skip navigation

More signal. Less noise.

Insider's Guide to Incident Response!

Gain helpful tips from industry experts. Get all 5 chapters of the insider's Guide to Incident Response in 1 eBook! Download your free copy today!

Daily briefing.

RSA Conference 2019

Inaugural Launch Pad highlights three early-stage start-ups.

In what emcee Hugh Thompson called "an opportunity to see inside the start-up pitch room," three early-stage companies each received five minutes to sell themselves to a panel of venture capitalists. The event is expected to become a regular feature of the RSA Conference.

The three companies were NuID (which uses zero-knowledge proofs and a blockchain to deliver trustless authentication), Spherical Defence (which offers an alternative to rule-and-signature-based systems), and Styra (whose solution provides "guardrails" for developers working in kubernetes). The pitches were all fluent and attractive to at least one or more of the panelists. The principal lessons on display were the importance of showing differentiation and of offering hard evidence for a solution's ability to deliver on its promises.

Cyber conflict, as seen from Fort Meade.

Yesterday, near RSAC, we were able to attend a breakfast session sponsored by Maryland’s Department of Commerce. Their speaker was Rob Joyce, who currently serves as Senior Advisor for Cybersecurity Strategy to the Director of the US National Security Agency. Joyce outlined a shift in cyberattcks: they’ve moved from theft of secrets, cyber espionage, toward becoming a means of imposing national will. He sees four trends. First, high-end threat activity has become more sophisticated. Second, the level of expertise needed to operate as a significant threat is declining. Third, cyber conflict is moving from exploitation to disruption. And fourth, information operations increasingly leverage what Joyce called a “cyber grey space.”

To survive in this emerging world, Joyce advocated building on a sound, solid foundation of the basics. We need good cyber hygiene, sound configuration, effective patching, those sorts of things. And laying this kind of foundation is in his view a long-term investment that requires coordinated investment in education and training.

It's not all about enterprises attending to the basics. In response to a question, Joyce discussed a place for offensive cyber operations, which he said were and must remain an inherently governmental responsibility. The US Government has now taken what he called a “more proactive, aggressive” stance with its doctrine of continuous engagement. The US is now willing to introduce some friction into the adversaries’ operations, and has shown the ability to do so.

Cyber conflict, as seen from CISA.

Christopher Krebs, who leads the Cybersecurity and Infrastructure Security Agency (CISA) at the US Department of Homeland Security shared his agency’s perspective on the current state of the threat nation-state adversaries pose in cyberspace. CISA is focused on (“of course,” as Krebs said) on the big four actors: Russia, China, Iran, and North Korea.

CISA functions, Krebs explained, as “the nation’s threat advisor,” not its threat manager, because most infrastructure in the US is owned by the private sector. CISA seeks to “understand, share, and act."

And the difference between a hurricane and climate change.

There is no shortage of warnings about all four of the major nation-state adversaries, but both NSA’s Joyce and CISA’s Krebs were agreed on which of them was the biggest threat to the US. It’s China, they said at a joint appearance moderated by Columbia University’s Jason Healey.

We worry about Russia using its cyber power to degrade others, Joyce said. But China projects power to build itself up. If Russian cyber operations are like a hurricane, China’s are like climate change. Beijing is playing a long game, and we know its goals: Made in China 2025 has outlined them with some clarity.

The US and China are now clearly competitors, having moved beyond several decades of economic engagement in which both countries perceived advantages. “Forty years of engagement,” Krebs said, “have just expanded the attack surface.” The threat to the US is poised to increase with the coming deployment of 5G technology and the pervasive connectivity it will bring. The risk that will accompany 5G, Joyce said, isn’t fundamentally a risk of the confidentiality of the information that technology will carry. It’s much more extensive: the risk lies in all the devices we’ll connect to it, and in the unforeseeable ways in which we’ll innovate on that new fabric.

The US isn't alone in its concerns over a prospective Chinese role in 5G networks. Former Prime Minister of Australia Malcolm Turnbull strongly warned Britain against using Huawei’s equipment in its 5G network, the Sydney Morning Herald notes. In a speech given in London last night, Turnbull said Australia's decision to ban Huawei was based on advice from the country's own intelligence agencies, and not because of external pressure from the US. He added that it "beggars belief" that none of the Five Eyes countries has a leading 5G vendor.

Symantec published a report today on the group behind last year's SingHealth data breach. The group, which they've dubbed "Whitefly," primarily targets Singapore, although links to attacks in other nations suggest that it may be part of a larger intelligence gathering operation. A Symantec spokesperson told Reuters that they believe it's a state-sponsored espionage group, but they're not certain which state it's working for.

Intel CPUs are vulnerable to a new flaw stemming from speculative execution, the Register reported yesterday. Researchers from the Worcester Polytechnic Institute and the University of Lübeck released a paper on Friday outlining the vulnerability, which they call "SPOILER." The vulnerability affects all Intel core processors and will require hardware mitigations, so a patch will likely take years.

The US NSA hasn't used its domestic phone surveillance program to track links to foreign threats for about six months, and it's not clear that the Administration will seek renewal of the program at all (New York Times).


Today's issue includes events affecting Australia, Canada, China, France, Iran, Japan, Russia, Singapore, United Kingdom, United States.

What if you could augment your security team by adding zero staff?

Cylance’s industry-leading security experts analyze your cybersecurity requirements and design solutions that meet and often far exceed objectives. Cylance secures our clients quickly using years of hard-won expertise, and world class artificial intelligence. Let Cylance help you achieve a state of ThreatZero, bolster your organization’s security posture, and zero in on what really matters.

In today's podcast, out later this afternoon, we hear from our partners at Accenture, as Justin Harvey discusses results from their Costs of Crime report, as well as observations from RSAC. Our guest is Gerald Beuchelt from LogMeIn with info from their latest password survey.

XM Cyber is coming to RSA (San Francisco, California, United States, March 4 - 8, 2019) Visit XM Cyber at the Innovation City, Booth IC2233, to experience the first fully automated APT simulation platform to Simulate, validate and remediate every hacker’s path to organizational critical assets.

OSSEC Con2019 (Herndon, Virginia, United States, March 20 - 21, 2019) OSSEC Con2019, “The Future of OSSEC: Security and Compliance for Cloud, On-Premise and Hybrid Environments” will take place March 20-21 in Herndon, VA. Join OSSEC users to share best practices and use cases with plenty of peer-to-peer networking.

Dateline RSAC 2019

Analysis | The Cybersecurity 202: U.S. officials: It’s China hacking that keeps us up at night (Washington Post) Russia hacking has Washington spooked. But security officials say China is the biggest long term threat.

Beijing Drops Contentious ‘Made in China 2025’ Slogan, but Policy Remains (WSJ) “Made in China 2025,” a government-led industrial program at the center of the contentious U.S.-China trade dispute, is officially gone—but in name only.

FBI director wants the Bureau to be a fixed answer in a world of blended threats (Fifth Domain) Partnerships with private industry are one way FBI Director Christopher Wray sees law enforcement uncovering the information it needs.

RSAC 2019: An Antidote for Tech Gone Wrong (Threatpost) As many ponder the big ethical questions around cyber, some are proposing public interest technologist as a solution.

RSAC 2019: Joomla! Mail Flaw Exploited to Create Mass Phishing Infrastructure (Threatpost) The Jmail Breaker attack leverages an old vulnerability in Joomla! along with a newly found flaw in the mail module.

RSAC 2019: Microsoft Zero-Day Allows Exploits to Sneak Past Sandboxes (Threatpost) Researchers say that Microsoft won't issue a patch for the issue.

TLS Markets Flourish on the Dark Web (Threatpost) The certificates are often paired with ancillary products, like Google-indexed “aged” domains, after-sale support, web design services and even integration with a range of payment processors.

RSAC 2019: Most Consumers Say ‘No’ to Cumbersome Data Privacy Practices (Threatpost) Consumer confidence in companies keeping their data safe is at an all-time low, but password hygiene and not reading EULAs and app permissions remain big problems.

RSA helps customers address digital transformation risks (Help Net Security) RSA announced enhancements to its Integrated Risk Management platform, RSA Archer, to help customers fundamentally transform their risk management function.

The NSA Makes Its Powerful Cybersecurity Tool Open Source (WIRED) No one's better at hacking than the NSA. And now one of its powerful tools is available to everyone for free.

AppViewX 2019.1.0 with Advanced Low-Code Elements and Certificate Reporting Capabilities Launched at RSA 2019 (GlobeNewswire News Room) The latest version of AppViewX’s Low-Code Automation Platform provides unparalleled agility

Armor Scientific makes authentication as easy as walking into a room (Help Net Security) Armor Scientific's new authentication platform is a converged hardware token and middleware suite aimed at law enforcement, govt, healthcare, etc.

Tripwire Launches Vulnerability Management as a Service (Tripwire) Expansion of Tripwire ExpertOps supports strong cybersecurity foundation, delivering personalized consulting and managed services to organizations

Anomali, Flashpoint, and Intel 471 Join Verodin to Launch Threat Actor Assurance Program (Verodin) Foundational Members Collaborate to Integrate Threat Intelligence into the Verodin Platform to Enhance the Effectiveness of Deployed Cybersecurity Controls

AttackIQ and BlackBerry Cylance Join Forces to Deliver Enterprise Endpoint Security Validation (AttackIQ) AttackIQ™, a leader in the emerging market of continuous security validation,today announced a partnership with BlackBerry Cylance BlackBerry Cylance, a business unit of BlackBerry Limited (NYSE:BB: TSX:BB), to enable organizations to validate that their endpoint security solutions are deployed correctly and configured optimally, ensuring continuous protection against the latest threats.

Bugcrowd and Secure Code Warrior Partner to Improve Security Training for Developers (PR Newswire) SAN FRANCISCO and SYDNEY, March 5, 2019 /PRNewswire/ -- Today, Bugcrowd, the #1 crowdsourced security company, and Secure Code Warrior, a global secure coding...

Trustwave Expands its Role as a Leading Cybersecurity and Managed Security Services Provider (Trustwave) Trustwave announced continued momentum coming off the heels of Singtel’s integration of cybersecurity resources, technologies and capabilities of Singtel, Optus, Trustwave and NCS into a single global corporate identity under the Trustwave brand.

Cyberinc Announces the First-Ever Hybrid Isolation Security Solution with the Launch of Isla 4.0 (PR Newswire) SAN RAMON, Calif., March 5, 2019 /PRNewswire/ -- Cyberinc, an isolation-based cybersecurity company that proactively stops web, email, and document-based...

Secure Video Calling Capability Available in Summer 2019 - SaltDNA (Dark Reading) Cyber security's comprehensive news site is now an online community for security professionals, outlining cyber threats and the technologies for defending against them.

Checkmarx Announces Enhancements to Software Exposure Platform (Business Wire) RSA Conference 2019 – Booth S1453 – Checkmarx, the Software Exposure Platform for the enterprise, today unveiled major advancements to accelerate adop

Pioneering cyber deception company CounterCraft presents fully MITRE integrated platform that tools up threat hunting teams (CounterCraft) CounterCraft attends RSA Conference San Francisco for the third year running, continuing to lead the global emerging cyber deception market with their advanced and groundbreaking platform

RSAC Day 1 Theme: People And Tech Are ‘Better Together’ (Cyber Security Hub) As the stage lighting turned up and the attendees settled down in their seats, there was a buzz of positivity in the air at the 2019 RSA Conference stage. The theme of this year’s conference is quite simply put as “Better.”

Adi Shamir couldn't get US visa to attend RSA Conference named for him (CNET) Israeli cybersecurity specialist Shamir is the "S" in RSA. He says he never heard back about his visa application.

Photo gallery: RSA Conference 2019 Expo (Help Net Security) Featured vendors include: Anomali, ObserveIT, Zero Fox, Corero Network Security, Aruba Networks, Century Link, Sumo Logic, Fasoo, and Netscout.

Cyber Attacks, Threats, and Vulnerabilities

Malcolm Turnbull warns Brits about letting Huawei build 5G network (The Sydney Morning Herald) Malcolm Turnbull says Australia's national security drove his decision to block the big Chinese technology company, and the British should also be wary.

Whitefly: Espionage Group has Singapore in Its Sights (Symantec) Group behind the SingHealth breach is also responsible for a string of other attacks in the region.

State-sponsored espionage group Whitefly behind major Singapore cyberattack -report (Reuters) The worst cyberattack in Singapore's history, in which the personal informa...

UPnP-enabled Connected Devices in the Home and Unpatched Known Vulnerabilities (Trend Micro) Many devices such as cameras, printers, and routers use UPnP to make it easy for them to automatically discover and vet other devices on a local network and communicate with each other for data sharing or media streaming. UPnP works with network protocols to configure communications in the network. But with its convenience comes security holes that range from attackers gaining control of devices to bypassing firewall protections. We looked into UPnP-related events in home networks and found that many users still have UPnP enabled in their devices.

Fake HSBC payment details delivers Agent Tesla (My Online Security) A compromised site we saw yesterday delivering Hawkeye keylogger /Infostealer is being used today in an Agent Tesla campaign. I am not 100% positive it is the same bad actors involved but the…

All Intel chips open to new Spoiler non-Spectre attack: Don't expect a quick fix (ZDNet) Researchers say Intel won't be able to use a software mitigation to fully address the problem Spoiler exploits.

SPOILER alert, literally: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability (Register) 'Leakage ... is visible in all Intel generations starting from first-gen Core CPUs'

Exposed Docker hosts can be exploited for cryptojacking attacks (ZDNet) A lack of trusted source security controls is leaving countless containers open to attack.

Iran-Linked Hackers Use Python-Based Backdoor in Recent Attacks (SecurityWeek) The Iran-linked Chafer threat group has used a new Python-based backdoor in November 2018 attacks targeting a Turkish government entity.

CryptoMix Clop Ransomware Says It's Targeting Networks, Not Computers (BleepingComputer) A new CryptoMix Ransomware variant has been discovered that appends the .CLOP or .CIOP extension to encrypted files. Of particular interest, is that this variant is now indicating that the attackers are targeting entire networks rather than individual computers.

All the ways Facebook hoovers up your information without letting you say no (The Telegraph) Sometimes it seems like Facebook just can't help itself.

Scammers Are Spoofing DHS Phone Numbers to Get Your Personal Info ( Recipients also are being pressured for money to avoid arrest.

Microsoft Security reports a massive increase in malicious phishing scams (Digital Trends) Microsoft’s Security team analyzes more than 6.5 trillion security signals a day to identify trends that could affect the digital landscape that we all live in.

IDenticard PremiSys (Update A) (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 8.8ATTENTION: Exploitable remotely/low skill level to exploit/vulnerability details have been publicly disclosedVendor: IDenticardEquipment: PremiSysVulnerabilities: Use of Hard-coded Credentials, Use of Hard-coded Password, Inadequate Encryption Strength2.

Rockwell Automation RSLinx Classic (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 10.0ATTENTION: Exploitable remotely/low skill level to exploitVendor: Rockwell AutomationEquipment: RSLinx ClassicVulnerability: Stack-based Buffer Overflow2. RISK EVALUATIONSuccessful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the target device.

IoT automation platforms open smart buildings to new threats (Help Net Security) IoT automation platforms in smart buildings are presenting attackers with new opportunities for both physical and data compromise.

Companies are flying blind on cybersecurity (Naked Security) IT managers are flying blind in the battle to protect their companies from cyber attacks, according to a new Sophos survey.

Phishing alert: One in 61 emails in your inbox now contains a malicious link (ZDNet) Be careful when you click. That email might not be as innocent as it looks.

Exposed IoT Automation Servers and Cybercrime (Trend Micro) In our latest research we tested possible threat scenarios against complex IoT environments such as in smart homes and smart buildings. A significant part of it also involved a look into exposed automation platforms or servers.

CMS hackers focus on WordPress (SC Media) WordPress continued to be the most attacked content management system (CMS) attracting an even higher percentage of CMS centered cyberattacks in 2018

Medical Center Data Leak May Have Exposed 45K Patients (Government Technology) A file shared by an employee with one of Chicago Rush Medical Center’s billing processing vendors may have exposed the personal information of thousands of patients. The incident happened in May 2018.

Shared Code Creates Opportunity for Hackers, Expert Warns (Government Technology) Some app developers may not be malicious, just careless. But that's an important distinction when a federal employee uses a smartphone to access sensitive information.

Experian: More Than a Third of Companies are Unprepared to Respond to a Data Breach (OODA Loop) New research by Experian shows that companies are still falling short when it comes to cyber security disaster preparedness. The study found that just over one-third of business executives (36%) believes their organization is ready

How malware traverses your network without you knowing about it (Help Net Security) A report has been released which reveals the command-and-control and lateral activities of three highest-volume malware, Emotet, LokiBot, and TrickBot.

No More Stickups, Bank Heists Have Gone Cyber (Infosecurity Magazine) Banking Trojans lead to sleepless nights for CISO, says report.

Security Patches, Mitigations, and Software Updates

Update now! Critical Adobe ColdFusion flaw now being exploited (Naked Security) Adobe has issued an urgent patch for a critical flaw in the ColdFusion web development platform it says is being exploited in the wild.

BSides SF 2019: Remote-Root Bug in Logitech Harmony Hub Patched and Explained (Threatpost) Users of Logitech’s Harmony Hub get long-awaited answers about the critical bugs that left their home networks wide open to attack.

Security Researcher Changes Mind over Apple Bug (Infosecurity Magazine) Apple got access to information on a critical bug for nothing. Is that fair?

What is Mimikatz? And how to defend against this password stealing tool (CSO Online) Mimikatz is a leading post-exploitation tool that dumps passwords from memory, as well as hashes, PINs and Kerberos tickets.

Cyber Trends

Government to British business: Not enough being done to improve cyber security awareness (Computing) 84 per cent of the boards of UK's biggest companies don't fully understand the impact of a cyber-attack on their businesses,Security ,FTSE 350 companies,Cyber Governance Health Check,National Cyber Security Strategy,Margot James,Security

4iQ 2019 Identity Breach Report Discovers the Long Tail of Small Breaches, Data Shows 424 Percent Increase in New Breaches in 2018 (PR Newswire) 4iQ, a leader in Identity Intelligence, today released the 4iQ 2019 Identity Breach Report, The Changing...

Mobile Theft & Loss Report 2018 (Prey Anti theft: Track & find your stolen phones, laptops & tablets) Know theft from the inside with Prey's latest statistics on mobile device theft and loss.

How Large Enterprises are Securing the Cloud [Q&A with Richard Stiennon, author of Secure Cloud Transformation] (Bricata) In his new book, Secure Cloud Transformation, cybersecurity industry analyst Richard Stiennon details how CTOs and CISOs are securely moving to cloud.

SOCs shift to threat detection and response: Gartner (ZDNet) Security operations centers are shifting focus in response to today’s numerous and complex threat alerts.

Survey: Cybersecurity Threats from Careless Insiders and Foreign Governments Reach All-Time Highs ( A survey suggests risks have risen substantially over the last five years, but cyber professionals still feel agencies are doing a good job in IT security.

Cyberattack planning is still depressingly poor, even in big businesses (ZDNet) Most companies have a strategy, but fewer have the funds or detailed plans to back it up.

Users are too confident in their protection from threats (Help Net Security) Most users take some steps to protect their data, but some protection measures are too difficult and burdensome to implement.

Key 2019 cybersecurity industry trends (Help Net Security) Momentum Cyber revealed the most significant trends that will drive strategic activity in the cybersecurity industry in 2019.


Huawei, your way, whichever way. We're cool with being locked out, defiant biz insists (Register) Plus: Reagan's model doesn't apply today, says US CSO

Electronic Security Association and Security Industry Association Announce Coordination on Workforce Development Strategies (Security Industry Association) ESA and SIA will identify key areas of collaboration on new member resources to help members address workforce shortages.

RackTop Systems Secures $15 Million in Series A Funding to Accelerate the Growth of Its CyberConverged Data Storage and Security Platform (Business Wire) RackTop Systems, the pioneer of CyberConvergedTM data security, a new market that fuses data storage with advanced security and compliance into a sing

Hide yo' kids, hide yo' clouds: Zerodium offering big bucks for cloud zero-days (ZDNet) Exploit vendor offers up to $500,000 for zero-days in cloud virtualization software like Hyper-V and vSphere.

Products, Services, and Solutions

Keeper Security Wins Double Honors for its Password Management Leadership (PR Newswire) CHICAGO, March 5, 2019 /PRNewswire/ -- Keeper Security, Inc., (RSA Conference, South Expo Hall, #1366) which offers leading zero-knowledge, cybersecurity...

Gemalto Expands Cloud HSM On Demand Solutions (Financial Post) SafeNet Data Protection On Demand cloud platform now offers HSM On Demand to secure CyberArk Privileged Access Management, Oracle Transparent Data Encryption, and Hyperledger Blockchain Transaction…

Webroot Threat Intelligence to Deliver (Webroot) Webroot Delivers Integrated Security Awareness Training. How are you training your weakest links?

Cytegic and Phoenix Insurance Partner for Cyber Risk Underwriting (Business Wire) Cytegic Inc. and The Phoenix Insurance Company LTD today announced a partnership leveraging Cytegic’s platform to automate cyber insurance risk analys

High-Tech Bridge partners with Fortinet to accelerate DevSecOps and CI/CD for web applications (High-Tech Bridge) Joint solution enables seamless vulnerability detection, prioritization and agile virtual patching for web applications, web services and APIs...

NetGovern selects Clearswift SECURE as its next generation Email Security Gateway Technology. Strategic Partnership Will Offer Key Enhancements for DLP, Redaction & Email Encryption (PR Newswire) NetGovern (https://www.netgovern[.]com) recently made a strategic decision to focus its efforts on...

LogRhythm Introduces Solution to Address Advanced Network-Borne Threats (Business Wire) LogRhythm NDR is a new automated network security solution for detecting, qualifying, investigating and responding to advanced network-borne threats.

Basil Security Unveils Policy-as-Code Platform for Cybersecurity and Audits (Business Wire) Basil Security unveils policy-as-code platform with distributed, stateful policy enforcement for development, security and operations (DevSecOps)

vArmour Fortifies Security and Compliance for Microsoft Azure Environments (vArmour) vArmour is the industry’s first distributed security system that provides application-aware microsegmentation. vArmour microsegments each application by wrapping protection around every workload - increasing visibility, security, and operational efficiency.

VMware aims for security market, launches service defined firewall (ZDNet) VMware is taking its visibility into infrastructure, applications and cloud and applying it to the firewall market.

ThreatConnect Releases New Pricing and Packaging of its Intelligence-Driven Security Operations Platform (ThreatConnect) ThreatConnect Inc.® is proud to announce its new product packaging designed to bring value to all members of the security team.

vArmour Teams with VMware to Deliver Continuous Compliance and Enhanced Security for Hybrid Cloud Environments (vArmour) vArmour is the industry’s first distributed security system that provides application-aware microsegmentation. vArmour microsegments each application by wrapping protection around every workload - increasing visibility, security, and operational efficiency.

IBM X-Force Red launches blockchain security service (ZDNet) The new service has been established in response to the enterprise’s blockchain experiments.

Sheepl 2.0: Automating People for Red and Blue Tradecraft (Trustwave) When I first released Sheepl 0.1 in September 2018 as part of a talk, I wanted to showcase a different approach to user emulation, and the initial idea was well received. Security and IT professionals could see the potential and.....

Technologies, Techniques, and Standards

Why Smaller Businesses Need Comprehensive Security (BankInfoSecurity) Security incidents often result in damage, regardless of an organization's size. But for small and midsize firms, which often lack robust security defenses, the

Singapore now able to certify products under global cybersecurity standard (ZDNet) Now a Certificate Authorising Nation for the Common Criteria, Singapore is one of 18 countries that can assess and certify cybersecurity products under the technical standard, which it says will enable local developers to attain the certification more quickly and at a lower cost.

Singapore government conducts second HackerOne bug bounty program (CISO Magazine) During the three-week hacking challenge, more than 400 hackers globally were invited to look for security weaknesses in the Singapore Government’s digital assets. Hackers won $11,750 in exchange for reporting 26 valid security weaknesses to GovTech so they could be safely fixed.

The Common Security Pitfalls of Network Modernization (Infosecurity Magazine) What are the most common security pitfalls that can put SD-WAN deployments at risk?

Design and Innovation

How Amazon's Algorithms Curated a Dystopian Bookstore (WIRED) How gameable recommendation systems mislead customers about health information.

Research and Development

Whoever Predicts the Future Will Win the AI Arms Race (Foreign Policy) China, Russia, and the United States are approaching the long-term strategic potential of artificial intelligence very differently. The country that gets it right will reap…

Legislation, Policy, and Regulation

Pelosi says Democrats to introduce bill to bring back net neutrality this week (TheHill) Speaker Nancy Pelosi (D-Calif.) announced Monday that Democrats will introduce a net neutrality bill to replace the open internet rules that were repealed in 2017.

Putin Wants His Own Internet (Bloomberg) A new law would create a single command post from which authorities can manage—and halt—information flows across Russian cyberspace.

France unveils plan to tax internet giants revenue (AP NEWS) The French government unveiled plans Wednesday to slap a 3 percent tax on the French revenues of internet giants like Google, Amazon and Facebook. The bill outlines how digital...

Google reportedly plans to ban political ads before Canada election (Business Insider) Alphabet Inc's Google is planning to ban political advertising on its platform before the Canadian federal election.

China’s “democracy” includes mandatory apps, mass chat surveillance (Ars Technica) Researcher discovers servers in China collecting data on 364 million social media profiles daily.

Huawei calls for common cybersecurity standards amidst concerns (iTnews) Urges for governments, telco industry and regulators consensus.

Disputed N.S.A. Phone Program Is Shut Down, Aide Says (NYTimes) A disclosure about a troubled surveillance program could upend a pending battle in Congress over security and privacy.

White House Establishes National Quantum Coordination Office ( The new office will help coordinate quantum efforts across the government and private sector.

States Need Way More Money to Fix Crumbling Voting Machines (WIRED) “We are driving the same car in 2019 that we were driving in 2004, and the maintenance costs are mounting,” one South Carolina election official told researchers.

Litigation, Investigation, and Law Enforcement

House Probes Cambridge Analytica on Russia and WikiLeaks (WIRED) The Democrats’ sweeping new investigation into President Trump includes the now defunct consulting firm better known for misusing the Facebook data of tens of millions of Americans.

House Probes Cambridge Analytica on Russia and WikiLeaks (WIRED) The Democrats’ sweeping new investigation into President Trump includes the now defunct consulting firm better known for misusing the Facebook data of tens of millions of Americans.

Canada allows extradition case against Huawei exec Meng Wanzhou to proceed (The Japan Times) Canada said Friday it will allow the U.S. extradition case against Chinese Huawei executive Meng Wanzhou to proceed. Canadian Department of Justice officia

Qualcomm Cites National Security Risk in Bid to Settle FTC Case (Wall Street Journal) Qualcomm is contending that national security could be undermined by a Federal Trade Commission case challenging its patent-royalty fees for smartphones—and it is getting an assist from some federal officials.

7 Scenarios for How the Mueller Probe Might 'Wrap Up' (WIRED) Reports say that the special counsel will be "wrapping up" his investigation soon. Here's what that might actually mean.

Japanese police charge 13-year-old for sharing 'unclosable popup' prank online (ZDNet) Police also searched the home of a 47-year-old man and are also investigating three other suspects.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

INSA Spring Symposium: Managing the Evolving Cyber Landscape (Arlington, Virginia, USA, April 18, 2019) Join INSA on Tuesday, April 16 for our annual Spring Symposium. The 2019 theme, Managing the Evolving Cyber Landscape, focuses on the need for a strong, secure digital infrastructure. Hear from senior...

Upcoming Events

National Cyber League Spring Season (Various, February 25 - March 24, 2019) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...

RSA 2019 (San Francisco, California, USA, March 4 - 8, 2019) This year’s theme is, to put it simply, Better. Which means working hard to find better solutions. Making better connections with peers from around the world. And keeping the digital world safe so everyone...

U.S. Commercial Service at RSAC2019 (San Francisco, California, USA, March 4 - 8, 2019) In partnership with RSA Conference 2019, we at the U.S. Department of Commerce are excited to offer U.S. exhibitors at RSAC 2019 services to assist in entering or increasing their presence in international...

FAIR Institute Breakfast Meeting during the 2019 RSA Conference (San Francisco, California, USA, March 6, 2019) Join us and fellow cyber risk executives to learn from other industry leaders about their experiences: Marta Palanques, Director, Enterprise Risk Management and Steve Reznik, Director, Operational Risk...

Zero Day Con (Dublin, Ireland, March 7, 2019) On March 7 2019, Zero Day Con will bring together leading technology firms, industry experts and government officials that will share insights for cybersecurity professionals grappling with the rise of...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.