skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

US Cyber Command is said to have conducted offensive operations against Iranian targets as a reprisal for Tehran's attacks on commercial shipping in the Gulf of Oman, and for the shootdown of a US Global Hawk unmanned drone. Yahoo, which broke the story late Friday, said the attacks were directed against an Iranian intelligence unit responsible for supporting attacks against shipping by tracking tanker traffic. The specific Iranian agency was unnamed, but it's said to be associated with the Revolutionary Guard. The Washington Post reported that Cyber Command had disabled Iranian rocket and missile command and control systems in the region, which (if so) would be a direct riposte to the Global Hawk shootdown.

Reports of this US cyberattack are sourced to anonymous US officials not authorized to speak publicly. US Cyber Command has declined to comment for reasons of operational security. US Vice President Pence also declined comment, according to the Wall Street Journal, citing policy regarding comment on "covert operations." The Jerusalem Post reports that Iran says the US cyberattack indeed happened, but that it failed.

The US Cybersecurity and Infrastructure Security Agency (CISA) has also warned that Iran is increasing the tempo of cyberattacks against US targets. CISA cautions that Iran could be expected to engage in wiper attacks. These gain access to target networks through familiar methods, particularly phishing, password spraying, and credential stuffing, but their aim is data destruction, not theft. CISA's advice for staying safe from these and other threats may be found here.

Notes.

Today's issue includes events affecting Canada, China, European Union, France, Germany, Iran, Israel, Romania, Russia, Saudi Arabia, United Arab Emirates, United Kingdom, United States.

Bring your own context.

How might well-intentioned security measures backfire? Middleboxes might, sometimes, do just that.

"Doing something that is pro-security - in this case, having an inspection looking for malware trying to protect users - is actually putting them at risk, and it might be doing less of a service than what you really think it is."

—Nick Sullivan, head of cryptography at Cloudflare, discussing "Monsters in the Middleboxes" on Research Saturday, 6.22.19.

Worth a look, particularly in enterprises that for various reasons need to inspect encrypted traffic passing between the users they manage and the Internet

Modernizing security analytics and operations with SOAPA.

Security operations is held back by the compromises of existing security analytics solutions, and throwing more money and time at the problem isn’t helping. Instead, you are left dealing with an army of point tools, exponential data growth, lack of context... the list goes on.

It's time to take a new approach to security analytics - explore how Devo can help evolve your SOC in this report by ESG.

In today's podcast, out later this afternoon, we hear from our partners at the Johns Hopkins University's Information Security Institute, as Joe Carrigan discusses the escalating calls to patch the BlueKeep vulnerability

RSA Conference 2019 Asia Pacific & Japan (Singapore, Republic of Singapore, July 16 - 18, 2019) Join industry leaders and peers at the region’s leading cybersecurity event. Learn the latest issues and solutions, stay on top of new regulations, demo cutting-edge products, expand your skills and grow your personal network. Register now.

Wicked6 Cyber Games (Las Vegas, Nevada, United States, August 6, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.

Cyber Attacks, Threats, and Vulnerabilities

Cloudflare outage affecting numerous sites on Monday AM [Update: fixed] (TechCrunch) Cloudflare, a company providing performance and security to websites, is having network problems of its own this morning — and taking down a lot of its customers’ sites and apps in the process. Affected companies include podcast app Overcast, chat service Discord, managed hosting provid…

US struck Iranian military computers this week (Military Times) U.S. military cyber forces launched a strike against Iranian military computer systems on Thursday as President Donald Trump backed away from plans for a more conventional military strike in response to Iran’s downing of a U.S. surveillance drone, U.S. officials said Saturday.

Iranian minister: U.S. cyber attack failed (Jerusalem Post) "They try hard, but have not carried out a successful attack."

Pentagon secretly struck back against Iranian cyberspies targeting U.S. ships (Yahoo News) On Thursday evening, U.S. Cyber Command launched a retaliatory digital strike against an Iranian spy group that supported last week’s limpet mine attacks on commercial ships, according to two former intelligence officials.

With Trump’s approval, Pentagon launched cyber strikes against Iran (Washington Post) The attack Thursday disabled Iranian computer systems that control rocket and missile launches.

US hits Iran with cyberattack: reports (Deutsche Welle) The US reportedly launched a cyberattack on Iran in response to the downing of an unmanned drone. Cybersecurity firms have also reported a rise in Iranian attempts to hack US companies and government agencies.

U.S. Carried Out Cyberattacks on Iran (New York Times) The operation went forward because it was intended to be below the threshold of armed conflict — using the same shadow tactics that Iran has used.

U.S. Launched Cyberattacks on Iran (Wall Street Journal) The U.S. covertly launched offensive cyber operations against an Iranian intelligence group’s computer systems on Thursday, the same day President Trump pulled back on using more traditional methods of military force.

US Cyber Command reportedly launched a cyberattack against Iran as Trump nixed his military strikes (Business Insider) The Iranian spy group reportedly supported the limpet mine attacks against 2 tanker ships earlier last week.

U.S. Struck Iranian Military Computers This Week: AP Sources (SecurityWeek) U.S. military cyber forces launched a strike against Iranian military computer systems on as President Donald Trump backed away from plans for a more conventional military strike in response to Iran's downing of a U.S. surveillance drone, U.S. officials said.

Trump reportedly cancels attack on Iran as US planes were in the air (Washington Examiner) BACK FROM THE BRINK: Last night all signs pointed to an imminent U.S. military response to Iran’s shootdown of an unmanned American spy plane Thursday morning. While President Trump was cagey with reporters yesterday, suggesting that perhaps “somebody who was loose and stupid” had given the orders,…

Why Trump Decided Not to Attack Iran (Foreign Policy) Officials say the president is looking for a peaceful solution to the crisis.

Iran Shoots Down U.S. Global Hawk Operating in International Airspace (U.S. DEPARTMENT OF DEFENSE) Defense officials announced that Iran shot down an unmanned Navy RQ-4 Global Hawk surveillance aircraft, escalating an already tense situation in the Strait of Hormuz.

Iran says it will respond 'firmly' to US aggression amid retaliatory cyberattack, aborted military strike (Fox News) Iran cautioned Saturday that it will “firmly” respond to any aggression or threat by the U.S., a warning that comes after President Trump aborted a military attack while U.S. cyber team carried out a retaliatory digital strike against the regime.

Iran’s Cyber Army Is Under Attack From All Sides as U.S. Tensions Escalate (The Daily Beast) Iran’s scrappy hacking crew is most effective when flying under the radar. Unfortunately for them, now everybody’s paying attention.

Analysis | The Cybersecurity 202: U.S. businesses are preparing for Iranian hacks after American cyber attack (Washington Post) Iranian counterstrikes might target financial or energy firms

U.S. Government Warns of Data Wipers Used in Iranian Cyberattacks (BleepingComputer) According to a statement by the U.S. Cybersecurity and Infrastructure Security Agency, an increase in cyberattacks utilizing destructive wiper tools has been detected targeting U.S. industries and government agencies by Iranian actors or proxies.

Security firms see spike in Iranian cyberattacks (POLITICO) The chronology matches the steady ratcheting of tensions between the United States and Iran.

Russian accounts pushed fake Rubio tweet warning of British spy threat to US elections (CNN) A network of suspected Russian accounts promoted a fake tweet purportedly sent by Sen. Marco Rubio claiming that a purported British spy agency planned to derail the campaigns of Republican candidates in last November's midterm elections, research from the think tank Atlantic Council shows. The false claim was later repeated by RT, the Russian state-backed media network.

Top Takes: Suspected Russian Intelligence Operation - Medium (Medium) Operators worked across platforms to spread lies and impersonate political figures

Experts point to China for ransomware attacks against Romanian hospitals (Romania Insider) The authors of cyber attacks against the Romanian hospitals could be of Chinese origin, according to the National Cyb

Microsoft Warns of Campaign Dropping Flawedammyy RAT in Memory (BleepingComputer) Microsoft issued a warning about an active spam campaign that tries to infect Korean targets with a FlawedAmmyy RAT malware distributed via malicious XLS attachments.

Warning Issued For Millions Of Microsoft Windows 10 Users (Forbes) Millions of Windows 10 users have been exposed to a severe problem they are unlikely to know exists...

New Malware Designed To Go After Linux Systems (neoRhino IT Solutions) Linux systems aren't targeted by hackers as often as Windows and iOS-based systems, but they're certainly not immune. Recently, security researchers have discovered a new strain of malware developed by Chinese hackers, specifically for the purpose of targeting Linux-based systems....

LTE flaws let hackers ‘easily’ spoof presidential alerts (TechCrunch) Security vulnerabilities in LTE can allow hackers to “easily” spoof presidential alerts sent to mobile phones in the event of a national emergency. Using off-the-shelf equipment and open-source software, a working exploit made it possible to send a simulated alert to every phone in a 50…

This is Your President Speaking: Spoofing Alerts in 4G LTE Networks (MobiSys '19 Proceedings) Modern cell phones are required to receive and display alerts via the Wireless Emergency Alert (WEA) program, under the mandate of the Warning, Alert, and Response Act of 2006.

Hacked documents reveal sensitive details of expanding border surveillance (Washington Post) The hack revealed the inner workings of a complex surveillance network that border authorities have long sought to keep secret.

DDoS-for-hire Websites Make a Comeback Despite FBI Crackdown, According to Nexusguard Threat Report (BusinessWire) DDoS attacks “for hire” rebounded to more than double their amounts in Q4 2018, according to Nexusguard’s “Q1 2019 Threat Report.”

WeTransfer Security Incident Sent Files to the Wrong People (BleepingComputer) In an embarrassing security incident, the WeTransfer file sharing service announced that for two days it was sending it's users shared files to the wrong people. As this service is used to transfer what are considered private, and potentially sensitive files, this could be a big privacy issue for affected users.

Hackers using pirated software to spread new Mac malware (HackRead) If you download pirated content from torrent platforms, you can be a victim of this Mac malware.

High-risk vulnerabilities found in 1/3 of iOS apps, nearly half of Android apps (Help Net Security) Expert testing of iOS and Android mobile applications shows that in most cases, insecure data storage is the most common security flaw in mobile apps.

Used Nest cams were letting previous owners spy on you (Naked Security) Google says it’s fixed the issue, but we haven’t heard details on how many, and which, products were affected.

Review | Google Chrome has become surveillance software. It’s time to switch. (Washington Post) Our latest privacy experiment found Chrome ushered more than 11,000 tracker cookies into our browser — in a single week.

Claims of Tesla hack wide of the mark—we dig into GNSS hacking (Ars Technica) This Tesla hack is plausible, but its implications were wildly overstated.

Asco closure after cyber-attack to last another week (The Brussels Times) Asco, the Zaventem-based company that makes aircraft parts, will now remain closed at least until 28 June, following a cyber-attack two weeks ago.

A tale of two cities: Why ransomware will just get worse (Ars Technica) Deal or no deal, either way cities pay through the nose because of failed IT practices.

Beware of Fake John McAfee and Tesla Cryptocurrency Giveaways (BleepingComputer) A resurgence of scam campaigns that pretend to be Bitcoin and Ethereum giveaways from Tesla, Elon Musk, and John McAfee are underway. These scams rise in popularity as cryptocurrency prices increase.

Security Patches, Mitigations, and Software Updates

OpenSSH to protect keys in memory against side-channel attacks (CSO Online) The new OpenSSH patch makes it harder to execute attacks such as Spectre, Meltdown, Rowhammer and Rambleed.

BlueKeep Warnings Pay Off, Boost Patching in Enterprise Networks (BleepingComputer) The multiple warnings about patching Windows systems against the BlueKeep vulnerability (CVE-2019-0708) have not gone unheeded. Administrators of enterprise networks listened and updated most of the machines affected by the issue.

Dell fixes high-risk vulnerability in pre-installed SupportAssist software (Help Net Security) Dell pushed out fixes for a high-risk vulnerability (CVE-2019-12280) in its pre-installed SupportAssist software and urges users to upgrade the software.

Update Your Dell Laptop Now To Fix A Critical Security Flaw In Pre-Installed Software (Gizmodo Australia) If you own a Dell, now would be a good time to update your system. Even if your PC wasn’t manufactured by Dell, it’s possible that a new vulnerability affecting millions could apply to you....

TripAdvisor Gets Proactive To Help Its Users Avoid Getting Hacked (Forbes) The popular travel site didn't suffer a breach, but some of its users are being forced to choose a new password. There's a simple reason why.

Cyber Trends

Pledges to Not Pay Ransomware Hit Reality (Dark Reading) While risk analysts and security experts continue to urge companies to secure systems against ransomware, they are now also advising that firms be ready to pay.

Argentina’s blackout and the storm-battered future of the grid (Ars Technica) Blackout a reminder that the US grid itself isn't ready for extreme weather either.

The process sensor ecosystem is not cyber secure and can cause catastrophic damage (Control Global) I have written extensively about the lack of cyber security and authentication in Purdue Reference Model Level 0,1 devices (process sensors, actuators, drives, etc.)...

41.6 billion IoT devices will be generating 79.4 zettabytes of data in 2025 (Help Net Security) A new forecast from IDC estimates that there will be 41.6 billion connected IoT devices, or "things," generating 79.4 zettabytes (ZB) of data in 2025.

The Internet Has Made Dupes—and Cynics—of Us All (WIRED) The typical response to the onslaught of falsehood is to say, lol, nothing matters. But when so many of us are reaching this point, it really does matter.

Marketplace

Insured losses from a cyber catastrophe could reach billions (Help Net Security) Analysis shows insured business interruption losses from a cyber catastrophe could reach an estimated $3.25 billion. Kovrr, a predictive cyber risk

Huawei digs in for a long battle with the U.S. (Washington Post) Hurt by U.S. penalties, world’s largest maker of telecom equipment tells employees to get ready for a difficult future.

Facebook makes another push to shape and define its own oversight (TechCrunch) Facebook’s head of global spin and policy, former UK deputy prime minister Nick Clegg, will give a speech later today providing more detail of the company’s plan to set up an ‘independent’ external oversight board to which people can appeal content decisions so that Facebook…

Raytheon to Conduct Cyber Assessments of USAF Aircraft Systems (Air Force Magazine) ​Raytheon and the Air Force are working on a type of “bug bounty” focused on addressing cyber deficiencies, but this time on aircraft.

Parsons says it will focus on mergers and acquisitions (InsideDefense) Parsons is focusing its capital on finding potential acquisitions in cybersecurity, intelligence, space, defense and critical infrastructure, according to its chief executive.

Products, Services, and Solutions

New infosec products of the week: June 21, 2019 (Help Net Security) The infosec products of the week include releases from: CipherCloud, Scytale, Sectigo, Threat Stack, ManageEngine, Imperva and Arctic Wolf Networks.

Velocity Ledger Taps HLC and Helical for Cybersecurity (West) Velocity Ledger Holdings Limited has engaged HLC Cyber Group to license the Helical information security management suite and provide security consulting services.

No Slack for you! Microsoft puts rival app on internal list of ‘prohibited and discouraged’ software (GeekWire) Slack is on an internal Microsoft list of prohibited technology — software, apps, online services and plug-ins that the company doesn’t want its employees using as part of their day-to-day work. But the document, obtained by GeekWire, asserts that the primary reason is security, not competition. And Slack is just one of many on the list.

Who’s going to use the big bad Libra? (TechCrunch) There is so much to write about Libra, and so much which has already been written misses the mark, mostly, I think, because most pundits haven’t spent much time in the developing world, which is very clearly the target market here. Just look at its launch video: I’ve seen apocalyptic re…

Technologies, Techniques, and Standards

NIST drafts enhanced cyber standards for defense contractors (FedScoop) The National Institute of Standards and Technology released new draft security requirements for Department of Defense contractors that store sensitive but unclassified information on private systems.

Countering industrial cyberthreats with secure, standards-based, licensed wireless networks (Help Net Security) Over the past few years, cyber threats aimed at a number of critical infrastructure targets have drawn our attention to the security of mission critical networks.

Life Beyond Blocking: Adopting Behavior-Based Cybersecurity (BankInfo Security) Many cybersecurity tools are designed to block or allow specific activities based on prescribed rules, but with insider breaches continuing, enterprise protection

The Human Factor How Human Expertise Strengthens Your Security Posture (Security Boulevard) A look at the value of human expertise for separating the signal from the noise and reducing false positives to secure and protect workloads on AWS and other cloud, hybrid, and multi-cloud environments.

4 Social Engineering Threats to Keep an Eye on — and How to Stop Them (Security Intelligence) Threat intelligence reveals that highly targeted social engineering attacks are growing. Here's what you need to know to defend your organization — and yourself.

Design and Innovation

The NSA is experimenting with machine learning concepts its workforce will trust (CyberScoop) As the U.S. National Security Agency incorporates machine learning and artificial intelligence into its defensive cyber operations, officials are weighing whether cyber operators will have confidence in the algorithms underpinning those emerging technologies.

Inside Apple's team that greenlights iPhone apps for the App Store (CNBC) An executive board led by Apple marketing SVP Phil Schiller meets every week to discuss controversial apps or other iPhone software programs that may infringe Apple's App Store guidelines.

YouTube confirms a test where the comments are hidden by default (TechCrunch) YouTube’s comments section has a bad reputation. It’s even been called “the worst on the internet,” and a reflection of YouTube’s overall toxic culture, where creators are rewarded for outrageous behavior — whether that’s tormenting and exploiting their chi…

Research and Development

Quantum Computers Could Be True Randomness Generators (WIRED) Pure, verifiable randomness is essential to encryption yet hard to come by. Quantum computers could be the answer.

British start-ups race ahead of US rivals to develop new ultra-secure computer chips to defeat hackers  (The Telegraph) British start-ups are racing ahead of US rivals in developing new ultra-secure computer chips to stop hackers from accessing critical systems.

Facebook can be used to learn a lot about you—including hints about your medical conditions (Quartz) Facebook statuses were good at predicting diabetes or mental health conditions—which could be useful, but also dangerous.

Legislation, Policy, and Regulation

Over Past 24 Hours, US & Iran Each Claim To Narrowly Avoid Deadly Attacks (Breaking Defense) Both sides are claiming they stepped back from the edge over the past 24 hours, unwilling to see the loss of life. Tensions in the Gulf haven't diminished however.

Trump explains why he called off strike against Iran (Military Times) President Trump said he called off a strike against Iran because the estimated casualties were not “proportionate to shooting down an unmanned drone.”

Bolton warns Iran not to mistake US ‘prudence’ for weakness (Military Times) Bolton's tough message seemed to be aimed not only at Tehran, but also at reassuring key U.S. allies that the White House remains committed to maintaining pressure on Iran

U.S. Plans New Iran Sanctions as Europe Tries to Defuse Tensions (Wall Street Journal) President Trump and his aides have indicated they are prepared to wait for the economic vise on Tehran to tighten further, but didn’t elaborate on what additional sanctions would look like.

In Mideast, Pompeo seeks a global coalition against Iran (AP NEWS) Secretary of State Mike Pompeo said Sunday he wants to build a global coalition against Iran during urgent consultations in the Middle East, following a week of crisis that saw...

Relieved America believes Britain is climbing aboard its Iran mission (Times) Britain’s position on the Iran nuclear deal has hardened and shifted closer to America’s in the past month as tension has risen in the region, according to security officials in Washington. After...

Amid tough talk, Trump says he could be Iran's 'best friend' (13 WTHR Indianapolis) President Donald Trump said Saturday that military action against Iran was still an option for its downing of an unmanned U.S. military aircraft, but amid heightened tensions he dangled the prospect of eventually becoming an unlikely "best friend" of America's longtime Middle Eastern adversary.

Saudi Spy Chief Lobbies London for Strikes against Iran (Tasnim News Agency) A Saudi intelligence chief pleaded with British authorities to carry out limited strikes against Iranian military targets, just hours after Donald Trump called off planned US attacks against the Islamic Republic, a senior UK official said.

Trump and U.S. Allies Can Still Make Iran Blink (Bloomberg) Canceling a missile strike made the White House look indecisive, but it could be turned to the U.S.’s advantage.

Why Trump’s Cyber Attack On Iran Was The Right Move (The Federalist) Cyber attacks are the future of warfare. By launching one against Iran, Trump has increased the threat to Iran without plunging the country into war.

The Role of America's New Unified Cyber Warfare Command (SecurityWeek) The elevation of the U.S. Cyber Command to a Unified Combatant Command brings American offensive and defensive cyber operations brings major implications for the U.S. national cyber security posture.

Explainer: Will Russia Return To PACE Next Week? (RadioFreeEurope/RadioLiberty) On June 24, the Parliamentary Assembly of the Council of Europe (PACE) will begin its summer session in Strasbourg and it is expected to vote on a report that could welcome Russia back to the chamber after a three-year hiatus.

The Budapest Convention Offers an Opportunity for Modernizing Crimes in Cyberspace (Lawfare) The overemphasis on trespass in the Computer Fraud and Abuse Act disincentivizes the wrong types of activities in cyberspace, while also permitting activities that should be criminalized.

World needs blockchain ‘Geneva Convention’ (Asia Times) Swiss security expert says IT ‘gold standard’ needed to counter raging cyberwar between US, China and Russia

Violent Voyeurism: Surveillance, Spyware and Human Rights (International Policy Digest) Spyware, commercially and readily available, can be a very dangerous thing. Its intent is to keep us safe but if used for nefarious purposes, you can wind up chopped into little bits.

Here’s what an AI code of conduct for the Pentagon might look like (C4ISRNET) In the debate over artificial intelligence, both sides may not actually be talking about creating new ethics, but rather discussing a code of conduct for how AI will be used and monitored. Here is one path for how developing a code of conduct might begin.

European central bankers claim oversight over Facebook’s... (Reuters) Three European central bankers are claiming oversight over Facebook's plann...

US Adds AMD JV to Entity List (Infosecurity Magazine) Five more Chinese organizations get the cold shoulder

U.S. Considers Requiring 5G Equipment for Domestic Use Be Made Outside China (Wall Street Journal) The Trump administration is considering requiring that next-generation 5G cellular equipment used in the U.S. be designed and manufactured outside China, a move that could reshape global manufacturing.

U.S. Targets China’s Supercomputing Push With New Export Restrictions (Wall Street Journal) The Commerce Department is taking aim at China’s supercomputing push with new export restrictions that effectively cut five major Chinese developers of next-generation high-performance computing off from U.S. technology.

Senator Hawley Proposes Law To Force Internet Companies To Beg The FTC For Permission To Host Content (Techdirt.) Senate newbie Josh Hawley has made it clear that he's no fan of big internet companies and has joined with others in suggesting that Section 230 is somehow to blame for whatever it is he dislikes (it mainly seems to be he thinks the public likes...

CISA’s ICT Supply Chain Risk Management Task Force Makes Key Acquisition Recommendation (Department of Homeland Security) The Cybersecurity and Infrastructure Security Agency (CISA) and government and industry members of the Information and Communications Technology (ICT) Supply Chain Risk Management Task Force gathered in Washington, D.C. today to update members on progress towards the development of an initial recommendation to help industry and government stakeholders more effectively identify and manage risks to global ICT supply chains.

FERC Strengthens Cyber Security Standards for Bulk Electric System (Environmental XPRT) The Federal Energy Regulatory Commission (FERC) recently (6/20) bolstered the cyber security of the nation's bulk electric system by expanding ...

Exclusive: Warner wants Google, Facebook to put a price on your data (Axios) A new bill being introduced Monday by Sen. Mark Warner and Sen. Josh Hawley would require tech companies to tell users how much their personal data is worth

GOP senators divided over approach to election security (TheHill) A renewed push to pass election security legislation ahead of the 2020 vote is putting a spotlight on divisions among key Republicans.

House panel backs election security bill in aftermath of 2016 Russian interference (Washington Post) The chamber is expected to act next week on the legislation that would mandate paper ballots and provide millions of dollars to update voting equipment.

Do We Need a Cabinet-Level Department of Cybersecurity? (In Homeland Security) Department of Cybersecurity: With evidence of Russia's interference in the US Election and hacking from other nations, is a cabinet-level department likely?

As The DOJ Continues To Complain About Encryption, Cellebrite (Again) Announces It Can Crack Any IPhone (Techdirt.) On Monday, June 17, Deputy Attorney General Jeffrey Rosen said this during his speech to the National Sheriffs' Association: In recent years, criminals have become more and more adept at using technology to avoid law enforcement in what we...

Mark Esper, Secretary of the Army, to be named by Trump to Defense Secretary (The Washington Times) President Trump on Friday night said he’ll formally nominate Mark T. Esper for defense secretary, moving quickly to name a permanent Pentagon chief as military tensions with Iran escalate.

From DOPMA To Google: Cyber As A Case Study In Talent Management – Analysis (Eurasia Review) Talent management is the sine qua non of an effective organization and, therefore, a critical determinant of military success. Within the framework…

Canada's national security landscape will get a major overhaul this summer (CBC) Canada's national security architecture is about to undergo a major demolition and rebuild this summer, now that C-59 has received royal assent.

Litigation, Investigation, and Law Enforcement

Huawei Sues Over U.S.’s Seizure of Telecommunications Gear (Bloomberg) China telecom giant says Commerce Department dragging its feet. Officials checking to see if equipment needs export licence.

Forensic firm used by police targeted in cyber attack (The Independent) Fears that evidence may have been compromised after two day ransomware onslaught

Facebook and eBay told to tackle trade in fake reviews (TechCrunch) Facebook and eBay have been warned by the U.K.’s Competition and Markets Authority (CMA) to do more to tackle the sale of fake reviews on their platforms. Fake reviews are illegal under U.K. consumer protection law. The CMA said today it has found “troubling evidence” of a “…

Once More With Feeling: There Is No Legal Distinction Between A 'Platform' And A 'Publisher' (Techdirt.) Alexis Madrigal, over at the Atlantic has a mostly interesting piece recounting the history of how the big internet companies started calling themselves platforms. The history is actually pretty fascinating: There was a time when there were no...

FBI warns of foreign actors trying to 'sow discord' in the wake of mass shootings (98.1 KMBZ FM) Houses of worship remain a vulnerable target for attacks and foreign entities could be looking to "sow discord" using the internet, an FBI official warned at a security event with law enforcement officials

DOJ: Government has independently verified CrowdStrike report blaming Russian hackers for DNC breach (The Washington Times) The Department of Justice has corroborated a report by CrowdStrike, a private security firm hired by the Democratic National Committee, that concluded Russian hackers were responsible for breaching the DNC prior to the 2016 U.S. presidential race, federal prosecutors revealed Thursday.

Blunders By Democrats And Capitol Police Enabled What Prosecutors Call The ‘Largest Data Theft In Senate History’ (Daily Caller) Jackson Cosko's "largest data theft in Senate history" was made possible by errors and apathy by Democrats, and the case was almost blown by the Capitol Police.

Judge orders Stone to explain Instagram posts attacking Mueller probe, FBI (StamfordAdvocate) A federal judge on Friday demanded that Roger Stone explain why she should not find he violated a court gag order and his release terms pending trial after prosecutors criticized his recent social media posts attacking the FBI and Robert Mueller's special counsel probe.

After Alaska teen's murder, cybersecurity experts warn of catfishing predators (NBC News) “Young people tend to be more trusting, which makes them more vulnerable to these types of frauds,” cybersecurity expert Ahmed Banafa said.

Alaska teen allegedly solicited by man to kill her friend, send him videos for $9 million (NBC News) The teen, charged with murder, was allegedly offered millions to murder someone and send proof by a man with a fake online persona.

Cop Gets $585K After Colleagues Snooped on Her DMV Data (WIRED) A jury this week finds that Minneapolis police officers abused their license database access. Dozens of other lawsuits have made similar claims.

Google links expose school of Ana Kriegel murderers (Times) Google’s “related searches” service is providing people who type in the name of Boy A, and the town where he lives, with the name of the school he and Boy B attended. The two boys were found guilty...

He Cyberstalked Teen Girls for Years—Then They Fought Back (WIRED) How a hacker shamed and humiliated high school girls in a small New Hampshire town, and how they helped take him down.

Report: Two Israeli Brothers Arrested for Hack of Bitfinex Crypto Exchange (Yahoo) Two Israeli brothers have been arrested in connection with the hack of cryptocurrency exchange Bitfinex and other crypto-related phishing attacks, finance news outlet Finance Magnates reports on June 23. An Israeli police spokesperson reportedly told Finance Magnates that Eli Gigi and his younger brother

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Insider Threat Program Management 360 Training Course (Washington, DC, USA, June 25 - 26, 2019) The Insider Threat Defense Group will hold our most advanced training for Insider Threat Program (ITP) Management. This comprehensive 2 day training course covers all the aspects of an ITP, from A-Z; ITP...

GovSummit (Washington, DC, USA, June 26 - 27, 2019) GovSummit -- the government security conference hosted annually by the Security Industry Association -- brings together government security leaders with private industry technologists for top-quality information...

5th Annual Cyber Security For Defense (Washington, DC, USA, June 26 - 28, 2019) Three days of engaging topics, workshops, case studies, and peer-to-peer networking from across the DoD and greater Intelligence Community. Featured topics include cloud security, blockchain, C4I security,...

Tampa Cybersecurity Conference (Tampa, Florida, USA, June 27, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

INTERPOL World 2019 (Singapore, July 2 - 4, 2019) INTERPOL World is a global co-creation opportunity which engages the public and private sectors in dialogue, and fosters collaboration to counter future security and policing challenges. INTERPOL World...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.