skip navigation

More signal. Less noise.

What if your security strategy added zeros to your bottom line?

Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.

Daily briefing.

The Director General of the Royal Canadian Mounted Police National Intelligence Coordination Center, Cameron Ortis, had access to sensitive intelligence provided by Canada's Five Eyes partners, Canadian officials now say. Mr. Ortis was indicted last week on charges of violating the Information Security Act. The CBC reports that Canada's Communications Security Establishment's preliminary assessment holds that the "damage caused by the release of these reports and intelligence is HIGH and potentially devastating." How much intelligence from the other Eyes (Australia, New Zealand, the United Kingdom, and the United States) was compromised is unclear, but the Washington Post observes that Canada is reckoned a net consumer of information, receiving more than it gives.

Mr. Ortis apparently approached Phantom Secure Communications, a Vancouver firm whose CEO is now in a US prison serving time for offenses related to provision of encryption services to the Sinaloa drug cartel, the CBC says. Evidence of his contact with the company, was discovered, the Globe and Mail reports, on a laptop the FBI seized during its investigation of Phantom Secure, and prompted the investigation that resulted in his arrest. (Note that Phantom Secure Communications has no connection with RSAC Innovation Sandbox winner Phantom, now owned by Splunk.)

Australian officials were concerned that attacks on Parliament and three major political parties, now generally thought to have been conducted by China, also aimed at compromising state and territorial election systems, the Australian Broadcasting Corporation reports.

The AP says Ed Snowden would rather have asylum in France than Russia.


Today's issue includes events affecting Argentina, Australia, Austria, Brazil, Canada, France, Germany, Italy, Japan, Marshall Islands, Mexico, Pakistan, Russia, Spain, Switzerland, United Arab Emirates, United Kingdom, United States, and Vietnam.

Bring your own context.

DNS hijacking is still uncommon, but it seems to be trending up in criminal circles.

"We don't really see it a lot yet. It's really showed up just in a couple of cases, but it's one of those things I really expect to become more popular because it's very easy to copy this idea, so there isn't really much to it. An attacker who realizes, hey, this is actually how I am able to fly under the radar, and now my spam sites will survive a little bit longer than they used to survive before I did that, so I think it will probably pick up pretty quickly."

—Johannes Ullrich, Dean of Research at the SANS Technology Institute and  host of the ISC StormCast, on the CyberWire Daily Podcast, 9.13.19.

He also offers some thoughts on what organizations can do to protect their websites. Listen to (or read) the whole thing here.

Cybersecurity Fabric: The Future of Advanced Threat Response

Cyber Attacks continue to increase in size and speed, requiring greater flexibility to defend and respond to emerging security threats. Organizations need inline detection and mitigation to be successful against threats to the evolving network. The solution is one that weaves security throughout your network into a seamless fabric providing coordinated detection and response. Join LookingGlass for our upcoming webinar October 2, 2pm EST to learn how a Cybersecurity Fabric will strengthen your security strategy, simplify your stack, and advance your defenses.

In today's podcast, out later this afternoon, we speak with our partners at Webroot, as David Dufour offers some thoughts on backups. Carole Theriault interviews ethical hacker Zoë Rose, who shares insights on entering the industry.

And Recorded Future's podcast, produced in cooperation with the CyberWire, is up. In this episode, "Coming to a City or Town Near You: Ransomware," Allan Liska shares the results of recent ransomware research from his team at Recorded Future, along with advice for keeping your organization safe.

Cyber Security Summits: September 17 in Charlotte and October 3 in NYC (Charlotte, North Carolina, United States, September 17, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The NSA, The FBI, Google, IBM, Darktrace, and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Passes are limited, secure yours today:

Second Annual DataTribe Challenge (Online, October 1, 2019) Register now for a chance to be DataTribe's next world-class company. Finalists will split a $20,000 prize, and the winner may receive $2m in funding from DataTribe. Contestants have until October 1st to apply at­.

Zero Day Con (Washington, DC, USA, October 22, 2019) Zero Day Con hosts a day of expert discussion on security approaches to regain control over your systems, data, and information. Join us to examine insights, security technologies, and key priorities to secure your systems. Get a 20% discount: CYBER_WIRE20

Cyber Attacks, Threats, and Vulnerabilities

The Islamic State Meets Southeast Asia (Foreign Affairs) ISIS seeks new outposts across the Indian Ocean.

ISIS leader calls on fighters to free detained comrades (Military Times) The leader of the Islamic State group released a new alleged audio recording Monday calling on members of the extremist group to do all they can to free IS detainees and women held in jails and camps.

Emotet is Back and Spamming Again (Infosecurity Magazine) New phishing campaign spotted in various languages

New Threat Actor Fraudulently Buys Digital Certificates to Spread Malware (Threatpost) ReversingLabs identified cybercriminals duping certificate authorities by impersonating legitimate entities and then selling the certificates on the black market.

Digital Certificates - Models for Trust and Targets for Misuse (ReversingLabs) Blog 6: A New Kind of Certificate Fraud: Executive Impersonation

Millions of Americans’ Medical Images and Data Are Available on the Internet. Anyone Can Take a Peek. — ProPublica (ProPublica) Hundreds of computer servers worldwide that store patient X-rays and MRIs are so insecure that anyone with a web browser or a few lines of computer code can view patient records. One expert warned about it for years.

Nexusguard Research Reveals 1,000% Increase in DNS Amplification Attacks Since Last Year (BusinessWire) DNS amplification attacks swelled in the second quarter of this year, with the amplified attacks spiking more than 1,000% compared with Q2 2018, accor

DNSSEC Fuels New Wave of DNS Amplification (Nexusguard) The continued adoption of DNSSEC as a solution DNS cache poisoning is now causing a new set of problems previously underestimated. Advanced protection is a must to safeguard DNS servers.

iPhone lockscreen bypass: iOS 13 tricked into showing your contacts (Naked Security) This time, José Rodríguez came up with a way to trick the iOS 13 beta into showing its address book without the need to unlock the screen.

RISK: Is This Your Webcam? You’re Being Watched (WizCase) Wizcase has uncovered a significant amount of private web-connected cameras worldwide that are readily accessible to the general public. From these exposed ...

Webcam Security Snafus Expose 15,000 Devices (Infosecurity Magazine) Poorly configured systems create major security and privacy risk

Israeli cyber experts identify serious security flaw in digital cameras (Langdon Ledger) The latest models of digital cameras are increasingly vulnerable to ransomware and malware attacks through their USB and WiFi connectivity, researchers at leading Israeli cybersecurity company Check Point Software Technologies revealed on Sunday.

Superstorm Sandy Victims At Risk In FEMA Personal Data Breach (CBS News) FEMA is warning that personal data shared with a contractor that supports its transitional shelter assistance program may have been stolen.

When PSD2 Opens More Doors: The Risks of Open Banking (TrendLabs Security Intelligence Blog) We looked into the security implications of the changing banking paradigm with PSD2 in place. Our research highlights the current and new risks that the financial industry will have to defend against, and predict how cybercriminals will abuse and attack Open Banking.

New IRONSCALES Research Finds Microsoft ATP Takes Up to 250 Days to Create Phishing Attack Signatures (PRWeb) IRONSCALES, the world’s first automated phishing prevention, detection and response platform, today revealed that Microsoft Office 365 Adva

Skidmap Linux Malware Uses Rootkit Capabilities to Hide Cryptocurrency-Mining Payload (TrendLabs Security Intelligence Blog) We analyze a Linux malware called Skidmap, which has notable rootkit capabilities, and delivers a cryptocurrency-mining malware.

UAE residents targeted by ‘Better than Netflix’ Facebook scam (Gulf News) Phishing scam designed to steal credit cards details aimed at UAE residents

Most Port Vulnerabilities Are Found in Three Ports (Infosecurity Magazine) Alert Logic report has some quick win advice for SMBs

Vulnerability Summary for the Week of September 9, 2019 (CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available

Security Patches, Mitigations, and Software Updates

Password-exposing bug purged from LastPass extensions (Ars Technica) Google Project Zero finds and reports flaw in widely used password manager.

Google fixes Chromebook 2FA flaw in ‘built-in security key’ (Naked Security) Google has discovered a flaw in a Chromebook security feature which allows owners to press their device’s power button to initiate U2F 2FA.

Google fixes Chromebook 2FA flaw in ‘built-in security key’ (Naked Security) Google has discovered a flaw in a Chromebook security feature which allows owners to press their device’s power button to initiate U2F 2FA.

Cyber Trends

OT networking personnel need to work with engineering to address safety impacts – it isn’t happening (Control Global) It is unacceptable to take almost 4 years to recognize there are engineering issues associated with a cyber attack intended to damage equipment. It is even more unacceptable that after almost 4 years, OT still doesn’t get it right. Stuxnet, Triton, and CrashOverride/Industroyer point out the need for control system and safety engineers to be trained in cyber security and to be an integral part of the cyber security process. This is also why there is a crying need for an ICS conference whose focus is ICS not networks.

OT networking personnel need to work with engineering to address safety impacts – it isn’t happening (Control Global) It is unacceptable to take almost 4 years to recognize there are engineering issues associated with a cyber attack intended to damage equipment. It is even more unacceptable that after almost 4 years, OT still doesn’t get it right. Stuxnet, Triton, and CrashOverride/Industroyer point out the need for control system and safety engineers to be trained in cyber security and to be an integral part of the cyber security process. This is also why there is a crying need for an ICS conference whose focus is ICS not networks.

Caroline Calloway: How my best friend made me an internet pariah (Times) Caroline Calloway is an Instagram star who attracted media attention in 2015 after posting gushing dispatches about her life as an American student studying history of art at Cambridge. Beautiful...

There’s something of the troll in all of us (Times) Harry Tuttle was the character played by Robert De Niro in Terry Gilliam’s Brazil, but @arrytuttle was a pro-Corbyn footsoldier in the Labour antisemitism Twitter wars. He used to tweet me...


VMRay Closes $10 Million Series B Round (Yahoo) VMRay, a provider of automated malware analysis and detection solutions, today announced that it has closed its series B round of funding in the amount of $10 million (€9 million) led by Digital+ Partners, one of the leading technology growth equity firms in Europe, and supplemented eCAPITAL, an early

Pentagon’s Former Top Hacker Wants His Startup to Inject Some Silicon Valley into the Defense Industry (Defense One) "If the nerds don’t show up and work on the mission of national defense...then I’m not sure who will," says Chris Lynch, of Rebellion Defense.

How this Maryland startup plans to secure U.S. companies' intellectual property (Baltimore Business Journal) Strider aims to help companies avoid being spied on by foreign entities, and better protect their intellectual property.

Digital Bazaar and SecureKey Join Forces to Develop Global Standards for Organizational Identity (Yahoo) Digital Bazaar ( and SecureKey Technologies ( recently announced a strategic collaboration to leverage new digital identity standards intended to enhance existing paper-based identity verification processes

D3 CONNECTED Global Sales Channel and Partner Program Demonstrates Significant Growth in Q2 2019 (BusinessWire) D3 Security is announcing that their Partner Program has experienced significant growth since its inception in October of last year.

Put a stop-gap in your cybersecurity skills gap. (eSentire) How do cybersecurity pros on one side and organizations on the other view the industry skills shortage? Get new insights on causes and solutions for one of our industry’s biggest challenges.

City of Los Angeles and Goren Holm Ventures Partner to Host BlockTankLA at CIS and Issue $25K Pilot and $25K Minimum Investment to Blockchain Startup (BusinessWire) City of L.A. and GHV will host contest & award $25K pilot and $25K min. investment to blockchain startup at CIS, the world's top blockchain summit.

The DataTribe Way – Giving Cybersecurity Startups an Unfair Advantage (LinkedIn) Awareness of the cybersecurity danger has skyrocketed in recent years. In 2004 the entire global cybersecurity market totaled $3.

Products, Services, and Solutions

Forescout Expands Integration with Microsoft Technologies for Device Visibility and Control Across Diverse Endpoints (Yahoo) Forescout expands integration with Microsoft technologies to improve security, compliance and control of endpoints across physical, virtual and public cloud.

Living On The Edge: Less Servers. Less Code. More Security (The Castle Blog) An adaptive authentication layer can now be implemented on the edge with our integration with Cloudflare. It's a codeless way of implementing online user account security.

Denim Group Announces ThreadFix’s Integration with UBsecure (BusinessWire) Denim Group Announces ThreadFix’s Integration with UBsecure

Technologies, Techniques, and Standards

Debunking Five Myths about Zero Trust (Infosecurity Magazine) Zero Trust's evolution over the last decade have created some misconceptions

7 Threat Hunting Benchmarks from a Survey of Security Pros | Bricata (Bricata) Threat hunting aims to find threats that didn't trigger an alert, yet it's still a new concept for many, so these threat hunting benchmarks are useful waypoints.

Commercial threat intelligence has become a key Army tool (Fifth Domain) Leaders at Army Cyber Command have stressed the importance of relying on commercial threat intelligence.

Cyber Command Learning from Challenges, General Says (MeriTalk) U.S. Cyber Command is learning from a host of challenges including maneuvering through congested information environments to combat adversaries, said Gen. Richard Angle, Cyber Command’s Deputy Commanding General (Operations), at AUSA’s ILW Hot Topics event today.

Design and Innovation

CISA Launches First Annual President's Cup Cybersecurity Competition (Dark Reading) Cyber security's comprehensive news site is now an online community for security professionals, outlining cyber threats and the technologies for defending against them.

Flirty or Friendzone? New AI Scans Your Texts for True Love (Wired) A new class of apps can use machine intelligence to determine if your text conversations are imbued with hidden romantic sparks.

Research and Development

IARPA launches HECTOR (Intelligence Community News) The Intelligence Advanced Research Projects Activity (IARPA), within the Office of the Director of National Intelligence, announced on September 16 a multi-year research effort called the Homomorph…

Imec and Singapore team up on hardware-based quantum cryptography (Bits&Chips) Imec and the National University of Singapore (NUS) join hands to develop the building blocks of a secure quantum internet, ie technologies for quantum key distribution (QKD) and random number generation (QRNG). The overarching objective is to develop a robust, scalable and cost-effective hardware platform.


National Science Foundation $1.4 million grant will help develop cyberinfrastructure across Midwest (MU News Bureau) To help solve the world’s grand challenges, researchers often rely on powerful computer systems and people that provide advanced capabilities to store, transfer and process large amounts of data.

Legislation, Policy, and Regulation

US Cyber Command Signals More Aggressive Approach Involving Persistent Engagement Ahead of 2020 Election (CPO Magazine) U.S. cyber command is ready for more aggressive stance of persistent engagement around 2020 election and is prepared to take on a proactive approach including carrying out offensive cyber strikes.

How to Win the Battle Over Data (Foreign Affairs) As authoritarian governments seek to control information flows within their borders and engage in cyberattacks outside their borders, the United States needs to place data at the heart of a new approach to national security.

The Great Anti-China Tech Alliance (Foreign Policy) The United States and Europe will regret letting Beijing win the race to govern digital technology.

Tiny Pacific nation forges ahead with national cryptocurrency (Naked Security) The Marshall Islands is facing rising seas and financial isolation. But critics say their get-rich-quick cryptocurrency scheme won’t work.

Senate Republicans must lead with cheap, effective measures to secure US elections (Washington Examiner) On Election Day 2016, President Trump offered an unequivocal statement on how our elections should be run: “There’s something really nice about the old paper ballot system,” he told Fox News. “You don’t worry about hacking.”

First on CNN: Colorado becomes first state to ban barcodes for counting votes over security concerns (CNN) Citing security concerns, Colorado has become the first state to stop counting ballots with printed barcodes.

Nakasone touts success of Army cyber direct commission program ( The head of U.S. Cyber Command says he is pleased with the progress the Army's direct commissioning program for cyber officers has made in recruiting talent.

Congress should defy Dan Coats' last request on phone surveillance (TheHill) Section 215 of the Patriot Act permits the NSA to access records of not just a target but others with whom he communicates.

California Lawmakers Pass Only Minor Changes to Privacy Measure (Wall Street Journal) California legislators adjourned for the year without watering down a sweeping privacy law set to take effect in January, although they passed a handful of amendments intended to clarify parts of the legislation.

Litigation, Investigation, and Law Enforcement

WSJ News Exclusive | Amazon Changed Search Algorithm in Ways That Boost Its Own Products (Wall Street Journal) The e-commerce giant overcame internal dissent from engineers and lawyers, people familiar with the move say.

Amazon News on Twitter (Twitter) “.@WSJ story based on anonymous sources is wrong. We have not changed the criteria we use to rank search results to include profitability. We feature products customers want, regardless of whether they are our own brands or products offered by our selling partners.”

Exclusive: Election software used by Boris Johnson and Donald Trump caught in Facebook privacy row (The Telegraph) A widely-used political campaigning tool employed by Boris Johnson, Donald Trump, and the SNP has been buying data on British voters from a company accused by Facebook of violating its users' privacy.

Indicted Canadian intelligence official had access to allies’ secrets, official says (Washington Post) Cameron Ortis served as director general of the National Intelligence Coordination Center.

Secrets in hands of alleged RCMP spy would cause 'devastating' damage to Canada, allies: documents (CBC) The cache of classified intelligence material an RCMP official was allegedly preparing to share with a foreign entity or terrorist organization is so vital to Canada's national security that the country's intelligence agencies say its misuse strikes at the heart of Canada's sovereignty and security, documents seen by CBC News reveal. 

Investigation into senior RCMP official stemmed from disruption of encrypted phone service: sources (Global News) Cameron Ortis was director general of the RCMP National Intelligence Coordination Centre, commissioner says.

What is 'Phantom Secure' cellphone case linked to possible RCMP security breach? (CBC) The investigation into top RCMP official Cameron Ortis began with a shadowy Vancouver-based company and a multimillion-dollar business that helped drug traffickers and money launderers around the world.

Who is Cameron Ortis and what has the RCMP accused him of? A guide to the story so far (The Globe and Mail) The RCMP has arrested one of their own high-ranking intelligence officials and accused him of breaching secrecy laws. Here’s what we know about his background, the charges against him and how Ottawa is responding

Cyber attack could have targeted Australia's electoral commissions (ABC News) Australia's security agencies were concerned that state and territory electoral commissions may also have been targeted as part of a cyber attack on federal political parties, according to previously confidential documents.

Investors Claim AT&T Created Fake Streaming Service Accounts to Hide Failure (New York Law Journal) According to an amended complaint filed last week in Manhattan federal court, AT&T management overreported the number of customers who had signed up for the company's $35-per-month product, leading investors to believe it was well-positioned to compete with cheaper online streaming services such as Netflix and Hulu.

Lisa Page bombshell: FBI couldn't prove Trump-Russia collusion before Mueller appointment (TheHill) To date, Lisa Page’s infamy has been driven mostly by the anti-Donald Trump text messages she exchanged with fellow FBI agent Peter Strzok as the two engaged in an affair while investigating the president for alleged election collusion with Russia. Yet, when history judges the former FBI lawyer years from now, her most consequential pronouncement may not have been typed on her bureau-issued Samsung smartphone to her colleague and lover.

JPMorgan Hacker Will Plead Guilty Over Role in Vast Cyber-Attack (Bloomberg) A Russian hacker at the center of an alleged scheme to steal financial data on more than 80 million JP Morgan Chase & Co. clients will plead guilty later this month, according to a U.S. court filing. Andrei Tyurin, who was extradited last year from the Republic of Georgia, is accused of performing key tasks that netted hundreds of millions of dollars in illicit proceeds from the hack of JPMorgan and other companies.

After 6 Years in Exile, Edward Snowden Explains Himself (Wired) In a new memoir and interview, the world’s most famous whistle-blower elucidates as never before why he stood up to mass surveillance—and his love for an internet that no longer exists.

Snowden calls on France's Macron to grant him asylum (MSN) Former U.S. National Security Agency contractor Edward Snowden, who leaked classified documents detailing government surveillance programs, is calling on French President Emmanuel Macron to grant him asylum.

Instigator of fatal Kansas swatting receives prison sentence (Ars Technica) Viner arranged the swatting after losing a reported $1.50 bet.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

PCI SSC 2019 North America Community Meeting (Vancouver, British Columbia, Canada, September 17 - 19, 2019) The PCI Security Standards Council’s 2019 North America Community Meeting is THE place to be. We will provide you with the information and tools to help secure payment data. We lead a global, cross industry...

SecureWorld St. Louis (St. Louis, Missouri, USA, September 18 - 19, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...

Fraud Force Summit (Portland, Oregon, USA, September 18 - 20, 2019) The Fraud Force Summit is iovation's annual conference bringing customers, prospective customers, partners and industry experts together to connect, collaborate and share. The landscape for fraud prevention...

2nd Annual National Cybersecurity Summit (National Harbor, Maryland, USA, September 18 - 20, 2019) The Department of Homeland Security, Cybersecurity and Infrastructure Security Agency (CISA) will bring together critical infrastructure stakeholders from around the world to a forum with presentations...

Phoenix Cybersecurity Conference (Phoenix, Arizona, USA, September 19, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.