skip navigation

More signal. Less noise.

How to Build a Security Operations Center (SOC) on a Budget

Get an in-depth look at how organizations with limited resources can set up a successful operations center for monitoring, detecting, containing, and remediating IT threats across applications, devices, systems, networks, and locations. Get all 5 Chapters in 1 eBook. Download your free copy now.

Daily briefing.

SecurityWeek's 2019 ICS Cyber Security Conference

SecurityWeek's 2019 ICS Cyber Security Conference has entered its second day following Monday's training sessions, some of which are described in the links below.

The featured presentation this morning was a fireside chat with former NSA Director and US Cyber Command head Admiral (retired) Mike Rogers. He reviewed the strategic motives of the opposition in cyberspace (singling out North Korea, Russia, and China), and he made a case for approaching cybersecurity, in the context of national security, as a risk management problem. And sound risk management should begin with an appreciation of the opposition's strategic goals.

We'll continue our coverage of SecurityWeek's 2019 ICS Cyber Security Conference throughout the week.

Facebook announced yesterday that it's removed four distinct "networks of accounts, Pages and Groups" from Facebook and Instagram for engaging in "coordinated inauthenticity." Three of the networks originated in Iran, the fourth in Russia. Two of the Iranian networks advanced a pro-Iranian, anti-Israeli and anti-US line; their audience was principally in the US and the Francophone regions of the Middle East and North Africa. The third promoted similar content to a Latin American audience. The Russian network pursued Moscow's now-familiar strategy of deepening existing fissures in American civil society.

Facebook also said it will begin labeling content from state-controlled media not to censor them, but to hold them to a "higher standard of transparency," the Telegraph reports.

NordVPN, TorGuard, and VikingVPN are said (by Ars Technica and others) to have experienced breaches that leaked encryption keys. NordVPN and TorGuard have issued statements intended to reassure users that their security has not been seriously compromised.

Avast has suffered more issues with its CCleaner product. The breach, which Avast says is now fixed, appears connected to exploitation by foreign intelligence services. ZDNet says Czech intelligence services identified the culprit as China. KrebsOnSecurity points to a common factor in the NordVPN and Avast breaches: forgotten user accounts.

The European Data Protection Supervisor has released an update on its ongoing investigation of Microsoft's contracts with various European institutions. That investigation remains incomplete, but the EDPS says it has "serious concerns" over the adequacy of contractual provisions designed to ensure compliance with data protection rules.

Notes.

Today's issue includes events affecting Argentina, Bolivia, Brazil, China, Czech Republic, Germany, Ecuador, European Union, Iran, Israel, Mexico, Peru, Russia, United States, and Venezuela.

Bring your own context.

Phishbait has to be compelling. Witness the recent Iranian use of veteran-themed sites.

"This is basically another great example of an attacker finding a really clever social engineering angle to make victims become more susceptible to a traditional malware campaign. If you look back on it, this is not too dissimilar from other things we've seen in the past, right? Like, you see things like attackers pretending you have a bill due, and you should immediately click and log in, right? And so when they go for these types of emotionally charged issues, be it you're going to help out heroes, you've got a bill due, your password's been compromised - all those are really designed to have you react emotionally. The thought process is basically, the faster and more quickly you can react emotionally, the less likely you are to think it through, and then the bad guy is much more likely to get their way. And so in this particular case, you know, the bad guys actually found, you know, a relatively convincing-sounding domain. Hire military heroes dot com: it sounds legit, right?"

—Craig Williams, head of Talos outreach at Cisco, on the CyberWire Daily Podcast, 10.18.19.

The phish have got to be willing to bite, and they bite on the shiny things they care about.

Zero-Trust in the Modern Workplace

The modern workplace is infiltrated everyday — bring your own device policies and increased vendor access have introduced a whole new layer of cyber risk to the office environment. Since no vendor or customer should be automatically trusted, Zero-Trust frameworks have become more prevalent. How can organizations best protect themselves and their networks? Join LookingGlass’ Eric Olson & James Carnall for a webinar discussing best practices and war stories at 1 pm ET October 31, 2019.

In today's Daily Podcast, out later this afternoon, we hear from our partners at the SANS Technology Institute, as Johannes Ullrich discusses phishing that targets the financial industry. Our guest is Ori Eisen from Trusona, who talks about moving beyond phone numbers, usernames and passwords online.

Georgetown University Programs in Cybersecurity Webinar (Online, October 29, 2019) We invite you to learn more about the Master's and Graduate Certificate in Cybersecurity Risk Management at Georgetown University. Our programs prepare you with hands-on practice developing and executing integrated strategies, policies, and safeguards to manage cybersecurity risks across an enterprise. Register for a free webinar on October 29 at noon ET to learn more.

IMAGINE, A MISI salon-style bespoke dinner event (Columbia, Maryland, United States, November 1, 2019) IMAGINE a world where more young women can see themselves in the faces of the legendary women of science & technology – and say, "Yes I can!" The event on November 1 is a fundraiser in support of the region's unique and inclusive STEM program and will be held at the DreamPort Facility in Columbia Maryland. While its focus is on the under-represented young women, young men are also included in MISI's STEM programs.

Cyber Security Summits: November 6 in Boston and November 21 in Houston (Boston, Massachusetts, United States, November 6, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Google, IBM, Verizon, Center for Internet Security and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Your full day’s attendance will earn you 6 CEUs. Passes are limited, secure yours today: www.CyberSummitUSA.com

NXTWORK 2019 (Las Vegas, Nevada, United States, November 11 - 13, 2019) Join us at NXTWORK 2019 to learn, share, and collaborate with GameChangers from companies across the networking industry. This year’s event features keynotes from Juniper executives, as well as special guest speaker Earvin “Magic” Johnson, along with 40+ breakouts and master classes led by Distinguished Engineers, as well as various opportunities for certification testing and training.

Dateline SecurityWeek's 2019 ICS Cyber Security Conference

Not Blondie, Angel Eyes, and Tuco, but the good, the bad, and the ugly nonetheless (The CyberWire) The state of ICS security: a mixed review, but on balance a hopeful one.

Attacking the operational technology through the operator (The CyberWire) Social engineering leapfrogs technical protections.

Crime as a business (The CyberWire) Black markets and those who work in them have clear economic motives, and they're paying attention to industrial control systems.

New Operational Technology Cyber Security Alliance Launches to Deliver Comprehensive Cyber Security Guidelines for Operational Technology (BusinessWire) Cyber-attacks on critical and industrial infrastructure are on the rise, impacting operational reliability and business risk across all industries, in

Powerful Forces Are Reshaping Continuous OT Monitoring Requirements (Nozomi Networks) Three powerful developments are reshaping the world’s continuous OT monitoring requirements: the rapid convergence of IT/OT security, broader use of corporate SOCs and external security providers, and accelerating digital transformation. Join ARC Advisory Group Vice President Sid Snitkin as he explores the impact each trend is having on core cyber security needs.

Cyber Attacks, Threats, and Vulnerabilities

US, UK: Russian Hackers Hijacked Iranian Malware, Infrastructure (SecurityWeek) Intelligence agencies in the US and UK say the Russia-linked threat group Turla has been using the malware and infrastructure of Iranian hackers to throw investigators off track

Russian Attackers Used Iranian Infrastructure and Tools Against Multiple Targets (Decipher) Investigations by the NSA and Uk’s NCSC found that the Russian Turla attack group was using compromised C2 infrastructure and tools belonging to an Iranian APT group in several operations.

Russian hackers have been mooching off existing OilRig infrastructure (CyberScoop) Russian-linked hackers known as the Turla group have been piggybacking on Iranian hackers’ tools and infrastructure for years now to run their own attacks, according to a joint announcement Monday from the National Security Agency and the U.K.’s National Cyber Security Centre.

A Brief History of Russian Hackers' Evolving False Flags (Wired) Most hackers know how to cover their tracks. But Russia’s elite groups are working at a whole other level.

Skip-2.0 malware provides 'magic password' to access MSSQL accounts (SC Media) Researchers today revealed their discovery of Skip-2.0, which they are calling the first publicly documented case of a backdoor targeting MSSQL Server.

Facebook Steps Up Security Amid Fresh Signs of Russia Meddling (SecurityWeek) Facebook said it was taking down more accounts for "inauthentic" activity and stepping up scrutiny of "state controlled" media seeking to manipulate American voters.

Facebook takedowns show new Russian activity targeted Biden, praised Trump (Washington Post) The company said Monday it disabled a network of accounts originating in Russia that posed at times as locals in swing states to post on divisive political issues and the upcoming presidential election.

Propaganda Works Better Than Censorship (Bloomberg) Comparing Hong Kong with Kashmir shows that manipulating social media is more effective than shutting it down.

WSJ News Exclusive | Islamic State Turns to Teen-Friendly TikTok, Adorning Posts With Pink Hearts (Wall Street Journal) Islamic State militants have been posting short propaganda videos to TikTok, the social network known for lighthearted content popular with teenagers.

Microsoft SQL Server 11 and 12 backdoor, accessible with 'magic password', linked to Chinese APT (Computing) ESET researchers attribute sophisticated MS SQL Server backdoor tool to China's Winnti Group, also known as APT17

Hackers steal secret crypto keys for NordVPN. Here’s what we know so far (Ars Technica) Breach happened 19 months ago. Popular VPN service is only disclosing it now.

TorGuard, NordVPN Respond to Breach Reports (SecurityWeek) TorGuard and NordVPN respond to reports that their systems were breached, and both blamed the incident on a third-party service provider.

Hackers Breach Avast Antivirus Network Through Insecure VPN Profile (BleepingComputer) Hackers accessed the internal network of Czech cybersecurity company Avast, likely aiming for a supply chain attack targeting CCleaner. Detected on September 25, intrusion attempts started since May 14.

Avast targeted in suspected new supply-chain attack (Computing) Avast reveals details of new attempted supply-chain attack just two years after CCleaner compromise

Avast: No plans to discontinue CCleaner following second hack in two years (ZDNet) Czech intelligence agency: "Data analysis suggests that the attack came from China."

Avast Hacked: Intruder Got Domain Admin Privileges. (Computer Business Review) Avast hacked: Temporary VPN profile without 2FA enabled used to escalate privileges in "extremely sophisticated" attack, cybersecurity company says.

Avast, NordVPN Breaches Tied to Phantom User Accounts (KrebsOnSecurity) Antivirus and security giant Avast and virtual private networking (VPN) software provider NordVPN each today disclosed months-long network intrusions that — while otherwise unrelated — shared a common cause: Forgotten or unknown user accounts that granted remote access to internal systems with little more than a password.

ATTK of the Pwns: Trend Micro's antivirus tools 'will run malware – if its filename is cmd.exe' (Register) Try not to save files to your Windows PC called cmd.exe or regedit.exe

McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service - Crescendo (McAfee Blogs) Episode 4: Crescendo This is the final installment of the McAfee Advanced Threat Research (ATR) analysis of Sodinokibi and its connections to GandGrab,

Report: Travel Reservations Platform Leaks US Government Personnel Data (vpnMentor) Led by Noam Rotem and Ran Locar, vpnMentor’s research team discovered a breach in a database belonging to Autoclerk, a reservations

New Microsoft Phishing Campaign Targets Office365 Users (Heimdal Security Blog) Links to the phishing domains come from compromised accounts (including LinkedIn). How hackers combine tactics in an advanced threat.

Removing More Coordinated Inauthentic Behavior From Iran and Russia (Facebook Newsroom) We removed four separate networks of accounts, Pages and Groups for engaging in coordinated inauthentic behavior on Facebook and Instagram.

“Debug mode” in popular webdev tool exposes credentials for hundreds of websites, including Donald Trump’s (Comparitech) Donald Trump's campaign website and hundreds of others failed to disable debug mode in Laravel, a popular PHP framework, exposing secret credentials on the web.

Cyber-criminals are the new entrepreneurs in an age of the "feral" Internet of Things (diginomica) Cyber-security and the new entrepreneurs on the IoT

‘C’est moi’: Mitt Romney admits to running secret Twitter account under the alias ‘Pierre Delecto’ (Washington Post) As Pierre Delecto, Romney used the account to like critical tweets about the president while also occasionally defending himself against detractors.

Pitney Bowes Says Disruptions Caused by Ryuk Ransomware (SecurityWeek) Global shipping and ecommerce giant Pitney Bowes has blamed the recent security incident that caused some service disruptions on the Ryuk ransomware

Georgia County's Experience Shows Perils of Ransomware (SecurityWeek) Ransomware attacks have taken out computer systems at law enforcement agencies and local governments around the country, forcing them to revert to pen and paper for tasks typically done in an instant on computers.

Indiana Hospital System Notifying Patients After Data Breach (SecurityWeek) A northwestern Indiana hospital system is warning more than 68,000 patients that their personal information, including Social Security numbers and health records, may have been exposed during a data breach.

Korean politician claims Google Maps exposes 40% of country's military facilities (Telecompaper) Google Maps' satellite mode has fully exposed to the general public nearly 40 percent of sensitive military sites in South Korea, The Korea Times reports, citing Democratic Party of Korea lawmaker Park Kwang-on.

Security Patches, Mitigations, and Software Updates

Google Boosts Site Isolation in Chrome (SecurityWeek) Google has improved the Site Isolation feature in Chrome to help defend against more types of attacks.

Cyber Trends

SOSS X (Veracode) Veracode presents volume 10 of the State of Software Security (SOSS) report, our comprehensive review of application testing data.

KnowBe4 Finds Email Subject Lines Focused on Security-Minded End Users are Effective (KnowBe4) KnowBe4 Finds Email Subject Lines Focused on Security-Minded End Users are Effective

New report offers insights into phishing scammers' go-to tricks (Healthcare IT News) Email cyber attackers frequently use certain keywords in their subject lines, according to Proofpoint, and tend to send their salvos at certain advantageous times of day.

Data Leaks in the Medical Industry: A Worldwide Epidemic (WizCase) WizCase recently found database leaks from several different medical websites from around the world. The unsecured data includes prescriptions, medical ...

Marketplace

Huawei ban: Full timeline on how and why its phones are under fire (CNET) Here's a breakdown of the controversial Chinese telecom and phone maker's saga so far.

Five Months After Huawei Export Ban, U.S. Companies Are Confused (Bloomberg) U.S. tech companies still awaiting licenses to continue sales. Trump said he would look at Huawei after phase one deal signed.

CrowdStrike CEO surprised that cybersecurity firm was called out in Trump-Ukraine call (CNET) CrowdStrike investigated the 2016 hack of the Democratic National Committee.

Why Did the Market Strike Down CrowdStrike? (The Motley Fool) A great company just went on sale.

New Operational Technology Cyber Security Alliance Launches to Deliver Comprehensive Cyber Security Guidelines for Operational Technology (BusinessWire) Cyber-attacks on critical and industrial infrastructure are on the rise, impacting operational reliability and business risk across all industries, in

Trend Micro Acquires Cloud Conformity to Cement Its Position as the Global Leader in Cloud Security  (BusinessWire) Trend Micro Incorporated (TYO: 4704; TSE: 4704), the global leader in cloud security, today announced it has acquired Cloud Conformity, an innovative

Trend Micro acquires Sydney-headquartered Cloud Conformity for US$70 million (CRN Australia) Taking aim at Palo Alto Networks.

Trend Micro Takes On Palo Alto Networks With Cloud Conformity Buy (CRN) Trend Micro aims to maintain its leadership position in cloud security over Palo Alto Networks through the $70 million purchase of cybersecurity startup Cloud Conformity.

Threat Intelligence Firm Flashpoint Raises $34 Million (SecurityWeek) Threat intelligence firm Flashpoint receives $34 million in investment and debt financing, which the company plans on using to accelerate growth.

Under New Ownership, DigiCert Expands into Verified Mark Certificates (SecurityWeek) Combining a Verified Mark Certificate and DMARC will allow organizations to add the marketing effect of their branded logo to phishing-proofed emails.

Forcepoint in a rush to make a channel difference (MicroscopeUK) Security player is turbo-charging its efforts to put structures in place to work with partners

WidePoint Receives $14.7 Million in Recent Contract Awards for Telecom Expense Management (TEM) and Mobility Managed Services (MMS) (West) WidePoint Corporation (NYSE American: WYY), the leading provider of Trusted Mobility Management (TM2) specializing in Telecommunications Lifecycle Management, Identity Management and Digital Billing & Analytics solutions, today announced that the company received approximately $14.7 million in recent contract awards for Telecom Expense Management (TEM) and Mobility Managed Services (MMS) during the third quarter of 2019.

Leidos Adds Automation Anywhere and Tanium to Its Partner Network (The Breeze) Leidos (NYSE: LDOS), a FORTUNE(®) 500 science and technology leader, today announced the addition of Automation Anywhere and Tanium into the Emerging Technology

SECUDE Joins Microsoft Intelligent Security Association (Yahoo) SECUDE, SAP partner and a leading data security provider specializing in security for SAP and CAD data, today announced that it has joined the Microsoft Intelligent Security Association. For SECUDE, the collaboration is a critical step forward on multiple fronts. The agreement permits SECUDE’s product

LogMeIn bolsters APAC channel team with new hires (CRN Australia) Yvette McEnearney and Mark Harvey hired to lead UC business.

Secureworks Welcomes Steve Hardy as Chief Marketing Officer (BusinessWire) Secureworks appoints Steve Hardy as Chief Marketing Officer

BioNovelus, Inc. Announces Patricia Frost to Join Advisory Board (West) BioNovelus, Inc. (OTC: ONOV) announces Patricia Frost has joined the Company’s Advisory Board. BioNovelus’ Advisory Board seats individual entrepreneurs and senior cyber security / information technology (IT) executives with business, government and technical expertise useful for assisting in identifying, integrating and growing acquired companies.

Products, Services, and Solutions

ZeroNorth and Raytheon Collaborate to Enhance Cybersecurity for Software and Infrastructure (ZeroNorth) ZeroNorth announced an agreement with Raytheon Company’s Intelligence, Information & Services business to support initiatives that will enhance cybersecurity for critical software & infrastructure.

Nok Nok Labs First to Provide FIDO-Based Authentication for Smart Watches (Nok Nok Labs) Strategic Analytics recently reported that global smart watch shipments grew an impressive 44 percent annually to reach 12 million units in the second quarter of 2019. Smart watch usage for applications beyond fitness has grown to include banking, productivity applications such as Slack, ecommerce such as Apple Pay, as well as home security applications such …

Pulse Secure Accelerates Enterprise Means to Achieve Zero Trust Security for Hybrid IT (Markets Insider) Pulse Secure, the leading provider of software defined Secure Access solutions, today announced that i...

XM Cyber Achieves SOC 2 Type II Certification (PR Newswire) XM Cyber, the multi-award-winning breach and attack simulation (BAS) leader, today announced that it has...

Bugcrowd Launches First Crowd-Driven Approach to Risk-Based Asset Discovery and Prioritization (Bugcrowd) Attack Surface Management enables security and IT teams to rapidly identify, prioritize, and secure previously unknown assets for ultimate defender’s advantage

Talkdesk supports Cognosante contact center operations for 2,400+ agents (Talkdesk) Talkdesk cloud cures on-premises condition for Cognosante to transform the healthcare system through technology solutions

Akamai Reaches New Milestone for Web Traffic Delivered (PR Newswire) Akamai (NASDAQ: AKAM), the intelligent edge platform for securing and delivering digital experiences, announced...

IT security firm Check Point launches products for SMEs as cyberattacks on small businesses grow (The Financial Express) Technology for MSMEs: Cyber attacks are among the key challenges faced by small businesses even as 48 per cent SMBs saw instances of a data breach in their businesses up from 46 per cent last year, a survey report by cybersecurity firm Kaspersky said recently.

Rackspace Selects Armor to Deliver Best-in-Class Security for Hybrid Cloud Environments (Markets Insider) Rackspace today announced that it has selected Armor, a top global provider of cloud security-as-a-service ...

Splunk Mission Control Takes Off, Supercharging the Security Operations Center (Splunk) Splunk Inc. announced new innovations across its Security Operations Suite to modernize and unify the Security Operations Center (SOC). Anchored by the newly launched Splunk® Mission Control, the Splunk Security Operations Suite makes it easier than ever for security analysts to turn data into doing by managing security across the entire threat lifecycle.

Banks withdraw fingerprint authentication support on Samsung Galaxy S10 smartphones (Computing) Samsung Galaxy S10 smartphone allows anyone to unlock devices when covered in third-party screen protectors.

Technologies, Techniques, and Standards

Managing legacy change: FBD Insurance CTO Enda Kyne on restoring IT control (Computing) 'We centralised everything internally and started to get the practices right, from requirements through to development standards'

How cybersecurity accelerates business growth (Help Net Security) It’s no secret that the cybersecurity industry has grown exponentially over more than a decade due to the proliferation of high-profile cybercrime.

‘The Golden 5 Minutes’: The Need For Speed In Information War (Breaking Defense) The Army wants to overhaul its Cyber Command to stamp out online disinformation before it goes viral. But there are risks.

STOP Ransomware Decryptor Released for 148 Variants (BleepingComputer) The release of Emsisoft's STOP Ransomware decryption service is a huge achievement and will be a life saver for both the victims and the helpers on BleepingComputer. It should be noted, though, that while this decryptor can help with the majority of STOP variants, anyone who was infected after August 2019 cannot be helped.

Design and Innovation

Microsoft announces Secured-core PCs to counter firmware attacks (VentureBeat) Microsoft has announced Secured-core PCs, a new initiative to combat threats specifically targeted at the firmware level and data stored in memory.

Facebook to add label to state-backed news sites in attempt to battle foreign election meddling (The Telegraph) Facebook will apply labels to news websites such as the Kremlin-backed broadcaster Russia Today in an attempt to prevent foreign interference in future elections.

Facebook steps up security amid fresh signs of Russia meddling (The Bull) Facebook said Monday it was tightening its security for the 2020 US elections, amid signs of fresh activity from Russia attacking Democratic presidential candidates, including Joe Biden. The leading social network said it was taking down more accounts for “inauthentic” activity and stepping up scrutiny of “state controlled” media seeking to manipulate American voters. As...

Research and Development

Naval Research Lab brainstorms plan to tackle AI’s data-centric challenges (Federal News Network) For all of DoD’s aspirational projects, AI tools tend not to fare well in situations where data is spare or not structured in a way that the algorithm can’t process.

IBM Says Google’s Quantum Leap Was a Quantum Flop (Wired) A paper from Google leaked last month claimed its researchers had achieved “quantum supremacy.” Now IBM says Google rigged the test.

Legislation, Policy, and Regulation

Lawmakers continue to review draft law on cryptography (Xinhua) Chinese lawmakers on Monday continued to review the draft law on cryptography.

Will China’s revised cybersecurity rules put foreign firms at risk of losing secrets? (South China Morning Post) Beijing is putting in place new tools that make it ‘much more difficult for companies to keep their information private’, cybersecurity expert says.

China’s Cyberspace Watchdog Approves 309 More Blockchain Services (Cointelegraph) The Cyberspace Administration of China adds 309 more companies to its list of registered blockchain service providers.

Germany Chooses China Over the West (Foreign Policy) Berlin’s refusal to shut Huawei out of its 5G networks weakens Europe’s prospects of standing up to Beijing.

New Cybersecurity Bills Promote CISOs and Privacy (SecurityWeek) The Cybersecurity Disclosure Act of 2019 is a relatively small change of wording to the Cybersecurity Disclosure Act of 2017, but with potentially far-reaching effects.

Silicon Valley Lawmaker Proposes Cyber Training for Every Federal Employee (Nextgov.com) Rep. Ro Khanna plans to introduce a bill that would require feds to learn basic cyber hygiene, including how to securely navigate the internet of things.

Report: Management Alert - EPA Still Unable to Validate that Contractors Received Role-Based Training for Information Security Protection | US EPA (US EPA) Report #20-P-0007, October 21, 2019. The EPA has limited assurance that contractor personnel are maintaining skills needed to combat efforts to destroy, steal or hold for ransom the EPA's systems and sensitive information.

NSA Wants to Help Private Sector, Increase Focus on Commercial Products (ClearanceJobs) A new group within the NSA is reaching out to commercial tech providers with a message - 'we're here to help.'

Is intelligence "reform" a self-licking ice cream cone and compliance trap? (Reason.com) Our interview is with Alex Joel, former Chief of the Office of Civil Liberties, Privacy, and Transparency at the Office

Litigation, Investigation, and Law Enforcement

Assange argues that U.S. charges against him are ‘political’ and a bar to his extradition (Washington Post) Lawyers told a London court that the charges against the WikiLeaks co-founder are part of a Trump administration war on whistleblowers.

Czech Police, Intelligence Bust Russian Spy Network (SecurityWeek) Czech police and intelligence services said on Monday they had busted a Russian espionage network operating through its Prague embassy.

Czech Intel Chief Says Russian Spy Network Was Meant For Cyberattacks (RadioFreeEurope/RadioLiberty) The head of the Czech counterintelligence service says a Russian espionage network that his agency dismantled last year was meant to be used for cyberattacks against the Czech Republic and its foreign allies.

‘State actor’ responsible for cyber attack likely to stay a secret (The Australian) A confidential report into a cyber attack on parliamentary systems in February by a “sophisticated state actor” is likely to remain ­secret, according to Senate president Scott Ryan.

Boeing’s Board Confronts Further 737 Max Scandal (New York Times) Company directors are meeting today after the revelation that a top pilot had warned about a flight system now suspected of a role in two fatal crashes.

EU contracts with Microsoft raising ‘serious’ data concerns, says watchdog (TechCrunch) Europe’s chief data protection watchdog has raised concerns over contractual arrangements between Microsoft and the European Union institutions which are making use of its software products and services. The European Data Protection Supervisor (EDPS) opened an enquiry into the contractual arr…

Commerce IG auditing Census Bureau’s cybersecurity ahead of 2020 count (Federal News Network) In today’s Federal Newscast, the Commerce Department’s inspector general is running an audit of the bureau’s cybersecurity measures.

Equifax used default 'admin' user name and password to secure hacked portal (Computing) Lawsuit claims that Equifax IT security was negligent and that the company made 'false and misleading statements' about its IT security and data protection compliance

Man sentenced for hacking LA court system (Washington Post) A man who hacked Los Angeles County court computers, sent 2 million malicious phishing emails and stole hundreds of credit card numbers has been sentenced in Los Angeles

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Suits & Spooks, 10th Anniversary: Taking Ownership of the Future of our Security (Washington, DC, USA, February 6 - 7, 2020) Suits & Spooks DC is the only international security summit where the attendees and speakers engage in discussion and debate of cyber/physical security challenges over the course of two days. World-class...

Upcoming Events

Industrial Control Systems (ICS) Cyber Security Conference (Atlanta, Georgia, USA, October 21 - 24, 2019) SecurityWeek’s ICS Cyber Security Conference is the conference where ICS users, ICS vendors, system security providers and government representatives meet to discuss the latest cyber-incidents, analyze...

PCI SSC 2019 Europe Community Meeting (Dublin, Ireland, October 22 - 24, 2019) The PCI Security Standards Council’s 2019 Europe Community Meeting is the place to be. We will provide you with the information and tools to help secure payment data. We lead a global, cross-industry effort...

Omaha Cybersecurity Conference (Omaha, Nebraska, USA, October 24, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Florida Cyber Conference 2019 (Tampa, Florida, USA, October 24 - 25, 2019) Join hundreds of stakeholders from Florida's cybersecurity community and beyond for innovative content, in-depth discussion, hands-on demos, networking, and more! With more than 20 breakout sessions across...

National Security Leaders Symposium (Naples, Florida, USA, October 27 - 29, 2019) If there is anything that unifies CISOs, change is the one constant. For 2019, the focus is on the rapid evolution of the security industry, the rising tide of visibility on security organizations, and...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.