skip navigation

More signal. Less noise.

What if your security strategy added zeros to your bottom line?

Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.

Daily briefing.

Symantec researchers report a previously undocumented threat actor, "Tortoiseshell," conducting what appears to be an espionage sweep through the IT supply chain. Tortoiseshell is unusual in that its tools are for the most part custom-built. They have found the Poison Frog variant of the Bondupdater backdoor used by OilRig (a.k.a. HelixKitten), but this doesn't offer much help in attribution: those tools had been leaked to the world in April.

The Simjacker vulnerability AdaptiveMobile described last week may prove more difficult to exploit had been thought. A number of researchers tell Computing that the vulnerability lies in a legacy feature of SIMs that most mobile carriers no longer use.

RCMP Commissioner Brenda Lucki describes the arrest of Cameron Ortis under the Information Security Act as "unsettling," and points to a joint investigation with the FBI as suggesting that the Mounties had a rogue insider, City News reports. Other than asking people not to judge the RCMP as a whole on the basis of Mr. Ortis's alleged misconduct, she had little to add to the story.

As Edward Snowden continues his book tour, the US Department of Justice has filed a civil lawsuit against the author and sometime NSA contractor. Justice isn't interested in stopping publication of the book, or in altering its contents. Instead, the Government wants whatever money Mr. Snowden makes on sales of Permanent Record. The principle is that someone shouldn't be able to profit from violating a proper non-disclosure agreement like the one Mr. Snowden had with NSA.


Today's issue includes events affecting Austria, Canada, China, Germany, Iran, Israel, Poland, Russia, Saudi Arabia, Singapore, Switzerland, United Nations, United States.

Bring your own context.

Tell us about HTTPS.

"It's the magical green safe icon we've been conditioned to trust, but it's actually turning out that the trust shouldn't be implicit. And we know that the green icon means that our data is safe in motion. We can all agree on that. If you have your browser and that green safe is up there or your green bar - or the black safe, if you're using Chrome - that means that your browser has negotiated a TLS protocol with the web server, and intruders or attackers or adversaries that are sitting between you and that web site can't see your data. But what we don't take into account is what happens when it gets to the destination, and what we're seeing is a trend in attackers that are not only using the approach to take a domain name or company name and change the 1 to an L or changing an O to a 0, but they're also putting in SSL certificates, so that really gives users a little bit of more trust in that site because we condition them. Hey, if it's a green safe, you're OK."

—Justin Harvey, Global Incident Response Leader at Accenture, on the CyberWire Daily Podcast, 9.16.19.

Thus, I'm not necessarily OK; you're not necessarily OK.

Cybersecurity Fabric: The Future of Advanced Threat Response

Cyber Attacks continue to increase in size and speed, requiring greater flexibility to defend and respond to emerging security threats. Organizations need inline detection and mitigation to be successful against threats to the evolving network. The solution is one that weaves security throughout your network into a seamless fabric providing coordinated detection and response. Join LookingGlass for our upcoming webinar October 2, 2pm EST to learn how a Cybersecurity Fabric will strengthen your security strategy, simplify your stack, and advance your defenses.

In today's podcast, out later this afternoon, we speak with our partners at Lancaster University, as Daniel Prince discusses cyber security as a force multiplier. Our guest is Brian Roddy from Cisco, who talks about securing the multi-cloud.

Cyber Security Summits: September 17 in Charlotte and October 3 in NYC (Charlotte, North Carolina, United States, September 17, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The NSA, The FBI, Google, IBM, Darktrace, and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Passes are limited, secure yours today:

Second Annual DataTribe Challenge (Online, October 1, 2019) Register now for a chance to be DataTribe's next world-class company. Finalists will split a $20,000 prize, and the winner may receive $2m in funding from DataTribe. Contestants have until October 1st to apply at­.

Zero Day Con (Washington, DC, USA, October 22, 2019) Zero Day Con hosts a day of expert discussion on security approaches to regain control over your systems, data, and information. Join us to examine insights, security technologies, and key priorities to secure your systems. Get a 20% discount: CYBER_WIRE20

Cyber Attacks, Threats, and Vulnerabilities

Blue and White experiences cyber attack worth tens of thousands of shekel (The Jerusalem Post) Blue and White reported that the party is experiencing a very powerful cyber attack from abroad on Tuesday evening, as less that 4 hours were left until voting stations close.

Cybersecurity: New hacking group targets IT companies in first stage of supply chain attacks (ZDNet) 'Tortoiseshell' hacking group is identified by a custom form of malware, say researchs - and new the campaign isn't currently thought to be linked to any other cyber operations.

Robocalls now flooding US phones with 200m calls per day (Naked Security) According to a new report, nearly 30% of all US calls placed in the first half of 2019 were garbage, as in, nuisance, scam or fraud calls.

Massive Gaming DDoS Exploits Widespread Technology (Threatpost) The attack — the 4th-largest the company has ever encountered — leveraged WS-Discovery, the same exploit used in the 2016 Dyn incident.

Overseas trolls targeting veterans on social media: Report (Military Times) The overseas agitators are impersonating veterans groups in an effort to confuse and divide the community, investigators found.

Doubts raised over Simjacker security flaw (Computing) Simjacker exploit takes advantage of a legacy feature of the SIM card, according to researchers, that most telcos don't use

Experts Commentary On 1 Billion Mobile Users Vulnerable To Ongoing ‘SimJacker’ Surveillance Attack (Information Security Buzz) Researchers on Thursday disclosed what they said is a widespread, ongoing exploit of a SIM card-based vulnerability, dubbed “SimJacker.” The glitch has been exploited for the past two years by “a specific private company that works with governments to monitor individuals,” and impacts several mobile operators – with the potential to impact over a billion …

Prevent SIM-Swapping Hackers From Stealing Your Phone Number—and the Rest of Your Identity (Lifehacker) You know what’s worse than having your password stolen? Having your phone number stolen. SIM-swapping, a type of identity theft, is a means for scammers to get access to your phone number and all of the personal accounts secured through it.

Emotet Ends Four-Month Hiatus With Malspam Campaign Targeting Polish-, German-Speaking Users (Security Intelligence) The actors behind the Emotet botnet ended a four-month hiatus by launching a malspam campaign targeting Polish- and German-speaking users.

Advantech WebAccess (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: WebAccess Vulnerabilities: Code Injection, Command Injection, Stack-based Buffer Overflow, Improper Authorization 2.

Siemens SINEMA Remote Connect Server (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SINEMA Remote Connect Server Vulnerabilities: Improper Restriction of Excessive Authentication Attempts, Information Exposure, Cross-Site Request Forgery, Use of Password Hash with Insufficient Computational Effort 2.

Honeywell Performance IP Cameras and Performance NVRs (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Honeywell Equipment: Performance IP Cameras and Performance NVRs Vulnerability: Information Exposure 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to view device configuration information.

This Company Built a Private Surveillance Network. We Tracked Someone With It (Vice) Repo men are passively scanning and uploading the locations of every car they drive by into DRN, a surveillance database of 9 billion license plate scans accessible by private investigators.

In new ‘technical support’ scam, scammers pose as Singtel staff or 'cyber-crime' police (TODAYonline) The police are alerting the public to a new type of scam, in which scammers pose as technical support employees from Singtel or the Singapore Police Force and ask victims to download software that would help them gain access to the victims’ bank accounts.

Cyber Trends

Are Organizations Ready for New Privacy Regulations? (Internet Society) Based on 1,200 privacy statements, many are not prepared for coming regulations.

Netwrix survey: 27% of financial organizations migrated data to the cloud for no clear reason (Netwrix) The study finds that almost one third of IT teams in the financial sector initiated a cloud migration without an express business-supplied reason.

BMC Reveals Key Trends Shaping the Next Wave of Mainframe Success in 14th Annual Mainframe Survey (BMC Software, Inc.) BMC , a global leader in IT solutions for the digital enterprise, today announced the results of its 2019 Mainframe Survey, which shows both continued confidence in the platform's potential for growth and enthusiasm for mainframe modernization efforts across a broad spectrum of respondents.

Lull in major cyber breaches no reason for federal agencies to relax (Federal News Network) Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne. You might have heard the widely reported fact that the…

EfficientIP and IDC Data Reveals: Education sector Not Taking $7,370,0 (PRWeb) EfficientIP, specialists in DNS security for service continuity, user protection and data confidentiality, revealed the education sector is one of the most

Why this is the age of continuous intelligence (TechHQ) Continuous computing at the front-end user level is not possible without always-on monitoring— the industry calls this Continuous Intelligence.


Facing US ban, Huawei emerging as stronger tech competitor (ABC News) Facing ban on access to U.S. technology, Chinese telecom equipment giant Huawei is showing it increasingly can do without American components and compete with Western industry leaders in pioneering research

Strider Raises $2 Million to Combat Economic Espionage from DataTribe (Business Insider) Strider, the world's first risk intelligence platform leveraging proprietary datasets, machine learning and ...

BigID Launches Momentum Value Added Reseller Partner Program to Expand Reach Globally (Yahoo) New reseller program provides streamlined infrastructure and engagement avenues for current and prospective resellers to capitalize on global privacy market opportunity

Mimecast aims to capitalise on Symantec sale and grab customers (ITWire) Email security provider Mimecast has gone in hard in a bid to capitalise on the proposed sale of Symantec's enterprise division to Broadcom, offering customers of Symantec's MessageLabs email security cloud free email security risk assessments and other discounts.

ThreatQuotient Expands Support for Rhino Conservation in Honor of World Rhino Day (BusinessWire) ThreatQuotient Expands Support for Rhino Conservation in Honor of World Rhino Day

CynergisTek Continues Growth of Security and Privacy Leadership Team (Yahoo) CynergisTek, Inc. (NYSE AMERICAN: CTEK), a leader in information security, privacy, and compliance, today announced that it has appointed Benjamin Denkers as its Senior Vice President of Security and Privacy Services. In this position, Denkers will be responsible for the delivery of consulting, managed

Products, Services, and Solutions

Firewall Management News | Network & Cloud Security News (FireMon) Read the latest Firewall Management, Cloud & Network Security news at FireMon. Get access to articles, industry reports, white papers, videos and more!

Capsule8 Protect Earns HIPAA Compliance Certification (Capsule8) Capsule8’s Comprehensive Linux Protection Platform Exceeds Standards for Access, Intrusion Detection and Prevention Systems, and File Integrity Monitoring Requirements NEW YORK, New York – September 17, 2019 – Capsule8 today … Read of "Capsule8 Protect Earns HIPAA Compliance Certification"

New nCipher HSM as a Service Delivers High-Assurance Security for Organizations Adopting Cloud-First Strategies (Yahoo) nCipher Security, an Entrust Datacard company, announces nShield as a Service, a cloud-based hardware security module (HSM) service that allows organizations to protect sensitive data and applications and helps meet compliance mandates – simply and efficiently, using on-demand cryptography. “Organizations

Aryaka SmartConnect Managed SD-WAN Is Integrated With Oracle Cloud and Now Available in the Oracle Cloud Marketplace (SYS-CON Media) Aryaka®, a leading end-to-end managed SD-WAN provider and Silver level member of the Oracle PartnerNetwork (OPN), today announced that its SmartConnect SD-WAN has achieved “Integrated with Oracle Cloud” status and is now available in the Oracle Cloud Marketplace, offering added value to Oracle Cloud customers.

Social Media Investigations | #ICORP Investigations (ICORP Investigations) Our social media investigators have been able to uncover accounts that were initially thought to be dead-ends in a social media investigation.

Texas Manufacturing Assistance Center at SwRI offers cybersecurity support to federal contractors (Southwest Research Institute) The Texas Manufacturing Assistance Center (TMAC) South Central Region is announcing a program to enhance DFARS cybersecurity compliance for companies required to meet NIST cybersecurity protocols when manufacturing for the federal government.

IBM Works With City of Los Angeles to Combat Cybercrime (Yahoo) Launches New Services to Bring Enterprise Threat Intelligence to Cities and Municipalities; Launches Three Complimentary Cyber Preparedness Training Sessions for U.S. Cities Combating Ransomware CAMBRIDGE, ...

Ideagen launches new software for environment, health and safety (EHS) legislation and compliance (Ideagen) Q-Pulse Law – a modular enhancement to Ideagen’s flagship quality, safety and compliance software solution, Q-Pulse – provides regulatory information management capabilities for global EHS compliance.

Cyberinc partners with InfiniVAN to offer the first local Web Isolation Cloud in the Philippines (PR Newswire) Cyberinc, a leading cybersecurity start-up based in California, today announced the selection of InfiniVAN as...

blueAPACHE scores major infosec accreditation (CRN Australia) Celebrates achieving ISO 27001 compliance.

Zscaler Extends Cloud Capabilities to Deliver Secure Access to B2B Applications (BusinessWire) Zscaler announces Zscaler B2B, a unique solution that reduces the attack surface introduced by customer-facing applications exposed on the internet.

Technologies, Techniques, and Standards

Endace | New Research from Enterprise Management Associates Confirms Importance of Packet Capture for Cyber Defense (RealWire) One of the significant findings from Enterprise Management Associates’ (EMA) recent report, Unlocking High Fidelity Security 2019 is that organizations using full packet capture are better prepared to battle cyber threats

Former hacker warns against password reuse (Naked Security) Kyle Milliken is back from jail, and he has some advice for you: Do. Not. Reuse. Your. Passwords.

U.S. Coast Guard Flexes Cyber Muscles (Wall Street Journal) The Coast Guard might be the smallest of the nation’s armed forces, but when it comes to cybersecurity, it believes it can punch above its weight.

After recent hacks, tighten up iPhone security the easy way (Cult of Mac) Google's surprising report on the iPhone's vulnerability to website hacks dented Apple's reputation for bulletproof smartphone security.

What startup CSOs can learn from three enterprise security experts (TechCrunch) How do you keep your startup secure? That’s the big question we explored at TC Sessions: Enterprise earlier this month. No matter the size, every startup is an enterprise. Every startup will grow in size as it builds out. But as a company expands, that rapid growth can lead to a distraction …

Information warfare should be treated like call-for-fire missions, Army Cyber says (Army Times) “It’s 2019. It still can’t be true that it’s easier to drop a bomb on somebody than to send them a leaflet or an email,

How the Army’s new multidomain forces could help (Fifth Domain) The Army unveiled details about one of its newest units designed to help the service compete with adversaries below the threshold of war.

Virtual training ground in the works as Army pushes ahead with cyberwarfare plan (Stars and Stripes) The U.S. Army is adding more cyber defense teams and intensifying the training required of its high-tech operators to better equip them to take on 21st-century adversaries, the head of U.S. Cyber Command said.

Design and Innovation

AI helped Facebook identify and ban 200 white supremacist groups (VentureBeat) Facebook revealed in a blog post that its automated systems helped to identify and ban 200 white supremecist groups from its platform.

Facebook’s ‘Supreme Court’ can overrule Zuckerberg, per new charter (The Verge) ‘The board’s decision will be binding, even if I or anyone at Facebook disagrees with it,’ says Zuckerberg

Edgeware blockchain launch gets hijacked by rival fork (Decrypt) An alternative version of the Edgeware chain took off from day one, leaving the original blockchain in the dust.

Research and Development

BotSlayer tool can detect coordinated disinformation campaigns in real time (Help Net Security) A new tool against online disinformation has been launched, called BotSlayer, developed by the Indiana University's Observatory on Social Media.


Cecil College designated NSA/DHS cybersecurity institute (Perryville, MD Patch) One of your neighbors posted in Schools. Click through to read what they have to say. (The views expressed in this post are the author’s own.)

Legislation, Policy, and Regulation

U.S. considers more intel sharing with Saudi Arabia after attack:... (Reuters) The United States is considering increasing its intelligence sharing with Saudi ...

Trump ‘locked and loaded’ to strike Iran but waiting for smoking gun (Washington Examiner) DRUMS OF WAR: That rhythmic pounding sound you hear from Washington is the growing drumbeat for military action to punish Iran for the Saturday strikes on two Saudi processing facilities that cut the country’s oil production in half.

Trump leans against striking Iran (POLITICO) Confidants say the president may talk tough, but he’s deeply reluctant to drag the United States into a fresh war in the Middle East.

Russia and China Are Trying to Set the U.N.’s Rules on Cybercrime (Foreign Policy) At the United Nations General Assembly, the United States must push back against their agenda.

Xi Underlines Security, Openness in Cyberspace - All China Women's Federation (Women of China) President Xi Jinping has highlighted the necessity for a cyberspace environment that is safe and manageable as well as open and innovative.

U.S. Seeks to Heighten Scrutiny of Foreign Investment in Tech, Infrastructure, Data (Wall Street Journal) Foreign investors who want to put their money into U.S. businesses that rely on sensitive technology, infrastructure and data could face greater national-security scrutiny under proposed rules from the Trump administration.

Mate 30 Launch: Why Trump’s War On Huawei Could Now Seriously Backfire (Forbes) The Mate 30 Series launches this week, but for Huawei and Washington,​ the real interest will not be what's in the box.

Elections Canada confident in security measures ahead of federal election (iPolitics) Elections Canada is confident in the security of the 2019 federal election despite recent cases of foreign interference in elections in countries like the U.S., Canada’s elections administrator said Tuesday. Speaking to reporters at a press conference in Ottawa, chief electoral officer Stéphane Perrault said he’s confident in the security measures the elections agency he …

Hillary Clinton accuses Trump, McConnell of ‘abdicating their responsibility’ on election security (Washington Post) In remarks at a conference, the 2016 Democratic presidential nominee also took aim at Trump for his repeated claims about voter fraud.

Facebook and Twitter Aren’t Even Pretending to Take the FEC Seriously Anymore (Vice) Representatives for both companies all but ghosted an FEC-hosted discussion about what the platforms are doing to fight misinformation and foreign interference in 2020.

Self-Help in Cyberspace: A Path Forward (Lawfare) The United States should prudently explore acceptable domestic parameters for the practice of combating cyber threats in the private sector and engage other nations to harmonize these standards internationally.

U.S. cyber-offensive against ISIS continues, and eyes are now on Afghanistan, general says (CyberScoop) As loyalties among Afghanistan’s Islamic extremists continue to shift, the U.S. military may be poised to rely more heavily on offensive cyber capabilities to target one group in particular — the dispersed but still active membership of ISIS, according to one military cyber commander.

How Cyber Command can limit the reach of ISIS (Fifth Domain) Joint Task Force-Ares helps provide necessary intelligence to agencies that aid in tracking terrorists.

Army’s forthcoming data strategy comes with new standards, ‘ruthless’ enforcement (Federal News Network) The ink is dry on the Army’s new data strategy. Once it’s officially released, it will come with specific orders telling Army components to adhere to common data standards.

Litigation, Investigation, and Law Enforcement

Ecuador Investigates Data Breach of Up to 20 Million People (NYTimes) The trove of personal details was found on an unsecured server in Florida, though it was unclear whether anyone had gained access to the information.

Exclusive: Edward Snowden’s First Adventures in Cyberspace (The Nation) An excerpt from the whistleblower’s new memoir.

Edward Snowden: Germany a 'primary example' of NSA surveillance cooperation (Deutsche Welle) In his new book, Edward Snowden describes how US intelligence agencies collect vast amounts of data around the world. Foreign governments often help facilitate the collection, and Germany is no exception.

Edward Snowden says the government is in your phone, insists he only wanted to 'reform' the NSA (NBC News) Snowden in an interview from Russia with Brian Williams talked Trump, stealing classified information from the NSA and how cellphones are killing privacy.

Review: Edward Snowden and the Rise of Whistle-Blower Culture in “Permanent Record” (The New Yorker) In his memoir, he chronicles his life game by game, from Nintendo to the N.S.A.

Life After Snowden: US Still Lacks Whistleblowing Rules (BankInfo Security) Ahead of the release of Edward Snowden's memoirs chronicling his decision to bring illegal "big data" domestic U.S. surveillance programs to light, a former NSA intelligence specialist points out that the U.S. still lacks a whistleblowing law to protect intelligence workers who spot illegal activity.

Justice Dept. sues for proceeds from Edward Snowden’s book (Washington Post) The department alleged the former NSA contractor violated nondisclosure agreements in publishing “Permanent Record” without the necessary government approvals.

United States Files Civil Lawsuit Against Edward Snowden (US Department of Justice) The United States today filed a lawsuit against Edward Snowden, a former employee of the Central Intelligence Agency (CIA) and contractor for the National Security Agency (NSA), who published a book entitled Permanent Record in violation of the non-disclosure agreements he signed with both CIA and NSA.

Criminal investigation following college cyber attack (FE Week) Criminals have hacked into the personal data, and potentially bank details, of students and staff

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

7th Annual Cyber Resilience Summi (Arlington, Virginia, USA, October 16, 2019) As the journey to secure our nation’s IT cyber infrastructure gains momentum, it is important to apply proven standards and methodologies that reduce risk and help us meet objectives for acquiring, developing...

ENISA Maritime Cybersecurity Workshop (Lisbon, Portugal, November 26, 2019) The ENISA Maritime Cybersecurity Workshop will be a full-day event and will take place at EMSA's Headquarters in Lisbon, Portugal. The workshop will include presentations and discussions around the topic...

Upcoming Events

PCI SSC 2019 North America Community Meeting (Vancouver, British Columbia, Canada, September 17 - 19, 2019) The PCI Security Standards Council’s 2019 North America Community Meeting is THE place to be. We will provide you with the information and tools to help secure payment data. We lead a global, cross industry...

SecureWorld St. Louis (St. Louis, Missouri, USA, September 18 - 19, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...

Fraud Force Summit (Portland, Oregon, USA, September 18 - 20, 2019) The Fraud Force Summit is iovation's annual conference bringing customers, prospective customers, partners and industry experts together to connect, collaborate and share. The landscape for fraud prevention...

2nd Annual National Cybersecurity Summit (National Harbor, Maryland, USA, September 18 - 20, 2019) The Department of Homeland Security, Cybersecurity and Infrastructure Security Agency (CISA) will bring together critical infrastructure stakeholders from around the world to a forum with presentations...

Phoenix Cybersecurity Conference (Phoenix, Arizona, USA, September 19, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.