skip navigation

More signal. Less noise.

How to Build a Security Operations Center (SOC) on a Budget

Get an in-depth look at how organizations with limited resources can set up a successful operations center for monitoring, detecting, containing, and remediating IT threats across applications, devices, systems, networks, and locations. Get all 5 Chapters in 1 eBook. Download your free copy now.

Daily briefing.

"Caveat:" a new podcast on cybersecurity law and policy

The CyberWire is pleased to announce the launch today of “Caveat,” a new weekly podcast addressing cybersecurity law and policy, with a particular focus on surveillance and digital privacy. Caveat is available at our website.

This latest addition to the CyberWire’s popular lineup of programs is hosted by Dave Bittner and Ben Yelin, the Program Director for Public Policy and External Affairs at the University of Maryland's Center for Health and Homeland Security. Each week, Dave and Ben break down important current legal cases, policy battles, and regulatory matters along with the news headlines that matter most. It’s not just a podcast for lawyers and policymakers; security professionals, businesses, and anyone concerned about privacy and security in the digital age will find the discussions accessible, relevant, and thought provoking.

We gratefully thank KnowBe4, the sponsor of Caveat, for their support.

SecurityWeek's 2019 ICS Cyber Security Conference

SecurityWeek's 2019 ICS Cyber Security Conference wrapped up yesterday afternoon in Atlanta. SecurityWeek's conference showed, as it has in past years, a more even mix of clients and vendors than one often sees at such events, and the panel that offered a final look at the event suggested that next year's meetings should feature even more technical discussions of case studies than were on offer in 2019.

The last day's discussions returned to themes that had been prominent throughout the week, especially the centrality of process integrity and the importance of attention to sound security fundamentals. The former point's prominence showed a maturation of the ICS security community's understanding of the challenges it faces, and also the waning of the familiar complaint that industrial cybersecurity remains too dominated by those who've come up through the information assurance ranks. And the second point, while not a new one, is far from banal. CyberX's Phil Neray presented his company's annual risk report, and those interested in seeing some of the reasons why the basics continue to matter need look no further.

This concludes our special coverage of SecurityWeek's 2019 ICS Cyber Security Conference, but, of course, we'll be watching for any further news that develops from the conference and its participants.

Lookout has found a large phishing campaign targeting United Nations agencies and a range of humanitarian aid organizations.

The Russian embassy to the UK has told Reuters that reports of Turla piggybacking on Iranian attack methods are "unsavoury" misreadings of GCHQ and NSA warnings.

Google scrubbed forty-two apps from the Play store that served Ashas adware. ESET discovered Ashas and traced the developer to a university in Vietnam. In another purge, Apple removed seventeen Trojanized iOS apps that Wandera identified and reported.

The dark web gets more bad press than good, but it's worth noting that it has benign uses, like the BBC's adoption of TOR to help its users avoid censorship by repressive governments. The network particularly mentions China, Iran, and Vietnam as countries who've sought to restrict its content. The BBC News international site will be available in the mirror, as will the BBC's Arabic, Persian and Russian services.

US Senators Wyden (Democrat of Oregon) and Warren (Democrat of Massachusetts) have asked the Federal Trade Commission to investigate any role Amazon may have had in the Capital One breach. The Washington Post reports that Senators Cotton (Republican of Arkansas) and Schumer (Democrat of New York) have asked the Intelligence Community to determine whether the Chinese-owned social network TikTok represented a security threat. With respect to content moderation, TikTok told BuzzFeed its moderators are in the US, not China.

Shopping bots are the ticket-scalpers of e-commerce. Cequence, looking ahead to the holidays, explains how the secondary gray market works.

Notes.

Today's issue includes events affecting Australia, Brazil, China, Czech Republic, France, Germany, India, Iran, Russia, Sweden, Switzerland, Ukraine, United Nations, United Kingdom, United States, and Vietnam.

Bring your own context.

We've heard about legislative and regulatory proposals that would give people ownership over their personal data. How might that work, in lay terms, counselor?

"You know, you have something like bailment where if I give the valet my keys, yes, he holds those keys, but it's not his. He can't go out and give them to somebody else. I'm entrusting him with those keys. They're still technically my property, but I've entrusted them to somebody else."

—Ben Yelin, of the University of Maryland's Center for Health and Homeland Security, on the CyberWire's Caveat podcast, 10.23.19.

Yours, but entrusted to someone else for a very specific purpose.

Zero-Trust in the Modern Workplace

The modern workplace is infiltrated everyday — bring your own device policies and increased vendor access have introduced a whole new layer of cyber risk to the office environment. Since no vendor or customer should be automatically trusted, Zero-Trust frameworks have become more prevalent. How can organizations best protect themselves and their networks? Join LookingGlass’ Eric Olson & James Carnall for a webinar discussing best practices and war stories at 1 pm ET October 31, 2019.

In today's Daily Podcast, out later this afternoon, we speak with our partners at Webroot, as David Dufour reviews their research into phishing. Our guest is Jeremy Smith, author and host of The Hacker Next Door podcast.

And the CyberWire's new weekly podcast Caveat is also up. In this inaugural episode, "Crowdsourced private surveillance," Dave shares a candidate's plan to make personal data private property. Ben describes a system of crowdsourced private surveillance. The listener on the line has a question about expectations of privacy in places like shopping malls. Our guest is Kim Phan from the law firm Ballard Spahr, here to discuss new privacy legislation going into effect in Nevada.

Georgetown University Programs in Cybersecurity Webinar (Online, October 29, 2019) We invite you to learn more about the Master's and Graduate Certificate in Cybersecurity Risk Management at Georgetown University. Our programs prepare you with hands-on practice developing and executing integrated strategies, policies, and safeguards to manage cybersecurity risks across an enterprise. Register for a free webinar on October 29 at noon ET to learn more.

IMAGINE, A MISI salon-style bespoke dinner event (Columbia, Maryland, United States, November 1, 2019) IMAGINE a world where more young women can see themselves in the faces of the legendary women of science & technology – and say, "Yes I can!" The event on November 1 is a fundraiser in support of the region's unique and inclusive STEM program and will be held at the DreamPort Facility in Columbia Maryland. While its focus is on the under-represented young women, young men are also included in MISI's STEM programs.

Cyber Security Summits: November 6 in Boston and November 21 in Houston (Boston, Massachusetts, United States, November 6, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Google, IBM, Verizon, Center for Internet Security and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Your full day’s attendance will earn you 6 CEUs. Passes are limited, secure yours today: www.CyberSummitUSA.com

NXTWORK 2019 (Las Vegas, Nevada, United States, November 11 - 13, 2019) Join us at NXTWORK 2019 to learn, share, and collaborate with GameChangers from companies across the networking industry. This year’s event features keynotes from Juniper executives, as well as special guest speaker Earvin “Magic” Johnson, along with 40+ breakouts and master classes led by Distinguished Engineers, as well as various opportunities for certification testing and training.

Dateline SecurityWeek's 2019 ICS Cyber Security Conference

The risk to industrial control systems: CyberX looks at the data (The CyberWire) Data from ICS networks tell a story about the risks industrial control systems face worldwide. CyberX concludes that most sectors earn at best a low C, and many of them are struggling to earn even a D.

New Analysis of Real-World Network Traffic Reveals Alarming Prevalence of IoT and Industrial Control System Vulnerabilities (KSL) Critical assets whose compromise would cause a major revenue or safety impact — while implementing compensating controls such as continuous monitoring and behavioral anomaly detection (BAD) to quickly spot intruders before they can cause real damage to operations.

Cyber Attacks, Threats, and Vulnerabilities

Charities at increasing risk of cyber-crime (SC Magazine) New UK government report finds that over half of charities think hackers are "major risk"

DHS warns of Russian interference plans in 2020 elections, as Washington focuses on Ukraine (Yahoo News) U.S. government efforts to prevent Russia from conducting influence operations directed at American audiences have largely failed, and Moscow is continuing its attempts to influence the American political system by exacerbating social divisions.

UN, UNICEF, Red Cross officials targeted in recent phishing campaign (ZDNet) Phishing sites first appeared in March, are not blocked in Google's Safe Browsing, and are still active today.

Phishing attack targeting United Nations and humanitarian organizations discovered by Lookout Phishing AI (Lookout) Lookout Phishing AI has detected a mobile-aware phishing campaign targeting non-governmental organizations around the world, including a variety of United Nations humanitarian organizations, such as UNICEF.

Symantec antivirus crashes something again. This time Chrome 78 browsers (ZDNet) Fourth time in three months when Symantec's antivirus crashes something.

Millions downloaded dozens of Android apps from Google Play that were infected with adware (TechCrunch) Security researchers have found dozens of Android apps in the Google Play store serving ads to unsuspecting victims as part of a money-making scheme. ESET researchers found 42 apps containing adware, which they say have been downloaded more than 8 million times since they first debuted in July 2018…

Google Play adware campaign taken down, developer identified (SC Magazine) Year-long investigation finds 42 adware-injecting apps on Google Play that had been downloaded eight million times

Tracking down the developer of Android adware affecting millions of users (WeLiveSecurity) ESET researchers describe how they discovered a year-long adware campaign on Google Play that ultimately affected millions of users.

Apple bans 15 apps created by Gujarat-based app company for cheating (Gadget Now) Mobile security firm Wandera has discovered 17 apps infected with clickware meant to increase advertising revenue. All of these 17 apps are made by Gujarat-based AppAspect Technologies Pvt. Ltd. Apple has removed 15 of these apps. These apps contained malware that used to open web pages and click on ads in the background.

Trojan malware infecting 17 apps on the App Store (Wandera) Wandera’s threat research team has discovered 17 apps on the Apple App Store that are infected with clicker trojan malware. The apps communicate with a known command and control (C&C) server to simulate user interactions in order to fraudulently collect ad revenue.The clicker trojan module

18 iOS apps with stealthy ad clicking code removed from App Store (Help Net Security) Researchers have discovered 17 apps in Apple's App Store that contained a clicker module, designed to perform covert ad fraud-related tasks.

Cyber Attack Hits Prominent Hedge Fund, Endowment, and Foundation (Institutional Investor) “They’re really focused,” warns one security expert. “Wow.”

TikTok Users Are Finally Posting About Hong Kong, But Only To See If They'll Get Censored (BuzzFeed News) BuzzFeed News found no evidence that TikTok blocks pro–Hong Kong democracy videos — or that many American teens were interested in the protests.

Malware Skip-2.0 Provides “Magic Password” to Access Microsoft Servers (CISO MAG) Security researchers discovered a Chinese hacking group “Winnti” using a new malware named “Skip-2.0” to get access to Microsoft SQL (MSSQL) Servers.

Fujitsu Wireless Keyboard Plagued By Unpatched Flaws (Threatpost) Two high-severity vulnerabilities in a Fujitsu wireless keyboard expose passwords and allow keystroke injection attacks.

Philips IntelliSpace Perinatal (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Low skill level to exploit Vendor: Philips Equipment: IntelliSpace Perinatal Vulnerability: Exposure of Resource to Wrong Sphere 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker unauthorized access to system resources, including access to execute software or to view/update files, directories, or system configuration.

Rittal Chiller SK 3232-Series (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rittal Equipment: Rittal Chiller SK 3232-Series Vulnerabilities: Missing Authentication for Critical Function, Use of Hard-coded Credentials 2.

Honeywell IP-AK2 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Honeywell Equipment: IP-AK2 Vulnerability: Missing Authentication for Critical Function 2.

Moxa IKS, EDS (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Moxa Equipment: IKS, EDS Vulnerabilities: Classic Buffer Overflow, Cross-site Request Forgery, Cross-site Scripting, Improper Access Controls, Improper Restriction of Excessive Authentication Attempts, Missing Encryption of Sensitive Data, Out-of-bounds Read, Unprotected Storage of Credentials, Predictable from Observable State, Uncontrolled Resource Consumption

Here’s Why Online Holiday Inventory is Often Gone Before You Get There (Cequence Security) As the holidays approach, consumers are beginning to frequent their favorite online retailers. But, sometimes their perfect gift is already gone. Learn why.

Stalking software is 'on the rise' (BBC News) Experts warn of a rise in a type of software commonly used by abusive partners to spy on phones.

Who’s Stalking Mobile App Users?: Finding and controlling the third-party code (3PC) app publishers don’t know about (The Media Trust) Whose eyes are watching mobile app users? Today’s device-toting consumers spend 90% of their time online on mobile apps. Yet they have little to no notion they’re under the watchful eyes of a broad range of companies—many they’ve never even heard of—that form these apps’ digital supply chain.

Cybercriminals as the Russian State’s Deniable Proxies (OODA Loop) Putin’s Russia has demonstrated a penchant for relying on proxies to provide a degree of deniability while pursuing its military objectives.

Hacktivism returns to its roots as a cyber warfare tool (The Daily Swig) Back in hack

Data Insecurity: How One of the Worst Computer Defects Ever Sacrificed Security for Speed (NCL) In January 2018, it was announced that researchers had discovered some of the most significant cyber security vulnerabilities the public has ever faced.

Cyber Trends

NeuShield Predicts the Top Cybersecurity Threats for 2020 and Beyond (NeuShield Ransomware Protection) NeuShield, which developed the world’s first mirror shielding technology to instantly recover data and files when other malware defenses fail, predicts that 2020 will bring growing threats to Internet of Things (IoT) devices, increasingly organized cybercriminals, the exploitation of 5G vulnerabilities, more sophisticated ransomware attacks, and new cyberattacks on... Read more »

KnowBe4 Finds 96 Percent of Organizations Say Email Phishing Scams Pose Biggest Security Risk (KnowBe4) KnowBe4 Finds 96 Percent of Organizations Say Email Phishing Scams Pose Biggest Security Risk

Prepare for a New Cyber Cold War in 2020, Warns Check Point (Yahoo) Check Point® Software Technologies Ltd. (CHKP), a leading provider of cyber security solutions globally, has unveiled its cyber-security predictions for 2020.  They reveal the major cyber incidents and technical developments that Check Point’s researchers anticipate will impact our societies and businesses

2020 Vision: Check Point’s cyber-security predictions for the coming year (Check Point Software) Published October 24th, 2019 Hindsight is 20/20 vision, as the old saying goes:  it’s always easy to know what the right course of action was after something has happened, but much harder to predict the future.  However, by looking at security developments over the past couple of years, it’s possible to forecast what’s likely to…

RiskIQ’s Q2 2019 Mobile Threat Landscape Report (RiskIQ) Blacklisted Apps Rise by 20%, Google Tightens Up, and Attackers Target Tax Season

Exabeam Annual Cybersecurity Salary Survey Identifies Persistent Gaps with Gender and Diversity, Challenges with Work-life Balance (Exabeam) However, nearly half of professionals have worked in cybersecurity for more than 10 years, and 76 percent feel[...]

Organisations failing to diversify their infosec teams will fail meet skills requirements (SC Magazine) Key to diversifying the cyber-security workforce will be both organisations and individuals having a framework that can show exactly what skills are necessary to fulfil what roles.

2019 : Unisys Security Index (Unisys) Americans express concern about both their physical safety and the security of their personal data when attending large-scale sporting events or festivals

Mistrust lingers between government, industry on cyber information sharing (CyberScoop) Sharing cybersecurity information between the government and private sector won’t do much good if neither side trusts the other.

Morphisec Releases 2019 Hospitality Guest Threat Index During National (PRWeb) More than 22 million U.S. travelers self-report as being the victim of a cyberattack through their business with hotels according to the Mo

The Changing Face of Cyber Security (The UCSB Current) UC Santa Barbara hosts 8th semiannual UC Cyber Security Summit

Marketplace

Wärtsilä co-founds global cyber security alliance for operational technology (Hellenic Shipping News) The technology group Wärtsilä is among the founding members of a new alliance to provide a technical and organizational framework for safe and secure

Raytheon to take full control of Forcepoint cyber venture. Then what? (Washington Technology) Raytheon has started to iron out the details of taking full ownership of the Forcepoint commercial cybersecurity venture it entered four years ago. So where does that business fit in the future Raytheon-UTC combined business?

Global caution over 5G puts pressure on Nokia (Washington Post) Finnish tech company Nokia has warned that its profits will be lower than expected due to tough competition and costs related to new-generation 5G networks

Huawei and Sunrise co-build 5G research centre in Switzerland (ZDNet) It is Huawei's first 5G research centre in Europe.

Founder of UAE's DarkMatter to divest his entire stake in the company (Gulf Business) Faisal Al Bannai is in the process of concluding purchase agreements with "multiple parties"

US Air Force Selects L3Harris Technologies to Develop Space Hub End Cryptographic Unit for Protected Tactical SATCOM Program (Valdosta Daily Times) The U.S. Air Force has selected L3Harris Technologies (NYSE:LHX) to deliver the space hub end cryptographic unit (ECU) for the Protected Tactical SATCOM (PTS) SHIELD program.

Absolute Appoints New Executives to Leadership Team to Accelerate Product Innovation and Enhance Endpoint Resilience Offerings (Financial Post) Absolute (TSX: ABT), the leader in endpoint resilience, today announced two new appointments to the company’s executive leadership team. William Morris joi…

John Paitaridis to lead Australian cybersecurity firm CyberCX (Consultancy) Following the wide-ranging merger of twelve cybersecurity consulting firms in Australia into CyberCX, John Paitaridis has been appointed to head the new firm.

Products, Services, and Solutions

Thycotic Releases Free Privileged Access Management Policy Template (PR Newswire) Thycotic, provider of privileged access management (PAM) solutions to more than 10,000 organizations, including 25...

Randori Launches Recon: See Your Company Through the Lens of the Adversary (PR Newswire) Randori today announced the general availability of Randori Recon, the first phase of its automated attack...

Recorded Future Teams Up With ServiceNow on Integrated Security Intelligence Offering for Reducing Organizational Risk (PR Newswire) Recorded Future, the leading provider of security intelligence, today announced a new relationship with ServiceNow to...

AttackIQ and The Chertoff Group Partner to Enable Enterprises to Measure Cyber Risk, Train Talent and Justify Security Investments with Unprecedented Transparency (BusinessWire) AttackIQ and The Chertoff Group are partnering together to offer a joint solution to help organizations measure security risk, train staff and more.

Imperva RASP Now Supports .NET Core Apps for Security by Default (Imperva) Imperva now supports the .NET Core development platform, securing apps written in .NET Core with our industry-leading RASP solution. Support for .NET Core expands our market-leading, full-stack application security solution to apps at the heart of digital transformation.

WebHouse to Introduce Auditing Service at NetAPP Insight 2019 (Markets Insider) Recognizing that data and information are incredibly valuable assets to all organizations, New York-b...

AWS vastly expands its own managed services (CRN Australia) 29 new services now manageable, just eight partners in play to help.

(ISC)² Launches 12 New Cybersecurity Courses For Certified Professionals (PR Newswire) (ISC)² – the world's largest nonprofit membership association of certified cybersecurity professionals – today...

Felix Payment System Security Assured with Intertrust whiteCryption (Moneycontrol) World’s first technology for contactless Tap-and-Pay card transactions on smartphones undergoes security and compliance certification in preparation for Visa and Mastercard Pilots.

New Cellebrite Field Solutions Streamlines Workflow for Law Enforcement Officers and Investigators (The Breeze) TYSON'S CORNER, Va., Oct. 24, 2019 /PRNewswire/ -- Cellebrite, the global leader in digital intelligence solutions for the law enforcement and intelligence communities, has expanded its frontline solutions to encompass

BlackBerry Announces Availability of CylancePROTECT for Mobile; Further Integrates Cylance Artificial Intelligence (EIN News) BlackBerry Limited (NYSE: BB; TSX: BB) today announced availability of CylancePROTECT® for mobile devices managed by BlackBerry® Unified Endpoint Management (BlackBerry® UEM). Leveraging Cylance's artificial intelligence (AI) security...

'Caveat': the CyberWire's new weekly podcast illuminates cybersecurity law and policy (Dark Reading) Cyber security's comprehensive news site is now an online community for security professionals, outlining cyber threats and the technologies for defending against them.

Technologies, Techniques, and Standards

Can CISOs at smaller enterprises wield enough influence to square the third-party security circle? (SC Magazine) Persistence, consistency, & flexibility are the keys to driving security strategy in smaller enterprises. They must also be consistent about strategy & the next steps that need to be taken to improve security maturity.

Phishing attacks are a complex problem that requires layered solutions (Help Net Security) Most cyber attacks start with a social engineering attempt and, most often that not, it takes the form of a phishing email.

Here's where U.S. cyber warriors are working to protect against election threats (CBS News) CBS goes inside new NSA facility in Maryland where U.S. personnel work to head off election threats 24 hours a day, seven days a week, 365 days a year

How the Air Force upgraded cyber testing for weapons systems (FCW) Air Force Materiel Command's 96th Test Wing is modernizing the way the service tests weapons systems for cybersecurity vulnerabilities.

For secure communications in the Arctic, the military can now use this satellite (C4ISRNET) The Enhanced Polar System is now fully available to the military, ensuring highly secure military communications are available in the polar region.

U.S. Transportation Command recognized by the National Security Agency for setting the standard in securing, safeguarding, and strengthening its cyber infrastructure (DVIDS) Cyber professionals serving with U.S. Transportation Command epitomize the overarching message of this year’s National Cybersecurity Awareness Month, observed in October, of Own IT, Secure IT, Protect IT.

Design and Innovation

What happens when the military holds a ‘con’ (Fifth Domain) Despite the fact most of the “hackers” attending the conference were all members of the military, it was difficult to discern who was a uniformed member of the service and who wasn’t.

BBC News launches 'dark web' mirror (BBC News) In a bid to thwart censorship attempts, the BBC News website is now available via Tor.

U-M researchers invent technology that scans the internet; now Google is a client (WDIV) To scan the internet sounds like a dizzying, if not impossible, task. But one team of researchers at the University of Michigan figured it out within hours.

Research and Development

China Has ‘Concerning’ Leads Over U.S. in Tech, Defense Department Official Says (Wall Street Journal) The U.S. is trailing China in numerous critical technologies, making the role of the private tech sector more important than ever to American national and economic security, a Defense Department official said.

Google researchers train AI to recognise smells based on molecular structure (Computing) Google researchers used a data set of about 5,000 molecules, identified and described by perfume makers, as a benchmark for their experiment.

IBM tears into Google’s ‘quantum supremacy’ claim (Naked Security) Is ‘quantum supremacy’ the moment that the rarefied world of quantum computing finally enters popular consciousness? Probably not.

Legislation, Policy, and Regulation

Russia Will Test Its Ability to Disconnect from the Internet (Defense One) The nascent RuNet is meant to allow the country to survive an attack — and Putin to monitor and control the population.

Russia’s Domestic Internet Is a Threat to the Global Internet (Slate Magazine) A planned disconnection test signifies the Russian government’s commitment to technological sovereignty.

France’s Military Cyber Strategy – Paris Adds Its Two Cents to Cyber Warfare (LinkedIn) Earlier this year, France announced its new Military Cyber Strategy, which addresses both defensive cyber warfare and public elements for military cyber warfare. Collectively, these two pieces put forth France’s official position on offensive and defensive cyber warfare.

China Focus: Experts call for joint efforts to build a safer cyberspace (Xinhua) Though the Internet has brought unprecedented convenience to human society and pushes the mode of production to change, experts have called for joint efforts to tackle challenges and risks in cybersecurity to build a safer cyberspace.

Czechs unlikely to differ from Germany on Huawei approach: minister (Reuters) The Czech Republic is likely to follow the approach of Germany and other neighbo...

Trump Officials Battle Over Plan to Keep Technology Out of Chinese Hands (New York Times) The administration is split over restrictions on exporting sensitive technologies that are vital to protecting national security.

Facial recognition laws go well beyond security (Australian Financial Review) The Morrison government's scuttled facial recognition laws would have gone well beyond combating identify theft and national security threats.

Why Brazil’s data law will boost cybersecurity (BNamericas.com) Although still underdeveloped, the segment is expected to grow quickly, as companies will be financially liable for ensuring the protection of consumers' personal...

Exclusive: White House cyber memo warns of new network risks (Axios) The "White House is posturing itself to be electronically compromised once again."

Rethinking Encryption (Lawfare) All public safety officials should think of protecting the cybersecurity of the United States as an essential part of their core mission to protect the American people and uphold the Constitution. In order to do that effectively, they should deal with reality and embrace encryption.

Comcast Is Lobbying Against Encryption That Could Prevent it From Learning Your Browsing History (Vice) Motherboard has obtained a leaked presentation internet service providers are using to try and lobby lawmakers against a form of encrypted browsing data.

Rogers warns on 'stovepiped' cybersecurity (FCW) The ranking member of the House Homeland Security Committee said agencies should be coordinating their cybersecurity efforts under CISA's direction and leadership.

New laws alone won’t be enough to protect government devices (Fifth Domain) Government security managers will need to do more than rely on new legislation to bolster the security of connected devices.

Inside the U.S. Cyber Army (Vice) In 2019, the American war machine doesn’t simply need soldiers, helicopters, or F-22s. It also needs hackers.

The Navy’s plan to stop being ‘woefully behind’ in cyber (Fifth Domain) The Navy secretary wants the service to ensure it can conduct routine business despite cyberthreats.

Litigation, Investigation, and Law Enforcement

Google to begin publishing government requests for Cloud Platform and G Suite data (VentureBeat) In a blog post, Google said it would soon begin publishing government requests for Google Cloud Platform and G Suite data.

Series of failures behind Boeing Lion Air crash (BBC News) Investigators found faults by Boeing, Lion Air and the pilots led to the crash, which killed 189 people.

Senators Ask FTC to Investigate Amazon Over Capital One Hack (Wall Street Journal) Democratic senators are asking the Federal Trade Commission to investigate Amazon over concerns the company ignored security warnings about a vulnerability that enabled the hack of Capital One customer data in one of the biggest-ever heists of such banking records.

Sens. Warren and Wyden urge FTC to investigate Amazon's role in Capital One hack (CNBC) Democratic Sens. Ron Wyden and Elizabeth Warren are now urging the Federal Trade Commission to investigate whether Amazon's failure to secure the servers it rented to Capital One violated federal law.

TikTok raises national security concerns in Congress as Schumer, Cotton ask for federal review (Washington Post) Senate Minority Leader Chuck Schumer and Republican Sen. Tom Cotton asked U.S. intelligence officials to probe TikTok, expressing fears that the Chinese-owned social-networking app poses "national security risks."

Senate Democrat urges review of DHS's handling of personal information (TheHill) Sen. Maggie Hassan (D-N.H.) is asking the Government Accountability Office (GAO) to review Department of Homeland Security (DHS) policies for sharing Americans' personal information with contractors, citing recent data breaches that exposed the information.

Swedish police cleared to deploy spyware against crime suspects (ZDNet) Spyware should be able to turn on device cameras and microphones, get encrypted chat logs.

AT&T Faces New $1.8 Million Lawsuit Over Sim Hijacking Attack (Vice) Neither carriers nor the FCC are doing enough to protect consumers from the rise of such attacks.

US to release Russian 'agent' Maria Butina from prison (Al Jazeera) Gun advocate who built network of Republican contacts before spying arrest is expected in Russia within days.

Ukraine police detain suspected hacker wanted by United States (Reuters) Police in Ukraine said on Friday they had detained a foreigner wanted in the Uni...

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Florida Cyber Conference 2019 (Tampa, Florida, USA, October 24 - 25, 2019) Join hundreds of stakeholders from Florida's cybersecurity community and beyond for innovative content, in-depth discussion, hands-on demos, networking, and more! With more than 20 breakout sessions across...

National Security Leaders Symposium (Naples, Florida, USA, October 27 - 29, 2019) If there is anything that unifies CISOs, change is the one constant. For 2019, the focus is on the rapid evolution of the security industry, the rising tide of visibility on security organizations, and...

NTCA 2019 Cybersecurity Summit (Salt Lake City, Utah, USA, October 27 - 29, 2019) The rural broadband industry, leading experts and critical stakeholders will be gathering at the NTCA 2019 Cybersecurity Summit to hear about managing cyber risk and current threat intelligence. This event...

North American International Cyber Summit (Detroit, Michigan, USA, October 28, 2019) Taking the Lead: Collaborating to Solve National Cyber Security Problems – Building partnerships and balancing competition and information sharing for improved security. The theme is designed to highlight...

IS2C Security Conference (Orlando, Florida, USA, October 28 - 30, 2019) (ISC)² Security Congress brings together a global community of cybersecurity professionals. The event offers 175+ educational and thought-leadership sessions, and fosters collaboration with other forward-thinking...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.