skip navigation

More signal. Less noise.

How can industrial organizations stay ahead of ICS adversaries and proliferating threats?

Dragos identified the most dangerous threat to ICS, XENOTIME (the activity group behind TRISIS), has expanded its targeting beyond oil and gas--illustrating a trend that will likely continue for other ICS-targeting adversaries. Learn more about how taking an intelligence-driven approach to ICS cybersecurity can help organizations stay ahead of the latest threats to ICS environments. 

Daily briefing.

BlackBerry Cylance has published an overview of recent activity by OceanLotus (also known as APT32 or CobaltKitty). They're particularly interested in Ratsnif, a set of remote access tools Vietnam's cyberoperators worked with and used since 2016. Ratsnif (which offers packet sniffing, gateway and device ARP poisoning, DNS poisoning, HTTP injection, and MAC spoofing) had gone undetected for some time, probably because of its selective employment. It's not up to CobaltKitty's usual high standards of coding, and indeed BlackBerry Cylance finds it "sloppy." But then you only have to be good enough to attain your objectives, and achieve them Ratsnif generally did.

Google has removed more than a hundred apps from the Play Store after Trend Micro found one-hundred-eighty-two camera and game apps infested with adware. One-hundred-eleven were in Google Play, the rest in various third-party stores, CyberScoop reports.

Extortionists claiming to have installed a Trojan via EternalBlue-infected adult sites are lying. It's a pure scam, BleepingComputer says: delete the emails.

The Washington Post surveyed experts and found that most thought the US cyberattack against Iranian targets was the right call: it was nonlethal, properly discriminating in that it hit clearly military targets, and sensibly proportionate as a response to Iranian attacks on shipping and a US surveillance drone. Reservations the experts voiced involved concerns about escalation, the semi-public way the attack was avowed, the immature state of international laws of cyber conflict, and the possibility of attack tools escaping into the wild. An Iranian response can be expected, CipherBrief notes.


Today's issue includes events affecting Brazil, Canada, China, Egypt, Estonia, Finland, Germany, Hungary, Iran, Iraq, Kenya, Malta, NATO/OTAN, Netherlands, Pakistan, Russia, Singapore, Sweden, Syria, United Kingdom, United States, and Vietnam.

Bring your own context.

Using open source code is attractive, but it presents challenges, too: software supply chain security, patching, licensing, and so on. Where did the code come from, who owns it, and what rights are associated with it?

"And so, one of the big things that I personally advocate for is that development teams make friends with their lawyers. Take them out to lunch, hang out with them a little bit. It seems so goofy, but at some point in time, that legal team is going to need to be there for you. They should at least know that you're on 'the good guys' side' and you're not trying to do anything and bend any rules. You just are legitimately trying to do the right thing for the company. And when you have that relationship, it's a whole lot easier to go and have a conversation and say, look, I did this, how do we get ourselves unstuck?

—Tim Mackey, principal security strategist with the Synopsys Cyber Research Center, on the CyberWire's Research Saturday, 6.29.19.

Have you hugged your corporate counsel lately? How about your outside counsel? (Metaphorically hugged, of course.) Security teamwork at some point needs a legal player.

And a reminder to our readers: the CyberWire won't publish on July 4th, 5th, or 6th, as we observe the Amexit of 1776. Enjoy the Fourth.

Are you centralizing all security-related data from across the business?

Is there a challenge with your security data you haven’t been able to wrangle? Devo enabled one their customers – a top five US retail manufacturer – to move fast enough to outpace malicious bots by reducing query time from 5 hours to 5 minutes. That was something they couldn’t do with anyone else.

See how Devo can modernize your approach to security analytics in this report by ESG.

In today's podcast, out later this afternoon, we speak with our partners at the SANS Institute, as Johannes Ullrich (dean of research and proprietor of the ISC Stormcast podcast) talks us through Weblogic exploits. Our guest is Nick Jovanovic from Thales, with observations on cloud security in the federal space.

And Recorded Future's podcast, produced in partnership with the CyberWire, is also up. This episode, "Unwrapping Fishwrap, a New Social Media Misinformation Methodology" describes a novel disinformation campaign.

Cyber Security Summits: DC on July 16 and in Chicago on August 27 (Washington, DC, United States, July 16, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, The U.S. DOJ, Verizon, Center for Internet Security, IBM and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Passes are limited, secure yours today.

RSA Conference 2019 Asia Pacific & Japan (Singapore, Republic of Singapore, July 16 - 18, 2019) Join industry leaders and peers at the region’s leading cybersecurity event. Learn the latest issues and solutions, stay on top of new regulations, demo cutting-edge products, expand your skills and grow your personal network. Register now.

Wicked6 Cyber Games (Las Vegas, Nevada, United States, August 6, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.

Cyber Attacks, Threats, and Vulnerabilities

Vietnamese hacking group has a ‘Swiss Army knife’ of tools at its disposal (CyberScoop) A set of remote access tools used by Vietnam’s top hacking group remained largely undetected for years despite their reliance on sloppy code and other hacking techniques that fall short of the group’s normally high standard, according to research published Monday by BlackBerry Cylance.

Threat Spotlight: Ratsnif - New Network Vermin from OceanLotus (Threat Vector) The OceanLotus Group (aka APT32, CobaltKitty) is using a suite of remote access trojans dubbed 'Ratsnif' to leverage new network attack capabilities. In this blog, BlackBerry Cylance threat researchers have analyzed the Ratsnif trojans, which offer a veritable Swiss-army knife of network attack techniques.

RDP BlueKeep exploit shows why you really, really need to patch (Naked Security) A video of the exploit shows CVE-2019-0708 being exploited remotely, without authentication.

ETERNALBLUE sextortion scam puts your password where your name should be (Naked Security) Here’s a sextortion scam that puts your password right where your name would usually be, to rattle your cage even more than usual.

Billions of Records Including Passwords Leaked by Smart Home Vendor (BleepingComputer) A publicly accessible ElasticSearch cluster owned by Orvibo, a Chinese smart home solutions provider, leaked more than two billion user logs containing sensitive data of customers from countries all over the world.

Adware Campaign Identified From 182 Game and Camera Apps on Google Play and Third-Party Stores Like 9Apps (TrendLabs Security Intelligence Blog) We recently observed an active adware campaign concealed in 182 game and camera apps, majority of which were found on the Google Play Store.

This Scary Game Stole Passwords From Thousands of Android Users (Forbes) A horror game that was hiding in plain sight on Google Play terrified users with more than its gameplay.

MageCart Launches Customizable Campaign (Dark Reading) A tool new to MageCart bolsters the group's ability to evade detection and steal data.

Inter: Skimmer For All (Fortinet Blog) Learn about the Inter web skimmer campaign, recently uncovered by FortiGuard Labs…

Personalized medicine software vulnerability uncovered by Sandia researchers (Sandia Labs) A weakness in one common open source software for genomic analysis left DNA-based medical diagnostics vulnerable to cyberattacks.Researchers at Sandia National Laboratories i

The Infrastructure Mess Causing Countless Internet Outages (WIRED) You may not have heard of the Border Gateway Protocol, but you definitely know when it goes wrong.

Vulnerability Summary for the Week of June 24, 2019 (CISA) The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.  

Google Play Store scrubs more than 100 adware-infected camera and gaming apps (CyberScoop) Next time you’re thinking about downloading a new app — especially if it’s a freebie from the Google Play Store — and ask yourself: Is this worth getting hacked over?

Facebook abused to spread Remote Access Trojans since 2014 (ZDNet) It is estimated that tens of thousands of users became victims of the campaign.

Extortion Scam Claims EternalBlue Was Used to Install a Backdoor (BleepingComputer) An extortion scam is being distributed that claims a Remote Access Trojan, or RAT, was installed on your computer using the EternalBlue exploit. The scammers then go on to say that they used the RAT to take videos of you on adult web sites and that you must pay a ransom or they will send it to all of your contacts.

There might be malware underneath your morning texts ( The sneaky nature of such malware is dangerous as compared to many files, images rarely come under scanner for viruses.

Will hacked voting machines decide the 2020 election? (Fifth Domain) Experts are worried about vulnerabilities, but the government says it hasn't yet seen evidence of hacking.

New study suggests Trump's 2016 poll numbers rose after increased Russian troll farm tweets (TheHill) The Russian troll farms that carried out a sophisticated disinformation campaign on U.S.

How a grim Eurovision Song Contest cyber attack was prevented at last second (9News) As millions of people around the world tuned into this year’s Eurovision final in Tel Aviv, little did they...

Georgia court agency hacked in ransom attack (Atlanta Journal-Consitution) Malware infected computers at Georgia Administrative Office of the Courts, which shut down its website and applications to contain the hack.

Florida city fires IT employee after paying ransom demand last week | ZDNet (ZDNet) At least one head rolls after second Florida city pays gigantic ransom demand to ransomware gang.

Key Biscayne recovering from cyberattack after hackers hit a third city in Florida (Miami Herald) The village of Key Biscayne confirmed Thursday it had been hit by a cyberattack — the third Florida city this month to fall victim to outside hackers.

Hacker deletes entire student newspaper website of University of Ottawa (HackRead) A hacker or simply call them a cyber criminal hacked into the independent student newspaper of the University of Ottawa (uOttawa) “The Fulcrum” and ended up deleting the entire website early Sunday morning.

Facebook, YouTube Overrun With Bogus Cancer-Treatment Claims (Wall Street Journal) Facebook and YouTube are being flooded with scientifically dubious and potentially harmful information about alternative cancer treatments, which sometimes gets viewed millions of times, a Wall Street Journal examination found.

Security Patches, Mitigations, and Software Updates

Microsoft to Require Multi-Factor Authentication for Cloud Solution Providers (KrebsOnSecurity) It might be difficult to fathom how this isn’t already mandatory, but Microsoft Corp. says it will soon force all Cloud Solution Providers (CSPs) that help companies manage their Office365 accounts to use multi-factor authentication.

Cyber Trends

Analyzing Utilities Sector Cybersecurity Performance (BitSight) See what BitSight’s data science team learned when they analyzed the security performance of organizations in the utilities sector.

Survey: Americans Want to Protect Their Information, But Unsure Where to Start (Palo Alto Networks Blog) A new online survey from Palo Alto Networks and YouGov reveals that Americans are still confused about what it means to be safe on the internet.

Financial Industry Hit By Surging Numbers of Cyber-Incidents (Infosecurity Magazine) Retail banks were hit the hardest

Third parties contribute to 1000% increase in finance sector cyber-crimes (SC Magazine) Cyber-attacks reported in the UK financial service sector went up 1,000 percent since 2017, with third-party failures involved in 21 percent of incidents.

Nearly 20% of UK Children Exposed to Self-Harm Images Online (Infosecurity Magazine) There has been a year-on-year increase in the numbers and rates of police-recorded online child sexual offences in England, Wales and Northern Ireland


Keyfactor Acquires Spanish Digital Identity Firm Redtrust (Security Boulevard) Acquisition accelerates Keyfactor innovation, European expansion

Analysis | How Huawei Became a Target for Governments (Washington Post) Huawei Technologies Co., one of China’s most global companies, is increasingly in the crosshairs of the U.S. government and its Western allies, just as it’s pushing for a leadership role in the new wireless standard known as 5G. The telecommunications giant is facing multiple battles, including the arrest in Canada of its chief financial officer, criminal charges in the U.S. and the prospect of being banned from buying American-made components and shut out of infrastructure projects around the w

Telecom insiders detail hardships posed by Chinese technology ban (CSO Online) Banning Chinese Telecom vendors Huawei and ZTE creates fear, uncertainty and doubt as well as new supply chain security ideas among small telcos.

Bringing more talented individuals into the security industry (Help Net Security) In this interview, Tony Vizza, Director of Cybersecurity Advocacy, Asia-Pacific, (ISC)2, talks about the importance of developing security skills and more!

U.S. Army Picks ManTech for $21 Million Award to Advance Persistent Cyber Training Environment (PCTE) for Next Generation Cyber Warriors (Yahoo) ManTech (Nasdaq: MANT) today announced that it has won a three-year $21 million Other Transaction Agreement (OTA) award from the Department of.

UTC-Raytheon megadeal draws protest from second billionaire hedge-fund activist (Winston-Salem Journal) After supporting breaking United Technologies Corp. into three companies, a second billionaire hedge-fund activist has come out in opposition to the proposed merger of UTC and Raytheon.

Former Deputy Secretary of Defense Robert O. Work Joins SparkCognition Advisory Board (Yahoo) SparkCognition announced that Secretary Robert O. Work, former U.S. Deputy Secretary of Defense and Distinguished Senior Fellow for Defense and National Security at the Center for a New American Security (CNAS), has joined the company's Advisory Board.

Products, Services, and Solutions

Deep Instinct Updates Platform with Robust Deep Learning Cybersecurity for Google Chrome OS (Deep Instinct) Deep Instinct announces that it has added protection for the Chrome Operating System (Chrome OS) to its updated deep learning cybersecurity solution.

ID Incognito Launches - A Web App For Online Privacy (Yahoo) ID Incognito is a new web app dedicated to protecting your personal information online. The app was made in response to the growing need to provide personal information in order to use services online, specifically phone numbers and email addresses.

Bitdefender Delivers Proactive Attack Surface Reduction With Advanced Endpoint Risk Analytics (PR Newswire) Bitdefender, a global cybersecurity leader protecting over 500 million systems...

Singapore Government Announces Third HackerOne Bug Bounty Program to Reduce Risk, Boost Cybersecurity (Yahoo) HackerOne, the leading hacker-powered security platform, today announced it will partner with the Government Technology Agency of Singapore (GovTech) and the Cyber Security Agency of Singapore (CSA), to work with hackers from all over the world to further protect Singapore citizens by testing public-facing

Utimaco utilizes ISARA security solutions to offer the first commercial quantum-safe Hardware Security Module (Yahoo) Utimaco, one of the world’s largest manufacturers of Hardware Security Modules (HSMs) that provide the Root of Trust to numerous industries, and ISARA Corporation, the world’s leading provider of agile quantum-safe security solutions, today announced the world’s first commercial quantum-safe Hardware

Visure Solutions Launches New Comprehensive ALM Platform for Requirements Management (PR Newswire) Requirements management today is dominated by a first generation of rigid, heavy-to-use and multi-purpose legacy...

Opinion | What if All Your Slack Chats Were Leaked? (New York Times) Unless the company makes changes to its encryption and retention policies, using Slack could put your data at risk.

RSA taps Duo for New Zealand distribution (New Zealand Reseller News) Global cybersecurity company RSA​ has appointed Duo as distributor for its complete range of products in New Zealand.

Crowdsourced Security Testing that Puts Privacy First (IT Business Net) Synack Introduces First-of-its-Kind Workspaces with Endpoint Control to Support Privacy

Bitdefender Delivers Proactive Attack Surface Reduction With Advanced Endpoint Risk Analytics (Yahoo) The industry's first single-agent, single-console endpoint protection solution to combine risk analytics with advanced prevention and endpoint detection and response (EDR)

CyberX launches automated threat extraction platform (SecurityBrief) Unlike other traditional threat intelligence, Ganymede focuses on IoT/ICS/OT-specific threat intelligence for industrial and critical infrastructure organisations.

Technologies, Techniques, and Standards

How Europe's smallest nations are battling Russia's cyberattacks (Yahoo News) Earlier this year, the country of Berylia came under a coordinated cyberattack. For two days, hackers targeted the island nation’s power grid and public-safety infrastructure, while cyber experts from across Europe worked to counter the attacks. Of course, the island nation of Berylia is imaginary,

Austrian Banks Defend Themselves in First Cyber Attack War Games (Bloomberg) Austrian banks were found to be “by and large” well prepared to defend themselves from hacker attacks after the country’s financial regulator staged its first cyber war game.

Don’t Play the Victim: #HowTo Create a Ransomware Backup Plan (Infosecurity Magazine) Well managed data is easier to locate, utilize and update with the latest security policies

Privacy and Data Protection in Multimedia Apps (Infosecurity Magazine) The processing of sensitive data through multimedia apps poses significant risks to data security and privacy

How the healthcare industry can improve online trust (Help Net Security) Privacy on the internet is important in all industries, but none more so than the healthcare sector, which handles mass amounts of online health data

Stealth Attacks Require Stealth Responses (SIGNAL Magazine) Global, asymmetrical threats now dominate attacks on nations and businesses alike, and the enemy is not always immediately knowable, identifiable or even seen.

Business security in the age of malicious bots (Help Net Security) Malicious automated bots exploit legitimate application functionality, and they’re delivered at a scale to make them economically viable.

Design and Innovation

AI Powers ‘Self-Healing’ Technology (Wall Street Journal) Companies are tapping artificial intelligence to automate the care of their operations and information-technology infrastructure, finding that AI can identify and fix problems more quickly than humans.

Legislation, Policy, and Regulation

Analysis | The Cybersecurity 202: Trump administration did right thing with cyberattack against Iran, say experts (Washington Post) The digital strike sent a message without killing anyone.

Iran Breaches Critical Limit on Nuclear Fuel Set by 2015 Deal (New York Times) Tehran also signaled that it now intends to enrich its nuclear fuel stockpile to a purer level, a provocative action that could move the country closer to being able to use the fuel for a weapon.

US-Iran clash enters cyber realm and tests a Trump strategy (The Christian Science Monitor) As the U.S.-Iran confrontation moves into the cyber realm, in addition to the physical, it also helps make an argument for restraint.

Iran Strikes Back (The Cipher Brief) The Cipher Brief talks with expert and former Deputy Commander of cyber command Vince Stewart about Iran's capabilities in cyber

Major or Minor? Lawmakers Keep Close Eye on Huawei Concession (Wall Street Journal) President Trump’s decision to let Huawei buy technology equipment again from the U.S. is emerging as a fresh source of tension between the administration and Senate Republicans.

President: We need to boost cybersecurity capabilities (ERR) President Kersti Kaljulaid held a meeting with the National Defence Council on Monday, to discuss the future of the e-state. One significant conclusion arose, namely that the state needs to actively seek opportunities to increase cyber security and cryptography capabilities.

APRA puts boards on notice over cyber security (Which-50) Global and local regulation is helping to concentrate boards’ attention on cyber security risks, according to industry experts. From today boards of

How to Win Friends and Wage Jihad (Foreign Affairs) With its wealth of experience and web of historical relationships with regional powers, al Qaeda looks poised to capitalize on the chaos engulfing the Middle East.

People who misquote the Bible will have their comments deleted from Church's Facebook, says Archbishop  (The Telegraph) Churchgoers who misuse the Bible will have their comments deleted from posts on the official Church of England Facebook page, the Archbishop has said.

Can religion save us from the dark side of social media? (The Telegraph) It comes to something when the Archbishop of Canterbury, Justin Welby, is our most eloquent defender of truth.

US officials are talking about banning end-to-end encryption again | TheINQUIRER ( Oh no, not this again,Security ,Security,Friction,donald trump,USA,Privacy ,encryption

What is the CISA? How the new federal agency protects critical infrastructure (CSO Online) The Cybersecurity and Infrastructure Security Agency (CISA) is a new federal agency, created to protect the nation's critical infrastructure.

[Letter from Senator Warren and Representative Jayapal to FCC Commissioner Pai] (Congress of the United States) We write to request information from the Federal Communications Commission's (FCC), Communications Security, Reliability, and Interoperability Council ("CSRIC" or "Counsel"), and the extent to which that body may be inappropriately dominated by industry insiders.

Industry Influence on an FCC Advisory Panel (Project On Government Oversight) The Federal Communications Commission is supposed to help keep our communication networks secure. But its reliance on an industry-dominated group for cybersecurity advice undermines that mission.

Senate Has Spoken: Smart Crowdsourced Security American Security First (AiThority) Synack, the most trusted Crowdsourced Security Platform, commends the work of the U.S Senate which put the security of American citizens.

Deepfake revenge porn distribution now a crime in Virginia (Ars Technica) New text effective today adds "falsely created images" to state law.

Litigation, Investigation, and Law Enforcement

‘The enigma of the entire Mueller probe’: Focus on origins of Russian investigation puts spotlight on Maltese professor (Washington Post) Joseph Mifsud’s tip to a Trump adviser that the Russians had “dirt” on Hillary Clinton led to the opening of the counterintelligence probe, special counsel Robert S. Mueller III wrote in his report.

Tulsi Gabbard Says a Teen Hacked a Replica of an Election System. She’s Wrong (Vice) Election security is a real issue, but Gabbard is not helping by getting the facts wrong about a hack that was demonstrated at Def Con 2018.

Square Faces Lawsuit Over Misfired Medical Receipt (Wall Street Journal) A California man accused Square of violating privacy laws after the payments company mistakenly forwarded a digital receipt containing details of his medical history to one of his friends.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

RuhrSec 2020 (Bochum, Nordrhein-Westfalen, Germany, May 5 - 8, 2020) Since 2016, RuhrSec is the annual English speaking non-profit IT security conference with cutting-edge security talks by renowned experts. RuhrSec provides academic and industry talks, the typical University...

Upcoming Events

INTERPOL World 2019 (Singapore, July 2 - 4, 2019) INTERPOL World is a global co-creation opportunity which engages the public and private sectors in dialogue, and fosters collaboration to counter future security and policing challenges. INTERPOL World...

Minneapolis Cybersecurity Conference (Minneapolis, Minnesota, USA, July 11, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Insider Threat Program Development - Management Training Course (Mountain View, California, USA, July 15 - 16, 2019) The Insider Threat Defense Group will hold our highly sought after Insider Threat Program (ITP) Development - Management Training Course, in Mountain View, California, on July 15-16, 2019. This comprehensive...

Raleigh Cybersecurity Conference (Raleigh, North Carolina, USA, July 18, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Cybertech Midwest 2019 (Indianapolis, Indiana, USA, July 24 - 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.