skip navigation

More signal. Less noise.

What if your security strategy added zeros to your bottom line?

Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.

Daily briefing.

Fancy Bear (Russia's GRU) is actively exploiting malware US Cyber Command reported to Virus Total last week. CyberScoop says many found the warning useful, and welcomed CYBERCOM's heads-up.

An IBM X-Force study of cybersecurity for travelers occasions a flurry of make-your-flesh-creep tales that amount to a cyberspace version of Gahan Wilson's classic Paranoid Abroad. Forbes takes away the lesson that you'd have to be out of your mind to use an airport USB charging station, and also that criminals are in avid pursuit of your travel reward points. Thanks, IBM: we'll take a staycation this year. Oh, and Parallax, in helpfully pointing out how you can tell if your Airbnb or hotel is spying on you with networked cameras, manages to suggest that yeah, it probably is.

Security Scorecard has a review of major US and European political parties' cybersecurity posture. There's room for improvement across the board, but for some reason the US Democrats continue to present hackers with low-hanging fruit.

Huawei has a temporary, ninety-day reprieve from some of the consequences of its placement on the US Entity List, SecurityWeek and others report, but US officials suggest that neither the company nor the Chinese government should misread this as a sign of softening. Commerce Secretary Ross says it's just "breathing space" to give US firms an opportunity to make alternative arrangements. Other Chinese companies may be in line for the Huawei treatment: the Verge suggests drone-maker DJI; the New York Times thinks surveillance vendor Hickvision could be next.


Today's issue includes events affecting Brazil, Canada, China, Czech Republic, European Union, Russia, United Kingdom, United States.

Bring your own context.

Got hit with ransomware? We're looking at you, Baltimore.

"Most of the work in preventing damage from a ransomware attack, unfortunately for Baltimore City, comes before the attack hits. And that's having continuity of operations plans so that you know exactly how you can resume your essential functions. If the absolute worst comes to pass, in that you have a crippling ransomware attack where the network goes down for an extended period of time, you even have a plan to devolve some of your agency's functions to another institution."

—Ben Yelin, of the University of Maryland's Center for Health and Homeland Security, on the CyberWire Daily Podcast, 5.20.19.

It's like one of Kipling's copybook headings: those who fail to plan, plan to fail. Mayors and city managers of the world, for heaven's sake, plan.

Cyber State of Mind: 2019 Threat Landscape Review

According to CyberEdge’s 2019 Cyberthreat Defense Report, 78% of enterprises were victimized by a successful cyberattack last year. Is your organization next? On May 22nd at 2:00 PM ET join LookingGlass’ SVP of Delivery & Support, James Carnall, and CyberEdge’s Co-founder & CEO, Steve Piper, as they review insights from CyberEdge’s sixth-annual research study. They’ll also provide answers to important questions, such as what are the weakest links in current security postures and What the hottest security technologies are in 2019.

In today's podcast, out later this afternoon, we speak with our partners at the SANS Institute, as Johannes Ullrich (Dean of Research and proprietor of the ISC Stormcast podcast) discusses website vulnerabilities arising from third-party tools. Our guest is Inga Goddijn from Risk Based Security, who talks us through their Q1 Data Breach Report and various cyber insurance issues.

National Cyber Summit Job Fair, June 5, Huntsville. (Huntsville, Alabama, United States, June 5, 2019) Cleared and non-cleared cybersecurity pros make your next career move at the free National Cyber Summit Job Fair, June 5 in Huntsville. Meet face-to-face with 22 leading cyber employers. Visit our site for more details.

Cyber Howard Conference (Columbia, Maryland, United States, June 19, 2019) Join us for our 10th annual cyber conference in Howard County. We will tackle the topic of Cyber Sensemaking which is a fluid and continuous approach for establishing better defenses and best practices as a cyber community.

Wicked6 Cyber Games (Las Vegas, Nevada, United States, August 6, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.

Cyber Warrior Women Summer Social: Sip and Paint (Columbia, Maryland, United States, August 21, 2019) Join the Cybersecurity Association of Maryland, Inc. (CAMI) for the annual Cyber Warrior Women Summer Social, an all-about-fun-and-networking event! We're adding an artistic element to this year's event with a wine glass painting exercise. No previous art experience required.

Cyber Attacks, Threats, and Vulnerabilities

Opinion | The Internet Security Apocalypse You Probably Missed (New York Times) Last week was an online security nightmare and few people noticed. Here’s what you need to know.

It's not just WhatsApp, most messaging apps likely have security vulnerabilities (CNBC) "Pretty much the entire suite of apps that 'talk' over the internet could be vulnerable," said Tom Uren, a senior analyst at the Australian Strategic Policy Institute's International Cyber Policy Centre.

Cyber Command's latest VirusTotal upload has been linked to an active attack (CyberScoop) The malware, which was uploaded to VirusTotal last week, looks to have been used by APT28 in attacks aimed at the Czech Republic Central Asian countries.

Researchers find coordinated anti-Trump campaign on Instagram (TheHill) Researchers have identified what they are calling a coordinated campaign to undermine President Trump on Instagram, an effort that bears hallmarks of the disinformation campaigns that proliferated on the platform in 2016. 

What’s going on? Anti-Trump memes and other oddities on Instagram (Ghost Data) Last June Instagram reached 1 billion monthly active users and has sought to ramp up its e-commerce efforts and its reach throughout the world.

Abusing Code Signing for Profit (Medium) Signing a Windows executable file was originally conceived as a mechanism to guarantee the authenticity and integrity of a file published…

Google: We've been storing some enterprise customer passwords in plaintext since 2005 - CyberScoop (CyberScoop) Google has notified a portion of its enterprise customers that their passwords have been stored in plaintext in the company's internal encrypted systems.

Attack Combines Phishing, Steganography, PowerShell to Deliver Malware (SecurityWeek) A malware campaign targeting Japan and combining phishing, steganography, PowerShell, and the URLZone and Ursnif malware has been discovered.

Hackers Steal Payment Card Data Using Rogue Iframe Phishing (BleepingComputer) Cybercriminals have upgraded their credit card skimming scripts to use an iframe-based phishing system designed to phish for credit/debit card info from Magento-powered store customers on checkout.

Researchers discover new rogue iFrame phishing technique targeting payments (Computing) The technique is the latest in a long line of attacks targeting online payments

Use of EternalBlue in attacks on the increase despite patch (SC Magazine) Cyber-attacks leveraging the Windows Server Message Block exploit EternalBlue at historically high levels over the last few months, even though the vulnerability patched by Microsoft more than two years ago.

Critical Vulnerabilities Discovered in South Korean ActiveX controls (Risk Based Security) Many years ago, ActiveX was a popular technology. Unfortunately, too many ActiveX controls had a very low code maturity and were riddled with basic vulnerabilities like buffer overflows, or exposed unsafe functionality even if marked as “safe for scripting”. These allowed malicious websites to trivially compromise users’ systems.

From Pesky to Dangerous - Image-based Spam (Clearswift) Those of you that can remember back to 2006 may recall that High School Musical was the highest selling album of the year.  “We’re all in this together” was one of the most popular songs played at the time and, some would say, a pesky tune that would stick in your head.

iEBSWAX ActiveX Control Add() Method Argument Handling Heap Buffer Overflows (Risk Based Security) Details for tested products and versions:

Traveler Beware: Your Loyalty Rewards Points And Personal Data Are Catnip For Cyberthieves (Forbes) Travelers are catnip for a growing number of nation-state cybercriminals. Here's what you can do to keep your personal data safe.

Why You Should Never Use Airport USB Charging Stations (Forbes) Stop! Plugging into that airport USB charging station could put your personal data at risk.

Satan Ransomware Expands Portfolio of Exploits (SecurityWeek) A new variant of the Satan ransomware has added new exploits to its portfolio and is looking to compromise more machines by targeting additional vulnerabilities.

WordPress plugin sees second serious security bug in six weeks (Naked Security) Researchers have uncovered another serious bug in WP Live Chat that could lead to the mass compromise of websites.

Computrols CBAS Web (ICS-CERT) EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit

Mitsubishi Electric MELSEC-Q Series Ethernet Module (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 7.5ATTENTION: Exploitable remotely/low skill level to exploitVendor: Mitsubishi ElectricEquipment: MELSEC-Q series Ethernet moduleVulnerability: Uncontrolled Resource Consumption2. RISK EVALUATIONSuccessful exploitation of this vulnerability may render the device unresponsive, requiring a physical reset of the PLC (Programmable Logic Controller).

Are Tampa Bay cities prepared for cyber-ransom attacks? (10NEWS) Cities in the region are no stranger to these types of attacks.

Al Jazeera Gets Twitter To Silence Critics Of Its Video Implying Jews Benefited From Holocaust (Daily Caller) The Qatar-funded Al Jazeera news network published a video questioning the Holocaust and implying that Jews have benefited from it.

Rats leave the sinking ship as hackers’ forum gets hacked (Naked Security) The OGUsers forum, which trades in hijacked social accounts, has been hacked, its hard drives wiped, and its user database published online.

Hackers turn Brazil's job crisis into lucrative phishing attacks (The Brazilian Report) As most people go online for their job hunting, they become easy targets for hackers. 21% of Brazilian internet users have been victims of phishing attacks.

Business Email Compromise Still Reigns (SecurityWeek) Business Email Compromise (BEC) scams are becoming increasingly profitable for threats actors, making it easier for adversaries to gain access to the valuable information that sits within email inboxes.

Car Manufacturers Be Aware - Bluetooth Module Could Lead To Vehicle Shut Down By Hackers (Information Security Buzz) According to new research uncovered by security specialists, Pen Test Partners, who were investigating the systems within Tesla vehicles, found that if hackers could attach an ELM327 Bluetooth module to the interface, they would have the ability to analyse the traffic and read CAN messages. If left in, a hacker could also potentially shut the car down.  Experts Comments:  Martin Jartelius, …

Security Patches, Mitigations, and Software Updates

Another WannaCry May Be Coming – Are You Ready? (Information Security Buzz) The vulnerability is severe enough that Microsoft took a pretty unusual step in releasing updates for Windows XP and Server 2003 in addition to currently supported versions of Windows that are affected.    Unlike WannaCry, this threat is seen as extremely easy to exploit. It took a leaked NSA tool to exploit the WannaCry vulnerability, whereas the fear …

Microsoft Releases Windows 10 Version 1903 - May 2019 Update (BleepingComputer) Microsoft has officially started to roll out Windows 10 version 1903, called the May 2019 Update, to everyone. Originally released to Insiders for testing on April 8th, Microsoft has now made it available to everyone.

Firefox Now Blocks Cryptominers and Fingerprinters (Decipher) In Firefox 67, Mozilla has moved to block cryptominers and browser fingerprinters, which track users across the web.

WhatsApp patches flaw allowing easy installation of Pegasus spyware (SC Media) Facebook posted a security advisory for a buffer overflow vulnerability in its subsidiary WhatsApp that could allow an attacker to install Pegasus spyware

Cyber Trends

Cloud Security Complexity (Cloud Security Alliance) CSA’s latest survey examines information security concerns in complex cloud environment [Link Here]. The survey of 700 IT and security professionals aims to analyze and better understand the state of adoption and security in current hybrid cloud and multi-cloud security environments, including

IBM Security: Cybersecurity Threats Growing In Travel and Transportation Industries (IBM News Room) IBM (NYSE: IBM) Security today issued new research highlighting that the travel industry and its customers are increasingly the targets of cyberattacks as criminals seek to monetize highly...

Cyber Adversaries Flock to Apps Where the Users Are and When Users Are Online (Nasdaq) Fortinet Threat Landscape Report Reveals Nearly 60% of Threats Shared at Least One Domain, Indicating the Majority of Botnets Leverage Established Infrastructure

Analysis of Cyber Risk Exposure for U.S. and European Political Parties (Security Scorecard) Offensive cyber operations, from information campaigns to computer network exploitation, are being used to influence foreign elections through political parties and candidate campaigns.

See how US political parties fare in cybersecurity (Fifth Domain) SecurityScorecard recently analyzed the networks of parties from the United States and Europe.

DNC's cybersecurity lags behind RNC, new study finds (TheHill) The Democratic National Committee’s (DNC) cybersecurity practices continue to “lag behind” those of its Republican counterpart despite investments the group has made since the 2016 presidential election, according to a new report.

Poor Security Hygiene Found Across Almost All Political Parties in US, Europe (SecurityWeek) Report outlines changes observed within the external security postures of political parties and organizations in the U.S. and Europe.

Daniel Wood Joins Bishop Fox as Associate Vice President of Consulting (Yahoo) Bishop Fox, the largest private professional services firm focused on offensive security testing, announced today that Daniel Wood has joined the firm as associate vice president of consulting. Wood will lead all of Bishop Fox's service lines and enhance current

The State of Location-Tracking Mobile Apps in 2019 (The Manifest) Businesses recognize the power of collecting data for advertising but must strike a balance between "creepy" and useful targeted marketing efforts.

Marking GDPR Anniversary, nCipher Survey Reveals Americans’ Data Privacy Attitudes (AP NEWS) The General Data Protection Regulation (GDPR) went into effect in the European Union a year ago this month.

Most Americans Think They Know More About Web Security Than They Really Do (PCMAG) As the internet expands, more of us are creating websites—and knowledge of secure practices falls to website creators. But 70 percent of this Google/Harris Poll survey's respondents wrongly identified what a secure URL looks like.

Mumbai at topmost risk of cyber attack (The Times of India) Business News: Cyber criminals usually try to target vulnerabilities on IT systems. Windows systems were attacked the most last year, with 1,985 attempts per minute,


How Huawei Might Handle the Latest US Sanctions (WIRED) The Trump administration barred US companies from doing business with Huawei, forcing the Chinese firm to find new chips and software for its products.

ZTE moves to prove its own security credentials ( Taking a page from the Huawei playbook, ZTE is opening its own European cybersecurity lab to demonstrate its own security credentials and appeal to customers.

Awareness Training Firm KnowBe4 Acquires Awareness Measurement Firm CLTRe (SecurityWeek) Tampa Bay, FL-based security awareness and simulated phishing firm KnowBe4 has acquired Oslo, Norway-based security culture measurement company CLTRe for an undisclosed sum.

MistNet scores $7M in funding, launches CyberMist threat detection platform (FierceTelecom) MistNet announced a $7 million series A round of funding on Tuesday and also launched its CyberMist detection platform.

Guardicore Raises $60 Million in Series C Funding (SecurityWeek) Data center and cloud security company Guardicore has secured $60 million in Series C funding round led by Qumra Capital.

U.S. Chamber of Commerce Joins Cyber Readiness Institute Champion Network to Protect Small and Mid-Sized Businesses from Cyber Threats (Cyber Readiness Institute) The Cyber Readiness Institute (CRI) today welcomed the U.S. Chamber of Commerce (U.S. Chamber) as the newest member of its Cyber Readiness Champion Network.

Intelligent Waves wins contract for US Army’s Defensive Cyber Operations (Army Technology) Intelligent Waves will provide programme management support services for cyber-related, non-traditional procurement activities of DCO programmes and DoD.

Thales the latest to flag digital transformation security opportunity (MicroscopeUK) The firm has added to a growing number of examples of growing security risks surrounding digital transformation projects

CrowdStrike IPO: Everything You Need to Know About CrowdStrike Ahead of Its IPO Debut - CrowdStrike Estimates, Value, Share Price, Revenues (Oofy) CrowdStrike officially confirmed going public after the cybersecurity company filed for IPO on Tuesday, May 14th. The company is planning to list on Nasdaq exchange market under the thicker CRWD, valued over 3 billion dollars ahead of its IPO, while CrowdStrike is backed by Capital G (Google’s domain) and Accel. Here is everything you need …

Steve Mann Joins ThetaRay as Chief Marketing Officer (Yahoo) Fintech and Marketing Pro Deepens Leadership Bench of Financial Crime Analytics Leader NEW YORK , May 21, 2019 /PRNewswire/ -- ThetaRay, the leading provider of AI-based Big Data analytics, today announced ...

Products, Services, and Solutions

EfficientIP SOLIDserver DDI and Tufin SecureTrack Join Forces to Provide Automated Security Compliance (ResponseSource Press Release Wire) Complementary technologies unite to simplify and control network security policies

Aqua Security Attains VMware PKS Partner Application Program Validation (Aqua) Organizations using VMware Enterprise PKS can now leverage Aqua’s granular security and compliance controls to protect their cloud-native workloads.

EagleBank Cuts Commercial Banking Enrollment Time By 99 Percent with OneSpan (OneSpan) North American bank chose OneSpan to digitally transform the customer experience

Tufin Extends Its Leadership in Policy-Based Security Automation (AP NEWS) Tufin ® (NYSE: TUFN), a company pioneering a policy-centric approach to security and IT operations, today announced the release of Tufin Orchestration Suite R19-1, advancing its leadership in network security automation with the industry’s first solution to feature policy-based automation for server policy cloning.

Spirent First to Incorporate NetSecOPEN Test Suite into Security and Performance Testing Platform (Security Boulevard) Spirent First to Incorporate NetSecOPEN Test Suite into Security and Performance Testing Platform CyberFlood solution simplifies network testing for

Verve Industrial Protection Announces Partnership with MxD, the US DOD's Hub for Manufacturing Cyber Security (Yahoo) Verve Industrial Protection today announced they have partnered with MxD, the US Department of Defense Hub for Cyber Security in Manufacturing to help accelerate the maturity of cyber security across the manufacturing supply chain. MxD is the result of a public-private

Griffin Announces Cybersecurity Awareness Training Partnership with Wuvavi (Yahoo) "Our partnership with Wuvavi was driven by our client's requests for education." said Jonathan Fishbeck, Chief Executive Officer with Griffin. The collaboration on Griffin University with Wuvavi enables Griffin's clients to tap into years of combined cybersecurity expertise at Griffin

Seclore Extends Advanced Email Encryption to Exchange Online, O365, and Exchange On-Prem (PR Newswire) Seclore, provider of the first open Data-Centric Security Platform, today announces Seclore Email Encryption...

Jumio Partners with Nok Nok Labs to Offer Account Recovery Solution (BusinessWire) Jumio, the leading AI-powered trusted identity as a service provider, today announced a new partnership with Nok Nok Labs, the trusted leader in next

Canon Solutions America Announces Security Roadshow Featuring Expert Insights And Recommendations On Information Security And Data Privacy (WhatTheyThink) IT Security Presenters from Canon Solutions America and its Security Solutions Partners Will Discuss Ways to Prevent Security Breaches and Protect Data

ThreatQ adds support for mobile and PRE-ATT&CK in response to rapid customer adoption (Help Net Security) ThreatQuotient, a security operations platform innovator, announced that the integration with MITRE ATT&CK now includes support for PRE-ATT&CK and Mobile.

Coalfire adds 2 programs to its cloud security services (SearchCloudSecurity) Coalfire has added Secure Cloud Automation Services and Cloud Security Strategy and Maturity Assessment programs to its suite of cloud security services. They will help enterprises become FedRAMP-compliant and evaluate current security platforms, respectively.

Amsterdam-Based Software Testing Services Provider, spriteCloud, Launches "Ethical Hacking" Penetration Testing Services (IT News Online) Ethical hackers are certified security experts attempting to gain entry into your website, application or network using methods and knowledge available to malicious hackers. The goal is to discover vulnerabilities for you before real hackers do.

Cloud Comrade boosts managed services offering through Dropsuite integration (Channel Asia Singapore) Cloud Comrade has partnered with Singapore-based ISV, Dropsuite, in an effort to address the growing cyber security challenges across the region.​

TrapX Security Launches an ARMY of Artificial Users to Expose Cyber Attackers (AiThority) TrapX Security, the global leader in cyber deception technology, announced that it has released version 6.3 of its DeceptionGrid platform.

Deloitte offers e-communications monitoring product to help prevent fraud (Accounting Today) Deloitte has expanded its strategic alliance with Relativity to offer Relativity Trace, a compliance monitoring application, to help clients detect and mitigate violations of industry regulations and organizational e-communication policies.

Core Elastic Stack security features now available to all users (Help Net Security) Elastic has decided to make core Elastic Stack security features accessible to all users (and not just those who have a Gold subscription).

Gigamon Launches the Industry's Only Application Intelligence Framework with Complete Network Visibility of the Digital Enterprise (Yahoo) Gigamon Inc. ("Gigamon"), the leading network visibility provider for the digital enterprise, today introduced Gigamon Application Intelligence, which provides comprehensive visibility into the highly complex applications at the heart of digital

GreyCastle Launches SOC 2 Report Readiness Services (PRWeb) GreyCastle Security, the industry’s leading provider of cybersecurity risk assessment, advisory and mitigation services, has...

Arxan For Hybrid Apps Expands Data Theft Prevention Solutions, Giving Organizations "No More Excuses" For Unprotected Applications (Yahoo) Arxan Technologies , the trusted provider of application protection solutions, announced ...

Darktrace AI used to protect military personnel data (Cambridge Network) Darktrace, the world’s leading AI company for cyber defence, has announced that the Royal Air Forces Association (RAFA), the largest charity providing welfare support to members of the Royal Air Forces, has selected Darktrace’s cyber AI to protect its members’ sensitive data from insider threat and sophisticated attacks.

Hillstone Networks Safeguards Citizens and Operations for the Ministry of Labor in San Salvador (Yahoo) Hillstone Networks, a leading provider of Enterprise Security and Risk Management solutions, has delivered solutions to safeguards citizens and operations for the Ministry of Labor in San Salvador. The Ministry of Labor and Social Welfare in San Salvador

Digital Guardian Joins “Friends of Objective-See” Program to Support macOS Users with Security Tools to Thwart Malicious Attacks (BusinessWire) Digital Guardian Joins “Friends of Objective-See” Program to Support macOS Users with Security Tools to Thwart Malicious Attacks

Cellebrite and Relativity Partner to Deliver Data From Mobile Devices Directly into Relativity and RelativityOne (Yahoo) Cellebrite today announced the launch of Legalview for Relativity and RelativityOne to make it easier and faster to input and analyze data from mobile devices relevant to litigation and digital investigations. E-discovery professionals need access to

Technologies, Techniques, and Standards

Does Cyber Command need more electronic warfare tools? (Fifth Domain) Cyber forces of the future might need to exploit the electromagnetic spectrum to get at targets not connected to traditional networks.

How to stay cybersecure while traveling for business: 6 tips (TechRepublic) More than 70% of business travelers have been at risk for cyberattacks, according to an IBM Security report.

Aligning Security with Patient Safety: 8 Insights for Healthcare Cybersecurity by Healthcare Cybersecurity Pros | Bricata (Bricata) The chances, of shoring up healthcare cybersecurity with budget and staff, improve when security goals are aligned with healthcare goals, like patient safety.

How effective are login challenges at preventing Google account takeovers? (Help Net Security) Despite implementation bugs that might affect the security of physical security keys, they are the strongest protection against phishing.

Cybersecurity: How a layered approach keeps this F1 team's data secure (ZDNet) Haas F1 uses layers of protection to help give the Formula 1 racing team a competitive advantage.

Suspect a hidden camera in your Airbnb or hotel? Here’s how to tell (The Parallax) Before booking a stay, read the home description for a required camera disclosure. After you check in, take these steps to uncover hidden cameras.

Here’s how to get employees to care about cybersecurity training (CSO) Improving attention and retention rates may have shown that humour is a better training tool than fear, but a security-training pioneer believes the two will come together productively as cyber insurers crack down on training and impending ‘Phishing 2.0’ features allow CISOs to engage with employees the second they click on a malicious link or attachment.

Design and Innovation

Simply elegant, Morse code marks 175 years and counting (Navy Times) The U.S. Navy is actually testing a system that would let a user type words and convert it to blinker light. A receiver would read the flashes and convert it back to text.

Research and Development

Why post-quantum encryption will be critical to protect current classical computers (TechRepublic) Quantum computers are theorized to be capable of breaking RSA encryption. Experts disagree on when it could happen, but agree on a need for quantum-proof encryption.


National Security Agency Names University of New Haven a Center of Academic Excellence (Yahoo) The University of New Haven announced today that it has been designated by the National Security Agency (NSA) as a National Center of Academic Excellence (CAE) in Cyber Operations (CAE-CO). The certification recognizes the University’s bachelor’s degree programs in cyber security & networks and

Legislation, Policy, and Regulation

Editorial: Good to see Cyber Command's strong work to counter Russian trolls (Omaha World-Herald) The command is now elevated to the same status as the U.S. Strategic Command or Central Command.

US Delays Huawei Ban for 90 Days (SecurityWeek) US officials delayed a ban on American technology exports to Chinese tech giant Huawei until mid-August, saying the time was needed to allow for software updates and other contractual obligations.

The US government's concession to Huawei explained (Computing) US Department of Commerce will consider a further extension beyond the current 90 days

Trump Administration Could Blacklist China’s Hikvision, a Surveillance Firm (New York Times) The move against Hikvision would mark another step to counter China’s economic ambitions, and the first time the administration punished a company for China’s detention of Uighurs.

After the US took down Huawei, could DJI be next? (The Verge) DHS alert warns of flight data getting sent to China

Trump Blacklisted Huawei After China Trade War Negotiations Stalled (Fortune) The move caused massive supply chain disruptions for Intel, Qualcomm, and Broadcom.

China Raises Threat of Rare-Earths Cutoff to U.S. (Foreign Policy) Beijing could slam every corner of the American economy, from oil refineries to wind turbines to jet engines, by banning exports of crucial minerals.

Huawei vs. Trump: all the news about the Chinese phone maker’s messy relationship with the US (The Verge) Huawei’s future hangs in the balance.

Federal agencies stress supply chain safety for incoming 5G technology (Federal News Network) 5G technology is popular on both sides of the political aisle but some security concerns remain, especially when it comes to the supply chain.

Microsoft pushes for GDPR-like privacy rules in the U.S. (FierceTelecom) With the one-year anniversary of the EU's adoption of its GDPR coming up soon, Microsoft is calling on Congress to do the same in the U.S.

Litigation, Investigation, and Law Enforcement

Why the Air Force is investigating a cyber attack from the Navy (Air Force Times) The Air Force has reportedly seized an attorney's computer and phone as part of an investigation into whether the Navy improperly spied on defense attorneys.

After WhatsApp hack, NSO faces scrutiny from Facebook and UK public pension fund (Fast Company) Facebook is examining its legal options and a U.K. pension fund is asking questions amid ongoing lawsuits against the Israeli firm linked to a string of abusive attacks.

Cyber-attack accused 'flees UK' (BBC News) A judge orders the arrest of a defendant after hearing he has flown out of the country.

LeakedSource Operator Pleads Guilty in Canada (SecurityWeek) Canadian authorities announce that Defiant Tech, the company that ran LeakedSource, pleaded guilty to trafficking identity information and possession of property obtained through crime.

American Hustle (Foreign Affairs) Donald Trump and the Mueller report are x-rays, revealing much of what has gone awry in American politics and society in recent years.

The Ghost and Dr. Death: The True Story of How the FBI Caught Robert Hanssen - America's First Cyber Spy (ClearanceJobs) Speaking at the International Spy Museum, Eric O'Neill discussed his new book, "Gray Day" about his role in catching super spy Robert Hanssen. The book offers an amazing glimpse into the life of one of the most devastating spies in American history.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Gateway Innovation Center: Partners in Cyber (Columbia, Maryland, USA, June 6, 2019) The Howard County Economic Development Authority will host a multifaceted panel event on June 6. Each of our speakers represents leading cyber and technology organizations in the region which provide valuable...

NetDiligence® Cyber Risk Summit (Philadelphia, Pennsylvania, USA, June 12 - 14, 2019) The NetDiligence® Cyber Risk Summit in Philadelphia is attended by more than 600 cyber insurance, legal/regulatory, and technology leaders from all over the globe. A premier education and networking event,...

ICX Insurance Summit with Pindrop and MassMutual (Springfield, Massachusetts, USA, June 19 - 20, 2019) MassMutual, together with Pindrop, is hosting the Identity & Customer Experience (ICX) Summit specifically for insurance organizations to discuss current issues and share strategies and ideas around security...

Upcoming Events

Cybertech Midwest 2019 (Indianapolis, Indiana, USA, April 24 - July 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...

Kansas City CyberSecurity Conference (Kansas City, Missouri, USA, May 22, 2019) Join us to interact with CISOs & Senior Level Executives who have effectively mitigated the risk of Cyber Attacks. The keynote at Kansas City will be delivered by John Dickson, Principal, Denim Group Ltd,,...

2019 Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 22 - 23, 2019) It is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity.Those lawyers who ignore cyber threats are risking millions...

SecureWorld Atlanta (Atlanta, Georgia, USA, May 29 - 30, 2019) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry...

Louisville Cybersecurity Conference (Louisville, Kentucky, USA, May 30, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.