skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

"Senior American officials" have described the June 20th US cyberattack against Iranian targets. The New York Times says the officials see the operation as a success: it wiped out a database essential to the Islamic Revolutionary Guards Corps' operations against tankers in the Arabian Gulf. 

Researchers at Secureworks report that TrickBot is exhibiting new functionality that poses a particular threat to mobile users. The malware now seeks PINs that could be used to give GOLD BLACKBURN, the threat group behind TrickBot, the ability to access voice and text communications. Code injected through user interaction with a bogus sign-in page initiates TrickBot's "record" function.

Blackberry Cylance's ThreatVector threat research team has released new research into a malware sample used by APT28, that is, Fancy Bear, Russia's GRU. ThreatVector's new research details analysis of samples US Cyber Command uploaded to VirusTotal. They found that the malware is "a multi-threaded DLL backdoor that gives the threat actor full access to, and control of, the target host." Fancy Bear's stripped-down malware is surrounded by a great deal of benign code, and ThreatVector thinks the new approach represents a response to widespread defensive use of machine learning.

Facebook announced a revision to its rules concerning political advertising. The rules will govern both campaign ads and advocacy ads concerning social and political issues. They aim at producing disclosures that would achieve greater transparency with respect to who's sponsoring and paying for the advertising.

Avast has helped the French Gendarmerie take down the Retadup worm's command-and-control infrastructure.


Today's issue includes events affecting Australia, Belarus, Canada, China, European Union, France, Germany, Ireland, Japan, Republic of Korea, Netherlands, Russia, United States.

Bring your own context.

Enterprises assess their cybersecurity state, sometimes with an external look, but often with internal checks.  So what does a self-assessment provide you that's different from someone coming in from outside? 

"The biggest thing that it does, honestly, is get buy-in from the teams on why this is important, and it helps them work closer with the security folks - the CISO, etc. - to be able to really buy into the whole security process and why it's important. That's just from the buy-in perspective.

—David Dufour, vice president of engineering and cybersecurity at Webroot, on the CyberWire Daily podcast, 8.27.19.

This may be particularly true for organizations working in an agile development environment.

And Labor Day is Monday.

We'll be taking our customary US Federal holiday on September 2nd. Publication will resume as normal on Tuesday. Enjoy the holiday, America.

Conduct secure and anonymous research on the open and dark web.

If you are doing online research, the common web browser can betray you by exposing you and your organization to cyber attacks. Authentic8, the maker of Silo Cloud Browser and Silo Research Toolbox, ends this betrayal. Silo insulates and isolates all web data and code execution from user endpoints, providing powerful, proactive security even if you are gathering data and collections across the deep and dark web. Learn more.

In today's podcast, out later this afternoon, we speak with our partners from the University of Maryland's Center for Health and Homeland Security, as Ben Yelin hips us to the proliferation of privately owned license plate readers. Our guest is Martin Zizi from Aerendir, and he offers some perspective on biometric security technologies.

And Hacking Humans is up. In this week's episode, "Securing your SMS," Dave shares a story of digital voice assistants being channeled toward scammers. Joe tracks scammers taking advantage of social tools on the Steam gaming platform. The catch of the day involves South African kickbacks. Our guest is researcher/technologist Ray [REDACTED], who shares his expertise on scammers targeting SMS.

Cyber Security Summits: Chicago on August 27 and on September 17 in Charlotte (Chicago, Illinois, United States, August 27, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Google, IBM, Darktrace, and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Passes are limited, secure yours today:

10th Annual Billington CyberSecurity Summit (Washington, DC, United States, September 4 - 5, 2019) The event will be an important Call to Action for the cybersecurity community and is the deepest examination of the cybersecurity and government at the local, state, Federal and International levels found anywhere.

Second Annual DataTribe Challenge (Online, October 1, 2019) Register now for a chance to be DataTribe's next world-class company. Finalists will split a $20,000 prize, and the winner may receive $2m in funding from DataTribe. Contestants have until October 1st to apply at­.

Zero Day Con (Washington, DC, USA, October 22, 2019) Zero Day Con hosts a day of expert discussion on security approaches to regain control over your systems, data, and information. Join us to examine insights, security technologies, and key priorities to secure your systems. Get a 30% discount for Labor Day using code LABOR30.

Cyber Attacks, Threats, and Vulnerabilities

U.S. Cyberattack Hurt Iran’s Ability to Target Oil Tankers, Officials Say (New York Times) The strike came on the same day that President Trump called off a retaliatory airstrike against Iran after it shot down an American drone.

American Cyber Command hamstrung Iran’s paramilitary force (MIT Technology Review) American officials say that a US cyberattack against Iran that was launched earlier this summer has had a lingering impact on the Iranian military's ability to target oil tankers in the Persian Gulf, according to a new report in the New York Times.Iranians are reportedly still recovering targeted systems, networks, and data after the cyberattack which was launched in June at a peak in tensions between Iran and American allies.The players: The attack was launched by US Cyber Command.

Fancy Bear Dons Plain Clothes to Try to Defeat Machine Learning (Dark Reading) An analysis of a sample published by the US government shows Russian espionage group APT28, also known as Fancy Bear, has stripped down its initial infector in an attempt to defeat ML-based defenses.

Inside the APT28 DLL Backdoor Blitz (ThreatVector) This report is a follow-up to 'Flirting With IDA and APT28.' This time, researchers perform a deep dive on capabilities found in an APT28 sample that reveals a backdoor capability...

Botnet TrickBot Modifications Target U.S. Mobile Users (Secureworks) The long-running botnet TickBot added functionality to solicit PIN codes from mobile customers, which could allow threat actors to access victims’ voice and text communications.

New TrickBot Variant Targets Verizon, T-Mobile, and Sprint Users (BleepingComputer) A new Trickbot Trojan variant was spotted while focusing on stealing PIN codes from Verizon Wireless, T-Mobile, and Sprint users, marking a new step in this malware's development.

TrickBot, today's top trojan, adds feature to aid SIM swapping attacks (ZDNet) TrickBot trojan seen collecting credentials and PIN codes for Sprint, T-Mobile, and Verizon Wireless accounts.

Ransomware Trains Its Sights on Cloud Providers (Dark Reading) Ransomware writers are now targeting cloud service providers with network file encryption attacks as a way to hold hostage the maximum number of customers that they can, notes Chris Morales, head of security analytics for Vectra. He also discusses Vectra's new ransomware report, which offers tips for protecting against virtual hostage taking.

iovation Prepares for U.S. Online Gambling Fraud and Legal Complications With Rush to Onboard Players | Press Release (iovation) With American football season beginning and more states legalizing online gambling, TransUnion company anticipates challenges with bonus abuse, fraud, self-exclusion and underage gambling that it’s seen in Europe for decades.

Magecart Shops for Victims as E-Commerce Market Grows (Dark Reading) In 2.5 hours of research, one security expert uncovered more than 80 actively compromised ecommerce websites.

Research Reveals eCommerce Retailers Experiencing Active Security Leaks Heading into Holiday Shopping Season (PR Newswire) Arxan Technologies, the trusted provider of application protection solutions, is calling on eCommerce retailers to...

Cisco UCS Vulnerabilities Allow Complete Takeover of Affected Systems (SecurityWeek) A researcher has disclosed details and created Metasploit modules for Cisco UCS vulnerabilities that can be exploited to take complete control of affected systems.

Video, reports of machines automatically changing votes in Mississippi GOP Governor runoff (USA TODAY) There have been at least three instances of voting machines changing a voter's selection to a different candidate in the state's runoff for governor.

Ransomware attacks on cities are rising (Techxplore) A ransomware campaign that targeted 23 US cities across Texas has raised serious concerns about the vulnerability of local governments and public services to cyber-attacks.

City approves $5M more for ongoing cyberattack remediation (Baltimore Business Journal) Members of the city's spending panel also voted to delay to purchase of cyber insurance for two weeks. Mayor Young said he hasn't "the slightest idea" why the city didn't already have this kind of insurance in place before.

BOE Delays Purchase Of Cyber Attack Insurance, Approves $6.2M To Pay For Agencies Affected By Attack (WJZ 3 CBS Baltimore) A vote will be scheduled in a couple of weeks, as more people in city government say they need to be briefed on it. 

Cyber attack affects Wolcott Public Schools (WFSB) A cyber attack hit Wolcott Public Schools causing the district’s files and information to become encrypted before summer started.

Cyber criminals hacking remote-controlled medical devices could kill patients, conference hears (Fin24) Hackers could potentially kill patients wearing remote-controlled pacemakers or insulin pump devices, warns the executive officer of the SA Medical Technology Industry Association.

Security Patches, Mitigations, and Software Updates

Google patches high-severity Chrome browser engine security flaw (Computing) The flaw could enable attackers to carry out remote code-execution or denial-of-service attacks

Emergency iOS patch fixes jailbreaking flaw for second time (Naked Security) With iOS 13 nearing release, Apple users perhaps thought they were done with iOS 12 updates for good. If so, they were wrong.

Cisco critical-flaw warning: These two bugs in our data-center gear need patching now (ZDNet) Cisco is warning enterprise admins to install security updates for two critical flaws.

DLL Hijacking Flaw Patched in Check Point Endpoint Security (SecurityWeek) After disclosing DLL hijacking flaws in software from Bitdefender and Trend Micro, SafeBreach researchers reported finding a similar vulnerability in Check Point Endpoint Security.

Microsoft removes August patch block on Win7/2008R2 systems running Norton, Symantec AV (Computerworld) Symantec and Microsoft have come to an agreement about Symantec/Norton AV problems with the August Win7 and Server 2008 R2 patches. The block is gone, but questions remain. Nothing has changed, so why was it blocked in the first place?

Android 10 coming soon, with important privacy upgrades (Naked Security) It’s semi-official: Android 10 (née Q), the next version of the Android operating system, could start shipping 3 September.

Cyber Trends

New Research from CriticalStart Finds that 8 out of 10 Security Analysts Report Annual Security Operation Center Turnover is Reaching 10% to More than 50% (CriticalStart) Data shows the number of alerts is up, longer times to investigate and high false-positive rates

Cost of data breaches to surpass $5 trillion in 2024 (Help Net Security) A new report from Juniper Research found that the cost of data breaches will rise from $3 trillion each year to over $5 trillion in 2024, an average

Business Losses to Cybercrime Data Breaches to Exceed $5 trillion by 2024 (BusinessWire) Juniper Research found that the cost of data breaches will rise from $3 trillion each year to over $5 trillion in 2024

The Future of Cybercrime & Security Research Report (Juniper Research) The Future of Cybercrime & Security research report examines the state of cybersecurity legislation, key player strategies and overall trends

The Extortion Economy: How Insurance Companies Are Fueling a Rise in Ransomware Attacks (ProPublica) Even when public agencies and companies hit by ransomware could recover their files on their own, insurers prefer to pay the ransom. Why? The attacks are good for business.

Apple co-founder joins calls to break up Big Tech — including Apple itself (Silicon Valley Business Journal) Wozniak acknowledged the idea that large tech companies tend to abuse monopolies.

1 in 4 employees would steal company information to secure their next job - Help Net Security (Help Net Security) Watch out for insider data theft. Nearly one in four security pros said they would take company information to help apply for a position at a competitor.

Black Hat 2019: Bounties, Breaches and Deepfakes, Oh My! (SecurityWeek) When Black Hat first began 22 years ago, it was intended to be a place where hackers and cybersecurity professionals alike could get together and share ideas or demonstrate vulnerabilities.


Elastic buys endpoint security firm Endgame for $234 million (ZDNet) Going forward, the plan is to combine Endgame's endpoint product with Elastic's search technology.

VMware COO Sanjay Poonen on the acquisition of Carbon Black and plans to transform security (SiliconANGLE) The acquisition of Carbon Black by VMware Inc., announced last week, did not come cheap. The price tag was $2.1 billion, but one of VMware’s top executives feel strongly that the company got its money’s worth in the deal.

Opinion | Dear Tech Workers, U.S. Service Members Need Your Help (New York Times) You have the power to help your fellow Americans survive on the battlefield and carry out military missions without harming civilians.

After blacklisting, U.S. receives 130-plus license requests to sell to Huawei: sources (Reuters) The U.S. Commerce Department has received more than 130 applications from compan...

New Huawei phones can't use Android, report says (CNET) Google has reportedly said the temporary licenses don't apply to new Huawei products.

Startup Foundry DataTribe Announces Second-Annual Cybersecurity Startup Challenge (PRWeb) DataTribe, a global cyber foundry that invests in and co-builds next-generation cybersecurity and data science companies with nation-state experienced technical

18 Cyber Security Startups to Watch in 2019 (eSecurity Planet) Here are 18 hot IT security startups addressing everything from IoT security and blockchain to artificial intelligence and machine learning.

Lockheed is Assisting with the Navy's Radiant Mercury Data Transfer Effort (SIGNAL Magazine) Lockheed Martin Corp. Rotary and Mission Systems, Littleton, Colorado, is awarded an estimated $44,308,222 indefinite-delivery/indefinite-quantity hybrid contract with cost-plus-fixed-fee and firm-fixed-price contract line item numbers.

An Undeterred Facebook Plans A Bug Bounty in Association with HackerOne (Inside Bitcoins) Facebook in collaboration with Hackerone has announced a bug bounty program. Despite the growing regulatory concern about Libra, the social network seems unphased and undeterred by criticism. It is continuing to develop Libra.

Bricata and Atlantic Data Forensics Formalize Strategic Partnership (Bricata) Two Howard County, Maryland Cybersecurity Businesses Form Strategic Partnership

“5 Things I Wish Someone Told Me Before I Became the CEO of vArmour”, With Tim Eades (Thrive Global) Raising money: Always raise more than you think (by 25–30%) you will need and assume it will take a few months longer than you think to raise a certain round. When it comes to your funding, you always want to err on the side of caution and be as conservative in your predictions as possible […]

Exclusive Networks: Vanessa Delrieu Appointed Vice President of Finance and Operations North America (EIN News) Vanessa leads the financial management and operations aspects of Exclusive Networks North America’s, encompassing operations, finance, accounting and budgeting.

Products, Services, and Solutions

Protecting Ever More Inboxes With a 99.99% Inbox Protection Rate in Q2 2019 (SendGrid) Learn about SendGrid's inbox protection rate and how it helps keep spam email out and wanted email in the inbox.

Introducing Instart Zero Trust Access (Instart) Instart announces its zero trust solution to provide the enterprise with an easier, yet more secure, solution for providing end users access to their applications.

Splunk Results Exporter Integration (Opsview) The Splunk Results Exporter is a toolkit for extracting, filtering, reformatting, and exporting events from Opsview Monitor's event bus.

ITS Partners With Radiflow to Add OT Cybersecurity Services for its Process Manufacturing Customers in the UK (PR Newswire) Radiflow, a leading provider of industrial cybersecurity solutions for industrial...

Combating TRISIS with the MITRE ATT&CK Framework (ThreatQuotient) MITRE ATT&CK dives deep into adversaries’ actions so security analysts can use that information to their advantage. It is a huge step forward in creating a knowledgebase of adversaries and associated tactics, techniques and procedures (TTPs) so you can start your threat hunt at the actor level.

Coalfire Named as Launch Partner Under AWS Authority to Operate Program (ExecutiveBiz) Amazon Web Services has included Coalfire to its list of launch partners under the Authority to Operate program.

Siemens releases new hosting platform addressing cybersecurity challenges (Hydrocarbon Engineering) Siemens has announced the release of a new industrial application hosting platform aiming to address complex cybersecurity threats.

Technologies, Techniques, and Standards

Opinion: Why 5G will make cybersecurity so much more difficult (The Globe and Mail) There is little doubt that fifth generation networks are about to transform the world. Whether that transformation is for the better will depend on rethinking not only these networks, but also the methods we use to keep them safe, David Masson writes

Ready or Not, Here Comes FIDO: How to Prepare for Success (SecurityWeek) A phased rollout of FIDO-certified authenticators and FIDO-enabled applications, along with training for both users and help desk personnel, can help ensure a positive experience and transition

What the education industry must do to protect itself from cyber attacks (Help Net Security) Hackers are becoming more sophisticated in their attacks, and they are increasingly viewing schools and higher education institutions as easy targets.

Design and Innovation

Army wants a more secure dev environment for cyber tools (Fifth Domain) The Army is beginning to work with the Pentagon on Unified Platform.

Facebook updates political ad rules with eyes on '20 election (Seeking Alpha) Facebook (FB -1.1%) is continuing to get ready for the 2020 U.S. election with new rules for political advertising.

Updates to Ads About Social Issues, Elections or Politics in the US (Facebook Newsroom) We’re sharing additional steps we’re taking to protect elections and prepare for the US 2020 election.

Apple is turning Siri audio clip review off by default and bringing it in house (TechCrunch) The top line news is that Apple is making changes to the way that Siri audio review, or “grading,” works across all of its devices. First, it is making audio review an explicitly opt-in process in an upcoming software update. This will be applicable for every current and future user of …

Apple to stop storing Siri recordings without permission after privacy backlash (The Telegraph) Apple will stop storing audio recordings of what users say to Siri unless they explicitly opt in, following a privacy backlash against the widespread practice of humans listening to users' voice clips without their knowledge.


Every Computer Science Degree Should Require a Course in Cybersecurity (Harvard Business Review) Just one of the top 24 U.S. undergraduate programs does.

New master's in computer information systems approved for Northwestern State (KALB) A Master’s of Science in Computer Information Systems at Northwestern State University has been approved by the State Board of Regents.

Durham College announces new Certified Threat Intelligence Analyst training program (EC-Council Official Blog) Durham College (DC) is pleased to announce that its Hub for Applied Research in Artificial Intelligence for Business Solutions (the AI Hub) and the School of Continuing Education will be delivering the first Canadian training session of the Certified Threat Intelligence Analyst (CTIA) course.

SMCC Cyber Security program earns national award (Press Herald) The program, which has had a steady increase in enrollment, and can lead to a variety of employment opportunities for graduates.

The UTSA Academy of Distinguished Researchers inducts three faculty members (UTSA Today) The UTSA Academy of Distinguished Researchers (ADR) has selected three senior faculty members for induction this calendar year.

Legislation, Policy, and Regulation

Australia Tries to Curb Foreign Interference at Universities (SecurityWeek) Australia has formed a task force that includes a cybersecurity working group to crack down on attempts by foreign governments to meddle in Australian universities.

Real China threat isn't trade. It's national security and intellectual property theft. (USA TODAY) Trump's trade war and tariffs are costly and misguided. His top priorities when it comes to China should be IP theft, security, North Korea and Iran.

Scrapped intelligence pact draws United States into deepening South Korea-Japan dispute (Reuters) South Korea's decision to scrap a military intelligence-sharing pact with J...

Trump’s National Security Advisor to Visit Belarus (Foreign Policy) The highest-level trip this century will likely anger the Kremlin, even as the U.S. president tries to bring Russia back into the G-7.

DHS questions vulnerability disclosure program (Fedscoop) The Department of Homeland Security plans to collect information on security vulnerabilities in its information systems and wants to know if its methods are sound.

Agency Information Collection Activities: Vulnerability Discovery Program (Federal Register) The Department of Homeland Security, Office of the Chief Information Security Officer, will submit the following Information Collection Request (ICR) to the Office of Management and Budget (OMB) for review and clearance in accordance with the Paperwork Reduction Act of 1995.

Litigation, Investigation, and Law Enforcement

Avast, French Police Remove Retadup Malware From 850,000 PCs (SecurityWeek) Avast and French police have cleaned up 850,000 computers infected with Retadup malware after taking control of its C&C server.

Malware Operation Making Millions Defeated by Design Flaw (BleepingComputer) The reign of Retadup botnet over more than 850,000 systems has reached an end as its command and control server (C2) was taken down by security researchers from antivirus maker Avast working with the French National Gendarmerie.

Putting an end to Retadup: A malicious worm that infected hundreds of thousands (Avast Threat Labs) Retadup is a malicious worm affecting Windows machines throughout Latin America. Its objective is to achieve persistence on its victims’ computers, to spread itself far and wide and to install additional malware payloads on infected machines. In the vast majority of cases, the installed payload is a piece of malware mining cryptocurrency on the malware …

Microsoft’s lead EU data watchdog is looking into fresh Windows 10 privacy concerns (TechCrunch) The Dutch data protection agency has asked Microsoft’s lead privacy regulator in Europe to investigate ongoing concerns it has attached to how Windows 10 gathers user data. Back in 2017 the privacy watchdog found Microsoft’s platform to be in breach of local privacy laws on account of h…

Facebook Gets German Data Probe Into Voice Transcriptions (Bloomberg) Social network is facing intense regulatory scrutiny in Europe. Speech recognition forms new front for tech privacy probes.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Global Security Exchange (GSX) (Chicago, Illinois, USA, September 8 - 12, 2019) Global Security Exchange (GSX) is the only event that brings together security professionals from all vertical markets throughout the world to network, learn, and re-invest in the industry. It’s home for...

CPX 360 Bangkok (Bangkok, Thailand, January 14 - 16, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable...

CPX 360 New Orleans (New Orleans, Lousiana, USA, January 27 - 29, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable...

CPX 360 Vienna (Vienna, Austria, February 4 - 6, 2020) At CPX 360, you’ll gain an in-depth understanding of today’s dynamic threat landscape and the emerging challenges within cyber security. Get a look at the next wave of Check Point innovation and discover...

Upcoming Events

Industrial Control Systems Joint Working Group (ICSJWG) Fall Meeting (Springfield, Massachusetts, USA, August 27 - 29, 2019) The Cybersecurity and Infrastructure Security Agency (CISA) hosts the Industrial Control Systems Joint Working Group (ICSJWG) to facilitate information sharing and reduce the risk to the nation’s industrial...

Integrate (Melbourne, Victoria, Australia, August 27 - 29, 2019) Get ready to think beyond and lose yourself in the technology of tomorrow at Integrate 2019. Integrate is Australia's leading event dedicated to helping businesses harness the power of AV technology to...

Washington DC Cybersecurity Conference (Washington, DC, USA, August 29, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

9th Annual Peak Cyber Symposium (Colorado Springs, Colorado, USA, September 3 - 5, 2019) The Peak Cyber Symposium is designed to further educate Cybersecurity, Information Management, Information Technology and Communications Professionals by providing a platform to explore some of today's...

9th Annual Peak Cyber Symposium (Colorado Springs, Colorado, USA, September 3 - 5, 2019) The Information Systems Security Association (ISSA) - Colorado Springs Chapter will once again host the 9th Annual Peak Cyber Symposium. This year's theme is "Cyber Hygiene: Everyday for Everyone." The...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.