skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

Louisiana continues its recovery from the ransomware attack it sustained Monday. Many services have been restored, but all seventy-nine of the state's Office of Motor Vehicle (OMV) locations remained closed throughout Tuesday, despite earlier estimates that they would reopen by midday. The delay is due to the fact that all of OMV's computers have to be reimaged, according to the Advocate. StateScoop says the attack involved the Ryuk ransomware. KPLC TV reports that the infestation originated with an "unauthorized download" on a state computer, which is no surprise at all.

Trustwave is tracking a spam campaign that uses a phony Windows update notification to distribute a malicious attachment that carries Cyborg ransomware. Cyborg, unfortunately, is easily used by anyone who gets a hold of the Cyborg Builder, which has been available on GitHub.

Hotel reservation company Gekko Group exposed terabytes of customer data in an unsecured Elasticsearch database, CNET reports.

Reuters has an account of the answers the US House Judiciary Committee has received so far in its antitrust inquiry into Big Tech. Facebook, Apple, Amazon, and Google were the companies who went under scrutiny.

Thomas Osadzinski, a computer science student at Chicago’s DePaul University, was arrested by the FBI and charged with writing code for ISIS. Specifically, according to ZDNet, he’s alleged to have been working on a Gentoo Linux distro intended to help the terrorist organization better handle their multimedia propaganda accounts. At least two of his online ISIS contacts turned out to be FBI, working under cover.


Today's issue includes events affecting Australia, Estonia, Isle of Man, Montenegro, New Zealand, Russia, Slovakia, Uganda, United Kingdom, United States.

Bring your own context.

How can you effectively test the security of an industrial environment without creating safety risks? "Purple-teaming" can be a more visible, collaborative process that retains many of the benefits of red-teaming.

"And that testing of the defensive people in real time is not what you get in purple-teaming. You do get that in red-teaming. But because you're moving it a little further over to the right and purple-teaming, you're getting much more collaboration and kind of education throughout the process versus what sometimes come off as a test – even though that's not always fair, there's a lot of red teams that do educate along the way. But hopefully that's kind of clear on the difference of, I'm going to emulate the threat, be adversarial, and we're going to test you, and you're gonna learn from that versus I'm going to think adversarial, show you what we could do, but we're going to handhold each other throughout this process and put a hyper-focus on the defense throughout it."

—Robert M. Lee, CEO and founder of Dragos, on the CyberWire Daily Podcast, 11.15.19.

Work with the world’s experts in Dark Web analysis.

Based on years of law enforcement and military experience plus current work with international agencies, ReSecurity’s Hunter Unit pulls and analyzes the best data and delivers it in the most actionable format. We provide human-curated, in-depth analysis layered on top of the most comprehensive, exclusive sets of data from the Deep and Dark Web. 

In today's Daily Podcast, out later this afternoon, we speak with our partners at Webroot, as David Dufour shares findings from their midyear threat report. Our guest is Bill Harrod from MobileIron, with thoughts on biometric data in the federal space.

The CyberWire's Caveat is up. In this week's episode, "Lessons learned from environmental legislation," Dave has a story about Google drawing the attention of HHS for gathering medical patient data. Ben shares news on the ability of the government to search your electronic devices at the border. Our guest is Bret Cohen, president and CEO from Tier 1 Cyber. He shares his insights on some of the parallels between data security and privacy laws and environmental legislation.

Cyber Security Summits: November 21 in Houston and December 5 in Los Angeles (Houston, Texas, United States, November 21, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The US Department of Homeland Security, The FBI, US Department of Justice, Verizon, Center for Internet Security and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Your full day’s attendance will earn you 6 CPEs / CEUs. Passes are limited, secure yours today:

CyberMaryland Job Fair, December 5, Baltimore. Visit ClearedJobs.Net or for details. (Baltimore, Maryland, United States, December 5, 2019) Cleared and non-cleared cybersecurity pros make your next career move at the free CyberMaryland Job Fair, December 5 in Baltimore. Meet face-to-face with leading cyber employers. Visit our site for more details.

Cyber Attacks, Threats, and Vulnerabilities

Oracle PAYDAY Attacks Put Thousands of Global Organizations at Risk of Financial Fraud and Theft (Onapsis) The Onapsis Research Labs has been working closely with Oracle Corporation's Security Response Team to fix several critical vulnerabilities in the Oracle E-Business Suite (EBS). The vulnerabilities, named PAYDAY, were initially patched in Oracle’s April 2018 Critical Patch Update (CPU) and subsequent vulnerabilities have been patched as late as the April 2019 CPU.

Report: Mobile Payments Provider Leaks Data of US Restaurant Diners Nationwide (vpnMentor) vpnMentor’s research team, led by Noam Rotem and Ran Locar, were recently informed of a huge lapse in security by PayMyTab that exposed the data of consumers

How WhatsApp found itself in the middle of an international spying row (The Telegraph) Did WhatsApp unwittingly expose a mass government spying operation around the world?

Password data for ~2.2 million users of currency and gaming sites dumped online (Ars Technica) Researcher confirms data belongs to users of Gatehub and EpicBot services.

PayMyTab data leak exposes personal information belonging to mobile diners (ZDNet) Data exposure was caused by an open AWS database.

Exposed database left terabyte of travelers' data open to the public (CNET) Exclusive: The database has information on hundreds of thousands of travelers, including credit card numbers, names and addresses.

Android Camera App Bug Lets Apps Record Video Without Permission (BleepingComputer) A new vulnerability has been found in the Camera apps for millions, if not hundreds of millions, of Android devices that could allow other apps to record video, take pictures, and extract GPS data from media without having the required permissions.

Fake Windows Update Spam Leads to Cyborg Ransomware and Its Builder (Trustwave) Recently, fake Microsoft Windows Update emails were spammed. The email, claiming to be from Microsoft, contains just one sentence in its email body which starts with two capital letters. It directs the recipient’s attention to the attachment as the “latest critical update”.

New Phoenix Keylogger tries to stop over 80 security products to avoid detection (ZDNet) Phoenix linked to more than 10,000 infections since the malware's launch on a hacking forum in July.

McDonalds-Themed Facebook Ads Serve Up Banking Trojans (Threatpost) The malware has backdoor functionality and the ability to steal payment cards and credentials.

Monero Project site compromised, served malware-infected binaries (Help Net Security) The official website of the Monero Project has been compromised to serve a malware-infected version of the CLI (command-line interface) wallet.

State OMV offices to stay closed Tuesday after ransomware attack ( BATON ROUGE, La. (NBC Local 33)(Fox44) – All Louisiana Office of Motor Vehicle offices will remain closed Tuesday, despite an earlier report they would reopen. On Facebook, Louisiana State Po…

Out of Season IRS Phishing Campaigns (Akamai) Over the past two months, Akamai’s threat research team has been closely monitoring a phishing campaign that impersonates the official Internal Revenue Service (IRS) website, and is requesting sensitive information, email addresses, and passwords.

Retailers brace for Black Friday cybersecurity onslaught (TechHQ) With Alibaba to haul US$38.4 billion in sales on Singles' Day this year, Black Friday is the next highly-anticipated shopping holiday of the year.

Unauthorized download contained virus that crippled La. government internet services, sources say (KPLC TV) An apparent “ransom” attack crippled much of Louisiana state government Monday, Nov. 18.

Ransomware attack that crippled state computer systems lingers into second day (Fox 8 Live) The problem could take several days to resolve

College Station says online utility payment system affected in data breach (KBTX) The city of College Station is warning utility customers about a potential data breach.

Flexera FlexNet Publisher (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Flexera Equipment: FlexNet Publisher Vulnerabilities: Improper Input Validation, Memory Corruption 2. RISK EVALUATION These vulnerabilities could allow an attacker to deny the acquisition of a valid license for legal use of the product. The memory corruption vulnerability could allow remote code execution.

Hackers Targeted At Least Two Portland-Area Middle Eastern Restaurants (Eater Portland) Over the weekend, hackers replaced the voicemails for both John Gorham’s Shalom Y’all and a Beaverton gyro restaurant, using hate speech and vitriolic language

Twitter accuses Conservatives of 'misleading' voters by posing as fact-checking account during election debate (The Telegraph) Twitter has accused the Conservative Party of "misleading" British voters and vowed to punish it in future after its social media team changed its Twitter branding to resemble independent fact-checkers during ITV's election debate.

Twitter says Conservatives misled public, minister says voters 'don't give a toss' (Reuters) Twitter accused Britain's ruling Conservative Party on Wednesday of mislead...

Report: Genuine HR emails trigger suspicions after accidentally using common phishing tricks (SC Magazine) What happens when people receive an actual, legitimate email that accidentally looks like a phishing scam?

Hackers hit Aberdeen City Council computer system 15 million times in last year (Press and Journal) Hackers have tried to gain illegal access to Aberdeen City Council’s computer system more than 15 million times in the last year, according to new figures.

Why you shouldn’t print your boarding pass (NewsComAu) At a time when it seems like nothing online is safe – especially when it comes to travelling – an old-school, paper boarding pass might seem like the safest option.

Security Patches, Mitigations, and Software Updates

Microsoft Fixes Office 2016 Access Query Error, More Fixes Coming (BleepingComputer) Microsoft fixed a known issue occurring for Update queries in Click-2-Run and Windows Installer (MSI) editions of Access 2016, triggering errors when accessing databases and breaking functionality for various apps using Access databases.

D-Link Adds More Buggy Router Models to ‘Won’t Fix’ List (Threatpost) The list of routers that have critical RCE bugs, that have reached end of life and that won’t get fixed has grown.

Intel is Removing End of Life Drivers and BIOS Downloads (BleepingComputer) If you are user of old Intel hardware, be sure to create a backup of your drivers or BIOS updates as Intel will no longer make them available for download once they reach end of life.

Cyber Trends

Third-Party Access 2019 Global Survey Results (One Identity) Read results from a full report to learn organizations’ effectiveness in managing third-party access

Mimecast Threat Intelligence Report: Risk & Resilience Insights (Mimecast) In its latest report, the Mimecast Threat Center identifies trends that emerge from attacks, and assesses the likely future trends based on billions of emails processed this period.

Survey shows cyber attacks on public sector on the rise (UKAuthority) A majority of senior IT people in the public sector have seen an increase in the number of cyber security incidents over the past two years, according to a new survey.

82% of SMB execs expect employees to put business devices at risk with holiday shopping (TechRepublic) Nearly half of executives surveyed don't believe their employees would be able to spot a bad actor posing as an online retailer, Zix-AppRiver found.


Huawei back in New Zealand's 5G plans despite security concerns (Nikkei Asian Review) Country's No. 2 carrier addresses unease with smaller role for Chinese supplier

Abnormal Security Launches with $24M Series A Funding from Greylock to Protect Enterprises from Targeted Email Attacks (BusinessWire) Abnormal Security today announced the launch of the company with $24M in Series A funding led by Greylock Partners and the general availability of its

CyberCube Secures $35mn in Series B Raise to Accelerate Market-leading Cyber Risk Analytics for the Insurance Industry (BusinessWire) CyberCube Analytics, the market-leading cyber risk analytics company for the insurance sector, today announced that it has secured Series B funding.

Clumio raises $135 million for cloud data backup and recovery tools (VentureBeat) Data backup and recovery software-as-a-service (SaaS) provider Clumio raised $135 million in a series C fundraising round.

Jacobs records $216M DOD cyber training support win (Washington Technology) Jacobs Engineering Group books a $216 million contract to help roll out new training initiatives for a Defense Department cybersecurity academy.

Menlo Security Launches New BOOST! Channel Program and Expands Channel Team in North America (Menlo Security) Menlo Security, a leader in cloud security, today announced the launch of its BOOST! Channel Program.

Graphcore and Microsoft announce new AI partnership (Business Leader) Bristol-based unicorn business Graphcore has announced a new partnership with global tech brand Microsoft, which will see the two companies work together on new artificial intelligence (AI) technologies.

Kaspersky to store data of US and Canada customers in Switzerland (SecurityBrief) The company will also open its first Transparency Center in Latin America in Sao Paulo in January 2020.

Antivirus vendors and non-profits join to form 'Coalition Against Stalkerware' (ZDNet) New cross-industry initiative forms to bring an end to commodity stalkerware apps and victim abuse.

Products, Services, and Solutions

Arctic Wolf Introduces Account Takeover Risk Detection (Arctic Wolf) SOC-as-a-Service Leader Augments Portfolio with Corporate Credential Exposure Detection.

IBM Launches Open Technology to Speed Response to Cyber Threats Across Clouds (IBM News Room) Industry-first capability to hunt threats across security tools and clouds without moving data.

NINJIO SMB Will Protect Today's Most Vulnerable Businesses From Cyberattacks (NINJIO) Cybersecurity company offers affordable security awareness training for small businesses, as hackers increasingly target organizations with less than 100 employees.

Sixgill Launches Integrity, The Blockchain Data Authenticity Solution (BusinessWire) Sixgill, a leader in data automation and authenticity, announced the commercial launch of Sixgill Integrity for blockchain-enforced data authenticity.

ForgeRock Simplifies Identity Management with Launch of ForgeRock Identity Cloud (West) Delivers the Most Comprehensive Approach for Hybrid Cloud Deployments, Empowering Safe and Simple Access to the Connected World

First Responder Service from Respond Software | MDR Service (Respond Software) Respond Software announces the launch of its First Responder Service to automate the speed and accuracy of MDR service at a fraction of cost. Learn more.

Corelight Expands Threat Hunting Capabilities with New Encrypted Traffic Insights (PR Newswire) Corelight, provider of the most powerful network traffic analysis (NTA) solutions for cybersecurity, today launched the Corelight Encrypted...

CyberSaint Releases New Governance Features that Empower CISOs to Communicate Real-Time, Global Cybersecurity Posture in the Boardroom (BusinessWire) CyberSaint Governance Dashboard empowers CISOs to communicate real-time, global cybersecurity risk and compliance in the boardroom

Qualys Brings its Market Leading Vulnerability Management Solution to the Next Level (Qualys) Introducing VMDR - Vulnerability Management, Detection and Response VMDR delivers a continuous cycle of protection from a single pane of glass with built-in orchestration workflows and real-time vulnerability detection to prioritize, remediate and audit across hybrid IT environments

New SaltStack SecOps Products Automate Vulnerability Remediation and Continuous Security Compliance (SaltStack) New SaltStack SecOps products automate vulnerability remediation and continuous security compliance - New SaltStack Protect and SaltStack Comply for SecOps

Facebook gets into the meme-making biz with experimental Whale app (The Verge) Facebook experiments as TikTok grows

Tanium taps the ‘cranium strain’ in security & IT Ops (Computer Weekly) We know that the software application development (Dev) function has been struggling for some years to overcome its previous disconnects with the operations (Ops) function. The coming together of ...

Fingerprints - Fingerprint Cards unveils new slim side-mounted capacitive sensor for mobile devices (Fingerprints) Expands capacitive portfolio, enabling innovation of smartphone design while improving user experience

ImmuniWeb New Offering Attains Record Growth in the Global Application Security Market (West) Novel offering of Attack Surface Management and Dark Web Monitoring gained clients and partners from 32 countries in just 2 months, while Community offering surpassed 50,000 daily tests mark.

Technologies, Techniques, and Standards

Ransomware: This free tool decrypts 85 variants of the horror-tinged Jigsaw malware (ZDNet) Decryption tool tackles open-source versions of high-pressure malware.

Africa is lagging behind in digital security as cyber crimes rap continent (PML Daily) The Uganda Communications Commission (UCC) in partnership with the International Telecommunications Union (ITU) is hosting the Regional Cyber Drill for Africa in Kampala.

Microsoft joins Google and Mozilla in adopting DNS over HTTPS data security protocol (The Register) Some concerned it hands too much power to too few

Australian Government Releases First Version of IoT Code of Practice (Analytics Insight) The government of Australia has released the first version of its IoT Code of practice. This voluntary code is aimed at the IoT industry. It outlines 13 security principles that represent the standards for IoT devices that are needed to follow by device manufacturers, IoT service providers, and application developers.

Practical Tips Leaders Can Use to Build a Culture of Cybersecurity (Security Boulevard) Organizations must build a culture of cybersecurity to reduce the risk that human interaction can bring and cannot be mitigated through technical solutions.

What’s old is new: Why known threats still pose a significant threat (and how to thwart them) (ITProPortal) The cybersecurity industry is woefully unprepared for new and unknown threats, but still can't handle existing threats.

Draft Code of Practice: Securing the Internet of Things for Consumers (Australian Government) The draft Code of Practice: Securing the Internet of Things for Consumers (Code of Practice) represents the Australian Government’s best practice guidance to secure consumer Internet of Things (IoT) devices.

Managing Risk From Transport Layer Security Inspection (National Security Agency) To protect enterprise data and intellectual property, network security administrators enforce encryption policies to secure traffic to and from their networks...

NSA Publishes Advisory Addressing Encrypted Traffic Inspection Risks (BleepingComputer) The National Security Agency (NSA) published an advisory that addresses the risks behind Transport Layer Security Inspection (TLSI) and provides mitigation measures for weakened security in organizations that use TLSI products.

NSA warns enterprises over TLS traffic inspection risks: do it once, and do it well (CSO) US spy agency issues an alert to enterprise organizations that decrypt TLS-protected communications as part of the security strategy.

2020 cybersecurity – putting the house in order (TechRadar) After the year of the cyber mega-fines

Legislation, Policy, and Regulation

Hawley Introduces Security Bill Addressing Data, Privacy Concerns (The Epoch Times) A bill (pdf) to fight the flow of Americans' sensitive personal data to China and other countries that ...

Senate Democrats urge DHS to fund cyber threat information-sharing programs (TheHill) A group of three Senate Democrats is urging the Department of Homeland Security’s (DHS) cyber agency to help fund cybersecurity threat information-sharing centers involved in election security efforts.

State Department asked to probe top diplomats’ use of personal cell phones (NBC News) Sen. Robert Menendez says diplomats should be punished if they used unsecure devices to conduct "sensitive national security business.”

US military, Montenegro plot strategy against cyberattacks ahead of 2020 elections (Military Times) Deployed inside the sprawling communist-era army command headquarters in Montenegro’s capital, an elite team of U.S. military cyber experts are plotting strategy in a fight against potential Russian and other cyberattacks ahead of the 2020 American and Montenegrin elections.

Estonia Will Host One of the World's Largest Cyber Defense Exercises (Sofia News Agency) Estonia will host one of the world's largest cyber defense exercises in a month. This was announced by NATO Secretary General Jens Stoltenberg after meeting with Estonian President Kersti Kaljulaid.

Loose Lips Sink Democracies? (Foreign Policy) Russia has started using the West’s own reporting against it. Here’s how to respond.

New obligations under the Slovak Cyber Security Act | Lexology (Lexology) The Slovak Cyber Security Act (Act No. 69/2018 Coll., the "Act") defines the minimum requirements to ensure cyber security in Slovakia…

Commerce Gives Rural Telecoms More Time With Huawei (Yahoo News) The U.S. Commerce Department's Bureau of Industry and Security (BIS) on Nov. 18 extended a temporary general license 90 days to give mostly rural telecommunication services providers more time to continue their existing business deals with Huawei Technologies Co. Ltd.

Indiana Secretary of State Connie Lawson and FireEye Partner in Preparation for 2020 U.S. Election (Business Wire) FireEye and Indiana Secretary of State Connie Lawson partner to establish voter confidence in 2020 election and beyond.

Litigation, Investigation, and Law Enforcement

India says law permits agencies to snoop on citizen’s devices (TechCrunch) The Indian government said on Tuesday that it is “empowered” to intercept, monitor, or decrypt any digital communication “generated, transmitted, received, or stored” on a citizen’s device in the country in the interest of national security or to maintain friendly relations with foreign state…

Police can keep Ring camera video forever and share with whomever they’d like, Amazon tells senator (Washington Post) “The lack of privacy and civil rights protections for innocent residents is nothing short of chilling,” Sen. Edward J. Markey said.

Google, Facebook, Amazon and Apple offer defense in congressional antitrust probe (Reuters) Four top U.S. tech companies, Alphabet's Google, Facebook, and A...

Class Action Critic Ted Frank Objects to $1.4B Equifax Data Breach Settlement (Daily Report) Frank, director of the Center for Class Action Fairness at the Hamilton Lincoln Law Institute, wrote in a Tuesday filing that the deal unfairly compensates some customers over others and awards excessive fees to plaintiffs’ attorneys.

20-year-old Chicago man charged with writing code to spread ISIS propaganda (CyberScoop) U.S. authorities have arrested a 20-year-old Chicago man for allegedly writing computer code to help the Islamic State terrorist group spread propaganda.

US student was allegedly building a custom Gentoo Linux distro for ISIS (ZDNet) Chicago student now faces up to 20 years in prison if found guilty.

Uber safety policies were 'inadequate', says watchdog investigating self-driving car death (The Telegraph) Uber's "inadequate" safety policies was a factor leading to one of its cars killing a woman in Tempe, Arizona, last year, a US watchdog has said.

Brooklyn ICO Promoter Sentenced to 18 Months in Federal Prison (CoinDesk) The fraudster used diamonds and real estate to whisk away $300,000 in other people's money in 2017.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

CyberCon 2020 (Bismarck, North Dakota, USA, October 6 - 7, 2020) Our vision for this annual event is “to bring awareness of Cyber Security through collaboration and education” and for 2020, we will again focus on the critically important roles that both cyber security...

Upcoming Events

CyberCon 2019 (Anaheim, California, USA, November 19 - 20, 2019) CyberCon 2019 targets executives, leaders and decision makers from the power and utilities and cybersecurity industries, including CEOs, CFOs, COOs, CSOs and CISOs, as well as national security advisors,...

CyberCon (Anaheim, California, USA, November 19 - 21, 2019) CyberCon is a solutions-based cybersecurity conference connecting executives and decisions makers in the power and utilities sector to cybersecurity experts and industry specific solutions. By attending,...

Infosecurity and ISACA North America Expo and Conference (New York, New York, USA, November 20 - 21, 2019) In November 2019, Infosecurity North America and ISACA will align in the field of security, cybersecurity and risk management to create an incredible experience for attendees in programming, solutions...

PCI SSC 2019 Asia-Pacific Community Meeting (Melbourne, Australia, November 20 - 21, 2019) The PCI Security Standards Council’s 2019 Asia-Pacific Community Meeting is the place to be. We will provide you with the information and tools to help secure payment data. We lead a global, cross-industry...

Cyber Security X Atlanta (Atlanta, Georgia, USA, November 20 - 21, 2019) Cyber Security X Atlanta is part of the fastest growing cyber security event series, providing events that uniquely cover the entire security landscape. The event will offer invaluable security insight...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.