skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

Help the CyberWire by taking a short survey (with a chance for prizes).

Help us improve the quality, relevance and value of the CyberWire by taking a short survey (five minutes or less to complete). It's of course completely voluntary, anonymous and confidential. Click here to take our survey and look for your chance to win some official CyberWire swag when you're done.

Trend Micro reports a resurgence in Iran's MuddyWater espionage campaign.

Reuters notes that Russian-operated YouTube channels are freely spreading tabloidesque disinformation that successfully evades YouTube's content moderation.

Some backing and filling over Huawei blacklisting occurred late last week and over the weekend: France 24 reports that the GSM Association industry group estimates the cost of that ban to EU mobile carriers as reaching, perhaps, as much as €52 billion, with accompanying delays of 18 months in fielding 5G service. In the US, the Washington Post says tech companies, especially semiconductor manufacturers, have expressed concern over the ban's hit on exports.

And according to the Wall Street Journal, the acting director of the US Office of Management and Budget has urged that US companies be given more time to adjust to the effect such blacklisting might have on their business.

China's government is warning tech companies (specifically Microsoft, Dell, and Huawei) of the consequences of cooperating with Washington as opposed to Beijing in the Huawei Affair, the New York Times reports. Not all get the memo: WIRED points out that Facebook won't be offering its products preinstalled in new Huawei phones.

Raytheon has agreed to be acquired by United Technologies, the Washington Business Journal reports. The merged company will be the world's second-largest defense and aerospace integrator, behind only Boeing. Raytheon will bring significant cybersecurity capabilities to its new corporate parent, assuming they're retained once the acquisition settles.

A HackRead op-ed sends a hemi-demi-semi-mash note to government content moderation and censorship.

Notes.

Today's issue includes events affecting Angola, Canada, China, Estonia, European Union, France, Gibraltar, India, Iran, Kenya, Republic of Korea, NATO/OTAN, Netherlands, Pakistan, Russia, Switzerland, Taiwan, United Kingdom, United States, and Vietnam.

Bring your own context.

If it's a new threat, it must be after new vulnerabilities, right? Not necessarily.

"There's not a whole lot about this that is extremely zero-day groundbreaking or anything like that. You know, if you stay with the standard practices, you can avoid a lot of stuff like this. And this is a brand-new piece of malware. It's not something that's been around for ten years or anything like that. It's still looking for those weaknesses out there that a lot of servers are still operating with.

Tom Hegel, security researcher with AT&T Alien Labs, talking about a new malware strain, Xwo, on the CyberWire's Research Saturday, 6.8.19.

You don't always need a novel defense to parry a novel attack.

Get the In-Depth Guide to Operationalizing Threat Intelligence.

Threat intelligence is critical but often difficult to manage, automate, or operationalize. Threat Intelligence Gateways are an exciting, emerging network security technology that take the heavy lifting out of making threat intelligence actionable, operational, and useful. Learn about how this technology is turning threat intelligence into action to block threats at scale in the whitepaper, Operationalizing Threat Intelligence: An In-Depth Guide to Threat Intelligence Gateways.

In today's podcast, out later this afternoon, we speak with our partners at the Johns Hopkins University's Information Security Institute, as Joe Carrigan discusses Apple’s newly announced secure sign-in service (and its announced focus on privacy).

Cyber Security Summits: Seattle on June 25th and in DC on July 16 (Seattle, Washington, United States, June 25, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The DOJ, U.S. Secret Service, Verizon, Center for Internet Security, Google and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Passes are limited, secure yours today: www.CyberSummitUSA.com

RSA Conference 2019 Asia Pacific & Japan (Singapore, Republic of Singapore, July 16 - 18, 2019) Join industry leaders and peers at the region’s leading cybersecurity event. Learn the latest issues and solutions, stay on top of new regulations, demo cutting-edge products, expand your skills and grow your personal network. Register now.

Cyber Attacks, Threats, and Vulnerabilities

MuddyWater Resurfaces, Uses Multi-Stage Backdoor POWERSTATS V3 and New Post-Exploitation Tools (TrendLabs Security Intelligence Blog) We found new campaigns that appear to wear the badge of MuddyWater. Analysis of these campaigns revealed the use of new tools and payloads, which indicates that the well-known threat actor group is continuously developing their schemes. We also unearthed and detailed our other findings on MuddyWater, such as its connection to four Android malware families and its use of false flag techniques, among others, in our report “New MuddyWater Findings Uncovered: Threat Actors Used Multi-Stage Backdoor, False Flags, Android Malware, and More.”

Russian disinformation on YouTube draws ads, lacks warning labels:... (Reuters) Fourteen Russia-backed YouTube channels spreading disinformation have been gener...

Anxious wait after huge hack at Australian university (Asia Times) Vast amount of data relating to staff and students was stolen and its possible the hackers could still be inside the institution’s system

Mystery crop fires scorch thousands of acres in Syria and Iraq — and ISIS claims responsibility (Washington Post) Even after the defeat of its so-called caliphate, the Islamic State still wreaks havoc.

Angolan Oil Company Suffers Attempted Cyber-Attack (prensa-latina.cu) Luanda, Jun 7 (Prensa Latina) The National Fuel Society of Angola (Sonangol) has reported it received an attempted cyber-attack, local press reported on Friday.

New Hawkball backdoor attacks government sector in Central Asia (SC Media) A newly discovered backdoor by the name of Hawkball was recently observed attacking one or more Russian-speaking government entities in Central Asia.

Government Sector in Central Asia Targeted With New HAWKBALL Backdoor Delivered via Microsoft Office Vulnerabilities (FireEye) An attack against the government sector in Central Asia using well-known Microsoft Office vulnerabilities.

Is Vietnam Becoming the Next Big Cybercriminal Hub? (IntSights) As a result of the Vietnamese government’s crackdown on internet usage, many are being drawn to the dark web to access the content and information they seek, leading to an increase in cybercriminal activity.

New Windows 10 Zero-Day Bug Emerges From Bypassing Patched Flaw (BleepingComputer) Demo exploit code and details are now available about a new zero-day vulnerability in Windows 10 that allows elevating the privileges of a normal user to those of an administrator. An attacker can use it to install programs, view, change or delete data.

SandboxEscaper Debuts ByeBear Windows Patch Bypass (Threatpost) SandboxEscaper is back, with a second bypass for the recent CVE-2019-0841 Windows patch.

Microsoft warns about email spam campaign abusing Office vulnerability (ZDNet) Dangerous spam campaign targets European users with backdoor trojan.

Microsoft Warns of Campaign Exploiting 2017 Bug (Infosecurity Magazine) Microsoft Warns of Campaign Exploiting 2017 Bug. Phishing emails contain malicious RTF files

6 ways malware can bypass endpoint protection (CSO Online) Breaches from attacks that defeat or run around endpoint protection measures are on the rise. Here's how attackers do it.

Facebook gave data access to Chinese firm flagged by US intelligence (CNBC) Facebook has data-sharing partnerships with at least four Chinese electronics companies, including Huawei, a company that has been flagged by American intelligence, the New York Times reports.

Misconfigured container services are a security risk (ComputerWeekly) Researchers at Palo Alto Networks have released details of the scale of misconfigured and exposed container services putting organisations at risk of cyber attack.

How a Google Cloud Catch-22 Broke the Internet (WIRED) A Google Cloud outage that knocked huge portions of the internet offline also blocked access to the tools Google needed to fix it.

Germany: Backdoor found in four smartphone models; 20,000 users infected (ZDNet) German cyber-security agency warns against buying or using four low-end smartphone models.

Android backdoor demonstrates vulnerabilities in the mobile supply chain (CyberScoop) Hackers in 2017 exploited an Android backdoor by inserting code in apps and programs built by third party vendors, Google said in a blog post Thursday.

NSA Warns Microsoft Windows Users: Update Now Or Face 'Devastating Damage' (Forbes) The U.S. National Security Agency (NSA) has taken the highly unusual step of telling Microsoft Windows users to update now and warning of the "devastating" damage that could occur from a "flaw" if they don't. Here's what you need to know and what you need to do next...

How to protect your computer from the BlueKeep bug the NSA is warning about (Mic) A major security flaw known as BlueKeep is plaguing millions of Windows machines and could result in a significant, widespread cyber attack. Microsoft has issued multiple warnings about the flaw, and this week, in an incredibly rare step, the U.S.…

Forget BlueKeep: Beware the GoldBrute (Threatpost) A botnet has appeared that has attempted to brute-force 1.5 million RDP connections to Windows systems in the last few days — and counting.

For two hours, a large chunk of European mobile traffic was rerouted through China (ZDNet) It was China Telecom, again. The same ISP accused last year of "hijacking the vital internet backbone of western countries."

China Routed Traffic from European Carriers for Two Hours (BleepingComputer) Mobile internet traffic from multiple carriers in Europe took an unintended turn through China Telecom for over two hours on June 6 because of a route leak incident.

BGP route leak sends European mobile traffic via China (Computing) Yet another BGP hijack by China Telecom routes internet traffic of several European mobile operators via China

More compromised windstream email sending malspam with Orion keylogger (My Online Security) Following on from Last Friday, it is looking like Windstream, Zimbra & Synacor still have a problem with accounts being compromised and mass malspam being sent. Generally speaking the majority of ISPs…

Voicemail phishing scam involving compromised OneDrive for business site (My Online Security) We see lots of phishing attempts for email credentials. This one is slightly different than many others and somewhat more complicated. It pretends to be a message to download a voicemail.

Magecart's 'shotgun approach' to payment card theft is wreaking havoc on e-commerce sites (CyberScoop) Hacking groups like Magecart are carrying out more efficient attacks to walk off with online shoppers’ data, according to multiple security companies.

Eurofins Scientific: Update on the cyber-attack announced on June 3, 2019 (BusinessWire) Regulatory News: Eurofins (Paris:ERF): As communicated in an ad hoc press release on Monday June 3rd, during the weekend of 1st/2nd June, Eurofins Sci

New Extortion Scam Threatens to Ruin a Website's Reputation (BleepingComputer) A new extortion scam campaign is underway that is targeting websites owners and stating that if they do not make a payment, the attacker will ruin their site's reputation and get them blacklisted for spam.

Hackers Won’t Let Up in Their Attack on U.S. Cities (Wall Street Journal) Local governments are facing a growing threat of cyberattacks and escalating ransom demands, as an attack in Baltimore has crippled thousands of computers for a month.

Baltimore IT head apologizes for ransomware attack response (SFGate) Baltimore's chief information technology official has apologized to city leaders for the response to a cyberattack that has crippled the city for a month.

Was Allentown’s costly computer virus assisted by a hacking tool created by the NSA? (Allentown Morning Call) The computer virus that cost Allentown taxpayers $1 million last year may have been magnified by a hacking tool developed by the U.S. National Security Agency.

A Baltimore County school computer system was open to internal searches (Baltimore Sun) Baltimore County school officials are investigating who may have gained access to searchable files since May 29

Some county computers remain down (Citizens' Voice) Computer systems in several Luzerne County offices remained offline Friday two weeks after a cyber attack struck the county’s network. Luzerne County Manager Dave Pedri said computers in the assessor’s office and the mapping office remained

Cyber-attack on the library database of Sunderland City Council (Spamfighter News) Hackers have accessed personal details of users' in a cyber-attack on the library database of Sunderland City Council.

UK Taxpayers Overwhelmed with Phishing Scams (Infosecurity Magazine) UK Taxpayers Overwhelmed with Phishing Scams. FOI request finds 2.6m reports over past three years

Protip: No, the CIA will not call off a pedophilia probe into your life in exchange for Bitcoin (Register) Kaspersky warns of fake 'dirty agent' scam circulating

Security Patches, Mitigations, and Software Updates

Action required! Exim mail servers need urgent patching (Naked Security) Researchers have discovered another dangerous security hole hiding in recent, unpatched versions of the internet’s most popular mail server, Exim.

Microsoft Issues New Windows 10 Update Warning (Forbes) Microsoft Windows 10 users, here's another update problem you need to know about because it is going to strike repeatedly...

June Patch Tuesday forecast: Apply updates before BlueKeep hits the streets (Help Net Security) The first months of 2019 have seen a record number of vulnerabilities reported and BlueKeep associated has set forums and security advisory lists on fire.

Cyber Trends

300+ Terrifying Cybercrime & Cybersecurity Statistics [2019 EDITION] (Comparitech) Find out about the most interesting and shocking cybercrime statistics, facts, and trends, and learn how to improve your online security and privacy.

Developers Security Report (WhiteSource) Application security is a top priority today for companies that are developing software.

BUYER UNAWARE: Security and privacy rarely considered before buying IoT devices (CyLab Security and Privacy Institute) In today’s often-precarious security and privacy landscape, you’d think consumers would be taking security and privacy risks into serious consideration when purchasing new IoT devices. And you’d be wrong.

Two-thirds of iOS apps don't use App Transport Security (Help Net Security) Most iOS apps don't use App Transport Security​, a networking security feature offered by Apple that ensures encrypted connections between apps and servers.

The Minefield of Corporate Email (Dark Reading) Email security challenges CISOs as cybercriminals target corporate inboxes with malware, phishing attempts, and various forms of fraud.

As cybersecurity threats change, so must hospitals (Healthcare IT News) A new assessment of cybersecurity threats highlights consumers’ growing role and predicts things will get worse before they get better.

The New Revolution in Military Affairs (Foreign Affairs) For the U.S. military to succeed on the battlefields of the future, it will need a force built around large numbers of small, inexpensive, expendable, and highly autonomous systems.

Opinion | Ditch the GPS. It’s ruining your brain. (Washington Post) Brain behavior changes when people rely on turn-by-turn directions.

Kenya, Africa’s cybercrime preparedness found weak (The East African) Consider policies that support continued growth in technology security.

Marketplace

Why the Cybersecurity Market Is Consolidating (Fortune) The industry is preparing for a storm.

Big Tech Can Stay Ahead of Regulators by Breaking Itself Up (WIRED) Regulators are coming after Amazon, Apple, Facebook, and Google, and it could get ugly. The companies would benefit by acting pre-emptively.

Raytheon strikes deal to be acquired by United Technologies (Washington Business Journal) The all-stock deal creates the world's second-largest aerospace and defense company behind Boeing.

United Technologies-Raytheon tie-up would make a 'monster supplier' and reshape the industry (CNBC) Raytheon and United Technologies have agreed to merge, a deal that would create the second-largest defense-and-aerospace company after Boeing.

Vectra lands $100M Series E investment for AI-driven network security (TechCrunch) Vectra, a seven-year old company that helps customers detect intrusions at the network level, whether in the cloud or on premises, announced a $100 million Series E funding round today led by TCV. Existing investors including Khosla Ventures and Accel also participated in the round, which brings th…

Blacklisted Huawei Loses Facebook, Instagram And WhatsApp Preinstalled Apps (Forbes) In yet another blow to Huawei, Facebook has announced that it will no longer allow Huawei phones to come pre-installed with Facebook, WhatsApp or Instagram. And the suspension looks will hit even current smartphone models that have not yet left the factory.

More Trouble for Huawei: No More Facebook on New Phones (WIRED) Facebook reportedly bans Huawei from installing its apps, including Instagram and WhatsApp, on new phones.

Huawei’s PR Campaign Comes Straight From the Party’s Playbook (Foreign Policy) The trade war is showing how deep Beijing’s global influence runs.

Small Businesses Value MSPs Most for Threat Prevention Support (Channel Futures) Geoff Bibby at Zix says SMBs fear they aren’t well-protected against cyberthreats, so MSPs need to step up their game. Cyberattacks are the fastest-growing crime in the U.S. and the greatest threat to businesses around the world, according to a recent AppRiver survey.

Microsoft Wants More Security Researchers to Hack Into Its Cloud (Bloomberg) As Microsoft works on cloud security, it’s looking to attract `White Hat’ hackers with rewards and legal guarantees.

Shakopee Security Solutions Company Entrust Datacard Acquires U.K. Firm (Twin Cities Business) Entrust has closed on its acquisition of nCipher Security, the general purpose hardware security business of industry giant Thales.

nCipher Sale Completes, Cambridge Team to Remain in Place (Computer Business Review) nCipher Security's 300-plus employees are all officially now working for new owner Entrust Datacard, after the US-based company...

From millions to billions: Inside Palo Alto Networks boss Nikesh Arora's $128 mn pay cheque (The Economic Times) A recent study on the top paid CEOs of publicly-listed US companies put him at the third rank for 2018.

Lane Bess, Security Industry Veteran, Joins Panorays as Advisor and Investor (Yahoo) Panorays, a rapidly growing provider of automated third-party security management, has announced that Lane Bess, former COO of ZScaler and former CEO of Palo Alto Networks, has joined as a Panorays advisor and investor to help with the company’s go-to-market strategy and expansion. Bess is a well-known

Products, Services, and Solutions

Digital Defense, Inc. and Attivo Networks Introduce the Industry’s First Integrated Risk and Deception-based Platform (PRWeb) Digital Defense, Inc. today announced the availability of its Frontline.Cloud™ integration with Attivo Networks®, the award-winning leader in deception fo

Bittium lance le nouveau smartphone Bittium Tough Mobile™ 2 ultra-sécurisé (News Powered by Cision) Bittium Tough Mobile 2 est, avec son système back-end complet, le smartphone le plus sécurisé au monde

Check Point Introduces 16000 and 26000 Series Security Gateways That Deliver Terabit-Per-Second Threat Prevention (WebWire) 16000/26000 series integrated with R80.30, SandBlast Technology, and the Maestro Hyperscale Orchestrator deliver 1 Tera-bps Gen V Threat Prevention

Technologies, Techniques, and Standards

Industrial cybersecurity strategies need a radical rethink (Control Engineering Europe) While Industry 4.0 and the Industrial Internet of Things (IIoT) is enhancing the digital and connectivity capabilities of Industrial Control Systems (ICS) it has also opened the floodgates to serious cybersecurity risks, threatening to cause billions of dollars in damage to industrial operations worldwide.

Prevent ransomware attacks: Learn from Atlanta and Baltimore (Synopsys Software Integrity Blog) How can organizations prevent ransomware attacks? The Atlanta and Baltimore attacks prove that patch management and employee training should take priority.

National Cyber Security Alliance Tips Amid Massive Quest Leak (ValueWalk) In response to details that have emerged, the National Cyber Security Alliance has put together a statement with best practices for businesses

What’s the best approach to patching vulnerabilities? (Naked Security) Researchers ask: with only 1 in 20 vulnerabilities exploited, what’s the best approach to patching?

How to remove BOSTON ransomware (Virus Removal Guide) (MalwareTips Guides) This guide teaches you how to remove BOSTON ransomware for free by following easy step-by-step instructions.

#HowTo Enable Effective Security Awareness Training (Infosecurity Magazine) Steps to take to enable efficient security awareness

4 ways to check if a link is safe before you click it (The Kim Komando Show) Criminals can make it difficult to navigate the internet at times. Clicking on a malicious link sent to you in a phishing email or on a dubious website can lead to all kinds of problems. Malware, ransomware and other viruses to name a few. Thankfu…

Security Basics for the Novice Online Traders (HackRead) The popularity of online trading is growing and there is a need to always use the best security measures in order to protect your online wallets and investment portfolios.

Five Pillars of Actionable Cloud Security (Infosecurity Magazine) Designing and deploying an actionable cloud security framework

How to Stop Robocalls—or At Least Slow Them Down (WIRED) Let’s be honest, you can’t kill robocalls completely. But here are some things you can do to keep them from constantly blowing up your phone.

10 Questions to Ask a Bot-Mitigation Vendor (Shape Security Blog) You figured out that you have a bot problem. Maybe you have a high account takeover (ATO) rate, or someone’s cracking all your gift cards, or scraping your site. You tried to handle it yourself wit…

Design and Innovation

Top voting machine maker reverses position on election security, promises paper ballots (TechCrunch) Voting machine maker ES&S has said it “will no longer sell” paperless voting machines as the primary device for casting ballots in a jurisdiction. ES&S chief executive Tom Burt confirmed the news in an op-ed. TechCrunch understands the decision was made around the time that four…

Dawn of the Artificially Intelligent Consiglieri: Mankind's New Best Friend (Entrepreneur) What if you had a Financial Intelligent Agent to help you with your budget, investments, travel plans and even work schedule?

Apple’s quiet CryptoKit launch could bolster blockchain on iPhones (VentureBeat) A new developer framework will give Apple's developers the ability to create encryption keys and store them in the Secure Enclaves of its devices.

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge (The Last Watchdog) Locking down firmware. This is fast becoming a profound new security challenge for all companies – one that can’t be pushed to a side burner.

Research and Development

Physicists See a Quantum Leap, Halt It, and Reverse It (WIRED) An experiment observed quantum leaps as they happened, revealing that these speedy little jumps are in fact gradual, rather than instantaneous.

How A.I. Could Be Weaponized to Spread Disinformation (New York Times) The world’s top artificial intelligence labs are honing technology that can mimic how humans write, which could one day help disinformation campaigns go undetected by generating huge amounts of subtly different messages.

Training a single AI model can emit as much carbon as five cars in their lifetimes (MIT Technology Review) Deep learning has a terrible carbon footprint.

Academia

Top defence executive praises Gibraltar cyber students (Gibraltar Chronicle) 
The chief executive of one of the world’s largest defence and security companies this praised Gibraltarian students who participated in the UK-wide CyberCenturion challenge. Teams of youngsters from Gibraltar have participated and excelled for several years running in the highly-competitive event, which in its latest edition attracted 575 teams in the initial round. Of those,

Legislation, Policy, and Regulation

Canada's military spies can collect, share info on Canadians, directive says (CTVNews) Canada's military spies can collect and share information about Canadian citizens, including material gathered by chance, as long as it supports a legitimate investigation, says a newly disclosed federal directive.

Surveillance State (The Nation) The government’s new plans to monitor online traffic – both content and communications – has already rung alarm bells for rights groups and

Estonia, US, NATO provide for common defense in cyberspace (WTOP) Military, intelligence and diplomatic leaders from 47 countries and five continents gathered in Tallinn, Estonia, for the 11th International Conference on Cyber Conflict. The main take-away was simple — cyberspace is an unwieldy, relatively uncharted domain. WTOP National Security Correspondent J.J. Green talked with some of the participants.

Senior Russian, US Diplomats To Hold Security Talks In Prague Next Week - State Dept (UrduPoint) Russian Deputy Foreign Minister Sergey Ryabkov and US Undersecretary of State Andrea Thompson will meet in Prague next week to discuss security issues, the State Department announced in a press release on Friday.During her visit to Prague, she will also meet her Russian counterpart, Deputy Foreign ..

Opinion | Putin touts Russia as a great power. But he’s made it a weak one. (Washington Post) Let's not buy into the Kremlin's version of Putin's performance.

Nine Major VPNs Could Get Blocked by Russia in 30 Days (BleepingComputer) Nine VPN providers could get banned in Russia within 30 days if they fail to enforce the country's list of banned websites by connecting their systems to the Russian State Information System (FGIS) to automatically block their users' access to blacklisted websites.

Russia's Latest Internet Crackdown Targets Tools for Avoiding Online Censorship (Fortune) History suggests that may prove difficult.

Taiwan bans China-made semiconductors from cable TV boxes (South China Morning Post) The move is a further headache for HiSilicon, a unit of Huawei, which has struggled to maintain client relationships amid US trade restrictions

Putin Stands by China, Criticizes US, in Trade, Huawei Disputes (IJR) Aggressive U.S. tactics such as a campaign against Chinese telecoms firm Huawei will lead to trade wars - and possibly real wars - Russian President Vladimir Putin said on Friday, in a show of solidarity with China alongside its leader Xi Jinping.

China may restrict tech access in spiraling US trade dispute (Washington Post) Chinese state media say the government will create a system to protect China’s technology in a spiraling trade dispute with the US

China Summons Tech Giants to Warn Against Cooperating With Trump Ban (New York Times) Chinese officials told companies Dell, Microsoft and Samsung that there would be dire consequences if they cut sales or pulled production from China, people familiar with the meetings said.

Harris repeats concerns over 5G network security amid anti-Huawei campaign (Korea Herald) US Ambassador to South Korea Harry Harris on Friday renewed concerns over the security of the fifth-generation (5G) wireless network amid Washington's apparent campaign against Chinese telecom titan Huawei.The United States has recently been prodding its allies and other partner countries to stop using Huawei products on security grounds amid growing trade tensions between Washington and Beijing. "We are natural...

Huawei ban threatens U.S. national security, tech companies warn Trump administration (Washington Post) U.S. technology companies have told the Commerce Department that the Trump administration’s ban on selling to the Chinese tech giant Huawei could significantly harm their bottom lines and might damage their ability to develop new technological innovations, including those needed by the U.S. military.

Banning Huawei would cost EU telcos up to 55 bn euros: industry body (France 24) Banning Huawei would cost EU telcos up to 55 bn euros: industry body

Acting U.S. Budget Chief Seeks Reprieve on Huawei Ban (Wall Street Journal) The White House’s Russell Vought is pushing for a delay in implementing key provisions of a law that restricts U.S. government’s business with Huawei Technologies, citing the burdens on U.S. companies that use Huawei technology.

Pentagon: 'Huawei is too close to the government' (CNBC) U.S. officials have long complained that Chinese intellectual property theft has cost the economy billions in revenue and threatens national security.

Mnuchin says Trump could ease up on Huawei if trade talks advance (Reuters) U.S. Treasury Secretary Steven Mnuchin said on Sunday that President Donald Trum...

Experts clash with terror chief over AI threat to civil liberties (Times) Security experts have clashed with the new reviewer of terrorism laws over his fears that relying on technology to stop atrocities puts civil liberties at risk. Jonathan Hall, QC, said that police...

The Politician Fighting The Spyware Industry (Vice) Outgoing Dutch member of European Parliament Marietje Schaake tells us why spyware is as dangerous as an AK-47, but regulated less.

Opinion | Overthrow the Prince of Facebook (Wall Street Journal) Big tech has become too powerful and abusive. We know enough about it to break up its dominance.

Russian hackers targeted them. Now states want to protect their election systems (Fifth Domain) At least three states reportedly targeted by Russian hackers during the 2016 election are part of a new group of states working together with the National Governors Association to enhance cybersecurity as the 2020 election cycle approaches.

Ruling possible soon on legality of discounted anti-spearphishing services for campaigns (CyberScoop) In its latest effort to give companies clarity on whether they can lawfully provide cybersecurity protection to political campaigns for free or at a low cost, the Federal Election Commission indicated this week it could be close to greenlighting anti-spearphishing services in a case currently before the commission...

FEC: Cyber Threats Don't Automatically Override Campaign Contribution Laws (Legaltech News) Cybersecurity providers hoping to provide their solutions to campaigns for free or at a reduced cost may be in violation of the Federal Election Campaign Act. It all depends on how the FEC interprets each offering.

A paper record for every voter: It’s time for Congress to act (Roll Call) Opinion — Congress must pass legislation to require a paper record for every voter and establish a mandated security testing program for voting machines.

Litigation, Investigation, and Law Enforcement

Big tech's time of reckoning: It looks like Trump is making good on his threat to take on Google and Amazon (Business Insider) This weekend, two reports surfaced about Washington edging closer to a showdown with the tech giants.

Not Your Daddy’s Regulation: Tech Giants Face A Complicated Reckoning In Washington (BuzzFeed News) Old rules and moving targets create new challenges for regulators and Congress.

States Prepare to Launch Investigations Into Tech Giants (Wall Street Journal) State attorneys general are preparing for their own investigations into big tech platforms including Google and Facebook, based on concerns that largely mirror those driving federal probes.

Judge cuts penalty facing Navy SEAL, cites email intrusion (Washington Post) A military judge refused to dismiss the case against a decorated Navy SEAL charged with killing a wounded Islamic State prisoner in Iraq in 2017

Navy judge won’t dismiss SEAL war crimes case but sanctions prosecutors (Navy Times) Special Warfare Operator Chief Edward “Eddie” Gallagher, 40, is charged with premeditated murder and other crimes allegedly committed in Iraq in 2017.

Case opened: Democrats begin public airing of Mueller report (ABC News) President Trump says it's case closed, but Democrats are just getting started.

Quest, LabCorp, AMCA Sued For Breach Impacting Over 19 Million (BleepingComputer) Multiple class action lawsuits have been filed against Quest Diagnostics Incorporated and Laboratory Corporation of America Holdings (LabCorp) since they disclosed that personal information of over 19 million of their customers was exposed in a data breach.

Goa police floats tender for cybercrime lab (Times of India) With a poor track record of resolving cybercrimes, Goa police is making yet another attempt at getting the proposed project of a cyber forensi.

Former HP boss Meg Whitman accused of 'trashing' Mike Lynch's reputation to protect herself (Computing) 'Things have to be proven' in the court, the judge told Whitman

Crypto bull John McAfee to sue Craig Wright aka Faketoshi (Tron Weekly Journal) We wouldn't be surprised if John McAfee never sues Craig Wright for whatever reason. On the other hand, if he does, it will be a fascinating thing to watch.

Protect yourself from holiday and ticket fraud (Europol) Sounds too good an offer to be true? That is because it probably is. You’ve just fallen victim to holiday fraud. From fraudulent flights to non-existing accommodation, holiday fraud is a big business for scammers and is most frequent during peak holiday times, such as summer and December. Holiday makers need to be aware of this. Here are some guidelines if you want to avoid being a victim of holiday fraud.  

Secure Watch gives law enforcement direct access to security cams (Houston Chronicle) The initiative, called HCSO Secure Watch, is a free program that was introduced about four years ago and is powered by Corveillance - a cloud-based video surveillance company.

He catches thieves, teachers and strippers with cellphones and computers. Now this detective is being honored. (Butler County Journal-News) A Miami University Police Department detective known in the region for his expertise in retrieving d...

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Cybertech Midwest 2019 (Indianapolis, Indiana, USA, April 24 - July 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...

NetDiligence® Cyber Risk Summit (Philadelphia, Pennsylvania, USA, June 12 - 14, 2019) The NetDiligence® Cyber Risk Summit in Philadelphia is attended by more than 600 cyber insurance, legal/regulatory, and technology leaders from all over the globe. A premier education and networking event,...

SecureWorld Chicago (Chicago, Illinois, USA, June 13, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...

Baltimore Cybersecurity Conference (Baltimore, Maryland, USA, June 13, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

SINET Innovation Summit 2019 (New York, New York, USA, June 13, 2019) SINET New York connects the United States’ three most powerful institutions and evangelizes the importance of industry, government and academic collaboration on security initiatives.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.