skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

Citizen Lab attributes (with "moderate confidence") a multi-year, multilingual influence operation to Iran, the Washington Post notes.

WhatsApp has patched a vulnerability that permitted remote installation of NSO Group's Pegasus intercept tool, the Financial Times reports. It's unknown how many phones were affected; the University of Toronto's Citizen Lab says that they're aware of one (probable) case. The vulnerability is said to have affected both Android and iOS devices. NSO Group said it would not have been involved in such activity, and that it's investigating.

BleepingComputer writes that Symantec, McAfee, and Trend Micro were among the security firms allegedly breached by the Fxmsp hackers. Trend Micro said data from a test lab had been accessed by unauthorized parties, but that no source code or customer information were compromised. Symantec denied being affected at all, and McAfee says it's investigating. BleepingComputer identified the companies from unredacted Fxmsp chat logs it received from Advanced Intelligence researchers. There's no word yet about a rumored fourth victim.

What's the cost of a breach? In the case of Equifax, Infosecurity Magazine reports that it's so far cost the company $1.4 billion.

Firms are concluding that many of the data lost in breaches needn't have been collected in the first place. A database of some 200 million individuals' information is circulating in what CSO calls "the grey market." While it doesn't include such tripwire data as Social Security, passport, driver's license, or credit card numbers, it contains forty-two fields of great interest but dubious direct-marketing value.

Notes.

Today's issue includes events affecting Australia, Cambodia, Canada, China, Denmark, Egypt, Iran, Israel, Jordan, Democratic Peoples Republic of Korea, Russia, Saudi Arabia, Sweden, Tanzania, Thailand, United Kingdom, the United States, Uzbekistan, and Venezuela.

Bring your own context.

Some of the trends reported in this year's Verizon's Data Breach Investigation Report are quite positive, like the way human resources departments are now savvier about social engineering, and the decline in the number of W2 scams. Other trends are less positive, like this one:

"There was another sharp increase this year on the number of records leaked through misconfiguration of cloud-based storage. So think about your favorite cloud-based platform as a service provider. They will have an option where you can just post files online. Some people are leaving them open for public consumption, right? And there's a lot - we had - we tracked over 60 million different records of multiple sources, multiple organizations that were leaked this way, just because someone failed to press the keep this private checkbox - could potentially have been easily avoided, right? There was no work on anybody's part. There was no hacking, no zero day, no nothing involved, just plain misconfiguration." Alex Pinto, head of security research at Verizon, and co-author of the twelfth annual Data Breach Investigation Report, on the CyberWire Daily Podcast, 5.10.19.

Check your services. They won't configure themselves, and no matter how good the defaults are, they need a look.

Automation techniques by Coalfire and AWS enable FedRAMP ATO in half the time

Automation is dramatically changing the times and costs to compliance—in many cases by half compared to traditional methods. Furthermore, these techniques can slash the demands on in-house staff and eliminate much of the redundant work across frameworks. Download the white paper explaining the benefits of new automation techniques pioneered by Coalfire and AWS.

In today's podcast, out later this afternoon, we speak with our partners at Lancaster University, as Daniel Prince discusses asymmetric information and attacker/defender dynamics. The CyberWire's own Tamika Smith debuts on our show with her story on Hackground, a STEM and robotics club.

And Recorded Future's podcast, produced in partnership with the CyberWire, is up. In this episode, "A Risk-Based Approach From Spammers to Nation-States," Martijn Grooten of Virus Bulletin discusses the range of threats that he's tracked over the past few decades, his thoughts on threat intelligence, and more.

Uniting Women in Cyber (Arlington, VA, United States, May 17, 2019) Join us as we celebrate the women in today’s cybersecurity ecosystem at the Uniting Women in Cyber Symposium on May 17, 2019! This full-day event features dynamic women speakers discussing the future of tech, cybersecurity and business. Network among 300–400 business and technical professionals and attend our awards reception recognizing women in tech and business.

DreamPort Event: Tech Talk Series: How DevOps and Automation Can Accelerate Warfighting Readiness (Columbia, Maryland, United States, June 19, 2019) Come hear NetApp's own DevOps journey and lessons learned and see how NetApp has equipped large enterprises to change fast and manage risk, with its deep integration with DevOps tools. In this interactive demonstration and discussion, NetApp will guide conversation towards a DevSecOps vision that can be realized immediately with capabilities that are available today to Defense Department developers.

DreamPort Event: RPE- 006: The Defense at Pemberton Mill (Columbia, Maryland, United States, June 21, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM is hosting RPE -006: The Defense at Pemberton Mill. For this event, we'll be looking for solutions that monitor a fictitious network for vulnerabilities and detect attacks in progress. We want participants to bring solutions for monitoring both information technology (IT) and operational technology (OT) networks both in live (with network taps) and offline (PCAP) mode. This event is June 21.

Wicked6 Cyber Games (Las Vegas, Nevada, United States, August 6, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.

Cyber Attacks, Threats, and Vulnerabilities

Report: Iran-linked disinformation effort had personal touch (Washington Post) A new report from Canadian internet watchdog Citizen Lab is linking Iran with a fake Twitter account unmasked by The Associated Press

'Typosquatting' campaign imitated news outlets to spread propaganda for years, report says (CyberScoop) Researchers have uncovered a years-long disinformation campaign in which suspected Iranian operatives masqueraded as well known international media outlets and used fake Twitter accounts to amplify fabricated news articles.

WhatsApp discovers surveillance attack (BBC News) "An advanced cyber-actor" exploited a major flaw in the Facebook-owned messaging service, WhatsApp confirms.

WhatsApp Zero-Day Exploited in Targeted Spyware Attacks (Threatpost) WhatsApp has patched a vulnerability that allowed attackers to install spyware on victims' phones.

Report: WhatsApp Vulnerability Used to Secretly Infect Phones With NSO Group's Notorious Spyware (Gizmodo) Powerful spyware developed by Israeli cyber-intelligence company NSO Group exploited a vulnerability in encrypted messaging app WhatsApp to transfer itself to targeted devices, the Financial Times reported on Monday.

Israeli Firm Tied to Tool That Uses WhatsApp Flaw to Spy on Activists (New York Times) Researchers said the NSO Group had found a vulnerability, which was disclosed Monday, that was used to target the iPhone of a human-rights lawyer in London and perhaps others.

Fxmsp Chat Logs Reveal the Hacked Antivirus Vendors, AVs Respond (BleepingComputer) A report last week about Fxmsp hacker group claiming access to the networks and source code of three antivirus companies with offices in the U.S. generated from alleged victims statements that are disputed by the firm that sounded the alarm.

Antivirus Makers Confirm—and Deny—Getting Breached by Hackers Looking to Sell Stolen Data [Updated] (Gizmodo) Symantec and Trend Micro are among the list of leading antivirus companies that a group of Russian-speaking hackers allege to have compromised, Gizmodo has learned. It remains unclear to what degree the claim is true, if any.

New Details Emerge of Fxmsp's Hacking of Antivirus Companies (BleepingComputer) It is difficult to fathom that a threat actor may be able to breach the networks of a reputed security company. Yet, this is not only possible but also happened in the past; and it is not far-fetched to believe that it is the case with at least three antivirus makers, as reported by BleepingComputer earlier this week.

Trend Micro Admits Limited Breach by "Fxmsp" Hackers - Symantec Denies It (Computer Business Review) Trend Micro admits it was hacked, but says scope was limited.

Thrangrycat flaw lets attackers plant persistent backdoors on Cisco gear (ZDNet) Most Cisco gear is believed to be impacted. No attacks detected, as of yet.

A Cisco Router Bug Has Massive Global Implications (WIRED) Researchers have discovered a way to break one of Cisco's most critical security features, which puts countless networks at potential risk.

High-risk vulnerability in Cisco's secure boot process impacts millions of devices (Help Net Security) The vulnerability, codenamed Thrangrycat, is caused by a series of hardware design flaws within Cisco’s Trust Anchor module.

Twitter says bug gave ad partner access to iOS users' location information (CyberScoop) Twitter may have collected and shared location data from customers using Apple devices then shared that information with an advertising partner, the company announced Monday.

A bug impacting collection and sharing of location data on iOS devices (Twitter) You trust us to be careful with your data, and because of that, we want to be open with you when we make a mistake. We have discovered that we were inadvertently collecting and sharing iOS location data with one of our trusted partners in certain circumstances.

Boost Mobile says hackers broke into customer accounts (TechCrunch) Boost Mobile, a virtual mobile network owned by Sprint, has confirmed hackers have broken into an unknown number of customer accounts. The company quietly posted a notification of its data breach almost exactly two months after March 14, when Boost said the breach happened. “Boost.com experie…

Hackers are collecting payment details, user passwords from 4,600 sites (ZDNet) Same hacker group compromises Alpaca Forms and Picreel to deploy malicious code to thousands of sites.

200 million-record breach: Why collecting too much data raises risk (CSO Online) Avoid the siren song of big data and collect only what you need. This is the big takeaway from a 200-million record direct marketing list, including home address, telephone, religious affiliation and financial information now circulating on the grey market.

Bad Actors Using MitM Attacks against ASUS to Distribute Plead Backdoor (The State of Security) Researchers believe bad actors are using man-in-the-middle (MitM) attacks against ASUS software to distribute the Plead backdoor.

The trust crisis in web standards (InnovationsAus.com) New research from CSIRO’s Data61 unit has found that even the most popular and trusted websites are using chains of third-party scripts and services hidden from end users that make these sites prone to malicious activity.

Linux Kernel Prior to 5.0.8 Vulnerable to Remote Code Execution (BleepingComputer) Linux machines running distributions powered by kernels prior to 5.0.8 are affected by a race condition vulnerability leading to a use after free, related to net namespace cleanup, exposing vulnerable systems to remote attacks.

Incident Reporting System (US-CERT) As the number of organizations migrating email services to Microsoft Office 365 (O365) and other cloud services increases, the use of third-party companies that move organizations to the cloud is also increasing. Organizations and their third-party partners need to be aware of the risks involved in transitioning to O365 and other cloud services.

Korean APT Adds Rare Bluetooth Device-Harvester Tool (Dark Reading) ScarCruft has evolved into a skilled and resourceful threat group, new research shows.

North Korea-Linked 'ScarCruft' Adds Bluetooth Harvester to Toolkit (SecurityWeek) A North Korea-linked hacker group tracked as ScarCruft, APT37 and Group123 continues to evolve and it recently added a Bluetooth harvester to its toolkit.

Study finds Android smartphones riddled with suspect ‘bloatware’ (Naked Security) According to a new study, Android bloatware can create hidden security and privacy risks.

A look at Hworm / Houdini AKA njRAT (Security Boulevard) Hworm/njRAT is a Remote Access Tool (RAT) that first appeared in 2013 in targeted attacks against the international energy industry, primarily in the Middle East. It was soon commoditized and is now part of a constantly evolving family of RATs that pop-up in various new formats.

China: How Mass Surveillance Works in Xinjiang (Human Rights Watch) Chinese authorities are using a mobile app to carry out illegal mass surveillance and arbitrary detention of Muslims in China’s western Xinjiang region, Human Rights Watch said in a report released today.

ThreatList: Top 5 Most Dangerous Attachment Types (Threatpost) From ZIP attachments spreading Gandcrab, to DOC files distributing Trickbot, researchers tracked five widescale spam campaigns in 2019 that have made use of malicious attachments.

Vulnerability Summary for the Week of May 6, 2019 | US-CERT (US-CERT) The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available. 

Antietam Broadband in Hagerstown is broken (Bent Corner) Antietam Broadband has had service problems since April 24, 2019. They're now blaming everything on a distributed denial-of-service attack. Is it true?

Security Patches, Mitigations, and Software Updates

Cisco patches IOS XE remote command injection flaw (iTnews) But a Secure Boot vulnerability is harder to fix.

NVIDIA Patches High Severity Bugs in GPU Display Driver (SecurityWeek) NVIDIA has patched High severity vulnerabilities (CVE‑2019‑5675 and CVE‑2019‑5677) its NVIDIA GPU Display Driver that could allow an attacker to escalate privileges or execute code on victim systems.

Remote Code Execution Flaw Found in Kaspersky Products (SecurityWeek) Kaspersky patched a serious remote code execution vulnerability affecting products with antivirus databases.

Cyber Trends

Quarterly Website Security Report (Sitelock) The SiteLock 2019 Website Security Report analyzes more than 6 million websites to determine the most prevalent cyberthreats websites face today.

IoT Spotlight (Bugcrowd) We are on the verge of a major technological revolution: interconnectivity at scale, anytime and anywhere. IoT has paved the way for smart cities, cities, improved productivity, the connected home, and ultimately more opportunities to connect with one another.

Report: Most Organizations Are Dissatisfied With Their Web Application Firewalls (WAFs) (Yahoo) Cequence Security, a provider of innovative software solutions that protect web, mobile, and API-based applications from cyberattacks, today released a new Ponemon Institute report - “The State of Web Application Firewalls”- showing that only 40% of organizations are satisfied with their WAF. The

Survey: 46% of organizations that store customer PII in the cloud consider moving it back on-premises due to security concerns (Netwrix) Netwrix study finds that only with a data security program can organizations completely address the security of customer data regardless of its location

DDoS attacks among top 5G security concerns (SearchSecurity) 5G security concerns are top of mind for mobile operators now that the new generation of wireless technology is a reality. Specifically, they're worried about bigger and more destructive DDoS attacks.

Digging Deep into the Verizon DBIR (Decipher) The Verizon Data Breach Investigations Report isn’t just full of interesting data breach statistics; it also offers enterprise defenders valuable insights on the kind of real-world threats they should be worrying about.

Exclusive research: Phishing outranks ransomware as top cyber-threat for 2019 (CRN) Some 17 per cent of IT decision makers polled in CRN research say they have been the victim of a ransomware attack

Health sector still plagued by breaches, according to latest OAIC report (CRN Australia) Many come down to human error.

Malicious Attacks Cause of Most Aussie Breaches (Infosecurity Magazine) An OAIC report marks the start of Privacy Awareness Week in Australia.

Retailers Are Under Siege from Botnets (Technology Solutions That Drive Business) For retailers competing to provide a seamless — and safe — online experience for consumers, bots pose a big problem. Hackers attempted a staggering 10 billion attempts to access retail sites between May and December 2018, according to a recent report by Akamai Technologies.

Marketplace

Respond Software Raises $20 Million to Meet Growing Demand for Robotic Decision Automation in Security Operations (Respond Software) Led by ClearSky Security, Financing to Ramp Sales and Customer Operations in 2019; ClearSky Managing Director Jay Leek Joins Respond Software Board of Directors   MOUNTAIN VIEW, Calif.—May 14, 2019— Respond Software, innovators in Robotic...

Equifax Has Spent Nearly $1.4bn on Breach Costs (Infosecurity Magazine) Cautionary tale as credit agency pays heavily for 2017 incident

Huawei and the unraveling of globalization (The Japan Times) Cross-border investment and globalization is no longer seen as one of the major guarantors of international peace.

Huawei's economic impact on the UK revealed amid security fears (The Telegraph) A report claims Huawei boosted the UK annual GDP by £287 million in 2018, as the debate over the company's security continues.

IBM sacks 300 services staff; says it is looking to reinvent itself (ETCIO.com) A majority of these employees were in software services roles. They were let go as IBM focuses on emerging technology capabilities and reduces exposur..

Authentic8 Expands into Europe to Meet Growing Market Demand for Web Isolation Solutions (West) Step follows approval for participation in NATO bidding and procurement process

IT developer Miroslav Trnka first wanted to heal computers and then society (Slovak Spectator) Eset is now one of the leading cyber security companies in the world

Cubic names Northrop vet Amen to BD leadership post (Washington Technology) Cubic Corp. names 25-year defense market veteran Martin Amen to lead business development for a product line the company acquired earlier this year.

Bill Carroll Joins Bishop Fox as Chief Operating Officer (Yahoo) Bishop Fox, the largest private professional services firm focused on offensive security testing, announced today that Bill Carroll has joined the firm as Chief Operating Officer (COO), where he will be responsible for the day-to-day operations of the company. As

Products, Services, and Solutions

Mocana Introduces Cyber Protection Solution for Massive IoT, Smart Cities and Distributed Intelligence Networks (Mocana) Mocana announced the availability of a cyber protection solution for massive IoT, smart cities and distributed intelligence networks.

Rackspace and Telos Team Up to Accelerate the FedRAMP Journey (West) Next Generation Compliance Services to Simplify FedRAMP Processes

WhiteHat Security and RSI Partner to Offer First One-stop Solution for Identifying and Remediating Application Security Threats | WhiteHat Security (WhiteHat Security) WhiteHat Security, the leading application security provider committed to securing digital business, today announced that it has partnered with Rural Sourcing Inc., the leading provider of US-based IT outsourcing services, to offer the industry’s first one-stop solution to identify and remediate application level exposures. The two companies will combine the …

Versasec Releases vSEC:CMS S5.5 (Versasec) vSEC:CMS S-Series 5.5 identity and access management software also adds support for Identiv uTrust MD and Gemalto PIV 3.0 smart cards, and options for Oberthur PIV 8.1 smart cards

CyberScale™ Compliance And Risk Management Solution (Criterion Systems) While the cybersecurity threat environment is well known as a key challenge for Federal Departments and Agencies (D&As), there are other, equally important issues that need to be addressed when they seek to improve their cybersecurity and privacy (CS&P) programs.

ShorePoint, Inc. Expands Advisory Services Offering (ShorePoint, Inc.) ShorePoint, Inc. is a privately held cyber security services firm, serving both private and public-sector customers. Our executive team is comprised of cybersecurity experts who collectively bring more than 80 years of experience keeping government agency and company networks strongly secured from cyber threats.

CrowdStrike and InPhySec Team up to Tackle Growing Demand for Cyber Security Solutions in New Zealand (AP NEWS) CrowdStrike® Inc, the leader in cloud-delivered endpoint protection, and InPhySec Security Ltd., New Zealand’s leading cloud delivered managed security provider, are partnering to help address common cyber security issues in New Zealand and meet the increased demand for cyber security products.

LIFARS Announces an Alliance with eSentire to Deliver Advanced Cyber Detection and Response Services (PR Newswire) LIFARS, LLC, a New York City-based cybersecurity incident response and digital forensics firm, today announced a...

Technologies, Techniques, and Standards

The NSA knows its weapons may one day be used by its targets (CyberScoop) The idea that enemies will reverse engineer NSA exploits is one that military brass deals with every day. What's being done to prevent it from happening?

U.S. Govt Issues Microsoft Office 365 Security Best Practices (BleepingComputer) The Cybersecurity and Infrastructure Security Agency (CISA) issued a set of best practices designed to help organizations to mitigate risks and vulnerabilities associated with migrating their email services to Microsoft Office 365.

3 Ways Cloud Adoption is Changing the Role of CISO (Bricata) The enterprise adoption of the cloud is changing the role of the CISO, including the reporting structure, responsibilities and skill sets required for the job.

An Ode to CISOs: How Real-World Risks Became Cyber Threats (SecurityWeek) As innovative online attacks continue to expand the purview of cyber security, helping these CISOs means equipping them with equally innovative tools that stand a fighting chance.

The Need for Tiered Security at the Edge (SecurityWeek) Edge computing lets organizations analyze important data closer to the edge of the network in order to respond to events in near real-time – a requirement for many industries, including health care, telecommunications, manufacturing, and finance.

Tips to spring clean your company's social media and stay protected (Help Net Security) As attacks become more frequent and more pernicious, it’s vital for organizations to take the time to review their social media and digital risk processes.

How to avoid becoming a cryptojacking victim (Bitglass) Large-scale cryptojacking is a lucrative business due to the popularity and value of cryptocurrencies like Bitcoin and Ethereum.

HackerOne: Offer white hats a safe harbour (Digital News Asia) One in four vulnerabilities discovered by white hat hackers go unreported because researchers fear legal action.

How banks can climb to the top of NIST's cybersecurity maturity tiers (Tech Wire Asia) Deloitte, in a recent report Pursuing Cybersecurity Maturity in Financial Institutions outlines, from observation and evaluation, the characteristics of adaptive companies per the NIST's framework:

Design and Innovation

PwC opens scale-ups programme for cyber-security businesses (Consultancy) Two years ago, PwC launched a programme for supporting scale-ups.

Legislation, Policy, and Regulation

New Commission Takes on U.S. Cyber Policy (SIGNAL Magazine) A group of legislators lead development of a national cyber doctrine.

Australia's innovative cyber diplomacy bridging foreign policy - technology divide (Mirage News) Showcasing our innovative approach to cyber diplomacy, Australia and Denmark brought together senior cyber and technology diplomats from 21 countries for...

Weaponizing Cyber Law (Project Syndicate) In recent years, autocratic regimes have increasingly relied on legal and bureaucratic tools – from restrictions on foreign funding to draconian sedition laws – to impede civic activism. Now, they are adding cyber legislation to their arsenals of repression.

How Tech Helped Unknown Staffers Change the US Way of War (WIRED) The National Security Council has gained enormous influence over the last few decades—thanks in no small part to better tech.

Marine Corps establishes Volunteer Cyber Auxiliary to Increase Cybersp (The Official United States Marine Corps Public Website) The Commandant of the Marine Corps, Gen. Robert Neller, announced last month the establishment of the Marine Corps Cyber Auxiliary (Cyber Aux), a volunteer organization aimed at increasing Marine

CIA Recruiting Comes Out Into The Open (NPR) Under CIA Director Gina Haspel, the spy agency is reaching out in very public ways it has never done before, from social media to superhero conventions.

Analysis | The Cybersecurity 202: This presidential contender wants to create a Cabinet-level cybersecurity department (Washington Post) John Delaney is trying to elevate the issue.

Litigation, Investigation, and Law Enforcement

Huawei's detained finance chief speaks out in letter to employees (CNN) Huawei's finance chief, detained in Canada since December, has written to the company's 188,000 employees to thank them for support she says has filled her "with power."

DOJ tries to disqualify ex-Obama official from defending China’s Huawei (Washington Examiner) The Justice Department is working to disqualify top Obama department official James Cole from defending the Chinese technology firm Huawei in a high-profile criminal case, according to a new heavily redacted federal court filing on Friday.

Apple Loses Bid to End App Antitrust Case in Supreme Court (Wall Street Journal) The Supreme Court ruled consumers can proceed with a suit challenging Apple’s control over the marketplace for iPhone apps, threatening the tech giant’s slice of billions of dollars in sales.

Sweden reopens rape case against WikiLeaks’ Julian Assange, wants extradition (Washington Post) The case was discontinued while Assange hid out for years in London’s Ecuadoran embassy.

AP source: Barr opens a second investigation of Russia probe (AP NEWS) Attorney General William Barr has appointed a U.S. attorney to examine the origins of the Russia investigation and determine if intelligence collection involving the Trump...

Rand Paul: Mueller probe 'politically motivated,' 'goes even back to the Clintons' (TheHill) Sen. Rand Paul (R-Ky.) said Sunday that the Robert Mueller's Russia probe is an example of why the U.S.

Rosenstein criticizes Jim Comey as ‘partisan pundit,’ defends handling of Mueller probe (Washington Post) The former deputy attorney general, in a speech Monday, offered one of his most thorough accounts of Comey’s firing as FBI director.

Opinion | What the Mueller report reveals about the media (Washington Post) The whole report broken down, quantified, analyzed — all from the perspective of its treatment of news organizations.

FCC Commissioners Say the Agency Won’t Tell Them About Phone Location Data Investigation (Vice) Ajit Pai’s FCC cares more about the privacy of its investigation than the privacy of consumers, one says.

Chemical Safety Board Needs to Consistently Follow Its Cyber Rules, Watchdog Says (Nextgov.com) Environmental Protection Agency’s Office of Inspector General said the agency’s lack of defined policies makes it susceptible to security incidents.

APNewsBreak: Defense say Navy SEAL prosecutors spied on them (Washington Post) Defense lawyers in the case of a Navy SEAL charged with killing an Islamic State prisoner in Iraq say prosecutors installed spying software in emails sent to them and to a reporter

Wyden seeks answers in Florida election hacking allegations (POLITICO) The FBI believes that voter registration software was hacked by the Russians in 2016.

Autonomy's former CFO Sushovan Hussain sentenced to five years in jail (Computing) Hussain given fives years in jail, fined $4m and subject to $6.1m 'forfeiture payment'

Verizon offering $10,000 reward in South Jersey network destruction spree (6ABC Philadelphia) Verizon is offering a $10,000 reward for information leading to the arrest of the person responsible for damaging the company's equipment.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

2020 OurCrowd Global Investor Summit (Jerusalem, Israel, February 11 - 13, 2020) We’re expanding the Summit to three days! Invite-only events will take place February 11-12, with Summit Day on February 13. Summit Week will be packed as ever, with corporate meet ups, VC forums, insider...

Upcoming Events

Cybertech Midwest 2019 (Indianapolis, Indiana, USA, April 24 - July 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...

Insider Threat Program Management With Legal Guidance Training Course (Washington, DC, USA, May 13 - 14, 2019) The Insider Threat Defense Group will hold our highly sought after Insider Threat Program (ITP) Management With Legal Guidance Training Course, in Washington, DC, on May 13-14, 2019. This comprehensive...

NIST IT Security Day (Gaithersburg, Maryland, USA, May 14, 2019) From nanoscale devices so tiny that tens of thousands can fit on the end of a single human hair…to earthquake-resistant skyscrapers and global communication networks, the National Institute of Standards...

Transport Security Congress (Washington, DC, USA, May 14 - 15, 2019) The Transport Security Congress brings together business and security leaders from all sectors of passenger and goods transportation to discuss solutions to the evolving security and safety risk landscape.

TechNet Cyber (Baltimore, Maryland, USA, May 14 - 16, 2019) TechNet Cyber 2019, formerly the Defensive Cyber Operations Symposium, will be the staging area for military, industry and academia to discuss and plan how to achieve persistent engagement, persistent...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.