skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

An unattributed cyberattack against Georgian targets has taken down some two-thousand websites and the national television station, according to the BBC.

Microsoft yesterday reported finding indications that Russia's GRU ("Strontium," in Microsoft's internal lexicon, "Fancy Bear" and "APT28" to others) has resumed targeting networks of anti-doping agencies that police international sports. Fancy Bear was active against anti-doping groups during the last Olympiad, when officials disqualified Russian teams for widespread use of performance-enhancing drugs. Microsoft's notice suggests that Moscow has neither forgotten nor forgiven, and that organizations connected with what's called "the Olympic Movement" can expect more hostile attention in cyberspace through next summer's Tokyo games. Japanese authorities have been aware of, and preparing for, cyber threats to the games since 2015 at least.

Johannesburg has declined to pay the ransom the Shadow Kill Hackers demanded, and has called upon international support to help with recovery, SowetanLIVE reports.

Menlo Security says the Adwind jRAT has grown stealthier.

The US Federal Communications Commission has proposed rules that would prevent recipients of Universal Service Funds (USF) from using that money to "purchase equipment or services from companies that threaten national security." The measure, which the FCC will vote on this November 19th, isn't restricted to any particular companies or countries, but the Commission specifically calls out Huawei and ZTE as examples of the companies it has in mind. USF money is designed to support rural telecommunications infrastructure.

Pwn2Own, Dark Reading says, will add industrial control systems to its bug-hunting target list this January.


Today's issue includes events affecting Australia, Belgium, China, Georgia, India, Luxembourg, Japan, Netherlands, Russia, South Africa, United Kingdom, United States.

Bring your own context.

That phishing stuff, it's old hat, yesterday's news, right? We mean, who's gonna fall for that "I am here widdow of Nigerian prince" schtick anymore? Misspellings, nonstandard grammar, loose idiomatic control...everybody's onto phishing. Right? Right?

"But that's not what phishing email are anymore. They're hyperfocused on improved spelling, improved grammar, and they are becoming more psychologically focused, where they're trying to get you to react rather than just saying, hey, maybe you can get a million dollars, or hey, it's your bank; maybe you should call us. They're really trying to play on things like - it's, hey, this is your boss; I need something urgently. Or this is your financial institution. Your account's been hacked; we need you to click here right now and update your account information. They're really getting good at that psychological component."

—David Dufour of Webroot, on the CyberWire Daily Podcast, 10.25.19.

Oh...OK, so not right. The phishbait is better than ever.

Federal cloud market projected for major growth.

According to Coalfire’s latest report on FedRAMP, U.S. agencies spent $6.5B in cloud services in FY2018, an impressive 32 percent year-over-year increase, with the vast majority of Federal cloud migration still to come. SaaS/PaaS/IaaS providers can gain access to this market with significantly less investment in both time and cost by taking advantage of automation and recent FedRAMP program updates. Learn how.

In today's Daily Podcast, out later this afternoon, we speak with our partners from Lancaster University, as Daniel Prince discusses risk management and uncertainty. Our guest is Robb Reck from Ping Identity, who reviews their research into "5 Steps to Improve API Security."

IMAGINE, A MISI salon-style bespoke dinner event (Columbia, Maryland, United States, November 1, 2019) IMAGINE a world where more young women can see themselves in the faces of the legendary women of science & technology – and say, "Yes I can!" The event on November 1 is a fundraiser in support of the region's unique and inclusive STEM program and will be held at the DreamPort Facility in Columbia Maryland. While its focus is on the under-represented young women, young men are also included in MISI's STEM programs.

Cyber Security Summits: November 6 in Boston and November 21 in Houston (Boston, Massachusetts, United States, November 6, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Google, IBM, Verizon, Center for Internet Security and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Your full day’s attendance will earn you 6 CEUs. Passes are limited, secure yours today:

NXTWORK 2019 (Las Vegas, Nevada, United States, November 11 - 13, 2019) Join us at NXTWORK 2019 to learn, share, and collaborate with GameChangers from companies across the networking industry. This year’s event features keynotes from Juniper executives, as well as special guest speaker Earvin “Magic” Johnson, along with 40+ breakouts and master classes led by Distinguished Engineers, as well as various opportunities for certification testing and training.

Cyber Attacks, Threats, and Vulnerabilities

Abu Bakr al-Baghdadi death: Jihadists have chance to regroup under new leader (Times) The death of Abu Bakr al-Baghdadi, the leader of Islamic State, marks a turning point for the militant group that rose from the prison camps of Iraq to command a wealthy cross-border pseudo-state.

Georgia hit by massive cyber-attack (BBC News) Two thousand websites, as well as the national TV station, were targeted.

Russia’s Fancy Bear hackers conduct “significant cyberattacks” on anti-doping agencies (Ars Technica) Hacking blitz directed at 16 organizations since September 16, Microsoft says.

Russian Hackers Are Still Targeting the Olympics (Wired) Fancy Bear has attacked 16 anti-doping agencies around the world, indicating that its Olympics grudge is far from over.

Russian hacking group Fancy Bear strikes sports and anti-doping organizations (Axios) Fancy Bear's targeting of sports groups has become a near-annual event since 2016.

Hiding in Plain Sight: New Adwind jRAT Variant Uses Normal Java Commands to Mask its Behavior (Menlo Security) Malicious actors are learning how to use the same concept as 'hiding in plain sight' to sneak malware past traditional cybersecurity tools and onto users’ computers. And, it’s causing havoc on two fronts: enterprise security and user productivity

Nasty PHP7 remote code execution bug exploited in the wild (ZDNet) New PHP7 bug CVE-2019-11043 can allow even non-technical attackers to take over servers.

Adobe database exposes 7.5 million Creative Cloud users (Naked Security) Adobe has become the latest company to be caught leaving an Elasticsearch database full of customer data exposed on the internet.

Joburg refuses to pay cyber attack ransom, gets help from 'international partners' (SowetanLIVE) The city of Johannesburg has roped in international partners to deal with a cyber attack, and will not concede to a R400,000 ransom demand by the Shadow Kill Hackers.

Ransomware with a difference as hackers threaten to release city data (Naked Security) Johannesburg spent the weekend struggling to recover from its second malware attack this year as it took key services systems offline.

American Cancer Society hit by credit card stealing malware (TechCrunch) The American Cancer Society’s online store has become the latest victim of credit card-stealing malware. Security researcher Willem de Groot found the malware on the organization’s store website, buried in obfuscated code designed to look like legitimate analytics code. The code was des…

California blackouts hit cellphone service, fraying a lifeline (Silicon Valley Business Journal) For years, state and federal regulators have pressed the cellular companies to better reinforce their networks for emergencies. The Federal Communications Commission said Monday that it was conducting “a comprehensive review of the wireless industry’s voluntary commitment to promote resilient wireless communications during disasters.”

Hullinger Shares Details of Alphabroder’s Cyber Attack (ASI) In a Power Summit session, the CEO explained how the promotional products industry’s largest...

Vulnerability Summary for the Week of October 21, 2019 (CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Cyber Trends

State of Retail Cybersecurity: Saying IDONT to IDOR this Holiday Season | Bugcrowd (Bugcrowd) November is right around the corner, and so is the holiday shopping season. As consumers prepare to loosen their wallets, retailers are preparing to tighten the

iovation Financial Services Report: Fraudsters Go Mobile 50% of Time, Security and Privacy Drive Consumer Banking Choices (iovation) Risky transactions on mobile devices increase 138% since 2017; Security and privacy top priority for 72% of consumers selecting a bank or credit card

Adlib Software Finds Banking & Insurance Customers Rate Sensitive Data Protection as Top Priority During Client Onboarding (Yahoo) Adlib Software, a global leader in file analytics and data enrichment solutions, today announced survey results that reinforce the importance of.

'We're losing our ability to think': Internet pioneer Leonard Kleinrock on how his creation has transformed the world (The Telegraph) To some extent computers are the worst enemy of critical thinking," says Leonard Kleinrock.

Perspective | This might surprise you. Seniors are not more susceptible to scams; younger adults are. (Washington Post) The Federal Trade Commission debunks a myth that seniors are more likely to lose money to a scam.


Fortinet Bolsters Endpoint Security with enSilo Acquisition (Dark Reading) As companies reduce their vendor count, consolidation will likely continue to accelerate in the next year.

Stardog Raises $9 Million Series B to Expand Product Offerings (BusinessWire) Stardog announced that it has executed a Series B round, securing $9 million in financing

NordVPN Lists 5 Measures to Supercharge Its Security (Dark Reading) NordVPN signs a strategic partnership with VerSprite, a leading cybersecurity consulting firm.

Nomura downgrades China's ZTE, cites slowdown in demand and tech war risks (CNBC) Japanese bank Nomura downgraded Chinese telecommunications firm ZTE on Tuesday, saying there would be a temporary slowdown in demand with the shift to 5G equipment not fully picking up. It also warned of a risk of escalation in the conflict between the U.S. and China in the tech sector.

A Cybersecurity Firm’s Sharp Rise and Stunning Collapse (The New Yorker) Tiversa dominated an emerging online market—before it was accused of fraud, extortion, and manipulating the federal government.

Dissent Erupts at Facebook Over Hands-Off Stance on Political Ads (New York Times) In an open letter, the social network’s employees said letting politicians post false claims in ads was “a threat” to the company.

Cyber reskilled, but in my old job: A common refrain for program graduates (Federal News Network) Margaret Weichert, deputy director for management at OMB, said she is deeply concerned about structural impediments to bring agility to government.

CyberGRX Surpasses 50,000 Companies on Global Third-Party Cyber Risk Exchange (BusinessWire) CyberGRX announces that their Exchange has surpassed 50,000 companies, further propelling the company’s leadership status in TPCRM.

Nixu further expands Benelux operations (Cision) Pure play cybersecurity provider opens second regional office at The Hague Security Delta

JPMorgan's latest tech hire is crazy and wonderful (eFinancialCareers) He once drove a nuclear submarine.

CounterFlow AI Appoints Former FireEye Executive Bill Cantrell as Chief Product Officer (CounterFlow) Company aims to accelerate its next phase of growth, scale portfolio capabilities and partnership ecosystem following launch of flagship solution ThreatEye

Products, Services, and Solutions

Web Filtering Investigation & Discovery | Respond Analyst (Respond Software) A more secure network while using fewer resources. Respond Software adds web filtering investigation & discovery capabilities to its Respond Analyst solution.

Web Filtering in the Respond Analyst | Casting a Wider Net (Respond Software) Respond Analyst now supports top web filtering solutions like Palo Alto Networks & Forcepoint to identify compromised assets communicating with command.

Jumio Launches Real-Time Verification Solution, Powered Exclusively by AI (Jumio) Jumio Go is the first automated solution in the market to spot deepfakes, bots and sophisticated spoofing attacks with certified liveness detection

F5’s BIG-IQ Integrated With Venafi Machine Identity Protection Platform for Superior App Security (BusinessWire) Venafi, the leading provider of machine identity protection, today announced that F5 Networks has built native integration capabilities for the Venafi Machine Identity Protection Platform into the F5 BIG-IQ Centralized Management solution.

Hootsuite taps Proofpoint for AI-powered predictive compliance tool (VentureBeat) Social media management platform Hootsuite and enterprise security company Proofpoint want to help companies in heavily regulated industries.

Pwn2Own Adds Industrial Control Systems to Hacking Contest (Dark Reading) The Zero Day Initiative will bring its first ICS Pwn2Own competition to the S4x20 conference in January.

RCS MediaGroup Selects Pulse Secure to Strengthen Hybrid IT Secure Access at Leading Italian Publishing House (Pulse Secure) Advances remote access to web applications such as Microsoft Office 365 and network resources to help 3,000 staff enjoy a better work-life balance leveraging Pulse Secure

Technologies, Techniques, and Standards

The U.S. Army Didn’t Even Use Tools it Bought from Hacking Team (Vice) A group focused on counterintelligence and insider threats purchased the malware, according to a FOIA response to Motherboard.

AvengerCon IV showed how U.S. Cyber Command is building community ( Baltimore) The hackathon, held at Dreamport in Columbia, reflected a growing spirit of collaboration around the Fort Meade-based command.

Why Startups Desperately Need CISO Guidance (CISO Series) As a preview for the 10-29-19 episode of CISO/Security Vendor Relationship Podcast, Mike Johnson interviews Roger Hale, CISO in residence for YL Ventures about his new role.

Industry Insights: The Basics of Cyber Security for Fire Departments (Firehouse) While the advent of new technologies can keep firefighters safer and better prepared for their job, there is also an increased risk of cyber attacks.

Design and Innovation

Bias, algorithms and buy-in: 3 things to know about Facebook's new News tab (Silicon Valley Business Journal) Facebook is being blasted for its controversial decision to include on its list of News partners right-wing news site Breitbart (along with Fox News and the National Review), which has been criticized for inaccurate and sensationalized reporting.

What's Blockchain Actually Good for, Anyway? For Now, Not Much (Wired) Not long ago, blockchain technology was touted as a way to track tuna, bypass banks, and preserve property records. Reality has proved a much tougher challenge.


Grand Canyon University Awarded Designation From National Security Agency And Department Of Homeland Security (PR Newswire) Grand Canyon University has been designated by the National Security Agency (NSA) and the Department of Homeland...

Governor Bryant Encourages Mississippi High School Students to Join Innovative Cybersecurity Competition (Mississippi Politics and News - Y'all Politics) Gov. Phil Bryant announced today that Mississippi will be participating in an innovative cybersecurity training partnership with the SANS Institute known as the Girls Go CyberStart challenge, a skills-based competition designed to encourage girls to pursue cyber-based learning and career opportuniti

Legislation, Policy, and Regulation

Cyber 'Pearl Harbour' laws desperately needed, experts say (Australian Financial Review) Security experts back the Morrison government's plan to allow cyber spy agencies to aggressively intervene on behalf of Australian companies.

For Uighur Muslims in China, Life Keeps Getting Harder (Foreign Policy) Concentration camps, surveillance, and spies keep the community under tight control.

TikTok says no, senators, we’re not under China’s thumb (Naked Security) US lawmakers asked intelligence to look into whether the app and others like it could pose a security threat or be used to influence opinion.

FCC proposes rules requiring telcos remove Huawei, ZTE equipment (TechCrunch) The Federal Communications Commission said it will move ahead with proposals to ban telecommunications giants from using Huawei and ZTE networking equipment, which the agency says poses a “national security threat.” The two-part proposal revealed Monday would first bar telecoms giants f…

U.S. regulator to bar China's Huawei and ZTE from government subsidy program (Reuters) The U.S. telecommunications regulator plans to vote in November to designate Chi...

Baroness Kidron: Government uses 'shield and sympathy' of child ­sexual abuse to access encrypted messages (The Telegraph) A leading child safety campaigner says the Government is using “the shield and sympathy” of child ­sexual abuse as an excuse to access encrypted messages.

You May Not Own Your Data (Avast) Read what chess champion and tech expert Garry Kasparaov says is a legal history of tech outpacing society’s view of property

Litigation, Investigation, and Law Enforcement

Boeing C.E.O. to Tell Congress: ‘We Know We Made Mistakes’ (New York Times) Dennis Muilenburg will face the Senate on the first anniversary of the crash of Lion Air Flight 610. The 737 Max remains grounded seven months after a second crash.

Shashi Tharoor asks government to explain alleged cyber attack at Kudankulam nuclear plant ( Officials at the power plant, however, denied the claim, which was made by a Twitter user.

BlackBerry Says Competitor Poached High-Level Officer (Law360) BlackBerry Corp. filed a complaint late Friday in Delaware Chancery Court alleging one of its former high-ranking officers had violated a noncompete clause by taking a job with protection services software company SentinelOne, in what BlackBerry claims is a continuing effort to poach its talent.

Husband Ordered to Pay Almost $500K After Bugging Tobacco Heiress Wife’s iPhone (The Daily Beast) Jurors ordered Crocker Coulson to pay $100 for each of the 415 days he accessed his wife’s phone, along with other fines.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

National Security Leaders Symposium (Naples, Florida, USA, October 27 - 29, 2019) If there is anything that unifies CISOs, change is the one constant. For 2019, the focus is on the rapid evolution of the security industry, the rising tide of visibility on security organizations, and...

NTCA 2019 Cybersecurity Summit (Salt Lake City, Utah, USA, October 27 - 29, 2019) The rural broadband industry, leading experts and critical stakeholders will be gathering at the NTCA 2019 Cybersecurity Summit to hear about managing cyber risk and current threat intelligence. This event...

IS2C Security Conference (Orlando, Florida, USA, October 28 - 30, 2019) (ISC)² Security Congress brings together a global community of cybersecurity professionals. The event offers 175+ educational and thought-leadership sessions, and fosters collaboration with other forward-thinking...

SecureWorld Denver (Denver, Colorado, USA, October 29 - 30, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...

CYBERSEC EXPO 2019 (Katowice, Poland, October 29 - 30, 2019) CYBERSEC EXPO 2019 is a first of its kind two-day trade fair focused exclusively on the cybersecurity technology. It brings global expertise on the emerging cybersecurity threats and gives access to the...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.