skip navigation

More signal. Less noise.

Visit LookingGlass Cyber Solutions at BlackHat USA 2019

There are many weapons to choose from when it comes to cybersecurity solutions providers – and you must choose wisely. With LookingGlass Cyber Solutions as your security provider, its “Game Over” for threat actors trying to infiltrate your network. To learn more about our solutions, visit our experts at the LookingGlass Network & Chill Lounge, Mandalay Bay South, Palm A on level 3, August 7 & 8. Take a break from the hectic show floor for old school video games, happy hour from 3-7 PM, and a demo tailored to your organization’s security needs.

Daily briefing.

Anomali has described a Microsoft Office exploit "supply chain" being shared among at least five Chinese groups: Conimes, KeyBoy, Emissary Panda, Rancor, and Temp[dot]Trident. Specifically, they're all working the "Royal Road Rich Text Format (RTF) weaponizer," and using it to exploit CVE-2017-11882 and CVE-2018-0802.

Sodinokibi ransomware is using a Windows privilege-escalation bug, CVE-2018-8453, to gain admin access in its targets. As ZDNet notes, it's relatively unusual for ransomware to exploit a privilege-escalation vulnerability. But what's not unusual is this: the bug, patched in October 2018, moved from state exploitation to criminal exploitation. It came to light as a zero-day exploited by FruityArmor, a state-directed espionage crew active mostly against Middle Eastern targets.

BleepingComputer reports that the Silence gang was behind recent robberies of Bangladeshi banks. The gang's two core members are apparently Russian-speakers believed to be white hats gone rogue. Their crimes involve jackpotting by money mules.

Google's Project Zero has confirmed that under certain circumstances a malformed message can brick an iPhone. An affected device can be recovered, Forbes reports, but at the cost of losing data.

Forensic lab Eurofins is paying the extortionists who hit it with ransomware. The BBC says the amount is unknown but large; the Times puts it at "hundreds of thousands of pounds."

Hal Martin, the former NSA contractor convicted of unlawful retention of defense information, will have his sentencing hearing on July 17th. The Washington Post observes that his widely suspected connection, if any, to the ShadowBrokers leaks remains as obscure as ever.

Notes.

Today's issue includes events affecting Australia, Bangladesh, China, European Union, Hong Kong, Iran, Ireland, Kenya, Russia, Ukraine, United Kingdom, United States.

Bring your own context.

Not all criminal hacking is done for direct, Willie-Suttonesque reasons (that is, going where the money is). An indirect approach is often better in the long run.

"But if you consider, for example, a banka bank has a fairly large security budget. A marketing company, on the other hand, does not. It might be easier hacking a marketing tool or an analytics tool or a chat service than hacking a bank. But once you've hacked those, you've actually hacked the entirety of their users. Instead of spending your time hacking a bank, going through a big effort, you can hack a marketing tool that works with banks, and hack twenty banks with less effort, which will be, obviously, much more lucrative."

—Avital Grushcovski, co-founder of Source Defense, on the CyberWire Daily Podcast, 7.3.19.

Sometimes you go through the soft target as a means of getting to the hard target.

Modernizing security analytics and operations with SOAPA.

Security operations is held back by the compromises of existing security analytics solutions, and throwing more money and time at the problem isn’t helping. Instead, you are left dealing with an army of point tools, exponential data growth, lack of context... the list goes on.

It's time to take a new approach to security analytics - explore how Devo can help evolve your SOC in this report by ESG.

In today's podcast, out later this afternoon, we speak with our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin talks about the privacy concerns surrounding a shared bar patron database. Our guest, Derek E. Weeks from Sonotype, reviews supply chain security issues.

Cyber Security Summits: DC on July 16 and in Chicago on August 27 (Washington, DC, United States, July 16, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, The U.S. DOJ, Verizon, Center for Internet Security, IBM and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Passes are limited, secure yours today.

RSA Conference 2019 Asia Pacific & Japan (Singapore, Republic of Singapore, July 16 - 18, 2019) Join industry leaders and peers at the region’s leading cybersecurity event. Learn the latest issues and solutions, stay on top of new regulations, demo cutting-edge products, expand your skills and grow your personal network. Register now.

XM Cyber is coming to Black Hat (Las Vegas, Nevada, United States, August 3 - July 8, 2019) Visit XM Cyber at our booth 875, to experience the first fully automated APT simulation platform to Simulate, validate and remediate hackers’ path to organizational critical assets.

Wicked6 Cyber Games (Las Vegas, Nevada, United States, August 6, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.

Cyber Attacks, Threats, and Vulnerabilities

FireEye ties Microsoft Outlook exploit to Iranian hackers (ComputerWeekly.com) US Cyber Command has issued a warning that a patched Microsoft Outlook vulnerability is being exploited by unnamed threat actors, and recommended immediate patching

Suspected Iranian Cyber Attacks Show No Sign of Slowing (Defense One) As Iran and the U.S. trade cyber blows, a new warning shows that the online fight is likely to go on.

'Twas the night before (SecureList) Recently, the United States Cyber Command highlighted several VirusTotal uploads of theirs – and the executable objects relating to 2016 – 2017 NewsBeef/APT33 activity are interesting for a variety of reasons.

U.S. Military Satellites Likely Cyber Attacked By China Or Russia Or Both: Report (Forbes) A leading defense research organization has warned the U.S. and NATO that they can presume the satellites they rely on for military command and control have already been hacked and that China and Russia are already inside those core battlefield networks.

Anomali Uncovers Chinese APT Shared Supply Chain (West) Threat Actors Developing, Selling Exploits Used in Commodity Malware Campaigns

PGP Ecosystem Targeted in ‘Poisoning’ Attacks (Threatpost) Two researchers are being singled out in what are called PGP poising or flood attacks that render the authentication tool unusable for victims.

Silence Group Likely Behind Recent $3M Bangladesh Bank Heist (BleepingComputer) Attacks on banks in Bangladesh that caused losses of at least $3 million may be the work of the Silence hacker outfit, a relatively new, financially-motivated group.

Android malware returns and this time it will record what is on your screen, too (ZDNet) Malware which started life as a dropper is becoming more and more sophisticated.

Google Confirms Apple iPhone Bricking iMessage Bomb (Forbes) A simple iMessage can turn your iPhone into an unusable brick according to a Google security research project which has just disclosed the methodology behind the attack. Here's what you need to know, and what you need to do next to make sure your iPhone doesn't fall victim to this attack.

Issue 1826: iMessage: malformed message bricks iPhone (Project Zero) The method -[IMBalloonPluginDataSource individualPreviewSummary] in IMCore can throw an NSException due to a malformed message containing a property with key IMExtensionPayloadLocalizedDescriptionTextKey with a value that is not a NSString.

First-ever malware strain spotted abusing new DoH (DNS over HTTPS) protocol (ZDNet) Godlua, a Linux DDoS bot, is the first-ever malware strain seen using DoH to hide its DNS traffic.

Sodin Ransomware Exploits Windows Privilege Escalation Bug (Dark Reading) Exploitation of CVE-2018-8453 grants attackers the highest level of privileges on a target system.

Sodinokibi ransomware is now using a former Windows zero-day (ZDNet) Sodinokibi keeps evolving and shows why it's considered the next big threat on the ransomware scene.

WannaLocker targets banks in Brazil (Avast) Find out how Avast threat researcher Nikolaos Chrysaidos tracked a new version of malware that combines spyware, remote-access-Trojan malware, and banking Trojan malware

WannaLocker Malware Variant Combines Spyware, RAT, Banking Trojan (MSSP Alert) A new WannaLocker variant combines a mobile lookalike of WannaCry ransomware, spyware, remote-access-Trojan (RAT) malware & a banking Trojan in one package.

New Backdoor and Malware Downloader Used in TA505 Spam Campaigns (BleepingComputer) Several malicious spam campaigns are distributing new malware strains according to Trend Micro researchers, with the Gelup downloader and the FlowerPippi backdoor being used to attack targets from the Middle East, Japan, India, the Philippines, and Argentina.

Hacked forensic firm pays ransom after malware attack (the Guardian) Largest private provider Eurofins hands over undisclosed fee to regain control of systems

Forensic firm paid ransom after cyber-attack (BBC News) British police suspended work with Eurofins Scientific after it was hit by a ransomware attack in June.

Forensics giant Eurofins Scientific pays huge ransom in cyber attack (Times) The biggest supplier of forensic analysis services to the police and security services has paid hundreds of thousands of pounds to cyber-criminals to regain access to computer systems. Eurofins...

Someone Is Spamming and Breaking a Core Component of PGP’s Ecosystem (Vice) A new wave of spamming attacks on a core component of PGP’s ecosystem has highlighted a fundamental weakness in the whole ecosystem.

7-Eleven Japanese customers lose $500,000 due to mobile app flaw (ZDNet) Hackers exploit 7-Eleven's poorly designed password reset function to make unwanted charges on 900 customers' accounts.

Serious Security: Beware eBay scrapers promising to help you (Naked Security) Selling items online? Watch out for people who suddenly offer to help!

Industry Breach Alert Published by US National Trade Association ALTA (BleepingComputer) American Land Title Association (ALTA) published a warning about hundreds of title company records having been supposedly stolen as part of a phishing campaign targeting ALTA members.

Beware of Fake Microsoft OneNote Audio Note Phishing Emails (BleepingComputer) Phishing scammers are coming up with more innovative methods to convince their targets to provide login credentials. Such is the case with a new OneNote Audio Note phishing campaign that is currently underway.

The Logic of a Classic Advanced Persistent Threat Attack (HackRead) Advanced persistent threats (APTs) are increasingly targeting enterprise networks nowadays. This article highlights a recent attack against a large, well-protected Australian organization that entailed a major data breach.

Miami police body cam videos up for sale on the darkweb (Naked Security) Videos from Miami Police Department body cams were leaked and stored in unprotected, internet-facing databases, then sold on the darkweb.

FAI: No data leaked in cyber attack (Irish Examiner) The FAI says no data was extracted from its servers when its Abbottstown headquarters was hit by a cyber attack on the June bank holiday weekend.

Even Dropbox and Box aren't Safe (Menlo Security) Software as a service (SaaS) is changing the world, as nearly all new businesses use “as a service” solutions to ensure business productivity and seamless collaboration across different functions, both internally and externally to the organization.

Libra Cryptocurrency Scams Already Active Ahead Of 2020 Launch (BleepingComputer) No sooner had Facebook announced Libra cryptocurrency and the matching digital Calibra wallet that cybercriminals tried to get a head start on a new phishing theme.

Monero’s Recent Security Fix Could Have Gone Sideways (Inside Bitcoins) Tech security and disclosure platform HackerOne published a bombshell report which detailed the recent vulnerabilities disclosed by popular privacy coin Monero (XMR).

Vulnerability that allows an attacker to convince monero-wallet-cli that it received arbitrary amount of monero (HackerOne) By mining a specially crafted block, that still passes daemon verification an attacker can create a miner transaction that appears to the wallet to include sum of XMR picked by the attacker. It is our belief that this can be exploited to steal money from exchanges.

Cyberwar risk: Utilities fail to patch critical security vulnerabilities often enough (TechRepublic) The potential risks associated with compromised systems are severe. Given the prospects of a potential cyberwar, utilities should place a greater emphasis on security.

The Perfect Cybersecurity Storm Might Try to Torpedo Our Due Process (Homeland Security Today) A malicious actor would wait to hold onto an invaluable screenshot or file acquired from a hack and never repeat the process that led to the compromise.

The biggest concern for election security may be phishing (Fifth Domain) An election security official with the U.S. Department of Homeland Security on Tuesday warned top state election officials nationwide to safeguard against fraudulent emails targeting state and local election workers.

Someone is wrong on the Internet (TechCrunch) You wake up, and check your phone, and see a new condemnation. Some awful person has said something outrageously insulting. Something actually evil, if you think about it. Something that belittles, dehumanizes, and/or argues against the freedom and agency of a whole category of people. You add your…

Complaints about government imposter scams reach record high (Federal News Network) The Federal Trade Commission said complaints about scammers pretending to be from the government reached the highest levels on record this spring.

Complaints about Government Imposter Scams Reach Record High, According to New FTC Data (Federal Trade Commission) As the nation prepares to celebrate the Fourth of July, the Federal Trade Commission is reminding consumers that scammers are increasingly trying to make a buck by falsely claiming to be Uncle Sam.

Monero security flaw could’ve seen XMR stolen from cryptocurrency exchanges (Hard Fork | The Next Web) Monero devs have disclosed nine security vulnerabilities over the past two days - and some could have been outright devastating.

Canonical GitHub account hacked, Ubuntu source code safe (ZDNet) Ubuntu source code appears to be safe; however Canonical is investigating.

St. John Ambulance Hit By Ransomware Attack (Infosecurity Magazine) The attack was detected and resolved within half an hour

Atlanta area city scammed out of nearly $1 million (WXIA) A cybersecurity expert tells 11Alive he's not surprised - and shows us why.

MYOB data leak sprayed payments info to wrong workers (CRN Australia) Also reveals STP call centre blowout, backup and email glitches.

Don't forget about WannaCry: Hospitals are still at risk of cyber-attack (ZDNet) Despite the chaos caused by the WannaCry attack, healthcare systems are still at risk from attacks that could endanger patient safety say researchers, who are calling for more investment.

Huawei Disputes U.S. Cyber Firm’s Findings of Flaws in Gear (Wall Street Journal) Huawei has disputed the findings that said its gear is far more likely to contain flaws than equipment from rival companies, characterizing the analysis as incomplete and inaccurate.

Facebook resolves day-long outages across Instagram, WhatsApp, and Messenger (The Verge) There are problems loading images and more across Instagram, WhatsApp, and Messenger.

Facebook says brownout was its own fault (CRN Australia) 'Routine maintenance triggered an issue' says very trustworthy company.

It was a really bad month for the internet (TechCrunch) One month, at least seven major outages.

FBI Releases Warning on Sextortion Scams Targeting Teenagers (BleepingComputer) The U.S. Federal Bureau of Investigation (FBI) issued a warning on Twitter regarding sextortion campaigns used by scammers to target young people from all over the United States.

Maryland Agency Outlines Response to Cybersecurity Incident (NBC4 Washington) The Maryland Department of Labor has started notifying about 78,000 customers about potential unauthorized activity in two of its database systems.

What Is Credential Dumping? (WIRED) Modern network intrusions thrive on a counterintuitive trick: stealing passwords from computers that hackers have already compromised.

Security Patches, Mitigations, and Software Updates

Patch Android! July 2019 update fixes 9 critical flaws (Naked Security) Depending on when users receive it, this week’s Android’s July patch update will fix 33 security vulnerabilities, including 9 marked critical, and 24 marked high.

Tor Project to fix bug used for DDoS attacks on Onion sites for years (ZDNet) Tor vulnerability has been exploited for years and has been used for censorship, sabotage, and extortion of Onion sites.

Microsoft applies to join Linux security inner sanctum (MSPoweruser) Microsoft recently revealed that it runs more Linux than Windows 10 jobs on their Azure servers. Keeping all those instances secure is obviously very important which may explain why Microsoft has applied to join one of the most important Linux security mailing lists. The Linux-distros security list is a closed list for unreleased security issues …

Cyber Trends

What a future cyberwar will look like (Haaretz) The U.S., China and Russia are honing their cyberwarfare skills in anticipation of how the next conflict will be fought

Algorithmic Governance and Political Legitimacy - American Affairs Journal (American Affairs Journal) In ever more areas of life, algorithms are coming to substitute for judgment exercised by identifiable human beings who can be held to account. The rationale offered is that automated decision-making will be more reliable. But a further attraction is that it serves to insulate various forms of power from popular pressures. Our readiness to…

Cybersecurity Should Be Handled by Law Enforcement and Government, Report (Infosecurity Magazine) The study explored the attitudes towards new cybersecurity technologies

5G: the innovation that will shape all our lives for years to come (The Telegraph) It was a bombshell story.

Middle East firms fail to adopt behavioural analytics: Forcepoint (TahawulTech) Middle East firms are not using behavioural analytics to prevent cyber-attacks despite acknowledging its importance, a study by Forcepoint revealed.

Over Half of Employees Don't Adhere to Security Protocols (Infosecurity Magazine) Barracuda Networks has found that organizations are still not putting email security high on their priority list

Bitcoin eats as much energy as Switzerland (Naked Security) That’s around seven gigawatts, equal to 0.21% of the world’s supply: as much power as generated by seven Dungeness nuclear power plants.

UK Firms Hit By Attacks Every 50 Seconds. (Infosecurity Magazine) Beaming data reveals IoT and file-sharing services are most targeted

Cyber-attacks on Kenyan organizations rise to 11.2 million (CISO Magazine) The cyber intelligence team at CA has issued around 14,078 cyber threat advisories to the affected organizations in Kenya, which warned an increase from the 12,138 alerts in the last year.

Marketplace

World Economic Forum urges investors to prioritise cybersecurity (Verdict) Investors should be prioritising cybersecurity when deciding which companies to invest in, according to the World Economic Forum.

Broadcom Makes Progress on Symantec Deal With Financing, Savings (Bloomberg) Chipmaker plans bid valuing firm at over $22 billion with debt. Symantec’s ex-CEO, buyout firms also make long-shot pursuit.

National Security Concerns May Obstruct The United Technologies-Raytheon Merger (Seeking Alpha) Recently United Technologies and Raytheon have proposed to merge together in a massive deal far exceeding $100B.

Kaspersky appears to be outing APTs in subscription service (iTWire) Russian security firm Kaspersky — formerly Kaspersky Lab — appears to be providing details of campaigns by nation-state actors, including from the US,...

The critical shortage of cybersecurity expertise (Policy Options | Options Politiques) Canadian companies will soon feel the pain if the growing skills gap is not swiftly addressed with more coordinated training and education.

Mobile app security startup NowSecure raises $15 million (CISO Magazine) The company claims that its security software is powered by the industry’s most advanced static, dynamic, behavioral, interactive mobile app security, and privacy testing solutions

Exabeam buys Israeli cloud security firm SkyFormation (Reuters) California-based cybersecurity firm Exabeam said on Tuesday it acquired SkyForma...

Zscaler acquires Appsulate (Telecompaper) US cloud security company Zscaler acquired Appsulate, a cyber-security firm set up in 2016 by entrepreneurs Alex Negrea (Romania) and Uli Mittermaier (USA), according to Romanian publication startupcafe.ro citing Zscaler's financial report for Q3.

WISeKey launches share buyback programme (West) WISeKey launches share buyback programme

Kaspersky Complies With Kremlin Blacklist As Other VPN Services Remain Defiant (RadioFreeEurope/RadioLiberty) Russian cybersecurity company Kaspersky Lab has begun complying with restrictive Kremlin legislation on web use by blocking access for users of its VPN service to websites blacklisted by the Russian government, even as the company's foreign competitors refuse to comply.

‘Safe like China’ - In Argentina, ZTE finds eager buyer for surveillance tec (The Daily Star) In Argentina’s remote northern province of Jujuy, Chinese telecoms giant ZTE is installing a little slice of the Asian nation’s vast

STUDY: Leaked Huawei Resumes Reveal Extensive Ties To Chinese Intel Agencies (Daily Caller) Huawei staff acknowledged working with the country's military-backed cyber agencies in a trove of job resumes leaked online in 2018.

Professor uncovers key metric that puts Huawei and security risks back in spotlight (Yahoo) By looking at CVs, he made a discovery that supports concerns from the US government and others.

Huawei Technologies’ Links to Chinese State Security Services by Christopher Balding (SSRN) Using a unique dataset of CVs, this paper analyzes the relationship between key Huawei personnel and the Chinese state security services. Based upon an analysi

Huawei tries to Shake Off their Image of Secretly Working with the Chinese Government by Praising Apple's Stance on Privacy (Patently Apple) Huawei's CEO stated in a Financial Times report that Apple is his role model for privacy. While Huawei is caught up in investigations about their equipment possibly assisting Chinese Government hackers like 'APT 10' and a sting operation in Vegas during CES 2019, their CEO is trying to perform some badly needed PR. This is certainly one of the most interesting stories in tech in some time that could take years to ever resolve.

Report: All Four Major Mobile Networks in the UK Are Using Huawei 5G Gear (Gizmodo) UK telecoms aren’t taking warnings from U.S. intelligence agencies that telecommunications gear produced by Chinese tech giant Huawei could pose a security risk incredibly seriously, at least according to a report from the Observer, which reported on Saturday that all four major carriers in the country are currently or are planning on using Huawei networking gear for their rollout of next-generation 5G technology.

UK mobile operators ignore security fears over Huawei 5G (the Guardian) Firms pushing ahead with Chinese tech giant to set up new network

Vodafone bosses hopeful of removing block on Huawei 5G phone sales (The Telegraph) Vodafone bosses are hoping to add Huawei’s 5G smartphones to their line-up of devices within months after blocking them from the company’s launch event.

HP, Dell and Microsoft join electronics exodus from China (Nikkei Asian Review) Production shift to create new rivals for world's consumer tech factory

Akamai wants to win more cybersecurity contracts in Korea (Korea Times) Akamai Technologies, a U.S.-based content delivery and cloud service provider, is trying to secure more Korean companies in the cybersecurity sector, strengthening sales and marketing efforts here, the company said Wednesday.

CrowdStrike: An IPO With Explosive Growth (The Motley Fool) CrowdStrike has excited investors with strong sales growth. Can it continue to deliver?

NTT shrugs off Brexit to make UK base for global expansion (Nikkei Asian Review) Japanese telecom feels favorable taxes and talent make London ideal HQ

Dimension Data, IBM score Department of Human Services contracts (CRN Australia) $5.7 million for networking, storage equipment.

Tenable partner Penten Services wins Army security contract (CRN Australia) $2.2 million for secure comms and security response.

Booz Allen (BAH) Hits Fresh High: Is There Still Room to Run? (Yahoo) Booz Allen (BAH) is at a 52-week high, but can investors hope for more gains in the future? We take a look at the company's fundamentals for clues.

Take A Wait And See Approach With Rapid7 (Seeking Alpha) Rapid7 has transformed into a SaaS with 85% of revenues being recurring. The company is pioneering the Security Operations industry, but there is intense competition.

BlackBerry's Cybersecurity Unit Comes Under Investor Fire During the First Quarter (The Motley Fool) Results were pretty good, but the investor reaction certainly wasn’t.

Coalfire Rated a Top Workplace in Both Seattle and Washington, D.C. (Yahoo) Coalfire, a trusted provider of cybersecurity advisory and assessment services, announced today that the company has been named a Top Workplace in both Seattle, Wash. and Washington, D.C. for 2019. Coalfire placed 9th in Seattle Business Magazine'

Facebook eyed Lagarde and Osborne for global affairs post ahead of Clegg hire (The Telegraph) Both Christine Lagarde and George Osborne were considered to head up Facebook's global affairs and communications team before the social network settled on Nick Clegg, The Daily Telegraph understands.

Half-billion dollars for day’s work a month at Facebook for Whatsapp co-founder Jan Koum (Times) To say that Jan Koum has a decent work-life balance is an understatement. He works one day a month at Facebook HQ in California and banks close to half a billion dollars every financial quarter.

Products, Services, and Solutions

Hackers Help Strengthen Consumer Safety by Reporting Security Weaknesses (BusinessWire) HackerOne, the leading hacker-powered security platform, today announced the results of a Live Hacking event held in London earlier this month. For th

Bitdefender Delivers Proactive with Advanced Endpoint Risk Analytics (AiThority) Bitdefender, a global cybersecurity leader protecting over 500 Million systems across 150 countries, announced the security risk analytics and hardening

New Internet Alerting Service Provides Early Warning Intelligence For Cyber Threats (ABC7) BorderHawk CyberSecurity today announced general availability of its Klieglight Cyber Media alerting service that provides early warning intelligence for potential cyber threats.

Technologies, Techniques, and Standards

What the Pentagon learned from Cyber Lightning 2019 (Fifth Domain) The Department of Defense’s cyber leaders are using a spring exercise – where for the first time multiple teams helped commanders understand their cyber options in theater – as a way to better work together in future conflicts.

Cyber Flag Exercise Focuses on Partnerships (U.S. DEPARTMENT OF DEFENSE) More than 650 cyber professionals from across the Defense Department, other federal agencies and partner nations joined together for Cyber Flag 19-1, a weeklong cyber exercise designed to enhance

Defending Downwind as the Cyberwar Heats up (SecurityWeek) While global corporations have been targeted by Iran-linked threat actors, the escalating tensions in recent weeks will inevitably bring more repercussions as tools and tactics change with new strategic goals.

Unencrypted Data: A Villain in Disguise (Channel Futures) Barracuda notes that data breaches are on the rise, and new threats are emerging every week. These cyberattacks harm companies and consumers, and their cost is rapidly rising.

Disaster recovery readiness is essential for hybrid and multi-cloud strategies (Help Net Security) Teradici has released the results of a new study of IT professionals on what drives their hybrid and multicloud strategies.

Migrations represent the number one challenge for database professionals (Help Net Security) Migrations are now the number one challenge facing database professionals, The 2019 State of SQL Server Monitoring Report from Redgate reveals.

How Do State Governments Protect Your Personal Information? (Password Protected) Government agencies necessarily hold reams of personal information on individuals. What happens when a privacy breach originates from a government agency?

Black Hat Q&A: Understanding NSA's Quest to Open Source Ghidra (Dark Reading) National Security Agency researcher Brian Knighton previews his October Black Hat USA talk on the evolution of Ghidra.

CSOs should look to orchestration, automation to bridge security policy, information silos (CSO) Security orchestration, automation and response (SOAR) may have only emerged as an industry buzzword a little over a year ago, but the integrSecurity orchestration, automation and response (SOAR) may have only emerged as an industry buzzword a little over a year ago, but the integration and automation that lie at its core have rapidly gained currency with CSOs whose roles increasingly involve unifying silos of security information and translating them into action.

Why are they “smart” locks if more money buys you less security? (Naked Security) Smart locks are cool and useful – but they are also a great reminder that cybersecurity is all about value, not cost.

Understanding Elliptic Curve Cryptography And Embedded Security (Hackaday) We all know the usual jokes about the ‘S’ in ‘IoT’ standing for ‘Security’. It’s hardly a secret that security in embedded, networked devices (‘IoT d…

Hackers Assist in Strengthening Consumer Safety by Reporting Security Weaknesses (CloudWedge) While this may still seem unbelievable, HackerOne, the leading hacker-powered security platform, today revealed the outcome of a Live Hacking event which

5 tips to stay secure on social media (Naked Security) Social media isn’t for everyone, but lots of us love it – so here’s how to be in it and win it.

Summer Scam Alerts: Don't Let Crooks Wreck Your Family Travel Plans | McAfee Blogs (McAfee Blogs) While our click-and-pay digital lifestyle makes accessing travel and entertainment more convenient, for every app or website we loop into our travel This summer, be mindful that while you intend to relax and unwind a little, cybercriminals are working overtime to catch consumers off guard. Here are just a few of the latest travel scams that could affect your family this summer and tips on how to amp your security.

Design and Innovation

‘If you don’t understand attacks, you can’t develop effective countermeasures’ (The Daily Swig | Web security digest) F-Secure’s Countercept division is harnessing offensive techniques to develop better defenses

Anti-virus software makers build-in signatures to detect Chinese government malware (Computing) Avast, Check Point, McAfee, Symantec and Malwarebytes rush to build defences against Chinese government smartphone spyware

Apple Users Warned About iOS 13 Security And Privacy Problem (Forbes) Apple wants iOS 13 to be the most private and secure operating system to date. However, some security professionals and industry bodies are claiming it might expose users to greater security and privacy risk. Here's why…

Twitter's Disinformation Data Dumps Are Helpful—to a Point (WIRED) Twitter has released 30 million tweets from state-sponsored disinformation accounts. Researchers say the trove is useful, but they want more transparency.

YouTube Hacking Video Ban Sparks Outrage (Forbes) The removal of a legitimate hacking video has led many to question a new YouTube content policy. Here’s what happened

"Easier access to data for building ML/AI solutions can become the turning point of cybersecurity," says former Head of IDF's Cyber Department (VMblog) Col. Ret. Zohar Rozenberg, VP Cyber Investments at Elron, spoke in the 3rd International Symposium on Cyber Security Cryptology and Machine learning, about the opportunities and challenges associated with ML/AI based cyber security solutions

Read Statuses (Superhuman) I’m Rahul Vohra, founder and CEO of Superhuman. Over the last 24 hours, we have seen vigorous debate on pixel tracking within email, also…

Editorial: Civility crucial in cyberspace (The Augusta Chronicle) Manners matter.Perhaps polite behavior gets drilled a bit deeper into us here in the South - saying "sir" and "ma'am," for example.Or

Penetration testing takes on new meaning when cyber meets Harlequin (Ars Technica) What happens when a romance writer takes on the cybers? Unintentional hilarity.

Research and Development

Terahertz light waves can accelerate supercurrents for quantum computing, claim scientists (Computing) Professor Jigang Wang at Iowa State University also researching macroscopic supercurrent flowing states to create quantum controls

Shadow Politics: Meet the Digital Sleuth Exposing Fake News (WIRED) Buried in media scholar Jonathan Albright's research was proof of a massive political misinformation campaign. Now he's taking on the the world's biggest platforms before it's too late.

Quick Heal 1st Indian firm to get US patent for anti-ransomware tech (Zee Business) "The cutting-edge anti-ransomware technology is capable of providing advanced protection against the rising threat of ransomware to consumers` digital devices and enterprise endpoints," said Sanjay Katkar, Joint Managing Director and Chief Technology Officer, Quick Heal Technologies.

Google Chrome to Unload Heavy Ads With Intensive Resource Usage (BleepingComputer) Google is currently working on adding a new feature to the Chrome web browser designed to automatically unload ad iframes which use an outrageous amount of system resources in an effort to shrink the browser's CPU and network footprint.

Legislation, Policy, and Regulation

UN expert calls for ‘moratorium’ on spy and suveilance tech sales (ARYNEWS) UN expert calls for “an immediate moratorium” on sales of spying technology until rules for companies selling products violating human rights made.

We must deter Russian cyberattacks to prevent a digital Cold War (USA TODAY) Attacks against civilian infrastructure will only lead to escalation and bolster authoritarian internet policies.

Column: Fighting and winning the undeclared cyber war (The Augusta Chronicle) “War is no longer declared,” wrote Austrian poet Ingeborg Bachmann.Cyber warfare is transforming this line of poetry into reality.American

Op-ed: The danger of trusting gut instincts to decide whether a military action is proportional (Navy Times) The authors say that President Donald Trump's decision to call off a strike on Iran at the last minute may have been the right one. But years of research on valuing human lives, conducted by us and many others, make a compelling case that deciding what is proportional based on gut feelings is a profound mistake.

Stuxnet, American Sanctions, and Cyberwar Are Legitimizing Iranian Internet Controls (Vice) The anxiety about cyberattacks and the perceived need for greater control in the wake of American economic sanctions has led to a loss of internet freedom in Iran.

Pressure builds on Europe to join US sanctions against Iran (Times) Europe was facing calls last night to join the US in reimposing sanctions on Iran after Tehran announced that it had exceeded the limits for uranium enrichment set down in the 2015 nuclear deal. It...

Cyber Warfare Threat Rises As Iran And China Agree 'United Front' Against U.S. (Forbes) Iran and China have agreed to collaborate in the cybersecurity domain against the U.S. This potential combination of China's cyber expertise with Iran's thirst for action and escalation should now be a genuine concern.

EU opens road to 5G connected cars in boost to BMW, Qualcomm (Reuters) European Union states opened the way to competing technologies for internet conn...

Article 19 launches campaign calling for more transparency and accountability around online content removal (Index on Censorship) “Are social media companies publishers or platforms?” Juliet Oosthuysen, who was recently banned from Twitter for expressing an opinion regarding the UK’s Gender Recognition Act, asked at a panel discussion organised by Article 19

‘Prospective Threat’ of Chinese Spying Justifies Huawei Ban, U.S. Says (New York Times) Government lawyers argued in a court filing this week that proof of wrongdoing by the Chinese tech giant was not required to justify barring federal agencies from using its gear.

Vodafone CEO warns against Huawei ban as Johnson wades into debate (New Statesman Tech) Vodafone UK boss Nick Jeffery has warned that Britain will lose its position as a leader in 5G if it issues an outright ban on Huawei's telecoms equipment. Jeffery's remarks came as Boris Johnson hint

Huawei ‘not contacted’ by State cyber security audit (Irish Examiner) The Chinese telecoms giant battling claims it poses a security risk has said it has not been contacted by the Irish agency conducting a security review of proposed 5G systems.

Trump’s latest Huawei announcement has left US companies in limbo (The Verge) There are still big questions about the president’s latest announcement.

The national security risk no one is talking about (TheHill) Preventing fraud can be done without collecting the personal information of every American investor and serving it up to America’s adversaries in a single all-you-can-steal database.

Kaspersky calls for limits on forced source-code disclosure (Computerworld) Security software vendor Kaspersky has called for the government to introduce limits on the potential compelled disclosure of source code under the regime introduced by the Telecommunications and Other Legislation Amendment (Assistance and Access) Act (TOLA Act).

Cyberattack Attribution and the Virtues of Decentralization (Just Security) Non-governmental entities have an important role to play in the complex task of attributing cyber operations.

Sen. Rubio touts DHS cybersecurity resources (Homeland Preparedness News) Sen. Marco Rubio (R-FL) is encouraging Florida League of Cities and Florida Association of Counties officials to take advantage of Department of Homeland Security (DHS) resources to bolster cybersecurity efforts.

Bipartisan bill would mandate DHS to keep a close eye on deepfakes (FedScoop) A bipartisan bill making its way through Congress would require the Department of Homeland Security to keep its eye on deepfakes content and technologies used to create it. Under the”Deepfakes Report Act of 2019,” the secretary of homeland security would need to file reports every 18 months on the national security impacts of deepfake content — fake …

Connectivity becomes too dangerous: Putting manual security back into the grid (Resilience) The U.S. Senate passed a bill last week that would form a government-industry working group to "examine ways to replace automated systems with low-tech redundancies, like manual procedures controlled by human operators." ... If we truly want long-term solutions to the problems that vex us in our increasingly high-tech society, then we will have to look elsewhere than the technologists.

U.K. proposal to 'Bcc' law enforcement on messaging apps threatens global privacy (The Conversation) A recent proposal by the United Kingdom's Government Communications Headquarters agency suggests building in law enforcement access to encrypted communications. This has implications for users' digital rights and privacy.

Boris Johnson denies No 10 tried to block his access to intelligence (the Guardian) Tory frontrunner says reports of an effort to keep sensitive information from him as foreign secretary are untrue

What the ransomware attack debate is missing (TheHill) The threat environment will only get worse for state and local governments unless Congress acts now to help them.

Is Europe winning the argument on how to regulate big tech? (The Telegraph) It was not a statement one would expect to hear from the head of a huge Silicon Valley company.

How to Protect Our Kids' Data and Privacy (WIRED) Opinion: Kids today have an online presence starting at birth, which raises a host of legal and ethical concerns. We desperately need a new data protection framework.

Will California’s New Bot Law Strengthen Democracy? (The New Yorker) California is the first state to try to reduce the power of bots by requiring that they reveal their “artificial identity” when they are used to sell a product or influence a voter.

Michigan Bill Would Ban ‘Viewpoint Discrimination’ By Facebook, Google (Michgan Capital Confidential) ‘Social media networks are the new public square’

Elections official reveals Nebraska bought more cyber intrusion-detection technology (KETV) Ahead of 2020 voting, Nebraska's head of elections calls for 'sustainability' in federal security funding

Litigation, Investigation, and Law Enforcement

Apple Transparency Report Now Includes App Store Takedown Request (Threatpost) Apple report now includes data on requests by governments to take down apps from the tech giants app store.

Mystery of NSA leak lingers as stolen document case winds up (Washington Post) A high-profile raid at the home of a National Security Agency contractor seemed to be linked to the devastating leak of U.S. government hacking tools, but three years later, with the case close to being resolved, whoever was behind the leak is a mystery

Cyber attack: ‘worm could kill post’ (The Australian) Australia Post has been found to be “not cyber resilient” by the nation­’s Auditor-General, who ruled that the key government business enterprise had failed to effectively manage risks.

Eight Arrested Over Cyberattacks Against Hong Kong Police (SecurityWeek) Hong Kong police have arrested eight people for stealing and disclosing personal information of officers online, as the city grapples with the aftermath of unprecedented anti-government protests that saw its parliament ransacked.

British Airways faces record £183m fine for data breach (BBC News) The airline is contesting the penalty imposed by the watchdog after hackers breached its IT systems.

British Airways set to be fined £183m for customer data breach (Evening Standard) British Airways is set to be fined more than £183 million over a customer data breach. The total proposed fine of £183.39 million would be the biggest penalty ever issued by the ICO​. It is the equivalent of 1.5% of BA's global turnover for the financial year ending December 31. The fine relates to the theft of customers' personal and financial information between June 2018 and September 2018 from the website ba.com and the airline's mobile app.

ICO statement: Intention to fine British Airways £183.39m under GDPR for data breach (Information Commissioner's Office) Following an extensive investigation the ICO has issued a notice of its intention to fine British Airways £183.39M for infringements of the General Data Protection Regulation (GDPR).

Sir Kim Darroch: Leak inquiry launched over ambassador’s ‘inept Trump’ cable (Times) The Foreign Office has begun an inquiry into the leak of diplomatic cables in which Britain’s ambassador to the United States labelled the Trump administration “inept”. Several confidential memos...

'Everyone talks about the ethics of AI, but don't forget the law,' says Dr Kuan Hon (Computing) Legal expert warns industry to remember the law as it applies to AI, especially GDPR

Exclusive: FBI Investigates Leak Of 1,000 Pages Of ‘Top Secret’ Air Force Intelligence (Forbes) Police go in search of an Air Force employee they suspected was growing marijuana. They claim to have found not only weed, but classified, highly-sensitive intelligence files in the employee's home too.

Engineer faces 219 years in prison for smuggling US military chips to China (ZDNet) The chips have been used by DARPA and the US Air Force.

Google and Facebook under scrutiny over UK ad market dominance (the Guardian) Competition watchdog to investigate potential abuse of power and control of user data

Google begins showing British Android users rival search engines to appease EU regulators (The Telegraph) Google has begun asking British smartphone users whether they would like to switch to rival search engines in a bid to appease European regulators.

Hacker Who Disrupted Sony Gaming Firm Gets Federal Prison (SecurityWeek) Hacker who disrupted online gaming services such as the Sony PlayStation Network, Steam, Xbox, EA, Riot Games, and Nintendo with DDoS attacks sentenced to prison.

Police charge man with telco sabotage (CRN Australia) Allegedly cut cables then made fraudulent EFTPOS transactions.

NSA Subcontractor Pleads Guilty To Submitting More Than $220K In False Time Worked On Government Projects (CBS Baltimore) A former National Security Agency subcontractor pleaded guilty Tuesday to submitting more than $220,000 in false claims for hours he didn't work on government projects.

Front-end dev cops to billing NSA $220,000 for hours he didn't work (Register) Scam undone by key card and timecard logs

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Minneapolis Cybersecurity Conference (Minneapolis, Minnesota, USA, July 11, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Insider Threat Program Development - Management Training Course (Mountain View, California, USA, July 15 - 16, 2019) The Insider Threat Defense Group will hold our highly sought after Insider Threat Program (ITP) Development - Management Training Course, in Mountain View, California, on July 15-16, 2019. This comprehensive...

Raleigh Cybersecurity Conference (Raleigh, North Carolina, USA, July 18, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Cybertech Midwest 2019 (Indianapolis, Indiana, USA, July 24 - 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...

Smoky Mountain Bigfoot Conference (Gaitlinsburg, Tennessee, USA, July 27, 2019) Join us for the first ever Smoky Mountain Bigfoot Conference. We have some of America's most experienced Bigfoot researchers and investigators including Cliff Barackman, Bigfoot Field Researcher and co-host...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.