skip navigation

More signal. Less noise.

How to Build a Security Operations Center (SOC) on a Budget

Get an in-depth look at how organizations with limited resources can set up a successful operations center for monitoring, detecting, containing, and remediating IT threats across applications, devices, systems, networks, and locations. Get all 5 Chapters in 1 eBook. Download your free copy now

Daily briefing.

Unrest in Hong Kong continues, as do lawfare and information operations waged from Beijing. The Internet Society has protested a ruling by the Hong Kong High Court that effectively criminalizes using the Internet for communications not in the government's interest. The proscribed communications are ones that, nominally, promote violence, but the ruling seems more expansive than that. It's also likely, the Internet Society believes, to exert a chilling effect on online communications, with attendant pressure on platforms to err on Beijing's side when they perform content moderation.

And, in the face of widespread takedowns of coordinated inauthenticity, Quartz reports that Beijing's line on Hong Kong is being circulated through an unlikely channel: Pornhub, which is exactly what its name suggests. Much of this activity seems the work of centrally inspired but independently operating patriotic actors.

Trend Micro describes renewed activity by APT33, the suspected Iranian threat group active against oil, gas, and defense targets.

Researchers at Intezer and IBM's X-Force describe a new ransomware strain, PureLocker, which attacks enterprise production servers. PureLocker, the researchers believe, is associated with the criminal groups Cobalt Gang and FIN6, who are thought to have obtained it on the black market from a malware-as-a-service provider.

Facebook's Community Standards Enforcement Report says the social network took down tens of millions of pages whose contents violated its community standards, proscribing terrorist inspiration, child exploitation, bullying, and incitement to suicide or self-harm, among other things. Facebook also offered examples of how it draws the line on impermissible content.


Today's issue includes events affecting Canada, China, European Union, France, India, Iran, Israel, Sri Lanka, Russia, United Kingdom, United States.

Bring your own context.

PKPLUG, and what the Chinese espionage campaign using it is up to.

"Once again, the elements of who was targeted were again related to the interests of the PRC, but didn't seem to be against other governments, that did have sort of an activist theme, though, targeting Uyghurs, the Turkic ethnic group that's largely in north, sort of, eastern China – excuse me, northwestern China. The themes that we were seeing around how they were tricking people into installing this on their Android phone were related to Uyghur messages, as well as we saw an element inside of the malware – it would only steal data from the phones basically when it saw that they had a prefix code on them that was the Chinese prefix code. So they weren't looking to target people outside of China. They were looking to target Uyghurs and they were using Islamic themes to identify them when sending these out, and then only trying to steal from their phones. Which is – this is a pretty significant jump from the kinds of activity that we'd seen in the past, but we were able to connect it through the infrastructure that was used, the infrastructure and some of the other tactics, to say that these were related attacks."

—Ryan Olson, vice president of threat intelligence for Palo Alto Networks and head of Unit 42 on the CyberWire's Research Saturday Podcast, 11.9.19.

Not all surveillance is directed against foreign adversaries.

Do you know where the bad guys are getting in and what they are doing to put you at risk?

Today, it’s not enough to know what’s happening IN your network. Organizations must have situational intelligence as to what’s happening outside their environment - who’s targeting them, how are they behaving, and who’s working together to put your company at risk? Wherever those bad actors are, we’ll find them. ​We provide expert endpoint protection, risk management, and threat intelligence for large enterprises and government agencies worldwide. 

In today's Daily Podcast, out later this afternoon, we speak with our partners at Accenture, as Justin Harvey discusses the increasing use of biometrics in security. Our guest is Jennifer Ayers from CrowdStrike, who takes us through their Overwatch threat hunting report.

And Hacking Humans is up. In this episode, "Skepticism is the first step," Joe shares stories of typo-squatting. Dave reminds us of warnings against responding to malicious email, even just for fun. The catch of the day is from a listener, leading on a romance scammer. Carole Theriault returns with an interview with Chris Olson from The Media Trust on how targeted advertising can enable election interference.

Cyber Security Summits: November 21 in Houston and December 5 in Los Angeles (Houston, Texas, United States, November 21, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The US Department of Homeland Security, The FBI, US Department of Justice, Verizon, Center for Internet Security and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Your full day’s attendance will earn you 6 CPEs / CEUs. Passes are limited, secure yours today:

Cyber Attacks, Threats, and Vulnerabilities

Sri Lankans fear violence over Facebook fake news ahead of election (the Guardian) Facebook’s decision to allow politicians to promote content already rated false by factcheckers has been widely condemned

Labour suffers second cyber-attack in two days (the Guardian) Party understood to be subject of second distributed denial of service (DDoS) attack on Tuesday afternoon

Facebook reports it took action against tens of millions of posts for breaking rules on hate speech, harassment and child exploitation (Washington Post) Facebook took action against tens of millions of posts, photos and videos over the past six months for violating its rules that prohibit hate speech, harassment and child sexual exploitation, illustrating the vast scale of the tech giant’s task in cleaning up its services from harm and abuse.

Community Standards Enforcement Report, November 2019 Edition (About Facebook) We’re publishing the fourth edition of our Community Standards Enforcement Report, detailing our work for Q2 and Q3 2019.

Facebook Transparency Report | Community Standards (Facebook Transparency) Facebook regularly publishes reports to give our community visibility into community standards enforcement, government requests and internet disruptions...

China's Belt and Road Initiative can drive cyber espionage in 2020 (Business Today) The report, 'The road ahead: Cyber security in 2020 and beyond', states that recent cyber espionage activities related to the BRI have targeted many governments, transportation, energy, defense, space, media and telecommunications sectors.

China’s messaging against the Hong Kong protests has found a new outlet: PornHub (Quartz) Unwelcome on Twitter and YouTube, resourceful Chinese patriots are putting their videos condemning Hong Kong protesters on another extremely popular platform.

WannaMine v4: Analysis & Remediation (CrowdStrike) This blog provides deep insight into the world of mineware through an in-depth discussion of one of the most notorious mineware variants, WannaMine v4.

More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting (TrendLabs Security Intelligence Blog) The threat group APT33 is known to target the oil and aviation industries aggressively. Our recent findings show that the group uses about a dozen live Command and Control (C&C) servers for extremely narrow targeted malware campaigns against organizations in the Middle East, the U.S., and Asia.

TPM-FAIL Security Flaws Impact Modern Devices With Intel CPUs (BleepingComputer) Researchers discovered two new vulnerabilities known as TPM-FAIL in Intel firmware-based TPM (fTPM) and STMicroelectronics' TPM chips that could be used by hackers to steal their targets' cryptographic keys.

WPI researchers discover vulnerabilities affecting billions of computer chips ( Worcester Polytechnic Institute (WPI) security researchers Berk Sunar and Daniel Moghimi led an international team of researchers that discovered serious

New ZombieLoad v2 Attack Affects Intel's Latest Cascade Lake CPUs (The Hacker News) ZombieLoad variant 2 of the side-channel MDS vulnerabilities affects the most recent Intel CPUs, including the latest Cascade Lake, which are otherwise resistant against attacks like Meltdown, Foreshadow and other MDS variants (RIDL and Fallout)

Unconventional PureLocker ransomware attacking enterprise servers discovered by researchers (Computing) The PureLocker ransomware appears to have links with a malware-as-a-service provider

PureLocker Ransomware Can Lock Files on Windows, Linux, and macOS (BleepingComputer) Cybercriminals have developed ransomware that can be ported to all major operating systems and is currently used in targeted attacks against production servers.

Researchers discover massive increase in Emotet activity (Help Net Security) Emotet, a modular banking Trojan, had a 730% increase in activity in September after being in a near dormant state, Nuspire discovered.

Lateral phishing makes for dangerous waters, here's how you can avoid getting caught in the net (Help Net Security) Lateral phishing techniques are highly effective. When hackers impersonate someone that the recipient knows, said recipient tends to lower her or his guard.

Facebook admits iOS 'bug' that enabled its app to access iPhone cameras (Computing) It was a complete mistake, honest, swears Facebook

Apple pulls Instagram-watching app from store (Naked Security) Apple has yanked an app from its iTunes App Store that allowed Instagram users to follow their friends’ activities on the social network.

How much does it cost to launch a cyberattack? (CSO Online) Just like in regular business, cyber criminals have a cost of operation and a return on investment to worry about. Unfortunately, a new report from Deloitte has found the cost of committing cyber crime is incredibly low.

Hackers Deploying Analytics for Better Phishing Aim (Credit Union Times) Cyberattackers often make use of commercially available tools and techniques as well as their dark web kits.

UK Home Office app for EU citizens easy to hack (Financial Times) Phone numbers, addresses and passport details of more than 1m are vulnerable, say researchers

Perth agent targeted in $70k scam (PerthNow) Scammers have stolen $70,000 in two separate rip-offs by cloning a Perth settlement agent’s email during a real estate transaction.

Security Patches, Mitigations, and Software Updates

Intel releases updates to plug TPM-FAIL flaws, foil ZombieLoad v2 attacks (Help Net Security) Intel has patched a slew of high-profile, dangerous vulnerabilities in their chips and drivers - TPM-FAIL flaws, ZombieLoad v2 attacks.

Adobe squashes critical vulnerabilities in Illustrator CC, Media Encoder (ZDNet) The worst bugs resolved this month can result in code execution.

Cyber Trends

Proficio Announces Results from Survey of CHIME CIOs on the State of Cybersecurity in Healthcare (West) Nearly Half of Respondents Do Not Have Executive Dashboards Showing Their Overall Security Posture

2019 Trust Report (Synack) In today's world, consumers are demanding trust from the products that they love, and security has become a core piece of providing consistent, positive customer experiences.

Financial Institutions on the Hook for Data Breaches this Holiday Shopping Season (PR Newswire) Fears of data loss, identity theft and fraud are leaving American consumers on edge this holiday season, and they're prepared to hold their...

Cyber Security Cloud Survey 2019 (CloudVector) Cyber Security & Cloud Expo Survey: Cloud Adoption Soars, but Security Struggles Cloud migration has become ubiquitous and most organizations are

Healthcare Malware Infections Soar 60% from 2018 (Infosecurity Magazine) Healthcare Malware Infections Soar 60% from 2018. Malwarebytes warns of Trojan deluge

Education sector worst hit by cyber threats from July-Sept: Seqrite (The Economic Times) Targeting the education sector indicates a major shift in the sector-wise priorities amongst cybercriminals and underscores a willingness to exploit the weaker security infrastructures at educational institutions to create maximum disruption. Other industries that remain at high risk include manufacturing, BFSI, media and entertainment, and professional services.


Hampleton Partners | Race to lock down cybersecurity vendors intensifies as more technologies at risk, says Hampleton Partners’ M&A report (RealWire) IoT network expansion grows potential entry points for cyber-attackersLondon, 14 November 2019 - The cybersecurity sector’s largest ever deal, Broadcom’s landmark acquisition of Symantec for $10

Tech Data to be acquired by private equity firm for $5.4bn (CRN) Rich Hume will continue in role as CEO as distie taken into private ownership

Cybrary Lands $15 Million Series B Round to Train Cybersecurity Workforce (EdSurge) Ryan Corey remembers when his business plan would get him and his team laughed out of a room with potential investors. Back in 2015, when the Cybrary ...

Mimecast Announces Acquisition of DMARC Analyzer (Financial Buzz) Mimecast Limited (NASDAQ: MIME), a leading email

Capstone Headwaters Advises GC&E Systems Group on its Acquisition by Bristol Bay Native Corporation | Capstone Headwaters (Capstone Headwaters) Capstone Headwaters, a leading international investment banking firm, advised Atlanta-based GC&E Systems Group (“GC&E”) on its acquisition by Bristol Bay Native Corporation (“BBNC”), headquartered in Anchorage, Alaska.  Terms of the deal were not disclosed.

WSJ News Exclusive | Carl Icahn Makes Case for Xerox-HP Union (Wall Street Journal) Activist investor Carl Icahn is pushing for the proposed merger of Xerox and HP. He revealed a stake in HP that could increase pressure for a tie-up.

Airbus Launches Human-Centric Cybersecurity Accelerator (Infosecurity Magazine) Airbus will work in collaboration with the NCSC on the new initiative

It's official: Microsoft's regional artificial intelligence hub has a home in Louisville (The Courier-Journal) According to a recent report from the Brookings Institution, Louisville ranks eighth among metropolitan areas in risk of losing jobs to automation.

Twitter spy scandal a wake-up call for companies to clean up their data access acts (CSO Online) Two Twitter employees accessed user data on behalf of the Saudi government. Neither should have had access, and this is a sign of a bigger problem at all companies.

Resignation at GitLab Highlights Concerns Over Corporate Espionage (Wall Street Journal) Candice Ciresi resigned from her position as director of global risk and compliance at the San Francisco-based software-development startup following a brouhaha that began last month over how the company handled client concerns about data privacy.

Products, Services, and Solutions

Tech Data Opens Cyber Range to Champion Cybersecurity Training, Demonstration and Engagement (BusinessWire) Tech Data Opens Cyber Range to Champion Cybersecurity Training, Demonstration and Engagement

StackRox – Unique Innovations for Hardening Kubernetes · StackRox: Cloud-Native, Container, and Kubernetes Security (StackRox) StackRox Kubernetes Security Platform upgrade enables customers to better harden Kubernetes and container environments

BehavioSec Accelerates Authentication and Usability Performance in Latest Behavioral Biometrics Platform Release (BusinessWire) BehavioSec today announced enhanced performance features as part of the newest release of the BehavioSec Behavioral Biometrics Platform.

Brave Launches Next-Generation Browser that Puts Users in Charge of Their Internet Experience with Unmatched Privacy and Rewards (Brave Browser) Brave Software, makers of the innovative Brave browser which combines privacy with a blockchain-based digital advertising platform, today announced the official launch of Brave 1.0.

Blue Cedar Accelerator for Microsoft Leverages Microsoft Intune Integration to Speed Security Injection for Enterprise Mobile Apps (BusinessWire) Blue Cedar, the company that provides rapid, no code mobile app security integration to enterprises and independent software vendors (ISVs), today ann

Neone Launch Makes Social Media Fun, Safe and Private Again (BusinessWire) Neone Inc, a company on a mission to make social media fun, safe and private again, today launched a private, secure and ad-free social media service

Portnox Introduces Okta SAML Integration for Cloud-Delivered Network Access Control Platform (BusinessWire) Portnox, which supplies network access control, visibility and device risk management to organizations of all sizes, today announced its newest integr

Technologies, Techniques, and Standards

‘GridEx’ offers stiff security test for an industry that welcomes the challenge (CyberScoop) Every two years, power-grid authorities throw the kitchen sink of digital and physical mayhem at electric utilities and government organizations across North America.

AI Is Not Real: How Intelligent Is Artificial Intelligence? (International Business Times) Despite its popularity both in consumer technology and in popular fiction, experts believe that AI is not real.

IRS to Mount Epic Cyber-Safety Campaign (Infosecurity Magazine) Cyber Monday will mark the beginning of an extensive cybersecurity campaign by the IRS

Design and Innovation

China’s Lead in the AI War Won’t Last Forever (Bloomberg) Artificial intelligence will be very useful in controlling a police state. But a police state may not be very good at controlling artificial intelligence.

EXCLUSIVE Pentagon’s AI Problem Is ‘Dirty’ Data: Lt. Gen. Shanahan (Breaking Defense) The military has all the data it needs to train machine learning algorithms for war – somewhere. Now the Joint AI Center has to find it all and clean it up. The goal: AI Ready data.

Research and Development

DHS Awards Funds for Blockchain Security Technology (SIGNAL Magazine) The Department of Homeland Security Science and Technology Directorate has a contract to develop blockchain security technology to prevent credential fraud.

IARPA Awards Contract to Company that Harvests Social Media Text, Data (The Sociable) IARPA awards a research contract for extracting data from text to Raytheon BBN, which harvests the text of social media postings and other data.

Legislation, Policy, and Regulation

French government forms cybersecurity pact with major French companies (Reuters) The French government signed on Thursday a three-year cybersecurity pact with ei...

Why agencies need to work together to defend forward (Fifth Domain) The Department of State has demonstrated that it can help the Department of Defense in cyberspace.

House panel mulls new election tech specs (FCW) The House Science, Space and Technology Committee will mark up new legislation Nov. 14 that would mandate new research into voting machine cybersecurity vulnerabilities and update the way the government certifies such equipment.

Report: Election vendors are 'prime targets,' need oversight (WHAM) The private companies that make voting equipment and build and maintain voter registration databases lack any meaningful federal oversight despite the crucial role they play in U. S. elections, leaving the nation's electoral process vulnerable to attack, according to a new report. The Brennan Center for Justice on Tuesday issued the report, which calls on Congress to establish a framework for federal certification of election vendors.

The USPTO wants to know if artificial intelligence can own the content it creates (The Verge) Can an algorithm create copyrightable work?

Chad Wolf sworn in as acting Department of Homeland Security chief, Ken Cuccinelli to be acting deputy (Washington Post) Wolf, the fifth person to hold the top DHS job under Trump, was opposed by Democrats for his role in family separations at the U.S. southern border.

Litigation, Investigation, and Law Enforcement

Internet Society Deeply Concerned about Interim Injunction Ordered by Hong Kong High Court (Internet Society) The Internet Society and the Internet Society Hong Kong Chapter are deeply concerned about the recent interim injunction (High Court Intended Action 202/2019) ordered by the Hong Kong High Court and the effects it might have on the operation of Internet infrastructure and online communications. The Internet Society is troubled by actions like this that …

Analysis | The Technology 202: Disinformation campaigns targeting veterans are in the spotlight on Capitol Hill today (Washington Post) One group's spokesman says it's acting as 'unpaid consultant' to Facebook

Google: You can trust us with the medical data you didn’t know we already had [Updated] (Ars Technica) Google has 50M people's medical records but won't merge them with other Google data.

Analysis | The Cybersecurity 202: Schiff hammers Trump’s Crowdstrike conspiracy theory at impeachment hearing (Washington Post) The GOP didn't name check the firm, for once.

U.S. demands for Facebook user data are at record levels (TechCrunch) Facebook’s latest transparency report is out. The social media giant said the number of government demands for user data increased by 16% to 128,617 demands during the first half of this year compared to the second half of last year. That’s the highest number of government demands it ha…

Breach affecting 1 million was caught only after hacker maxed out target’s storage (Ars Technica) Hacker's data archive file grew so big that the target's hard drive ran out of space.

Orcus RAT Author Charged in Malware Scheme (KrebsOnSecurity) In July 2016, KrebsOnSecurity published a story identifying a Toronto man as the author of the Orcus RAT, a software product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. This week, Canadian authorities criminally charged him with orchestrating an international malware scheme.

Russian man charged with running money-back-guaranteed criminal marketplace (Ars Technica) Cardplanet offered 150,000 cards and defrauded US holders of >$20 million.

Russia Fails to Stop Alleged Hacker From Facing US Charges (Wired) The repercussions over custody and extradition of Aleksei Burkov have set off a geopolitical maelstrom.

Google fires staffer, suspends two others, amid rising workplace tensions (Ars Technica) Workplace political battles are steadily eroding Google’s open culture.

One Google Staffer Fired, Two Others Put on Leave Amid Tensions (Bloomberg) Employee terminated for leaking names, details to media. Rifts with management roiling company known for openness.

Whistle-blower Edward Snowden slams China censorship of his book (South China Morning Post) References to China’s military cyber intelligence, Great Firewall and the Arab spring missing from simplified Chinese edition of his memoir Permanent Record.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Enfuse 2019 (Las Vegas, Nevada, USA, November 11 - 14, 2019) In a Zero Trust world, law enforcement, legal, and security professionals need to continuously augment and tune their skills. Join us at Enfuse 2019 to learn, teach, share and have fun while exploring...

SecureWorld Seattle (Seattle, Washington, USA, November 13 - 14, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...

Time Machine 2019 (Austin, Texas, USA, November 13 - 14, 2019) At Time Machine, you will actively engage with real-world AI applications. Hear from leaders on the cutting edge of technology, government, industry, academia, and the arts, and uncover the roadmap for...

QuBit Cybersecurity Conference (Sofia, Bulgaria, November 14, 2019) QuBit is a Cybersecurity Community Event connecting the East and West and it is already the 6th year on the cybersecurity market in CEE region. Based on the success in Prague, QuBit expanded further and...

Orlando Cybersecurity Conference (Orlando, Florida, USA, November 14, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.