skip navigation

More signal. Less noise.

What if your security strategy added zeros to your bottom line?

Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.

Daily briefing.

The US Special Counsel's report on Russian interference in the 2016 Presidential election was released in redacted form yesterday, finding insufficient evidence of collusion (that is, conspiracy and coordination) between the Trump campaign and Russian intelligence services, and offering no recommendation on obstruction.

The Mueller Report's conclusions about Russian operations are unambiguous: the GRU's Unit 26165 did the hacking, and the Internet Research Agency managed the influence campaign. The Report also concluded that the GRU's Unit 74455 retailed the results of the doxing through its subsidiaries DCLeaks and Guccifer 2.0, and through a sympathetic WikiLeaks.

TechCrunch reviews how the GRU worked: spearphishing, followed by credential theft. Once inside targeted networks the attackers used Mimikatz to harvest credentials. They used X-Agent for screenshots and keylogging, and W-Tunnel for data exfiltration. Middle servers were used to obfuscate the destination of the traffic. The discussion seems to be all about the GRU, Fancy Bear, with its FSB colleague Cozy Bear not earning a mention, unless it's buried obscurely in the report's 448 pages.

Iran's APT34, the hacking group also known as OilRig, is itself being doxed. A Telegram channel called "Read My Lips" is dumping the group's tools and some of its identities online. WIRED compares them to the ShadowBrokers. Whoever they are (neither disgruntled insiders, opposition groups, nor foreign intelligence services can be ruled out) their declared motive is exposing "this regime’s real ugly face."

KrebsOnSecurity thinks the hackers behind the Wipro attack may be a criminal gang, not necessarily a nation-state.


Today's issue includes events affecting Canada, Chile, China, India, Iran, Italy, Republic of Korea, Malawi, Pakistan, Russia, Singapore, United States, and Vietnam.

Earn Your Master’s in Cybersecurity from Georgetown

Looking to advance your cybersecurity career? Check out Georgetown University's graduate program in Cybersecurity Risk Management. Ideal for working professionals, our program offers flexible options to take classes online, on campus, or through a combination of both—so you don’t have to interrupt your career to earn your degree. You'll leave the program with the expertise you need to effectively manage risks and navigate today’s increasingly complex cyber threats. Explore the program.

In today's podcast, out later this afternoon, we speak with our partners at Accenture Labs, as Malek Ben Salem discusses the Cisco Talos report on malware markets in Facebook groups. Our guest is Barbara Lawler from Looker Data Sciences who talks about GDPR, CCPA and the coming wave of privacy legislation.

Global Cyber Innovation Summit (Baltimore, Maryland, United States, May 1 - 2, 2019) This unique, invitation-only forum brings together a preeminent group of leading Global 2000 CISO executives, cyber technology innovators, policy thought leaders, and members of the cyber investment community to catalyze the industry into creating more effective cyber defenses. Request an invitation today.

Cyber Attacks, Threats, and Vulnerabilities

Security flaw in French government messaging app exposed confidential conversations (TechCrunch) The French government just launched its own messaging app called Tchap in order to protect conversations from hackers, private companies and foreign entities. But Elliot Alderson, also known as Baptiste Robert, immediately found a security flaw. He was able to create an account even though the serv…

Wipro Intruders Targeted Other Major IT Firms (KrebsOnSecurity) The crooks responsible for launching phishing campaigns that netted dozens of employees and more than 100 computer systems last month at Wipro, India’s third-largest IT outsourcing firm, also appear to have targeted a number of other competing providers, including Infosys and Cognizant, new evidence suggests. The clues so far suggest the work of a fairly experienced crime group that is focused on perpetrating gift card fraud.

New malware in old Excel skins (Avira Blog) Why worry about making a new malware trick when you can tweak an old Excel spreadsheet to do the job for you? Hackers are now doing just that: They are using new techniques to leverage their attacks based on a feature over 25 years old called Excel 4.0 (XLM macros). Despite the age, this feature …

A Mystery Agent Is Doxing Iran's Hackers and Dumping Their Code (WIRED) Iranian intelligence seems to be getting its own taste of a Shadow Brokers-style leak of secrets.

Cyber-crime group TA505 using legitimate remote administration tool to target organisations (SC Magazine) Cyber-crime group TA505 leverages 'Remote Manipulator system', a legitimate RAT, to target major retailers & financial organisations in the US, Chile, India, Italy, Malawi, Pakistan, & South Korea.

Unexpected protection added to Microsoft Edge subverts IE security (Ars Technica) Permissions that Edge added to downloaded files break important security feature.

Easter Attack Affects Half a Billion Apple iOS Users (Threatpost) The U.S-focused eGobbler malvertising attacks are exploiting an unpatched Google Chrome bug.

Facebook now says its password leak affected ‘millions’ of Instagram users (TechCrunch) Facebook has confirmed its password-related security incident last month now affects “millions” of Instagram users, not “tens of thousands” as first thought. The social media giant confirmed the new information in its updated blog post, first published on March 21. “We…

Unsecured Databases Leak 60 Million Records of Scraped LinkedIn Data (BleepingComputer) Eight unsecured databases were found leaking approximately 60 million records of LinkedIn user information. While most of the information is publicly available, the databases contain the email addresses of the LinkedIn users.

Weather Channel Knocked Off-Air in Dangerous Precedent (Threatpost) The incident was the work of malicious cyberattackers.

The Weather Channel knocked off air by 'malicious software attack' (CNN) The Weather Channel was knocked off the air Thursday morning by what it said was a malicious software attack on the network.

Fraudsters Exploit Sympathies Surrounding Notre Dame Tragedy (Infosecurity Magazine) Following the tragic events in Paris, cyber-criminals have taken advantage of people's goodwill.

Here are few Game of Thrones phishing scams you should know about and how to avoid them (KnowBe4) Here are few Game of Thrones phishing scams you should know about and how to avoid them

Dark Web Fraudsters Defraud Each Other with Fraud Guides (Infosecurity Magazine) Terbium Labs reveals old, incomplete and repackaged how-to guides flooding the dark web

A Dozen Mirai Botnet Easter Eggs—Revealing the Lighter Side of Malicious Code (LMG Security) While there is very litttle that is funny about the Mirai botnet malware, we found a dozen funny Easter eggs in this malicous code. Read it for a laugh and to find out what these Easter eggs can tell you about the code's author.

Cape college: Most of $800K stolen in cyberattack recovered (South Coast Today) Officials say more sophisticated security software in place.

Cyberattack hits Augusta municipal operations; City Center closed (Kennebec Journal and Morning Sentinel) Officials say a nasty, intentionally deployed virus shut down public safety computers and made the city's entire network unusable, but the phone system and public safety radio system were not affected.

Stratford still without email, info network after cyber-attack (Kitchener) The City of Stratford is still dealing with the aftermath of a cyber-attack that hit the city earlier this week.

Cyber Trends

Never Forget That You Are Being Watched (HackRead) What data do Facebook, Google, and mobile apps collect, do mobile carriers listen to your calls? Read this post and find answers to these and other privacy questions as well as get tips on how to protect your personal data.

Exploring the Biggest Cybersecurity Issues Businesses Are Facing in 2019 (SAP) Everywhere a business looks, there are risks, pitfalls, threats, and potential problems.

Two Out of 5 Americans Have Experienced Online Harassment (PCMAG) And two-thirds have witnessed it happening. Here's a rundown of the seven major types of online harassment and some tips on how to stop it.


How and Why E-cyclers are Becoming Data Security Experts (Waste360) Electronics processors are investing in high-tech shredders, data wipers and equipment and accruing certifications to ensure customers their data will be destroyed.

Government Actions Key to Building a Cyber Workforce (SIGNAL Magazine) The federal government can spur cyber education and entry into the workforce with a variety of incentives during and after schooling.

Caerphilly firm joins Tech Nation’s first national cyber security growth programme (Free Press Series) Tech Nation, the UK’s leading network for ambitious tech entrepreneurs, has announced the 20 fast-growth cyber scaleups accepted onto its first…

Northrop Grumman Awarded Cyber Enterprise Services Contract by US Air Force (Northrop Grumman Newsroom) The U.S. Air Force has selected Northrop Grumman Corporation (NYSE: NOC) to deliver Cyber Enterprise Services (CES) on U.S. Cyber Command’s Unified Platform. Northrop Grumman is one of five companies each...

RiskSense Adds Industry Luminaries to its Advisory Board (AP NEWS) RiskSense ®, Inc., pioneering risk-based vulnerability management and prioritization, today announced that six world-class technology executives have joined its board of advisors.

Products, Services, and Solutions

Capsule8 Supports Google Cloud Security Command Center with Security Partner Integration (West) Capsule8 to help Google Cloud SCC members consolidate findings and speed up response

Find Cyber Threats in Real Time (Finger Lakes Times) Milton Security Group, Inc.®, a leading cybersecurity company offering 24/7 monitoring, threat hunting, and incident response services, is pleased to announce its new Proof Of Value

SentinelOne Receives Coveted “In Process” FedRAMP Designation (BusinessWire) SentinelOne, the autonomous endpoint protection company, today announced its SentinelOne Platform, which combines best-in-class EPP and EDR capabiliti

Kaspersky Lab aims to improve security awareness with a training platform (IT PRO) Kaspersky Automated Security Awareness Platform teaches 350 new skills to all levels

Technologies, Techniques, and Standards

Incident Response Plan Saves Money (The National Law Review) The Ponemon Institute recently completed research, sponsored by IBM Resilient, entitled “The 2019 Cyber Resilient Organization,” which surveyed more than 3,600 security and IT professional

The Cybersecurity Automation Paradox (Dark Reading) Recent studies show that before automation can reduce the burden on understaffed cybersecurity teams, they need to bring in enough automation skills to run the tools.

Safeguarding Client Data: An Attorney's Duty to Provide 'Reasonable' Security (The Legal Intelligencer) Effective cybersecurity requires an ongoing, risk-based, comprehensive process that addresses people, policies and procedures, and technology, including training. Effective security also requires an understanding that security is everyone’s responsibility and constant security awareness by all users of technology.

Why Barr Will Deliver the Mueller Report to Congress on CD (WIRED) The humble compact disc takes a starring role in the rollout of the Mueller report. Which makes more sense than you might think.

Design and Innovation

Spies, Lies, and Algorithms (Foreign Affairs) Russian social media meddling in the 2016 U.S. election should serve as a wake-up call: U.S. intelligence community must shift its focus from counterterrorism to a suite of new technological threats, from AI to deepfakes and disinformation warfare.

When Futurism Led to Fascism—and Why It Could Happen Again (WIRED) The Italian Futurists praised invention, modernity, speed, and disruption. Sound familiar?

Research and Development

The deal with Quantum Computing and Cryptography (Infosecurity Magazine) Quantum computing continues to heat up as one of the major battlefields for security

Student develops algorithm to detect fake news under young defence scientists programme (Star Online) To tackle the problem of fake news, student Liu Haohui hopes the algorithm she has developed could help verify the reliability of news stories.

How Personality Traits Can Influence Online Behavior (Infosecurity Magazine) Anna Collard of Popcorn Training conducted a quiz on cyber strengths to get a deeper understanding of how personality traits influence online behavior


Only Free GenCyber Summer Camp in Connecticut Offered Again - University of New Haven (University of New Haven) Supported by the National Science Foundation and the National Security Agency, the GenCyber Agent Academy for high school students will take place July 22 to 27.

Legislation, Policy, and Regulation

Vietnam aims at becoming giant in cyber security (SGGP English Edition) Vietnam this year is going to announce its strategy on national digitalization in order to form a digital economy and society, as said by the Minister of Information and Communications Nguyen Manh Hung in the international conference on cyber security held yesterday in Hanoi.

How the Founding Fathers helped make the US cyber-resilient (Fifth Domain) A stable society, that can absorb attacks without falling into chaos, mayhem, and entropy, may be the most valuable tool in recovering from cyberattacks.

U.S. boosting cyber defenses in face of Russian threat: Shanahan (The Washington Times) America’s cadre of cyber warriors are working tirelessly to curb the threat posed by Russian attacks on U.S. military and civilian networks, including those highlighted in Special Counsel Robert Mueller’s investigation into Moscow’s interference in the 2016 election, acting Pentagon chief Patrick Shanahan said.

Analysis | Trump says ‘America must win’ the 5G race. Here’s what you need to know. (Washington Post) Beyond the hype, what are the promises and the risks?

GRID: How hacking threats spurred secret U.S. blacklist (E&E News) U.S. energy regulators are pursuing a risky plan to share with electric utilities a secret "don't buy" list of foreign technology suppliers, according to multiple sources.

Post-Shutdown, CISA Carves Out a Space in Cybersecurity (Technology Solutions That Drive Government) The relatively new DHS agency plans to work on cyber issues affecting both federal and state governments.

A Different Type of Federal Agency: How DHS’s Newest Cybersecurity Agency Can Help Your Business (JD Supra) Make no mistake about it, the Department of Homeland Security’s newest agency, the Cybersecurity and Infrastructure Security Agency (CISA) is serious...

From Tragedy Comes Action -- New Cyberbullying Law Said to Be Strongest in the Nation (Maryland Matters) A bill signed into law by Gov. Lawrence J. Hogan Jr. (R) on Thursday gives Maryland families unparalleled protections against online harassment aimed at their children, a leading lawmaker said, and could serve as a template for national legislation. Senate Bill 103 and its House companion HB 181 was dubbed Grace’s Law 2.0 by its …

Litigation, Investigation, and Law Enforcement

Report on the Investigation into Russian Interference in the 2016 Presidential Election (US Department of Justice) This report is submitted to the Attorney General pursuant to...

Read Attorney General Barr’s remarks on the Mueller report (Washington Post) Barr spoke to reporters before the release of the nearly 400-page report from special counsel Robert S. Mueller III. Here's what he said.

The Mueller Report (TechCrunch) The Special Counsel’s report into Russian interference in the 2016 U.S. presidential election is out. TechCrunch is exploring hacking, disinformation, surveillance and more.

The Mueller Report Is Out. Read It Here (WIRED) Attorney general William Barr has released the redacted Mueller report to Congress. You can read all 448 pages of it right here.

Read the full, redacted Mueller report (Washington Post) Attorney General William P. Barr has released the full, redacted report detailing Special Counsel Robert S. Mueller’s investigation into Russian interference in the 2016 election.

Key members of Congress will get more complete version of the Mueller report than the public, prosecutors tell judge (Washington Post) Revelation comes in filing in court case of Trump confidant Roger Stone.

Democrats to press Trump over 'obstruction' (BBC News) The long-awaited report clears President Trump of collusion but his opponents keep the heat up.

Mueller report lays out obstruction evidence against the president (Washington Post) The special counsel’s team did not accuse of Trump of crime but explained that doing so could ‘preempt constitutional processes for addressing presidential misconduct.’

The Mueller Report Is Much Worse for Trump Than Barr Let On (WIRED) The Mueller report clearly shows that Donald Trump attempted to obstruct justice, regardless of what the attorney general says.

Mueller report findings: Mueller rejects argument that Trump is shielded from obstruction laws (Washington Post) A team of Post reporters read the redacted Mueller report. Here’s what they found.

Mueller Report Details Trump Organization, Family Roles in Russia Probe (New York Law Journal) The president's personal and business interests intersected directly with the investigation by Special Counsel Robert Mueller into Russian interference, specifically as part of the June 2016 Trump Tower meeting and the pursuit of a Trump development in Moscow.

Mueller Considered Prosecuting Trump Tower Meeting Participants: Report (New York Law Journal) Donald Trump Jr., Paul Manafort and Jared Kushner were considered for campaign finance violations connected with the Russian government dirt on Hillary Clinton that led to the June 2016 meeting at Trump Tower.

Redaction — Quartz Obsession (Quartz) Redaction: Reading ◼︎◼︎◼︎◼︎◼︎◼︎◼︎ the lines

Mueller report sheds new light on how the Russians hacked the DNC and the Clinton campaign (TechCrunch) The Mueller report contains new information about how the Russian government hacked documents and emails from Hillary Clinton’s presidential campaign and the Democratic National Committee . At one point, the Russians used servers located in the U.S. to carry out the massive data exfiltration …

Illinois Voter Data Hack Part of Mueller Report (WTTW News) After two years of waiting, the Mueller report is now out. And Illinois gets a mention.

The FBI won't tell Florida officials which county election system may have been hacked by the Russians (Orlando Weekly) Florida officials say the FBI wouldn't immediately tell them which county election system may have been accessed by the Russians after a report from special counsel...

Robert Mueller: The Enigma Who Held Trump's Fate In His Hands ( After nearly two years of leading one of the most politically charged investigations the United States has seen, into whether President Donald Trump and his campaign colluded with Russia, Robert Mueller remains an enigma.

American Politics and Cybersecurity: The Origin Story (CyberVista) When Senator Kamala Harris announced her 2020 Presidential bid, she took aim at the current Administration, claiming that foreign powers are “infecting the White House like malware.

Contractors Are Giving Away America’s Military Edge (Bloomberg) The Pentagon needs to hold suppliers responsible for security lapses.

Hacking firm gets only $1,000 from suit against ex-employee; has to pay $25k after losing countersuit (The Straits Times) Italy-based spyware maker HT, or Hacking Team, was awarded nominal damages of $1,000 in its suit against a former employee, after the High Court on Thursday (April 18) rejected its claim for more than €6 million (S$9.15 million) in damages...

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

BSidesIowa (Des Moines, Iowa, USA, April 20, 2019) BSidesIowa is the longest running security conference in Iowa. It is back in 2019 for its 6th event! There will be a Capture The Flag event presented by SecDSM, as well as presentations and networking...

Insider Threat Program (ITP) Management - Insider Threat Detection & Data Analysis (Miami, Florida, USA, April 22 - 23, 2019) Insider Threat Program Management - Insider Threat Detection & Data Analysis Training The Insider Threat Defense Group will be holding its next class "Insider Threat Program (ITP) Management - Insider Threat Detection & Data Analysis", in Miami, FL, on April 22-23, 2019. At the completion of this training, students will be well versed on how to develop, implement, manage or enhance an ITP, and have the in-depth knowledge to gather, correlate and analyze an extensive amount of raw data sources to detect and mitigate Insider Threat Risks. The course has been taught to over 540+ organizations.

International Conference on Cyber Engagement (Washington, DC, USA, April 23, 2019) This year, the eighth annual International Conference on Cyber Engagement (ICCE) will be hosted for the first time by the Atlantic Council’s Scowcroft Center for Strategy and Security, in partnership with...

(ISC)² Secure Summit DC (Washington, DC, USA, April 23 - 24, 2019) (ISC)² Secure Summit DC evolved to assemble the best minds in cybersecurity for two days of insightful discussions, workshops and best-practices sharing. The goal of our event is to equip security leaders...

SecureWorld Toronto (Toronto, Ontario, Canada, April 24, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.