skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

POLITICO says that "three former senior officials with knowledge of the matter" have told the publication that the US Government has concluded that Stingray cell monitoring devices found in Washington, DC, were probably emplaced by Israeli operators.

North Korean hackers are turning to more obscure file formats (like Kodak Flash Pix) in the hope that these will slide unremarked past anti-virus screens, Prevailion researchers have disclosed to CyberScoop.

Ransomware may be acquiring information-stealing functionality. BleepingComputer reports that MalwareHunter Team has found that a strain of the widely used Ryuk ransomware appears to be exfiltrating files of interest to an FTP site. The malware is particularly interested in military, intelligence, and law enforcement data.

Google has now purged twenty-four apps infected with the Joker Trojan from the Play store, Information Age reports.

In the wake of the arrests made internationally in Operation reWired, the US FBI reiterates warnings that business email compromise attacks remain a persistent danger.

US Federal agencies are working out roles and responsibilities in cyberspace during the course of wargames. Breaking Defense describes the exercises as bringing together organizations from the Departments of Defense and Homeland Security. The US Defense Department has also offered Congress a look at some of its current thinking on cyber deterrence. Deterrence is commonly thought of as involving the credible threat of retaliation, but the Department calls its approach to deterrence "multifaceted," with denial playing a significant part. An adversary can be deterred if they became convinced that their attacks would be futile.

Notes.

Today's issue includes events affecting Bulgaria, Canada, China, Iran, Israel, Democratic Peoples Republic of Korea, Russia, Saudi Arabia, Turkey, United Kingdom, United States.

Bring your own context.

Considerations for crowd-sourcing vulnerability testing.

"It used to be the case where folks would be worried about, quote, unquote, "a hacker" because they defined a hacker the same, whether it was a black hat hacker or a white hat hacker. We have seen that misconception go away, increasingly, not that it's completely gone. The second misconception I would say is how do you focus in on the right way of launching a program? And what do you want to get out of the program? And we've done a lot to help customers understand that it's pretty important to pay that assurance debt down, you know, get all the low-hanging fruit addressed before you go out and build a public program."

—Ashish Gupta, CEO of Bugcrowd, on the CyberWire Daily Podcast, 9.10.19.

The Pentagon does it, after all.

Conduct secure and anonymous research on the open and dark web.

If you are doing online research, the common web browser can betray you by exposing you and your organization to cyber attacks. Authentic8, the maker of Silo Cloud Browser and Silo Research Toolbox, ends this betrayal. Silo insulates and isolates all web data and code execution from user endpoints, providing powerful, proactive security even if you are gathering data and collections across the deep and dark web. Learn more.

In today's podcast, out later this afternoon, we speak with our partners at Bristol University, as Awais Rashid warns against accepting default settings on mobile devices. Our guest, Bill Conner from SonicWall, discusses side-channel attacks. 

And Hacking Humans is up. In this episode, "An ethical hacker can be a teacher," a listener updates us on "notice of arrest" policies. Dave notes increased instances of Google Calendar spam. Joe shares a claim that AI voice mimicry was used to dupe a company out of nearly a quarter million dollars. (Dave is skeptical.) The catch of the day accuses the target of naughty behavior. Carole Theriault interviews ethical hacker Zoë Rose.

Cyber Security Summits: September 17 in Charlotte and October 3 in NYC (Charlotte, North Carolina, United States, September 17, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The NSA, The FBI, Google, IBM, Darktrace, and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Passes are limited, secure yours today: www.CyberSummitUSA.com

Second Annual DataTribe Challenge (Online, October 1, 2019) Register now for a chance to be DataTribe's next world-class company. Finalists will split a $20,000 prize, and the winner may receive $2m in funding from DataTribe. Contestants have until October 1st to apply at www.datatribe.com/challenge­.

Cyber Attacks, Threats, and Vulnerabilities

Israel accused of planting mysterious spy devices near the White House (POLITICO) The likely Israeli spying efforts were uncovered during the Trump presidency, several former top U.S. officials said.

North Korean hackers target U.S. entities amid stalled denuclearization talks (CyberScoop) A hacking group with ties to North Korea has been targeting U.S. entities with malicious documents as it works to hide its tracks better, according to research from Maryland-based cybersecurity firm Prevailion.

Joker trojan found on Android store (Information Age) Money siphoning malware installed nearly 500,000 times.

New 'The Joker' malware targeting Android users (Deccan Chronicle) A new kind of malware called 'The Joker' is putting to risk Android devices, researchers at cybersecurity firm CSIS have revealed.

Ryuk Related Malware Steals Confidential Military, Financial Files (BleepingComputer) A new malware with strange associations to the Ryuk Ransomware has been discovered to look for and steal confidential financial, military, and law enforcement files.

Could hackers gain a global ‘kill click’? (Fifth Domain) Congress is worried that it's not clear who is securing certain internet cables.

Privacy researcher discovers potential health data breach – over radio frequencies (Insurance Business) Researcher found that patient data was being transmitted without encryption

Wikipedia fights off huge DDoS attack (Naked Security) Wikipedia has suffered what appears to be the most disruptive Distributed Denial of Service (DDoS) attack in recent memory.

Threats to macOS users (SecureList) An extremely dangerous threat is a targeted attack on macOS and iOS users, mainly business users. Several well-known cybercriminal groups are currently working to develop malware for these operating systems.

Multiple Vulnerabilities in Comba and D-Link Routers (Trustwave) There are five new credential leaking vulnerabilities discovered and disclosed by Simon Kenin. Two are in a D-Link DSL modem typically installed to connect a home network to an ISP. The other three are in multiple Comba Telecom WiFi devices. All the vulnerabilities involve insecure storage of credentials including three where cleartext credentials available to any user with network access to the device.

Sophisticated Law Firm Email Domain Impersonation Fraud Concerning (Today's Conveyancer) In September alone, the Solicitors Regulation Authority (SRA) has issued three separate and sophisticated fraudulent emails using the details of SRA regulated firms and solicitors.

ThreatList: Amidst Data Breaches, Account Creation Fraud Soars in 2019 (Threatpost) Cybercrooks are using bots to create synthetic digital identities, to carry out various types of fraud.

New report reveals growing threat of cyber-attacks to food safety (New Food Magazine) A new report has warned that the food industry is vulnerable to cyber-attacks as it is not prepared and could pose risks to public health.

Agroterrorism: What Is the Threat and What Can Be Done About It? (RAND) A study by RAND researcher Peter Chalk focuses attention on the issue of agroterrorism—the deliberate introduction of a disease agent, either against livestock or into the food chain, to undermine socioeconomic stability and/or generate fear.

FBI Cyber Warning: Attacks On Key Employees Up 100%, As 281 Are Arrested (Forbes) Cyberattacks targeting individuals in businesses has now become an epidemic—and it's getting much worse.

Ransomware attack on Premier Family Medical reportedly impacts records of 320K patients (SC Magazine) US-based health care practice Premier Family Medical was struck by ransomware in July, affecting the records of roughly 320,000 patients.

Groton schools suffer data breach (Ithaca Times ) Groton Central School District announced on Aug. 29 that it was one of over 13,000 school districts across the nation victimized in a security data breach that exposed student information.

Local courts effected by cyber attack on Administrative Office of the Courts (Claxton Enterprise) Evans County Magistrate and Probate Courts were effected by a cyber attack of the Administrative Office of the Courts (AOC) located in Atlanta. The attacked occurred on June 29, 2019 but local officials only disclosed the information publically during a Evans County Commissioner’s meeting last week. The AOC provides support to state, probate, magistrate, and municipal court councils.

The New Target That Enables Ransomware Hackers to Paralyze Dozens of Towns and Businesses at Once (ProPublica) Cybercriminals are zeroing in on the managed service providers that handle computer systems for local governments and medical clinics.

Cyber Trends

2019 Verizon Incident Preparedness and Response Report (Verizon Enterprise) Read the new 2019 Verizon Incident Preparedness and Response Report (VIPR). Leverage insights from hundreds of data breach simulations to improve your incident response reporting and mitigation efforts.

39% of European Businesses Admit to Being Breached by a Cyberattack But the Majority of Hacks Remain Hidden From Public (PR Newswire) Almost half (46%) of successful attacks target under-trained employees. 75% of attacks never become public knowledge despite GDPR breach notification...

F Secure Oyj : Attacks using IoT devices and Windows SMB escalate in 2019 (MarketScreener) Cyber criminals upped the intensity of IoT and SMB-related attacks in the first half of 2019, according to a new F-Secure report, 'Attack...

Fraudsters no longer operate in silos, they are attacking across industries and organizations (Help Net Security) LexisNexis Risk Solutions' Cybercrime Report tracks growing threat of networked cybercrime from January 2019 through June 2019.

Redscan Reveals the most Googled People, Businesses, Scams and Breaches in the History of Cyber Security (PR Newswire) Redscan, the managed threat detection, incident response and penetration testing specialist, today released its 'Cyber...

Smart Cities Will Require Smarter Cybersecurity (Wall Street Journal) As cities become smarter, officials and security experts say that current defenses are unlikely to keep hackers at bay.

Marketplace

The Impact of China-US Trade Fight and Huawei and ZTE Bans on the Global Communications Equipment Supply Chain (Yahoo) Dublin, Sept. 11, 2019 -- The "The Impact of China-US Trade Fight and Huawei and ZTE Bans on the Global Communications Equipment Supply Chain" report has been added to.

Wikipedia Gets $2.5m Donation to Boost Cybersecurity (Infosecurity Magazine) Craigslist founder boosts non-profit’s efforts to recover from DDoS

KKR Makes Major Investment in Leading Labor Market Analytics Provider Burning Glass (BusinessWire) KKR, a leading global investment firm, and Burning Glass Technologies, the world’s leading real-time labor market data source, today announced that KK

Mountain View cybersecurity giant Symantec begins layoffs (San Francisco Chronicle) Cybersecurity company Symantec cut 152 jobs at its Mountain View headquarters and 18 in San Francisco, along with 36 in Culver City in L.A. County.

VMware COO: We Have a Bigger Plan For Security (WebProNews) Fundamentally, we have a bigger plan for security, says VMware COO Sanjay Poonen. We felt it was the perfect time for us to come up with a disruptive play that was based on big data, was AI, and was cloud-based. There were only two companies doing it, CrowdStrike and Carbon Black.

These Howard County cybersecurity companies formed a biz partnership (Technical.ly Baltimore) Elkridge's Atlantic Data Forensics and Columbia-based Bricata are teaming up on digital forensics and incident response.

Why Companies Are Forming Cybersecurity Alliances (Harvard Business Review) They’re stepping up where governments haven’t.

Garrison Appoints Deepak Kumaraswamy as Vice President, Technical Operations (Garrison) Garrison has been selected from a pool of hundreds of candidates across the globe as one of the World Economic Forum’s “Technology Pioneers”

Singapore-based Enterprise Data and Encryption Security Provider, SecureAge Technology, Launches in the US; Opens D.C. Area Headquarters (SecureAge Technology) Data security and encryption solution company used by Singapore government and military brings enterprise-class data protection technology to the US market

Onapsis Expands Executive Team with Leaders from Fossil Group, Carbon Black, Trustwave and Synopsys (Yahoo) The Business Applications Protection Leader Appoints New VP of Business Application Cybersecurity, VP of Global Marketing, Chief Legal Officer and VP of Human Resources

CyberSN Appoints Cyber Staffing Industry Veteran as President (Techfunnel) The largest technology, and cybersecurity talent acquisition firm, CyberSN, appointed Mark Aiello as its President. He was Co-Founder of Cyber 360

Products, Services, and Solutions

Amazon's Quantum Ledger Database is now generally available (SiliconANGLE) Amazon's Quantum Ledger Database is now generally available

Argus Cyber Security Targets IFEC Hackers With New Software (APEX | Airline Passenger Experience) Argus Cyber Security is bringing its extensive experience in the automotive sector to bear on security issues facing IFEC systems.

C2A Security and NXP collaborate on cybersecurity solution (New Electronics) C2A Security, a specialist in automotive cybersecurity, has announced a comprehensive automotive security solution, developed in collaboration with NXP that uses the company's secure CAN (Controller Area Network) transceivers.

Radiflow Extends Its Industrial Threat Detection Solution With Business-oriented Risk Analysis (PR Newswire) Radiflow, a leading provider of cybersecurity solutions for industrial automation networks, today announced...

New Platform Aims to Keep Kids Safe Online (Infosecurity Magazine) ESET launches Safer Kids Online platform to protect youngsters in the digital world

Technologies, Techniques, and Standards

Cyber: DHS, DoD Thrash Out Command Details In Wargames (Breaking Defense) "If it’s a hurricane, [at the Defense Department], they’ve got the mission assignments. They know, 'OK, we’ve got to send people to fill sandbags,'" DHS's Jeanette Manfra explained. For cyber responses, she said, "that part is not mature enough."

Scrambling to become PSD2 compliant? You might have time. (iovation) In their recent opinion the EBA has also provided more clarity on whether specific authentication factors will satisfy SCA requirements for the elements categorized as: inherence, possession and knowledge. The EBA has confirmed that biometric authentication factors such as fingerprint, hand and…

NIST seeks comment on privacy framework (FCW) The latest version comes with a number of notable additions, such as increased flexibility for organizations and a concerted effort to align the agency's privacy and cybersecurity efforts.

NIST Requests Comments on Draft Privacy Framework (NIST) Protecting our privacy while keeping the digital wheels of society turning may feel mutually exclusive at times, but a...

To secure industrial IoT, use segmentation instead of firewalls (Network World) Firewalls have been the de facto standard for securing internal devices, but the industrial internet of things (IIoT) will change that. Segmentation is the better option in those scenarios.

Dark Web Forensics - EC-Council Official Blog (EC-Council Official Blog) You have, no doubt, seen the term ‘dark web’ in various news stories.  However, many people in cybersecurity don’t know much about it, nor how to investigate it.  The dark web is a web of sites that are available only via the TOR network.  Now certainly not all of these are criminal sites. Many are... Read More

Anti-disassembly, Anti-debugging and Anti-VM (Infosec Resources) IT Security Training & Resources by Infosec

What You Need to Know — and Ignore — about Machine Reasoning (Intellyx) Recently, several technology companies have briefed me and professed to use a new type of artificial intelligence (AI) technology: machine reasoning. If [...]

Phishing: what it is, how to prevent it and how to respond to an attack (IT Pro Portal) Phishing is a widespread scam that can easily be prevented.

Security and compliance considerations for Microsoft Teams (CSO Online) Admins will need to make these decisions around security and governance when porting from Office 365 Pro Plus to Microsoft Teams.

The importance of cybersecurity (The Telegraph) Cybersecurity is a huge issue for businesses and it's imperative that as well as utilising technology, companies embed it in their culture

Design and Innovation

Regulations are driving innovation toward an identity layer on the Internet (Help Net Security) The security community often points to the inherent lack of an encryption layer on the Internet as a factor behind many of the related threat vectors. The

Why can’t the Pentagon use more open source code? (Fifth Domain) Congress' watchdog agency found that the Pentagon is well short of compliance on making custom code open source.

Security And Usability. Why Are We Still Getting It So Wrong? (Forbes) Problems typically arise because users feel that in order to effectively get through their to-do list, they simply don’t have time or the inclination to scrutinise the warnings they are given or install the necessary updates.

Web feature developers told to dial up attention on privacy and security (TechCrunch) Web feature developers are being warned to step up attention to privacy and security as they design contributions. Writing in a blog post about “evolving threats” to Internet users’ privacy and security, the W3C standards body’s technical architecture group (TAG) and Privacy…

Research and Development

Quantum Physics Protects Data From Cyberattack Over Standard Telecom Networks (Fortune) Quantum Xchange uses quantum technology to guard encryption keys.

Turing Institute launches £3.5m security research centre (NS Tech) Some of the UK's leading data scientists are joining forces with the security services to explore how AI and other cutting-edge technologies can bolster Britain's defences. The initiative will be hous

Academia

Mercyhurst to Help Expand Cyber Jobs in Federal Agencies (Erie News Now) The jobs will be tailored for neurodiverse individuals at federal agencies.

Stanford Launches Foundations of Information Security Course (Dark Reading) Cyber security's comprehensive news site is now an online community for security professionals, outlining cyber threats and the technologies for defending against them.

Legislation, Policy, and Regulation

Deterrence in Cyberspace Requires Multifaceted Approach (U.S. DEPARTMENT OF DEFENSE) A senior Defense Department official spoke to lawmakers on Capitol Hill about how the Defense Department is securing the nation's internet infrastructure.

Moving the Encryption Policy Conversation Forward (Carnegie Endowment for International Peace) The encryption of data and communications has long been understood as essential. Strong encryption thwarts criminals and preserves privacy for myriad beneficiaries, from vulnerable populations to businesses to governments. At the same time, encryption has complicated law enforcement investigations, leading to law enforcement calls for lawful access capabilities to be required of encryption technologies.

China 'must clean up its cyber act' for Huawei to be used in 5G network (the Guardian) UK defence secretary urges code of ‘fair play’ as he says decision on firm coming soon

UK says to decide on Huawei soon but China must play by rules (Reuters) Britain will make a decision soon about whether to allow Huawei equipment to be ...

We Can’t Secure 5G Networks by Banning Huawei Gear (Defense One) The next-generation network simply doesn’t work like the current one. Staying safe will require a new relationship between business and government.

China’s Long March to Technological Supremacy (Foreign Affairs) The roots of Xi Jinping’s ambition to “catch up and surpass.”

Analysis | Why U.S. foes around the world will welcome Bolton’s departure, and why they shouldn’t get too excited (Washington Post) North Korea, Iran and Russia in particular considered Bolton a key obstacle and are unlikely to miss him.

Trump says he has five "highly qualified people" to consider for John Bolton's job (CBS News) He fired Bolton by Tweet Tuesday. The ex-national security adviser says he resigned

Legislators Introduce Bipartisan Bill to Fortify Federal Cybersecurity (MSSP Alert) A bipartisan bill would update a Department of Homeland Security (DHS) program that provides tools and services to lock down federal cybersecurity.

Lawmakers weigh responses to rash of ransomware attacks (TheHill) Lawmakers on both sides of the aisle are mulling how to address the spate of ransomware attacks that have brought some state and local governments to their knees over the past few months.

Analysis | The Cybersecurity 202: Warren and Sanders still won’t say how they’re protecting campaigns against hackers (Washington Post) Security questions are more urgent as the field winnows.

Litigation, Investigation, and Law Enforcement

Cloud-Services Company Cloudflare Discloses Potential Sanctions Violations (Wall Street Journal) Cloudflare, a provider of cloud-based networking and cybersecurity services, may have violated U.S. economic and trade sanctions regulations, the company disclosed in a regulatory filing.

Amazon Probed by U.S. Antitrust Officials Over Marketplace (Bloomberg) The FTC is interviewing merchants to determine whether the e-commerce giant is using its market power to hurt competition.

Dimitar Georgiev, State National Security Agency: We have found a memo written in Russian by Nikolay Malinov on the need for geopolitical reorientation of Bulgaria (FOCUS Information Agency) Sofia. In the course of our investigative actions, we have found a memo written in Russian by Nikolay Malinov on the need for geopolitical reorientation of Bulgaria, and information on the so-called Project Bulgaria, Chairman of the State Agency for National Security (SANS) Dimitar Georgiev said during a hearing in Parliament over the ongoing Russian spy scandal, Focus News Agency reported.

CIA Rebuke Wasn't Enough...GOP Rep Wants Investigation Into Shoddy CNN Spy Story (Townhall ) The CIA rarely rebukes a media report, but the agency made an exception for CNN this week. The network recently claimed that two years ago the U.S. pulled an American spy out of Russia. The sources they chose to rely on were "multiple Trump administration officials with direct knowledge told CNN" and "a person."

Ex-Russian official thought to have spied for the U.S. was hiding in plain sight (Washington Post) The man and his family appear to have abruptly left their home outside of Washington.

Leaked tapes reveal plan to kill and cut up Jamal Khashoggi (Times) The men who ran the secret operation to kill the Saudi journalist Jamal Khashoggi referred to him as the “animal to be sacrificed” as they discussed how to dismember his warm body, leaked...

U.S. government defends constitutionality of banning Huawei products (Inside Cybersecurity) The Justice Department is defending the authority of Congress to ban the gove

FIN7's IT admin pleads guilty for role in billion-dollar cybercrime crew (CyberScoop) Fedir Hladyr, 34 plead guilty to wire fraud and conspiracy to commit computer hacking as part of a deal with prosecutors.

Chinese woman found guilty on two counts related to Mar-a-Lago security breach (CNN) Yujing Zhang, the Chinese woman arrested at Mar-a-Lago, President Donald Trump's private Florida club, earlier this year, has been found guilty on counts of unlawfully entering a restricted building and making false statements to a federal officer.

College student tried to hack into Trump’s taxes by creating a fake FAFSA application (The Verge) He faces up to two years in prison for violating the Computer Fraud and Abuse Act.

The DEA Didn’t Buy Malware From Israel’s Controversial NSO Group Because It Was Too Expensive (Vice) Emails between the DEA and NSO obtained by Motherboard explain why the DEA didn't purchase the company's malware in 2014.

ICE Has a New $30M Contract With Israeli Phone Cracking Company Cellebrite (The Daily Beast) The agency's previous contract with Cellebrite was worth $2.2 million.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Global Security Exchange (GSX) (Chicago, Illinois, USA, September 8 - 12, 2019) Global Security Exchange (GSX) is the only event that brings together security professionals from all vertical markets throughout the world to network, learn, and re-invest in the industry. It’s home for...

Atlanta Cybersecurity Conference (Atlanta, Georgia, USA, September 12, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

SINET Canada (Toronto, Ontario, Canada, September 12, 2019) SINET Canada's theme this year is "accelerating innovation clusters." The conference follows SINET's proven approach: a rich yet intimate conference where participants from industry and government can...

Security Leaders Summit New York Fall (New York, New York, USA, September 12, 2019) If there is anything that unifies CISOs, change is the one constant. For 2019, the focus is on the rapid evolution of the security industry, the rising tide of visibility on security organizations, and...

PCI SSC 2019 North America Community Meeting (Vancouver, British Columbia, Canada, September 17 - 19, 2019) The PCI Security Standards Council’s 2019 North America Community Meeting is THE place to be. We will provide you with the information and tools to help secure payment data. We lead a global, cross industry...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.