skip navigation

More signal. Less noise.

Experiencing poor performance with your legacy antivirus? Try CB Defense.

Does your legacy antivirus slow down end user endpoints? Try Carbon Black's lightweight, next-generation antivirus + endpoint detection and response solution in your environment for free!

Compare CB Defense to your current solution using real-world scenarios, and see how operations transform across your security and IT teams. After you've finished your 15-day trial, you'll have everything you need to build a business case and make the switch. Gain superior protection, simplified operations, and actionable visibility today.

The Week that Was.

Duty of Care, and other emerging norms.

The Duty of Care Campaign in the UK advocates requiring social media to protect younger users' mental health.A spokesperson for HM Government said they "have heard calls for an Internet Regulator and to place a statutory ‘duty of care’ on platforms, and are seriously considering all options" (Independent).

Instagram chief Adam Mosseri supports the legislation, saying social media companies "have a responsibility to improve," and that Instagram will do so (Telegraph). His decision was motivated largely by the death of a 14-year-old girl who took her own life after viewing self-harm images on Instagram.

The US state of Maryland's Senate voted to update the state's cyberbullying law. The law would now cover even a single act of online cruelty, not just repeated instances, and would no longer require that bullying communication be sent directly to the victim (Baltimore Sun). The ACLU says the bill goes "vastly overboard" (WTOP).

Want An Insider View Into the Methods and Exploits of the World's Most Famous Hacker?

The world's most reputable organizations rely on Kevin Mitnick to uncover their most dangerous security flaws and Kevin’s knowledge of social engineering can help you stay a step ahead of the bad guys too. Wouldn’t it be great to learn about the latest threats and find out “What Would Kevin Do”? Now you can!

  • See demos of the latest attack strategies
  • Discover how these vulnerabilities may affect you
  • Learn how to stop the bad guys

Save your spot for the live webinar!

China's cyber espionage efforts.

Chinese hackers are suspected to be behind the cyber incident Airbus disclosed on January 30th, a source close to the investigation told Challenges. The attack pattern is said to closely resemble that used by Chinese state-sponsored APT10, also known as Stone Panda or menuPass. The hackers apparently began by infiltrating the networks of an Airbus supplier, which was alerted to the attack by ANNSI in December. The subcontractor notified Airbus, and investigation revealed that the attack had compromised Airbus as well. The data affected were "mostly professional contact and IT identification details of some Airbus employees in Europe."

APT10 is also the primary suspect in a large cyberespionage campaign tracked by Recorded Future and Rapid7 between November 2017 and September 2018. The campaign targeted a US law firm specializing in intellectual property law, an international apparel company, and Norwegian managed service provider Visma. The attackers broke into their targets' networks using stolen credentials for Citrix and LogMeIn remote-access software. Once inside, they conducted privilege escalation and used DLL sideloading to deliver malware. In Visma's case, the attackers deployed the Trochilus RAT. The other two victims were compromised by the UPPERCUT backdoor, via the Notepad++ updater and sideloading DLLs. 

Australian authorities are looking into whether China was behind a cyberattack against Australia's Federal Parliament computer systems. A source told the Australian Broadcasting Corporation that the attackers were sophisticated and swift. The investigation is still in its early stages, however, and the Parliament's presiding officers stress that "accurate attribution of a cyber incident takes time."

Get comprehensive information about securing the DIB supply chain

According to a 2018 Ponemon report, 61% of surveyed organizations have experienced a data breach caused by a third-party vendor. Cyber criminals are targeting Defense Industrial Base (DIB) supply chain vendors in order to gain access to government networks. The latest case study from Attila Security will help identify solutions to keep your organization’s data secure while avoiding disruptions to the DIB supply chain. Download the Vulnerabilities Within The DIB Supply Chain Case Study today.

China's companies prompt widespread security concerns.

An upcoming annual report from GCHQ's Huawei Cyber Security Evaluation Centre will state that Huawei failed to address the security issues identified by the Centre last year. The Telegraph—which heard from sources familiar with a draft review—describes the report as "damning." Huawei preemptively sent Parliament a letter denying wrong-doing and saying that, realistically, it would take three-to-five years for it to put in place the confidence-building measures the company has promised.

Some Canadian politicians and observers are also increasing their calls for Huawei to be banned, since other members of the Five Eyes have already done so (Global News).

Politico says US President Trump is likely next week to sign an Executive Order banning Huawei from US mobile networks. The Executive Order is expected out before MCW Barcelona (formerly Mobile World Conference) meets this month.

Register for the RSA Conference 2019 today!

Expert-led sessions. Two Expo halls full of the latest cybersecurity solutions. Fascinating keynote speakers. You guessed it—it’s RSA Conference 2019, March 4 – 8 in San Francisco, the ultimate place to expand your knowledge, your perspective, your network and your career. From the latest trends to best practices, RSAC 2019 is your one-stop-shop for cybersecurity intel. Register today.

Election influence operations updates.

Lithuania's intelligence agencies believe Russia will try to interfere in its upcoming elections, possibly by spreading "propaganda and disinformation in Lithuanian social media." Russia says such fears are nonsense (Reuters).

In the US, the Departments of Homeland Security and Justice reported to the president on the impact of foreign activity on election or campaign infrastructure during the 2018 US midterm elections. Details remain classified, but the Departments report they found no evidence of foreign "material impact on the integrity or security of election infrastructure."

Access Unlimited Virtual Practice Labs - Limited Time Offer

Develop your cybersecurity skills through hands-on learning with unlimited virtual labs from Rangeforce, Kaplan, Practice Labs, Cydefe, and more. Cybrary is the world’s fastest growing cybersecurity online learning platform, dedicated to offering the most current industry tools and curriculums taught by subject matter experts, and providing the best hand-ons labs and certification preparation anywhere. Join Cybrary Insider Pro for 30% OFF using discount code CYBERWIRE30.

Crime and punishment.

Europol is bringing legal action against more than 250 customers ofWebstresser, a DDoS-for-hire service that was shut down last April by US, UK, and Netherlands authorities (KrebsOnSecurity).

No bots or sockpuppets allowed, at least not in the State of New York, which has reached a settlement with Devumi, a company that folded late last summer under the reputational damage done by the Attorney General's investigation. Devumi used imposter accounts to inflate the social media engagement of celebrities, businesses, ordinary people with immoderate desires for this kind of factitious glory. The settlement concluded that bogus engagement by fake identities constituted illegal deception, and that such engagement by stolen identities amounted to illegal impersonation (Naked Security). The company and its "offshoots" are barred from such business in the future. The owner, German Calas Jr., took a no-contest plea and agreed to pay a $50 thousand fine (New York Post). 

Bloomberg reports on an FBI investigation into an alleged attempt by Huawei employees to steal trade secrets from a small, Illinois-based semiconductor company. Adam Khan, founder and CEO of Akhan Semiconductors, Inc., says he sent Huawei a sample of his patented diamond glass in March 2018, hoping that the major smartphone manufacturer would decide to buy the super-strong display glass for use in its products. Although Huawei signed a letter of intent promising to return the sample undamaged within sixty days, the company sent most of it back five months later, heavily scratched and broken into pieces, apparently in the course of destructive testing. Huawei had also sent the ITAR-regulated material to China, potentially violating US law. Akhan contacted the FBI and worked with the agency on a January 9th sting operation involving two Huawei employees. The FBI raided Huawei's San Diego lab on January 29th. The results of the raid remain unknown, with no charges filed so far (Gizmodo).

The US Attorney’s Office in San Francisco on Monday indicted two men in a SIM swapping scheme. The defendants face years in prison if found guilty (Ars Technica). Last week a 20-year-old man became the first person to be convicted in the US of SIM swapping: he accepted a plea deal of ten years in a California prison (Motherboard).

Courts and torts.

The Telegraph reports that the UK's data protection authority is investigating claims that Google has violated GDPR. If the company is found guilty, it could be fined up to 4 percent of its global annual turnover, which amounts to approximately $4 billion (£3.1 billion) (Computing). The UK's Information Commissioner's Office (ICO) says it's working with other data protection authorities in other European countries, as well as the European Data Protection Board, to review complaints concerning Google (Digiday). Last month, France's data protection authority CNIL fined Google €57 million.

North Carolina-based power company Duke Energy has been fined a record $10 million by the North American Electric Reliability Corporation (NERC) for a number of security violations that took place between 2015 and 2018 (Utility Dive). NERC's public filing–which redacts the company's identity–says that the size of the fine was "due to the systemic nature of the violations," and places the blame primarily on "managerial oversight." 

This isn't in court, not yet, anyway, but lawyers are involved. Amazon founder and Washington Post owner Jeff Bezos has taken to Medium to denounce the National Enquirer's corporate parent AMI's boss David Pecker for "extortion and blackmail" over a threat to release intimate photos. He sees a political motivation behind the threat: emails he shares in his post suggest that AMI wanted the Post to call off reporting that AMI was pushing a political agenda. Mr. Bezos publicly declined ("No thank you, Mr. Pecker"), effectively told AMI to publish and be damned, and asked, rhetorically, "If in my position I can’t stand up to this kind of extortion, how many people can?"

Policies, procurements, and agency equities.

The US Department of Defense is tightening the enforcement of cybersecurity regulations for government contractors. Susan Cassidy from Covington and Burling LLP told Federal News Network that the Pentagon will review companies' compliance with the standards laid out in NIST Special Publication 800-171 before awarding contracts. Cassidy recommends that business development teams and legal teams read up their companies' compliance with the standards, because "it’s going to impact your competitive landscape."

The National Cybersecurity Preparedness Consortium (NCPC) Act, introduced in the US Senate, would authorize the Department of Homeland Security to engage more closely with its partners in the Consortium to provide training for a wide range of eligible personnel, not all of the Federal, as well as other services. The NCPC's members are the University of Texas at San Antonio, Texas A&M, the University of Memphis, the University of Arkansas, and Norwich University (Meritalk).

Fortunes of commerce.

Booz Allen Hamilton lost $20 million as a result of the government shutdown. The company's CFO Lloyd Howell says it's uncertain how much of the money (if any) they'll be able to recoup (Quartz).

Early stage investment in UK startups is down, falling 15% from a record £8.27 billion in 2017 to £7 billion in 2018. The commentariat points to Brexit uncertainties as the cause (The Telegraph).

Google is now said to pay more in European fines than it pays in European taxes (Computing). This could mean several things. Maybe Google's tax attorneys are better than its compliance attorneys. Or maybe the way to understand GDPR is that it's like a speed trap in the proverbial small, southern, American town (fictional town, we hasten to add). Except over there it's an Information Commissioner waiting behind a virtual billboard for some Big-Tech big-rig to come speeding past, and not a good ol' boy with a badge in a Crown Vic. And the stakes are higher than they were when Boss Hogg was running Hazzard County. Instead of thirty dollars or thirty days, when des cyber-flics bag you with Hans or Franz's data in your ordinateur, it's €20 million or 4% annual global turnover. Whichever's higher. 

Labor markets.

The US Intelligence Community is conducting one of Government's perennial campaigns to attract university graduates to cyber careers (Fifth Domain).

There are also efforts afoot to improve both proficiency and retention of cybersecurity professionals in the US Government. The Federal Rotational Cyber Workforce Act has been reintroduced in the Senate. It would give Federal workers tours in universities where they could enhance their skills (FCW). 

The US Air Force says it's made significant progress towards decreasing its security clearance backlog, currently around 57,000, down from nearly 80,000 in March 2018. The Air Force thinks temporary regional interview hubs did a lot to speed processing (Federal News Network).

Mergers and acquisitions.

Reuters says Dell is exploring the sale of SecureWorks, a company valued at nearly $2 billion. Morgan Stanley is believed to be assisting with the early stages of the process. Dell and SecureWorks declined to comment, and Morgan Stanley did not respond to Reuters's inquiry. SecureWorks has been publicly traded since 2016, but Dell owns 85% of it.

Palo Alto Networks is rumored to be in talks to acquire Demisto, said to be attractive for its automated security management tools (

Colorado-based endpoint protection company Webroot will be acquired by Carbonite for $618.5 million. The goal of the acquisition is to build Carbonite's capability to deliver both cloud-based endpoint protection and backup-and-recovery services to small and medium businesses (CRN). Boston-based Carbonite told analysts and investors it intends to go after eight rivals in particular: Acronis, Barracuda, Datto, and Veeam in the data protection space, and endpoint security companies AvastMcAfee, Sophos, and Symantec (Channel e2e).

In a clear push toward the critical infrastructure market, IPKeys has acquired SigmaFlow (Washington Technology). The New Jersey-based company intends the acquisition to serve its goal of extending its IPKeys Power Partners subsidiary's services from the Federal and Defense market to the utility and public safety network communications sectors (PRNewswire).

Haven Cyber Technologies, based in Luxembourg, has acquired Onevinn, a Swedish provider of Microsoft cloud security services. The goal is a larger share of Europe's managed services market (Private Equity).

VMWare announced that it has bought its technology partner AetherPal, a remote device management start-up. VMWare sees AetherPal's technology as offering an enhancement to VMWare's Workplace ONE product (CRN).

Minneapolis-based IT and business process automation company HelpSystems has acquired assets of Core Security from SecureAuth. The acquisition is seen as enhancing its cybersecurity offerings and its product development capability (Dark Reading).

Investments and exits.

Silicon Valley start-up vArmour has raised $44M in a Series E round led by AllegisCyber and NightDragon. The company intends to pursue the market in cloud environments for its application security technology (vArmour). 

Signal Sciences, the Southern California-based web application security firm, has received a $35 million Series C round led by Lead Edge Capital. Existing investors CRV, Index Ventures, Harrison Metal, and OATV also participated (BusinessWire).

Belgium-based Guardsquare, the mobile security company, has closed a $29 million first round of institutional financing. The investment was led by Battery Ventures (CISO Mag).

Blue Hexagon has emerged from stealth with a $31 million investment by Benchmark and Altimeter (TechCrunch). The company, founded in 2017 by former Qualcomm executives and employing FireEye, Palo Alto Networks, Symantec, and Amazon alumni, applies aitificial intelligence to data security (Silicon Valley Business Journal).

Illumio announced that it's closed a $65 million Series E round led by J.P. Morgan Asset Management. The micro-segmentation shop will use the money, initially, to increase its presence in markets important to its growth strategy (PRNewswire).

San Francisco-based Netography, which offers an enterprise autonomous network security platform, has received $2.6 million in seed funding from Andreessen Horowitz (OA Online).

And security innovation.

NIST has narrowed its search for quantum-resistant public-key cryptographic algorithms and digital signatures down to 26 candidates for the second round of its standardization process. NIST's report on the first round says that the remaining candidates were chosen based on "1) security, 2) cost and performance, and 3) algorithm and implementation characteristics" (GCN).

The finalists for the RSAC Innovation Sandbox Contest have been announced (CSO). Arkose Labs uses global telemetry and enforcement technology to prevent online fraud. It offers a 100% service-level agreement on fraud prevention. Axonius is a cybersecurity asset management platform that provides a unified view of all devices within an organization's environment, including cloud, IoT, and BYOD assets. Capsule8 provides a real-time, zero-day exploit detection platform for Linux production environments. CloudKnox Security uses activity-based authorization to provide identity and privilege management for hybrid cloud environments. DisruptOps provides a cloud-native SaaS-based cloud management platform which automatically detects and fixes security, operational, and economic issues in cloud environments. Duality Technologies' SecurePlus™ platform uses high-performance homomorphic encryption to allow advanced computations and analytics on encrypted data. Eclypsium provides hardware and firmware protection that identifies and defends against device-level vulnerabilities. Salt Security provides real-time, behavior-based protection against logic-based API attacks. ShiftLeft's Ocular examines software artifacts to identify technical and business logic vulnerabilities, as well as detecting data leaks from source code. WireWheel is a cloud-based data privacy and protection platform to help organizations comply with privacy regulations like GDPR and CCPA.


Today's issue includes events affecting Australia, China, Lithuania, Russia, United Kingdom, United States.

From us in Baltimore, ave atque vale, Frank Robinson.

Research Saturday is up. In this issue, "Trends and tips for cloud security," we speak with Palo Alto Networks about some of their work. The team at Palo Alto Networks' Unit 42 recently published research tracking trends in how organizations are addressing cloud security, along with tips for improvement. Ryan Olson is VP of threat intelligence at Palo Alto Networks, and he joins us to share their findings.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.