skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

Take a survey. Win swell prizes.

We'd like to improve the quality, relevance and overall value of the CyberWire’s content, and so we’ve put together a short audience survey that should take five minutes or less to complete. This survey is (obviously, we needn't add, but will) completely voluntary, anonymous and confidential. Click here to take our survey and look for your chance to win some official CyberWire swag at the end.

Cisco's Talos group describes a threat campaign they're calling "Frankenstein," because the hoods behind it stitched their effort together from a bunch of disparate open-source tools. Active between January and April of this year, Frankenstein's operators gained entrance into their targets by phishing with Trojanized documents.

ZDNet says Hollywood's lying to us. In the movies, the hacker scowls, taps vigorously at the keyboard, and says "I'm in!" Bitdefender's look at the Carbanak gang reveals, instead, months of preparation before the crooks hit the bank.

CyberScoop reports that a second member of Congress, Maryland Senator Van Hollen, has joined his House colleague, Representative Ruppersberger, to announce that the Government is confident EternalBlue wasn't involved in the Baltimore ransomware attack.

Huawei's chairman Liang Hua accused the US of "acting inappropriately" toward his company, NPR reports, but then proffered dove with an olive branch: the same kind of no-spy deal Shenzhen has dangled before Germany and the UK. This dove seems unlikely to fly in Washington, given Huawei's reputation with respect to non-disclosure agreements and partners' IP.

The US Government has released its Data Strategy.

Don't believe Microsoft about the importance of patching legacy versions of Windows against the BlueKeep RDP vulnerability? Maybe you'll believe NSA's Central Security Service? They think you should patch, too.

Crescat noticia, vita non excolatur: University of Chicago Medicine has apparently left data of almost 1.7 million donors and prospective donors exposed online, Security Discovery says. The University secured the database and thanked the discoverer for the tip.

Notes.

Today's issue includes events affecting Australia, Iran, United States.

Bring your own context.

We like it, but is it art? 

"Mr. Guo first achieved some éclat in the art world though a performance piece in 2017 in which he rode a Segway around Brooklyn while leading or being led by a hipster on a leash. We looked up images of the work, called "Hipster on a Leash," and we're sorry to report that, for one, the hipster hardly seems to qualify as a hipster because his shorts, sunglasses and short-sleeved shirt look a lot more like routine New York tourist apparel. So we're reluctantly calling BS on the whole hipster thing, which is dragsville if hipsters actually even exist."

—The CyberWire, meditating on art in a Tolstoian mood, in the Daily Podcast for 06.03.19.

The work that followed "Hipster on a Leash" is, of course, "The Persistence of Chaos," a steal a $1.3 million. You lookin' for chaos? We got some persisting right downtown in Baltimore, hon, but it's not for cheap.

Get the In-Depth Guide to Operationalizing Threat Intelligence.

Threat intelligence is critical but often difficult to manage, automate, or operationalize. Threat Intelligence Gateways are an exciting, emerging network security technology that take the heavy lifting out of making threat intelligence actionable, operational, and useful. Learn about how this technology is turning threat intelligence into action to block threats at scale in the whitepaper, Operationalizing Threat Intelligence: An In-Depth Guide to Threat Intelligence Gateways.

In today's podcast, out later this afternoon, we speak with our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin discusses those secret tracking pixels the Navy Times found in an email from a Navy JAG. Tamika Smith speaks with Ariana Mirian from the University of California San Diego on their research into the Hacker for Hire market.

Cyber Howard Conference (Columbia, Maryland, United States, June 19, 2019) Join us for our 10th annual cyber conference in Howard County. We will tackle the topic of Cyber Sensemaking which is a fluid and continuous approach for establishing better defenses and best practices as a cyber community.

Cyber Warrior Women Summer Social: Sip and Paint (Columbia, Maryland, United States, August 21, 2019) Join the Cybersecurity Association of Maryland, Inc. (CAMI) for the annual Cyber Warrior Women Summer Social, an all-about-fun-and-networking event! We're adding an artistic element to this year's event with a wine glass painting exercise. No previous art experience required.

Cyber Attacks, Threats, and Vulnerabilities

iOS app developers taking shortcuts on security (Wandera) Despite developers having a mandate from Apple to build end-to-end encryption into their apps, a high number of apps do not. Apple even offers a feature that helps developers comply with data privacy requirements, and our data shows that this isn't being used properly. To understand how app develope

Twitterbots: Anatomy of a Propaganda Campaign (Symantec) Internet Research Agency archive reveals a vast, coordinated campaign that was incredibly successful at pushing out and amplifying its messages.

Attackers Stitch Together Frankenstein Campaign Using Free Tools (BleepingComputer) Threat actors behind a highly-targeted series of cyber attacks spanning from January to April 2019 have been seen employing malicious tools built using freely available components to infect victims with malware designed to harvest credentials.

It's alive: Threat actors cobble together open-source pieces into monstrous Frankenstein campaign (Cisco Talos) Cisco Talos recently identified a series of documents that we believe are part of a coordinated series of cyber attacks that we are calling the "Frankenstein" campaign.

Method used in European bank breach ties attack to FIN7 group (Computing) FIN7 is known for primarily targeting payment-card and other financial data using the Carbanak backdoot.

Hollywood lie: Bank hacks take months, not seconds (ZDNet) A modern bank cyber-heist is methodically planned and usually takes months.

An APT Blueprint: Gaining New Visibility into Financial Threats (Bitdefender Labs) This new Bitdefender forensic investigation reveals a complete attack timeline and behavior of a notorious financial cybercriminal group, known as Carbanak. In mid-2018, Bitdefender researchers investigated a targeted attack on an Eastern European financial... #bitdefenderresearch #Carbanak #cobalt

Hackers Can Bypass Windows Lockscreen on Remote Desktop Sessions (SecurityWeek) NLA feature of Windows Remote Desktop Services can allow a hacker to bypass the lockscreen on remote sessions and there is no patch from Microsoft, CERT/CC warns.

Top Australian University Reports Vast, 'Sophisticated' Hack (SecurityWeek) A top Australian university with close ties to the country's government and security services on Tuesday said it had been the victim of a vast hack by a "sophisticated operator" who gained access to 19 years of sensitive data.

Privilege Escalation Vulnerability Found in Rapid7 InsightIDR (SecurityWeek) An easy-to-exploit local privilege escalation vulnerability has been found and patched in Rapid7’s InsightIDR intruder analytics solution.

Opinion | The State Department has been funding trolls. I’m one of their targets. (Washington Post) Programs that fight the spread of falsehoods and propaganda shouldn’t combat lies with other lies — and certainly not with public funds.

BlueKeep: cybercriminals scanning for the latest Windows vulnerability (Panda Security Mediacenter) A threat intelligence company has announced that it has started to detect scans looking for Windows systems with the BlueKeep vulnerability.

Geutebrück G-Cam and G-Code (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 7.2ATTENTION: Exploitable remotely/low skill level to exploitVendor: GeutebrückEquipment: G-Cam and G-CodeVulnerabilities: Cross-site Scripting, OS Command Injection2. RISK EVALUATIONSuccessful exploitation of these vulnerabilities could allow remote code execution as root and remote code execution in the browser of the IP camera operator.

PHOENIX CONTACT FL NAT SMx (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 8.8ATTENTION: Exploitable remotely/low skill level to exploitVendor: Phoenix ContactEquipment: FL NAT SMxVulnerability: Improper Access Control2. RISK EVALUATIONSuccessful exploitation of this vulnerability could allow unauthorized users full access to the device configuration.

PHOENIX CONTACT PLCNext AXC F 2152 (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 7.6ATTENTION: Exploitable remotely/low skill level to exploitVendor: Phoenix ContactEquipment: PLCNext AXC F 2152Vulnerabilities: Key Management Errors, Improper Access Control, Man-in-the-Middle, Using Component with Known Vulnerabilities2.

Cost of Baltimore ransomware attack so far: $18 million (Maryland Daily Record) Sheryl Goldstein Nearly a month after a ransomware attack crippled Baltimore government computer systems, only about 35% of city employees' access is restored and the invasion has cost the city roughly $18 million. The city's technology department created a "safe environment" to start bringing systems back online, said Sheryl Goldstein, the mayor's deputy chief of staff for operations, who is overseeing the recovery. It's hoped that 90% of Baltimore's 10,000 employees will have access to the city's network by the end of the week.

Authorities investigating claim that Baltimore ransomware group leaked documents to Twitter (Baltimore Sun) Baltimore and federal authorities are investigating documents posted to a Twitter account tied to the hackers behind the ransomware attack, a spokesman said.

Baltimore anticipates 90 percent recovery from ransomware by week’s end (StateScoop) Baltimore officials say the city is steadily recovering from the May 7 cyberattack by the RobbinHood virus, sticking to an estimate of $18 million in damages.

Robbinhood: Inside the Ransomware That Slammed Baltimore (Dark Reading) Attackers appear to have used a ransomware-as-a-service platform to wage the attack.

Sen. Van Hollen: Government sees no EternalBlue in Baltimore ransomware attack - CyberScoop (CyberScoop) A second lawmaker from Maryland now says it doesn’t appear that the ransomware attack in Baltimore relied on a stolen National Security Agency exploit, EternalBlue. “It’s the federal government’s view that EternalBlue was not involved in the ransomware attack in Baltimore City,” Democratic Sen. Chris Van Hollen told CyberScoop on Monday following a briefing on Capitol Hill from NSA officials.

A Password Cracking Dictionary Found Online (Information Security Buzz) A big password cracking dictionary (1,493,677,782 words, 15GB) with every wordlist, dictionary, and password database leak found on the internet.  Expert Comments:   Jake Moore, Security Specialist at ESET:  “This is an enormous database of passwords available to anyone who may want to get their hands on it. This shouldn’t be shrugged off as just another breach. When passwords …

Millions Stolen by Hackers Shows Vulnerability of Mexico's Banks (InSight Crime) Hackers infiltrated Mexico’s banking system to transfer millions of dollars to bogus accounts and then made ATM machines shell out the cash, in a case that

Private Info of Over 1.5M Donors Exposed by UChicago Medicine (BleepingComputer) The personal information of more than 1,6 million potential and existing University of Chicago Medicine donors were exposed by a misconfigured and unprotected ElasticSearch server left open on the Internet without a password.

Some Luzerne County computer servers set for reactivation today following cyber attack (Times Leader) Some Luzerne County government computer servers targeted in a cyber attack should be cleared and reactivated today, county Administrative Services Division Head David Parsnik said Tuesday.

‘Jeopardy!’ producer: ‘Appropriate’ action planned after leak of James Holzhauer’s loss (Washington Post) After the "pirated" clip circulated on social media, executive producer Harry Friedman says the show has probably identified the culprit.

Security Patches, Mitigations, and Software Updates

NSA Cybersecurity Advisory: Patch Remote Desktop Services on Legacy Versions of Windows (National Security Agency | Central Security Service) NSA advisory urging Microsoft Windows administrators and users to ensure they are using a patched and updated system in the face of growing cybersecurity threats.

Apple Unveils Privacy-Focused Authentication System (SecurityWeek) Apple announces “Sign in with Apple,” a new authentication system advertised as fast, secure and privacy friendly, but some experts are skeptical.

Apple Backs Off Crackdown on Parental-Control Apps (New York Times) The iPhone maker acted as tech giants faced more scrutiny over what critics argue is anticompetitive behavior.

Experts weigh in on Apple's private sign-in feature (Engadget) We spoke to security and privacy experts about Sign in with Apple.

Cyber Trends

Hollywood lie: Bank hacks take months, not seconds (ZDNet) A modern bank cyber-heist is methodically planned and usually takes months.

Only one in 20 vulnerabilities are exploited in the wild, claim researchers (Computing) Of 76,000 security flaws unearthed between 2009 and 2018, only 4,183 were exploited in the wilds by attackers.

ForgeRock U.S. Consumer Data Breach Report: Data breaches cost $654 billion in 2018, 2.8 billion consumer records exposed (West) Financial services suffered $6.2 billion in damage from cyberattacks in Q1 2019, up from $8 million in Q1 2018

Is AI fundamental to the future of cybersecurity? (Help Net Security) 69% of SMEs will implement AI security solutions in the next five years, with 44% of SMEs planning to invest in AI/ML defense in the immediate future.

How organizations are managing vulnerability risks (Help Net Security) Tripwire evaluated how organizations are managing vulnerability risks and found that more than one in four (27 percent) globally have been breached as a

Why do the same vulnerabilities keep showing up? (SD Times) Creator of the OWASP Top Ten list expresses disappointment after 16 years when it comes to security

Marketplace

Why four security companies just sold for $1.5B (TechCrunch) If you’re thinking about starting a technology company, you may want to consider focusing on cybersecurity. Last week was an incredible M&A whirlwind with four security companies getting acquired over just a three-day period: On Tuesday, FireEye bought Verodin, a five-year-old startup tha…

Top Russian Internet Firm Reportedly Under Pressure on Data (SecurityWeek) Russian internet company Yandex said that it's committed to data privacy as it responded to reports that the national intelligence agency is pressuring it into handing over encryption keys.

Norsk Hydro core profit better than expected despite cyber attack (Reuters) Norsk Hydro reported an 82% fall in first-quarter underlying profit on Wednesday...

Imperva to Acquire Distil Networks, the Industry-Recognized Leader in Bot Management (BusinessWire) The global leader in press release distribution and regulatory disclosure. Public relations and investor relations professionals rely on Business Wire for broad-based and targeted market reach.

SentinelOne Announces $120M Series D (SentinelOne) Expanding the Cybersecurity Platform of the Future, SentinelOne Capitalizes on Unprecedented Global Market Traction in the Largest Endpoint Security Funding Round of 2019

GuardKnox Funding Reaches $24 Million Upon Completion of $21 Million Series A Round Led by Fraser McCombs Capital (Yahoo) GuardKnox positioned to bring its best-in-class in-vehicle cybersecurity solutions to automotive customers worldwide

EnSilo is raising a series B to monitor and remediate cyber threats (Updated) (VentureBeat) EnSilo's security platform enables IT teams to proactively respond to cyber threats and conduct detailed analyses of ongoing and past intrusions.

Cybersecurity unicorn CrowdStrike announces share price for future IPO (Built In) CrowdStrike, currently valued at $3.4 billion, will offer 18 million shares of Class A common stock for between $19 and $23 each.

Cisco Continues To Shine (Seeking Alpha) Cisco continues its impressive streak of beating estimates amid strong results. The company's transformation is still in full swing and keeps its strong momentum

Kaspersky Announces New Branding, Mission Statement (SecurityWeek) Kaspersky Lab changes its name to Kaspersky, introduces a new logo, and unveils its new mission statement, “Building a safer world.”

UNITED ARAB EMIRATES : NESA, SIA, DarkMatter, BeamTrail make up Abu Dhabi's new interceptions landscape (Intelligence Online) In less than a year, technical intelligence and interceptions, or SIGINT, in the United Arab Emirates has been totally reorganised, with offensive and defensive operations now separate. The move has

Radiflow Launches MSSP Partner Program (PR Newswire) Radiflow, a leading provider of industrial cybersecurity solutions for industrial automation networks, today...

Cybereason Continues Rapid EMEA Expansion (PR Newswire) New Customers, Product Excellence, New Hires Drives Record Global Results

BioCatch Expands Financial IT Expertise with the Appointment of Mitchel Lenson as an Independent Board Director (Global Banking & Finance Review) BioCatch, the global leader in AI-driven behavioral biometrics, today announced the appointment of Mitchel Lenson as an independent member of its Board of

Absolute Strengthens Executive Team to Accelerate Next Stage of Growth (BusinessWire) Absolute (TSX: ABT), the leader in endpoint resilience, today announced the appointment of three key executives to its leadership team. Sandra Toms jo

Products, Services, and Solutions

Enveil and Novetta Partner to Deliver Secure Data Processing at the Tactical Edge (West) Strategic partnership and technology integration unlocks field-ready capabilities for mission-critical applications in the government market

Digital Reasoning Launches AI-Enabled Voice Analytics for Conduct Surveillance in Banking (West) New solution has developed in partnership with leading banks. Delivers highly efficient workflows and market-leading accuracy for analyzing noisy, financial domain audio data.

Carbon Black Introduces Third-Generation Cloud Architecture, Announces Plans for ‘Bring Your Own Key (BYOK)’ Encryption Capabilities (West) Additional planned features on the new architecture include ‘Flexible Data Retention,’ ‘Event Forwarder’ API and faster response times on advanced queries

OneSpan Revolutionizes the Digital Account Opening Experience with Secure Agreement Automation (West) End-to-end, cloud-based solution enables digital account opening in minutes while helping financial institutions fight application fraud and synthetic identities

Wandera announces Secure Access Layer to protect user privacy and provide secure mobile access to corporate data (West) Wandera, the leading mobile security company, announces new privacy functionality that further extends its endpoint solution to the network.

Continuity Software Launches Data Security Advisor, Uncovering Hidden Security Risks to Critical Data Storage Systems (Yahoo) Continuity Software's new Data Security Advisor solution enables enterprises to meet information security audit requirements and protects high value data assets

Morphisec Announces Version 3.5 at Infosecurity Europe 2019 with New Unified Security Center for End-to-End Visibility Across All Blocked Attacks (PR Newswire) Latest upgrades make it easier to replace legacy antivirus with more secure, lower TCO endpoint defense

Checkmarx Makes SCA Market Waves with Enhanced Open Source Security Offering (BsinessWire) Infosecurity Europe — Checkmarx, the Software Exposure Platform for the enterprise, has deepened its stake in the software composition analysis (SCA)

SecureAuth Innovates Secure Identity Management with its Intelligent Identity Cloud Service (West) Latest innovations advance usability and security, giving enterprise customers deployment freedom (hybrid, on-premises and cloud) and ability to consolidate multiple solutions

IOXO Launches CityWRX™ to Address Ransomware for Municipalities with End to End Virtualization and CloudWRX (Yahoo) On the heels of the formal launch of CloudWRX™, an end-to-end cloud computing management platform, IOXO (www.IOXO.cloud), today announced CityWRX™, an initiative leveraging CloudWRX to provide increased security and savings for cities, counties and municipalities (“Cities”) while freeing them from

Snowflake Announces Data Exchange to Break Down Data Barriers (PR Newswire) Snowflake, the data warehouse built for the cloud, today announced an all-new shared data experience, the Snowflake ...

Jazz Networks Launches Fully-Customizable Insider Threat Detection and Response (BusinessWire) Jazz Networks, an award-winning cybersecurity platform, announces that its newest release makes it the first of its kind to enable fully-customizable

The first Finnish audit criteria for cloud services released – PiTuKri improves cloud security (News Powered by Cision) The Finnish National Cyber Security Centre (NCSC) has released new audit criteria for cloud services called PiTuKri. The implementation of the criteria improves security in situations where authorities process classified information in the cloud.

Aon collaborates with CyberCube to advance insurers' cyber risk aggregation management (PR Newswire) Aon Plc, a leading global professional services firm, aims to leverage CyberCube's advanced cyber aggregation risk modeling capabilities and build...

Mt Pelerin signe un partenariat avec ID Quantique (Allnews) La société dirigée par Arnaud Salomon et ID Quantique veulent développer la première solution quantique pour le stockage sécurisé d’actifs crypto: le Quantum Vault.

SolarWinds Announces Network Insight for Palo Alto Networks (Storage Review) Today SolarWinds extended support of their Network Insight service to Palo Alto Networks and several updates to their existing services. SolarWinds’s Orion Platform is getting upgrades to improve scalability and transparency. SolarWinds was founded in 1999 and is a leading provider of IT infrastructure management software. Palo Alto Networks was founded in 2005 and primarily provides firewalls as well as other cloud-based security services.

Technologies, Techniques, and Standards

Leading MSP and Cloud Certification Program Increases Emphasis on Cybersecurity and MSP Best Practices (PR Newswire) The International Association of Cloud & Managed Service Providers (MSPAlliance®) today continued its...

How Laya Healthcare overhauled its data privacy for GDPR in just two-and-a-half days (Computing) Laya Healthcare implemented multi-factor authorisation with a simple interface as it grappled with its GDPR obligations

Tales From the SOC: Municipal Edition (SecurityWeek) Devon Kerr explains what happened when a municipality inadvertently deployed a brand-new endpoint protection technology across a small part of their production network.

'IT shouldn't tell OT they have an ugly baby,' says Anglo American CISO (Computing) How digital and physical infrastructure can work in harmony with operational technology.

Cyber due diligence: considerations before a merger or acquisition - PE Hub (PE Hub) Do you have any idea how often hackers attack? A University of Maryland study says a cyberattack on average happens every 39 seconds. That’s 2,200 attempts a day, more than 800,000 a year. Countless companies — Sony, JP Morgan, Target and Equifax, to name just a few — have fallen prey to …

Is your private equity firm exposed to these hidden IT risks? (Help Net Security) Without an audit into all of the potential investment company’s technical assets and processes, a private equity firm is setting itself up for hidden risks.

How William Hill's CISO sells cyber security to the board: Simple, practical, pragmatic and obvious (Computing) CISOs need to sell security to the board like a marketeer, says William Hill's Group CISO Killian Faughnan.

Minimum Home Router Security Recommendations Defined in New Joint LACNOG and M3AAWG Best Practices (BusinessWire) New best practices will help deter DoS attacks that make use of vulnerable network infrastructure devices, IoT devices, and malware infections.

Good cyber security culture should, literally, begin in employees' homes, says HSBC CISO Paula Kershaw (Computing) Top CISOs share their top employee engagement tips at InfoSec.

Beware of security blind spots in encrypted traffic (ComputerWeekly) The growth of encrypted traffic has put the spotlight on intrusion prevention systems that help to surface cyber attacks conducted under the cloak of network encryption

How to Protect Yourself or Your Business from Ransomware in 2 Steps (The Internet Patrol) The City of Baltimore had their city government computer system shut down by the Robbinhood ransomware. Yet it could have been avoided, or at least mitigated. Here's how to protect yourself or a business from ransomware.

Design and Innovation

Eliminating the growing pains of government IT modernization (Federal Times) It is imperative that agency IT leaders understand where their most critical needs lie and develop a coherent picture of the underlying causes slowing their digitization efforts.

DoD tech officials caution culture challenges lie ahead before rolling out more emerging tech tools (Federal News Network) Officials working behind the scenes at DoD say the majority of their responsibilities focus on getting people and processes ready for emerging tech tools.

Research and Development

Florida Institute of Technology, Air Combat Command Enter Into Research Agreement (Space Coast Daily) Florida Tech and the Air Force Air Combat Command (ACC) recently entered into a Cooperative Research and Development Agreement.

Academia

Walmart Adds 14 Tech Degrees, Certificates to Live Better U College Offering, Expands Debt-Free College to High Schoolers and Creates Graduation Bonuses (Walmart Corporate) Walmart is committed to winning the future of retail and knows investing in its people is essential to serving customers today and in the future. To help prepare its…

Legislation, Policy, and Regulation

Huawei Offers U.S. 'No-Spy Deal' As Trump Looks To End Huawei's U.K. 5G Ambitions (Forbes) The same day President Trump discussed Huawei with U.K. Prime Minister Theresa May, saying that the company would not be allowed to come between the two allies, Huawei's chairman looked to offer the U.S. a "no-spy deal' in an attempt to ease the pressure on the company.

Huawei Chairman Willing To Sign A 'No-Spy' Deal With The United States (NPR) A top Huawei executive accused the U.S. of inappropriate conduct, while also striking a conciliatory tone — a response that reflected the level of exasperation being felt by the Chinese tech giant.

Huawei offers to meet with U.S. cybersecurity officials (FierceWireless) Huawei would be willing to discuss ways to show it is meeting U.S. security standards suggested by the National Institute of Standards and Technology.

White House strategy calls for secure, usable government data (Federal Times) The Federal Data Strategy establishes near- and long-term goals for getting the most out of the federal government's massive data stores.

Time to break up social media firms? MPs and activists on the threat to democracy from online disinformation (Computing) Western democracy is under severe threat from autocratic regimes' use of Facebook and Twitter.

US to launch new program to fight extremism in Philippines (Military Times) U.S. and Philippine officials on Tuesday discussed a new program to thwart efforts by Muslim extremists to recruit and mobilize followers in the country’s south after a bloody siege by jihadists aligned with the Islamic State group.

State Department proposes new $20.8 million cybersecurity bureau (CyberScoop) The State Department has sent to Congress a long-awaited plan to reestablish a cybersecurity-focused bureau it says is key to supporting U.S. diplomatic efforts in cyberspace.

House panel worries about Navy’s at-sea network (Fifth Domain) The House Armed Services Committee wants to fence off about 15 percent of the Navy’s funding for its advanced at-sea network until the service answers questions about the program’s cybersecurity.

New York's Privacy Bill Is Even Bolder Than California's (WIRED) New York is poised to become the next battleground in the fight for consumers' rights over their personal data.

Ex-NSA Hacker Reviewed by FEC over Software Contribution Offer (Infosecurity Magazine) Area 1 Security wants to contribute free spear-phising prevention software to political campaigns.

Litigation, Investigation, and Law Enforcement

SEC Charges Issuer With Conducting $100 Million Unregistered ICO (US Securities and Exchange Commission) The Securities and Exchange Commission today sued Kik Interactive Inc. for conducting an illegal $100 million securities offering of digital tokens. The SEC charges that Kik sold the tokens to U.S. investors without registering their offer and sale as required by the U.S. securities laws.

Messaging app sued by US regulator over cryptocurrency launch (The Telegraph) A controversial messaging app is being sued by US regulators for raising capital through cryptocurrency sales.

Aussie Police Raid Journalist's Home Over Secret Spying Report (SecurityWeek) Australian police on Tuesday raided the home of a prominent journalist who reported on a secret government plan to spy on Australian citizens.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Hack the Sea (Las Vegas, Nevada, USA, August 8 - 11, 2019) Hack The Sea is a three day mini-conference that will be held in the villages of DEF CON 27. Hack The Sea will provide a variety of hands-on, collaborative learning experiences ranging from mini-workshops...

Upcoming Events

Cybertech Midwest 2019 (Indianapolis, Indiana, USA, April 24 - July 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...

National Cyber Summit (Huntsville, Alabama, USA, June 4 - 6, 2019) National Cyber Summit is the nation’s most innovative cyber security-technology event, offering unique educational, collaborative and workforce development opportunities for industry visionaries and rising...

Infosecurity Europe (London, England, USA, June 4 - 6, 2019) Europe’s Leading Event for Information and Cyber Security Bringing business, tech and cyber communities together to discuss and discover how best to protect companies and individuals. Join in to find ‘everyone...

San Diego Cyber Security Conference (San Diego, California, USA, June 5, 2019) Join us to interact with CISOs & Senior Level Executives who have effectively mitigated the risk of Cyber Attacks. In San Diego the keynote will be delivered by Darin Andersen, CEO/ Founder NXT Robotics,...

Seattle Cybersecurity Conference (Seattle, Washington, USA, June 6, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.