skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

The odd case of a large database holding PII affecting some eighty-million US households prompts concerns that identity thieves have already hit some kind of jackpot. vpnMentor, whose researchers discovered the exposure, says no one knows who owns (or owned, since it's been taken down) the database, but the data suggest online commerce.

A Bloomberg report of backdoors afflicting Huawei-manufactured Vodaphone equipment seems to point out at worst carelessness, and not the malice that "backdoor" has come to suggest. Huawei denies putting backdoors into the gear, telling ZDNet that this isn't about backdoors at all, but rather about old vulnerabilities that were fixed (as the Bloomberg piece mentions) when they were discovered in 2011 and 2012. The "backdoor" is apparently a familiar telnet issue.

US Secretary of State Pompeo says, according to the Hill, that Russia will remain a threat to US elections "for decades."

The US Department of Homeland Security has issued a Critical Functions List describing fifty-five areas that must be protected from cyberattack.

As reported in the Times of London, ISIS leader Abu Bakr al-Baghdadi made a rare appearance in the terrorist group's Internet channels to promise a worldwide wave of attacks in revenge for the Caliphate's extinction in the territories it once controlled. He praised the Sri Lanka murderers as the first wave of reprisal. Fox News notes that this seems to be al-Baghdadi's first appearance online since 2014.

Dog bites man: Naked Security points out that piracy streaming apps are teeming with malware. Who knew?


Today's issue includes events affecting Australia, Canada, China, European Union, Iraq, Mongolia, New Zealand, Russia, Syria, United Kingdom, United States.

Bring your own context.

Nobody's really comfortable with hotel wi-fi, but sometimes it's Hobson's Choice: either the hotel wi-fi or nothing. Most people seem to grin and bear the risk.

"Well, the bad thing is there isn't really much you can do, other than being careful, watching for odd behavior, trying to avoid these wireless networks, of course. But realistically, if you're traveling a lot, there isn't much you can do to avoid them. You could use your cellphone, for example; that's, of course, always a better option. Use some kind of LTE connectivity or so versus the hotel network, but then again, you may find yourself in a hotel with bad reception; that has happened to me. You really have to rely on the hotel network or whatever the open wireless access point or network is that you're using." Johannes Ullrich, Dean of Research at the SANS Institute, on the CyberWire Daily Podcast, 04.26.19.

Get a Backstage Pass to LookingGlass’ Digital Business Risk Roadshow

When it comes to digital business risk, you don’t want a general admission perspective. Get a backstage pass for the LookingGlass Digital Business Risk Roadshow to learn the industry-latest on effective third party risk management, taking a proactive security approach, and get a cybercriminal mastermind's insights on manipulating your organization’s cyber strengths and weaknesses. Come see us in a city near you. The tour includes NYC, D.C., and Houston!

In today's podcast, out later this afternoon, we speak with our partners as Cisco Talos, as Craig Williams discusses their research into the malware markets found on Facebook. Our guest, Dean Pipes from TetraVX, shares some reflections on the root cause of shadow IT.

Cybersecurity Impact Awards (Arlington, Virginia, United States, May 14, 2019) Winners of the Cybersecurity Impact Awards will be announced and recognized at the May 14, 2019 CYBERTACOS event. The event will start at 5:30 p.m. and the award presentation will begin at 6:00 p.m.! Join us afterwards for tacos and networking!

Cyber Investing Summit (New York City, New York, United States, May 16, 2019) The Cyber Investing Summit is a conference focused on financial opportunities and strategies in the cybersecurity sector. Join key decision makers, investors, and innovators to network, learn, and develop new partnerships May 16th in NYC. More information:

Cyber Security Summits: May 16 in Dallas and in Seattle on June 25th (Dallas, Texas, United States, May 16 - June 25, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, U.S. Secret Service, Verizon, Center for Internet Security, and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Passes are limited, secure yours today:

Cyber Attacks, Threats, and Vulnerabilities

SectorB06 using Mongolian language in lure document (Threat Recon) SectorB06 is a state sponsored threat actor group active especially within Asia. They have been exploiting vulnerabilities in Microsoft Office’s Equation Editor which Microsoft removed in Jan…

Pompeo predicts Russia will be election threat for decades (TheHill) Secretary of State Mike Pompeo said Monday he expects Russia will try to interfere in U.S. elections for decades to come, describing Moscow as having long presented a threat to American elections — not just in 2016.  

Isis leader Abu Bakr al‑Baghdadi calls for new attacks on the West (Times) The leader of Islamic State last night threatened a wave of attacks worldwide in revenge for the defeat of his militant group in its Iraq and Syria heartlands. Abu Bakr al-Baghdadi, 47, hailed the...

ISIS leader al-Baghdadi pictured for first time since 2014, intel group says (Fox News) Islamic State leader Abu Bakr al-Baghdadi was pictured in a new video for the first time since July 2014, SITE Intelligence Group said Monday.

Active Exploitation of Confluence Vulnerability CVE-2019-3396 Dropping Gandcrab Ransomware (Alert Logic) Alert Logic security researchers share details of active exploit of Confluence vulnerability being used to spread Gandcrab ransomware.

Microsoft Outlook Email Breach Targeted Cryptocurrency Users (Motherboard) Earlier this month, Motherboard revealed that contents of Microsoft's email services were compromised. Multiple victims now say that hackers stole their cryptocurrency.

Docker Hub Breach Can Have a Long Reach (Decipher) Docker revoked tokens linking GitHub and Bitbucket with Docker Hub accounts after discovering “unauthorized access” in its Hub database. Developers should check their code to ensure no unauthorized changes have been made.

Piracy streaming apps are stuffed with malware (Naked Security) Researchers have found that hackers are exploiting vulnerable piracy streaming devices to steal credit card data or rope them into botnets.

Unknown US security breach exposes data of 80 million households (Computing) Twenty-four gigabyte database includes full names, marital status, age and incomes

Mystery data breach reportedly exposes 80 million names, addresses, and income info in U.S. (PCWorld) A new data break has reportedly exposed personal data for up to 80 million U.S. households—and no one has any idea where it came from.

Report: Unknown Data Breach Exposes 80 Million US Households (vpnMentor) vpnMentor’s research team discovered a hack affecting 80 million American households. Known hacktivists Noam Rotem and Ran Locar discovered an unprotected ...

Electrum Wallet Botnet Infects 150,000 Machines, Steals $4.6 Million in User Funds - NullTX (NullTX) A botnet that has been targeting Electrum users just won’t quit. If anything, it seems to be picking up more hosts along the way and getting stronger. In the past month, the number of infected hosts has averaged 100,000. On April 24, the number went up to 152,000 according to a report by security firm …

Vodafone Found Hidden Backdoors in Huawei Equipment (Bloomberg) While the carrier says the issues found in 2011 and 2012 were resolved at the time, the revelation may further damage the reputation of a Chinese powerhouse.

Huawei denies existence of ‘backdoors’ in Vodafone networking equipment (ZDNet) The ‘hidden backdoors” reportedly could have been used to spy on Vodafone’s infrastructure. Huawei says otherwise.

Vulnerability in Tommy Hilfiger Japan DB Exposes Hundreds of Thousands of Customers to Data Theft (Safety Detective) Hacker-activists Noam Rotem and Ran L from Safety Detective’s research lab recently revealed a significant security breach in the Tommy Hilfiger Japan client database – leaving the private and personal details of hundreds of thousands of customers up for grabs.

Credential Stuffing Costs Firms $4m Each Year (Infosecurity Magazine) Credential Stuffing Costs Firms $4m Each Year. Akamai study finds companies suffer 11 attacks each month

UPDATE 1-Norsk Hydro expects cyber attack costs of nearly $52 mln... (Reuters) Norsk Hydro said the March cyber attack that paralysed its computer networks would cost the aluminium maker up to 450 million Norwegian crowns ($52 million) in the first quarter.

$1.75 Million Stolen by Crooks in Church BEC Attack (BleepingComputer) Hackers have stolen $1.75 million from the Saint Ambrose Catholic Parish following a successful BEC (Business Email Compromise) attack which was discovered on April 17 after payments related to the church's Vision 2020 project were not received by a contractor.

Consumer cryptomining has ‘gone the way of the dodo’, MalwareBytes (Yahoo) Consumer cryptomining – aka cryptojacking – “is essentially extinct,” according to a report released by cybersecurity company MalwareBytes. “Marked by the popular drive-by mining company CoinHive shutting down operations in early March, consumer cryptomining seems to have gone the way of the dodo. Detections

Vulnerability Summary for the Week of April 22, 2019 (US-CERT) The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available. 

Cyber Trends

Synopsys Report Finds that Open Source Risk Management is Improving, but Still a Challenge for Most Organizations (PR Newswire) Synopsys, Inc. (Nasdaq: SNPS) today released the 2019 Open Source Security and Risk Analysis (OSSRA)...

Study Highlights Cloud Security Considerations as Hybrid Environments Add Complexity (Bricata) Enterprises are increasingly adopting the cloud, yet this is introducing new challenges including confusion about security responsibilities and the visibility necessary to protect both the cloud and hybrid environments.

Report: Nearly half of U.S.-based Employees Unfamiliar with California Consumer Privacy Act (CCPA) (MediaPRO) A lack of awareness of the looming California Consumer Privacy Act (CCPA) is just one finding of MediaPRO's 2019 Eye on Privacy Report.

2019 Eye on Privacy Report (MediaPRO) Our 2019 Eye on Privacy Report analyzes the knowledge and opinions of 1,000 U.S. employees on data privacy best practices and provides advice on building a risk-aware culture through privacy awareness training.

The leading sources of stress for cybersecurity leaders? Regulation, threats, skills shortage (Help Net Security) Cyber security leaders are overwhelmed by a perfect storm of regulation, increased threats and technological complexity, reveals new research from Symantec.


What to Expect From F8 After Facebook's Very Bad Year (WIRED) Facebook's annual developer conference is Tuesday. Expect news on VR, privacy, and yet another promise to "do better."

Zuckerberg to explain how Facebook gets ‘privacy focused’ (Washington Post) Facebook is kicking off its annual conference for developers on Tuesday with a keynote from CEO Mark Zuckerberg expected to share more details about his new, “privacy-focused” vision for the social network.

Google Shows First Cracks in Years (Wall Street Journal) Google’s once-untouchable online-advertising operation took a body blow, hurt by mounting competition and struggles within its increasingly high-profile YouTube unit.

Products, Services, and Solutions

Waratek Sets New Standard in Enterprise Application Security (Waratek) Announcing the ARMR Security Management Platform and Next Generation Web Application Firewall as well as a slate of new partners

Blue Cedar Accelerates Adoption of Secure BlackBerry Apps with its No-Code Mobile App Security Integration Platform (Yahoo) Blue Cedar, the company that provides rapid, no-code mobile app security integration to enterprises & ISVs, today announced the Blue Cedar Accelerator for BlackBerry, which enables organizations to quickly, easily and continuously integrate the BlackBerry

Votiro Partners with Box to Prevent Content-Based Attacks and Zero-Day Exploits (BusinessWire) Votiro announces its partnership with Box to bring secure, centralized and cloud-native content services to organizations worldwide.

‘Reputation’ Update from NetMotion: A Huge Boost for the Security and Productivity of Mobile Workers (AP NEWS) NetMotion ® Software, the leader in mobile enterprise productivity solutions, today announced NetMotion Reputation, a new subscription service that identifies the risk profile and usage categories of hundreds of millions of web domains.

Mocana and RTI Partner to Deliver Connectivity Solutions for Mission-Critical Industrial IoT Systems (West) Integration of Mocana IoT Device Security Platform and RTI Connext® Databus Provides the Performance and Security for the Most Demanding Industrial Systems

BioCatch Digital Identity Solution Based on AI-Driven Behavioral Biometrics Now Available on ForgeRock Marketplace (Yahoo) BioCatch, the global leader in AI-driven behavioral biometrics, announced today at the annual ForgeRock Identity Summit Americas that its behavioral biometrics-based digital identity solution is now available on the ForgeRock Marketplace. Combining BioCatch’s industry-leading solution with ForgeRock

CUJO AI Partners with Avira to Optimize and Provide Premium Security for Network Operators Worldwide (PR Newswire) CUJO AI, a network intelligence company that provides AI-driven protection and device management...

Trustwave Brings Powerful Database Security Scanning and Testing to the Cloud (Yahoo) New Software Addresses Sophisticated Threats, User Access Control Issues and Increasing Regulatory Challenges Surrounding Data Security in the Cloud

Secureworks Goes Beyond Managed Services With New Analytics Tool (CRN) Secureworks has launched its first product that can be procured outside a managed services bundle to help more mature enterprises detect and respond to threats.

Technologies, Techniques, and Standards

NIST tool boosts chances of finding dangerous software flaws (Naked Security) NIST thinks it has reached an important milestone in complex software testing with something called Combinatorial Coverage Measurement (CCM).

FedEx CIO Looks to Industry Collaboration to Scale Blockchain (Wall Street Journal) Blockchain is expected within a few years to become an “inevitable and essential” tool in tracking goods and reducing fraud in the supply chain, said FedEx’s CIO—but collaboration will be needed for the technology to really take off.

Why marketing teams are critical to successful cybersecurity efforts (TechRepublic) Marketers often focus on cybersecurity best practices after there is an incident, though experts say that needs to change to improve a company's chances of surviving a cyberattack.

3 Questions OEMs Should Ask About Cyber Security (Arilou) Trust and reliability in a cyber security solution are vital. What questions should OEMs be asking when assessing a solution? Ayal Lichtblau, VP of Sales at Arilou, answers the 3 most common questions.

Virus-hit boxship takes centre stage at Singapore cyber wargame (Hellenic Shipping News) A container ship whose power management system had been shut down by a long dormant virus was the focus of a UK maritime industry cyber wargame hosted during

Port of Los Angeles calls for Cyber Resilience Center (Supply Chain Dive) The center would help to improve information sharing between supply chain partners including the port, terminal operators and freight companies.

Design and Innovation

Okta: single sign-on and the future of identity (TechRadar) Is your digital identity secure?

Research and Development

Programmers solve MIT’s 20-year-old cryptographic puzzle (MIT CSAIL) This week MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) announced that a 20-year-old cryptographic puzzle was just solved by a self-taught programmer from Belgium, 15 years earlier than MIT scientists expected.

Legislation, Policy, and Regulation

U.S. Would Rethink Intelligence Ties if Allies Use Huawei Technology (Wall Street Journal) The U.S. ratcheted up pressure on its European allies to ban Chinese-made gear from their telecom networks, asserting such equipment could be a shared national-security threat to the West and could compromise intelligence sharing.

Ditch Huawei or we may stop sharing intelligence, US warns (Times) The United States will review its intelligence sharing with Britain if Theresa May does not reverse her decision to allow Huawei’s equipment in the 5G network, a senior official warned. A State...

DFA denies warning gov't over partnering with Huawei (Philippine Star) In a supposed memo dated January 25, the DFA advised security agencies that the Czech Republic and France issued orders to limit the use of Huawei products.

Huawei 5G Bans Highlight Network Confusion (Light Reading) Muddled thinking about the core and the edge is shaping government policy toward Huawei in some parts of the world.

Analysis | The Cybersecurity 202: Here are the 55 things the U.S. government most needs to protect against cyberattacks (Washington Post) It's everything from electricity to elections and community health.

DHS critical functions list (Washington Post) National Critical Functions: The functions of government and the private sector so vital to the United States that their disruption, corruption, or dysfunction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.

Rod Rosenstein, Face Of Russia Probe, To Step Down As Deputy Attorney General (NPR) The departure of the Justice Department's number two leader has been expected for months. Rosenstein has described himself as someone dealt a bad hand, one he played the best he could.

DOD Steps Up Supply Chain Security Programs for Smaller Contractors (FedTech) With tens of thousands of suppliers involved in the Pentagon supply chain, visibility is vital.

NSA's 'Russia Small Group' made permanent (CyberScoop) The “Russia Small Group” — whose existence NSA Director Paul Nakasone announced in July of last year — will thwart Russian influence and cyberattacks.

Litigation, Investigation, and Law Enforcement

China’s Tinder removed from app stores amid government crackdown (South China Morning Post) Tantan, owned by Beijing-based Momo, was suspended from multiple app stores in the country.

GE trade secret theft case demonstrates need for document behavior monitoring (Help Net Security) Behaviors such as suddenly downloading an unusually high number of documents, outside the scope of their daily work, are telltale signs.

Cryptocurrency giants in $850m fraud allegations (Naked Security) The New York Attorney General has accused major cryptocurrency exchange Bitfinex and cryptocurrency Tether of an $850m fraud.

Alleged Vault 7 leaker says he's been tortured and is owed $50 billion (CyberScoop) Joshua Schulte, a former CIA software engineer, said the government has caused him to lose more than $50 billion in a complaint filed in April 2019.

Cops need warrant for both location history and phone pinging, says judge (Naked Security) It’s one of the first location data privacy cases to grapple with the warrant and surveillance implications of the Carpenter decision.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Detect '19 (National Harbor, Maryland, USA, September 29 - October 2, 2019) Insights from compelling customer presentations highlighting real-world threat intelligence big data issues. Threat intelligence data is a valuable asset for security teams who unlock the value it contains.

Upcoming Events

Cybertech Midwest 2019 (Indianapolis, Indiana, USA, April 24 - July 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...

Cyber Security Lunch & Learn (Waltham, Massachusetts, USA, April 30, 2019) Data Security breaches happen daily. Security and protection of intellectual property, financial information and client data require the strongest levels of protection from theft or attack, both inside...

Global Cyber Innovation Summit (Baltimore, Maryland, USA, May 1 - 2, 2019) The inaugural 2019 Global Cyber Innovation Summit brings together a preeminent group of leading Global 2000 CISO executives, cyber technology innovators, policy thought leaders, and members of the cyber...

2019 Innovator's Showcase (McLean, Virginia, USA, May 2, 2019) The Intelligence and National Security Alliance (INSA) will showcase IR&D projects with national security applications at its 2019 Innovators’ Showcase. Held in partnership with the Office of the Director social media for protecting or removing anonymity utilizing social media, internet-connected data stores, and other assets associated with life in a fully digital world, and ephemeris identity telemetry. including identifying characteristics such as biometrics, geolocation, digital signatures, and geo-environmental association..

Data Connectors Cybersecurity Conference Philadelphia (Philadelphia, Pennsylvania, USA, May 2, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.