skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

Researchers at Symantec are tracking a cryptojacking campaign that for now seems mostly to affect businesses in China. They're calling the campaign "Beapy," and the worm involved appears to be using the EternalBlue exploit to spread. So far Beapy has left individual users largely alone: it shows a distinct preference for enterprises.

KnownSec 404 has discovered a zero-day in Oracle web servers. Two WebLogic components, wls9_async and wls-wsat, are susceptible to remote code execution. There's no patch yet, and KnownSec 404 recommends either removing the two problematic components and restarting the servers, or firewalling the paths an attack might exploit.

A Recorded Future study indicates the degree to which credential-stuffing tools have become widely available criminal commodities. It’s possible to mount a credential-stuffing campaign for as little as five-hundred-fifty dollars. That investment is often repaid twentyfold. It’s a criminal-to-criminal market: the money's made in reselling stolen credentials. Recorded Future says there are six major account-checking toolkits available, with dozens of also-rans being hawked in dark web souks as well.

A cabinet dust-up over who talked out of school about a decision to allow Huawei participation in the UK's 5G build-out, at least in such "non-core" technologies as antennas, may give rise to a criminal investigation, the Telegraph reports.

According to the Washington Post, investigation into the Easter massacres in Sri Lanka has identified at least eight of the nine suicide bombers. Three were members of one of the country's wealthiest families; the family patriarch is among those who've been arrested.


Today's issue includes events affecting Afghanistan, Australia, Canada, Egypt, European Union, Iraq, NATO/OTAN, New Zealand, Poland, Romania, Russia, Spain, Sri Lanka, Syria, United Kingdom, United States.

Bring your own context.

People see something fishy in a reported server crash that rendered alt-coin wallets of those trading in contraband on the Wall Street Market inaccessible, and many think they see an exit scam in progress. But it appears the server crash now holds a place in the discourse of excuses. In this regard our middle school desk explained that no one says "the dog ate my homework" anymore.

"Nope. Now we say 'the algorithm erased it.' It’s kind of like a server crash. Or a bad dog." Jack Bittner, of the CyberWire Middle School Desk, on the CyberWire Daily Podcast, 04.25.19.

The algorithms remained unavailable for comment.

Outsmarting Attackers with Deep Learning

Adversaries are creating new attacks at such a speed and volume that signature and sandbox-based threat detection can’t keep up. Deep learning can help. By exposing neural nets to threat data, deep learning can learn to identify malicious traffic, even zero days seen for the first time. But why are advances possible today? How does deep learning differ from machine learning? Where’s the best place to apply deep learning? Get the answers here.

In today's podcast, out later this afternoon, we speak with our partners at the SANS Institute, as Johannes Ullrich (Dean of Research and proprietor of the ISC Stormcast podcast) tells us about the increase in DHCP client vulnerabilities he’s been tracking. Our guest is Anura Fernando from UL on the technological and regulatory challenges of medical devices and wearables.

Cybersecurity Impact Awards (Arlington, Virginia, United States, May 14, 2019) Winners of the Cybersecurity Impact Awards will be announced and recognized at the May 14, 2019 CYBERTACOS event. The event will start at 5:30 p.m. and the award presentation will begin at 6:00 p.m.! Join us afterwards for tacos and networking!

Cyber Investing Summit (New York City, New York, United States, May 16, 2019) The Cyber Investing Summit is a conference focused on financial opportunities and strategies in the cybersecurity sector. Join key decision makers, investors, and innovators to network, learn, and develop new partnerships May 16th in NYC. More information:

Cyber Attacks, Threats, and Vulnerabilities

Beapy: Cryptojacking Worm Hits Enterprises in China (Symantec) Cryptojacking campaign we have dubbed Beapy is exploiting the EternalBlue exploit and primarily impacting enterprises in China.

Cryptomining worm 'Beapy' targets Asian enterprises, ignores consumers (SC Media) Researchers have discovered a previously unknown, file-based cryptominer worm that has been heavily targeting enterprises based in Asia.

EternalBlue Exploit Serves Beapy Cryptojacking Campaign (BleepingComputer) A cryptojacking campaign uses NSA's leaked DoublePulsar backdoor and the EternalBlue exploit to spread a file-based cryptocurrency malware on enterprise networks in China.

The Economy of Credential Stuffing Attacks (Recorded Future) Insikt Group reviews popular tools used by cybercriminals to initiate credential stuffing and explores marketplaces that sell compromised credentials.

An inside look at how credential stuffing operations work (ZDNet) Data breaches, custom software, proxies, IoT botnets, and hacking forums -- all play a role.

The Anatomy of Highly Profitable Credential Stuffing Attacks (BleepingComputer) Even though credential stuffing is a popular method used by hacking groups to attack businesses since at least late 2014, there still is a lot to be uncovered about the techniques malicious actors use to run them.

DNSpionage actors adjust tactics, debut new remote administration tool (SC Media) The actors behind DNSpionage DNS hijacking campaign have introduced a new reconnaissance phase and a new malicious remote administration tool, Karkoff.

Emotet Uses Compromised Devices as Proxy Command Servers (BleepingComputer) A new Emotet Trojan variant has been observed in the wild with the added capabilities of using compromised connected devices as proxy command-and-control servers and of employing random URI directory paths to evade network-based detection rules.

ExtraPulsar backdoor based on leaked NSA code – what you need to know (Naked Security) A US security researcher has come up with an open-source Windows backdoor loosely based on NSA attack code that leaked back in 2017.

Qualcomm Critical Flaw Exposes Private Keys For Android Devices (Threatpost) A side-channel attack in Qualcomm technology, which is used by most Android devices, could allow an attacker to snatch private keys.

New Oracle WebLogic zero-day discovered in the wild (ZDNet) Chinese cyber-security firm warns about impending attacks on Oracle WebLogic servers.

Romanian intelligence service outlines cyberattack scenarios during elections (Romania Insider) The National Cyberint Center, part of the Romanian Intelligence Service (SRI), has outlined five scenarios of possible cyberattacks on the IT systems of public institutions during the EU and presidential elections of this year, Agerpres reported.

Fake Social Accounts Multiply; Can Users ID Them? (Infosecurity Magazine) A new quiz tests user ability to detect fake social accounts.

Amazon's Alexa Data Services team could track users to their homes, claim insiders (Computing) Insiders reveal more about the personal information the Alexa Data Services team are able to read from users' Alexa personal assistants

Supply Chain Attacks: When Things Go Wrong (Infosecurity Magazine) How supply chain attacks have leveraged the weakest links in security

Browser Security: The Worst Code Injections and How They Work (Security Boulevard) What do browser-based attacks have in common? They target locally installed browsers through malicious code injects.

Avengers: End Game leaked online soon after releasing in China (HackRead) Avengers: End Game has been leaked online because why not?

Security Patches, Mitigations, and Software Updates

ProtonMail now offers elliptic curve cryptography for advanced security and faster speeds (Security Boulevard) Elliptic curve cryptography is the most advanced cryptographic system available. Now ProtonMail is making this technology available to all users.

Cyber Trends

National Security Council cyber chief: Criminals are closing the gap with nation-state hackers (CyberScoop) Cybercriminals are catching up to nation-states’ hacking capabilities, and it’s making attribution more difficult, the National Security Council’s senior director for cybersecurity policy said Thursday. “They’re not five years behind nation-states anymore, because the tools have become more ubiquitous,” said Grant Schneider, who also holds the title of federal CISO...

Cybercriminals are becoming more methodical and adaptive (Help Net Security) Global cybersecurity threats are progressing as organizations improve in areas such as time to detection and response to threats.

New Glasswall-sponsored Research Reveals Security Leaders' Ongoing Conundrum (BusinessWire) Glasswall Solutions today released its latest research report “Keeping the Enterprise Secure: A Tangled Web of Contradictions,” revealing the increasi

Attacks on Businesses Soar 235% in Q1 (Infosecurity Magazine) Malwarebytes report reveals growth in Trojans and ransomware

Connected devices, legacy systems leave hospitals wide open to cyber attack (Healthcare IT News) A new study from vendor Vectra monitored network traffic for six months to find the most prevalent methods attackers use to gain control and access protected information.


IoT Set to Put Strain on Cyber Skills Market (Infosecurity Magazine) Demand soars for specific roles

Former BAE exec to promote UK cybersecurity ‎exports (Sky News) Dr Henry Pearson will help UK companies bid for contracts with foreign governments and central banks, Sky News understands.

Raytheon services biz continues shift beyond traditional defense (Washington Technology) Raytheon's government services business continues to bet on itself and partnerships as it pursues more space, cyber and command-and-control opportunities.

Nadella claims Microsoft is the 'clear leader in cloud security' as sales rise again (CRN) Azure sees revenue growth of 73 per cent

Dan Gilbert's Detroit startup has no profits. But it could be worth $1B (Detroit Free Press) Dan Gilbert-backed StockX would mark the third time in the past couple of years that a southeast Michigan startup has become a unicorn.

'On borrowed time with the arrogance they show': The most brutal 2019 Vendor Report comments so far (CRN) Which vendor has been castigated for its 'wide boy' sales staff, and whose 'stupid schemes and obscure rebates' are driving the channel mad?

Armis Raises $65 Million to Accelerate Its 700% Growth in Addressing Massive Enterprise IoT Security Exposure (Armis) Armis, the enterprise IoT security company, today announced it has raised $65 million in Series C …

Canadian Innovation Investment Marks Another Funding Milestone for ISARA Corp. (BusinessWire) With this month’s strategic investment of $7.2 million from Canada’s Strategic Innovation Fund, ISARA Corp., the world’s leading provider of agile qua

DISA Awards Two Contracts to Build a Moat Around the Pentagon’s Internet ( The two selected vendors will prototype cloud-based systems that isolate the department’s internal network from the public internet while still allowing employees to browse the web.

Collibra appoints new Chief Information Security Officer, Myke Lyons (Collibra) Former ServiceNow executive joins leader in data governance, catalog, and privacy

McLean cybersecurity firm Cyren appoints new CEO (Washington Business Journal) Brett Jackson, former CEO of Digital Reasoning, has been appointed CEO of McLean-based Cyren.

Products, Services, and Solutions

Introducing the threat bounty (Medium) PolySwarm’s threat detection marketplace has created the possibility of a new type of cyber-related bounty: Say hello to the threat…

Center for Internet Security (CIS) Selects Qualys to Provide its Members with Continuous Monitoring of their Internet facing Digital Certificates and SSL/TLS Configurations (PR Newswire) Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud-based security and compliance...

AT&T Cybersecurity develops new AlienApp for Box for highly secure content management in the cloud (Alien Vault) Today, I’m excited to share that we have released AlienApp for Box, a new security integration between AT&T Cybersecurity and Box, a leader in cloud content management. This new feature within USM Anywhere takes advantage of Box's granular logging capabilities and powerful APIs to add an additional layer of security for Box Enterprise customers that enables you to monitor your Box environments for potential threats and malicious activities. With the AlienApp for Box, you can enhanc

Protiviti Offers Cyber Risk Quantification Through New Partnership with RiskLens (PR Newswire) Global consulting firm Protiviti has launched a Cyber Risk Quantification as a Service offering in alliance...

United Bulgarian Bank Selects OneSpan to Help Fight Social Engineering and Mobile Malware Attacks (West) Leading bank implements OneSpan’s Cronto and Mobile Security Suite to protect online and mobile banking applications while meeting PSD2 Requirements

Fortinet Claims Industry's First SD-WAN ASIC (Virtualization Review) Security specialist Fortinet announced what it claims is the industry's first application-specific integrated circuit for the burgeoning software-defined wide-area networking space.

Centrify Achieves FedRAMP Authorization (Yahoo) Federal agencies can now accelerate cloud deployments by securing privileged access with Centrify cloud-ready Zero Trust Privilege Services

ESET Partners with Alphabet’s Chronicle (AP NEWS) ESET, a global leader in cybersecurity, today announced it has partnered with Chronicle, an Alphabet company, to provide essential validation on security incidents and alerts within Backstory, Chronicle’s global cloud service where companies can privately upload, store, and analyze their internal security telemetry to detect and investigate potential attacks.

Technologies, Techniques, and Standards

Nato rüstet sich für den Cyberkrieg (Tagespiegel) Virtuell und doch ganz real: Die Nato übt mit IT-Experten aus fast 30 Ländern in Talinn, Angriffe auf ihre Infrastruktur abzuwehren.

Fort Bragg cut power for thousands to test ‘real-world reactions’ to a cyber-attack (Miami Herald) Fort Bragg Army base in eastern North Carolina went into a “blackout” for more than 12 hours as part of cyber attack military exercise. The base sought to see ‘real world reactions’ to a power outage.

Twitter launches reporting tool to curb misinformation during campaigns (Washington Post) It allows users to flag posts that attempt to mislead users about registering to vote or cast a ballot; identification requirements; and the date and time of an election.

Are election tech vendors making the right cybersecurity moves? (CyberScoop) Election tech companies are telling the world they are fixing their cybersecurity issues. Will the changes they make satisfy everyone ahead of 2020?

How to Easily Spot and Avoid Apple ID Phishing Scams (Heimdal Security Blog) Apple ID users are frequent targets of phishing scams. Here is how the Apple ID phishing scams work and what you can do to avoid them.

What does a threat intelligence team do? - (Enterprise Times) Joel Cedersjö, Threat Intelligence Manager, NTT Security explains what a threat intelligence team does and who he recruits. 

Research and Development

Quantum Xchange Tests Toshiba’s Quantum Key Distribution System; Doubles Network Capacity with Optical Multiplexing (BusinessWire) Quantum Xchange has collaborated with Toshiba Corporation to double the capacity of Phio, the first nationwide QKD network in the U.S.

Legislation, Policy, and Regulation

Putin won the battle, but the outcome of the war is still uncertain (Center for Public Integrity) The Kremlin’s election triumph has been undermined by Mueller’s disclosures and by Washington’s renewed strategic wariness. 

Information Warfare Is Here To Stay (Foreign Affairs) States have always fought for the means of communication.

Five Eyes cyber summit – five things we learned ( If you spend too much time in certain poorly illuminated corners of the internet, you will find a fair few people who characterise the Five Eyes intelligence alliance as a front for a shadowy cabal committed to spying on citizens, no doubt while spreading chemtrails and pulling the strings of the New World Order.

Is Cyber Command really being more ‘aggressive’ in cyberspace? (Fifth Domain) Some inside and outside government are careful to couch new cyber authorities as offensive in nature, saying they allow greater flexibility in defense.

Huawei Still Has Friends in Europe, Despite US Warnings (WIRED) The UK appears ready to allow Huawei gear in "non-core" parts of its 5G network. Many European countries rely heavily on Chinese equipment.

Here's which leading countries have barred, and welcomed, Huawei's 5G technology (CNBC) Huawei has faced mounting political pressure as the U.S. asks other countries to block the Chinese firm from being involved in 5G networks.

Federal CISO Wants To Move Beyond ‘Whack-a-Mole’ Supply Chain Security (Nextgov) Sweeping bans on Kaspersky Lab, ZTE and Huawei products were the right move, but Grant Schneider thinks the government needs a more scalable approach.

U.K. Cybersecurity Agency Won't Tip Regulator on Breaches (Bloomberg) Policy to allay fears of GDPR chill on information sharing. Data regulator reiterates legal duty to notify it of breaches.

Should Canadian technology be used to stifle free speech? (National Post) Opinion: Canadian-made technology seems to be enabling the Egyptian regime to block access to tens of thousands of internet sites

Spain on the front line of election security ahead of EU-wide poll (Daily Swig) Combating disinformation and election meddling, one bot at a time

State of Washington Expands Breach Notice Laws (Infosecurity Magazine) Companion bills try to give citizens the right to know what data companies are collecting.

Litigation, Investigation, and Law Enforcement

Sri Lankan spice tycoon’s sons and daughter-in-law were suicide bombers in Easter attacks (Washington Post) The explosions around the country Sunday killed 359 people.

Sri Lankan attacks example of ISIS spreading from Iraq, Syria into Afghanistan: Iran FM Zarif (Business Standard) The Islamic State (ISIS) has been "airlifted" from Iraq and Syria into Afghanistan and one example of it is the barbaric attack in Sri Lanka on Easter Sunday, Iran's Foreign Minister Mohammad Javad Zarif said here.

Sri Lanka tourists warned of more terror (Times) The Foreign Office has warned against all but essential travel to Sri Lanka amid fears that Islamist terrorists are preparing more attacks after the Easter Sunday bombings. Sri Lankan police...

Sri Lanka’s Christians and Muslims Weren’t Enemies (Foreign Policy) The country’s real divide has been between Buddhists and Muslims, but the Easter attacks may change all that.

Ultimatum to cabinet ministers in Huawei leak investigation (Guardian) Senior figures in Theresa May’s cabinet deny role in leaking details of vote in National Security Council meeting

Calls for criminal inquiry as top ministers deny Huawei security leak (Times) Jeremy Hunt led a chorus of denials from senior ministers last night that they were responsible for the first known leak from Britain’s top national security body. Theresa May came under pressure...

Minister says 'criminal inquiry' possible into leak of Huawei decision over new 5G network  (The Telegraph) Jeremy Wright, the Culture Secretary, has refused to rule out a criminal inquiry into the leak of a Government decision to allow Chinese telecommunications giant Huawei to work on the UK's new 5G mobile network.

How the case against Maria Butina began to crumble (CNN) Prosecutors have recanted some allegations and already dropped one charge against her as part of a plea deal.

Facebook hit with three privacy investigations in a single day – TechCrunch (TechCrunch) Third time lucky — unless you’re Facebook . The social networking giant was hit Thursday by a trio of investigations over its privacy practices following a particularly tumultuous month of security lapses and privacy violations — the latest in a string of embarrassing and damaging breaches at…

Canada accuses Facebook of breaking privacy laws, promises to take the company to court (Washington Post) Canadian regulators on Thursday found that Facebook committed "serious" breaches of local laws over its mishandling of users' personal information, announcing they would take the company to court to force it to change its privacy practices.

Facebook says it filed a US lawsuit to shut down a follower-buying service in New Zealand (TechCrunch) Facebook is cracking down on services that promise to help Instagram users buy themselves a large following on the photo app. The social network said today that it has filed a lawsuit against a New Zealand-based company that operates one such ‘follower-buying service.’ The suit is in a …

Poland joins Europol’s cyber-crime taskforce (Global Government Forum) Poland has become the latest country to join an international initiative to tackle the growing problem of cyber-crime, such as payment fraud and malware. Europol, the European Union's law-enforcement agency headquartered in The Hague, has announced that the country has deployed a cybercrime speci

Analysis | The Cybersecurity 202: Cybersecurity proposal pits cyber pros against campaign finance hawks (Washington Post) Ex-Clinton and Romney aides want to help campaigns combat foreign hackers

Teen sues Apple for $1 billion over Apple stores’ facial recognition (Naked Security) He claims that Apple allegedly uses the technology to spot shoplifters and that it falsely linked him to a series of Apple store thefts.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

International Security Expo 2019 (London, England, UK, December 3 - 4, 2019) International Security Expo, formerly UK Security Expo showcases over 1,000 of the latest innovative security products to help you improve your security. Featured over the 2 days are 13 free to attend,...

Upcoming Events

Cybertech Midwest 2019 (Indianapolis, Indiana, USA, April 24 - July 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...

Cyber Security Lunch & Learn (Waltham, Massachusetts, USA, April 30, 2019) Data Security breaches happen daily. Security and protection of intellectual property, financial information and client data require the strongest levels of protection from theft or attack, both inside...

Global Cyber Innovation Summit (Baltimore, Maryland, USA, May 1 - 2, 2019) The inaugural 2019 Global Cyber Innovation Summit brings together a preeminent group of leading Global 2000 CISO executives, cyber technology innovators, policy thought leaders, and members of the cyber...

2019 Innovator's Showcase (McLean, Virginia, USA, May 2, 2019) The Intelligence and National Security Alliance (INSA) will showcase IR&D projects with national security applications at its 2019 Innovators’ Showcase. Held in partnership with the Office of the Director social media for protecting or removing anonymity utilizing social media, internet-connected data stores, and other assets associated with life in a fully digital world, and ephemeris identity telemetry. including identifying characteristics such as biometrics, geolocation, digital signatures, and geo-environmental association..

Data Connectors Cybersecurity Conference Philadelphia (Philadelphia, Pennsylvania, USA, May 2, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.