skip navigation

More signal. Less noise.

What if your security strategy added zeros to your bottom line?

Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.

Daily briefing.

Cyber 9/12

We were able to spend last Thursday and Friday in Crystal City, Virginia, observing the Atlantic Council's Cyber 9/12 Strategy Challenge. This competition, which the Atlantic Council organized in partnership with Lockheed Martin, challenged teams of students to develop policy response recommendations for the US President. The scenario, a tabletop exercise with well-crafted ancillary material, presented the competing teams with an evolving situation designed to capture much of the ambiguity crises carry. Congratulations to the two winning teams and their coaches: NDU Team 3 of the US National Defense University won the Professional track, and the US Air Force Academy's team Delongrand took top honors in the Student track. And congratulations to the other participants as well. The ones we observed represented themselves and their home institutions with credit.

The exercise was for the most part conducted under Chatham House rules, and we'll honor the conventions of non-attribution by confining ourselves to general observations. It was striking how difficult the teams found it to acknowledge, and work under, conditions of uncertainty. The exercise materials intentionally left a great deal in doubt, and most of the teams tended in their recommendations to be more confident in their understanding of the evolving situation than the evidence warranted. The teams also tended to perceive connections among disparate events where in fact no such connection existed, and where nothing beyond. Simple correlation, similarity, coincidence, and so forth led many to conclude that the scenario painted a picture of a large-scale coordinated cyber attack by a hostile nation-state. One of the harder lessons to learn is skepticism about our tendency as humans to perceive noise as signal.

In the presentations themselves, some of the teams drifted away from considering their audience. A decision briefing is prepared for a particular decision-maker, and it's goal is to inform the decision, not to display the briefers' command of their material.

One other lesson was drawn by a student we had occasion to speak with: policy is a lot harder and more complex than technical people tend to think it is.

So another interesting exercise by the Atlantic Council, and, again, a very good and intelligent effort by all who competed.

Special counsel Robert Mueller closed his probe of Russian election meddling with a report to the US Attorney General Friday. Sunday afternoon Reuters tweeted that Attorney General Barr reported to Congress that the investigation found no knowing collusion between the Trump campaign and Russian actors. WIRED has a round-up of the report and reactions to it. The Attorney General's letter to the Senate and House Judiciary Committees summarized the investigation into Russian influence operations. Those operations followed two broad directions of attack: trolling from Russia's Internet Research Agency, and attacks on Democratic Party networks. The special counsel declined to make a recommendation on obstruction of justice, where evidence is complicated and indistinct, and the Attorney General sees nothing to warrant charges.

ISIS and its caliphate officially no longer controls any territory, the Military Times and others note. Its leader remains at large, as does much of its money, and more ISIS activity may be expected online.

The LockerGoga ransomware that afflicted Norsk Hydro has hit two US chemical companies, Motherboard reports.

On Friday the US Federal Emergency Management Agency (FEMA) acknowledged improperly disclosing disaster victims' personally identifiable information to an unauthorized third-party.

Ransomware motivated by fandom flares in the fight for the top rank in YouTube. It's between T-Series and (of course) PewDiePie. According to HackRead, Mr. Pie's adherents have been distributing PewDiePie ransomware (regarded as a poor copy of ShellLocker) and, more recently and dangerously, pewCrypt, both with a view to forcing victims to subscribe to Mr. Pie's channel.

Notes.

Today's issue includes events affecting Australia, Canada, Chile, China, Colombia, European Union, Israel, Italy, Mexico, Russia, Saudi Arabia, Switzerland, Syria, United Arab Emirates, United Kingdom, United States, and Vietnam.

Global Threat Report: Year of the Next-Gen Cyberattack

Our Threat Analysis Unit researched the current state of cyberattacks across our customer base with our IR partners. See the results.

In today's podcast, out later this afternoon, we speak with our partners at Dragos, as Robert M. Lee discusses their recent purchase of Next Defense and the subsequent open-sourcing of their tools. Our guest, Rohit Sethi from Security Compass, reviews the PCI security framework.

Cyber Security Summits: April 2nd in Denver and in Philadelphia on April 25th (Denver, Colorado, United States, April 2 - 25, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, U.S. Secret Service, Dell, Oracle, Darktrace, Verizon and more. Passes are limited, secure yours today: www.CyberSummitUSA.com

Global Cyber Innovation Summit (Baltimore, Maryland, United States, May 1 - 2, 2019) This unique, invitation-only forum brings together a preeminent group of leading Global 2000 CISO executives, cyber technology innovators, policy thought leaders, and members of the cyber investment community to catalyze the industry into creating more effective cyber defenses. Request an invitation today.

Cyber Attacks, Threats, and Vulnerabilities

Caliphate falls but its ‘crocodile’ cells plot to maul the West (Times) Isis is plotting attacks in Europe as its “caliphate” collapses, according to a trove of the jihadists’ documents obtained by The Sunday Times. Although western-backed forces declared victory over...

DHS Warns Implanted Medical Devices Can Be Modified Wirelessly (Decipher) The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency warned in an advisory that cardio defibrillators from medical device company Medtronic can be modified while still implanted in patients. Without access control, the defibs can’t differentiate between authorized and unauthorized instructions.

Ransomware Forces Two Chemical Companies to Order ‘Hundreds of New Computers’ (Motherboard) It appears that LockerGoga, the same ransomware that hit aluminum manufacturing giant Norsk Hydro this week, also infected American chemicals companies Hexion and Momentive, leaving employees locked out of their computers.

'Unprecedented' data risk from health apps (BBC News) Data is being shared with companies, including Amazon and Google, a study of popular apps finds.

ISIS loses all territory, but its shadowy leader still at large (Military Times) The Islamic State group has lost all the territory it once controlled in Iraq and Syria, but its shadowy leader and self-proclaimed “caliph” is still at large.

All ISIS Has Left Is Money. Lots of It. (The Atlantic) Even without a physical state, the Islamic State can still fund its main product: political violence.

OceanLotus adopts public exploit code to abuse Microsoft Office software (ZDNet) APT32 is using a public exploit to abuse Office and compromise targeted systems.

APT32 ramps up targeting of global car companies (CyberScoop) Vietnamese hacking group APT32 has been targeting multinational automotive companies in an apparent bid to support the country’s domestic auto industry.

Norsk Hydro's Ransomware Headache (GovInfo Security) The latest edition of the ISMG Security Report discusses the recent ransomware attack on aluminum giant, Norsk Hydro. Plus, confessions of a former LulzSec and

Norsk Hydro Provides Update on Cyber Attack (Investing News Network) Norsk Hydro, one of the world's largest producers of aluminum, says that most production is running as normal.

Nor-Shipping: Norsk Hydro Cyberattack Shows Risk to Maritime Companies (The Maritime Executive) This weeks ransomware cyber attack on Norsk Hydro,one of the worlds largest aluminium producers, is...

Industry Reactions to Norsk Hydro Breach: Feedback Friday (SecurityWeek) Industry professionals comment on the Norsk Hydro ransomware attack and its implications.

Facebook password blunder may have exposed more than social media accounts (Verdict) Facebook password blunder could threaten security on other sites where users have used the same password, cybersecurity experts warn.

Hackers Target Retailers with Credential Abuse Attacks, says Akamai (Fast Mode) Credential abuse attacks, the preponderance of API-call traffic on the web and the apparent misrepresentation of IPv6-based traffic

Second flaw found in Swiss e-voting system (iTnews) NSW Electoral Commission satisfied iVote unaffected.

FEMA Leaked the Data of 2.3 Million Disaster Survivors (WIRED) The Homeland Security Department inspector general released a damning report about FEMA's inability to safeguard the personal info of the people it helped.

2 Million Emails of 350K+ Clients Possibly Exposed in Oregon DHS Data Breach (BleepingComputer) The Oregon Department of Human Services (DHS) announced that roughly 2 million emails with Protected Health Information from more than 350,000 customers have been potentially exposed after 9 employee mailboxes were compromised in a spear phishing attack.

Safari Zero-Day Exploit Can Takeover A Mac Computer Entirely (Ubergizmo) Safari is Apple’s default browser that comes bundled with their iOS and macOS devices. It’s a pretty decent browser but...

Security storm brewing for Oracle Java-powered smart cards: More than a dirty dozen flaws found, fixes... er, any fixes? (Register) Vuln hunters warn malicious applets can bust through protections, snoop on or hijack access gizmos

PewDiePie ransomware forcing users to subscribe him on YouTube (HackRead) T-Series – PewDiePie Battle Takes an Ugly Turn- PewDiePie Fans Launching PewDiePie ransomware to Get Followers.

1 Million Macs Exposed to Malvertising Scam (Tom's Guide) A new malware campaign targeting Macs buries fake Adobe Flash installers inside innocent-looking online ads.

UK Police Federation Hit by Ransomware (SecurityWeek) The UK Police Federation of England & Wales (PFEW) website was hit by a malware attack that it discovered on March 9, 2019.

New phisherman's friends and a few old favourites slither out of WatchGuard's Security Report (Register) New entry in network attack hit parade: That 2017 Cisco WebEx flaw you patched already (right?)

Fake CIA agents are trying to steal your Bitcoin (Chepicap) Apparently scammers of the worst kind are now posing as US Central Intelligence Agency agents, to trick potential victims into giving up $10,000 worth of their hard-earned Bitcoin

Fake CDC Emails Warning of Flu Pandemic Push Ransomware (BleepingComputer) A new malspam campaign is being conducted that is pretending to be from the Centers for Disease Control and Prevention (CDC) about a new Flu pandemic. Attached to the emails are a malicious attachment that when opened will install the GandCrab v5.2 Ransomware on the target's computer.

This Evil New Child Porn Phishing Attack Could Absolutely Ruin Your Life (KnowBe4) [Heads-up] This Evil New Child Porn Phishing Attack Could Absolutely Ruin Your Life

Navicent Health cyber attack potentially impacts employee emails (41NBC News | WMGT-DT) Third party illegally accessed employee email accounts.  Navicent Health notified patients that they were potentially impacted by a data security incident.

Spycam sex videos of 1,600 motel guests sold to paying subscribers (Naked Security) 1,600 guests were filmed with hidden webcams that livestreamed the action. The site also sold videos.

Cyber attack on Dubai school network, parents warned (Gulf News) Staff email accounts were compromised, but no data breached, official says

12 most dangerous emails you can get (Gadget Now) It’s the cold and inescapable truth that if you’re anyway connected to the Internet then you’re susceptible to cybercrime of one kind or the other. Surprisingly, email continues to be one of the most vulnerable mediums and people often fall prey to malicious links or malware. A research conducted by cybersecurity firm Barracuda Networks analysed over 3.6 lakh emails and found out 12 most common yet dangerous subject lines in emails received by people. So, if you find any of these 12 – from unknown sources – subject lines in your inbox, beware before opening them:

Security Patches, Mitigations, and Software Updates

Microsoft Windows 7 patch warns of coming patchocalypse (Naked Security) Microsoft has issued a patch to remind Windows 7 users that they’ll soon have no patches.

Change your Facebook password now! (Naked Security) Facebook has done an audit and shocked even itself by finding plaintext passwords in logfiles back to 2012. Change your password now!

Telegram Now Lets You Delete a Received Message From Sender's Device (BleepingComputer) To further increase privacy, Telegram announced today that they have added a feature that allows users to delete any message in a one-on-one chat and have it be removed from both chat user's devices

Cyber Trends

Timeline of Cyber Incidents Targeting Financial Institutions (Carnegie Endowment for International Peace) Since 2016, there have been growing concerns about cybersecurity risks to the financial system prompting the G20 finance ministers and central bank governors to warn in March 2017 that “the malicious use of Information and Communication Technologies could . . . undermine security and confidence and endanger financial stability.”

NETSCOUT Releases 14th Annual Worldwide Infrastructure Security Report (NETSCOUT) NETSCOUT SYSTEMS, INC., (NASDAQ: NTCT), a leading provider of service assurance, security, and business analytics, today released its 14th annual Worldwide Infrastructure Security Report (WISR), offering direct insights int

Cloud in the Crosshairs (NETSCOUT) When the Worldwide Infrastructure Security Report (WISR) was launched 14 years ago, 10 GBPS attacks made headlines and took networks down.

State of the Digital Workplace (Igloo Software) Igloo report highlights opportunities for employers to embrace a workforce ready for next-gen tools For the second year, Igloo set out to determine the state of the digital workplace in companies large and small, across all industries. In this report, we outline opportunities for business leaders to improve communication, collaboration, and information sharing — recommendations that directly reflect the pain points the modern workforce is still experiencing.The 2019 State of the Digital Workplace Report

Who’s Up For A Good Old-Fashioned Cyber Attack? (Sensors Magazine) These are the employees most likely to suffer a cyber-attack.

Fraud the Facts 2019 (UK Finance) The definitive overview of payment industry fraud

Most UK Retailers See Increase in Cyber-Attacks (Infosecurity Magazine) Spending has increased 17% to tackle the challenge, according to industry report

Forcepoint: healthcare failing patients with weak data protection (Tahawultech) The healthcare industry is not doing nearly enough to protect sensitive patient information, data protection expert Forcepoint warned in a CISO roundtable hosted in partnership with CNME and tahawultech.com.

Europol: Telecoms Fraud Costs €29bn Annually (Infosecurity Magazine) New EC3 and Trend Micro report urges industry to collaborate with law enforcement

Where did social media go wrong? (TechCrunch) For most of my life, the Internet, particularly its social media — BBSes, Usenet, LiveJournal, blogosphere, even MySpace, early Twitter and Facebook — consistently made people happier. But roughly 5 years ago it began to consistently make people more miserable. What changed? I posted th…

Spam has taken over our phones. Will we ever want to answer them again? (Washington Post) All of those calls from strange numbers are turning our favorite devices against us.

Marketplace

CyberX Capitalizes on IIoT Security Momentum with Additional $18 Million in Strategic Funding (BusinessWire) CyberX, the IIoT and industrial control system (ICS) security company, today announced that it has raised $18 million in a strategic funding round led

Terbium Labs Announces Strategic Investment from Omidyar Network to Protect Digital Privacy and Enhance Data Security on a Global Scale (West) Subhashish Bhadra of Omidyar Network and Rohyt Belani of Cofense Join Board of Directors

Merlin Invests in Wickr to Deliver Secure Communications to Federal Agencies and Highly-Regulated Industries (Global Banking & Finance Review) RSA Federal Summit “ Merlin International, Inc., a trusted technology provider delivering innovative cybersecurity solutions for highly-regulated ind

NSE subsidiary acquires VC-backed cybersecurity firm Aujas Networks (VCCircle) NSEIT Ltd, a wholly owned subsidiary of the National Stock Exchange (NSE), has acquired cybersecurity company Aujas Networks Pvt. Ltd to bolster its IT security offerings.

Vermont's VTel Strips Out Huawei Gear, Swaps In Ericsson Equipment (Light Reading) Vermont's VTel said it's replacing some Huawei equipment in its wireless network with gear from Ericsson. But this raises the question: Should the US government pay for others to make the same switch?

Northrop Lands Spot on $982M Army Cyber, Electronic Warfare Support IDIQ (GovCon Wire) Northrop Grumman (NYSE: NOC) has secured a spot on the U.S. Army’s potential $982M R4 indefinite-del

FBI Selects Forcepoint for $23M Cyber Deal (Meritalk) Forcepoint announced Wednesday that the Federal Bureau of Investigation awarded it a 5-year Blanket Purchase Agreement (BPA) worth $23.5 million.

Carbonite's Webroot Acquisition: 'Do No MSP Harm' (ChannelE2E) Carbonite's Webroot acquisition nears finalization. Webroot MSPs should expect a 'Do No Harm' partner strategy from Carbonite CEO Mohamad Ali, ChannelE2E believes.

'It came out of the blue' - Duo Security founder on $2bn acquisition by Cisco (CRN) General manager Dug Song reveals rationale behind accepting bid from the networking giant

Cyber ecosystem helping Australian security startups focus more on partnerships than quick acquisition (CSO) Overseas companies are welcoming the chance to discuss partnerships with Australian security startups that no longer see acquisition by overseas vendors as the most desirable endgame, the head of Australia’s industry-development body has reported after a successful trade mission that concluded at the RSA conference in San Francisco.

As cyber reskilling academy takes shape, hiring reform wish-list emerges (Federal News Network) Attracting in-demand cybersecurity talent to government service could be as simple as retraining current federal employees for the jobs of the future.

Absolute Appoints Distinguished Security Expert and Technologist Dr. Nicko van Someren as Chief Technology Officer (Absolute) Veteran technology executive joins the leader in Enterprise Resilience

Tenable taps industry vet to lead global business development (Baltimore Business Journal) International operations generated 33 percent of Tenable's $267.4 million in revenue last year.

Two Six Labs welcomes new Senior Vice President (AP NEWS) Two Six Labs announced today that David Leach has joined the Executive Management Team as Senior Vice President of Strategy and Corporate Development.

Products, Services, and Solutions

HyperQube launches 'cyber range as a service' (Technical.ly DC) The 2017 Mach37 cybersecurity accelerator graduate company allows enterprises to create virtual test environments to see how their IT infrastructures can hold up against cyber attacks.

Descartes, Kharon partner on sanctions risk intelligence (Compliance Week) Software as a service (SaaS) solutions provider Descartes Systems Group announced that it has integrated research company Kharon’s sanctions ownership data with its denied party screening solutions to help organizations ensure they are not conducting business with entities that are majority-owned by individuals or companies under the Department of the Treasury’s Office of Foreign Assets Control (OFAC) regulations.

Coalfire Labs Develops Open Source Password Cracking Tool (PR Newswire) Coalfire, a trusted provider of cybersecurity advisory and assessment services, announced today that the...

Alpine Security Launches Cyber Infinity Training Program (PRWeb) Alpine Security (“Alpine”), a leading cybersecurity training, penetration testing, and audit firm, announces the launch of their Cyber Infinity Training Prog

Kudelski Security inks blockchain security partnership with Hosho (Telecompaper) Kudelski Security, the cyber security division of the Kudelski Group, has announced a strategic partnership with Hosho, a global leader in blockchain security and smart contract auditing, to extend the capabilities of Kudelski Security’s recently launched Blockchain Security Center (BSC).

CloudSEK: The start-up that keeps cyber threats at bay (The Financial Express) CloudSEK’s SaaS-based flagship product X-Vigil is an outcome of four years of R&D

GigaOm Explores Enterprise Data Governance with Modern Data Catalog Platforms (PR Newswire) "Data catalogs, a category of product in the broad field of data governance, are emerging in popularity," says...

Technologies, Techniques, and Standards

The Risks of Marrying ‘Smart’ Technology With ‘Dumb’ Machines (Wall Street Journal) The 737 MAX crashes have put the spotlight on digital retrofits to older equipment—a new realm of vulnerabilities for tech and safety experts.

CYBERSECURITY: How 5G high-speed America jolts grid security (E&E News) Call it a choice between "Black Panther" and blackouts in the rollout of super-fast 5G internet technology. America's tech titans are lined up against electric utilities in a noisy fight for control of wireless spectrum that power companies say is critical for communications if a natural disaster darkens a city or hackers breach the grid.

Traveler Verification Service for Simplified Travel (US Customs and Border Protection) U.S. Customs and Border Protection (CBP) is changing the face of travel with its cloud-based facial biometric matching service that enables safe, secure and fast identity verification.

DHS preps launch of Cyber Talent Management System (FedScoop) The Department of Homeland Security requested $11.4 million in fiscal 2020 to fund the launch of a personnel system for hiring cybersecurity talent. First detailed in the administration’s reorganization plan last summer, the Cyber Talent Management System is described as an “agile and innovative personnel system” that better equips DHS to “compete for cyber talent with …

HIPAA Compliance in the Cloud: Who’s Responsible? (Infosecurity Magazine) Cloud compliance is important, although it does not have to be complicated

Estonian troops place first, third in Maryland military competition (ERR) Members of the Estonian team to participate in the Maryland National Guard's (MDNG) Best Warrior Competition 2019 placed first in the officers and non-commissioned officers (NCOs) categories as well as third in the junior enlisted category.

Design and Innovation

This ‘Online Lie Detector’ Could Honestly Be a Problem (WIRED) Critics point out serious flaws in a study promising an "online polygraph," with potential to create deep biases.

Deep Learning to Make Deep Inroads in the Fight Against Fraud (Fintech Times) On March 20, TFT CEO Katia Lang was invited to attend Re-Work’s Deep Learning in Finance Summit where she chaired a discussion

Finding The Right Balance Between Security And Privacy (Forbes) Armorblox invited a panel of experts to talk about the challenges of privacy and security and the role that artificial intelligence and machine learning can play in improving the balance between the two.

You Cannot Develop Technology Without Social Responsibility, Says Microsoft Exec (Algemeiner) Silhouettes of laptop and mobile device users are seen next to a screen projection of Microsoft logo. Photo: Reuters / …

Research and Development

Stanford launches effort to steer artificial intelligence to help, not harm, humans (Silicon Valley Business Journal) The new institute comes at a time when distrust of technology and concerns for its effects on privacy are growing.

L'informatique quantique pourra casser les clés de chiffrement (Le Monde Informatique) Si d'aprés les experts le chiffrement à clé publique actuel est suffisant pour répondre aux besoins des entreprises, l'avénement de l'informatique...

Academia

Norwich and Leahy announce $7.3M for grants to advance cybersecurity programs (Vermont Business Magazine) Norwich University President Richard W Schneider and Senator Patrick Leahy, (D-Vermont) announced on Thursday, March 21, the award of three major contracts totaling approximately $7.3 million that continue Leahy’s long-standing support of cybersecurity education programs and research at Norwich University.

Marshall to host Cyber Day for local high school students (Huntington News) Marshall University is seeking local high school students interested in learning more about the world of cybercrime, digital forensics and cyber security.

Legislation, Policy, and Regulation

Theresa May clings on and defies call to set No 10 exit date (Times) Theresa May has resisted pressure to set a date for her departure in return for support for her EU divorce deal after a threatened cabinet coup fizzled out. After meeting prominent Brexiteers at...

What a U.S. Operation Against Russian Trolls Predicts About Escalation in Cyberspace (War on the Rocks) The Washington Post recently reported that U.S. Cyber Command conducted an offensive cyber operation in the fall to block the Internet Research Agency, a

We're already in the middle of a major cyber war, experts believe (Fox News) A whopping 87 percent of information security specialists believe we're in the middle of a global cyber war.

Chile, Colombia sign cybersecurity MOU (BNamericas) BNamericas is the business intelligence tool for Latin America with data, news, analysis and events to identify job opportunities, projects, companies and contacts

Exclusive: EU to drop threat of Huawei ban but wants 5G risks... (Reuters) The European Commission will next week urge EU countries to share more data to t...

Italy will be the first G7 country to join China's controversial Belt and Road project (Quartz) The move bears the stamp of political newcomer Michele Geraci, a finance professor who taught for a decade in China.

Pompeo warns Israel: Get too close to China and intel cooperation will suffer (Hot Air) “We want to make sure every country is wide-eyed and awake with regard to the policy threats posed by China."

U.S officials not explaining why Huawei poses a security risk: AT&T CEO (RCR Wireless News) AT&T's CEO said that the US government has told the company not to implement equipment from Chinese vendors including Huawei and ZTE

It’s Not Too Late for an Independent Commission to Investigate Election Meddling (POLITICO Magazine) The Mueller report is finished. But it won’t solve the problem of foreign interference in U.S. elections.

Entering the age of hack back (The Independent Online) When the debris settles after special counsel Robert Mueller completes his investigation into Russian hacking of the 2016 presidential election, America will still be left with the underlying

Cyber security: be safe – and that’s an order (Utility Week) Operators of essential services are under a legal obligation to protect themselves from cyber attack, but some utilities are sleepwalking into non-compliance, as Rachel Willcox reports.

Defending America’s Critical Infrastructure Will Take ‘Whole of Nation’ (Nextgov.com) Strong public-private partnerships are imperative, former officials said.

Senators Question DOJ’s Surveillance of Americans’ Cell Phone Location Records (Nextgov) Lawmakers want the attorney general to explain how the collection of cellular location data has changed following a recent SCOTUS decision.

Cyber Command to get new chief of staff (Fifth Domain) Maj. Gen. John Morrison, one of the architects of new Army doctrine in the cyber and electronic warfare domains, will be moving to Fort Meade.

The California Consumer Privacy Act At a Glance (The Media Trust) INFOGRAPHIC. Expected to go into force January 2020, the California Consumer Privacy Act (CCPA) adopts a few basic tenets of Europe's groundbreaking legislation, GDPR.

Litigation, Investigation, and Law Enforcement

AG March 24 2019 Letter to House and Senate Judiciary Committees (Attorney General Barr) Dear Chairman Graham, Chairman Nadler, Ranking Member Feinstein, and Ranking Member Collins: As a supplement to the notification provided on Friday, March 22, 2019, I am writing today to advise you of the principal conclusions reached by Special Counsel Robert S. Mueller III and to inform you about the status of my initial review of the report he has prepared.

How internet mercenaries battle for authoritarian governments (LiveMint) The Saudi government’s reliance on a firm from Israel offers a glimpse of a new age of digital warfare governed by few rules.The US laws governing this new age of digital warfare are murky, outdated, and ill-equipped to address rapid technological advances

Takeaways From The Times’s Investigation Into Hackers for Hire (New York Times) Companies that hired former intelligence operatives are selling sophisticated hacking tools to government officials, who in some cases use them for nefarious purposes.

Spyware by NSO Used to Target Slain Mexican Journalist’s Wife, Report Says (CTECH) Israeli NSO develops spyware that can remotely take over a smartphone and gain access to calls, messages, and any other data stored on the device

Mueller Report Says No Collusion, Barr Raises a Million Questions (WIRED) In a convoluted letter to Congress, Attorney General William Barr summarized Robert Mueller's report on the Russia investigation and said he won't charge President Trump with obstruction.

Mueller did not find Trump or his campaign conspired with Russia, also did not exonerate him on obstruction (CNN) Special counsel Robert Mueller did not find Donald Trump's campaign or associates conspired with Russia, Attorney General William Barr said Sunday.

Key Takeaways From Attorney General’s Summary of Mueller Report (Wall Street Journal) The summary of Robert Mueller’s report sent by Attorney General William Barr says no finding was made of the Trump campaign conspiring with Russia, but that country clearly interfered in the election.

Trump team turns tables after Mueller report, calls for investigation into probe's origin (Fox News) President Trump and his legal team declared total victory Sunday following the release of Special Counsel Robert Mueller’s key findings -- including no evidence of collusion with Russia during the 2016 campaign -- but sought to turn the tables by renewing calls to investigate the investigators. 

Mueller Finds No Trump-Russia Conspiracy, but Stops Short of Exonerating President on Obstruction (New York Times) The attorney general released the main findings of the closely watched investigation into Russia’s election interference and whether Trump associates conspired.

CNN's Toobin: 'Total vindication of the president' on collusion (TheHill) CNN legal analyst Jeffrey Toobin said Sunday that President Trump has been vindicated on "the issue of collusion" after Attorney General William Barr said in a letter to Congress that special counsel Robert Mueller did not find evidence

What just happened? The questions behind the Mueller report (POLITICO) Here’s what Mueller said to Barr, what the attorney general said to Congress, and what it all means.

With Mueller Report Done, It's up to William Barr to Decide How Much to Make Public (New York Law Journal) AG William Barr said in a memo to Congress: I am reviewing the report and anticipate that I may be in a position to advise you of the special counsel's principal conclusions as soon as this weekend.

Barr’s Letter Contains Unambiguously Good News for the U.S. (National Review) Americans should feel even greater confidence in the legitimacy of the 2016 election.

The Mueller Report Is Done. Now Comes the Hard Part (WIRED) Special counsel Robert Mueller finished his investigation into the 2016 presidential election Friday.

Opinion | I wrote the special counsel rules. The attorney general can — and should — release the Mueller report. (Washington Post) I wrote the special counsel regulations. The attorney general can — and should — release the Mueller report

Democrats will direct FBI, White House counsel to preserve records shared with Mueller (Washington Post) Directives also will be sent to the CIA, NSA, Director of National Intelligence, and the departments of Justice, Treasury and State, congressional aides say.

Analysis | As we await details of the Mueller report, the battle shifts to the political arena (Washington Post) Legal investigations will continue, but political judgments — by elected officials and the public — will now set the course for Trump’s presidency.

Robert Mueller found no collusion and now Democrats are doubting America's democratic institutions (Washington Examiner) On July 24, 2018, President Trump said, "What you're seeing and what you're reading is not what's happening.”

Who is Attorney General Barr, the man deciding what parts of the Mueller report to release? (Washington Post) The attorney general has had a long career serving Republican administrations.

Mueller report summary puts matters in Congress’s court, key Democrat says (Washington Post) Rep. Jerrold Nadler of New York, chairman of the House Judiciary Committee, said the next step is up to lawmakers.

How to end our national nightmare — probe Hillary Clinton again (New York Post) With Robert Mueller finished, the only way to end our national nightmare is to probe Obama, Clinton and the FBI, Michael Goodwin writes.

Analysis: With Mueller report in, nothing's over. But for Trump, everything has changed (USA TODAY) Only highlights of Mueller's report are out, and investigations into Trump continue. But the political landscape has shifted. USA TODAY's analysis.

Trump's 'delight' and the 'discomfort' of Democrats: Global media reacts to the Mueller report (CNBC) Read some of the responses to the outcome of one of the most gripping investigations into a U.S. president in modern times.

Cummings concerned about Jared, Ivanka private emails, texts (Enewscourier.com) Ivanka Trump, the president's daughter and a powerful White House aide, did not preserve all of her official emails as required by federal law, and her husband,

Aide of Nigerian cyber gang who duped Doon trader of Rs 52 lakh held (The Times of India) The Special Task Force of Uttarakhand Police has arrested a man from Gorakhpur, Uttar Pradesh, alleged to be a member of Nigerian cyber frau.

Supreme Court challenges $8.5M class-action privacy settlement against Google (Silicon Valley Business Journal) The ruling this week throws the fundamentals of the case into question, and could affect the way companies settle class-action lawsuits in the future.

Mike Lynch's showdown with HP set to star Meg Whitman as trial kicks off (The Telegraph) Autonomy founder Mike Lynch faces a High Court showdown with former Hewlett-Packard boss Meg Whitman as he goes into battle to save his fortune from a $5bn fraud claim.

US accuses Mike Lynch - 'Britain's Bill Gates' - of destroying documents and paying hush money ahead of $5bn Hewlett Packard fraud trial (The Telegraph) The US government has accused the Autonomy founder Mike Lynch of destroying documents, money laundering and paying hush money to influence court proceedings.

Problem Police Are Moved to Jobs at Homeland Security Center (NBC 10 Philadelphia) Some problem police officers in Philadelphia have been assigned to monitor security cameras in a highly sensitive Homeland Security intelligence facility.

Sacked IT guy annihilates 23 of his ex-employer’s AWS servers (Naked Security) He was fired after four weeks, ripped off the credentials of former colleague “Speedy”, and will be mulling it all over for two years in jail.

On the Trail of the Robocall King (WIRED) An investigator set out to discover the source of one scammy robocall. Turns out, his target made them by the millions.

Alleged Child Porn Lord Faces US Extradition (KrebsOnSecurity) In 2013, the FBI exploited a zero-day vulnerability in Firefox to seize control over a Dark Web network of child pornography sites

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

KNOW 2019 (Las Vegas, Nevada, USA, March 24 - 27, 2019) The Future of Trust starts at KNOW 2019, the definitive event focused on the data economy. From Facebook and Equifax to GDPR, identity data is at the forefront of cybersecurity and regulation. KNOW is...

Cyber Security for Critical Assets Summit (Houston, Texas, USA, March 26 - 28, 2019) The Cyber Security for Critical Assets Summit unites 250+ senior IT & OT security professionals to elucidate the most advanced cybersecurity information, debate policies and guidelines, and collaborate...

SecureWorld Boston (Boston, Massachussetts, USA, March 27 - 28, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...

Symposium on Securing the IoT (San Francisco, California, USA, March 27 - 29, 2019) Want to share your passion and knowledge for Securing the 25 Billion devices connected to the Internet? Topics currently being selected for tracks include: Authenticating Blockchain, Secure Medical & Healthcare,...

Women in CyberSecurity (WiCyS) Conference (Pittsburgh, Pennsylvania, USA, March 28 - 30, 2019) The WiCyS Conference brings together women in cybersecurity from academia, research, government, and industry to share knowledge, experience, networking, and mentoring. The event's goal is to broaden participation...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.