skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

E&E News reports that the US Department of Energy has said that four counties in California, Utah, and Wyoming experienced a "cyber event" that interrupted "electrical system operations" briefly on March 5th. E&E News notes that the Department's definition of "cyber event" is expansive, but little information has so far been forthcoming.

The US Department of Homeland Security has issued Binding Operational Directive 19-02, which establishes "Vulnerability Remediation Requirements for Internet-Accessible Systems." The directive builds on and supersedes Binding Operational Directive 15-01. Agencies will have to fix faster. The new directive requires that critical vulnerabilities be remediated within fifteen calendar days of initial detection. Agencies will have thirty calendar days to remediate "high vulnerabilities." Binding Operational Directives apply to US Federal agencies, with exceptions for the Defense Department and the Intelligence Community.

Facebook at its F8 shindig announced that "the future is private." CNET quotes CEO Zuckerberg as acknowledging the skepticism that will meet the new direction: "I get that a lot of people think we're not serious about this. I know we don't have the strongest reputation on privacy, to put it lightly." A look at the Telegraph's review of the company's initiatives suggests that end-to-end encryption of messages represents the biggest move toward privacy. Other changes, like the new prominence of groups, and initiatives to suggest unknown people likely to become "Friends," seem likelier to lead the social network into data temptation.

Mr. Assange will be detained fifty weeks at her Majesty's pleasure, the Wall Street Journal reports.


Today's issue includes events affecting China, Italy, United Arab Emirates, United Kingdom, United States.

Bring your own context.

Where does the famously risky shadow IT come from? From commitment and good intentions, for the most part.

"When IT is not acting in an agile or responsive manner, when IT doesn't provide enough funding to support strategic initiatives, business tends to try to do things on their own." Dean Pipes from TetraVX, discussing the root causes of shadow IT on the CyberWire Daily Podcast 04.30.19.

So blame it on the gung-ho young MBAs. Or rather, don't blame them, but don't let IT become an obstacle to productivity.

Get a Backstage Pass to LookingGlass’ Digital Business Risk Roadshow

When it comes to digital business risk, you don’t want a general admission perspective. Get a backstage pass for the LookingGlass Digital Business Risk Roadshow to learn the industry-latest on effective third party risk management, taking a proactive security approach, and get a cybercriminal mastermind's insights on manipulating your organization’s cyber strengths and weaknesses. Come see us in a city near you. The tour includes NYC, D.C., and Houston!

In today's podcast, out later this afternoon, we speak with our partners at Dragos, as Robert M. Lee reviews the pros and cons of conferences like RSA. Our guest is Bert Grantges from Vera, who discusses cyber security as a business enabler.

And Recorded Future's podcast, produced in partnership with the CyberWire, is up. Episode 105, "StubHub leverages empathy and emotional intelligence for threat hunting," features an interview with Sandeep Abraham, StubHub’s only combination threat analyst and investigator. He describes the challenges StubHub faces and how he uses a unique approach of empathy and emotional intelligence, alongside more straightforward threat hunting techniques, to stay one step ahead of the fraudsters.

Cybersecurity Impact Awards (Arlington, Virginia, United States, May 14, 2019) Winners of the Cybersecurity Impact Awards will be announced and recognized at the May 14, 2019 CYBERTACOS event. The event will start at 5:30 p.m. and the award presentation will begin at 6:00 p.m.! Join us afterwards for tacos and networking!

Cyber Investing Summit (New York City, New York, United States, May 16, 2019) The Cyber Investing Summit is a conference focused on financial opportunities and strategies in the cybersecurity sector. Join key decision makers, investors, and innovators to network, learn, and develop new partnerships May 16th in NYC. More information:

Cyber Security Summits: May 16 in Dallas and in Seattle on June 25th (Dallas, Texas, United States, May 16 - June 25, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, U.S. Secret Service, Verizon, Center for Internet Security, and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Passes are limited, secure yours today:

Cyber Attacks, Threats, and Vulnerabilities

Emotet Trojan Is the Most Prevalent Threat in Healthcare Systems (BleepingComputer) Almost 80% of the malware affecting computer systems in the healthcare industry are trojans and the most common of them is Emotet, a report today shows.

Ransomware Attacks Enjoying a Spring Renaissance (CPO Magazine) Are ransomware attacks making a comeback as a dominant cyber security threat? Norsk Hydro, Verint, Weather Channel and Arizona Beverages are among the big names who have fallen victim in recent weeks.

Buhtrap backdoor and ransomware distributed via major advertising platform (WeLiveSecurity) ESET researchers document how cybercriminals abused the online advertising network of Russia's leading search engine to distribute malware.

Citycomp Ransomware Attack Nabs Financial Data From Several Large Companies (Channel Futures) A ransomware attack on a large Germany-based IT provider, Citycomp, has put the financial data of several of the world’s biggest companies at risk, including Oracle, Airbus, Toshiba and Volkswagen.

Zero-day attackers deliver a double dose of ransomware—no clicking required (Ars Technica) High-severity hole in Oracle WebLogic under active exploit for 9 days. Patch now.

Mysterious hacker has been selling Windows 0-days to APT groups for three years (ZDNet) Hacker has sold Windows zero-days to the likes of Fancy Bear, FruityArmor, and SandCat.

Leak Reveals Iran’s Wildest Hacker Crew Stole 13,000 Passwords From 98 Organizations (Forbes) Iran-backed hackers targeted a large number of Middle Eastern organizations, as they pilfered passwords to all manner of government and private entities.

Docker breach of 190,000 users exposes lack of two-factor authentication (Naked Security) The containerisation platform has asked 190k users to change their passwords after hackers gained access to a database of personal data.

A ‘Cyber Event’ Disrupted the Power Grid in California and Wyoming, But Don’t Panic Just Yet (Motherboard) The Department of Energy says a “cyber event” disrupted operations in California, Wyoming, and Utah last month. But it’s unclear if hackers were behind it.

SECURITY: 'Cyber event' disrupted U.S. grid networks — DOE (E&E News) A report posted by the Department of Energy found that a potentially unprecedented "cyber event" hit grid operations in the western United States last month. Who was behind it?

Africa, Mideast record stunning increase in cyber-attacks (CAJ News Africa) There have been more than 150 million malware attacks in Middle East, Turkey and Africa (META) since the beginning of the year.

Cyberattacks increasing in UAE, study says (Khaleej Times) A total of 1,101,745 phish attacks were recorded in the UAE during the first quarter of 2019.

Cyberattack hits Verint's low profile (Globes) A cyberattack and complaints from a dissastified investor have put the media shy tech company in the headlines.

Data Risk Report: 1000s of Stale Accounts, Exposed Files Revealed (Computer Business Review) A data risk report by Varonis that analysed more than 54 billion files via 785 data risk assessments carried out by the data security company's engineers,

Norsk Hydro Cyber Attack Cost It Nearly $52M in First Quarter (Insurance Journal) Norsk Hydro said the March cyber attack that paralyzed its computer networks would cost the aluminum maker up to 450 million Norwegian crowns ($52

Cryptocurrency thefts, fraud hit $1.2 billion in first quarter: report (Reuters) Losses from the theft of cryptocurrencies from exchanges and fraud-related activ...

Microsoft Outlook Security Breach Targeted Bitcoin Accounts (BTCMANAGER) Earlier in April 2019, Microsoft Hotmail, MSN, and Outlook email accounts suffered a severe security breach. Now, a  good number of the victims have revealed that their cryptocurrency wallets were hacked during the ugly incident, reports Motherboard on April 29, 2019. Microsoft Customer Support Account Hacked Per the report, the…

Cybersecurity: The key lessons of the Triton malware cyberattack you need to learn (ZDNet) Triton is a particularly dangerous form of malware; learning these lessons could make you a lot safer.

Mobile Chrome Hoax Could Target Android Users (TechNewsWorld) A new method for hiding the true location of a website from users of the mobile Chrome Web browser has come to light. Phishers can trick users into revealing their credentials for a legitimate website to operators of a malicious one, security researcher James Fisher reported. Scammers can exploit mobile Chrome's feature that hides the address bar when users are scrolling on a Web page.

Warren Buffett: ‘Cyber poses real risks to humanity’ (Yahoo) Berkshire Hathaway CEO Warren Buffett says that cyber attacks are as dangerous as nuclear, biological, and chemical weapons.

SECURITY: 'Cyber event' disrupted U.S. grid networks — DOE (E&E News) A report posted by the Department of Energy found that a potentially unprecedented "cyber event" hit grid operations in the western United States last month. Who was behind it?

Hackers Steal and Ransom Financial Data Related to Some of the World’s Largest Companies (Motherboard) The data was stolen from Citycomp, which provides internet infrastructure for dozens of companies including Oracle, Airbus, Toshiba, and Volkswagen.

Zero-day attackers deliver a double dose of ransomware—no clicking required (Ars Technica) High-severity hole in Oracle WebLogic under active exploit for 9 days. Patch now.

Oh dear. Secret Huawei enterprise router snoop 'backdoor' was Telnet service, sighs Vodafone (Register) We all want to see hard proof of deliberate espionage. This is absolutely not it

Android users: watch out for this fake address bar trick (Naked Security) When is an address bar not an address bar? When it’s a fake.

Updated: This DDoS Attack Unleashed the Most Packets Per Second Ever. Here’s Why That’s Important (Imperva) (Updated April 30, 2019 with new data from an even larger attack. Skip directly to the bottom to learn more.) DDoS attacks are usually measured by the amount of bandwidth involved, such as the 1.35 Terabits per second (maximum) attack directed at GitHub last year, the largest DDoS attack ever at the time. However, in …

Nozomi Networks Labs Finds New Rockwell PLC Vulnerability (Nozomi Networks) Nozomi Networks Labs responsibly disclosed a PLC vulnerability in Rockwell Automation CompactLogix controllers to CISA and Rockwell Automation.

Rockwell Automation CompactLogix 5370 (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 8.6ATTENTION: Exploitable remotely/low skill level to exploitVendor: Rockwell AutomationEquipment: CompactLogix 5370Vulnerabilities: Uncontrolled Resource Consumption, Stack-based Buffer Overflow2.

Most 2020 U.S. Presidential Campaigns Unprotected Against Nation-State Email Attacks (Agari) The campaigns for nearly all top-tier candidates running for President of the United States in 2020 are unprotected against email attacks, fraud and data breaches typically instigated by nation-states, according to a new report published today by Agari. Agari, the next-generation Secure Email Cloud that restores trust to the …

Philips Tasy EMR (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 4.1ATTENTION: Low skill level to exploitVendor: PhilipsEquipment: Tasy EMRVulnerability: Cross-site Scripting2. RISK EVALUATIONSuccessful exploitation of this vulnerability could impact or compromise patient confidentiality and system integrity.

Man posing as Hollywood superstar scams woman out of a ‘fortune’ (Naked Security) She must have been star-struck, she said, after the fraudster hid behind the Fast & Furious star’s photo and reached out from a fan page.

Schools’ cyber fraud has others on alert ( ) Crimes like the cyber fraud that struck Scott County Schools for $3.7 million last week, are part of a growing trend of crimes using the internet to target businesses and government agencies, said Scott Hall, executive director of the Georgetown/Scott County Revenue Commission. Hall also assists the FBI as a member of InfraGard, a public-private partnership which focuses specifically on such attacks.

Resilient staff restoring newspaper’s systems following cyber attack (Watertown Daily Times) The recovery from Saturday’s cyberattack is continuing at the Watertown Daily Times.

Security Patches, Mitigations, and Software Updates

Microsoft Adding Office 365 Security and Compliance Capabilities (Redmondmag) Microsoft on Tuesday announced various Office 365 security and compliance improvements, mostly for Microsoft 365 subscribers.

Cyber Trends

Threat Intelligence Firms Look to AI, but Still Require Humans (Dark Reading) Machine learning and artificial intelligence are helping threat-intelligence firms cover a greater area of the darknet, but human analysts will always be necessary, experts say.

Email attacks targeting financial services up 60% - Proofpoint (SecurityBrief) These attacks are socially engineered to target specific people within financial services organisations who can execute requests on the attacker’s behalf.

Social Media Platforms Increasingly Popular With Cybercriminals (Forbes) Social media is increasingly being used to perpetrate fraud against users. People who are active on Facebook, Instagram, and Snapchat are 30% more likely to be victims of fraud due to increased exposure and information sharing.

The Internet Risk Surface Report (RiskRecon) The Internet Risk Surface Report is a new research collaboration between RiskRecon and the Cyentia Institute. As the name implies, the focus of this initiative is to map, measure, and ultimately manage risk associated with the internet facing assets of an enterprise and its 3rd party partners.

Cyber Breach Intensification Provides Backdrop to DefenseStorm Session at NAFCU CEO and Senior Executives Conference (AP NEWS) Cyber breaches are up 50% in 2019, while research predicts a 3-million-person global shortage in qualified cybersecurity talent by the end of the year.


US ‘Undermining Political Independence Of Europe,’ Huawei Says (Eurasia Review) The US campaign against Chinese telecoms manufacturers is undermining the “political independence of Europe” to decide commercial partnerships for itself, Huawe…

Analysis | How Huawei Became a Target for Governments (Washington Post) Huawei Technologies Co., one of China’s most-global companies, is increasingly in the cross-hairs of the U.S. government and its Western allies, just as it’s pushing for a leadership role in the new wireless standard known as 5G.

At F8, Zuckerberg unveils Facebook's new mantra: 'The future is private' (CNET) CEO Mark Zuckerberg extols the virtues of private spaces online.

Facebook relaunch: from shopping on WhatsApp to no more likes on Instagram - all the new features explained (The Telegraph) Facebook has announced its biggest redesign in a decade as well as a series of new features at F8, the company's annual conference in San Jose, California.

Boston-Based Orchestrated Risk Management Company ZeroNorth Raises $10 Million (Pulse 2.0) Boston-based orchestrated risk management company ZeroNorth announced it raised $10 million in Series A funding led by ClearSky Ventures.

Red Canary raises $34 million to detect and remediate cyber threats (VentureBeat) Red Canary, a startup developing a suite of managed detection and response tools, has raised $34 million in an equity growth round.

ESET Agrees to Furnish Google's Chronicle with Threat Data (Computer Business Review) Bratislava-based security firm ESET has agreed to furnish Alphabet’s new cybersecurity spinoff Chronicle with threat data.

SolarWinds buys Passportal to boost security portfolio (CRN Australia) Buys password management firm to help MSP customers.

Akamai beats revenue estimates on cyber-security strength (Yahoo) Akamai Technologies Inc beat analysts' estimates for first-quarter revenue on Tuesday, powered by demand for its cyber-security services and its traditional business of helping speed up content delivery on the web. Revenue from the security business, which helps data centers operate and deliver

Ken Green Joins Bishop Fox as Vice President of Product Management (Yahoo) Leading security executive will manage technology products for new Managed Security Services business PHOENIX , April 30, 2019 /PRNewswire/ -- Bishop Fox , the largest private professional services firm ...

Products, Services, and Solutions

Verint adds Anomaly Detection to its VoC solutions (Help Net Security) Verint Systems announced the addition of Anomaly Detection as a powerful new capability to its expanding Voice of Customer (VoC) solutions.

Secureworks Launches New Cybersecurity Analytics Application (AiThority) Secureworks, a leading cybersecurity company that keeps organizations safe in the digitally connected world

Nextgen boosts security portfolio with Netskope (New Zealand Reseller News) ​Nextgen has further bolstered its security portfolio through adding Netskope to the mix, gaining full distribution rights across Australia and New Zealand.

Qualys Releases Innovative Extension to its Groundbreaking Cloud Agent Platform with New Cloud Agent Gateway (CAG) Service (Qualys) Strengthening the company’s groundbreaking Cloud Agent Platform, Qualys’ new high-availability proxy appliances simplify and secure connectivity for large-scale Cloud Agent deployments

Cynash’s SerialTap™ Cybersecurity Sensor Now Commercially Available (PRWeb) Cynash Inc., a leading developer of cybersecurity solutions for critical energy, water, transportation and industrial control systems, announces the commercial

STEALTHbits Launches Free Permissions Auditing Capabilities for Cloud and On-Premises Resources (Yahoo) STEALTHbits’ Access Library Now Available

Agari Helps Protect US Presidential Candidates from Email Attacks (Agari) More than 90% of campaigns do not have email security. We're making our solutions available to every candidate to protect our elections from attack.

Technologies, Techniques, and Standards

Is there such a concept as ‘cyber deterrence?’ (Fifth Domain) Officials and commentators warn cyber should be a component of a larger deterrence strategy.

Securing edge devices – how to keep the crooks out of your network (Naked Security) The Good Guys from the Cyber Threat Alliance just published a report to help you keep the Bad Guys out of your network

Cybersecurity is everyone’s business (IOL Business Report) Everyone from the top down including government, banks, service providers and municipalities are responsible for promoting cybersecurity awareness.

As organizations continue to adopt multicloud strategies, security remains an issue (Help Net Security) 97% of organizations are adopting multicloud strategies for mission-critical apps and nearly 2/3 are using multiple vendors for mission-critical workloads.

CIOs can stay ahead of cyber threats with these practices ( To ensure safety from cyber threats, CIOs must follow these practices

Securing edge devices – how to keep the crooks out of your network (Naked Security) The Good Guys from the Cyber Threat Alliance just published a report to help you keep the Bad Guys out of your network

Research and Development

Match me if you can: Cryptographic breakthrough helps spies to shake hands (Tech Xplore) When spies meet, they use secret handshakes to confirm their identities, ensuring they are who they say they are. Now, researchers at Stevens Institute of Technology, and colleagues, have solved a 15-year-old problem that allows handshake-style encryption to be used for time-delayed digital communications such as email—a challenge once thought to be impossible.

SwRI develops system to legally test GPS spoofing vulnerabilities in automated vehicles (Southwest Research Institute) SwRI developed an automotive cyber security system to legally test for GPS spoofing vulnerabilities in autonomous vehicles.


Raytheon launches cyber apprenticeships as part of £2m investment in UK technology education (Business Quarter) Raytheon launched a new cybersecurity apprenticeship programme in the UK in the latest stage of a £2m investment benefitting British technology education.

Legislation, Policy, and Regulation

NSA unmasked more U.S. identities, likely to warn victims of foreign spying, new report suggests (Washington Post) The unmasking process has been a major source of controversy for President Trump, but new figures show the practice increased under his administration. 

Privacy Advocates Urge Creation of Data Protection Agency (Decipher) As Congress considers various privacy bills, advocates are pushing for a federal data protection agency to enforce any new law.

UK Government Announces Cyber Security Ambassador (Infosecurity Magazine) UK Government Announces Cyber Security Ambassador. Henry Pearson will try and help UK security firms sell abroad

IoT security crackdown: Stop using default passwords and guarantee updates, tech companies told (ZDNet) Smart device makers will have to keep to these three rules if they want to sell their gadgets.

DHS tells agencies to move faster to fix critical cyber vulnerabilities (Federal News Network) DHS issued a new binding operational directive replacing a 2015 mandate and accelerating the time for agencies to mitigate problems.

DHS Says Federal Agencies Have 15 Days to Fix Critical Flaws (BleepingComputer) The Department of Homeland Security' Cybersecurity and Infrastructure Security Agency issued the Binding Operational Directive 19-02 which requires federal agencies to remediate critical security vulnerabilities within 15 days since the initial detection.

Binding Operational Directive 19-02: Vulnerability Remediation Requirements for Internet-Accessible Systems ( This page contains a web-friendly version of the Cybersecurity and Infrastructure Security Agency’s Binding Operational Directive 19-02, “Vulnerability Remediation Requirements for Internet-Accessible Systems”. A binding operational directive is a compulsory direction to federal, executive branch, departments and agencies for purposes of safeguarding federal information and information systems.

Time to Pursue an International Cyber Treaty? (The Nation) The Mueller report findings show a cyber “wild west” is not in the US national interest.

Litigation, Investigation, and Law Enforcement

WikiLeaks Founder Julian Assange Sentenced to 50 Weeks in Jail (Wall Street Journal) WikiLeaks founder Julian Assange has been sentenced to 50 weeks in jail for breaching bail while awaiting extradition to Sweden on sexual assault accusations in 2012.

Facebook under investigation for harvesting 1.5m users’ contact lists (Naked Security) For years, Facebook asked some new users for email passwords, then grabbed their contacts without consent (or any way to stop the process).

Chinese dev jailed and fined for posting DJI's private keys on Github (Register) Hapless soul repents 'unintentionally' sharing drone makers privates in repo

PTAB Says Juniper Patent Challenge Would Be 'Inefficient' (Law360) With Cisco’s challenge to a Finjan patent on cybersecurity technology in its final stages, the Patent Trial and Appeal Board on Monday said starting a new review of the patent based on a request from Juniper Networks would be an “inefficient” use of resources.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Infosecurity Europe (London, England, USA, June 4 - 6, 2019) Europe’s Leading Event for Information and Cyber Security Bringing business, tech and cyber communities together to discuss and discover how best to protect companies and individuals. Join in to find ‘everyone...

Detect '19 (National Harbor, Maryland, USA, September 29 - October 2, 2019) Insights from compelling customer presentations highlighting real-world threat intelligence big data issues. Threat intelligence data is a valuable asset for security teams who unlock the value it contains.

Upcoming Events

Cybertech Midwest 2019 (Indianapolis, Indiana, USA, April 24 - July 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...

Global Cyber Innovation Summit (Baltimore, Maryland, USA, May 1 - 2, 2019) The inaugural 2019 Global Cyber Innovation Summit brings together a preeminent group of leading Global 2000 CISO executives, cyber technology innovators, policy thought leaders, and members of the cyber...

2019 Innovator's Showcase (McLean, Virginia, USA, May 2, 2019) The Intelligence and National Security Alliance (INSA) will showcase IR&D projects with national security applications at its 2019 Innovators’ Showcase. Held in partnership with the Office of the Director social media for protecting or removing anonymity utilizing social media, internet-connected data stores, and other assets associated with life in a fully digital world, and ephemeris identity telemetry. including identifying characteristics such as biometrics, geolocation, digital signatures, and geo-environmental association..

Data Connectors Cybersecurity Conference Philadelphia (Philadelphia, Pennsylvania, USA, May 2, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Infiltrate 2019 (Miami Beach, Florida, USA, May 2 - 3, 2019) INFILTRATE is a deeply technical conference that focuses entirely on offensive security issues. Groundbreaking researchers demonstrate techniques that you cannot find elsewhere. Learn computer and network...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.