skip navigation

More signal. Less noise.

How to Build a Security Operations Center (SOC) on a Budget

Get an in-depth look at how organizations with limited resources can set up a successful operations center for monitoring, detecting, containing, and remediating IT threats across applications, devices, systems, networks, and locations. Get all 5 Chapters in 1 eBook. Download your free copy now.

Daily briefing.

The oligarch behind the Internet Research Agency that worked its influence mischief from St. Petersburg has come under new sanctions imposed by the US Treasury Department. Yevgeniy Prigozhin has been sanctioned before, but this time his yachts and private jets are specifically named. He may find it difficult to ride them into non-Russian ports-of-call, Fifth Domain notes. Mr. Prigozhin is variously described as "founder," "financier," or "owner" of the troll farm.

There are also purely criminal use cases for disinformation, as a Recorded Future study concludes. Much of it takes the form of meretricious and dishonest advertising and apple-polishing, and there's enough demand to sustain a disinformation-as-a-service market. Bulk social media campaigns are prominent offerings.

An internal EU policy document from the European Commission’s Directorate-General for Communications Networks, Content and Technology has leaked, and shows the EU as being of two minds with respect to foreign technology. It wants Chinese and US tech, but it fears them as well. The leaked document recommends an urgent “initiative for technological sovereignty," Bloomberg reports.

Among the many observations on trends out today is one from Emsisoft: more than six-hundred government entities in the US, mostly state and local organizations, have been hit with ransomware this year, and Emsisoft thinks it's going to get worse. Politico grouses that legislators are either out of ideas or indisposed to act, and a Help Net Security op-ed argues for collective defense as local government's best option.

NSA has launched its new Cybersecurity Directorate, the Washington Post reports.


Today's issue includes events affecting Australia, China, European Union, France, Iran, NATO/OTAN, New Zealand, Russia, Saudi Arabia, Turkey, United Kingdom, United States, Venezuela, and Zimbabwe.

Bring your own context.

As cyberattacks become more consequential, and more destructive, there are lessons to be learned from incident response in other sectors.

"We don't have to recreate what to do here. The incident command system was first developed by a guy named Alex Brunacini and Phoenix Fire Department, where he was trying to figure out how to deal with wildfires that were occurring in Phoenix and the surrounding areas where you'd have to coordinate response amongst all kinds of different fire departments. So he built this thing called the Incident Command System, and it's a method to make decisions and understand an organizational hierarchy when you have to put a hierarchy together all at once in a hurry. Well, interestingly enough, in a large-scale incident in a company, you have the same problem because you can't rely on the structure of the company to respond to that incident. The CEO is on a plane for the next 12 hours. The next person in charge doesn't know anything about cybersecurity. And three of the other executives you can't get a hold of because all your systems are down, so you've got to have a way to respond where you're responding, in a lot of ways, from the bottom up with people that are specially trained in how to do this. And I think as companies realize more and more that this is a business recovery type of incident, we're starting to see those tools that come from the realms of incident response or the military and get re-translated into cybersecurity. And again, the good news is we don't have to reinvent how to do this. We just have to translate it into cybersecurity."

—Caleb Barlow, CEO and president of Cynergistek, on the CyberWire Daily Podcast, 9.27.19.

So take a tip from the fire brigade, CISOs.

What if your security strategy added zeros to your bottom line?

Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.

In today's Daily Podcast, out later this afternoon, we speak with our partners at the Johns Hopkins University's Information Security Institute, as Joe Carrigan discusses the implications of Microsoft's no longer trusting built-in encryption on hard drives. Carole Theriault speaks with Simon Rodway from Entersekt about Facebook’s Libra, and how it might affect traditional banks.

Second Annual DataTribe Challenge (Online, October 1, 2019) Register now for a chance to be DataTribe's next world-class company. Finalists will split a $20,000 prize, and the winner may receive $2m in funding from DataTribe. Contestants have until October 1st to apply at­.

Cyber Security Summits: October 3 in NYC and October 17 in Scottsdale (New York City, New York, United States, October 3, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The U.S. Department of Justice, The FBI, Google, IBM, Darktrace, Center for Internet Security and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Your full day’s attendance will earn you 6 CEUs. Passes are limited, secure yours today:

The 6th Annual Journal of Law and Cyber Warfare Symposium (New York, NY, United States, October 17, 2019) The 6th Annual Cyber Warfare Symposium features discussions around emerging cybersecurity issues, focusing on cyber warfare and how companies can respond to cyber-attacks. Use discount code CyberWire50 for 50% off. Email for a chance to receive a complimentary ticket.

NXTWORK 2019 (Las Vegas, Nevada, United States, November 11 - 13, 2019) Join us at NXTWORK 2019 to learn, share, and collaborate with GameChangers from companies across the networking industry. This year’s event features keynotes from Juniper executives, as well as special guest speaker Earvin “Magic” Johnson, along with 40+ breakouts and master classes led by Distinguished Engineers, as well as various opportunities for certification testing and training.

Cyber Attacks, Threats, and Vulnerabilities

Comodo Forums Breached, Data of Over 170,000 Users Up for Grabs (BleepingComputer) Account data belonging to more than half of all Comodo Forums users has been stolen and is now traded online. The breach was possible by exploiting a vulnerability in the software that powers the forum.

Fighting Russian Disinformation (Foreign Policy) Brookings scholar Alina Polyakova on why the United States needs to go on the offense.

Checkm8: 5 Things You Should Know About The New iOS Boot ROM Exploit (SentinelOne) Is your iOS device vulnerable to checkm8 vulnerability? What should you do if it is? Can malware defeat iPhone, iPad & Apple Watch security? Find out here.

The Price of Influence: Disinformation in the Private Sector (Recorded Future) Insikt Group analyzed threat actors offering disinformation as a service on underground forums to understand how disinformation is used by cybercriminals.

Cequence Security Discovers Vulnerability in Leading Web Conferencing Platforms (BusinessWire) Cequence Security Discovers Vulnerability in Leading Web Conferencing Platforms; Prying-Eye vulnerability potentially exposes millions to snooping

GhostCat-3PC: Malware Targets Well-Known Publishers and Slips Through Their Blockers (The Media Trust) The Media Trust discovers new, dynamic malware that targets specific publications.

Warning over Divergent/Nodersok malware that turns PCs into cyber crime accomplices (Computing) The fileless malware identified by Microsoft and Cisco Talos has already infected thousands of PCs across the US and Europe

Smominru Botnet Indiscriminately Hacked Over 90,000 Computers Just Last Month | National Cyber Security | Hacker News (National Cyber Security) World Largest Source Of Security News.

Magecart hits again, leveraging compromised sites and newly registered domains (Zscaler) Zscaler ThreatLabZ researchers monitored Magecart skimming activity over 90 days, analyzing its behavior, PII and credential theft, and payment card skimming using compromised websites and newly registered domains to host skimmer scripts.

Vulnerability Summary for the Week of September 23, 2019 (CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Social media manipulation as a political tool is spreading (Naked Security) Researchers say ‘cyber troops’ in 70 countries are using it to automate suppression, mount smear campaigns, or spread disinformation.

Checkm8 jailbreak and AltStore put cracks in Apple’s walled garden (Naked Security) People are taking different tacks to get around Apple’s tightly controlled phone rules.

Capital One beach: How about a cessation of misconfigurations? (SC Magaine) Capital One's breach isn't a cloud-specific issue, but rather one based on a mundane and common but mission-critical security challenge facing IT and security teams

Airbus Says Taking 'Appropriate Measures' Against Hackers (SecurityWeek) Airbus played down the risk of cyberattacks and said it had "appropriate measures" to mitigate any danger after an AFP investigation revealed a series of hacking incidents targeting the European aerospace giant.

Legit-Looking iPhone Lightning Cables That Hack You Will Be Mass Produced and Sold (Vice) Their creation has been successfully fully outsourced to a factory, the security researcher behind the cables said.

Porn ‘Cyberattack’ Hits Major Sportswear Brand—In Public (Forbes) A new twist on the usual porn-related cyberattacks.

Victorian hospitals lock down IT systems after ransomware attack (ABC News) The Victorian Government investigates the scale of a ransomware attack by sophisticated cyber criminals on some of the state's major regional hospitals.

Rheinmetall Investigating Malware Attack at Three Plants (BankInfo Security) An unspecified malware attack against the IT systems of Rheinmetall's automotive division in Brazil, Mexico and the U.S. is costing the company an estimated $4

Security Patches, Mitigations, and Software Updates

Outlook on the web bans a further 38 file types (Naked Security) Microsoft is about to put another 38 file extensions on its ‘too risky to receive’ blocklist.

Critical Remote Code Execution Vulnerability Patched in Exim Email Server (SecurityWeek) A Critical vulnerability in the popular open-source email server Exim could allow an attacker to execute code remotely on a vulnerable server.

Apple Releases iOS 13.1.2 and iPadOS 13.1.2 with Fixes for Camera, iCloud Backup, HomePod Shortcut, and Flashlight Bugs (Mac Rumors) Apple today released iOS and iPadOS 13.1.2, updates to the iOS and iPadOS 13.1.1 software that was released on Friday. The iOS and iPadOS 13.1.2...

Cyber Trends

5 Network Security Takeaways from the 2019 Threatscape Report (Bricata) The new threatscape report by Accenture iDefense highlights five factors shaping the cyberthreat landscape – and we reviewed it to surface those most related to network security.

Bitglass Fortune 500 Cybersecurity Report: Leading Companies Failing to Demonstrate Commitment to Cybersecurity (BusinessWire) Bitglass releases findings from its latest report analyzing cybersecurity initiatives among the Fortune 500

Threat Hunting Report Finds Increase in eCrime (CrowdStrike) The Falcon OverWatch report is filled with compelling stories that provide insight into the threat landscape and adversary tactics used during the first half of 2019.

2019 Mid-Year Observations From the Front Lines (CrowdStrike) Download the Falcon OverWatch team's annual report to get unique insights into the state-sponsored and criminal campaigns the team has faced in 2019.

Hacked Off! 2019 (Bitdefender) Introducing Bitdefender Hacked Off! A comprehensive study into the cybersecurity attitudes of infosecurity professionals around the world

More than 600 US government entities hit with ransomware so far this year - and it's only going to get worse (Computing) Emisoft warning over rising ransomware epidemic that has overwhelmed public sector organisations, school districts and healthcare providers

Rogue fears rise inside corporations as hacks evolve into 'home invasions' (CNBC) Hacks like the Capital One data breach — confirmed to be the work of an Amazon employee who took advantage of cloud services technology — has increased corporate fears about cybersecurity risks posed by rogue employees, and even rogue vendors.


Kenna Security Raises $48 Million to Revolutionize the Risk-Based Vulnerability Management Market (West) Sorenson Capital and Citi Ventures Join Existing Investors in New Funding Round

KnowBe4 Acquires Twist and Shout Group to Enhance High-Quality Video Production Capabilities (PR Newswire) KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, today...

PC Matic Announces Consolidation With Its Parent Company, PC Pitstop (PR Newswire) Today, PC Matic, the world's only 100% American-made antivirus software, announced strategic consolidation...

DivvyCloud Expands to New Corporate HQs in Arlington, VA With Plans to Double Workforce Over Next Year (BusinessWire) DivvyCloud announces the opening of their new corporate HQ in Arlington, Virginia.

Generali Global Assistance Combats Cyber Identity Theft through Partnership with the National Cyber Security Alliance (PR Newswire) Generali Global Assistance (the Company), a leader in the assistance industry since its founding in 1983, and the...

Products, Services, and Solutions

Plixer announces support for multi-vendor SD-WAN visibility (Yahoo) Plixer, the company that enables security and network teams to effectively collaborate and solve real-world challenges, today announces multi-vendor SD-WAN visibility available within its network and security intelligence platform, Scrutinizer. Supported vendors include VMware SD-WAN by VeloCloud, and

ExpressVPN will now come preinstalled on select HP PCs (Techaeris) The preinstallation will include 30-days of free service from ExpressVPN and the service will come on only certain HP PCs.

Q6 Cyber Partners with Anomali to Deliver E-Crime Intelligence Via Anomali ThreatStream (PR Newswire) Q6 Cyber, a leading provider of e-crime intelligence, and Anomali, a leading provider of intelligence-driven...

Interest Grows in BIO-key’s Multifactor Biometric Election Security Capabilities as Additional Florida Counties Adopt the Solution (West) BIO-key International, Inc. (NASDAQ: BKYI), an innovative provider of biometric authentication and security solutions, today announced two additional County Election Boards in Florida have selected BIO-key solutions to enhance the security of their identification and authentication process for staff members and volunteers involved in managing the voting process. The Election Boards are acting to enhance security for the upcoming 2019 regional elections and the 2020 presidential election.

Titan IC to Accelerate Pattern and String Matching on Mellanox’s New BlueField®-2 I/O Processing Unit (IPU) Device (BusinessWire) Titan IC to Accelerate Pattern and String Matching on Mellanox’s New BlueField®-2 I/O Processing Unit (IPU) Device

ImageWare® Systems Launches Biometric Authentication System for macOS (West) Desktop and laptop macOS users will now have access to frictionless, anti-spoofing biometric authentication

Government Technology Agency Launches Vulnerability Disclosure Programme with HackerOne Following Successful Bug Bounty Programmes (BusinessWire) HackerOne, the number one hacker-powered pentesting and bug bounty platform, Singapore’s Government Technology Agency (GovTech) and Cyber Security Age

ERP Maestro Launches Free Prevention and Training Guide and Toolkit for Insider Cyber Risks (PR Newswire) ERP Maestro, provider of automated and cloud-based controls for access, security and GRC, announced today that...

Zscaler Cloud Security, CrowdStrike Endpoint Protection Partner (MSSP Alert) Zscaler integrates its cloud security platform with the CrowdStrike Threat Graph breach prevention engine to deliver threat detection for joint customers.

Technologies, Techniques, and Standards

Cyber Storm 2020 could be DHS's most rigorous drill for critical infrastructure yet (CyberScoop) Every two years, the Department of Homeland Security hosts a large-scale exercise to test critical infrastructure companies’  ability to respond to a disruptive, hypothetical cyberattack.

Ransomware attacks against small towns require collective defense (Help Net Security) There is a war hitting small-town America. Hackers are not only on our shores, but they’re in our water districts, in our regional hospitals, and in our

What’s the latest on multi domain command and control? (Defense News) The Air Force's chief of staff sits down with Valerie Insinna to talk one of his top priorities.

IBM outlines why the 'boom' moment is key to better security (Security Brief) “Often I’m talking with people on the worst day of their business’ life.

Design and Innovation

BlackBerry's new lab wants to add more machine learning to security (ZDNet) New unit will focus on research and development in security technologies.

Facebook to Create Fact-Checking Exemptions for Opinion and Satire (Wall Street Journal) Facebook plans to allow opinion pieces and satire to be exempted from its fact-checking program, according to people familiar with the matter, as the social-media giant grapples with how to stop the spread of falsehoods while maintaining its own neutrality.

Is the era of social media Likes over? (Naked Security) Instagram’s testing a program to hide the Likes that have created a toxic cyberbullying environment. Now, Facebook is as well.

YouTube moderation bots punish videos tagged as "gay" or "lesbian," study finds (The Verge) A YouTube spokesperson states this isn’t the case.

Reddit has broadened its anti-harassment rules and banned a major incel forum (The Verge) Reddit says the "narrowness" of its old rules was a problem.

Twitter Is OK With A Pro-Trump Militia's Tweets About A "Full-Blown 'Hot' Civil War" (BuzzFeed News) When is promoting violent extremism not promoting violent extremism? When Twitter says so.

Research and Development

A Big Question About Prime Numbers Gets a Partial Answer (Wired) The twin primes conjecture has bedeviled mathematicians for more than a century. Now there's a solution for one version of it.


Teen Hackers Try to Convince Parents They Are Up to Good (Wall Street Journal) Teenagers across the country are forming hack clubs and trying to spread the word that hacking doesn’t always mean breaking into government servers or stealing bank data. Convincing teachers and parents of that isn’t always easy.

Legislation, Policy, and Regulation

Cyber eliminates distinction between war and peace (SC Magazine) "I feel I am now at war" says General Sir Nick Carter, UK chief of defence staff, as UK ups investement in offensive cyber-capabilities and Nato says ""Cyber-attack on one NATO state is an attack on all"

The New Cold War in Cyberspace (CIOReview) The New Cold War in Cyberspace By Liza Massey, CIO, County of Marin - During my 30+ years in the IT industry, most spent as a tech executive, I have watched with fascination and irritation the arms...

Maduro's cyber troops control the Internet (TheBL.Com) Maduro's cyber troops control the Internet A study reveals that Venezuela is among the main countries that manipulate th

Huawei Scores Major New Victory Against Trump’s Blacklist (Forbes) As the media storm over the Mate 30 launch settles down, Huawei has quietly won a major blacklist victory over the U.S.

Europe Overly Dependent on Outside Technology, EU Memo Warns (Bloomberg) Urgent steps proposed to attain ‘technological sovereignty. Briefing book may reflect direction under von der Leyen.

France’s new cyber defense ‘conductor’ talks retaliation, protecting industry (Fifth Domain) Maj. Gen. Didier Tisseyre is France’s new cyber defense force commander — the “conductor” of an orchestra made up of military officials and the domestic defense industry, as he puts it.

The primary use of mobile money in Zimbabwe has been shut down by the central bank (Quartz Africa) The disabling of cash-in and cash-out options on the mobile money menus of the Zimbabwean operators has drawn heavy criticism for the governmen

NSA launches new cyber defense directorate (Washington Post) Its focus is on classified and defense-company networks, but some hope it can better partner with DHS to shield critical private-sector systems.

U.S. online privacy rules unlikely this year, hurting big tech (Reuters) A U.S. online privacy bill is not likely to come before Congress this year, thre...

Washington idle as ransomware ravages cities big and small (POLITICO) Lawmakers have offered few ideas on how to respond to the wave of ransom-seeking cyberattacks that have struck at least 80 state and local government agencies.

New York’s Smart IDs Are the Latest Mass Surveillance Nightmare (The Daily Beast) With a chip that can track your every move, New York’s city-issued ID cards are about to take a seriously dystopian turn.

Indiana Putting $10 Million Toward Election Security (Government Technology) One in 10 direct recording electronic voting machines will have a small black box attached that will let voters see a printout of ballots, providing a paper trail that can be used in post-election audits.

Litigation, Investigation, and Law Enforcement

Iran sentences man to death for spying for the CIA (Reuters) Iranian courts have sentenced one person to death for spying for the CIA and jai...

Opinion | What happened on the way to Khashoggi’s horrifying final seconds? (Washington Post) This is a murder story that hasn’t died for a simple reason.

Saudis are still covering up Jamal Khashoggi’s murder, claims Erdogan (Times) The men who killed the journalist Jamal Khashoggi are still enjoying their freedom thanks to Saudi Arabia’s “shadow state-within-a-state”, President Erdogan said yesterday. The Turkish leader...

House Subpoenas Giuliani, Trump’s Lawyer, for Ukraine Records (New York Times) Rudolph W. Giuliani is at the center of an alleged pressure campaign to enlist Ukraine’s help in investigating the president’s political rivals.

Pompeo was on Trump call with Ukrainian President (CNN) Secretary of State Mike Pompeo was on the July 25 phone call between President Donald Trump and Ukrainian President Volodymyr Zelensky that has come under scrutiny following last week's release of a whistleblower complaint dealing, in part, with circumstances surrounding that conversation, a source familiar told CNN.

Barr personally asked foreign officials to aid inquiry into CIA, FBI activities in 2016 (Washington Post) The attorney general has made face-to-face overtures to British and Italian officials as part of the effort, people familiar with the matter say.

The Extra-Secret White House Computer System, Explained (New York Times) A whistle-blower said advisers improperly restricted access to a record of President Trump’s Ukraine call. Here is how that storage system works.

Analysis | The Cybersecurity 202: Trump’s embrace of conspiracy theories could endanger 2020 (Washington Post) Voters may lose confidence in the safety of their ballots.

Probe continuing on Clinton emails (Arkansas Online) The State Department is continuing an investigation of email use among employees who worked for Hillary Clinton, former secretary of state, asking scores of current and former officials to submit to questioning by the bureau overseeing diplomatic security, former officials said Sunday.

Northern California Resident Charged with Acting as an Illegal Agent (US Department of Justice) The Department of Justice unsealed charges today in a criminal complaint charging Xuehua Peng, also known as Edward Peng, 56, for acting as an illegal foreign agent in delivering classified United States national security information to officials of the People’s Republic of China’s Ministry of State Security (MSS).

A San Francisco tour guide was accused of spying for China (Quartz) It's the first reported arrest stemming from a four-year FBI operation.

US Treasury goes after the planes and yacht of Russia's troll farm founder (ZDNet) US Treasury takes new approach to imposing sanctions on IRA's owner.

Here’s who got hit with new election interference sanctions (Fifth Domain) All U.S. residents are barred from possessing or engaging in transactions with the identified assets.

Edward Snowden claims private contractors responsible for US intelligence’s 'creeping authoritarianism' (The Independent) Russia-based whistleblower promoting new memoir

The Internet Is Overrun With Images of Child Sexual Abuse. What Went Wrong? (New York Times) Online predators create and share the illegal material, which is increasingly cloaked by technology. Tech companies, the government and the authorities are no match.

Engineer admits hacking Yahoo accounts searching for images (Washington Post) A former Yahoo software engineer has pleaded guilty to hacking into the accounts of some 6,000 Yahoo users in search of sexual photos and videos

Qld vulnerable to cyber attack: audit ( A Queensland government audit has found the state's cyber security systems could be vulnerable to attack.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Detect '19 (National Harbor, Maryland, USA, September 29 - October 2, 2019) Insights from compelling customer presentations highlighting real-world threat intelligence big data issues. Threat intelligence data is a valuable asset for security teams who unlock the value it contains.

Defend Your Organization: Cybersecurity in Manufacturing Conference (Boston, Massachusetts, USA, October 1 - 2, 2019) The manufacturing industry is one of the most heavily targeted industries for cyberattacks. As manufacturers undertake digital transformations, vulnerability to attacks increase. Hear from expert speakers...

SecureWorld Detroit (Detroit, Michigan, USA, October 1 - 2, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...

Kansas City Cybersecurity Conference (Kansas City, Missouri, USA, October 3, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Australian Cyber Conference 2019 (Melbourne, Victoria, Australia, October 7 - 9, 2019) The Australian Information Security Association (AISA) is the premier industry body for information security professionals in Australia. As a nationally recognised not-for-profit organisation, AISA champions...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.