skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

TechCrunch reports that Sri Lankan authorities have shut down most social media in that country in an effort to prevent the spread of inflammatory rumor or disinformation. The restrictions follow a series of apparently coordinated suicide bombings that killed Christians at worship in Batticaloa, Colombo, and Negombo, and others, including guests staying at tourist hotels, at five other sites in Colombo. Police have arrested twenty-four, but no group has claimed responsibility. 

Agence France Presse observes that Sri Lankan security authorities issued an alert over a week ago warning police that chatter collected from various intelligence sources, suggested the likelihood of jihadist attacks by "Nations Thawahid Jaman" during the Christian Holy Week. It remains unclear whether that group organized the bombings. Reuters quotes experts who see ISIS or al Qaeda in the attack's methods. Sri Lankan Defense Minister Wijewardene attributed the massacres to followers of "religious extremism." CNN says almost three hundred are dead; about five hundred are wounded.

The Times reported Saturday that the CIA shared intelligence with Five Eyes partners establishing Huawei's significant funding by Chinese security services. The Times treats this as significant, which suggests their sources see investment amounting to control, not simply purchase of goods and services. (More significant than what the Washington Post notes in an unrelated editorial about Microsoft's AI research cooperation with a Chinese military university.)

Marcus Hutchins, sometime hero of WannaCry's kill-switch, pleaded guilty to US Federal charges involving making and selling malware for "surreptitious interception of wire, oral, or electronic communication."


Today's issue includes events affecting China, Germany, Japan, Russia, Sri Lanka, United Kingdom, United States.

Outsmarting Attackers with Deep Learning

Adversaries are creating new attacks at such a speed and volume that signature and sandbox-based threat detection can’t keep up. Deep learning can help. By exposing neural nets to threat data, deep learning can learn to identify malicious traffic, even zero days seen for the first time. But why are advances possible today? How does deep learning differ from machine learning? Where’s the best place to apply deep learning? Get the answers here.

In today's podcast, out later this afternoon, we speak with our partners at the Johns Hopkins University's Information Security Institute, as Joe Carrigan offers perspective on some recent password research from WP Engine.

Cybersecurity Impact Awards (Arlington, Virginia, United States, May 14, 2019) Winners of the Cybersecurity Impact Awards will be announced and recognized at the May 14, 2019 CYBERTACOS event. The event will start at 5:30 p.m. and the award presentation will begin at 6:00 p.m.! Join us afterwards for tacos and networking!

Cyber Investing Summit (New York City, New York, United States, May 16, 2019) The Cyber Investing Summit is a conference focused on financial opportunities and strategies in the cybersecurity sector. Join key decision makers, investors, and innovators to network, learn, and develop new partnerships May 16th in NYC. More information:

Cyber Attacks, Threats, and Vulnerabilities

CIA Offers Proof Huawei Has Been Funded By China's Military And Intelligence (Forbes) According to reports on Saturday, the CIA has shared evidence with agencies across the Five Eyes that Huawei has received funding from China's military and state intelligence. If true, this collapses the company's defense against Washington's claims of collusion and throws the battle wide open.

CIA warning over Huawei (Times) A Chinese telecoms giant that wants to supply vital technology for Britain’s new 5G mobile network has received funding from branches of Beijing’s state security apparatus, the CIA has told spy...

The growing partnership between Russia's government and cybercriminals (CBS News) An Obama administration national security official tells 60 Minutes, "Increasingly, you cannot tell which is which when it comes to the criminal and the intelligence agency."

Russia's increasingly working with cyber criminals, former national security official warns (Axios) "[T]he head of the crime family is Putin," John Carlin tells "60 Minutes."

Wipro says critical business operations unaffected by cyber attack (Hindu Businessline) Wipro Ltd on Friday said a cyber attack on few of its employee accounts has not impacted its critical business operations and the firm has taken remedial measures.In a regulatory filing, the company s

Wipro cyber attackers may have hit Infosys, Cognizant (The Times of India) India Business News: Security blog KrebsOnSecurity, which on Tuesday reported a phishing attack on Wipro, has said in a new post that the attackers may have also targeted

Data of Millions of Iranian Ride App Drivers Exposed (Threatpost) A researcher said that millions of records were leaking Tap30 drivers' names, ID numbers and phone numbers.

Shopify Flaw Exposed Thousands of Merchants’ Revenue, Traffic (Threatpost) The flaw, which existed in a Shopify API endpoint, has been patched.

The 2020 Campaigns Are Still Vulnerable to Cyber Attacks. Here's Why (Time) Most haven't even finalized their tech plans

After Social Media Bans, Militant Groups Found Ways to Remain (New York Times) Hezbollah and other groups classified as terrorist organizations by the United States have changed their social media strategies to stay on Facebook, YouTube and Twitter.

WhatsApp Has Become A Hotbed For Spreading Nazi Propaganda In Germany (BuzzFeed News) BuzzFeed News has documented hundreds of uses of anti-Semitic or otherwise pro-Nazi stickers used in WhatsApp groups, despite those images being illegal in Germany.

Old-school cruel: Dodgy PDF email attachments enjoying a renaissance (Register) Let's go back... way back

That mental health app might share your data without telling you (The Verge) ‘Do I trust the person who made the app, and do I understand where this data is going?’

Medical Files of 145,000 Vulnerable Rehab Patients Carelessly Leaked Online (Gizmodo) The leaks are never-ending; but naturally, some are more sensitive than others.

How your credit card data gets shared with cyber criminals when you book a hotel (Ladders | Business News & Career Advice) The study examined over 1,500 hotel websites in 54 different countries, in all ranges, and included chains and independent properties.

Security Patches, Mitigations, and Software Updates

French government releases in-house IM app to replace WhatsApp and Telegram use (ZDNet) French government open-sources in-house-made end-to-end encryption IM app named Tchap.

Cyber Trends

Bitcoin Mining Finally Profitable - Does That Prove We're in a Bull Market? (CCN) By CCN: According to Alex Krüger, an economist and a global markets analyst, the breakeven cost for efficient bitcoin mining operations currently hovers at around $3,550. Across major cryptocurrency markets, the bitcoin price is at $5,265,

Reeling us in: How phishing email scams keep getting smarter (SiliconANGLE) Reeling us in: How phishing email scams keep getting smarter

Thai internet infections more than doubled in 2018, says Kaspersky (The Nation) Kaspersky Lab on Monday released its 2018 security bulletin containing local information and an overview of the threats that faced Thailand over the past year.

Cyber attack: Hyderabad at moderate risk, Telangana relatively safer than other states (The New Indian Express) Hyderabad is at moderate risk of cyber attacks and hacks.


Is Cyber-Risk Insurable? (Legaltech News) In an environment of moving targets, it seems unimaginable that insurance against cybersecurity attacks can be robust enough to provide real protection. But the possibility of suffering an attack is well accepted, and policies must be carefully read and updated as risks increase and change over time.

'Companies are seldom treated like this': how Huawei fought back (the Guardian) To dispel US suspicions, Chinese telecom firm welcomed dozens of journalists into its labs

Ban on Huawei will leave Europe trailing behind the US in 5G, says Qualcomm boss (The Telegraph) A ban on Huawei equipment risks leaving Europe trailing behind the US on 5G technology, the European chief executive of mobile chip giant Qualcomm has warned.

Opinion | Microsoft worked with a Chinese military university on AI. Does that make sense? (Washington Post) U.S. companies shouldn’t rule out useful collaborations.

Palo Alto Networks: A Growth Leader In Cybersecurity (Seeking Alpha) Palo Alto Networks is a growth leader in the exciting cybersecurity industry. Acquisitions and cross-selling are major growth engines for the company. Palo Alto

Three-Fourths of Consumers Don't Trust Facebook, Threatpost Poll Finds (Threatpost) On the heels of several Facebook data privacy snafus this week – and over the past year – users no longer trust the platform.

How Does The Express Logic Acquisition Help Microsoft And The IoT Ecosystem (Forbes) The investments in embedded software and RTOS combined with a scalable and secure IoT platform on Azure transform Microsoft into a leader in industrial IoT and automation.

Dashlane nets $30 million, plus more top funding news for New York-based companies (ABC7 New York) New York-based identity management company Dashlane has secured $30 million in debt financing. Read on for the latest news in venture capital in the local area.

Startup JASK Outpacing Splunk In $13B Cyberthreat Analysis Market (Forbes) A startup says it wins over 50% of the time against Splunk. Should Splunk investors be concerned?

Bishop Fox Adds Managed Security Leader (Channelnomics) Industry vet Rose will spearhead MSSP development at Phoenix firm.

Products, Services, and Solutions

Aurora offers free internet security course to residents (Aurora Beacon-News) The city of Aurora is offering residents a free course in home internet security.

Utility data aggregator Urjanet passes enhanced security exams (Bankless Times) Urjanet, a provider of utility data aggregation services, this week announced it has successfully completed a System and Organization Controls (SOC) 2 Type I examination, which included the Securit…

Technologies, Techniques, and Standards

How Not To Handle a Security Breach as an MSP (Redmond Channel Partner) The ongoing security and public relations mess at Wipro, a massive IT outsourcing company based in India with many major U.S. customers, provides an object lesson in how not to handle a security incident as a managed service provider (MSP).

Hide your browsing history from your ISP so they don't sell your info (The Kim Komando Show) Even if you're taking steps to keep information away from scammers, it's still most likely not protected from your internet service provider. ISPs are able to not only see every online move you make, but also your locations. However, there are way…

Safeguarding Personal Information Online (Safeguarding Personal Information Online) Have you ever Googled yourself before? Did you know that your birthday, home address, marriage records, phone numbers, email addresses, net worth, medical conditions, and much more are available online for ANYONE to access? Well, this is true!

Research and Development

IARPA expands research on protecting AI systems from tampering (Biometric Update) The U.S. government’s Intelligence Advanced Research Projects Activity (IARPA) is planning a pair of programs to prevent training data from being maliciously tampered with to turn artificial intell…

Forcepoint receives blockchain patent for behavior-scanning security technology (Inside Bitcoins) Forcepoint, an American cybersecurity company, has recently been given a blockchain patent, assumedly due to a new project that utilizes the digital distributed ledger.


Edinburgh University ‘supping with devil’ in Huawei partnership (Times) Scottish academics may be “supping with the devil” by helping a telecoms giant funded by Chinese state security to connect surgical robots and emergency services devices to the internet, experts warn.

Rohde & Schwarz and Helmut Schmidt University Hamburg Conduct Joint Research (News Wire Today) Strategic research partnership to focus on artificial intelligence, machine learning and big data analytics in the field of network analytics and security

Citadel offering free, all-girl cybersecurity summer camp (Charleston City Paper) The program accepts 8th-12th graders in the Charleston area

Innovative Online Program Prepares Students For Jobs in Cybersecurity (The University Network) College students and recent graduates in 27 states now have an opportunity to discover their talents and pursue professional careers in cybersecurity, thanks to the emergence of the ​Cyber FastTrack​ program, an initiative of the ​SANS Institute​, a distinguished cybersecurity company.

Silicon Valley Came to Kansas Schools. That Started a Rebellion. (New York Times) Public schools in Kansas rolled out a web-based learning platform backed by Facebook’s Mark Zuckerberg. Now students have staged walkouts and sit-ins. Their parents have organized.

Legislation, Policy, and Regulation

Sri Lanka blocks social media sites after deadly explosions (TechCrunch) The government of Sri Lanka has temporarily blocked access to several social media services following deadly explosions that ripped through the country, killing at least 207 people and injuring hundreds more. Eight bombings were reported, including during Easter services at three churches, on the h…

Russia’s Sovereign Internet Law Will Destroy Innovation (The Moscow Times) Opinion | By the time the law is implemented, Russia will be lagging behind the rest of the world.

Japan, US Confirm Cyber-Attacks in Scope of Security Treaty ( The move is aimed at monitoring movements of military satellites operated by China and Russia.

A cyber-attack in Japan could now bring the US into war (Quartz) In a briefing yesterday, US officials agreed that a cyber-attack on Japan could constitute an armed attack under Article 5 of the US-Japan Security Treaty.

Setting Global Rules in Cyberspace (The Cipher Brief) Cyber Norms are critical 'rules of the road' countries need to agree to in order to bring stability to the Internet. So why are they so hard to agree to?

Is Huawei Being Used To Stop The U.S. Sharing Intelligence With Its Allies? (Forbes) The battle between Washington and Huawei, under the watchful gaze of Beijing, has been framed around cybersecurity. But what if it was more complex? What if the disruption to international intelligence-sharing arrangements now being discussed was the focus all along?

The US is attacking Huawei and China — without its own 5G strategy (CNBC) Experts say the Trump administration lacks a clear approach to 5G that goes beyond attacking Chinese telecom giant Huawei.

Opinion | It’s up to Congress to prevent Russian interference from happening again (Washington Post) It will cost money to block Moscow’s future intrusions, but it’s well worth the expense.

NSA Views IoT Cyber Bill As Key Security Booster (Meritalk) With the increasing ubiquity of internet of things (IoT) devices and the vast expansion of the cyber attack surface that those devices create, National Security Agency (NSA) IoT Enterprise Functional Team Lead Arlene Santos is emphasizing the importance of the IoT Cybersecurity Improvement Act reintroduced in Congress last month as way to address the cybersecurity concerns posed by rapid IoT device growth.

Platforms Want Centralized Censorship. That Should Scare You (WIRED) Opinion: Controlling the spread of insidious content online is extremely difficult—but combining efforts across platforms raises serious threats to free expression.

Litigation, Investigation, and Law Enforcement

Sri Lanka attacks likely the work of Islamist militants: experts (Reuters) Coordinated Easter Sunday bombings at churches and hotels in Sri Lanka bore the ...

Sri Lanka bombings death toll rises to 290 in 'brand-new type of terrorism' (CNN) Eight coordinated explosions that tore through churches and hotels in Sri Lanka on Easter Sunday have killed at least 290 people and injured another 500, in what officials have called a "brand-new type of terrorism."

At least 207 killed in Easter Sunday attacks on churches and hotels (Washington Post) The blasts in the churches took place about 8:45 a.m. in the cities of Colombo, Negombo and Batticaloa. More than 400 people were injured.

Blasts at Sri Lanka hotels and churches kill nearly 160 (AFP) A series of eight devastating bomb blasts ripped through high-end hotels and churches holding Easter services in Sri Lanka on Sunday, killing nearly 160 people, including dozens of foreigners.

Is Sri Lanka Easter Massacre a Bid to Revive Global Holy War? (The Daily Beast) Whoever carried out the coordinated massacre at churches and hotels in Sri Lanka, the shock waves will be felt near and far.

Mueller Report Sheds Light on Russia’s Concerns Over U.S. Sanctions (Wall Street Journal) Russian President Vladimir Putin expressed concern about the prospect of further U.S. sanctions and urged a banking executive to establish contact with the incoming Trump administration following the 2016 U.S. election, according to the Mueller report.

Mueller's Restraint, Barr's Press Conference: Here's What Lawyers Are Saying (New York Law Journal) Lawyers have a lot to say about Mueller, Barr and Trump. Here are some observations from George Conway, Ken Starr, Bob Bauer, George Terwilliger and many others.

Mueller Report Raises New Questions About Russia's Hacking Targets In 2016 (NPR) The special counsel's report said the FBI believes Russian military intelligence was able to gain access to at least one Florida county government's computer network during the 2016 campaign.

Opinion | The Mueller report is not an impeachment referral (Washington Post) A federal prosecutor charged with investigating possible crimes would recognize that telling Congress what to do is not his role.

What’s in the Mueller report (Washington Post) Explore the key phrases and names that appear throughout the 448-page document.

Mueller report is quite the page-turner (CNN) There was ammunition for Trump critics and defenders in the 448-page report. Republicans want to turn the page, saying the report clears Trump of collusion allegations. Democrats are turning its pages to unearth evidence for further investigation of the President.

Analysis | What Attorney General Barr said vs. what the Mueller report said (Washington Post) As it turns out, the attorney general took liberties in describing the results of special counsel Robert S. Mueller III's investigation.

Mueller Report Likely to Renew Scrutiny of Steele Dossier (New York Times) The special counsel revealed that some claims in the dossier appeared to be false while others were impossible to prove. Republicans have vowed to investigate.

Mueller Report: Individuals Deleted Data During Investigation (Infosecurity Magazine) Mueller's report states that data was deleted relating to the investigation.

Ten post-Mueller questions that could turn the tables on Russia collusion investigators (TheHill) Now investigators must determine whether the FBI improperly colluded with paid agents of Democratic rival Hillary Clinton’s campaign.

Robert Mueller Did Not Merely Reject the Trump-Russia Conspiracy Theories. He Obliterated Them. (The Intercept) Certain facts will never go away no matter how much media elites deny them. That Mueller charged no Americans with election conspiracy crimes is the most fatal.

Mueller's report looks bad for Obama (CNN) Scott Jennings writes that a key takeaway from the Mueller report is that Barack Obama's administration failed the United States with its tepid response to Russian interference in our democracy.

Mueller Report Fallout Pressures Democrats to Impeach Trump (WIRED) Congressional Democrats have punted on the question of impeaching Donald Trump. The Mueller report makes that calculus much harder.

Facebook CEO Mark Zuckerberg said to be under close scrutiny in federal privacy probe (Washington Post) Federal regulators investigating Facebook for mishandling its users’ personal information have set their sights on the company’s chief executive, Mark Zuckerberg, exploring his past statements on privacy and weighing whether to seek new, heightened oversight of his leadership.

The Antitrust Case Against Facebook: a turning point in the debate over Big Tech and monopoly (Boing Boing) The Antitrust Case Against Facebook: a turning point in the debate over Big Tech and monopoly

He Stopped a Global Cyberattack. Now He’s Pleading Guilty to Writing Malware. (New York Times) Marcus Hutchins, a British security researcher credited with halting a huge outbreak of ransom software in 2017, accepted United States charges over previous activity.

British hacker who helped shut down NHS cyber attack pleads guilty to US malware charge (The Independent) Hacker, known as Malwaretech, says he regrets actions and will continue ‘keeping people safe from malware attacks’

Marcus “MalwareTech” Hutchins Pleads Guilty to Writing, Selling Banking Malware (KrebsOnSecurity) Marcus Hutchins, a 24-year-old blogger and malware researcher arrested in 2017 for allegedly authoring and selling malware designed to steal online banking credentials, has pleaded guilty to criminal charges of conspiracy and to making, selling or advertising illegal wiretapping devices.

WannaCry hero Hutchins now officially a convicted cybercriminal (Naked Security) The youngster who spent his own money to protect people from the WannaCry virus has pleaded guilty to malware-related cybercrime charges.

Security researcher MalwareTech pleads guilty (ZDNet) WannaCry hero faces up to ten years in a US prison.

Security Researcher Pleads Guilty To Malware Writing Charges (BleepingComputer) Security researcher Marcus Hutchins pled guilty on Wednesday to writing malware and aiding with its distribution with the help of a partner.

What Was the Chinese Woman Arrested at Mar-a-Lago Really Up To? A Former Spy Helps Us Figure It Out. (POLITICO Magazine) Want to know whether she’s a bumbling Chinese spook or an innocent tourist who loves her hi-tech devices? This can help you figure it out.

Was it a Chinese spy or confused tourist? (Security Boulevard) Politico has an article from a former spy analyzing whether the "spy" they caught at Mar-a-lago (Trump's Florida vacation spot) was actually a "spy". I thought I'd add to it from a technical perspective about her malware, USB drives, phones, cash, and so on.

US warns ‘India-based call centre scam industry’ (Hiindustan Times) Patel was charged in 2016 along with 55 people, most of them of Indian descent, and five companies in the alleged massive scam

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Insider Threat Program (ITP) Management - Insider Threat Detection & Data Analysis (Miami, Florida, USA, April 22 - 23, 2019) Insider Threat Program Management - Insider Threat Detection & Data Analysis Training The Insider Threat Defense Group will be holding its next class "Insider Threat Program (ITP) Management - Insider Threat Detection & Data Analysis", in Miami, FL, on April 22-23, 2019. At the completion of this training, students will be well versed on how to develop, implement, manage or enhance an ITP, and have the in-depth knowledge to gather, correlate and analyze an extensive amount of raw data sources to detect and mitigate Insider Threat Risks. The course has been taught to over 540+ organizations.

International Conference on Cyber Engagement (Washington, DC, USA, April 23, 2019) This year, the eighth annual International Conference on Cyber Engagement (ICCE) will be hosted for the first time by the Atlantic Council’s Scowcroft Center for Strategy and Security, in partnership with...

(ISC)² Secure Summit DC (Washington, DC, USA, April 23 - 24, 2019) (ISC)² Secure Summit DC evolved to assemble the best minds in cybersecurity for two days of insightful discussions, workshops and best-practices sharing. The goal of our event is to equip security leaders...

SecureWorld Toronto (Toronto, Ontario, Canada, April 24, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...

Cybertech Midwest 2019 (Indianapolis, Indiana, USA, April 24 - July 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.