skip navigation

More signal. Less noise.

Free ICS Webinar: Threat Intelligence Explained, Examined & Exposed

Join Dragos and the CyberWire on October 22 to hear how threat intelligence can help your organization reduce risk by improving detection, response and prevention of critical infrastructure. We’ll share real world insights from hunting some of the most sophisticated threats and cover vulnerable assets that need protection. Register today.

Daily briefing.

Turkish authorities interdict social media along the Syrian border in support of an offensive against Kurdish forces, WIRED reports.

Proofpoint has issued another report on Silent Librarian, the Iranian threat group also tracked as Cobalt Dickens and TA407. Silent Librarian, associated with Iran's Mabna Institute, targets universities through phishing campaigns that make heavy use of spoofed university brands and library-themed phishbait. The objective appears to be intellectual property theft.

North Korea's Lazarus Group has renewed its deployment of an Apple backdoor against cryptocurrency exchanges. Malwarehunter Team alerted researchers to the activity Friday; it was further examined by researcher Patrick Wardle, who sees the malware as a variant of the AppleJeus operation Kaspersky described in August. In this round the Lazarus Group is again using a front company, "JMT Trading," to upload malicious code to GitHub.

Connecticut-based shipping and postage metering company Pitney Bowes disclosed yesterday morning that it had sustained a serious ransomware attack. The company believes that customer data were not compromised, and that the consequence of the attack will be confined to service disruptions. Groupe M6, the large media company headquartered in the Parisian suburbs, also disclosed an attack over the weekend, and L'Express calls it ransomware. Groupe M6's programming continued, but some business and customer contact functions were degraded. There's no evidence so far that the attacks are connected. In neither case has the ransomware strain or a threat actor been publicly identified. The incidents give point to recent Europol and FBI warnings about the ransomware threat.


Today's issue includes events affecting Argentina, Australia, Belize, Benin, Brazil, Bulgaria, Cameroon, Chile, China, Colombia, Costa Rica, Cyprus, Dominican Republic, Ecuador, El Salvador, European Union, Finland, France, Germany, Ghana, Guatemala, Honduras, India, Iran, Iraq, Italy, Ivory Coast, Democratic Peoples Republic of Korea, Lebanon, Mexico, Morocco, Netherlands, Nicaragua, Nigeria, Panama, Paraguay, Peru, Russia, Saudi Arabia, Singapore, Syria, Turkey, Ukraine, United Kingdom, United States, and Uruguay.

Bring your own context.

Testing isn't trivial.

"Absolutely, and that's exactly the reason - that normally, what happens is - and we develop things that are developed with rigor and with all good intentions by researchers and practitioners, but usually, we test them on small-scale things in the lab or in an experimental setting. And then when they are deployed in real-world infrastructures, they don't always scale. I'm not saying that they never scale. They don't always scale, and that's why we need to think about as to how we might be able to do this."

—Awais Rashid, professor of cybersecurity at the University of Bristol, on the CyberWire Daily Podcast, 10.11.19.

Silicon Valley calls it failure to scale. Hegel called it the arrogance of the understanding.

Try cloud-native network detection and response for free!

ExtraHop Reveal(x) Cloud is SaaS-based NDR for AWS, giving you complete visibility, real-time detection, and automated threat response in the cloud. Request your free 30-day trial today.

In today's Daily Podcast, out later this afternoon, we talk with our partners at the Johns Hopkins University's Information Security Institute, as Joe Carrigan responds to a listener's question about training new employees. Carole Theriault interviews Dirk Schrader from Greenbone Networks on the security of medical data.

And Recorded Future's podcast, produced in partnership with the CyberWire, is also up. In this episode, "Cybersecurity is National Security," Lauren Zabierek, director of the cybersecurity project at Harvard’s Belfer Center, joins the show to discuss her organization's role and mission.

The 6th Annual Journal of Law and Cyber Warfare Symposium (New York, NY, United States, October 17, 2019) The 6th Annual Cyber Warfare Symposium features discussions around emerging cybersecurity issues, focusing on cyber warfare and how companies can respond to cyber-attacks. Use discount code CyberWire50 for 50% off. Email for a chance to receive a complimentary ticket.

Industrial Control Systems (ICS) Cyber Security Conference (Atlanta, Georgia, United States, October 21 - 24, 2019) SecurityWeek’s ICS Cyber Security Conference is the conference where ICS users, ICS vendors, system security providers and government representatives meet to discuss the latest cyber-incidents, analyze their causes and cooperate on solutions. Since its first edition in 2002, the conference has attracted a continually rising interest as both the stakes of critical infrastructure protection and the distinctiveness of securing ICSs become increasingly apparent.

Georgetown University Programs in Cybersecurity Webinar (Online, October 29, 2019) We invite you to learn more about the Master's and Graduate Certificate in Cybersecurity Risk Management at Georgetown University. Our programs prepare you with hands-on practice developing and executing integrated strategies, policies, and safeguards to manage cybersecurity risks across an enterprise. Register for a free webinar on October 29 at noon ET to learn more.

IMAGINE, A MISI salon-style bespoke dinner event (Columbia, Maryland, United States, November 1, 2019) IMAGINE a world where more young women can see themselves in the faces of the legendary women of science & technology – and say, "Yes I can!" The event on November 1 is a fundraiser in support of the region's unique and inclusive STEM program and will be held at the DreamPort Facility in Columbia Maryland. While its focus is on the under-represented young women, young men are also included in MISI's STEM programs.

NXTWORK 2019 (Las Vegas, Nevada, United States, November 11 - 13, 2019) Join us at NXTWORK 2019 to learn, share, and collaborate with GameChangers from companies across the networking industry. This year’s event features keynotes from Juniper executives, as well as special guest speaker Earvin “Magic” Johnson, along with 40+ breakouts and master classes led by Distinguished Engineers, as well as various opportunities for certification testing and training.

Cyber Attacks, Threats, and Vulnerabilities

Russia cyber aggression fuels tensions with west (Financial Times) Experts say attacks have switched from information gathering to offensives and disruption

Q&A: Former NSA Chinese espionage expert details cyber-threats (Includes interview) (DIgital Journal) Charity Wright, former NSA Chinese espionage expert, and current threat researcher with global threat intelligence firm, IntSights, has released a new analysis on Chinese influencer campaigns. Charity shares with Digital Journal the main findings.

Turkish ISP Blocks Social Media Sites Near Syrian Border (Wired) Partially government-owned Türk Telekom restricted access to Facebook, Instagram, Twitter, and WhatsApp for about 48 hours as Turkey attacked the Kurds.

Apple Mac Hack Warning: North Korea Uses Fake Cryptocurrency Companies To Break Into macOS (Forbes) Apple Macs are under attack from cryptocurrency-loving North Korean government hackers, according to researchers.

Lazarus Group Deploying New macOS Backdoor (Decipher) The Lazarus APT group has developed another macOS backdoor that has been delivered through a fake cryptocurrency trading app.

Iran-linked APT 'Charming Kitten' adds new impersonation tactics to trick potential victims (Computing) The group, also known as APT35, is thought to have recently targeted the US presidential primary elections

Oil Refiner Reports Major IT Incident in Finland (Bloomberg) Neste Oyj, Finland’s biggest oil refiner and maker of renewable fuels, said it’s experiencing extensive failures in multiple IT systems which are affecting its refinery’s production.

Activists’ phones targeted by one of the world’s most advanced spyware apps (Ars Technica) "Pegasus," developed by Israel-based NSO Group, stalks 2 Moroccan, researchers say.

Iranian Hackers Create Credible Phishing to Steal Library Access (BleepingComputer) The Silent Librarian threat group is constantly updating its tactics and techniques, to the point of using on its login phishing pages info and alerts that is accurate and relevant to potential victims.

Threat Actor Profile: TA407, the Silent Librarian (Proofpoint) Proofpoint researchers describe recent changes in activity by the Iranian cybercrime group.

Shipping giant Pitney Bowes hit by ransomware (TechCrunch) Shipping tech giant Pitney Bowes has confirmed a cyberattack on its systems. The company said in a statement that its systems were hit by a “malware attack that encrypted information” on its systems, more commonly known as ransomware. “At this time, the company has seen no evidenc…

Pitney Bowes and Groupe M6 Hit By Ransomware (Infosecurity Magazine) US tech firm and French media giant latest victims

M6, one of France's biggest TV channels, hit by ransomware (ZDNet) Unlike The Weather Channel earlier this year, M6 remained on the air.

A close look at Fallout Exploit Kit and Raccoon Stealer (Bitdefender Labs) Over the last few months, we have seen increased Exploit Kit activity. One example is the Fallout Exploit Kit, which we will describe in depth in this article. Since its emergence in August 2018, threat actors have intensively used the Fallout Exploit Kit to... #FalloutExploitKit #RaccoonStealer

Cyber Swachhta Kendra raises alarm over ‘botnet’ malware (The New Indian Express) Netizens beware when visiting dating sites or dealing with spam emails.

Sudo Flaw Lets Linux Users Run Commands As Root Even When They're Restricted (The Hacker News) A vulnerability in Sudo, tracked as CVE-2019-14287, could allow Linux users to run commands as root user even when they're restricted.

Here's Apple's statement on Safari Fraudulent Website Warning and Tencent (iMore) Apple's statement on Safari Fraudulent Website Warning and how exactly it works.

SafeBreach catches vulnerability in controversial HP Touchpoint Analytics software (TechRepublic) After being notified on July 4, HP waited four months before releasing a security advisory.

Vulnerability found and fixed in HP bloatware (ZDNet) HP releases security update for HP Touchpoint Analytics app. Device owners advised to update.

SafeBreach Unveils the Latest Critical Vulnerability to Stop Supply-Chain Attacks (ToolBox Tech) Newly discovered supply chain attack vector on commonly-used open source hardware diagnostics systems could expose users to a major security risk.SafeBreach, the provider of Breach and Attack Simulation (BAS), recently announced that its SafeBreach Labs research team had created a critical security vulnerability in Open Hardware Monitor, a free,...

McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service - Follow The Money (McAfee Blogs) Episode 3: Follow the Money This is the third installment of the McAfee Advanced Threat Research (ATR) analysis of Sodinokibi and its connections to

Iran-Linked ‘Charming Kitten’ Adds New Spearphishing Tactics to Bag of Tricks (Threatpost) A campaign first observed last year has ramped up its attack methods and appears to be linked to activity targeting President Trump’s 2020 re-election campaign.

Iran-linked APT 'Charming Kitten' adds new impersonation tactics to trick potential victim s (Computing) The group, also known as APT35, is thought to have recently targeted the US presidential primary elections

Drupalgeddon2 flaw still being exploited (Technology Decisions) Akamai researchers have uncovered an attack campaign seeking to exploit the critical Drupalgeddon2 vulnerability that was patched in March 2018.

Majority of Simjacker Attacks Aimed at Mobile Phones in Mexico (SecurityWeek) The S@T Browser, the old technology that allows Simjacker attacks on mobile phones, is still deployed by 61 mobile operators across 29 countries.

These are the 29 countries vulnerable to Simjacker attacks (ZDNet) Adaptive Mobile publishes the list of countries where mobile operators ship SIM cards vulnerable to Simjacker attacks.

A hacker’s paradise? 5G and cyber security (Financial Times) Internet-connected devices using fifth-generation mobile networks offer prime targets for criminals

Mimecast flags spike in business email compromise attacks (CRN) Email security vendor claims BEC attacks nearly trebled in latest quarter

Companies urged to bolster infrastructure cyber defences (Financial Times) Experts say critical facilities present attractive targets for hackers

Critical Flaw in Sophos Cyberoam Appliances Allows Remote Code Execution (SecurityWeek) A critical vulnerability patched by Sophos in its Cyberoam firewall appliances allows a remote, unauthenticated attacker to execute arbitrary commands with root privileges.

Imperva explains how their recent security incident happened (Help Net Security) Imperva CTO Kunal Anand explained how a recent security incident that resulted in Cloud WAF customer data compromise happened.

Malware That Spits Cash Out of ATMs Has Spread Across the World (Vice) A joint investigation between Motherboard and the German broadcaster Bayerischer Rundfunk (BR) has uncovered new details about a spate of so-called “jackpotting” attacks.

Facebook flags thousands of kids as interested in gambling, booze (Naked Security) According to a new report, its algorithmic labelling may expose minors to age-inappropriate, targeted advertising.

Leafly Cannabis Website Leaked User Info via Exposed Database (BleepingComputer) Cannabis information platform Leafly sent notification emails to some of its customers letting them know that some of their information was exposed in a data leak incident.

Android users need to delete these Google Play Store apps right now (Express) ANDROID users have been warned to delete 15 Google Play Store apps that have been found to contain harmful adware. Here are all the apps you need to remove from your phone right now.

County hoping to restore email following server attack (The News-Messenger) County is hoping to have email services back soon as it works on restoring the county's computer servers.

Hospitals resume accepting patients after malware attack (Washington Post) An Alabama hospital chain is again accepting new patients after paying the ransom in a computer malware attack

Ransomware attacks on hospitals will worsen if security doesn't improve (SearchHealthIT) Preparing for ransomware attacks on hospitals means having a comprehensive security plan, which includes having complete data backups and a good disaster recovery plan.

Food writer 'loses £5,000 in phone-number hijack' (BBC News) Jack Monroe's bank and PayPal accounts were used after her mobile phone number was hijacked.

Readers Beware: AI Has Learned to Create Fake News Stories (Wall Street Journal) Researchers warn about the risks of computer-generated articles—and release tools that ferret out fakes.

Soldering spy chips inside firewalls is now a cheap hack, shows researcher (Naked Security) The tiny ATtiny85 chip doesn’t look like the next big cyberthreat facing the world, but sneaking one on to a firewall motherboard would be bad news for security were it to happen.

Former cyber chief warns shipbuilding programs at risk (The Australian) Former national cyber security adviser Alastair MacGibbon has warned that Australia’s $90bn naval shipbuilding program could be at risk through theft or sabotage of data held by supply-chain firms working on the new submarines and frigates.

Bug bounty challenge surfaces DOD proxy weaknesses (GCN) Over a two-week period, white-hat hackers scoured hundreds of public-facing DOD Information Network proxy servers, virtual private networks and virtual desktops to find and disclose vulnerabilities.

Security Patches, Mitigations, and Software Updates

Hardening Firefox against Injection Attacks (Mozilla Security Blog) A proven effective way to counter code injection attacks is to reduce the attack surface by removing potentially dangerous artifacts in the codebase and hence ...

Microsoft Now Enables Windows 10 Tamper Protection By Default (BleepingComputer) Microsoft has announced today that the Windows 10 Tamper Protection security feature is now officially generally available for the Enterprise and consumers. Along with this announcement, Microsoft will be enabling this security feature on all Windows 10 devices by default.

Cyber Trends

Where do the 2020 Candidates Stand on Cybersecurity Awareness? (SiteLock) The ugly news about Russian interference in the U.S. presidential election forced the issue of cybersecurity into the political spotlight in 2016. Since this catalytic event, political leaders have grappled with cybersecurity awareness on a global stage — and not all have done so gracefully.

Despite Rise in Identity Theft & Fraud, Employee Data Falls Alarmingly Low on IT's Risk Barometer for Online Exposure, Compared to Customer Data (PR Newswire) Identity theft and fraud have become commonplace in the digital-first environment we live in today, with 3 million...

The Underrated Risks of Data Exposure | Terbium Labs® (Terbium Labs®) We surveyed over 300 information technology (IT) professionals in the United States and Canada to better understand how businesses currently monitor and detect incidents of exposed data on the Internet, their current and future risks and the potential negative outcomes. The survey was fielded in September 2019 and the respondents are comprised of full-time IT professionals who work in various industries, including but not limited to, retail, finance, healthcare and ecommerce.

Thycotic research reveals security pros struggle to quantify what success looks like (Intelligent CIO Europe) The vast majority of IT security professionals work to a set of Key Performance Indicators (KPIs) yet struggle to align these metrics with overall business

70% of presidential campaigns fail to provide adequate online privacy and security protections (Help Net Security) An OTA study analyzes 23 current presidential campaigns and their commitment to online consumer protection, data security and responsible privacy practices.

Consumers concerned about connected home privacy, still few implement safety practices (Help Net Security) ESET released the findings of its survey on consumer attitudes and actions toward the cybersecurity and privacy of the connected home.

New report reveals $7.3 billion cyber security opportunity in Southeast Asia (SmartCompany) As the demand for digital goods and services accelerates across Southeast Asia, vulnerabilities in both public and private systems are...

What we continue to get wrong about cybersecurity (Fifth Domain) Today’s cyberthreat environment is menacing, and it’s clear that we always need to be in a state of “high alert.”


Sophos Becomes Latest U.K. Tech Target in $3.8 Billion Deal (Yahoo) Private equity firm Thoma Bravo agreed to buy Sophos Group Plc for $3.8 billion, taking the British cybersecurity firm private in the biggest takeover of a U.K. technology firm this year.Thoma Bravo will pay $7.40 a share in cash, or 583 pence per share, representing a premium of 37.1%

Thoma Bravo to Acquire Sophos for $3.9 Billion (SecurityWeek) Private equity firm Thoma Bravo has made an offer to acquire UK-based cybersecurity firm Sophos for $3.9 billion.

Software maker Sophos agrees £3bn takeover by US private equity (The Telegraph) Cybersecuitry firm Sophos has agreed to be taken over by US private equity fund Thoma Bravo for $4bn (£3.

Buyout firm Thoma Bravo adds Sophos to its cybersecurity chest with $3.8 billion deal (Reuters) U.S. private equity firm Thoma Bravo is adding Sophos Group to its cybersecurity...

As Sophos is bought by a US bidder, why is Britain unable to keep hold of its tech darlings?  (The Telegraph) It’s easy to cringe at the notorious 2007 Fortune magazine photoshoot of the so-called “PayPal mafia.

Next few months may show if Huawei can thrive without U.S. tech sales (Washington Post) The Chinese company’s stockpile of certain U.S. parts may be running low

Keeping Huawei out of 5G play will be loss to Indian operators, consumers: Jay Chen (The Hindu) Huawei India CEO Jay Chen told PTI that that the company does not wish to get caught in geopolitical crossfire

Why Huawei Isn’t So Scary (Foreign Policy) The Chinese company’s lead in the 5G race isn’t insurmountable, and other firms and countries shouldn’t rush into the fray.

Zscaler: Time To Buy (Seeking Alpha) Zscaler has fallen roughly 46% since its 52-week high. The stock has grown strongly with revenue growth rates above 50% for the past three years. Moreover, Zscaler is undervalued by 9.5% based on my estimates.

NTT's Mega-Merger, Brand-Cutting Plan for Another $4B in Sales (Light Reading) Japan's NTT is uniting 28 enterprise-focused brands in its bid to grow at twice the market rate and deliver a boost to profitability.

Crowdstrike Stock Tumbles as Citi Says Sell (Barron's) Crowdstrike stock was trading sharply lower after Citi analyst Walter Pritchard started coverage of the security company with a Sell rating. He also named two stocks to buy.

VMware's COO says that its $2.1 billion acquisition of Carbon Black is all about fixing cybersecurity, an industry 'going through turmoil' (Business Insider) Now that the acquisition has been closed, VMware COO Sanjay Poonen and Carbon Black CEO Patrick Morley explains what's next for both companies.

VMWare closes Carbon Black acquisition, affecting 120 Boulder employees (BizWest) VMWare Inc. (NYSE: VMW) closed its $2.1 billion acquisition of Carbon Black Inc. last Friday, meaning about 120 employees working out of a Pearl Street office in Boulder have a new employer.

Hong Kong Is the Latest Tripwire for Tech Firms in China (Wired) Blizzard, Apple, and Google remove signs of support for pro-democracy protesters, in apparent concessions to the politics underlying the Chinese market.

WSJ News Exclusive | Mastercard, Visa, eBay Drop Out of Facebook's Libra Payments Network (Wall Street Journal) The biggest financial companies recruited by Facebook to launch a cryptocurrency-based payments network have backed out of the project, threatening to derail an ambitious initiative to remake global finance.

Thales and Airbus Team Up to Offer Joint Cybersecurity Product (Computer Business Review) France-based defence specialists Thales and Airbus have signed an agreement to blend two of their cybersecurity products into...

FireEye To Extend Reach Of Verodin Through Managed Service Bundle (CRN) FireEye plans to create managed service bundles to help channel partners bring the Verodin Security Instrumentation Platform to customers outside the large enterprise.

FireEye's New Partnership Could Help Reshape Cybersecurity (The Motley Fool) The company just inked a deal with private but fast-growing cloud security firm iboss.

Shape Security: How This Unicorn Is Leveraging AI to Tackle Cybersecurity Crimes (Karma) Key Takeaway:  Shape Security, which became a unicorn last month after raising $183 million to date, has developed an AI-powered engine that helps distinguish humans from bots and protects businesses from an increasing threat of cyberattacks. It is now one of the fastest-growing companies in the U.S. When Chipotle customers across the country complained this...

French company joins Adelaide cyber-tech hub (The Lead SA) French cyber tech company Squad will establish a presence in South Australia’s new space, innovation, defence and cybersecurity precinct.

Trimantium GrowthOps CEO and board replaced (CRN Australia) Clint Cooper in, Paul Mansfield out, as company seeks growth.

Aviatrix Names Cloud Industry Veteran as Senior Vice President of Worldwide Sales (West) Former Cisco and Viptela Executive James Winebrenner to Drive Next Stage of Global Sales Growth for Cloud Networking and Security Services Portfolio

Products, Services, and Solutions

New infosec products of the week: October 11, 2019 (Help Net Security) The most important infosec releases of the week come from: FileCloud, Moogsoft, Aparavi,

Terbium Labs Enters the Digital Risk Protection Market with Robust Platform to Combat Data Loss, Fraud, and Misuse on the Open, Deep, and Dark Web (PR Newswire) Dark web data intelligence innovator, Terbium Labs today announced its entry into the Digital Risk Protection (DRP)...

Infinigate Signs Distribution Agreement with iboss (Infinigate) Infinigate UK, a specialist IT security, cloud and MSP distributor has signed an agreement with iboss to distribute its range of cloud-based internet security solutions across the UK and Ireland.

Symantec Introduces Symantec Endpoint Security – A Single Solution That Eliminates Complexity and Stops Even the Most Stealthy Attacks (BusinessWire) Symantec Corp. today announced a major revamp to its endpoint portfolio with Symantec Endpoint Security (SES).

Palo Alto launches new version of Demisto SOAR platform (SearchSecurity) Palo Alto Networks has launched version 5.0 of the Demisto SOAR platform. The updates are intended to help security teams manage and automate incident response more easily.

Antivirus vs. Antimalware? The Difference is Vital For Cybersecurity! (TheTechNews) When you’re talking about Internet security and defending your home and work systems from threats, a lot of terms get thrown around without much connotation or definition: Spyware, adware, worms, viruses, Trojans, ransomware, cryptojacking – they all generally revolve around the same thing, but each is a separate element with its own definition and its […]

CUJO AI Launches Lens, First AI-powered Network Analytics Tool for Broadband Operators (PR Newswire) CUJO AI, the global leader in the development and application of artificial intelligence to improve the...

Forescout Delivers Industry’s First Impact-Based Security Risk Assessment Tool for Industrial Control System and Operational Technology Networks (West) Forescout Delivers Industry’s First Impact-Based Security Risk Assessment Tool for Industrial Control System and Operational Technology Networks

GoSecure adds a new antivirus to its Managed Detection and Response portfolio (Help Net Security) GoSecure, a leading provider of Managed Detection and Response (MDR) services and a Predictive Endpoint Detection and Response (EDR) platform, announced

F Secure Oyj : Expanded F-Secure, Zyxel co-operation accelerates the delivery of connected home security through service providers (MarketScreener) Cyber security provider F-Secure and broadband networking solutions provider Zyxel are taking their cooperation to the next level by offering...

Technologies, Techniques, and Standards

Phishing Tool Analysis: Modlishka (Akamai) Additional research and support provided by Danny Wasserman. Overview One of the goals of phishing sites is to lure individuals into providing sensitive data, such as personally identifiable information, banking and credit card details, and passwords, through the use of...

Why All Security Disciplines Should Use the Intelligence Cycle (SecurityWeek) Introduction on the intelligence cycle and how you can apply and derive value from its core principles—no matter your role or security discipline.

New Blockchain Solution for IIoT Aims to Solve Scaling Problem (SecurityWeek) Xage claims that its blockchain-based software will increase the scale of protection for trillions of industrial devices and applications across many organizations and locations at once.

VPN to world: Reports of my death are greatly exaggerated | SC Media (SC Media) While some in the industry are making the argument that enterprises don’t need VPNs anymore (principally vendors that don’t offer VPN solutions), nothing

NSA develops online cybersecurity course to educate employees, private sector (Federal News Network) The NSA helped create a resource for non-cyber workforces to educate themselves and others about real-world cybersecurity issues and implications.

New method validates the integrity of computer chips using x-rays (Help Net Security) A method allows orgs to non-destructively scan chips to ensure that they haven't been altered and that they are manufactured to design specs without error.

11 steps organizations should take to improve their incident response strategy (Help Net Security) Forum of Incident Response and Security Teams (FIRST) has produced 11 steps that organizations should take to improve their incident response strategy.

Technical challenge or business enabler? Seizing the opportunity of PCI DSS compliance (FIME) PCI DSS, Payment Card Industry Data Security, card fraud, payment industry, compliance, PCI DSS compliance, security standard, payment brands, strategic partner, merchants, public transport operators (PTOs), processors and acquirers

ICS cybersecurity investment should be a priority in protecting operations from disruption (Help Net Security) Of the 50% who felt current investments were not enough, 68% believe it would take a significant attack in order for their organizations to invest more.

Industrial Control Systems Joint Working Group Quarterly Newsletter (ICS JWG) The ICSJWG continued its 10th anniversary celebration at the August biannual meeting in Springfield, Mass

Texas used disaster playbook to deal with ransomware (StateScoop) The Lone Star State was the latest respond to a ransomware attack by making it a statewide emergency.

Design and Innovation

Warren campaign challenges Facebook ad policy with 'false' Zuckerberg ad (Reuters) U.S. Senator Elizabeth Warren's Democratic presidential campaign this week ...

The hidden menace threatening Democrats' bid to beat Trump in 2020 (POLITICO) Emails obtained by POLITICO reveal a Democratic Party grappling with an onslaught of twin threats: foreign election interference and disinformation by Trump and his allies.

'Ripper'—the Inside Story of the Egregiously Bad Videogame (Wired) The 1996 title featuring Christopher Walken was held up as an exemplar of gaming’s future. But things didn’t exactly work out that way.

New Blockchain Solution for IIoT Aims to Solve Scaling Problem (SecurityWeek) Xage claims that its blockchain-based software will increase the scale of protection for trillions of industrial devices and applications across many organizations and locations at once.

The Perils of Distracted Fighting (Wired) Opinion: Without proper guidelines, smartphones on the battlefield may kill more soldiers than they save.

Inside Mark Zuckerberg's private meetings with conservative pundits (POLITICO) The lengthy, off-the-record gatherings were held at one of the Facebook founder’s homes in California. They come as the social-media giant fends off accusations of liberal bias.

Microsoft unveils Xbox content filters to stop the swears and toxicity (The Verge) Text-based filtering first, but voice filters are on the way.

How does the Army know its new anti-spoofing antennas work? (C4ISRNET) The Army has bought Orolia's new simulation technology that will allow them to test next generation anti-jamming, anti-spoofing antennas.

Research and Development

Researchers may have found a way to trace serial IP hijackers (Help Net Security) Researchers develop a new machine-learning system that could predict IP hijacking by tracing things back to the hijackers themselves.

Penn State students say they can improve IoT device security through combined techniques (IoT Tech News) A team of students at the Penn State World Campus say they have developed a multi-pronged data analysis approach capable of averting cyberattacks in IoT devices, such as smart TVs, home video cameras, and baby monitors.

Analysis reveals the most common causes behind mis-issued SSL/TLS certificates (Help Net Security) Researchers have analyzed failures in certificate issuance to pinpoint the most common causes as well as systemic issues that contribute to these happening.

NAU cyberengineering team wins $6M grant to develop computing solutions to combat cyberattacks (NAU News) A team of Northern Arizona University researchers won a three-year, $6.3 million grant from the U.S. Air Force to develop nontraditional solutions to the increasing danger of cyberattacks and cyber warfare.

New method validates the integrity of computer chips using x-rays (Help Net Security) A method allows orgs to non-destructively scan chips to ensure that they haven't been altered and that they are manufactured to design specs without error.

Chill, Everyone. Google’s 'Quantum Supremacy' Has "Bupkis" on Bitcoin (CCN) Bitcoin wont be affected by Google's "quantum supremacy," says Andreas Antonopoulos. Here's how to future proof against crypto obsolescence.

Computing enthusiast cracks ancient Unix code (Naked Security) Old passwords never die… they just become easier to decode.

A new electronic warfare system for the Army is getting closer (C4ISRNET) Work has begun on Electronic Warfare Planning and Management Tool capability drop 4, the final phase of the first stage of the program.


Romania wins 2019 European Cyber Security Challenge competition (Romania Insider) Romania has won this year’s edition of the European Cyber Security Challenge, the yearly event bringing together young talent from across Europe to compete in the area of cybersecurity.

Rock Valley College designated as Cyber Defense Institution (Rockford Register Star) Rock Valley College’s Data Assurance & IT Security Associate of Applied Science degree was recently approved as a National

Fayetteville team takes top prize in cybersecurity event (Arkansas Online) A team of four students took home $1,000 over the weekend by winning the Little Rock Venture Center's Jolt cyber challenge.

Legislation, Policy, and Regulation

U.S. Imposes Penalties on Turkey, Aiming to Stop Incursion Into Syria (Wall Street Journal) President Trump authorized sanctions and raised tariffs on Turkey, while threatening more-powerful financial penalties if Ankara continued a military offensive against Kurdish militias in northern Syria.

Turkey says ongoing invasion into Syria is self-defense (Military Times) Turkey has justified its ongoing invasion of northeast Syria to the United Nations by saying it’s exercising its right to self-defense under the U.N. Charter, according to a letter circulated Monday.

The Netherlands Releases a Tour de Force on International Law in Cyberspace (Just Security) The Dutch make a major contribution to the growing body of opinio juris on international law in cyberspace, on topics ranging from sovereignty to the use of force, as well as attribution of cyber operations and responses options.

NATO Allies Need to Come to Terms With Offensive Cyber Operations (Lawfare) A proposal for a memorandum of understanding concerning offensive cyber effects operations in systems or networks based in allied territory.

Ex-MI6 head: Technology is now as important to the world as politics (Computing) Sir John Sawers warned that China is rising as a new global superpower, and the West is not in a position to address it,

China’s Global Reach: Surveillance and Censorship Beyond the Great Firewall (Electronic Frontier Foundation) Those outside the People’s Republic of China (PRC) are accustomed to thinking of the Internet censorship practices of the Chinese state as primarily domestic, enacted through the so-called "Great Firewall"—a system of surveillance and blocking technology that prevents Chinese citizens from viewing...

The reaction to an NBA coach's Hong Kong tweet proves why Huawei, ZTE and Alibaba Cloud can't be trusted (Computing) Tencent and TikTok appear to follow the Chinese government's line on censorship at home and abroad. Imagine what could be expected of Huawei, ZTE and Alibaba Cloud in the future,

Compulsory Chinese government propaganda app grants authorities 'superuser' access to smartphones (Computing) China's ruling party has made it compulsory for members to download and use the app

China to make it compulsory to provide a facial scan when getting new phone numbers or internet access (Computing) The new rule will apply from December and will no doubt be used to support the country's draconian 'social credit' system

Will China’s revised cybersecurity rules put foreign firms at risk of losing secrets? (South China Morning Post) Beijing is putting in place new tools that make it ‘much more difficult for companies to keep their information private’, cybersecurity expert says.

WSJ News Exclusive | EU Warns of 5G Risks Amid Scrutiny of Huawei (Wall Street Journal) The European Union has identified specific security threats posed by foreign vendors of telecommunications equipment, significantly heightening the bloc’s scrutiny of suppliers like Huawei Technologies.

New German rules leave 5G telecoms door open to Huawei (Reuters) Germany has finalised rules for the build-out of 5G mobile networks that, in a s...

US security concerns rubbished by industry and academic feedback ( If you thought the UK’s Supply Chain Review was coming to an end, think again as policy makers have been given more food for thought as part of the 5G infrastructure and national security inquiry.

Trump Green-Lights Some Sales to Huawei (New York Times) The administration plans to issue licenses allowing some American companies to sell nonsensitive products to Huawei, despite its placement on a U.S. blacklist.

US-China trade deal: What it is, is not, and may become (TheHill) The agreement between the world’s two largest economies will provide only a brief respite from a long-term struggle for power.

The Pretend Trade Deal (Foreign Policy) Both the United States and China want a bargain. But they’re fooling themselves if they think it’s happening.

US Homeland Security Wants to Subpoena ISPs to Hand Over Data (Infosecurity Magazine) CISA has requested subpoena power to make sending vulnerability warnings easier

Acting Homeland Security Secretary Stepping down, Trump says (Detroit News) McAleenan became the acting secretary after Trump forced out his predecessor, Kirstjen Nielsen

Trump says he is replacing McAleenan as acting homeland security secretary (Washington Post) “Kevin … after many years in Government, wants to spend more time with his family and go to the private sector,” the president said Friday evening.

House to vote this month on legislation to combat foreign interference in elections (TheHill) The House will vote on legislation later this month aimed at limiting foreign interference in U.S. elections after a bipartisan report from the Senate Intelligence Committee this week called on Congress to take action on the issue.

Civil liberties groups sound alarm over online extremism bill (TheHill) Civil liberties and technology groups have been sharply critical of a draft bill from House Homeland Security Committee Democrats on dealing with online extremism, saying it would violate First Amendment rights and could result in the surveillance of vulnerable communities.

Inside the NSA's New Cybersecurity Directorate ( The National Security Agency has a new state-of-the-art center and a new attitude about sharing its threat information.

Normally Hush-Hush NSA Opens Doors of New Cyber Directorate (Bloomberg) Unit seen as crucial to protect elections, disrupt meddlers. The old ‘No Such Agency’ gives way to tour, chatty officials.

Air Force merges pair of San Antonio commands with one goal: Make them even deadlier ( The secretive 24th and 25th Air Forces have worked in the shadowy realm of intelligence, reconnaissance, surveillance and cyber warfare for years. They’re combined in the 16th Air Force in hopes of helping commanders react faster in battle environments where decision speed can determine the outcome.

What the new 16th Air Force means for information warfare (C4ISRNET) The Air Force officially created its new information warfare organization integrating cyber, ISR, electronic warfare and information operations.

Army Secretary Stresses Rapid Deployment, Information Warfare (Breaking Defense) These are huge strategic challenges — and Ryan McCarthy is emphasizing them more than any of his predecessors in at least a decade.

Should Consumers Be Able to Sell Their Own Personal Data? (Wall Street Journal) Two advocates square off over whether consumers will be helped or hurt by being able to own and sell their own data.

Amazon Calls for Government Regulation of Facial Recognition Tech (SecurityWeek) Amazon said it believes that governments should act to regulate the use of facial recognition technology to ensure it is used appropriately.

Are you ready for America’s data protection laws? (VentureBeat) If your company is still grappling with Europe's data protection laws, then watch out. You'll soon have American data protection laws to deal with, too.

California Attorney General Outlines How State Will Enforce Upcoming Privacy Law (SecurityWeek) California Attorney General Xavier Becerra released the draft proposed regulations on how the state will enforce the California Consumer Protection Act (CCPA) that comes into force on January 1, 2020.

Top 10 Identity Verification Takeaways from CA AG's Proposed CCPA Regulations (IDology) California Attorney General Xavier Becerra has released his proposed CCPA regulations. Take look at how the proposed law will impact businesses.

Litigation, Investigation, and Law Enforcement

Iran arrests opposition figure 'directed by French intel' (Al Jazeera) Ruhollah Zam, understood to live in Paris, is now in custody in Iran, the Revolutionary Guards have announced.

Clash Over Surveillance Software Turns Personal in Germany (Bloomberg) Markus Beckedahl was visiting Detroit when a legal threat arrived in his email inbox from the other side of the Atlantic Ocean: a cease-and-desist letter from lawyers representing FinFisher, a German company that sells surveillance technology that it says helps law enforcement stamp out crime.

Stalker found pop star by searching eyes’ reflections on Google Maps (Naked Security) A man confessed to stalking and attacking a young pop star by zooming in on the reflections in her eyes from selfies.

How Photos of Your Kids Are Powering Surveillance Technology (New York Times) Millions of Flickr images were sucked into a database called MegaFace. Now some of those faces may have the ability to sue.

Mississippi State Agencies not Complying with Cybersecurity Laws (CISO MAG) The survey pointed out that over half of all respondents are less than 75 percent compliant with cybersecurity laws and regulations of the state.

Maria Bartiromo: DOJ inspector general report due out Friday and covers 'more than just FISA abuse' (Washington Examiner) Fox Business anchor Maria Bartiromo says her sources are telling her an extensive report by Justice Department Inspector General Michael Horowitz on alleged Foreign Intelligence Surveillance Act abuses by the Justice Department and the FBI will be released by the end of next week.

The FBI Lost Our Son (Wall Street Journal) Billy Reilly, 28 years old, worked part-time as a confidential source for the Detroit office of the Federal Bureau of Investigation. For years, he penetrated radical internet groups online, using false identities. Then he disappeared.

Alleged Hacker Arraigned on $1.4 Million Cryptocurrency Fraud Charges (SecurityWeek) Anthony Tyler Nashatka, aka psycho, appeared in a US federal court on charges related to his involvement in a scheme aimed at defrauding victims of at least $1.4 million in cryptocurrency.

U.S. Regulators Sue Crypto Startup Telegram Over Initial Coin Offering (Wall Street Journal) U.S. regulators sued a company that raised $1.7 billion through a cryptocurrency offering that became one of the largest such deals ever.

Surveillance contractor that violated rules by copying traveler images, license plates can continue to work with CBP (Washington Post) The breach cast a spotlight on a troubling fact for federal lawmakers and privacy advocates: The privately maintained surveillance systems that the government relies on for its wide-reaching security mandate are expanding so quickly, and often without oversight, that it can be hard for the public to keep track.

CID investigating whether Army infantry officer called for mass murder and destruction amid racist, anti-government Reddit screeds (Military Times) Reserve Army Maj. William Jeffrey Poole is under investigation for far-right extremist activity online.

Huawei’s Patents are Not the Enemy ( | Patents & Patent Law) The R Street Institute claims patents are too strong and are inhibiting American companies in the race for leadership in the 5G marketplace. American dominance of 5G technologies will not suffer because Verizon is sued by Huawei. Verizon is not the innovator of technologies that enable 5G telecommunications.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

CISO Leadership Forum (Austin, Texas, USA, December 4 - 5, 2019) Forget the typical conference, which may or may not focus on the latest industry buzz, vendor specific pitches or trendy new development. Our learning sessions are vendor agnostic only as we focus on peer-to-peer...

Upcoming Events Conference 2019 (Nitra, Slovakia, October 14 - 15, 2019) An international program conference focused on cyber security in the automotive industry and mobility. Conference themes will address the topic of stability of digital solutions in the automotive and mobility...

SecureWorld Twin Cities (Minneapolis, Minnesota, USA, October 16, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...

7th Annual Cyber Resilience Summit (Arlington, Virginia, USA, October 16, 2019) As the journey to secure our nation’s IT cyber infrastructure gains momentum, it is important to apply proven standards and methodologies that reduce risk and help us meet objectives for acquiring, developing...

Cyber Hygiene: Why the Fundamentals Matter (Online, Software Engineering Institute at Carnegie Mellon University, October 16, 2019) In this webcast, as a part of National Cybersecurity Awareness Month, our experts will provide an overview of the concept of cyber hygiene, which bears an analogy to the concept of hygiene in the medical...

EXCHANGE 2-19 (New York, New York, USA, October 16 - 17, 2019) BitSight presents EXCHANGE 2019, The Intersection of Business and Cyber Risk, an event for security and risk professionals to navigate the demands of today's dynamic cyber risk landscape. During this two-day...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.