skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

Two Russian APT groups are targeting European NATO member states with ongoing cyberespionage campaigns ahead of the EU parliamentary elections in May, CNBC reports. Researchers at FireEye observed both large-scale and highly-targeted phishing operations launched by Sandworm and APT28 against European government institutions, with the goal of stealing credentials. The two groups use different tools and techniques, but their efforts seem to be coordinated. They’re believed to have three primary objectives: stealing information and credentials for use in future attacks, gathering intelligence to give Russia a diplomatic advantage, and collecting information to assist in disinformation operations.

The FIN7 cybercrime group is still active, despite the arrests of several of its members last year. Flashpoint says the group is using two new strains of malware, which researchers have dubbed "SQLRat" and "DNSbot." The criminals are also using a new attack panel called "Astra," which acts as a script-management system for compromised computers.

A Lithuanian man pleaded guilty yesterday to scamming Facebook and Google out of $123 million over the course of three years, according to ZDNet. The man registered a company in Latvia that shared a name with a legitimate computer hardware manufacturer. He then used a variety of fraudulent invoices and contracts to trick Facebook and Google employees into wiring him millions of dollars at a time. Facebook is said to have lost $100 million from the scams, while Google lost $23 million.

Semmle discovered a now-patched critical denial-of-service vulnerability in Fizz, Facebook’s open-source implementation of the TLS 1.3 protocol.


Today's issue includes events affecting Canada, China, European Union, Germany, Latvia, Lithuania, Iran, Israel, New Zealand, Russia, Saudi Arabia, Singapore, United States.

Getting your head in the cloud is down-to-earth.

"Cloud computing” is fast becoming simply “computing.” Enterprises need cloud-style quality of service across their hybrid information and technology environments. Visit Coalfire and download the latest Gartner Report, “Predicts 2019: Increasing Reliance on Cloud Computing Transforms IT and Business Practices,” for insight into how cloud computing has grown from a delivery option to an all-encompassing strategy. Learn how businesses leverage the cloud for efficiency and innovation. Visit and download your copy today.

In today's podcast, out later this afternoon, we speak with our partners at the University of Maryland Center for Health and Homeland Security, as Ben Yelin discusses the rumors of NSA shutting down the Section 215 program. Our guest, Jadee Hanson from Code42, talks about insider threats.

And Hacking Humans is up. In this week's episode, "Kids are a great target," a listener recommends an online tool for safely previewing web sites. Dave shares research on what time of the work week is best for scams. Joe explains credential stuffing. Our guest is Frances Dewing, the CEO and co-founder of Rubica. They recently published a report on how crooks are accessing parents’ mobile devices via apps their kids load.

Cyber Security Summits: April 2nd in Denver and in Philadelphia on April 25th (Denver, Colorado, United States, April 2 - 25, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, U.S. Secret Service, Dell, Oracle, Darktrace, Verizon and more. Passes are limited, secure yours today:

Global Cyber Innovation Summit (Baltimore, Maryland, United States, May 1 - 2, 2019) This unique, invitation-only forum brings together a preeminent group of leading Global 2000 CISO executives, cyber technology innovators, policy thought leaders, and members of the cyber investment community to catalyze the industry into creating more effective cyber defenses. Request an invitation today.

Cyber Attacks, Threats, and Vulnerabilities

OceanLotus adopts public exploit code to abuse Microsoft Office software (ZDNet) APT32 is using a public exploit to abuse Office and compromise targeted systems.

Doomed Boeing Jets Lacked 2 Safety Features That Company Sold Only as Extras (NYTimes) Airlines had to pay more for two optional upgrades that could warn pilots about sensor malfunctions. Boeing now plans to make one of the features standard.

MyPillow, AmeriSleep websites were hit with hacks stealing credit card data (CNET) It’s a bed breach and beyond.

EU leaders to warn of cyber, fake news threat to May elections (Reuters) European Union leaders will sound the alarm this week over the threat of EU elec...

Cyberattacks: Europe gets ready to face crippling online assaults (ZDNet) Massive cyberattacks with real-world consequences are no longer unthinkable. Time to get prepared, says Europe.

Cyber Threats Are Emerging Faster Than DHS Can Address Them, Secretary Says ( The agency needs industry to help it “innovate while under attack,” according to Kirstjen Nielsen.

Cyber-espionage warning: Russian hacking groups step up attacks ahead of European elections (ZDNet) Researchers at FireEye say Kremlin-backed hacking operations are attempting to target governments, media and political parties as elections approach.

Russian hackers are targeting European governments ahead of May election, cybersecurity firm says (CNBC) The findings are likely to fuel worries over the possibility that Russia may influence upcoming EU elections.

Immortal information stealer (Zscaler) Zscaler security research team came across new information-stealer malware called "Immortal" which is written in .NET and designed to steal sensitive information. In this blog, we provide an analysis of the data Immortal steals from browsers, the files it steals and what it does with the stolen data.

Researchers fret over Netflix interactive TV traffic snooping (Naked Security) No sooner has Netflix made an interactive TV show than people are already pulling apart its privacy implications.

Netanyahu says Iran has 'sensitive information' on rival, Tehran... (Reuters) Israeli Prime Minister Benjamin Netanyahu alleged on Wednesday that Iran could b...

Semmle Discovers Denial of Service (DoS) Vulnerability in Facebook Fizz (Semmle) Semmle announced today that it has found a critical denial of service (DoS) vulnerability in the Fizz project, ­Facebook’s open source implementation of the transport layer security (TLS) protocol.

Group-IB: hackers hit hard SEA and Singapore in 2018 (OODA Loop) Group-IB has released a new study that analyzes cybercrime activity in Southeast Asia, which the company describes as "one of the most actively attacked regions in the world." Last year, a total of 21 state-backed

Researchers Use UPnP Protocol to Unmask IPv6 Address (SecurityWeek) Security researchers were able to leverage properties of the Universal Plug and Play (UPnP) protocol to unmask the IPv6 address of specific IPv4 hosts.

Years-Long Phishing Campaign Targets Saudi Gov Agencies (Threatpost) The campaign, codenamed “Bad Tidings,” has sought out victims’ credentials with clever fake landing pages pretending to be the Saudi Arabian Ministry of Interior’s e-Service portal.

An Android Vulnerability Went Unfixed for Over Five Years (WIRED) Older Android devices—of which there are over 100 million still in use—will remain exposed.

Are you the weakest link in your own cybersecurity? Don’t take a quiz to find out. (Lexington Herald Leader) Social engineering lets cyber attacks use your own nature against you. Take a breath if you get a demand for info or money right now.

Man steals stingray, threatens to leak nudes (SC Media) In a twisted tale of cyberbullying and the theft, a man in Singapore was jailed after stealing a stingray and later threatening to leak his ex-girlfriends nude photos.

Rutland Regional Medical Center, Zoll reveal data breaches (SC Media) Two healthcare organizations suffered data breaches due to their email service resulting in more than 72,000 records being exposed.

Trickbot via fake Efax message using Squiblydoo, Active X, macro and abusing pastebin (My Online Security) We are seeing massive changes with the Trickbot delivery campaign overnight. I have only seen 1 mention on Twitter about this campaign and 1 on a private malware research mailing list, so it can’t be…

Hackers Exploit Urgency, Personalization in Phishing Attacks (HealthITSecurity) Barrcuda research finds that 70 percent of phishing emails attempt to establish rapport or a sense of urgency with victims, with more than a third of attacks using the subject line "Request."

Global threat group Fin7 returns with new SQLRat malware (ZDNet) Previously unseen malware and a new admin panel have been tied to the notorious group.

FIN7 Revisited: Inside Astra Panel and SQLRat Malware (Flashpoint) Despite the arrests of three prominent members of the FIN7 cybercrime gang beginning in January 2018, attacks targeting businesses and customer payment card information did not cease.

Could OpenAI's 'too dangerous to release' language model be used to mimic you online? Yes, says this chap: I built a bot to prove it (Register) Facebook convos used to train chat dopey doppelganger

1,600 Hotel Guests Secretly Live Streamed to 4,000+ Subscribers (BleepingComputer) Four individuals from South Korea were detained for secretly recording, live streaming, and selling spycam videos of 1600 motel guests between November 24 and March 2, with two of them being arrested and facing a maximum of five years in jail.

Google Photos Bug Exposed the Location & Time of Your Pictures (BleepingComputer) A vulnerability in the web version of Google Photos allowed websites to learn a user's location history based on the images they stored in the account.

Trump Is Right About Huawei (Slate Magazine) Unfortunately, no one will take him seriously.

Security Patches, Mitigations, and Software Updates

'Critical' Denial-of-Service Bug Patched in Facebook Fizz (Dark Reading) Researchers report a now-patched DoS vulnerability in Facebook Fizz, its open source implementation of the TLS protocol.

Mozilla's latest Firefox releases fix 22 vulnerabilities (SC Media) The Mozilla Foundation yesterday issued version 66 of Firefox and 60.6 of Firefox ESR, patching 22 vulnerabilities between them, five of them critical.

11 security patches released inCUJO Smart Firewall platform (SC Media) Cisco Talos researchers discovered 11 vulnerabilities in the CUJO Smart Firewall platform.

KB4493132 Update Notifies Windows 7 Users of End of Support Date (BleepingComputer) A new Windows 7 update called KB4493132 has been released and is used to display notifications that remind users that Windows 7 will reach its end of life starting on January 14th, 2020. These notifications contain a link that goes to a Microsoft page suggesting that users upgrade to Windows 10.

Cyber Trends

Trends in regulation, sector by sector. (The CyberWire) Iliana Peters, the former acting deputy director for health privacy at the Office for Civil Rights (OCR), agreed with Dr. Schneck’s point, made earlier in the day, that compliance doesn’t constitute security, but she believes that “nimble” regulations can be very useful.

The future of cyber in a pervasively connected world. (The CyberWire) John Forte, the Deputy Executive for Johns Hopkins University Applied Physics Laboratory’s Homeland Protection Mission Area, said that the role of the CISO will have to evolve in order to address the changing landscape of increasingly interconnected devices. He points to transportation, healthcare, buildings and cities, education, public safety as examples of sectors that are growing increasingly automated.


Canada’s cybersecurity firms keep turning to the U.S. for funding, leaving us without a homegrown leader (Financial Post) Innovation Nation: Securing funding here is challenging, so executives end up looking outward, which could leave Canada vulnerable in a cyber attack

Despite U.S. Pressure, Germany Refuses To Exclude Huawei's 5G Technology (NPR) The U.S. says it may stop sharing intelligence with Germany if it adopts Chinese firm Huawei's 5G technology. But the threats haven't swayed Germany, which says it can set its own security standards.

Forcepoint to Expand Cybersecurity and Cross Domain Technology Support with the FBI (PR Newswire) Global cybersecurity leader Forcepoint today announced the award of a 5-year Blanket Purchase Agreement (BPA) with the Federal Bureau of Investigation (FBI) which will greatly streamline acquisition and delivery of new Cybersecurity and Cross Domain Solutions capabilities.

The Battle for Cybersecurity Talent Must Include Retention Emphasis (Infosecurity Magazine) As companies compete over valuable cybersecurity professionals, retention becomes difficult

AT&T CEO says China's Huawei hinders carriers from shifting suppliers for 5G (Reuters) AT&T Inc Chief Executive Randall Stephenson said Wednesday that China’s Huawei Technologies Co Ltd is making it very difficult for European carriers to drop the company from its supply chain for next-generation 5G wireless service.

Google bans VPN ads in China (ZDNet) Google cites "local legal restrictions" as the cause for its Chinese VPN ads ban.

Nationally Recognized Global Privacy and Cybersecurity Partner Kristen (Virtual-Strategy Magazine) Morrison & Foerster, a leading global law firm, is pleased to announce that Kristen Mathews has joined the firm in the New York office as a partner.

Products, Services, and Solutions

GDPR PII exposure can now be securely reported via Open Bug Bounty (OpenBugBounty Blog) Open Bug Bounty community is growing: we have over 400 [fee free] bug bounty programs running now, and over 300,000 fixed security vulnerabilities. To facilitate further sustainable growth and to help website owners spot accidental exposure of personal data (PII) on their websites in a timely manner, we implemented a new type of non-intrusive submission – GDPR PII Exposure.

Microsoft Defender comes to the Mac (TechCrunch) Microsoft today announced that it is bringing its Microsoft Defender Advanced Threat Protection (ATP) to the Mac. Previously, this was a Windows solution for protecting the machines of Microsoft 365 subscribers and assets the IT admins that try to keep them safe. It was also previously called Windo…

New Kaspersky Endpoint Security provides better and automatic anomaly detection (Tempo) Kaspersky Lab has unveiled the next generation of its endpoint protection with new Kaspersky Endpoint Security for Business.

HP unveils AI-powered malware blocker Sure Sense (CRN Australia) As vendor expands scope of security software.

eCurrency Chooses nCipher to Accelerate Its Central Bank Digital Currency (CBDC) Solution (Business Wire) nCipher Security, the provider of trust, integrity and control for business critical information and applications, announces eCurrency is using nCiphe

Don't get the pitchforks yet, Apple devs: macOS third-party application clampdown probably not as bad as rumored (Register) The v10.15 will bring tighter security, the escape hatch should remain open for now

Flashpoint Introduces Innovative Approach for Use Case-Driven Intelligencee (Flashpoint) Flashpoint introduces a new use-case driven approach to our packaged solutions that allows organizations to more effectively consume and automate threat intelligence. These offereings support traditional cybersecurity and operations use cases, as well as fraud, insider threat, corporate security, and third-party risk.

Technologies, Techniques, and Standards

NIST pushes new encryption protocols for quantum, connected devices (FCW) The National Institute of Standards and Technology is inching closer to developing two new encryption standards to protect the federal government from new and emerging cybersecurity threats.

Toward a Framework for Misinformation Campaigns (Decipher) Researchers are developing a framework to analyze and describe misinformation campaigns, similar to the MITRE ATT&CK framework.

How to audit Windows Task Scheduler for cyber-attack activity (CSO Online) Two recently discovered Windows zero-day attacks underscore the importance of monitoring for unauthorized tasks.

Building a cybersecurity program with the NIST Cybersecurity Framework and CIS 20 Critical Security Controls. (The CyberWire) Many organizations lack a cybersecurity framework or standards to follow. Their security strategies are often outdated, if they have a strategy at all. They also struggle with due diligence programs for third-party vendors.

AT&T, Comcast successfully test SHAKEN/STIR protocol for fighting robocalls (ZDNet) AT&T and Comcast successfully test first SHAKEN/STIR-authenticated call between two different networks.

Research and Development

Monash Uni claims reputation-based blockchain capable of defending itself (ZDNet) The miner has their 'reputation' lowered to prevent malicious activity, the university says.

Legislation, Policy, and Regulation

How the White House just boosted America’s AI focus (Federal Times) The Trump administration is highlighting artificial intelligence as a top priority for government innovation efforts.

Here’s how DoD will invest in the cyber mission (Fifth Domain) Budget documents reveal plans for cyberwarrior training and operations platforms.

The Air Force wants to start a new $35M offensive cyber program (Fifth Domain) The project will support the Air Force's portion of Cyber Command's cyber teams.

Deputy first minister flags up importance of Scottish cyber resilience ( Scottish deputy first minister John Swinney says the threat of a category one cyberattack is one of the few things capable of keeping him awake at night. Swinney, who has responsibility for Scotland’s cybersecurity, has good reason to be worried, with the head of the UK’s National Cyber Security Centre warning that a major cyberattack on the UK is almost inevitable.

The case for cyber regulation. (The CyberWire) Bob Anderson, former FBI Executive Assistant Director of the Criminal, Cyber, Response, and Services Branch, focused on the issue of encryption, explaining that the government needs to partner with the private sector to enforce the law while still ensuring the safety of citizens’ data.

The regulatory playing field. (The CyberWire) Dr. Phyllis Schneck, Managing Director of the Global Cyber Solutions practice at Promontory Financial Group, said that businesses need to focus on operational resilience rather than making compliance their only goal. “Compliance with regulation is not security,” Schneck said. While regulations can be a good start, they usually aren’t enough.

Russia doubles down on censorship with new 'fake news' and 'internet insults' law (Private Internet Access Blog) The Russian government has passed a new censorship law that allows it to target individuals and websites for such nondescript crimes as spreading “fake news” and “disrespecting” state symbols of figures – including Vladimir Putin. Specifically, Russia will be able to punish any person or site that “exhibits blatant disrespect for the society, government, official …

Nation-States Have Right to Hack Back, Survey Says (Infosecurity Magazine) Security professionals believe we are in the middle of cyber-war, according to Venafi survey.

Allowing Companies to Hack Back: Good Security or Vigilante Justice? (Information Technology & Innovation Foundation) Please join ITIF for a panel discussion on the viability and consequences of authorizing companies to “hack back” by allowing them to monitor attackers, disrupt ongoing attacks, and destroy stolen data.

Medical Device Risk Extends to Network, Apps, CHIME tells FDA (HealthITSecurity) CHIME tells the FDA that it should expand its definition of medical devices to include its full risk, such as the network, firewalls, apps, and other parts of the health IT ecosystem.

Inside GAO’s Plan to Make Congress More Tech-Savvy ( The new Science and Technology Assessment and Analytics group aims to prep lawmakers for big decisions on artificial intelligence, privacy and 5G.

Our Skyborg (actual US govt program) will be just like IBM Watson, beams Air Force bod (Register) No joke, that's what they've genuinely named a 'fighter-like' military drone project

Tech Giants Will Brief Lawmakers on the Spread of Terrorist Content Online ( Facebook, YouTube, Twitter and Microsoft will be asked about how the New Zealand shooter’s video spread so quickly.

How Is the EU’s Data Privacy Regulation Doing So Far? (Slate Magazine) It’s been almost a year since the GDPR went into effect. It’s been very successful in one regard, but largely failed in another.

White House Launches ( All of the federal government’s initiatives and resources around artificial intelligence can be accessed under one top-level domain.

Litigation, Investigation, and Law Enforcement

Cyber Crime Competes Against the Good Guys for Talent (TechNative) Cyber crime continues to stay one step ahead of cyber security practitioners, which has continued to give criminals the advantage in cyberspace.

She seemed like a normal Web-savvy teen. She was actually waging ‘e-jihad’ with ISIS hackers. (Washington Post) A recently filed criminal indictment offers a surprising snapshot of the Islamic State’s online “e-jihad” operation.

The Cybersecurity 202: Michael Cohen investigators relied on controversial cell-tracking device (Washington Post) The devices called Stingrays can collect information from any phone in a broad area.

FBI Sought to Use Michael Cohen’s Fingerprints and Face to Unlock Apple Devices (Slate Magazine) We’ve reached the biometrics stage of the Cohen case.

Neo-Nazis Bet Big on Bitcoin (And Lost) (Foreign Policy) How the far-right's failed cryptocurrency gamble became a bad joke for the Christchurch killer.

The Business of Organized Cybercrime: Rising Intergang Collaboration in 2018 (Security Intelligence) In 2018, IBM X-Force researchers observed organized cybercrime groups collaborating, rather than competing over turf or even attacking each other, for the first time.

UK regulator focuses on GDPR challenges faced by the adtech industry (cyber/data/privacy insights) On 6 March 2019, the UK data protection regulator, the Information Commissioner’s Office (ICO) convened an adtech fact-finding forum of industry stakeholders, aimed at developing its understanding …

FBI joining criminal investigation into certification of Boeing 737 MAX (The Seattle Times) The FBI is assisting a federal grand jury investigation, based in Washington, D.C., that is looking into the certification process that approved the safety of the new Boeing plane, two of which have crashed since October.

Lithuanian pleads guilty in U.S. to massive fraud against Google, Facebook (Reuters) A Lithuanian man on Wednesday pleaded guilty to U.S. charges that he helped orchestrate a scheme to defraud Facebook Inc and Alphabet Inc’s Google out of more than $100 million, federal prosecutors announced.

Lithuanian man pleads guilty to scamming Google and Facebook out of $123 million (ZDNet) Man posed as hardware vendor to trick Google and Facebook into sending payments to his bank accounts.

McAfee – the completely sane guy, not the biz – told to fork out $25m after 'torture, murder' of his Belize neighbor (Register) Good luck, says antivirus wildchild, I have no assets

New Zealand cops cuff alleged jackasses who shared mosque murder video, messages online (Register) Calls for global action against white nationalism and tech giants that spread its message

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

INTERPOL World 2019 (Singapore, July 2, 2019) INTERPOL World is a global co-creation opportunity which engages the public and private sectors in dialogue, and fosters collaboration to counter future security and policing challenges. INTERPOL World...

Upcoming Events

National Cyber League Spring Season (Various, February 25 - March 24, 2019) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...

The Future of Quantum Computing, Quantum Cryptography and Quantum Sensors (Boston, Massachussetts, USA, March 19 - 21, 2019) This must-attend summit offers comprehensive insights into the commercial future of all areas of quantum technology presenting the opportunities available today and future applications in business and...

OSSEC Open Source Security Conference (Herndon, Virginia, USA, March 20 - 21, 2019) With tens of thousands of global users, OSSEC is the world’s most widely used open source host-based intrusion detection system. Join this exclusive event on March 20-21, 2019 at the Dulles Hilton in Herndon,...

KNOW 2019 (Las Vegas, Nevada, USA, March 24 - 27, 2019) The Future of Trust starts at KNOW 2019, the definitive event focused on the data economy. From Facebook and Equifax to GDPR, identity data is at the forefront of cybersecurity and regulation. KNOW is...

Cyber Security for Critical Assets Summit (Houston, Texas, USA, March 26 - 28, 2019) The Cyber Security for Critical Assets Summit unites 250+ senior IT & OT security professionals to elucidate the most advanced cybersecurity information, debate policies and guidelines, and collaborate...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.