skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

Global Cyber Innovation Summit

We conclude our coverage of last week’s Global Cyber Innovation Summit with two pieces, linked below.

Many of the innovative young companies at the Summit have roots in the intelligence world. We'll close with some observations the DataTribe portfolio companies offered in a session on "Transitioning 'Practice' to 'Product'." In some respects that transition is similar to the one any company must make when it emerges from a research organization into the market. All the companies on stage, ReFirm Labs, ENVEIL, Prevailion, and Attila Security, agreed that startups coming from that world sometimes have difficulty recognizing the importance of delivering a solution that scales. Most of them (with ENVEIL dissenting) thought that entrepreneurs with a background in the Intelligence Community can fail to realize that there are limits on available funds. 

People who come from the Intelligence Community, the panel agreed, tend to bring with them a strong sense of mission. They need to shift their understanding of return-on-investment. In the IC, ROI tends to be understood in terms of mission capability. In business, ROI is of course understood in terms of profit. That's a shift the panelists thought IC veterans were able to make without undo difficulty.

US-CERT issues a warning concerning a new malware tool, ElectricFish, now being deployed actively by North Korean cyber operators.

Advanced Intelligence says that three anti-virus vendors have been breached by the well-known criminal group Fxmsp. The gang, which is notable for having both English-speaking and Russian-speaking operators, stole source code for anti-virus agents, analytic code, and web browser security plug-ins.

In a long New York Times op-ed, Facebook's co-founder, Chris Hughes, calls for the company to be broken up. It's a monopoly, Hughes argues. He also makes a case for public regulation of online content: he'd rather public servants police speech than private companies. Some such regulation seems increasingly likely, at least internationally. The Wall Street Journal reports that France's government intends to introduce legislation that would impose a duty of care on social media to regulate content that appears on their platforms. Reuters notes that President Macron is seeking a third regulatory way, a via media between a too restrictive China and a too permissive America.

The US Justice Department has unsealed an indictment that charges two Chinese nationals (Fujie Wang and "John Doe") with hacking healthcare insurer Anthem in 2015, and with hacking three other unnamed companies in separate incidents. Those companies were in the technology, basic materials, and communications sectors. Wang and Doe are regarded as members of a sophisticated cyber espionage unit.

A former US intelligence analyst, Daniel Everette Hale, has been arrested and faces charges related to alleged leaking of highly material to a reporter.


Today's issue includes events affecting Canada, China, France, Russia, Ukraine, United Kingdom, United States, and Vietnam.

Bring your own context.

Emojis are a form of online jargon grown even more pervasive than leetspeak. You may not remember what AFK or ROFL mean, but who doesn't get the smiley? But emojis themselves have developed a syntax to go with their easy semantics. And where does that get you? Into court, that's where, IOHO.

"The case referenced comes from California. And a person under investigation of soliciting - or basically being a pimp, hiring prostitutes and the subject of a prostitution sting had texted somebody using a crown emoji, high heels and a dollar sign. And that accompanied the message, 'Teamwork makes the dream work.' Prosecutors claim that the message implied a working relationship between a potential prostitute and this individual. The individual's defense was that he was simply trying to strike up a romantic relationship." Ben Yelin, of the University of Maryland's Center for Health and Homeland Security, on the CyberWire Daily Podcast, 5.8.19.

Sure, pal: tell it to Carlos Danger. But wait, what's that, Counselor? There's more?

"But the fact that these emojis were used in the prosecution, I think, is both extraordinary and also becoming more common. You know, in terms of the reliability of emoji use, when we're talking about a criminal case, it seems rather unreliable. I don't know about you, but in my casual conversations, I will frequently use the wrong emoji." Mr. Yelin, still on that podcast.

You said it, kiddo. We'll just use the glitch-crab emoji, sans crown, high heels, and dollar sign, and let it go at that.

The CISO's ultimate guide to AppSec: 11 essential best practices you should know

By now, we are all too aware of the consequences of a data breach: brand damage, loss of customer confidence, potentially costly litigation, regulatory fines, and more. But most organizations aren’t as familiar with how to prevent these attacks. This guide highlights 11 data security best practices to minimize risk and protect your data.

In today's podcast, out later this afternoon, we hear from our partners at the SANS Institute, as Johannes Ullrich, Dean of Research and proprietor of the Stormcast podcast, talks about how malware is leveraging tools from Google. Our guest, Alex Pinto, Head of Verizon Security Research, takes us through the company's 2019 Data Breach Investigations Report (DBIR).

And some of our correspondents have been down in Florida this week for KB4-Con. Stand by for notes in our social media channels (TwitterInstagram, or Facebook), and for special editions of Hacking Humans.

Cybersecurity Impact Awards (Arlington, Virginia, United States, May 14, 2019) Winners of the Cybersecurity Impact Awards will be announced and recognized at the May 14, 2019 CYBERTACOS event. The event will start at 5:30 p.m. and the award presentation will begin at 6:00 p.m.! Join us afterwards for tacos and networking!

Cyber Investing Summit (New York City, New York, United States, May 16, 2019) The Cyber Investing Summit is a conference focused on financial opportunities and strategies in the cybersecurity sector. Join key decision makers, investors, and innovators to network, learn, and develop new partnerships May 16th in NYC. More information:

Cyber Security Summits: May 16 in Dallas and in Seattle on June 25th (Dallas, Texas, United States, May 16 - June 25, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, U.S. Secret Service, Verizon, Center for Internet Security, and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Passes are limited, secure yours today:

Uniting Women in Cyber (Arlington, VA, United States, May 17, 2019) Join us as we celebrate the women in today’s cybersecurity ecosystem at the Uniting Women in Cyber Symposium on May 17, 2019! This full-day event features dynamic women speakers discussing the future of tech, cybersecurity and business. Network among 300–400 business and technical professionals and attend our awards reception recognizing women in tech and business.

DreamPort Event: Tech Talk Series: How DevOps and Automation Can Accelerate Warfighting Readiness (Columbia, Maryland, United States, June 19, 2019) Come hear NetApp's own DevOps journey and lessons learned and see how NetApp has equipped large enterprises to change fast and manage risk, with its deep integration with DevOps tools. In this interactive demonstration and discussion, NetApp will guide conversation towards a DevSecOps vision that can be realized immediately with capabilities that are available today to Defense Department developers.

DreamPort Event: RPE- 006: The Defense at Pemberton Mill (Columbia, Maryland, United States, June 21, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM is hosting RPE -006: The Defense at Pemberton Mill. For this event, we'll be looking for solutions that monitor a fictitious network for vulnerabilities and detect attacks in progress. We want participants to bring solutions for monitoring both information technology (IT) and operational technology (OT) networks both in live (with network taps) and offline (PCAP) mode. This event is June 21.

Dateline Global Cyber Innovation Summit

A look at the threat landscape. (The CyberWire) Sometimes the gradual threats are the worst ones.

Risk management: responsibilities and perspectives (The CyberWire) One of the challenges boards face in managing risk is that they're required to make decisions in matters on which they themselves lack deep expertise, which renders education, drill, and well-presented and relevant metrics all the more important.

Cyber Attacks, Threats, and Vulnerabilities

Top-Tier Russian Hacking Collective Claims Breaches of Three Major Anti-Virus Companies (Advanced Intel) "Fxmsp" is a high-profile Russian- and English-speaking hacking collective. They specialize in breaching highly secure protected networks to access private corporate and government information.

Hackers breached 3 US antivirus companies, researchers reveal (Ars Technica) Source code, network access being sold online by "Fxmsp" collective.

Task Force Update: Russian Interference Continues Post-Election (Ukraine Elects) Just days following the April 21 second round of the pivotal presidential election in Ukraine, Russian President Vladimir Putin offered expedited passports and citizenship to Ukrainians in the Russian-occupied territories of Donetsk and Luhansk. He subsequently extended the offer to Ukrainians who m

North Korean Hackers Use ELECTRICFISH Malware to Steal Data (BleepingComputer) The Federal Bureau of Investigation (FBI) and the U.S. Department of Homeland Security (DHS) have issued a joint malware analysis report (MAR) on a malware strain dubbed ELECTRICFISH and used by the North-Korean APT group Lazarus to exfiltrate data from victims.

MAR-10135536-21 – North Korean Tunneling Tool: ELECTRICFISH (US-CERT) This Malware Analysis Report (MAR) is the result of analytic efforts between DHS and the Federal Bureau of Investigation (FBI). Working with U.S. Government partners, DHS and FBI identified a malware variant used by the North Korean government. This malware has been identified as ELECTRICFISH. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.

HIDDEN COBRA - North Korean Malicious Cyber Activity (CISA) The information contained on this page is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) to provide technical details on the tools and infrastructure used by cyber actors of the North Korean government. The intent of sharing this information is to enable network defenders to identify and reduce

This ransomware sneakily infects victims by disguising itself with anti-virus software (ZDNet) This file-locking malware family has evolved a new tactic which abuses trust to create new ransomware victims.

A Pony Hidden in Your Secret Garden (Security Boulevard) Pony is the most widespread type of malware, representing around 39% of the active credential theft malware around the world according to BlueLiv’s report on Credential Theft Malware. Since its first appearance in...

New KPOT v2.0 stealer brings zero persistence and in-memory features to silently steal credentials (Proofpoint) Proofpoint researchers detail the latest iteration of KPOT Stealer

FIN7 Attackers Still in the Water (Decipher) The FIN7 attack group is still alive and well, despite arrests of some alleged members and intense attention from researchers and law enforcement.

CSS tracking trick can monitor your mouse without JavaScript (Naked Security) A security researcher has demonstrated a new way to track mouse movements even if users block JavaScript.

Ongoing Credit Card Data Leak (360 Netlab Blog) Our DNSMon flagged an abnormal domain name magento-analytics[.]com, been used to inject malicious JS script to various online shopping sites to steal the credit card owner/card number/expiration time/ CVV information.

Cyber Trends

Securing satellites: The new space race (Help Net Security) Security can no longer be an afterthought. Like IoT devices, a standard or guidelines need to be established for securing satellites.

Garry Kasparov on Geopolitical Cybersecurity Coming Home (Security Boulevard) The need for greater oversight and accountability in our rapidly expanding digital world has acquired a relatively new angle thanks to globalization and geopolitics.

Fastest Growing Companies Keep Pace Managing Cyber Risk, but Blind Spots Remain According to NormShield Cyber Risk Scorecard Research (NormShield Cyber Risk Scorecard) Small Business Week Survey Finds 50% of Top Growing Businesses Expose Users to Risk of Phishing Attacks

Healthcare IT pros now confident in their cyber attack response ability (Help Net Security) Almost two years since the NHS ransomware attack, healthcare IT professionals feel more confident in their cyberattack response ability.

24% of health IT experts would refuse to pay ransom (Beckers Hospital Review) As healthcare information technology professionals become more confident in their ability to respond to a cyberattack, 24 percent remain steadfast in the decision to not pay a ransom, according to an Infoblox survey.

Phishing, device insecurity biggest vulnerabilities for healthcare organizations (Healthcare Dive) Sending data to the wrong recipient is the most common security threat within the industry, according to Verizon.

Whose (usage) data is it, anyway? (Help Net Security) Around the world, business customers now demand business-to-business (B2B) SaaS companies safeguard their usage data. More importantly, they want to know


LockerGoga cyber attack was a wake-up call: Johansmeyer, PCS ( The LockerGoga ransomware attack was a wake-up call for the insurance and reinsurance industry and underlines the complex, emerging, and fast-moving

Navy awards big-ticket cyber space support contracts (Washington Technology) The Navy makes awards for a set of major contracts north of $500 million each to support operations in cyber space.

CACI Wins $415 Million Contract to Develop and Deploy Intelligence Systems for U.S. Army (BusinessWire) CACI International Inc (NYSE: CACI) announced today it has been awarded a $415 million prime contract to design and deploy new technologies for the U.

SAIC Wins Potential $106M IDIQ for DIA Document, Media Mgmt Support (GovCon Wire) Science Applications International Corp. (NYSE: SAIC) has won a potential 10-year, $106M contract to

Perspecta to Support Army Cyber-EW Missions Under $982M IDIQ; Mac Curtis Quoted (GovCon Wire) Perspecta (NYSE: PRSP) has secured a position on a 10-year, $982M contract to help the U.S. Army bui

Evident Raises $20 Million for Secure, AI-Powered Identity Verification (Yahoo) The financing will enable Evident to broaden its existing, robust technical infrastructure including deepening its investment in AI and machine learning, computer vision, and facial recognition technologies. Evident will also expand its team to meet the explosive demand for identity verification

Sectigo Acquires Icon Labs, Delivering Industry-First End-to-End IoT Security Platform (BusinessWire) Sectigo has acquired Icon Labs, a provider of cross-platform security solutions for embedded OEMs and Internet of Things (IoT) device manufacturers.

ManTech Launches Cyber Innovation Center to Serve U.S. Department of Defense Cyber Mission (West) Orlando Open House Showcases New Facility That Will Advance Cyber Training Capabilities for America’s Cyber Warriors

Symantec stock plummets as CEO steps down amid earnings miss (MarketWatch) Symantec Corp. shares were slammed in after-hours trading Thursday, after the company reported an earnings miss and disappointing guidance and Chief...

Symantec CEO Greg Clark Resigns, Ex-Novellus CEO Tapped As Interim Leader (CRN) Symantec President, CEO and board member Greg Clark has stepped down from all roles effective immediately following an internal accounting probe, activist investor unrest and enterprise sales struggles.

Symantec CEO resignation sends stock down sharply (Silicon Valley Business Journal) In the three years since Greg Clark took the helm, Symantec stock has only risen by about 8 percent. The S&P 500 index is up by about 32 percent in that same time.

MacKeeper Accelerates Its Ambitious Transformation With an All-new, International Senior Team (Yahoo) Kromtech, developer of MacKeeper, security, optimization, and protection software for Macs and technical support service provider -- with 1.4 million active users -- officially announces a new strategy and direction, powered by its new international senior team: CEO

WEBGAP Appoints Senior VP Of Engineering (PR Newswire) Remote browser isolation startup WEBGAP today announced the appointment of Jie Song as their Senior VP (of...

Products, Services, and Solutions

Hysolate Launches Cybersecurity Isolation Platform 2.0 with Extended Scalability (Hysolate) Hysolate 2.0 Helps Enterprises Speed and Improve Protection for Hundreds of Thousands of Endpoints

ExpressVPN Launches an Industry-First TrustedServer Technology (PRWeb) ExpressVPN, a top-ranked VPN provider, today announced their industry-first TrustedServer technology, which completely re-imagines server admi

Swimlane Integrates with Recorded Future for Intelligence-Driven Incident Response (Yahoo) Swimlane, a leader in security orchestration, automation and response (SOAR), today announced a new partnership with Recorded Future—a leading threat intelligence company—to empower security teams with the information they need to collaborate on analysis, helping customers quickly and efficiently identify

Enosys Solutions Joins CrowdStrike’s Elevate Partner Program (AiThority) CrowdStrike Inc., a leader in cloud-delivered endpoint protection, announced Enosys has joined CrowdStrike’s Elevate Partner Program

Technologies, Techniques, and Standards

Education first defense vs. cyber fraud, security expert says ( ) A national security expert touts education and awareness as the best defense against cyber fraud attacks.


Study to use cryptography to boost pupils' language skills (Gainesville Sun) Cryptography, or concealing secret messages with codes, has been used for thousands of years. UF researchers hope to use the practice to pique kids'

Legislation, Policy, and Regulation

Venezuela: Fears for Juan Guaidó as deputy seized (Times) The Venezuelan regime has begun a purge of suspected defectors and opposition politicians after last week’s failed uprising against President Maduro. Intelligence agents used a tow truck to drag...

We must learn what to do if the lights go out (Times) Late last month, as troops at Fort Bragg, the United States’ largest military base, were conducting a deployment exercise, the power went out. For hours, the 50,000-odd soldiers and officers at the...

Inside China's Massive Surveillance Operation (WIRED) In Xinjiang, northwest China, the government is cracking down on the minority Muslim Uyghur population, keeping them under constant surveillance and throwing more than a million people into concentration camps. But in Istanbul, 3,000 miles away, a community of women who have escaped a life of repression are fighting a digital resistance.

Wary of China, Macron urges Europe to set tech regulation standards (Reuters) Europe should set global standards for tougher regulation of digital technology,...

Vietnam Doesn’t Trust Huawei An Inch (Foreign Policy) China's closest ideological neighbor wants its own 5G network.

Huawei case puts strain on Canada-China business confidence (South China Morning Post) Survey finds Canadian companies hardest hit but Chinese firms operating in Canada also report negative impact since arrest of Huawei executive Sabrina Meng Wanzhou.

Trump is losing the fight to ban Huawei from global networks (Stamford Advocate) President Donald Trump's worldwide campaign to blackball Huawei Technologies is looking like a failure.

France Steps Up Global Tech Scrutiny With Social-Media Policing (Wall Street Journal) France plans to give regulators sweeping power to audit and fine large social-media companies like Facebook if they don’t adequately remove hateful content—ratcheting up global oversight of Silicon Valley.

Facebook chief to meet Macron as regulatory pressure mounts (France 24) Facebook chief to meet Macron as regulatory pressure mounts

Opinion | It’s Time to Break Up Facebook (New York Times) Mark Zuckerberg is a good guy. But the company I helped him build is a threat to our economy and democracy.

Facebook’s co-founder: ‘It’s time to break up Facebook’ (Washington Post) Chris Hughes, a co-founder of Facebook, is calling for the breakup of the social media juggernaut, citing the threat of the platform’s unchecked power and that of founder Mark Zuckerberg.

'Fake News Victims' Meet With Twitter and Facebook (WIRED) They've experienced firsthand how dangerous online disinformation and harassment can be. And they say tech executives aren't doing enough to stop it.

The Mueller Report Shows Politicians Must Unite to Fight Election Interference (Foreign Affairs) It's time to put partisanship aside.

Apocalypse now? Cyber threats and nuclear weapons systems (European Leadership Network) Cyber threats for national nuclear weapons systems are still below the radar yet they constitute a growing and real risk that needs to be addressed.

Trump picks former Boeing executive Patrick Shanahan for defense secretary (Washington Post) Shanahan would take the position permanently at a time when the military is preparing for intensified competition with China and Russia.

Cyberspace Solarium Commission Gets to Work (MeriTalk) Sen. Angus King, I-Maine, and Rep. Mike Gallagher, R-Wis., announced the formal launch of the Cyberspace Solarium Commission (CSC) on May 8. The two lawmakers will lead the 14-person Commission.

Sen King, Rep Gallagher to chair bipartisan commission to defend US in cyberspace (TheHill) Sen. Angus King (I-Maine) and Rep.

Litigation, Investigation, and Law Enforcement

When countries use ‘security’ to restrict trade (The Financial Express) Although the WTO has expressed its right to adjudicate security exceptions invoked by members under Article XXI of GATT, it remains to be seen whether WTO members, particularly major powers, accept this point of view.

Ex-intelligence analyst charged with leaks to reporter (Federal News Network) A former government intelligence analyst has been charged with leaking classified documents about military campaigns against terrorist group al-Qaeda to a reporter…

Former NSA analyst charged in leak of classified documents to reporter (CyberScoop) A former National Security Agency analyst has been charged and arrested for illegally obtaining classified national defense information, including files on drone warfare, and disclosing it to a reporter.

DOJ Charges Another Leaker for Allegedly Spilling Secrets (The Daily Beast) Feds reach back to 2013 and charge intelligence contractor for allegedly turning over information about the U.S. fight against Al Qaeda.

Chinese National Indicted on Hacking Charges Related to Anthem Breach (Wall Street Journal) A Chinese national and an unnamed co-defendant were indicted on hacking charges related to a campaign to breach large U.S. businesses, including the 2015 theft of data from insurer Anthem.

Chinese nationals charged for Anthem hack, 'one of the worst data breaches in history' (POLITICO) Prosecutors said the hackers waited patiently for months at a time before stealing data.

United States of America, Plaintiff, v. Fujie Wang a/k/a "Dennis Wang," John Doe, a/k/a "Deniel Jack," a/k/a "Kim Young," a/k/a "Zhou Zhihong," Defendants (US Department of Justice) The Grand Jury charges that...

Chelsea Manning is released from jail (BBC News) But the ex-US intelligence analyst may be held again over her refusal to testify in a Wikileaks probe.

Manning ordered to appear before new U.S. grand jury as she is... (Reuters) Former U.S. Army intelligence analyst Chelsea Manning, who was being detained fo...

FCC blocks China Mobile from operating in U.S. over national security concerns (Axios) The move represents a significant escalation in the slow-building conflict between the U.S. and China over telecom trade.

Feds Dismantled the Dark-Web Drug Trade—but It's Already Rebuilding (WIRED) After recent high-profile dark-web drug market takedowns, new vendors are already filling the void.

Metal keys beat smart locks in NYC legal battle (Naked Security) A group of tenants in New York City have prevailed in a lawsuit against their landlord’s use of smart locks.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Security in our Connected World Seminar (Shenzhen, China, September 25, 2019) This year, GlobalPlatform’s seminar will examine critical security technologies, such as the Trusted Execution Environment (TEE) and Secure Element (SE), and delve into their associated business and technical...

Upcoming Events

Cybertech Midwest 2019 (Indianapolis, Indiana, USA, April 24 - July 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...

Secutech 2019 (Taipei, Taiwan, May 8 - 10, 2019) As the largest regional business platform for professionals in the security, mobility, building automation and fire safety solution sectors, Secutech is the annual gathering place for key players from...

Cyber Security Transatlantic Policy Forum (Killarney, Ireland, May 10, 2019) The mission of the conference is to bring politicians, law enforcement, policy makers and cyber industry leaders together to create an annual dialogue. Our goal is to ensure that we expand and improve...

Insider Threat Program Management With Legal Guidance Training Course (Washington, DC, USA, May 13 - 14, 2019) The Insider Threat Defense Group will hold our highly sought after Insider Threat Program (ITP) Management With Legal Guidance Training Course, in Washington, DC, on May 13-14, 2019. This comprehensive...

NIST IT Security Day (Gaithersburg, Maryland, USA, May 14, 2019) From nanoscale devices so tiny that tens of thousands can fit on the end of a single human hair…to earthquake-resistant skyscrapers and global communication networks, the National Institute of Standards...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.