skip navigation

More signal. Less noise.

The Best Defense is a Good Offense

A defensive security posture is no match against today’s sophisticated adversaries—your organization needs to take a proactive approach to address these threats. To be successful, analysts need to understand the tactics, techniques, and procedures used against your organization. The key to understanding the adversary’s motives and patterns? Threat modeling, risk scoring, and gap analysis. Read more about the importance of threat modeling in our newest whitepaper, The Power of a Tailored Threat Model.

Daily briefing.

Microsoft this morning said it had discovered another Russian cyber operation targeting think tanks critical of Moscow. The institutions Redmond says were hit include the German Council on Foreign Relations, European branches of the Aspen Institute, and the German Marshall Fund, so there's a clear Atlanticist flavor to the target list. The method of attack was spearphishing; the spearphisher is said to have been Fancy Bear, that is, Russia's GRU military intelligence service.

Fancy Bear's goal appears to be influencing European elections, both upcoming national elections and the EU elections scheduled for May. Microsoft notes that its findings would seem to confirm alarms raised in many European governments. Ukraine has been particularly explicit in its concerns. That country's National Security and Defense Council announced yesterday that it will undertake joint cyber defense exercises with EU partners in the near future. The announcement was accompanied by charges that Russian hacking and influence operations have risen unabated as Ukraine's March 31st presidential election approaches.

Moscow may sometimes be a victim, too: Check Point says it's detected signs that North Korea's Lazarus Group is turning its attentions to Russia.

A decryptor is now available for GandCrab ransomware's version 5.1, BleepingComputer reports. The fix, by Bitdefender, Romanian Police, Europol, and other law enforcement partners, is also effective against some earlier versions. There are, however, already signs that GandCrab version 5.2 is beginning to circulate in the wild.

An exchange of letters between Citizen Lab and Novalpina outline the suspicions that persist around NSO Group.


Today's issue includes events affecting Australia, Brazil, Canada, China, European Union, Israel, Democratic Peoples Republic of Korea, Russia, Ukraine, United Kingdom, United States.

Join the blue team with ExtraHop at RSA 2019.

Headed to San Francisco in March? Skip the rush of the show floor and book your threat hunting session in advance. ExtraHop puts you in the cockpit with network traffic analysis so you can be the blue team as an attack unfolds, reconstruct a database exfiltration, and more. Schedule your demo now to explore security at enterprise scale at RSA!

In today's podcast, out later this snowy, snowy afternoon, we speak with Mike Benjamin from our partners at CenturyLink. He offers an update on the Necurs botnet. Our guest is Tommy McDowell from the R-CISC (the retail ISAC) on the importance of sharing threat data.

Experience Deep Learning for Network Threat Protection at RSA 2019 (San Francisco, California, United States, March 4 - 8, 2019) Signatures and sandboxes can’t keep up with automated attacks. Visit Blue Hexagon booth N4204 and hear how we’re harnessing deep learning to stop known and unknown network threats in less than a second. Pick up a free copy of the book “How To Measure Anything in Cybersecurity Risk.”

Register for the RSA Conference 2019 today! (San Francisco, California, United States, March 4 - 8, 2019) Be part of an empowered global community at RSA Conference 2019, March 4 – 8 in San Francisco. With the latest cybersecurity solutions, countless experts and more, it’s easy to see why RSAC is infosec’s leading event.

Visit LookingGlass at RSA 2019 to Handle Your Risky Business (San Francisco, California, United States, March 4 - 8, 2019) Join LookingGlass at RSA 2019 to learn more about how we can help you manage your organization’s risky business. Get a free expo pass when you reserve a personal, in-depth demo tailored to your security needs!

XM Cyber is coming to RSA (San Francisco, California, United States, March 4 - 8, 2019) Visit XM Cyber at the Innovation City, Booth IC2233, to experience the first fully automated APT simulation platform to Simulate, validate and remediate every hacker’s path to organizational critical assets.

5th Annual Cyber Security Conference for Executives (Baltimore, Maryland, United States, March 13, 2019) The 5th Annual Cyber Security Conference for Executives, hosted this year by The Johns Hopkins University Information Security Institute and Ankura, will be held on Wednesday, March 13th, in Baltimore, Maryland. This year’s theme is cybersecurity compliance and regulatory trends, and the conference will feature discussions with thought leaders across a variety of sectors. Join the discussion and learn about current and emerging cyber security threats to organizations, and how executives can better protect their enterprises. Register today!

Cyber Attacks, Threats, and Vulnerabilities

North Korea Turns Against New Targets?! (Check Point Research) Over the past few weeks, we have been monitoring suspicious activity directed against Russian-based companies that exposed a predator-prey relationship that we had not seen before. For the first time we were observing what seemed to be a coordinated North Korean attack against Russian entities. While attributing attacks to a certain threat group or... Click to Read More

Microsoft says it has found another Russian operation targeting prominent think tanks (Washington Post) Microsoft said it had found and attempted to disrupt a "spear-phishing" attack by Russian intelligence aimed at groups that had criticized Russia.

Russia-Linked Hackers Responsible for Vast European Cyber Attacks, Says Microsoft (Fortune) Microsoft vice president Tom Burt said the attacks "validate" warnings of potential Russian interference in the 2019 European elections

Microsoft Says Russian Hackers Targeted European Think Tanks (Bloomberg) Tech giant validates warnings ahead of European elections. Concerns grow that Russia will try to hack global elections.

Oleksandr Turchynov: Russia is going to use the entire arsenal, including cybernetic means, to influence the democratic will of the Ukrainian people - National Security and Defense Council of Ukraine (National Security and Defense Council of Ukraine) A meeting of the National Coordination Center for Cybersecurity was held under the chairmanship of Secretary of the National Security and Defense Council of Ukraine Oleksandr Turchynov.

CrowdStrike: Nation-state cyber operations gaining steam (FCW) Cyber operations have become even more integral to global powers, according to a threat report, even as the U.S. seeks to impose greater costs for bad behavior in the digital space.

Insights on modern adversaries and their tactics, techniques, and procedures (Help Net Security) CrowdStrike’s global observations with real-world case studies deliver deep insights on modern adversaries and their tactics, techniques, and procedures.

Here's how experts tell when a cyber attack is done by a state actor (ABC News) Whether it's hackers stealing files from defence contractors or Federal Parliament's computer network being undermined, Australia has for years come under attack by a variety of cyber thieves.

Huawei's founder denies presence of 'backdoors' for spying (The Bull) The founder of Chinese telecom giant Huawei has hit back at US efforts to blacklist the company and denied there are any

A hacker intercepted your WiFi traffic, stole your contacts, passwords, & financial data. (Hacker Noon) It’s so easy to monitor the public’s Internet traffic. WiFi isn’t as secure as you might think.

Major security issues found in popular password managers (TechRadar) But don’t stop using these security apps for 123456’s sake

Fortnite, Netflix and Uber accounts selling for just £8 on dark web (The Independent) Cyber crime researchers say high-profile data breaches have contributed to a thriving online black market

Ryuk: What does the helpdesk tell us? (Help Net Security) In the case of Ryuk we are dealing with a ‘targeted’ form of ransomware aimed at organizations as opposed to the simple ‘fire and forget’ approach.

92 Million MyHeritage Genealogy Accounts Breached. Now What? (Security Boulevard) The bad news is that previously 92 million MyHeritage user accounts were compromised.

Patients, health data experts accuse Facebook of exposing personal info (TheHill) A group of patients and health data experts is accusing Facebook of misleading users about how their personal health information can be manipulated and exposed without patients' explicit permission.

Phishing vs spear phishing vs whaling attacks (Security Boulevard) Learn more about the differences between phishing, spear phishing and whaling attacks, and find out how you can keep your business safe.  The post Phishing vs spear phishing vs whaling attacks appeared first on Emsisoft | Security Blog.

Security Patches, Mitigations, and Software Updates

Microsoft's next patch is a must if you want future Windows 7 security updates (TechSpot) Windows 7 and Windows Server 2008 users will want to circle March 12, 2019, on their calendars as that date will be crucial should you want to continue receiving security updates from Microsoft.

Cyber Trends

AI Is Not Just Getting Better; It’s Becoming More Pervasive (Harvard Business Review) Advances in artificial intelligence (AI) software and hardware are giving rise to a multitude of smart devices that can recognize and react to sights, sounds, and other patterns—and do not require a persistent connection to the cloud. These smart devices, from robots to cameras to medical devices, could well unlock greater efficiency and effectiveness at organizations that adopt them.


15 Cybersecurity Stocks to Watch As the Industry Heats Up (InvestorPlace) These 15 cybersecurity stocks are shaping the future of digital security, and a few of them could turn into huge success stories.

Splunk pulls out of Russia with mysterious statement (ZDNet) Company to honor ongoing contracts, but the long term plan is to stop selling Splunk access to Russian companies.

Bandura Cyber Expands Funding Round to Over $10 Million (BusinessWire) Bandura Cyber today announced a Series A round of funding.

Palo Alto Networks to acquire Demisto for $560M (TechCrunch) Palo Alto Networks announced today that it intends to acquire security startup Demisto for $560 million. The company sees a tool that can help enhance the Palo Alto security portfolio by adding a higher level of automation. “The addition of Demisto’s orchestration and automation technol…

Senseon raises $6.4M to tackle cybersecurity threats with an AI ‘triangulation’ approach (TechCrunch) Darktrace helped pave the way for using artificial intelligence to combat malicious hacking and enterprise security breaches. Now a new U.K. startup founded by an ex-Darktrace executive has raised some funding to take the use of AI in cybersecurity to the next level. Senseon, which has pioneered a …

Cyber Risk Scorecard Provider NormShield Secures $3.5M in Seed Funding (PR Newswire) NormShield, provider of comprehensive, on-demand cyber risk scorecards for enterprises, today announced the close of ...

Apple acquires artificial intelligence voice startup PullString: report (ZDNet) Reports suggest the deal has been quietly signed for at least $30 million.

Coinbase buys blockchain intelligence startup to boost security and new asset discovery (TechCrunch) Coinbase, the world’s most valuable crypto company, is gearing up to add more cryptocurrencies to its exchange thanks to its latest acquisition. We already know the firm wants to offer a glut of new crypto assets, but today it announced it has snapped up blockchain intelligence startup Neutri…

Exclusive Group acquires SecureWave to advance global VAD reach (Help Net Security) Exclusive Group, the value-added services and technologies group, is acquiring SecureWave, one of Israel’s leading independent cybersecurity VADs.

Veteran-owned Ellicott City IT firm wins $45.5 million federal contract (Baltimore Business Journal) Veteran-owned IT firm Data Computer Corporation of America has won another federal contract, worth $45.5 million.

IBM inks $700M AI, blockchain deal with multinational bank (Becker's Hospital Review) IBM signed a five-year agreement with Madrid -based Banco Santander to enable the multinational commercial bank and financial services firm to accelerate its business transformation.

Lockheed Martin reorganizes around integrated cyber, electronic warfare and intelligence (C4ISRNET) Lockheed recently created a new business it's calling spectrum convergence.

No longer a 'big, fat, honking firewall': Cisco focuses on the network amid multicloud complexity (CIO Dive) Companies have a "more complicated environment than they had five years ago when they began this journey to simplification," said CEO Chuck Robbins.

Cybersecurity firm Jask makes Austin sole headquarters (Austin American-Statesman) Cybersecurity firm Jask, which previously announced it would split its headquarters between Austin and San Francisco, will make Austin its only

IBM to launch research center on Artificial Intelligence in Sao Paulo (MercoPress) IBM is set to launch a research center in the Brazilian city of São Paulo focused on development of solutions around artificial intelligence. The AI center will be the first Latin American institution of IBM's AI Horizons Network. It will be jointly run by the company and the São Paulo Research Foundation (FAPESP) to pursue “a disruptive research program”, with the potential to “promote paradigm shifts in AI.”

Cyber security pioneer, CipherTechs, enters the Boston/New England Market (PR Newswire) CipherTechs, a leading New York City-based cyber security company, announced it is expanding into northern New England...

NTT Security CEO Americas Elected to Board of Directors of Cyber Threat Alliance (The Progress ) NTT Security, the specialized security company of NTT Group, announces the appointment of CEO Americas, John Petrie, to the Board of Directors of the Cyber Threat

Hexagon adds CACI vet Rich (Washington Technology) Hexagon hires former CACI International programs lead Emma Rich as a senior vice president in the federal business.

Splunk Welcomes Carrie Palin as Chief Marketing Officer (Odessa American) Splunk Inc. (NASDAQ: SPLK), delivering actions and outcomes from the world of data, today announced it has appointed Carrie Palin as senior vice president, chief marketing officer (CMO). Palin joins from SendGrid where she served as CMO through the company’s acquisition by Twilio. At Splunk, she will oversee global marketing strategy reporting directly to Susan St. Ledger, president, worldwide field operations .

US Aussie Rules star scores CMO job with Carbon Black (CSO) Playing Aussie Rules "an amazing experience!"

Treliant adds Gerald R. Roop as Principal (Help Net Security) Gerald R. Roop has joined Treliant as a Principal, to develop sustainable compliance, risk, regulatory, and financial control programs.

Welcome Our New CEO, Mo Rosen (Digital Guardian) This is an exciting day for Digital Guardian. We’ve got a new CEO at the helm, Mo Rosen.

Products, Services, and Solutions

K2 Cyber Security Unveils the First Cloud Workload Protection Platform to Prevent Zero-Day Attacks in Real Time with No False Positives (BusinessWire) K2 Cyber Security, Inc. today announced the general availability of its cloud workload security platform, featuring two fundamental innovations that t

Kaspersky Lab Launches New Threat Intelligence Service (Computer Business Review) Kaspersky Lab has launched a new threat intelligence service, dubbed Kaspersky CyberTrace, which aggregates threat intelligence data feeds

Illusive Networks Introduces Interactive Cyber Intelligence to Better Defend Organizations Against Human Attackers (PR Newswire) Illusive Networks, the leader in human-driven cyberattack detection and response, today introduced the Illusive Attack...

With threats of cyberattacks looming over European elections, Microsoft expands AccountGuard cybersecurity program (GeekWire) European leaders are on high alert for potential cyberattacks ahead of major elections, and Microsoft reports hackers are also targeting groups focused on democracy, electoral integrity and public…

SK Telecom to launch quantum gateway for self-driving car security (ZDNet) SK Telecom will launch its Quantum Gateway Security solution that it says will prevent hacking of autonomous cars at Mobile World Congress.

Infocyte Partners With Check Point Software Technologies For Cloud-delivered Compromise Assessments, Proactive Threat Detection, Faster Incident Response (GlobeNewswire News Room) The partnership enables Check Point and their global partners to provide proactive detection across cloud, data center and endpoint environments

NTT Security re-builds Sydney SOC as demand grows (ARN) NTT Security has re-launched its security operations centre (SOC) in its Sydney headquarters on 19 February.

Baffle releases a data protection solution for serverless cloud workloads (Help Net Security) Baffle has released the first-to-market solution for data-centric protection of Amazon’s AWS Lambda, a pioneering serverless compute service.

Technologies, Techniques, and Standards

Ukraine Announces Joint Exercises with EU to Fend Off Russian Cyber Threats (BleepingComputer) Ukraine will organize a number of joint exercises in the near future with the European Union (EU) to develop appropriate response models to possible Russian cyber threats designed to interfere in Ukrainian presidential elections that will be held on March 31

European standards org releases consumer IoT cybersecurity standard (Help Net Security) A consumer IoT cybersecurity standard aims to establish a security baseline for IoT products and provide a basis for future IoT certification schemes.

Europol, Bitdefender Share GandCrab Ransomware Decryption Tool (HealthITSecurity) Europol's No More Ransom campaign and security firm Bitdefender just released a decryption tool for the latest version of GandCrab ransomware: a notorious variant with many healthcare victims.

Cyber Command’s 2019 plan for new tools (Fifth Domain) Cyber Command is moving out on several fronts to begin developing its own infrastructure and tools for cyber warriors.

Acknowledge, Apologize, Investigate: How Big Brands Combat Online Outrage (Wall Street Journal) If it feels like there is a steady stream of fresh outrage over consumer-brand gaffes, it may be because companies have become more adept at managing controversy than at pre-empting it.

CAST and Software Heritage Partner to Create World’s Largest Provenance Index of Publicly Available and Open Source Code (GlobeNewswire News Room) Software Intelligence lends unprecedented insight into IP license risk

7 Reasons to Move Away from Legacy AV (Security Boulevard) Why are businesses replacing their Legacy AV with Next-Generation Endpoint Security? Here's the top 7 reasons.

Design and Innovation

Making our strikes system clear and consistent (YouTube Creator Blog) We’re updating the way we give Community Guidelines strikes to a new, simpler system. We’ve worked with creators to understand what’s worki...

Who Puts the Ethics in AI? (Security Boulevard) Davos 2019, the annual meeting of the World Economic Forum, took place in January in its namesake city of Switzerland. Unsurprisingly, AI emerged as one of the leading topics of discussion (with 40 sessions dedicated to it, second only to US-China trade). Most of the conversation, however, centered on articulating abstract principles about the importance of ethics in AI, or, at best, calls for collaboration and research in this area.

RSAC Launch Pad enables companies to pitch high-profile venture capitalists (Help Net Security) At the RSAC Launch Pad, a panel of leading VCs will listen to pitches from startups competing for a chance to secure funding and expedite growth.

Research and Development

Detecting Trojan attacks against deep neural networks (Help Net Security) A group of researchers have been working on STRIP, a system for run time detection of trojan attacks on deep neural network models.

Analysis | Your friends’ social media posts are making you spend more money, researchers say (Washington Post) In the social media era, it's easier than ever to watch your friends and neighbors spend money. That "visibility bias" may be partly to blame for the falling savings rate, according to new research.

Congress bucks DHS on bid to move cyber research funding (FCW) Millions in cybersecurity research and development dollars will stay in DHS' Science and Technology directorate.

Legislation, Policy, and Regulation

What Is Agreed Competition in Cyberspace? (Lawfare) The concept of agreed competition allows for robust academic and policy analysis that, hopefully, will allow competition in cyberspace to evolve into a stable arena of global politics.

GERMANY : FDP wants to deprive BND of zero-day vulnerabilities (Intelligence Online) Germany's liberal-democratic FDP party proposed a resolution to the Bundestag

5G security risks remain even if Huawei gets the all clear (The Telegraph) British intelligence has ruled that any risks from using equipment made by Huawei, a Chinese company accused of “dubious covert practices”, are manageable.

Former DHS cyber leader and a current FCC member suggest path for 5G security beyond simply banning Huawei and ZTE (Inside Cybersecurity) A former top cyber official at DHS and a current Democratic member of the Federal Communications Commission are suggesting a more sophisticated approach to securing next-generation networks -- possibly involving standards-based certification of U.S. telecom providers' equipment -- over the flat-out bans on products from Chinese companies like Huawei and ZTE that have gained

Analysis | The Cybersecurity 202: 'Sometimes the old stuff is the best.' Sen. King wants the U.S. to unplug parts of electric grid (Washington Post) It's a lesson from the Ukraine hack.

Harris on election security: 'Russia can't hack a piece of paper' (TheHill) Sen. Kamala Harris (D-Calif.) on Tuesday issued a call for states to focus on election security and possibly adopt paper ballot measures, telling a crowd of New Hampshire voters that paper ballots remain the securest way to cast votes.

Litigation, Investigation, and Law Enforcement

Facebook acts like a law-breaking ‘digital gangster’, says official report (Naked Security) Facebook considers itself to be “ahead of and beyond the law,” UK lawmakers said in a report about “disinformation and ‘fake news.'”

Synopsys Says Software Security Co. Abused Its License (Law360) Synopsys Inc., which makes software for testing and designing computer chips, accused Fortinet Inc., a security software company, in California federal court of routinely skirting its software access licensing agreement to gain unauthorized access to Synopsys services.

Booz Allen, other contractors hit with no-poach class action (HR Dive) The complaint, which alleges that the agreements restricted employee mobility and suppressed wages, seeks damages and injunctive relief.

Wendy's $50M cyberattack settlement signals growing threat to QSRs (Restaurant Dive) The chain's latest lawsuit reveals how costly cyberattacks can be for restaurants, which are facing hacks to POS systems and loyalty programs.

[Letter from Novalpina Capital to Citizen Lab] (Citizen Lab) Dear Professor Diebert, I write to you in my capacity as one of the founding partners of Novalpina Capital...

Open Letter to Novalpina Capital on Involvement in the Purchase of NSO Group - The Citizen Lab (The Citizen Lab) We appreciate your commitment—as stated in your letter of February 15, 2019—to “helping NSO Group become more transparent about its business.” As a first step, we ask that Novalpina Capital provide answers to the following questions regarding Novalpina Capital and NSO Group’s human rights due diligence and corporate social responsibility practices.

Open letter to Novalpina Capital, CC: NSO Group, Francisco Partners (Amnesty) We, the undersigned organizations, release this open letter to Novalpina Capital regarding the recent announcement of the buyout of NSO Group from Francisco Partners. We call on Novalpina to publicly address our serious concerns regarding accountability for NSO Group’s involvement in previously documented spyware abuses, Novalpina’s current approach to addressing human rights impacts associated with NSO Group’s products and services, and the future trajectory of the company.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Insider Threat Program (ITP) Management - Insider Threat Detection & Data Analysis (Miami, Florida, USA, April 22 - 23, 2019) Insider Threat Program Management - Insider Threat Detection & Data Analysis Training The Insider Threat Defense Group will be holding its next class "Insider Threat Program (ITP) Management - Insider Threat Detection & Data Analysis", in Miami, FL, on April 22-23, 2019. At the completion of this training, students will be well versed on how to develop, implement, manage or enhance an ITP, and have the in-depth knowledge to gather, correlate and analyze an extensive amount of raw data sources to detect and mitigate Insider Threat Risks. The course has been taught to over 540+ organizations.

Norwich University CGCS 2019 Cyber Security Summit (Northfielf, Vermont, USA, June 18 - 19, 2019) Mid- and executive-level managers seeking to broaden their organizations’ approaches to prudent cyber security practices will gain insight through a series of workshops and discussions on relevant issues...

Upcoming Events

CPX Europe 360 2019 (Vienna, Austria, February 18 - 20, 2019) CPX 360 - the industry’s premier cyber security summit and expo - brings together the world’s leading cyber security experts to one venue. Gain a deep understanding of current challenges cyber security...

Cybersecurity, Privacy & Trust: A Media Perspective (San Francisco, California, United States, February 21, 2019) As cyberattacks escalate and public awareness around data privacy and security risks increases, companies are grappling with how to comply with regulations and restore consumer trust. From rethinking how...

National Cyber League Spring Season (Various, February 25 - March 24, 2019) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...

BSides Columbus 2019 (Columbus, Ohio, USA, March 1, 2019) BSides Columbus is a volunteer-run conference that gives local (and not-so-local) information-security enthusiasts a platform to share their discoveries and breakthroughs with the Central Ohio infosec...

FAIR Analysis Fundamentals Training Course before the 2019 RSA Conference (San Francisco, California, USA, March 3 - 4, 2019) FAIR Analysis Fundamentals training from FAIR Institute Technical Advisor, RiskLens, provides the conceptual foundation and practical experience necessary to competently perform FAIR analyses. This training...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.