skip navigation

More signal. Less noise.

What if your security strategy added zeros to your bottom line?

Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.

Daily briefing.

2nd Annual National Cybersecurity Summit

US Federal agencies are taking election security seriously, as we heard yesterday at the second annual National Cybersecurity Summit, organized by the Cybersecurity and Infrastructure Security Agency (CISA). CISA and its partners are concerned with direct hacking of voting systems, but also with countering influence operations mounted by hostile foreign governments. Discussions were particularly aware of the ways in which social media lend themselves to confirmation bias, and the ways in which such bias can be used to create or exploit fissures in civil society.

The Summit, being held this week just outside Washington, DC, continues today and tomorrow. Livestreaming is available here.

Akamai reports that a new distributed denial-of-service vector, WS Discovery (a UDP amplification technique), is being exploited in the wild. The approach is a good one, from the attackers' point-of-view, since it's enabled them to achieve amplification rates of 15,300%. This, Akamai points out, gives the attack technique the fourth highest reflected amplification factor.

Greenbone Networks has found a very large number of medical images, radiological images, for the most part, exposed to the Internet. Greenbone looked at 2300 Picture Archiving and Communication Systems (PACS) servers based on the DICOM (Digital Imaging and Communications in Medicine) protocol, and found that some 400 million images belonging to 24.5 million patients were easily accessible.

The Wall Street Journal reports that Huawei's membership in FIRST, the Forum of Incident Response and Security Teams, has been suspended. FIRST says the suspension is temporary, and was undertaken in response to US trade sanctions against Huawei. The Washington Post reminds readers that Huawei is defending itself against the sanctions in oral arguments today before the US District Court for the Eastern District of Texas.

US Cyber Command is ramping up operations against ISIS. The sometime Caliphate is not generally reckoned to show a high level of technical sophistication, but it's been able to operate effectively, particularly in its use of the Internet for communication and inspiration. Its resilience lies in part in its use of commercial infrastructure, which makes ISIS's online operations difficult to disrupt without doing unacceptably high and sometimes collateral damage, Fifth Domain observes.


Today's issue includes events affecting Canada, China, India, Iran, Ireland, Malaysia, Russia, Saudi Arabia, Slovakia, United Kingdom, United States.

Bring your own context.

Backing up files involves more than just synchronizing.

"But that synchronization process and because you can buy a new computer and get your data onto that machine quickly, that process has people thinking, oh, my data is backed up. The problem with that is one instance of your data exists, and you're able to get to it from many devices. And my point in this, a proper backup is - whether it's online or offline - is something that is iterative. You can roll back to different versions. You are able to pull it down or pull it out of a drawer because you did it on a disk and put it in a machine and get your information back. Again, a lot of the services today are doing a really good job of protecting your information, etc. But what happens if you get corrupted data and that corrupted data then syncs to all your machines? Guess what? You don't have a backup; you have a bunch of synced-up corrupted data."

—David Dufour, Vice President of Engineering and Cybersecurity at Webroot, on the CyberWire Daily Podcast, 9.17.19.

Garbage backed up is still garbage.

Cybersecurity Fabric: The Future of Advanced Threat Response

Cyber Attacks continue to increase in size and speed, requiring greater flexibility to defend and respond to emerging security threats. Organizations need inline detection and mitigation to be successful against threats to the evolving network. The solution is one that weaves security throughout your network into a seamless fabric providing coordinated detection and response. Join LookingGlass for our upcoming webinar October 2, 2pm EST to learn how a Cybersecurity Fabric will strengthen your security strategy, simplify your stack, and advance your defenses.

In today's podcast, out later this afternoon, we speak with our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin discusses a case of compelled encryption which may be heading to the supreme court. Our guest is David Talaga from Talend, who talks about how privacy fines have informed customers’ approach to planning around data security compliance.

And Hacking Humans is up. In this episode, "Algorithms controlling truth in our society," special guest host Graham Cluley joins Dave while Joe takes a short break. Dave shares the success of the FBI's reWired campaign which has apprehended alleged scammers around the world. Graham describes a website hoping to spare users the hardship of multifactor authentication. The catch of the day involves a generous soccer star. Our guest is Matt Price from ZeroFOX with insights on Deep Fake technology.

Cyber Security Summits: September 17 in Charlotte and October 3 in NYC (Charlotte, North Carolina, United States, September 17, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The NSA, The FBI, Google, IBM, Darktrace, and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Passes are limited, secure yours today:

Second Annual DataTribe Challenge (Online, October 1, 2019) Register now for a chance to be DataTribe's next world-class company. Finalists will split a $20,000 prize, and the winner may receive $2m in funding from DataTribe. Contestants have until October 1st to apply at­.

Zero Day Con (Washington, DC, USA, October 22, 2019) Zero Day Con hosts a day of expert discussion on security approaches to regain control over your systems, data, and information. Join us to examine insights, security technologies, and key priorities to secure your systems. Get a 20% discount: CYBER_WIRE20

Dateline 2nd Annual National Cybersecurity Summit

NSA’s Neuberger explores pilot project to inform 'security standards' for private sector (Inside Cybersecurity) The National Security Agency is preparing to launch an ambitious pilot project over the next two months to move cyber policy “beyond information sharing,” with extensive input from CISA, according to the NSA official leading the effort.

CISA Chief Calls on Cybersecurity Community to ‘Stop Selling Fear’  (Nextgov) Director Chris Krebs wants government and industry to get a broader community of people involved in the fight against digital threats but not by fearmongering.

Cyber Attacks, Threats, and Vulnerabilities

A persistent group of hackers has been hitting Saudi IT providers, Symantec says (CyberScoop) Over the last 14 months, a determined group of hackers has breached IT companies in Saudi Arabia in a likely attempt to gain access to their customers, security researchers said Wednesday.

DNSSEC fueling new wave of DNS amplification attacks (Help Net Security) DNS amplification attacks swelled in the second quarter of this year, with the amplified attacks spiking more than 1,000% compared with Q2 2018.

Confidential data of 24.3 million patients discovered online (Help Net Security) Greenbone discovers confidential data about 24.3 million patients freely available on the internet – unprotected image servers to blame.

400 Million Medical Radiological Images Exposed on the Internet (BleepingComputer) An analysis of medical image storage systems exposed to the public web reveals that almost 600 servers in 52 countries are completely unprotected against unauthorized access.

Scotiabank slammed for 'muppet-grade security' after internal source code and credentials spill onto open internet (Register) Blueprints for mobile apps, databases exposed in public GitHub repos

Clever New DDoS Attack Gets a Lot of Bang for a Hacker's Buck (Wired) By exploiting the WS-Discovery protocol, a new breed of DDoS attack can get a huge rate of return.

New DDoS Vector Observed in the Wild: WSD attacks hitting 35/Gbps (Akamai) Additional research and support provided by Chad Seaman. Introduction Members of Akamai's Security Intelligence Response Team have been investigating a new DDoS vector that leverages a UDP Amplification technique known as WS-Discovery (WSD). The situation surrounding WSD was recently made...

The Massive Propagation of the Smominru Botnet (Guardicore) Read how Guardicore Labs uncovered the scope of the Smominru mining botnet. The attack campaign compromises Windows machines using an EternalBlue exploit and brute-force.

Old Magecart Domains are Being Bought Up for Monetization (RiskIQ) Old Magecart domains are finding new life in subsequent threat campaigns, many of which are entirely unrelated to web skimming. 

Broken security - SOHO routers found to have multiple flaws (SC Media) Security researchers have found over 100 flaws in small office/home office (SOHO) routers and network-attached storage devices (NAS).

Common storage and router devices are still hopelessly broken (Naked Security) Don’t be lulled into a false sense of security by that shiny new router or network-attached storage (NAS) device – the chances are that it’s no more secure than its predecessors.

New ransomware strain uses ‘overkill’ encryption to lock down your PC (ZDNet) The new Nemty malware may have ties to GandCrab and Sodinokibi.

Fake Ad Blockers 2: Now with Cookies and Ad Fraud (AdGuard Blog) Here is a story of how we (once again) found some fake ad blockers on Chrome Web Store — now with cookies and ad fraud.

WannaCry – the worm that just won’t die (Naked Security) WannaCry never went away – it just became less obvious.

Malindo Air confirms data breach, exposing records of millions of passengers (South China Morning Post) Information including passport details, home addresses and phone numbers were leaked onto data exchange forums last month.

Public warned not to click Facebook messages, open text messages that contain ’Is This You?’ (WAFB) The Better Business Bureau (BBB) says it’s best that consumer not click messages on social media sites, emails, or text messages that state “Is this you?”

Misconfigured Google Calendars Share Events With the World (BleepingComputer) Thousands of Google users are exposing the contents of their calendars to the public. The information is indexed by search engines and can include email addresses as well as private events from individuals and businesses.

How to protect yourself against web miners (TechRepublic) While using your browser to mine cryptocurrencies for profit, web miners can chew up power from your computer, says a new report from Kaspersky.

Warning: Researcher Drops phpMyAdmin Zero-Day Affecting All Versions (The Hacker News) Researcher publishes proof-of-concept for an unpatched zero-day vulnerability in the latest version of phpMyAdmin.

Don't Forget About Legacy Systems (Forbes) The retention of legacy IT systems comes with a unique set of risks.

Cybercriminal's Black Market Pricing Guide (Dark Reading) Common prices criminals pay one other for products and services that fuel the cybercriminal ecosystem.

How Cybercriminals Exploit Simple Human Mistakes (Dark Reading) A new report explores how attackers identify psychological vulnerabilities to effectively manipulate targets.

Smart TVs, Subscription Services Leak Data to Facebook, Google (Threatpost) Researchers discovered that smart TVs from Samsung, LG and others are sending sensitive user data to partner tech firms even when devices are idle.

Cyber Trends

Automated Cyberattacks on E-commerce Companies Growing More Sophisticated and Difficult to Detect (Imperva) Imperva Bot Management Threat Research Reveals Growing Risk of Cyber Attacks and Website Downtime on Black Friday and Cyber Monday

Security is slowly becoming essential to doing business (Help Net Security) A veteran of the infosec industry, Greg Jensen has spent the last six years at Oracle as the Senior Director of Oracle’s Cloud Security solutions.

Businesses facing post breach financial fallout by losing customer trust (Help Net Security) PCI Pal research finds a significant change in how consumers around the world are thinking about and reacting to data breaches.

New Research from AppRiver Reveals SMBs Severely Underestimate the Damaging Consequences of Successful Cyberattacks (Yahoo) AppRiver, a Zix (ZIXI) company and leading channel-first provider of security, productivity and compliance solutions, today announced the findings of its Q3 Cyberthreat Index for Business Survey, revealing the extent to which small-to-medium-sized businesses (SMBs) underestimate the impact of today’s

Ireland's steadily growing reputation as a global leader in internet security (Irish Examiner) Joe Dermody looks at a selection of cyber security companies which IDA Ireland has helped establish in Ireland.


Huawei suspended from global cyber-security forum, so what does this mean? (Android Authority) The effects of the US trade ban on Huawei continue to be felt, with the firm now suspended from a major security forum.

Cisco acquisitions in 2019 bolster service provider strategy (SearchNetworking) Three of 10 Cisco acquisitions in 2019 and 2018 show the IT supplier preparing for when carriers abandon frugality and increase network spending in preparation for next-generation business services.

Cybersecurity company Acronis hits unicorn status after raising $147 million led by Goldman Sachs (TechCrunch) Cybersecurity solutions provider Acronis announced today that it has raised $147 million in funding led by Goldman Sachs, bringing it to unicorn status. The company did not disclose its valuation, but founder and CEO Serguei Beloussov told TechCrunch that it is between $1 billion and $2 billion. Fo…

Cyber firms Owl, Tresys merging (Jane's 360) Two US cybersecurity companies – Owl Cyber Defense and Tresys Technology – are in the process of merging, according to Owl officials. The merger is occurring because DC Capital Partners, the Alexandria, Virginia-based private equity investment firm that already owned Owl, recently

Ping Identity Announces Pricing of Initial Public Offering (Yahoo) Ping Identity Holding Corp. ("Ping Identity") today announced the pricing of its initial public offering of 12,500,000 shares of its common stock at a price to the public of $15.00 per share. The shares are expected to begin trading on the New York Stock Exchange on September

'New day' as rivals Oracle and VMware unite on hybrid cloud deal (CRN) Vendors bury the hatchet to run and maintain Oracle Cloud in VMware environments

Eset wants a Silicon Valley in Bratislava (Slovak Spectator) The IT security provider is now looking for architects for its new research and innovation campus.

Quick Heal is venturing into uncharted territory. Can it thrive outside its comfort zone? (ET Prime) Quick Heal is heavily concentrated in one segment and one geography. This lack of diversification has made the business vulnerable. But after being around for 25 years, the homegrown software-security firm is in the process of reinventing itself, and its future success story will depend on new areas of growth.

Is $100 million enough to save the web from ads? (Naked Security) Mozilla, Creative Commons and Coil are teaming up to launch a $100m fund to drive out advertising and advocate privacy across the web.

6 questions candidates should ask at every security job interview (CSO Online) The cybersecurity skills shortage means security pros can be picky about where they work. Here's how to suss out bad employers.

Morphisec Appoints Eric Dougherty as Chief Revenue Officer (PRWeb) Morphisec, the leader in Moving Target Defense, today announced it has appointed Eric Dougherty to Chief Revenue Officer (CRO). In this r

Products, Services, and Solutions

Nets and KPMG Partner to Launch AI-Powered Payment Fraud Prevention Solution (Nets) Nets Fraud Ensemble uses machine learning to reduce fraudulent transactions by up to 40%.

Exabeam Earns Federal Common Criteria Certification for its Security Management Platform (BusinessWire) Exabeam Security Management Platform (SMP) underwent security testing and assessment to achieve federal Common Criteria certification; announced today

Odo Security Emerges from Stealth with Agentless Access Management Platform for Safe “Any Device to Any Resource” Connectivity (BusinessWire) Odo is unique in its ability to support web access as well as SSH, RDP and database access which is a game-changer for DevOps teams.

Bank of Hawaii Eliminates Most Web-Based Threats with Isolation Secure Web Gateway (Menlo Security) The bank is able to leverage malware-free browsing without impacting users’ native webbrowsing experience.

IBM to host free ransomware exercises for cities (StateScoop) IBM Security will hold three exercises at its Cambridge, Massachusetts, cyber range where local-government officials will respond to simulated cyberattacks.

buguroo and Lookout Partner to Mitigate Cyber Threats (CIOReview) This new strategic partnership aims at providing a cloud-based, deep learning approach to mitigate cyber threats and fraudulent...

Technologies, Techniques, and Standards

Digital Trust Insights: Raising the resilience quotient (PwC) Keeping data and operations running smoothly and securely while digital connections multiply is changing the face of resiliency, according to PwC’s new Digital Trust Insights.

The problems ISIS creates for the US military online (Fifth Domain) ISIS hackers heavily rely on commercial IT services, which can pose difficulties for the military in creating disruption.

What's in a Name? (Infosecurity Magazine) Naming hacking groups is a complex task for reasons both technical and commercial

Why securing Kubernetes and containers can't come 'after the app' (SiliconANGLE) Why securing Kubernetes and containers can't come 'after the app' - SiliconANGLE

Design and Innovation

Top 10 Security Challenges in the Automotive Industry for Connected Cars (Trustonic) What are the top security challenges for connected cars? With the global market for connected cars expected to grow significantly, what are the risks to brands and consumers?

Facebook is betting the next big interface is conversation (Fast Company) Bots still can’t converse like humans. But Facebook’s AI researchers are making major inroads—with implications for the company’s messaging apps and beyond.

Gamification: A winning strategy for cybersecurity training (SC Media) Block a hacker and win a gift certificate for a nice dinner out on the town? Absolutely! That’s just one example of how companies are bolstering their

Research and Development

UPDATE: Avanan Email Security Granted US Patent (West) Pre-Delivery Prevention of Phishing, the Future of Security for Cloud Email and Collaboration Suites

IBM will soon launch a 53-qubit quantum computer (TechCrunch) IBM continues to push its quantum computing efforts forward and today announced that it will soon make a 53-qubit quantum computer available to clients of its IBM Q Network. The new system, which is scheduled to go online in the middle of next month, will be the largest universal quantum computer a…

How Much Is Your Privacy Really Worth? (Medium) No one knows. And it might be time to stop asking.


KnowBe4 to Offer $10,000 Women in Cybersecurity Scholarship, Summer 2020 Internship (Dark Reading) The organization partners with the Center for Cyber Safety and Education to bolster women in cybersecurity.

Legislation, Policy, and Regulation

How to Win the Battle Over Data (Foreign Affairs) The United States dithers while authoritarians seize the day.

Pompeo Calls Attacks on Saudi Arabia ‘Act of War’ and Seeks Coalition to Counter Iran (New York Times) The secretary of state’s words were the strongest so far from any American official regarding the attack on Saudi oil facilities last weekend.

Trump Sanctions Iran Again, Inching Toward Economic Blockade (Foreign Policy) But some experts say the move is a weak response to alleged Iranian attacks on Saudi oil.

Trump Weighs Retaliation Against Iran and Names National Security Adviser (New York Times) To help sort through the options — including sanctions and the deployment of more American forces — the president chose Robert C. O’Brien, the State Department’s chief hostage negotiator.

Trump Picks Low-Key Operative as National Security Advisor  (Foreign Policy) The choice of Robert O’Brien to replace John Bolton reinforces Secretary of State Mike Pompeo’s power in the Trump administration. 

Air Force creates new information warfare organization, revamps Cyber Command teams (C4ISRNET) The Air Force is creating 16th Air Force that will combine cyber, electronic warfare, intelligence, surveillance and reconnaissance and information operations into a single organization.

The American way of cyber warfare and the case of ISIS (Atlantic Council) Restraint and sober consideration ought to be expected of any cyber actor who engages in intelligence or effects actions in the networked environment.

CCPA Exceptions: What Qualifies as Activity ‘Wholly Outside’ of California? (Data Privacy Monitor) Much has been said about the scope of the California Consumer Privacy Act (CCPA) and the far-reaching implications the law will have on businesses

Facebook, Google and Twitter face fresh heat from Congress on harmful online content (Washington Post) The continued struggles of Facebook, Google and Twitter to stop the spread of hate speech, disinformation and other harmful content online have sparked heightened interest on Capitol Hill, where lawmakers are expected to unveil legislation to probe the matter in coming days.

Twitter says murderous dictators can stay on its service as long as they follow the rules (The Telegraph) Allowing violent dictators to spread their message on Twitter is a benefit to the world because it promotes "dialogue", the company has said.

Big Tech’s Big Divorce From Democrats (Intelligencer) Inside the collapsed marriage of Silicon Valley and the Democratic Party.

Democrats dubious of Trump administration’s push to renew controversial spy power (Washington Post) Republican lawmakers, meanwhile, used a hearing Wednesday to air grievances about the FBI’s probes of political figures.

Crucial Tasks for the Next Director of National Intelligence | National Review (National Review) The White House should insist these steps be implemented as soon as possible regardless of who is heading the ODNI to keep our nation safe.

Litigation, Investigation, and Law Enforcement

Documents reveal how Russia wiretaps phone companies (TechCrunch) In cities across Russia, large boxes in locked rooms are directly connected to the networks of some of the country’s largest phone and internet companies. These boxes, some the size of a washing machine, house equipment that gives the Russian security services access to the calls and messages…

Discovery of Document Led to Arrest of Canadian Intelligence Official (Wall Street Journal) The investigation that led to the arrest last week of a senior Canadian intelligence official was triggered by the discovery in 2018 of a document held by a Vancouver businessman who was suspected of operating a mobile-phone network used to distribute narcotics and payments, a person familiar with the matter said.

Everything You Need To Know About the Massive Canadian Spy Scandal (Vice) Cameron Ortis, one of the highest ranking intelligence officials in the country, was arrested and charged in connection to espionage last week.

Who is Cameron Ortis?: RCMP espionage suspect’s journey from geeky teen to man of mystery (National Post) When news broke that Ortis, a senior civilian RCMP intelligence official, had been accused of violating secrecy laws, to his friends it just didn’t compute

Report: FBI Tried to Get Encrypted Phone Firm to Build Backdoor So They Could Spy on Sinaloa Cartel (Gizmodo) The FBI tried to get the CEO of encrypted phone company Phantom Secure, Vincent Ramos, to install a backdoor in his service so that the agency could spy on Sinaloa Cartel members, Motherboard reported on Wednesday.

More young Scots are falling prey to money mule scam (Times) The number of young Scots falling prey to money laundering has tripled in two years, amid concerns that thousands of students do not know how to protect themselves from fraud. In April Police...

Home Office ‘manipulates crime figures by telling Action Fraud to dismiss identity theft’ (Times) The Home Office is manipulating crime figures by instructing Action Fraud to dismiss as many as tens of thousands of legitimate cases, two former heads of fraud for the police have told The Times.

Teenage gamer jailed over lethal swatting (Naked Security) Casey Viner got into a spat over a $1.50 wager in a Call of Duty World War II game that led to the fatal shooting of an innocent man.

The first casualty of the US culture war is truth (Times) There’s an old trick in the less reputable corners of journalism. Publish a smear story on the flimsiest of evidence. Then, when it’s exposed as bunk, issue a correction or even a retraction.

Colorado stockholder sues to stop Carbon Black-VMWare deal (BizWest) A Colorado shareholder is suing to stop VMWare Inc.’s (NYSE: VMW) $2.1 billion bid to buy IT security firm Carbon Black Inc. (Nasdaq: CBLK).

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

ENISA Maritime Cybersecurity Workshop (Lisbon, Portugal, November 26, 2019) The ENISA Maritime Cybersecurity Workshop will be a full-day event and will take place at EMSA's Headquarters in Lisbon, Portugal. The workshop will include presentations and discussions around the topic...

Upcoming Events

PCI SSC 2019 North America Community Meeting (Vancouver, British Columbia, Canada, September 17 - 19, 2019) The PCI Security Standards Council’s 2019 North America Community Meeting is THE place to be. We will provide you with the information and tools to help secure payment data. We lead a global, cross industry...

SecureWorld St. Louis (St. Louis, Missouri, USA, September 18 - 19, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...

Fraud Force Summit (Portland, Oregon, USA, September 18 - 20, 2019) The Fraud Force Summit is iovation's annual conference bringing customers, prospective customers, partners and industry experts together to connect, collaborate and share. The landscape for fraud prevention...

2nd Annual National Cybersecurity Summit (National Harbor, Maryland, USA, September 18 - 20, 2019) The Department of Homeland Security, Cybersecurity and Infrastructure Security Agency (CISA) will bring together critical infrastructure stakeholders from around the world to a forum with presentations...

Phoenix Cybersecurity Conference (Phoenix, Arizona, USA, September 19, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.