthy computation (the morning paper) Master of web puppets: abusing web browsers for persistent and stealthy computation Papadopoulus et al., NDSS’19 You’ve probably heard about crypto-currency mining and the like in hijacked br…

Scary Hardware Attacks Aren't The Biggest Risks (Decipher) Supply chain attacks are scary, but there are plenty of other hardware-based issues organizations should be worrying about before they have to panic about the complex malicious implants in their servers.

Robocaller firm Stratics Networks exposed millions of call recordings (TechCrunch) If you’ve ever had a voicemail appear out of nowhere, there’s a good chance Stratics Networks was involved. The Toronto-based company is the self-proclaimed inventor of “ringless voicemails,” providing its customers a way of auto-dialing a list of phone numbers and dropping …

Email Scam Threatens WannaCry & DDoS Attack (Security Boulevard) As if tax season isn’t stressful enough, a new extortion email scam is currently underway to steal your personal details and commit fraudulent activities. Hackers are demanding two bitcoins from victims in exchange for keeping quiet about their presumed “tax evasion”.  If they do not pay, they will find themselves hit with a DDoS attack and WannaCry ransomware.

Tax Fraud and ID Theft Services Getting Cheaper on the Dark Web (BleepingComputer) Financial and social security identity theft services are becoming more and more affordable every year on the dark web, leading to a drop in the skill level required for tax fraud schemes.

Tax Fraud & “Identity Theft On Demand” Continue to Take Shape on the Dark Web (Carbon Black) Carbon Black’s recent research into various marketplaces on the dark web found W-2 forms, 1040 forms and how-to guides for illicitly cashing out tax returns available. W-2s and 1040s are available on the dark web at relatively low cost, ranging from $1.04 to $52. Names, Social Security Numbers (SSNs) and birthdates can be obtained for a price ranging from $0.19 to $62.

Linklaters is Latest Top Firm to be Impersonated in Cyber Scam (LegalWeek) Linklaters joins various other top firms in having its name used by scammers.

Canadian company victim of apparent cyber attack (City NEWS 1130) A source tells CityNews Mitsubishi Canada Aerospace is dealing with a cyber heist that has been ongoing for weeks. Adrian Ghobrial with who could be behind the attack.

Security Patches, Mitigations, and Software Updates

Microsoft releases new security framework for Windows 10 (Computing) New Windows 10 security framework mimics the DEFCON levels used by US armed forces

Windows 7 problems: Microsoft blocks April updates to systems at risk of freezing (ZDNet) Microsoft halts Windows 7 patches for Sophos users after updates trigger boot failures, which also affect Avast users.

Cyber Trends

Forget Russia, China And Iran, Up To 80% Of Cybersecurity Threats Are Closer To Home (Forbes) Even as most cybersecurity attention focuses on external threats, most businesses should instead focus on the threats from inside their organizations. A risk that in the U.S., despite the efforts to make everyone more cyber aware, is getting worse.


Investors Are Betting Early On Cybersecurity Startups (Crunchbase News) In an increasingly digital world, startups, small businesses, and large corporations have at least one problem in common: ensuring the security of the data they store. We also know that security is top of mind for VCs, too—but likely more for the returns than the actual protection.

Why Cybersecurity Software May Be the Hottest Area to Buy Now ( One segment that remains in demand is security software, and with good reason. These four cybersecurity companies are at the forefront.

Kaspersky: US security software ban just 'makes cybercriminals happy' (ZDNet) Kaspersky Lab sees little prospect of the US government lifting the ban on using its security products.

Huawei security questioned around the world (SearchSecurity) Huawei security is under fire from multiple fronts as a new report criticizes the company's security efforts and a Huawei driver flaw hits Windows, but Huawei and a U.S. association are fighting back against the criticisms.

Huawei says its equipment as secure as any, pans U.S. campaign (Reuters) China's Huawei Technologies said on Thursday the security of its telecoms n...

Who is the man behind Huawei and why is the U.S. intelligence community so afraid of his company? (Los Angeles Times) Ren Zhengfei turned a company with no intellectual property into the world’s largest telecom and made China a global leader in 5G technology. Washington says he had help from Beijing.

Warrior to Cyber Warrior Announces a New Website and an Expanded Approach to Serving Veterans (PR Newswire) The Warrior to Cyber Warrior (W2CW) Foundation today unveiled a new website, along with an expanded approach to...

SolarWinds Sets Its Sights on the ITSM Market through Acquisition of Samanage and Introduction of a SolarWinds Service Desk Product (West) Company prepares to extend its IT management offerings by expanding the availability of affordable and easy to use service desk software to a broader spectrum of businesses in response to the pressures of digital business transformation and process automation.

Nuspire Networks acquires Colorado security services company (Crain's Detroit Business) Commerce Township-based network management and online security provider buys GBprotect. Deal expected to grow Nuspire's abilities in security operations and threat response. Nuspire acquired by private equity firm in 2016

Armis Security raises $65 million to secure internet of things devices (VentureBeat) Armis Security, a developer of an enterprise cybersecurity solution for the internet of things, has raised $65 million in venture funding.

Cloud Security Leader Bitglass Raises $70 Million (Pulse 2.0) Campbell, California-based Cloud Access Security Broker (CASB) company Bitglass has raised $70 million in Series D funding.

Cybersecurity Firm WISeKey Subsidiary Nets $7 Mln in Pre-STO Investment Ahead of Q2 Sale (Cointelegraph) The company’s WISeCoin spin-off plans to raise a total of around $17.5 million in the upcoming token offering.

Corsica Launches 'All Star' MSP Acquisition Blitz By Buying EDTS, EDTS Cyber (CRN) Here's why Corsica Technologies acquisition of EDTS and EDTS cyber is a managed service provider (MSP) and Managed Security Service Provider (MSSP) game changer.

EverWatch boosts intelligence contracting platform with latest acquisition (WTOP) EverWatch, an Ashburn defense and national security contractor, has acquired IT services company Northwood Global Solutions LLC. Terms were not disclosed. Chevy Chase-based aerospace and defense…

ESG principles prompt lenders to pass on NSO Group loan (Reuters) NEW YORK, April 11 (LPC) - Investors’ response to a US$500m equivalent leveraged...

INSA to Honor Keith Alexander for Contributions to U.S. Intel, Natsec Affairs (WashingtonExec) Retired Gen. Keith Alexander, the longest-serving director of the National Security Agency and the first commander of the U.S. Cyber Command, will receive

SailPoint appoints Charles Poff as chief information security officer (Information Age) SailPoint, the enterprise identity governance firm, has announced the appointment of Charles Poff as the company’s new CISO

Products, Services, and Solutions

TRON Partners With Swarm To Offer Security Token Support (UNHASHED) TRON has announced that it has partnered with Swarm, a major security token platform. This partnership will allow projects to issue security tokens, which can be programmed for regulatory compliance, on the TRON blockchain. Swarm is a leader in this area, which makes this a significant announcement. What the Partnership Means Security tokens simply represent…

Technologies, Techniques, and Standards

451 Research: Tackling the Visibility Gap in Information Security (Reliaquest) Is your security team blind to the activities in more than half of its IT assets?

Emsisoft used decrypter on CryptoPokemon ransomware… It’s super effective! (Security Boulevard) Emsisoft researchers have released a free decrypter for the CryptoPokemon ransomware. Download it here. The post Emsisoft used decrypter on CryptoPokemon ransomware… It’s super effective! appeared first on Emsisoft | Security Blog.

Design and Innovation

Analysis | The Cybersecurity 202: Companies are trying to crack down on shady apps that spy on partners, exes (Washington Post) But it won't be easy.

Training AI to help human experts, FortiGuard Labs analyzes 100B security events daily (SiliconANGLE) Training AI to help human experts, FortiGuard Labs analyzes 100B security events daily

How password-less security benefits helpdesks (Help Net Security) IT teams can improve efficiency by making changes to eliminate some of the most mundane and time-consuming tasks. Chief among these are password resets.

Legislation, Policy, and Regulation

Russian lawmakers approve second reading of 'sovereign' Internet bill (Reuters) Russian lawmakers backed tighter Internet controls on Thursday to defend against...

NZ flags risk of foreign meddling in politics (The Business Times) NEW Zealand's intelligence chief said on Thursday the agency was concerned about activities by foreign state actors, including attempts to covertly influence politicians and monitor expatriate communities living in the South Pacific nation. Read more at The Business Times.

Washington Tries a Softer Approach in Anti-Huawei Campaign (Foreign Policy) The Trump administration claims progress in signing up European allies in the fight against Beijing.

German stance on 5G security a 'positive step forward': U.S. official (Reuters) The United States wants foreign governments to follow Germany in adopting strict...

How China Blew Its Chance in Eastern Europe (Foreign Policy) Seven years on, the 16+1 project has largely flopped.

Cybersecurity Campaign Aid Delayed by Corporate Money Fears (Bloomberg GOV) The Federal Election Commission delayed a vote on a plan to provide free cybersecurity assistance for campaigns, with the panel’s chairwoman voicing concerns it could the open the door to corporate money in campaigns.

Navy looks to add cyber leadership (FCW) Navy Secretary Richard Spencer says adding a new assistant secretary for cybersecurity and tightening contractors' security practices are top priorities for 2020.

TSA Administrator expected to temporarily fill No. 2 role at Homeland Security (ABC-7) Transportation Security Administration Administrator David Pekoske is expected to be named acting deputy secretary at the Department...

NYC tech commissioner left Atlanta job shortly before crippling cyberattack (New York Post) City Hall’s bumbling tech czar previously held a similar job in Atlanta — which was crippled by a cyberattack shortly after he left for the Big Apple. Samir Saini, who’s enmeshed in a scandal over …

Litigation, Investigation, and Law Enforcement

The Secret Sharers (Foreign Affairs) In three short responses, Peter Feaver, Allison Stanger, and Michael Walzer discuss the legitimacy of whistle-blowing in the Trump administration, debating whether the cascade of leaks from the White House and other parts of the executive serves to protect or undermine American democracy.

A former NSA attorney explains the US case against Assange (Quartz) "It is entirely possible that Assange might have information on other matters...and he might at some point decide that he wants to cooperate."

We should block extradition of Assange, claims Diane Abbott (Times) The shadow home secretary defended Julian Assange against allegations he raped a woman in Sweden and called for the UK to oppose his extradition. Diane Abbott said “we all know what this is about”...

Breaking Down the Hacking Case Against Julian Assange (WIRED) WikiLeaks founder Julian Assange faces extradition to the United States, but not for leaking classified information.

Analysis | Digging into the details of the indictment against Julian Assange (Washington Post) Explaining everything from conspiracy to rainbow tables.

Analysis | What we know — and don’t know — about WikiLeaks, Julian Assange and the 2016 campaign (Washington Post) An overview of Assange's most recent efforts to influence American politics.

If Assange Burgled Some Computers, He Stopped Being a Journalist (Bloomberg) WikiLeaks and its creator can't shelter themselves inside the cloak of journalism and the truth if he helped hack the U.S. government.

Opinion | Is Julian Assange a journalist, or is he just an accused thief? (Washington Post) Supporters of the WikiLeaks’ founder say his case is about press freedom. The government says it’s about trying to steal secret information.

Is Wikileaks Founder Julian Assange A Spy Or Publisher? Probably Both (The Federalist) While I’m sympathetic to the principled arguments being employed by Assange defenders, I’m not sure they’re as applicable in this case.

Analysis | The Cybersecurity 202: Security experts irked U.S. prosecutors used anti-hacking law to nab Julian Assange (Washington Post) They say the law, which pre-dates the modern Internet, is "ridiculously broad."

WikiLeaks’ Assange arrested in London, faces US charge (Fifth Domain) British police arrested Assange after the South American nation decided to revoke the political asylum that had given Assange sanctuary for almost seven years. In Washington, the U.S. Justice Department accused Assange with conspiring with Chelsea Manning to break into a classified government computer at the Pentagon.

After years of debate, Trump administration chose to pursue criminal case against Assange (Washington Post) The leader of the anti-secrecy website was arrested Thursday in London.

Why Ecuador Finally Got Sick of Assange and Threw Him Out (The Daily Beast) The Justice Department is set to announce charges against the Wikileaks founder after he was dragged from Ecuador’s embassy in London.

The Latest: Quito arrest part of Assange probe (Washington Post) Friends of a Swedish software developer arrested in Ecuador as part of a probe into Julian Assange’s alleged efforts to stave off his eviction from the country’s embassy are describing him as a soft-spoken geek

Apple's legal battle over its patents could yield another big winner: Leidos (Washington Business Journal) Because of royalities it derives from four patents, Leidos stands to have a lot to potentially gain in two ongoing lawsuits between Apple and a company called VirnetX. Apple is battling internet security software company VirnetX over claims of patent infringement...

Rod Rosenstein Defends Justice Department Handling of Mueller Report (Wall Street Journal) Deputy Attorney General Rod Rosenstein defended the Justice Department’s handling of the special counsel’s still-secret report, saying Attorney General William Barr is “being as forthcoming as he can” about redacting and releasing the document.

Inside the Russian effort to target Sanders supporters — and help elect Trump (Washington Post) Sanders “was central to their strategy,” a researcher says after a new examination of Twitter data.

Obama White House counsel Gregory Craig charged by federal prosecutors over alleged Ukraine lies (CNBC) Craig is charged with lying about work that his law firm was doing for Ukraine during an Oct. 19, 2017, special counsel interview.

Byron York: Barr is right, spying on Trump campaign did occur (Washington Examiner) Democrats and some in the media expressed shock and outrage when Attorney General William Barr said Wednesday that "spying did occur" on the Trump campaign during the 2016 election.

Google Seeks Dismissal of Claims Over Google+ Data Leaks (Bloomberg Law) Google LLC asked a federal court to dismiss a proposed class action over data leaks caused by two software bugs in its now-defunct Google+ social network platform.

U.S. jury finds two Romanians guilty of stealing credit card info, infecting 400,000 computers (CyberScoop) A federal jury on Thursday convicted two Romanian nationals of aggravated identity theft and wire fraud, among other charges, for a scheme to use malware to steal credit card information and then sell that data on underground websites.

AP source: Prosecutors to meet with Bezos in extortion probe (Washington Post) Federal prosecutors in New York are planning to meet with Amazon CEO Jeff Bezos about his allegations that the National Enquirer tried to blackmail him with help from Saudi Arabia

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Boston Cybersecurity Conference (Chicago, Illinois, USA, June 20, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Tampa Cybersecurity Conference (Tampa, Florida, USA, June 27, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Minneapolis Cybersecurity Conference (Minneapolis, Minnesota, USA, July 11, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Raleigh Cybersecurity Conference (Raleigh, North Carolina, USA, July 18, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

New York City Cybersecurity Conference (New York, New York, USA, August 1, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Upcoming Events

ISC West 2019 (Las Vegas, Nevada, USA, April 10 - 12, 2019) ISC West is THE largest security industry trade show in the U.S. At ISC West, you will have the chance to network with over 30,000 security professionals through New Products & Technologies encompassing...

IMPACT ’19 (Chantilly, Virginia, USA, April 15 - 17, 2019) Prepare for the changes ahead and get out in front of the compliance curve by attending the 34th annual NSI IMPACT Forum on April 15-17 at the Westfields Marriott in Chantilly, VA. The theme of this year’s...

San Antonio Cybersecurity Conference (San Antonio, Texas, USA, April 16, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

2019 Industrial Control Systems (ICS) Cyber Security Conference (Singapore, April 16 - 18, 2019) As the largest and longest-running cyber security-focused conference for the industrial control systems sector, the event caters to the energy, utility, chemical, transportation, manufacturing, and other...

Cybersecurity: 5th Generation Threats- What we know, should know, and don't know. (Santa Barbara, California, USA, April 17, 2019) Cyber threats capable of massive economic and social disruption are poorly understood and vastly underestimated. Cybersecurity is a continuing arms race. This panel/presentation will review the state...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.