skip navigation

More signal. Less noise.

Try cloud-native network detection and response for free!

ExtraHop Reveal(x) Cloud is SaaS-based NDR for AWS, giving you complete visibility, real-time detection, and automated threat response in the cloud. Request your free 30-day trial today.

Daily briefing.

Reuters reports that a ransomware attack hit Spain's largest radio station, Cadena SER, yesterday. National service was disrupted, although local broadcasting continued. It's unknown what strain of ransomware was involved in the attack. SER is working toward recovery.

Spain's National Security Department said that other, unspecified, companies were affected by similar attacks. BleepingComputer says it's confirmed (through a leaked copy of the ransom note) that NTT Data subsidiary Everis was also hit. One of Spain's larger managed service providers, Everis is thought to have been infected with a variant of Bitpaymer ransomware. The extortionists have asked the MSP for €750,000 ($835,923) in ransom, Bitcoin.es reports. Other enterprises are concerned about the possibility of downstream attacks flowing from those affecting the widely used MSP. BleepingComputer cites an anonymous source close to those investigating the incident as saying that the extortionists may have exploited the BlueKeep vulnerability in their attack, but the grounds for this suspicion may be circumstantial.

The list of those WhatsApp warned of possible Pegasus infections strikes many in India as suggesting that the spyware was distributed by the Government. India's Government, the BBC reports, denies any such involvement in the incident. The Scroll describes the "activists, lawyers, [and] scholars" whose devices were affected.

The Chinese-owned social media app TikTok remains the subject of a US security investigation, and the Defense Department is considering how to educate military personnel about the risks the app might pose, Military Times reports.

The New Yorker looks at how dogs help investigate cybercrime.

Notes.

Today's issue includes events affecting China, Estonia, European Union, Hungary, India, Russia, Spain, Taiwan, United Kingdom, United States.

Bring your own context.

Social engineers look for emotional vulnerability, and they often find it in social media.

"And so people are very honest about some of the best, right? They - you know, they put up a really plausible screen - oh, I'm, you know, traveling in Bali this year. Or, oh, I just had my honeymoon. Everything's wonderful and beautiful, right? Oh, I just got a promotion. But Facebook is also used for the inverse. When people are at their lowest, they'll post and they'll say, I'm really looking for help. I'm really looking for prayers. I could really use some friends who I haven't talked to in a while. You could log onto Facebook right now and search for certain keywords and go through profiles and find someone who's at the lowest point in their life right now."

—J. Bennett, from Signifyd, on Hacking Humans, 10.31.19.

Grief, anxiety, fear: their expression online draws scammers.

We incorrectly referred to the Canadian Territory of Nunavut as a "province" yesterday.

Meet the team of leading experts dedicated to making the world a safer place.

If cybersecurity is important to your business (and of course it is), work with the team whose entire mission is to make the world a safer place for everyone. Based on years of law enforcement and military experience, our team pulls and analyzes the best data and delivers it in the most actionable format. Get human-curated, in-depth analysis, layered on top of the most comprehensive, exclusive sets of data from the Deep and Dark Web. 

In today's CyberWire Daily Podcast, out later this afternoon, we speak with our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin discusses AT&T’s claims that they cannot be sued for selling location data to bounty hunters. 

Recorded Future's latest podcast, produced in partnership with the CyberWire, is up. In this episode, "Municipalities Face Unique Cybersecurity Challenges," Margaret Byrnes of the New Hampshire Municipal Association and Joe Howland of VC3 join us to discuss the unique security challenges faced by municipalities.

Cyber Security Summits: November 6 in Boston and November 21 in Houston (Boston, Massachusetts, United States, November 6, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Google, IBM, Verizon, Center for Internet Security and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Your full day’s attendance will earn you 6 CEUs. Passes are limited, secure yours today: www.CyberSummitUSA.com

NXTWORK 2019 (Las Vegas, Nevada, United States, November 11 - 13, 2019) Join us at NXTWORK 2019 to learn, share, and collaborate with GameChangers from companies across the networking industry. This year’s event features keynotes from Juniper executives, as well as special guest speaker Earvin “Magic” Johnson, along with 40+ breakouts and master classes led by Distinguished Engineers, as well as various opportunities for certification testing and training.

Cyber Attacks, Threats, and Vulnerabilities

Analysis | An Indian nuclear power plant suffered a cyberattack. Here’s what you need to know. (Washington Post) Authorities don't seem to understand the real threat from cyberoperations.

Cyber attack hits Spanish companies including radio network (Reuters) A cyber attack has hit Spanish companies including Cadena SER radio, Spain'...

Ransomware Attacks Hit Everis and Spain's Largest Radio Network (BleepingComputer) Everis​, an NTT DATA company and one of Spain's largest managed service providers (MSP), had its computer systems encrypted today in a ransomware attack, just as it happened to Spain's largest radio station Cadena SER (Sociedad Española de Radiodifusión).

India state denies WhatsApp hack amid outrage (BBC News) The names of those targeted have caused activists to accuse the government of involvement.

India’s slow churn into a surveillance society (Gulf News) Reports of snooping into WhatsApp of top rights activists, politicians has come as a shock

LendingCrowd reports data breach (Finextra Research) On Wednesday 30 October, LendingCrowd discovered a data security incident resulting in unauthorised access to the personal data of a subset of investors.

Concerns rise over possibility Chinese could use TikTok to collect troops’ data (Military Times) The Treasury Department has opened a review into whether TikTok, a Chinese-owned social media platform, is a national security threat.

Your hacked Facebook account may be bankrolling scam ad campaigns (CNET) One campaign tried to use a person's credit card to spend $10,000 a day on Facebook scam ads.

Hackers Can Use Lasers to ‘Speak’ to Your Amazon Echo (Wired) By pointing lasers tuned to a precise frequency at a smart assistant, researchers could force it to unlock cars, open garage doors, and more.

Report: Asus Router App Leaks Customer Data and Exposes Alexa Users (vpnMentor) Led by Noam Rotem and Ran Locar, vpnMentor’s research team discovered a data leak in the AsusWRT, a web-based app from Asus that allows

Vendor Email Compromise is Latest Identity Deception Attack (SecurityWeek) Vendor email compromise is a troubling new trend in which fraudsters use hijacked employee email accounts to target not just one company, but entire supply chain ecosystems.

To Err is Human. To Squat is Criminal (SecurityWeek) Lookalike domain names are often used in a phishing emails, masquerading as a link to a legitimate website and encouraging the recipient to click.

Vulnerability Summary for the Week of October 28, 2019 (CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerability Summary for the Week of October 28, 2019 (CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Security community tools help intruders (TechRadar) Are researchers helping criminal groups?

Security Patches, Mitigations, and Software Updates

EU patches 20-year-old open source vulnerability (ComputerWeekly.com) Ethical hackers taking part in a bug bounty programme on behalf of the European Union have uncovered a 20-year old, previously undiscovered vulnerability

Cyber Trends

Top 9 Cybersecurity Trends for 2020 (Booz Allen) Get expert insights into the cyber threats that could change the face of cybersecurity in 2020.

Security Threat Report for 2020. (Sophos) See what is ahead for cybersecurity in 2020 with the annual Sophos Security Threat Center report.

Avira CEO: Smart Devices Creating an Exponential Increase in Online Security Threats (Precise Security) Travis Witteveen, the CEO of Avira Antivirus, kindly agreed to talk to PreciseSecurity.com about the main challenges the industry is currently facing.

FireEye Research Reveals 51% of Organizations Don’t Believe They are Ready for or Would Respond Well to a Cyber Attack or Breach (FireEye) Inaugural FireEye Cyber Trendscape Report provides direct insights to help organizations benchmark their cyber security initiatives

Europol: Spear phishing the most prevalent cyber threat affecting orgs across the EU (Help Net Security) Spear phishing is the number one attack vector and enabler for the vast majority of cybercrimes, a Europol report reveals.

Risky transactions on mobile devices increase 138% since 2017 (Help Net Security) Since 2017, the percentage of suspected fraudulent transactions from mobile devices increased 138%, iovation survey reveals.

Can You Trust Security Vendor Surveys? (SecurityWeek) Given the difficulties in designing, conducting and interpreting vendor surveys, it is necessary to question the value of them, both individually and collectively.

Marketplace

Sumo Logic acquires JASK to fill security operations gap (TechCrunch) Sumo Logic, a mature security event management startup with a valuation over $1 billion, announced today that it has acquired JASK, a security operations startup that raised almost $40 million. The companies did not share the terms of the deal. Sumo’s CEO Ramin Sayar says the combined compani…

JASK buy may boost security analytics in Sumo Logic SIEM (SearchITOperations) Consolidation between IT monitoring and security operations tools continues as Sumo Logic folds in JASK, which some customers hope will improve its SIEM security analytics and keep pace with Elastic and Splunk.

Akamai Technologies Completes Acquisition of Exceda (PR Newswire) Akamai Technologies Inc., (NASDAQ: AKAM), the intelligent edge platform for securing and delivering digital...

Thrive Expands into the Mid-Atlantic with EaseTech (PR Newswire) Thrive, a premier provider of NextGen Managed Services, is proud to announce that it has acquired EaseTech, a...

TikTok seeks to join tech fight against online terrorism (TheHill) TikTok, the massively popular Chinese-owned social media app that has recently attracted national security concerns from top lawmakers, is seeking to join the consortium of U.S.

New DISA Contracts To Focus On Cell Phone Protection (Breaking Defense) DISA will offer industry multiple contract opportunities to provide third-party tools to defend against malware and Zero Day attacks.

What Cisco's chief information security officer says about risk (Silicon Valley Business Journal) Steve Martino describes his role as Cisco Systems’ chief information security officer as being the “voice of balance” — helping the business balance risk management with its need for revenue growth.

Mimecast opens new London headquarters in Broadgate (West) Mimecast services limited, a leading email and data security company, announced the opening of its new UK head-office in 1 Finsbury Avenue at Broadgate in London.

Products, Services, and Solutions

Qualys and Microsoft Partner to Help Customers Secure Azure (Qualys) Embedded integration provides built-in security for Azure workloads and container orchestration with no software to deploy or update

Fortinet Expands Integration of Cloud Security Offerings with Microsoft Azure to Provide Advanced Protection (West) Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated and automated cybersecurity solutions, today announced the expansion of the Fortinet Security Fabric’s dynamic-cloud security offerings with Microsoft Azure, providing customers with an easier way to connect, manage and protect their cloud workloads on Microsoft Azure.

Secureworks® SaaS Application Helps Customers Detect Even More Threats with Microsoft Defender Advanced Threat Protection (Secureworks) Secureworks' cloud-native Red Cloak™ Threat Detection & Response uses Microsoft Defender Advanced Threat Protection to improve detection of advanced attacks across endpoints, networks, cloud and business systems.

IGEL’s Linux-Based Edge OS to Support Microsoft Windows Virtual Desktop (IGEL) IGEL, provider of a next-gen edge OS for cloud workspaces, today announced from Microsoft Ignite that its Linux-based IGEL OS will support Microsoft Windows Virtual Desktop customers, enabling enterprises to centrally manage, control and secure thousands of endpoint devices. As a supporting vendor for Microsoft Windows Virtual Desktop value-added partner…

WatchGuard Brings Secure Wi-Fi to the Outdoors with New Ruggedized Wi-Fi Access Point (West) The WatchGuard AP327X is a new IP67-rated Wi-Fi access point (AP) with four N-Type connectors to support a variety of external antennas.

Nets enables mobile payments for OmaSp customers (Front page) Payments carried out with smartphones are becoming more common by the day and mobile payment solutions are now expected to be part of basic service offering of banks. Nets’ Life Cycle Management services enable fluent deployment of mobile payments both for banks and their clients, at the same time freeing issuers’ resources.

RedSeal Expands Hybrid Network Modeling Capabilities to Include Google Cloud Platform (West) Organizations can see access and prioritize vulnerabilities across network environments

Rippleshot Gives Community Banks and Credit Unions Competitive Edge with AI-Driven Fraud Protection (West) Rippleshot, a fraud analytics software company, has launched Rules Assist™, an AI-driven decision rules analytics solution to empower community banks and credit unions in the fight against emerging fraud trends.

Fingerprints - Fingerprint Cards launches plug & play biometric sensor module for the access control market (Fingerprints) Easy-to-integrate module minimizes time to market for physical and logical access

Powershell v6.2 Beginners Guide and TutorialArtificial Intelligence and Machine Learning for the fundaments of 5G Network Monitoring (PRWeb) A majority of attacks take advantage of outdated systems and third-party applications, exploiting known vulnerabilities. On May 24, 2019, threat intelligence

VMware Workspace ONE Delivers Day Zero Employee Experiences, Enabling IT and HR to Accelerate New Hire Time to Productivity (West) End-to-end Zero Trust Access Control and Privacy Guard Encourage Employee Engagement

VMware Expands Reach of VMware Cloud on AWS for Cloud Providers and MSPs with VMware Cloud Director Service (West) New SaaS Solution Brings Multi-Tenancy to VMware Cloud on AWS,

VMware and Microsoft Continue to Partner to Deliver Greater Impact to Customers Across Client, Cloud and Data Initiatives (West) VMware Introduces Workspace ONE for Microsoft Endpoint Manager to Enable Modern Management for Windows 10

VMware Unveils Project Maestro, A Telco Cloud Orchestrator, To Help CSPs Accelerate Multi-Cloud Operational Agility (West) Cloud-First Solution Will Unify Orchestration and Automation Across Any Network and Any Cloud

VMware SD-WAN Delivers a Comprehensive Secure Access Services Edge (West) VMware’s Unique Hyperscale SD-WAN Architecture Enables High Performance and More Secure Connectivity to a Network of Cloud Services Powering the Distributed Enterprise

VMware Cloud On AWS Helps Customers Across Europe Migrate and Modernize Applications (Yahoo) Today at VMworld 2019 Europe, VMware, Inc. (NYSE: VMW) announced VMware Cloud on AWS will be launching in the AWS EU (Stockholm) region,.

VMware Announces New Security Solutions to Bring Intrinsic Security to the Modern Distributed Enterprise (West) VMware Empowers Customers to Implement Security that Delivers Automated, Pervasive, and Proactive Protection to Critical Apps, Data and Users Regardless of Where They Reside

In new AI platform, Booz Allen sees alternative to the 'Black Box' (Washington Technology) Booz Allen Hamilton has pulled the cover off its new artificial intelligence platform and wants clients to know exactly what they are getting after all is revealed.

Malwarebytes 4.0 Released With New UI and Scanning Engine (BleepingComputer) Malwarebytes has released version 4.0 of their flagship antivirus product and with it comes a new scanning engine, a new user interface, threat statistics and more.

Garland Technology Provides Added Resiliency for High Speed Networks with New EdgeSafe(TM): 100G Bypass Modular Network TAP (Olean Times Herald) Garland Technology, a leading provider of network test access point (TAP), packet broker, and cloud visibility solutions, today announced the release of the

Stratejm, North America's Premier Security-As-A-Service (SECaaS) Platform Provider, Announces Partnership with CyGlass to Expand its Security Service Portfolio (PR Newswire) CyGlass Inc., a SaaS AI-driven network-centric threat detection solution, and Stratejm Inc.,...

Cybera and Apex Join Forces to Accelerate Time-to-Profit for Retailers (PRWeb) Cybera, the leader in SD-WAN application network and security services for the network edge, is partnering with Apex Supply Chain Technologies to delive

Appdome and VMware Partner to Help Customers Accelerate Digital Transformation (PR Newswire) VMworld Europe 2019 -- Appdome, the mobile industry's first no-code mobile solutions platform,...

Technologies, Techniques, and Standards

On the front line in Europe’s war against Russian election interference (The Telegraph) As another General Election looms, the battle for No 10 will fundamentally be fought and won online.

A Plan to Engage Hackers in Election Security (Nextgov.com) The Information Technology-Information Sharing and Analysis Center wants to create a coordinated vulnerability disclosure program that could alert vendors about security flaws in their voting systems.

How RackTop Systems is looking into election data security (Yahoo) As we sit just one year away from the highly anticipated 2020 Election, some tech and security experts are growing worried over how the government, political party sectors, and social media companies are working to secure election data going forward. RackTop Systems CEO Eric Bednash discusses with Yahoo Finance's Jen Rodgers and Myles Udland.

Analysis | The Cybersecurity 202: Feds and police are war-gaming all the ways an election can be hacked (Washington Post) Voting machines aren't the main target.

As Dominion, others target 80-year nuclear plants, cybersecurity concerns complicate digital upgrades (Utility Dive) Nuclear reactors need new digital controls as part of a push to avoid retirement, but cybersecurity concerns and high costs complicate the transition from analog.

Pentagon publishes AI guidelines (Naked Security) As the specter of warrior robots looms large, the Pentagon has published a set of ethical guidelines for its use of artificial intelligence.

People are the very first element in a pragmatic cybersecurity strategy (Help Net Security) The Aventium survey findings point to the continued criticality of the human element in identifying and addressing cyber threats.

Design and Innovation

Google's quantum supremacy is real, now we urgently need quantum-safe encryption, says UKNQT's Sir Peter Knight (Computing) 'There's a lot at stake in rewiring the world in terms of encryption and we all depend on getting it right',

Legislation, Policy, and Regulation

The Zero-Day War? How Cyber is Reshaping the Future of the Most Combustible Conflicts (Nextgov.com) Recent history has shown that states often use their offensive cyber arsenals to achieve surprisingly de-escalatory effects.

US and Taiwan hold first joint cyber-war exercise (BBC News) It comes after Taiwan said it suffered millions of cyber-attacks from mainland China each month.

Russia enacts 'sovereign internet' law, free speech activists cry foul (Reuters) A law known as the "sovereign internet" bill came into force on Friday...

Hungarian minister opens door to Huawei for 5G network rollout (Reuters) Hungary's foreign minister opened the way on Tuesday for Chinese telecoms g...

FCC Freaks Out About Huawei, But Ignores The Internet Of Broken Things (Techdirt.) Despite a lack of public evidence proving Huawei spies on American citizens (the entire justifying cornerstone of the effort), the FCC this week just dramatically escalated the Trump administration's blackballing of Chinese telecom firms. In a...

Litigation, Investigation, and Law Enforcement

Russia Steps Up Efforts to Shield Its Hackers From Extradition to U.S. (Wall Street Journal) The Kremlin is resorting to prisoner swaps and coercion to keep potential cyber operatives out of U.S. hands, experts say.

Activist asks Indian court to order probe into WhatsApp over hacking scandal (Reuters) A right-wing social activist in India filed a petition asking the country's...

WhatsApp snooping row: US court issues warrants against NSO Group over spyware (India Today) The warrants have been issued in case of sending malware ‘Pegasus’ to approximately 1,400 mobile phones globally. The warrants were issue by the northern district court of California on Friday after WhatsApp filed a civil suit against the two cyber intelligence companies.

British couple who sparked Google’s £2.1bn EU fine take battle to US competition authorities (The Telegraph) US competition authorities investigating Google have taken evidence from the British company whose original complaint led to the EU’s multi-billion euro fine against the search giant.

Oregon judge ordered woman to type in her iPhone passcode so police could search it for evidence against her (Oregon Live) The Oregon Court of Appeals upheld the order for the code -- in a first-of-its-kind opinion for an appeals court in this state. It's likely to make it easier for Oregon police to gain access to contents of a suspect's cellphone.

Ocasio-Cortez Settles Twitter Blocking Case, Restoring Critic's Access but Asserting Her Right to Exclude 'Harassers' (New York Law Journal) In her statement, Ocasio-Cortez noted that she could still block other users if necessary. She has previously said she doesn’t block any constituents and had blocked fewer than 20 accounts altogether.

Tom Steyer aide resigns after stealing Kamala Harris' SC 2020 volunteer data (Post and Courier) Steyer's deputy S.C. state director Dwane Sims used his access to a voter file as a former S.C. Democratic Party staffer to export the valuable data and was promptly caught

Sit, Stay, Fight Cybercrime (The New Yorker) A yellow lab named Hannah belongs to a new group of police dogs trained to catch child pornographers by sniffing out electronics.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

AdvaMed Cybersecurity Summit (Arlington, Virginia, USA, November 6, 2019) The AdvaMed Cybersecurity Summit brings together experts across the device security spectrum. Experts will provide in-depth and timely updates on the state of medical device cybersecurity, including issues...

Chicago Suburbs Cybersecurity Conference (Chicago, Illinois, USA, November 6, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

SINET Showcase (Washington, DC, USA, November 6 - 7, 2019) SINET Showcase provides a platform to identify and highlight “best-of-class” security companies that are addressing the most pressing needs and requirements in Cybersecurity. Each year, SINET evaluates...

Health Data Stewardship & Privacy Summit (Arlington, Virginia, USA, November 7, 2019) AdvaMed’s inaugural Health Data Stewardship & Privacy Summit will bring together leading experts and health care industry stakeholders to explore the current data privacy landscape and forecast what may...

ACSC 2019: Collaborate (Boston, Massachusetts, USA, November 7, 2019) The 2019 Annual Conference is a chance for ACSC members and people from the New England cybersecurity community to come together and share information, network, and learn about the latest information in...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.