skip navigation

More signal. Less noise.

What if your security strategy added zeros to your bottom line?

Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.

Daily briefing.

Huawei is now on the US Entity List, which means that US companies will need a special license from the Bureau of Industry and Security to do business with Shenzhen. TechCrunch says several US chip companies, Qualcomm and Intel among them, have stopped deliveries of chips to Huawei. Huawei anticipated this rainy day, and the South China Morning Post says the company has stockpiled a year's worth of US goods necessary to sustain production. Equally or more serious consequences are expected from Google's weekend suspension of Huawei's Android license (reported by the Verge). Huawei immediately loses access to Android updates, and new versions of its devices will no longer have access to Gmail or the Play Store.

Facebook has shut down accounts allegedly run by Israeli political marketing firm Archimedes Group for coordinated inauthenticity. The targets were in various African nations.

A script error in Salesforce's Pardot service affected customers beginning Friday. Service, CRN writes, is under restoration.

OGUsers, a popular forum that, despite its anodyne self-description, traded digital contraband, was hacked by other criminals, Vice reports.

Scare headlines in CSO and elsewhere suggest that the US Selective Service system (that is, the draft, gone since 1973, when Ichiro Suzuki was in diapers) might someday return. One presumed goal of a revived draft would be to enable the US military to conscript hackers, but hackers, we wouldn't sweat this one. The Orioles are likelier to contend for a pennant this year than you are to receive greetings from the President.

Notes.

Today's issue includes events affecting Angola, Belgium, Canada, China, Denmark, Estonia, European Union, Finland, Greece, India, Iran, Israel, Kuwait, Niger, Nigeria, Poland, Portugal. Russia, Senegal, South Africa, Sri Lanka, Sweden, Togo, Tunisia, Ukraine, United Kingdom, United States.

Bring your own context.

So, same target set, same tools, same threat group, right? Not so fast.

"This is kind of a commonality that we've seen across a number of these advanced persistent threat groups. More and more of them are kind of switching over to using these freely available tools, which, one, makes it somewhat a little bit more difficult to track, in terms of if they were using something custom, it's - when you see tool pop up somewhere, you could reliably kind of attribute to that group, or it's probably that group that have been active. Now, by switching over to these kind of more common tools, these freely available tools, it makes it a little bit more difficult to kind of separate its activities and attribute it back to that group for tracking purposes."

—Alan Neville,  principal threat intelligence analyst at Symantec, discussing the Elfin threat group, on the CyberWire's Research Saturday, 5.18.19.

Threat actors buy, borrow, swap, and steal from each other. And many of their tools have effectively become commodities.

Cyber State of Mind: 2019 Threat Landscape Review

According to CyberEdge’s 2019 Cyberthreat Defense Report, 78% of enterprises were victimized by a successful cyberattack last year. Is your organization next? On May 22nd at 2:00 PM ET join LookingGlass’ SVP of Delivery & Support, James Carnall, and CyberEdge’s Co-founder & CEO, Steve Piper, as they review insights from CyberEdge’s sixth-annual research study. They’ll also provide answers to important questions, such as what are the weakest links in current security postures and What the hottest security technologies are in 2019.

In today's podcast, out later this week, we speak with our partners at the University of Maryland, as  Jonathan Katz discusses a role for encryption in better security at border crossings. The CyberWire's Tamika Smith reports on the Baltimore City government ransomware situation.

National Cyber Summit Job Fair, June 5, Huntsville. (Huntsville, Alabama, United States, June 5, 2019) Cleared and non-cleared cybersecurity pros make your next career move at the free National Cyber Summit Job Fair, June 5 in Huntsville. Meet face-to-face with 22 leading cyber employers. Visit our site for more details.

Cyber Howard Conference (Columbia, Maryland, United States, June 19, 2019) Join us for our 10th annual cyber conference in Howard County. We will tackle the topic of Cyber Sensemaking which is a fluid and continuous approach for establishing better defenses and best practices as a cyber community.

Wicked6 Cyber Games (Las Vegas, Nevada, United States, August 6, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.

Cyber Warrior Women Summer Social: Sip and Paint (Columbia, Maryland, United States, August 21, 2019) Join the Cybersecurity Association of Maryland, Inc. (CAMI) for the annual Cyber Warrior Women Summer Social, an all-about-fun-and-networking event! We're adding an artistic element to this year's event with a wine glass painting exercise. No previous art experience required.

Cyber Attacks, Threats, and Vulnerabilities

Facebook’s latest account purge exposes Africa’s misinformation problem (TechCrunch) Facebook last week purged a network of hundreds of pages, groups and Instagram accounts it labeled as producing “coordinated inauthentic behavior” toward Africa. The activity originated in Israel and was largely targeted toward Nigeria, Senegal, Togo, Angola, Niger, and Tunisia. It was mostly polit…

Inauthentic Israeli Facebook Assets Target the World (Medium) Facebook removed hundreds of inauthentic pages and other assets operated by Israeli political marketing firm Archimedes Group

Hacking democracies (ASPI) Cataloguing cyber-enabled attacks on elections

Sri Lanka comes under a cyber attack (MENAFN - Colombo Gazette) Sri Lanka came under a cyber attack today with at least 10 websites being hacked.The Sri Lanka Computer Emergency

Security researchers discover Linux version of Winnti malware (ZDNet) Winnti Linux variant used in 2015 in the hack of a Vietnamese gaming company.

Faulty database script brings Salesforce to its knees (ZDNet) Faulty production script gave users access to all their company's Salesforce data.

Salesforce outage hits after data leak (CRN Australia) UPDATE: 'Major issue' follows attempt to repair database errors.

'Major' Salesforce Outage Whacks Firm's Marketing Automation Customers (CRN) Salesforce told customers Friday that it is experiencing a 'major issue with its service' and is attempting to resolve it as quickly as possible.

Salesforce? Salesfarce: Cloud giant in multi-hour meltdown after database blunder grants users access to all data (Register) Plug pulled on instances as engineers scramble to protect customer info

Account Hijacking Forum OGusers Hacked (KrebsOnSecurity) Ogusers[.]com — a forum popular among people involved in hijacking online accounts and conducting SIM swapping attacks to seize control over victims’ phone numbers — has itself been hacked, exposing the email addresses, hashed passwords, IP addresses and private messages for nearly 113,000 forum users.

Hackers steal data from 113,000 other hackers (IT PRO) No honour among cyber thieves as the details were swiped from a hacker forum and posted on a rival site

Infamous Forum For Instagram Hackers Gets Hacked by Other Hackers (Vice) Hackers hacked the OGUSERS forum and published its database in another hacker forum.

Trickbot Watch: Arrival via Redirection URL in Spam (TrendLabs Security Intelligence Blog) We discovered a variant of the Trickbot banking trojan (detected by Trend Micro as TrojanSpy.Win32.TRICKBOT.THDEAI) using a redirection URL in a spam email. The redirection URL is a way to sidestep spam filters that may block Trickbot at the onset.

Eurovision faces ‘being forced OFF AIR in hack attack from Iran’ (Daily Star) Eurovision faces being forced off air in a cyber attack from Iran...

An insider reveals how the nasty spyware used in the WhatsApp breach lets governments secretly access everything in your smartphone, from text messages to the microphone and cameras (Business Insider) Over 1.5 billion WhatsApp users were exposed to a major security flaw that enabled hackers to take over smartphones simply by calling them.

Many people still remain vulnerable to WhatsApp hack: Here's why (Yahoo) Recently, a major security vulnerability in WhatsApp was revealed that allowed hackers to inject and spread Israeli spyware through voice calls. The company drew flak after the revelation but said the issue has been fixed with the latest update of the app. However, as it turns out, a large number of

Tech Tent - who’s spying on you? (BBC News) As WhatsApp discovers attempts to plant spyware, Tech Tent debates the merits of tracking tools.

EternalBlue reaching new heights since WannaCryptor outbreak (WeLiveSecurity) It's been two years since WannaCryptor rocked the world, and the exploit that powered the ransomware outbreak is now more popular than ever.

When Older Windows Systems Won't Die (Dark Reading) Microsoft's decision to patch unsupported machines for the critical CVE-2019-0708 flaw is a reminder that XP, 2003, and other older versions of Windows still run in some enterprises.

Bluetooth's Complexity Has Become a Security Risk (WIRED) Bluetooth and Bluetooth Low Energy are incredibly convenient—but increasingly at the center of a lot of security lapses.

The Future of Wi-Fi Security: Assessing Vulnerabilities in WPA3 (HackRead) A new study by researchers Matty Vanhoef and Eyal Ronen revealed five vulnerabilities – collectively named ‘Dragonblood’ – in the WPA3 Wi-Fi standard. Four of the five are considered a severe threat to online security. What does this teach us about trust in our networks?

IOT World conference observations – Cyber security of process sensors still not on the radar screen (Control Global) The demonstrations and presentations at IOT World demonstrated that with AI and machine learning, it appears possible to provide real time machine health and remaining equipment life which has been a long-time dream. However, the IOT data analytics are based on untrusted data and this was not questioned. It also implies the industrial clouds are based on untrusted data.

Baltimore real estate transactions to resume Monday (WBAL) Baltimore Mayor Jack Young offers an update on the ransomware attack in the city.

Baltimore Won’t Pay Ransom, Systems Remain Down (Infosecurity Magazine) The deadline to pay ransom has arrived, and Mayor Young says Baltimore will not pay.

Mayor Jack Young Open To Paying Ransom In Computer Attack, New Fix Allows Real Estate Transactions To Resume (CBS Baltimore) The ransomware attack continues to plague Baltimore as the ransom deadline loomed Friday.

Analysis of ransomware used in Baltimore attack indicates hackers needed 'unfettered access' to city computers (Baltimore Sun) The new strain of ransomware used to cripple Baltimore's computer networks relies on attackers gaining "unfettered access" to victims' networks.

As Ransom Deadline Nears, Baltimore City Continues To Struggle For Fix (CBS Baltimore) The crippling cybersecurity attack on Baltimore City enters its ninth day, as city officials continue to say they can't say much about the investigation. 

Baltimore Ransomware Attack Takes Strange Twist (Dark Reading) Tweet suggests possible screenshot of stolen city documents and credentials in the wake of attack that took down city servers last week.

Ransomware Attack Against Baltimore: Tweet from Hacker or Malicious Prankster? (Armor) Post Appears to Taunt City Officials Eric Sifford, security researcher with Armor’s Threat Resistance Unit (TRU) found that on Sunday, May 12, 2019 a newly created Twitter account posted usernames, passwords and other sensitive-looking, internal documents which appear to be related to the city of Baltimore. Armor chose not to reveal the Twitter handle at …

Results of kids' singing competition invalidated after Russian bots rig voting (TheHill) A 10-year-old girl's victory in a Russian TV talent show has been invalidated after the program discovered that the competition was overwhelmed with thousands of fraudulent votes. 

Hack. Hack. Hack. Someone added scores of strokes to Trump’s official golf scores. (Washington Post) President Trump’s account on the U.S. Golf Association system was apparently broken into, to give him scores some say better reflect his real game.

TeamViewer was Targeted by Chinese Hackers in 2016 (HackRead) TeamViewer has only confirmed now that Chinese state-sponsored hackers targeted the company in 2016.

Andheri firm loses Rs 15L to cyber attack (Hindustan Times) According to the Oshiwara police, the complainant company landed a big project from a private company to make video advertisements. They then contacted a Romanian company to outsource some of the work.

In web’s dark corner, your profile is on sale for just a few bucks (ETtech) The dark web, as it is called, is not accessible through regular browsers. Only tools like Tor, an open source software that allows anonymous communic..

Cybersecurity's Week From Hell (BankInfo Security) Multiple flaws - all serious, exploitable and some already being actively exploited - came to light this week. Big names - including Cisco, Facebook, Intel and Microsoft - build the software and hardware at risk. And fixes for some of the flaws are not yet available. Is this cybersecurity's new normal?

Security Patches, Mitigations, and Software Updates

Download Hijack Flaw Patched in Slack for Windows (Infosecurity Magazine) Slack users are urged to upgrade to the most recent version of the app.

How to test MDS (Zombieload) patch status on Windows systems (ZDNet) PowerShell script tells you if your Windows OS is safe from MDS attacks.

Boeing says it has fixed software issue for 737 Max (The National) Company preparing for final certification flight as part of reviews by regulators

Cyber Trends

Hacktivist Attacks Declined 95 Percent Since 2015: IBM (SecurityWeek) The number of hacktivist attacks that resulted in quantifiable damage has declined by 95 percent since 2015, according to IBM.

The Decline of Hacktivism: Attacks Drop 95 Percent Since 2015 (Security Intelligence) Despite the rise in vulnerability reporting, cryptojacking attacks and attacks on critical infrastructure, one threat trend has been on the decline: hacktivism. Where have all the hacktivists gone?

63% of SMBs believe cloud storage providers should do more to protect their data (Bdaily Business News) Almost two-thirds of small- to medium-sized businesses (SMBs) believe that more work needs to be done to protect their data.

We Are Tenants on Our Own Devices (WIRED) It's time to assert our sovereignty over our own stuff.

What the College Scandal Shallowfakes Reveal About the Rich (WIRED) The leisure class got tired of looking like jackasses in garish watches—they decided to spare no expense to seem like striving bourgeois warriors.

The largest breaches over the past three years have caused massive and irreparable damage (Help Net Security) The largest breaches over the past three years have caused massive and irreparable damage to large enterprises and their stakeholders around the globe.

Failing to Accept Human Nature Makes for Shoddy Cybersecurity (Infosecurity Magazine) In the worst instances, unwittingly falling victim to a piece of malware could cost you your job

How vulnerable is South Africa to cyber attack? (ITWeb) The situation is \"pretty shocking\" when it comes to SA's vulnerability, warns cyber security expert Craig Rosewarne.

Marketplace

Exclusive: Google suspends some business with Huawei after Trump... (Reuters) Alphabet Inc's Google has suspended business with Huawei that requires the ...

Google distances itself from Huawei after Trump blacklist (CRN Australia) No longer offering any technical support or collaboration for Android.

Google pulls Huawei’s Android license, forcing it to use open source version (The Verge) A dramatic escalation in the US war on Chinese tech firms

Huawei responds to Android ban with service and security guarantees, but its future is unclear (TechCrunch) Huawei has finally gone on the record about a ban on its use of Android, but the company’s long-term strategy on mobile still remains unclear. In an effort to appease its worried customer base, the embattled Chinese company said today that it will continue to provide security updates and afte…

Trump's move to ban Huawei a wake-up call for IT execs (SearchCIO) The Trump administration declared ongoing foreign threats to the ICT critical infrastructure supply chain a "national emergency" on Wednesday, laying the groundwork to ban Huawei products. IT execs who source any part of their supply chain to China should be concerned.

Opinion | America Needs Huawei (New York Times) The director of the Chinese tech giant’s board warns that banning the company will hurt the U.S. economy.

Several chip companies, including Qualcomm and Intel, have reportedly stopped supplying Huawei after blacklist (TechCrunch) Several key suppliers are reportedly cutting off Huawei after the Trump administration added the Chinese telecom equipment and smartphone giant to a trade blacklist last week. According to Bloomberg, semiconductor companies Intel, Qualcomm, Xilinx and Broadcom will no longer supply Huawei until fur…

Chipmakers Cut Huawei Shipments (Infosecurity Magazine) Google also said to be complying with US order

Huawei’s day of reckoning arrives – will its preparations pay off? (South China Morning Post) Double-barrel hit on Huawei as Trump signs executive order banning its products and commerce department adds Chinese company to Entity List, but US suppliers in China at risk from fallout if Beijing retaliates

Trump may stop Huawei in U.S., but the underseas cable race continues (Axios) Approximately 380 submarine cables carry the vast majority of international data.

China's technology tactics irk its trading partners (KSL) For four decades, Beijing has cajoled or pressured foreign companies to hand over technology. And its trading partners say if that didn't work, China stole what it wanted.

ZTE opens first cybersecurity lab in China (Telecom Asia) To help reassure customers and regulators about the security of its products and develop dedicated security services

Kaspersky VPN Complies with New Russian Censorship Laws (Top10VPN) Kaspersky Secure Connection is the only VPN service to agree to share user information with the government internet watchdog

What’sApp Hack: Cyber Security Is the Next Millionaire-Maker (The Motley Fool Canada) As cyber security demand explodes, security providers like Absolute Software (TSX:ABT) could be in for a windfall.

Cyber Insurance Needs to Keep Maturing (TechNative) Cyber insurance is quickly emerging as an important cyber security complement to traditional security mechanisms for small, medium, and large enterprises In a time when data breaches are common place, and even the largest and well-resourced businesses fall victim to a hostile cyber activity, cyber insurance is a necessity.  Cyber insurance functions as other traditional insurance policies guarding against digital theft and/or damage, depending on the coverage parameters of the policy. In this capacity, cyber insurance is designed to safeguard organizations from severe financial damages as a result of substantial data loss or disruption/destruction of infrastructure that can impact business

Lack of Banking Options a Big Problem for Crypto Businesses (Wall Street Journal) Cryptocurrency companies shunned by banks often turn to shadowy middlemen for payment processing and other services. One of those companies is at the center of the mystery surrounding Bitfinex’s missing customer funds.

Siemplify Closes $30M in Series C Financing (West) Investment drives Siemplify’s global expansion and product innovation, cementing its leadership in the fast-growing SOAR market

HPE to buy Cray, offer HPC as a service (Network World) High-performance computing offerings from HPE plus Cray could enable things like AI, ML, high-speed financial trading, creation digital twins for entire enterprise networks.

Rapid7 Counts On Acquisitions For Growth (Seeking Alpha) Rapid7 continues to grow its footprint through acquisitions.

Cisco Systems Is Still Firing on All Cylinders (The Motley Fool) The networking giant is still a great defensive stock for a turbulent market.

CRWD pleaser: Market-watchers buoyant over CrowdStrike’s $100m IPO (Daily Swig) Endpoint protection specialist files to list on NASDAQ

Chicago cybersecurity firm expanding as companies seek protection from hackers (chicagotribune.com) Cybersecurity firm Keeper Security is set to triple its employee count in Chicago and move to a bigger office space, as hacking risks increase.

Tech firm Booz Allen to invest $1.6M in Rome (Uticaod) A Fortune 500 tech firm announced Friday it will invest $1.6 million to expand its presence in the Mohawk Valley and bring 60

Rubrik Appoints Rinki Sethi as Chief Information Security Officer (MarketWatch) Rubrik, the Cloud Data Management Company, today...

Products, Services, and Solutions

New infosec products of the week: May 17, 2019 (Help Net Security) News infosec products of the week include releases from the following vendors: Alcide, Hysolate, Keysight Technologies, LogRhythm and Trend Micro.

Tenable Updates Free Vulnerability Assessment Solution (SecurityWeek) Tenable announced Nessus Essentials, an expanded version of its free vulnerability assessment solution previously known as Nessus Home.

ThreatQuotient Expands Integration with MITRE ATT&CK Framework to Offer Full Support for Customers (ThreatQuotient) ThreatQ Adds Support for Mobile and PRE-ATT&CK in Response to Rapid Customer Adoption

Quick Heal launches next-gen suite of cybersecurity solutions (Techiexpert.com) Quick Heal, which is an Indian cybersecurity solution provider has now revealed its next-generation suite of cybersecurity solutions for desktops and laptops, which the company claims is faster, lighter and smarter than its previous release. The new solutions include the upgraded versions of Quick Heal Total Security, Quick Heal Internet Security, and Quick Heal AntiVirus

ExtraHop for IBM QRadar part of collaborative development to stay ahead of evolving threats (Help Net Security) ExtraHop, provider of enterprise cyber analytics, launched the ExtraHop for IBM QRadar app, which integrates with IBM Security Intelligence technology.

Acunetix Vulnerability Scanner Now With Network Security Scans (Acunetix) All versions of Acunetix now support network security scanning thanks to the seamless integration with OpenVAS security solution. Until now, network security scanning functionality was available only in Acunetix Online.

You can now see if Chrome extensions are safe with Duo’s free, new CRXcavator tool (BrianMadden.com) Duo released CRXcavator to help IT admins vet Chrome extensions before they whitelist them for their organization. Learn more about this free tool and how it works.

A First-of-its-kind Cybersecurity Solution Designed Specifically for Insurance Agents (Benzinga) The nation's foremost cybersecurity leaders and insurance agents have partnered to develop a new solution in the fight...

Wallarm Launches Cutting Edge API and Microservices Protection in EMEA (PRWeb) From KubeCon Europe 2019, Wallarm, the company that delivers AI-powered application and API security, today announced the EMEA launch of its Application Security...

Technologies, Techniques, and Standards

Iran Reportedly Tested Cyber Defense Shield (Caspian News) An Iranian minister has said that a cyber defense shield, which can stop malware attacks on Iran's power grid, including nuclear facilities, has b

Symantec and your bad reputation: A masterclass on the modern cyberattack (Silicon Republic) Symantec is tasked with protecting the digital world from cyberattacks, an unquestionably complex task. This is how the company does it.

How security leaders can minimize human error (Fifth Domain) Hackers aren’t doing technical gymnastics to navigate through agency firewalls or network defenses. Instead, they’re favoring some particularly vulnerable targets: employees.

How to Run a Threat Hunting Program (eSecurity Planet) What is threat hunting, how do you do it, and what tools and training do you need to do it right? We answer all that and more about this security tool.

How can we give cybersecurity analysts a helping hand? (Help Net Security) Businesses are under pressure to up their security game. The challenge for analysts is that they all-too-often find themselves on the back foot.

Memory analysis is the ground truth (Help Net Security) In recent years, enterprises have adopted next-gen endpoint protection products that are doing an admirable job detecting anomalies. For example,

Design and Innovation

Artist Uses Malware in Installation (Dark Reading) A piece of 'art' currently up for auction features six separate types of malware running on a vulnerable computer.

Research and Development

The Pentagon AI center wants to solve these 4 problems (C4ISRNET) Though relatively new and secretive, the Joint Artificial Intelligence Center has revealed it is working to improve predictive maintenance, humanitarian aid and disaster relief, cyberspace and robotic process automation initiatives.

Academia

UT's security team takes Google hacking service global (Austin American-Statesman) Just five years ago, the University of Texas’ technology team spent their lunch breaks “hacking” Google to find vulnerabilities on

Texas House lauds UTSA with cybersecurity resolution (UTSA Today) The Texas House of Representatives today introduced a resolution recognizing UTSA for its role as one of the nation’s leaders in cybersecurity education, research and training

Legislation, Policy, and Regulation

Trump appears to confirm cyberattack against Russian entity during midterms (CNN) President Donald Trump appeared to confirm that the United States had conducted a cyberattack against a Russian entity during last year's midterm elections in an interview aired Sunday on Fox News.

Trump's Huawei Ban Confirms 'Telecommunications Are Geopolitical Weapons' (The Real News Network) As Trump warns of the surveillance danger of Huawei, the real concern of consumers should be the fact they are being surveilled by the U.S. government and all tech companies, says Yasha Levine

Jeff Kagan: Why Huawei, ZTE Are a National Security Threat (Equities.com) Do Chinese wireless and telecom companies Huawei and ZTE invade privacy and create a national security threat? If so, how and why?

Analysis | It’s not just Huawei. Trump’s new tech sector order could ripple through global supply chains. (Washington Post) How will this affect U.S. companies?

APNewsBreak: Schumer calls for probe of Chinese rail tech (Washington Post) APNewsBreak: The Senate’s top Democrat wants an investigation into whether a plan for new subway cars in New York City designed by a Chinese state-owned company could pose a threat to national security

U.S. senator convening meetings to warn business, academia of China... (Reuters) U.S. Senator Mark Warner said on Sunday that he has been organizing meetings bet...

When To Use the “Nuclear Option?” Why Knocking Russia Offline Is a Bad Idea (Just Security) Disconnecting an entire country from the internet would represent a marked step up on the ladder of escalation. But would it really serve the purpose?

Foreign Cyberattackers Face Sanctions in EU (Wall Street Journal) European governments armed themselves with a new tool against cyberattackers, adopting a sanctions regime to allow them to penalize foreign individuals and entities as western countries seek fresh ways of deterring large-scale hacking of their computer networks.

Cyber criminals face new EU sanctions (GOV.UK) Foreign Secretary Jeremy Hunt welcomes new EU cyber sanctions regime pushed for by the UK.

EU approves cyber-attack sanctions ahead of election (Engadget) The EU hopes the new regime will help the bloc act quickly in the event of an attack.

Cyber criminals face EU sanctions under new crackdown (City A.M.) Cyber criminals will be hit with tough new sanctions under a new regime agreed today by EU member states.

UK plays pivotal role in EU's new cyber-attack sections regime – 'This is decisive action' (Express) EU chiefs today rubber-stamped a new sanctions regime for individuals found guilty of cyber-attacks against the bloc and its allies.

How Tech Companies Are Shaping the Rules Governing AI (WIRED) An industry group representing Microsoft, Facebook, and Apple, urged EU policymakers not to draw "red lines" around specific uses of AI.

European Telecom Giants Push to Legalize Deep Packet Inspection (Top10VPN) Current European law specifically bans deep-packet inspection, but European telcos want the right to examine the contents of their users’ communications

Spies, Lies, and Algorithms (Foreign Affairs) Russian social media meddling in the 2016 U.S. election should serve as a wake-up call: U.S. intelligence community must shift its focus from counterterrorism to a suite of new technological threats, from AI to deepfakes and disinformation warfare.

Senate bill would woo high-tech ninjas to military (C4ISRNET) The co-founders of the Senate’s artificial intelligence caucus introduced the bipartisan Armed Forces Digital Advantage Act as a way to establish a career track for computer scientists in the military.

Will the U.S. government draft cybersecurity professionals? (CSO Online) A Congressional commission might soon recommend conscription of cybersecurity professionals to serve in both the military and civil service. Will the government force security pros to work for Uncle Sam?

DHS Urges Cybersecurity Staff to ‘Deploy’ to Border Instead (The Daily Beast) Employees are encouraged to set aside their infrastructure and cybersecurity work to go to the border because ‘serving the needs of the homeland is the cornerstone of what we do.’

Aggressive Initiative to Shore Up Cybersecurity in Arkansas (GovTech) A new bill signed into law by the governor will create an extensive infrastructure for combating bad actors.

FCC Chairman Recommends Approval of T-Mobile-Sprint Merger (Wall Street Journal) FCC Chairman Ajit Pai said he would back the $26 billion combination of cellphone carriers T-Mobile US and Sprint after the companies agreed to a package of concessions.

ODNI Releases Annual Intelligence Community Transparency Report (IC ON THE RECORD) Today, consistent with the Foreign Intelligence Surveillance Act of 1978 (FISA), as amended (codified in 50 U.S.C. § 1873(b)), and the Intelligence Community’s (IC) Principles of Intelligence Transparency, we are releasing our sixth annual Statistical Transparency Report Regarding Use of National Security Authorities presenting statistics on how often the government uses certain national security authorities.

Litigation, Investigation, and Law Enforcement

Former CIA Officer Sentenced to Prison for Espionage (US Department of Justice) A former Central Intelligence Agency case officer was sentenced today to 20 years in prison for his transmission of national defense information to an agent of the People’s Republic of China.

A New Google Antitrust Probe Could Spell Trouble for Its Auto Domination Plans (Fortune) A new battle is playing out on car dashboards.

Breaking up tech giants would be 'illegal' and will harm consumers, says Google's Eric Schmidt (The Telegraph) Calls to break up Google and other tech giants have “no basis in law” and would damage consumers by forcing up prices and cutting transparency, according to Eric Schmidt, the billionaire technology investor and former chairman and chief executive of Google.

Forced break-up of Facebook would be a remedy of the very last resort, says EU antitrust chief (Computing) Breaking up Facebook would entail years of legal wrangling, Vestager warns

Facebook's Sheryl Sandberg: Chinese tech companies are also powerful, and will not be broken up (CNBC) Sandberg said breaking up Facebook does not address the underlying issues people have with tech companies.

Breaking Up Facebook 'Won't Be Enough,' Says Morgan Stanley Boss. Here's His Proposal. (Fortune) Government ought to force Big Tech to erase everyone's data.

Google, Facebook, Twitter rapped for not doing enough in EU fake news fight (Rueters via KFGO) Facebook, Google and Twitter were reprimanded by the European Commission on Friday for not doing enough to tackle fake news plaguing the election campaign to the European Parliament, seven months after promising to do more. The tech giants took a voluntary pledge last October to combat the spread of fake news...

Is revenge porn protected by the Constitution? Some states might say yes. (Washington Post) States are debating whether revenge porn is free speech.

Two Navy SEAL war crimes trials may be 'derailed' over claims prosecutors spied on the defense (Task & Purpose) The ongoing war crimes cases against two Navy SEALs in San Diego appear to be going off the rails amid concerns that the prosecutor in both cases secretly sent both defense teams malicious software designed to monitor their communications.

MeitY asks WhatsApp for spyware hack details and how many Indian users were affected (MediaNama) MeitY has asked WhatsApp for details about the recent spyware hack that allowed attackers to compromise users’ devices via WhatsApp calls, and the steps it is taking to address the situation, the Economic Times reports. The ministry has also asked the messaging service whether users in India were compromised and if so, how many. Once …

Former intel analyst pleads not guilty to leaking secret documents (CNN) A former National Security Agency intelligence analyst pleaded not guilty Friday to charges that he leaked classified information to a reporter.

If The Full Mueller Report Were Ever Released, What Might It Reveal? (NPR.org) The House is waging a political war with the Justice Department over the full results of the Russia investigation. If Congress wins, here's what more lawmakers — and maybe, Americans — could learn.

Analysis | What does the Trump team say to Russia behind closed doors? We’re about to get a glimpse. (Washington Post) A judge on Thursday ordered the released of a transcript of Michael Flynn's call with the Russian ambassador that he later lied about.

Sweden requests detention order for WikiLeaks’ Assange (Washington Post) A Swedish prosecutor says she has submitted an application for a detention order to request the detention of WikiLeaks founder Julian Assange who is jailed in Britain

Swedish prosecutor requests Assange's detention over rape allegation (Reuters) The Swedish prosecutor heading an investigation into a rape allegation against W...

Group accuses EU internet providers of violating net neutrality (Engadget) A cross-EU alliance has claimed that ISPs are breaking net neutrality rules by shaping traffic in dodgy ways.

Which Florida counties were hacked? Maybe these non-denial denials are a clue. (Tampa Bay Times) This week, in response to hacking questions sent to every supervisor of elections in the state by the Miami Herald and Tampa Bay Times, two offices issued the same legalistic non-denial. Almost word-for-word, they gave the same response.

LeakedSource Company Pleads Guilty (Infosecurity Magazine) Site allowed criminals to access stolen data for a fee

Berkeley Police: Employee of Verizon dealer who preyed on elderly customers charged in ID theft case (Berkeleyside) A man who worked for an authorized Verizon dealer in North Berkeley has been charged with using the credit card numbers of elderly customers to rack up thousands of dollars in fraudulent fees, according to court papers.

What you need to know after Macon woman almost falls victim to Facebook messenger scam (WMAZ) The Bibb County Sheriff's office says these type of scams are not uncommon

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Cybertech Midwest 2019 (Indianapolis, Indiana, USA, April 24 - July 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...

NAWC Cybersecurity Symposium (Washington, DC, USA, May 21, 2019) The National Association of Water Companies (NAWC) will hold its inaugural 2019 NAWC Cybersecurity Symposium on Tuesday, May 21, 2019 at the Army-Navy Club in Washington, D.C. The day-long event will bring...

Kansas City CyberSecurity Conference (Kansas City, Missouri, USA, May 22, 2019) Join us to interact with CISOs & Senior Level Executives who have effectively mitigated the risk of Cyber Attacks. The keynote at Kansas City will be delivered by John Dickson, Principal, Denim Group Ltd,,...

2019 Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 22 - 23, 2019) It is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity.Those lawyers who ignore cyber threats are risking millions...

SecureWorld Atlanta (Atlanta, Georgia, USA, May 29 - 30, 2019) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.