skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

Proofpoint has released a report concluding that APT10, associated with China’s government, was responsible for a series of phishing attacks conducted against “at least seventeen entities in the US utilities sector” between April 5th an August 29th of this year. The malware used, called “LookBack,” was embedded in malicious Microsoft Word files attached to the emails. LookBack was discovered in July. The activity appears to involve reconnaissance and battlespace preparation.

The European Union's Court of Justice has found that Google is not liable for enforcing the EU’s right to be forgotten worldwide. The Wall Street Journal thinks other decisions expected soon will introduce more uncertainty into transatlantic data transfers.

As the United Nations General Assembly’s annual summit meets, some twenty-seven countries (including all the Five Eyes) have issued a brief “Joint Statement on Advancing Responsible State Behavior in Cyberspace.” It calls for bringing cyberspace into the framework of international law (particularly by applying the principles of proportionality and discrimination that inform the law of armed conflict). CNN and others see it as directed implicitly against Russia and China: the Statement condemns attempts to "undermine democracies" and "undercut fair competition."

Edward Snowden’s new book, “Permanent Record,” is being used as phishbait, Bloomberg reports. Criminals unconnected with Mr. Snowden are emailing a pdf that purports to be the book, and asks the recipients to open and share the pdf. The email says the book has been “banned,” which isn’t true in any case, so refuse the chain letter: the pdf holds malware.


Today's issue includes events affecting Australia, Belgium, Canada, China, Colombia, Czech Republic, Denmark, Estonia, European Union, Finland, France, Germany, Hungary, Iceland, Italy, Japan, Republic of Korea, Latvia, Lithuania, Netherlands, New Zealand, Norway, Poland, Romania, Russia, Slovakia, Spain, Sweden, the United Kingdom, United States.

Bring your own context.

Facial recognition is a challenge for artificial intelligence.

"I think that technology will continue to improve. For instance, we know that, up to this point, these systems have had difficulty distinguishing twins. But they can be complemented with certain techniques so that they're able to distinguish the faces of twins, for instance, by looking at, you know, pores within the twins' faces, and, you know, computing the distances between (laughter) those pores, they may be able to get additional information or additional - build additional discriminative power between the faces of twins. Other things that can be leveraged is how the people walk. If we're not just looking at the face of the person, but at the, you know, entire video of a person walking or moving, then we're able to improve the accuracy of these algorithms and these systems that way."

—Malek Ben Salem, senior R&D manager for security at Accenture Labs, on the CyberWire Daily Podcast, 9.20.19.

Note that the projected improvements involve introduction of more biometric modalities. It won't just be facial recognition: they'll want to teach the AI voice and gait, too. 

Is your cybersecurity program aligned with your business goals and objectives?

Cybersecurity is a business risk, not an IT problem, and a critical part of business strategy. Security should not be an afterthought. Taking a proactive approach facilitates board-level cyber initiative buy in, supports traction across business units, establishes management alignment for key priorities, and manages data complexity. Let Edwards Performance Solutions better structure and position your cybersecurity program – making it a business asset for continued success. Learn more

In today's podcast, we speak with our partners at the SANS Institute, as Dean of Research Johannes Ullrich discusses the security issues associated with local host web servers. Our guest is Fleming Shi from Barracuda Networks, describing their research into ransomware attacks against cities and states.

Second Annual DataTribe Challenge (Online, October 1, 2019) Register now for a chance to be DataTribe's next world-class company. Finalists will split a $20,000 prize, and the winner may receive $2m in funding from DataTribe. Contestants have until October 1st to apply at­.

Zero Day Con (Washington, DC, USA, October 22, 2019) Zero Day Con hosts a day of expert discussion on security approaches to regain control over your systems, data, and information. Join us to examine insights, security technologies, and key priorities to secure your systems. Get a 20% discount: CYBER_WIRE20

Cyber Attacks, Threats, and Vulnerabilities

Rogue States Are Funding Stateless Rogues Who Are Behind Cyberattacks (Governing) Former NSA chief says follow the money.

xHunt campaign detailed, new hacking tools discovered (SC Magazine) A new and highly sophisticated campaign targeting transportation and shipping organisations based in Kuwait has been exposed.

Chinese State Hackers Suspected Of Devious New Attack On U.S. Companies (Forbes) The latest attack on U.S. critical infrastructure​ is likely the work of China's notorious APT10.

LookBack Forges Ahead: Continued Targeting of the United States’ Utilities Sector Reveals Additional Adversary TTPs (Proofpoint US) Proofpoint researchers describe new activity associated with LookBack malware and apparent state-sponsored attacks using the malware.

Vulnerability Summary for the Week of September 16, 2019 (CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Disinformation and the Threat Posed by Conspiracy Theories (The Cipher Brief) As part of a special series on Disinformation, The Cipher Brief spoke with Cindy Otis about the danger of Conspiracy theories.

Google pulls more fake adblockers from Chrome Web Store (Naked Security) Google has again been reprimanded for not spotting fake extensions impersonating popular brands in its Chrome Web Store.

Snowden’s Book Is a Bestseller -- and a Honeypot for Hackers (Bloomberg) Edward Snowden’s memoir “Permanent Record” is a best seller. Hackers are trying to cash in on it, too.

3 in 5 secondhand hard drives still contain previous owner's data: study (Comparitech) Do you wipe your hard drives before selling them? A new study shows secondhand hard drives often contain sensitive information from their past owners.

Wolcott school officials provide information on district wide cyber attack (WFSB) For the second time this year, the Wolcott School district is the victim of a cyber-attack, leaving teachers and students unable to use the district’s computer network.

Lee County computer system still down; virus attack follows trend (The News-Press) As Lee County officials struggle to get the county computer system up and running, experts in computer forensics say it is a constant battle to stay ahead of cyber crooks.

Woodstock city, police targeted by 'cyber attack' (Woodstock Sentinel Review) The City of Woodstock and the Woodstock Police Service are both currently suffering cyber attacks.Woodstock’s top administrator, David Creery, confirmed the city had a network breach early Sa…

Security Patches, Mitigations, and Software Updates

Microsoft drops emergency Internet Explorer fix for actively exploited zero-day (Help Net Security) CVE-2019-1367 is deemed "critical", as it's being actively exploited to achieve partial or complete control of a vulnerable systems.

Out-of-Band Fixes from Microsoft (ISSSource) In a somewhat rare move, Microsoft released out-of-band security updates to address vulnerabilities in Microsoft software where a remote attacker could exploit of them to take control of an affected system.

IE zero-day under active attack gets emergency patch (Ars Technica) Denial-of-service flaw in Microsoft Defender also gets unscheduled fix.

Cyber Trends

The Wild West Of Cyberspace (Forbes) Do we have the necessary technological, investigative, and prosecutorial capabilities and partnerships to effectively chase outlaws in cyberspace?

Hook, Line, and Sinker: Why Phishing Attacks Work (Webroot) In partnership with Wakefield Research, we surveyed 4,000 professionals across the U.S., U.K., Australia, and Japan on their phishing know-how and clicking habits. Looking at the data, we discovered some interesting (and worrisome) trends.

New Report Shows Lack of Awareness About Malicious Third-party Code Leaves Decision Makers in the Dark About Security Risks (West) PerimeterX, the company that protects the world’s largest and most reputable websites and mobile applications from malicious activities, today released “Third-Party Code: The Hidden Risk in Your Website,” a survey of security professionals that underscores the lack of awareness people have about vulnerabilities in third-party client-side scripts and the unaddressed threats that can result.

Symantec Study Shows a Massive Hike in Sextortion Emails in 2019 (PR Newswire) A study done by Symantec shows a hike in extortion emails over the past nine months. According to the study, they...

Fortinet’s Bob Fortna on Three Federal Cyber Threat Trends to Watch (GovCon Wire) Bob Fortna, president of Fortinet’s (Nasdaq: FTNT) federal business, wrote in a Nextgov article publ

Cybercrime Damage Expected to Hit $6 Trillion Mark Annually by 2021 (AiThority) cybercrime damage is believed to be worth $6 trillion annually, or around 10% of the global economy by the year 2021


Cycode Raises $4.6 Million in Funding to Deliver Industry’s First Source Code Control, Detection and Response Security Solution (BusinessWire) Cycode utilizes patent-pending Source Path Intelligence engine to protect source code from theft, leakage and manipulation while maintaining developer access and productivity

Crypto Quantique Raises $8M to Solve End-to-End IoT Security (BusinessWire) Crypto Quantique Raises $8M to Solve End-to-End IoT Security

Akamai Acquires KryptCo, Enhances Cloud Security Portfolio (Zacks Investment Research) Akamai's (AKAM) strong media division traffic, growing adoption of cloud-based security solutions and robust over-the top (OTT) content viewing are key positives.

Cyber Command’s first major weapons system needs the cloud (Fifth Domain) The Air Force plans to spend as much as $95 million on cloud services from several companies to work on one of Cyber Command’s first major weapon systems.

Replacing Huawei, ZTE ‘would cost European operators $3.5bn (Capacity Media) A Danish consultancy company says it will cost operators in Europe $3.5 billion to replace Huawei and ZTE equipment with non-Chinese equipment

How Google Changed the Secretive Market for the Most Dangerous Hacks in the World (Vice) For five years, Google has funded Project Zero, a team of hackers with the sole mission of finding bugs in whatever software they wanted to research, be it Google’s or somebody else’s. Are they making the internet safer?

How greater 'neurodiversity' could improve cyber security and help overcome IT skills shortages (Computing) Cyber security needs specialists who really can 'think different'

'We're being as transparent as we can to reignite ourselves in the channel' (CRN) The security vendor's new UK MD and its UK channel boss open up to CRN about the firm's controversial few years and the channel's evolution

Peter Thiel-backed blockchain company is opening its headquarters in Arlington (Washington Business Journal) is said to control as much as $3 billion in assets.

Internet security firm Dashlane to expand in Flatiron District (New York Post) After a $110 million Series D fundraising round led by Sequoia Capital, the password management and internet security firm Dashlane decided to expand at the Flatiron District building where it had …

Pentagon’s electronic warfare leader heads to industry (C4ISRNET) WIlliam Conley, the former director of electronic warfare at the Pentagon, has left his position.

Jask, Carbonite Vet to Lead Vectra’s Americas Channel (Channel Partners) As Vectra's vice president of channel for the Americas, Jessica Couto will be responsible for devising a go-to-market strategy while providing a complete program to global partners of all types.

Products, Services, and Solutions

Sisense Reaches New Security Standards With ISO 27001 Compliance (Newswire) Continues Investments in Protecting and Securing Customer Data

KILL Ownera Partners with Amazon on Hackathon to Launch the Revolutionary Ownera Digital Securities API (SYS-CON Media) Ownera requests that their press release NewsItemId: 20190920005084 issued Sept. 20, 2019, “Ownera Partners with Amazon on Hackathon to Launch the Revolutionary Ownera Digital Securities API” be killed.

Prey’s Scheduled Automations Streamline Mobile Device Management with Action-Triggered Responses (West) Lock and alarm laptops, phones and tablets during non-use hours

F Secure Oyj : Secure's research-led cyber security consultancy goes global | MarketScreener (Market Screener) Cyber security provider F-Secure has launched a new consultancy unit bringing the company's research-led cyber security services to...

Arcserve and Sophos Announce a Strategic Alliance To Offer All-In-One Data Security and Protection from Cyber-Attacks (West) Global alliance marks the industry’s first means to assure mitigation of cyber-attacks through complete, multi-layered data security and protection. Joint solution uniquely combines threat prevention technologies with onsite and offsite business continuity capabilities for an all-in-one solution that can be deployed in 15 minutes.

Casio Chooses Trustonic to Secure and Enhance Next-gen Smartwatches (Yahoo) Trustonic Secured Platform helps Casio protect new flagship wearable device

Cyber Resilience Think Tank Offers Latest Executive Insights for Reducing Security Complexity (West) Mimecast Releases Latest eBook ‘Decluttering Your Security Environment’ from Cyber Resilience Think Tank

Dataguise Makes Fulfilling Data Subject Access Requests Easier for Companies of Any Size (Financial Buzz) Dataguise, the leader in Personal Data Provisioning™,

GlobalPlatform Enhances TEE for IoT and Advanced Consumer Use Cases (GlobalPlatform) The standard for secure digital services and devices

BSI launches its Privacy Assessment Services focusing on the California Consumer Privacy Act (CCPA) (PR Newswire) BSI, the business improvement company, announced today the launch of its California Consumer Privacy Act (CCPA)...

BIO-key Launches Channel Alliance Partner Program for Multi-factor Authentication (MFA) Security Solutions (Yahoo) BIO-key International, Inc. (NASDAQ: BKYI), an innovative provider of biometric authentication and security solutions, today announced that the.

Bandura Cyber and Anomali Join Forces to Seamlessly Block Cyber Threats (BusinessWire) Bandura Cyber, the leading provider of threat intelligence gateways, today announced a partnership with Anomali.

PerimeterX Code Defender Now Generally Available (West) Client-side Protection for Web Applications Helps Enterprises Defend Against MageCart, Digital Skimming, Formjacking and PII Harvesting

RiskLens Enables Quantitative Cyber Risk Programs with the Industry's Most Comprehensive Cyber Risk Management Platform (West) Built by the Authors of the FAIR Standard, the Redesigned RiskLens Platform Evolves from Risk Analytics to Support the Full Cyber Risk Management Lifecycle.

CyFIR Brings Affordable Cyber Resilience to Mid-Sized Companies (PR Newswire) CyFIR today announced its initiative to make cyber resilience achievable for mid-sized businesses through global...

Technologies, Techniques, and Standards

Analysis | The Cybersecurity 202: Voting machine companies may throw their doors open to ethical hackers (Washington Post) That's a big shift. But hackers are skeptical they're serious.

NIST Issues Preliminary Draft of Privacy Framework (Cooley) Earlier this month, the National Institute of Standards and Technology (NIST) issued a Preliminary Draft of the Privacy Framework, which aligns with the NIST Cybersecurity Framework and is intended…

Tripwire Contributes to NIST’s New Guide Available to Help Electric Utilities, Oil & Gas Industry with Asset Management (Tripwire) NIST Special Publication 1800-23 demonstrates how technologies like Tripwire Industrial Visibility can monitor industrial control environments

How important is packet capture for cyber defense? (Help Net Security) The report highlights that the visibility and accuracy of packet capture data provides the best source of certainty for threat detection.

What Verizon, AT&T, Sprint & T-Mobile are doing to prevent SIM card swapping - Clark Howard (Clark Howard) SIM card swapping is a major problem for mobile phone customers. That's why asked Verizon, AT&T, Sprint & T-Mobile how they're handling it.

Defense Dept. unveils counter-insider threat program (SC Media) In conjunction with National Insider Threat Awareness month, the Defense Department has launched a counter-insider threat program aimed at educating its

Maryland Business Strategy Consultants Release IT Due Diligence Checklist (Digital Journal) The Maryland business strategy consultants at Hartman Executive Advisors recently released a blog listing an IT Due Diligence Checklist for businesses.

Finnish Govt. Releases Guide on Securing Microsoft Office 365 (BleepingComputer) The National Cyber Security Centre Finland (NCSC-FI) which acts as Finland's National Communications Security Authority published today a detailed guide on how to secure Microsoft Office 365 against data breaches and credential phishing.

Design and Innovation

Cloudflare has a new plan to fight bots — and climate change (TechCrunch) Cloudflare is ratcheting up its fight against bots with a new “fight mode,” which it says will frustrate and disincentivize bot operators from their malicious activity. Bots are notorious for scraping websites and abusing developer access to download gobs of user data. All too often bot…

Doing more to protect your privacy with the Assistant (Google) More about how Google Assistant audio recordings work, and some changes we’re making.

Could EarEcho change the way we authenticate our phones? (Naked Security) Researchers have discovered a way to use wireless earbuds as a biometric authentication system.

Research and Development

The NSA General Counsel's Proposal for a Moonshot (Lawfare) Glenn Gerstell presented an interesting and surprising challenge last week, writing in the New York Times that the United States must be ready to face the “profound and enduring implications of the digital revolution.”

IBM hits back at Google's claim of 'quantum supremacy' (The Telegraph) IBM has hit back at Google’s claim of being close 'quantum supremacy' - the point at which a quantum computer could do calculations that would be impossible to complete by the world’s most powerful supercomputers.

Siemplify Awarded Patent for Innovative Method to Organize and Connect Cybersecurity Threat Data (Yahoo) Siemplify, the leading independent provider of security orchestration, automation and response (SOAR), today announced it has been awarded a new patent by the U.S. Patent and Trademark Office related to its ability to group and connect cybersecurity events


NSA/CSS Codebreaker Challenge kicks off at UTSA (UTSA Today) The National Security Agency/Central Security Service launches their 2019 Codebreaker Challenge with a tech talk at UTSA on Sept. 23.

Legislation, Policy, and Regulation

27 countries sign cybersecurity pledge with digs at China and Russia (CNN) Twenty-seven countries have signed a joint agreement on what constitutes fair and foul play in cyberspace — with a nod toward condemning China and Russia.

Joint Statement on Advancing Responsible State Behavior in Cyberspace - United States Department of State (United States Department of State) The following text is a joint statement affirmed by these countries: Australia, Belgium, Canada, Colombia, the Czech Republic, Denmark, Estonia, Finland, France, Germany, Hungary, Iceland, Italy, Japan, Latvia, Lithuania, the Netherlands, New Zealand, Norway, Poland, the Republic of Korea, Romania, Slovakia, Spain, Sweden, the United Kingdom, and the United States. Begin Text: Joint Statement on …

Top Democrat calls for new strategy to address China threats (TheHill) Sen. Mark Warner (D-Va.) on Monday called for a "comprehensive strategy" in dealing with China, saying the Trump administration should be less "erratic and incoherent" in its approach to Chinese threats in cyberspace and other areas.

Iran Is Testing the Trump Administration (Foreign Affairs) The United States needs to ask itself whether its strategy of "maximum economic pressure" against Iran matches the current test.

US ponders cyberattack to punish Iran, but such a move is not without risks (Boston Globe) Iran’s president called Sunday on Western powers to leave the security of the Persian Gulf to regional nations led by Tehran, criticizing a new US-led coalition patrolling the region’s waterways.

Trump Weighs Cyberattack on Iran (Foreign Policy) But Pentagon planners caution such a strike could prompt damaging retaliation.

Congress inches toward state and local cybersecurity aid (StateScoop) Legislation helping state and local governments fund cybersecurity programs after a spate of costly ransomware attacks is working its way through Congress.

Sen. Schumer calls on Dept. of Homeland Security to help NYS prepare for cyberattacks (News 12 Long Island) Sen. Charles Schumer wants federal help for New York State so it can guard against cyberattacks. 

Litigation, Investigation, and Law Enforcement

French cyber-cops shut down Monero Cryptomining Botnet for Cryptojacking 850,000 Computers - Tunf News (Tunf News) A massive botnet that attackers utilized for Monero (XMR) cryptojacking has finally been shut down by French police. On Aug. 27, BBC News reported that virus-laden emails which had erotic pictures or fast cash offers distributed the botnet when they were sent to unsuspected users. As a result, the users unsuspectedly spread the virus, dubbed …

Google wins landmark right to be forgotten case (BBC News) A privacy regulator had sought to force firm to delist links across the world and not just Europe.

European Court of Justice rules that 'right to be forgotten' doesn't apply outside the EU (Computing) ECJ rules that Google can't be compelled to de-link EU right to be forgotten requests worldwide

Google in legal battle with EU over  'right to be forgotten' (The Telegraph) Google has battled against France at the European Court of Justice in a landmark case to determine people's "right to be forgotten" online.

Companies Face Uncertainty Over Challenges to Trans-Atlantic Data Transfers (Wall Street Journal) Companies that move personal data from the EU to the U.S. must prove they handle the information securely and can choose from a handful of legal mechanisms to support such transfers. But court decisions expected in the coming months could force businesses to find other legal cover.

Investors accuse FedEx of lying, stock dumping after NotPetya attack (Naked Security) This is the second such suit, with shareholders asking why execs sold $40m+ of their shares while downplaying the ransomware attack.

Canada says officials did not act improperly when Huawei CFO was arrested (Reuters) There is no evidence Canadian border officials or police acted improperly when H...

WSJ News Exclusive | Snap Detailed Facebook’s Aggressive Tactics in ‘Project Voldemort’ Dossier (Wall Street Journal) The FTC’s antitrust probe is giving Facebook’s competitors a chance to air complaints. One of them is Snap, where the legal team kept a dossier of ways it felt Facebook was trying to thwart competition.

JP Morgan Hacker Pleads Guilty (Dark Reading) Andrei Tyurin, a Russian national, pleaded guilty to hacking charges related to a massive cyberattack campaign targeting US financial institutions and other companies.

Infantryman arrested for allegedly offering bomb-making instructions to target politicians, wanted to fight in Ukraine with far-right unit (Army Times) A 1st Infantry Division soldier has been charged with sending instructions on social media for making a bomb.

Former soldier pleads guilty in terrorist attack plot (Army Times) A 28-year-old Missouri man charged with plotting a terrorist attack on buses, trains and a train station in Kansas City has pleaded guilty to one count.

Former Top Enlisted Marine Warns Leaders to Watch Social Media Misbehavior ( Green said leaders must stay plugged into what's happening on social media.

Kim Philby’s astonishing confession lifts lid on Cambridge spies (Times) One afternoon in June 1934 a man with an east European accent met a young Cambridge graduate on a bench in Regent’s Park: the first man was Arnold Deutsch, a recruiter for Soviet intelligence; the...

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Industry 4.0 - Industrial Cyber Security and Industrial IoT (Chicago, Illinois, USA, September 23 - 24, 2019) The emergence of new digital industrial technology is a transformation to gather and analyze data across machines enabling faster, more flexible, and more efficient processes to produce higher-quality...

GlobalPlatform Technical Workshop (Shenzhen, China, September 24 - 25, 2019) GlobalPlatform is hosting two free-to-attend workshops in Shenzhen, China on 24th and 25th September. Both workshops will focus on device security and the deployment and use of secure devices. The agendas...

2019 FAIR Conference (National Harbor, Maryland, USA, September 24 - 25, 2019) Hosted by the FAIR Institute and our sponsoring partners, the 2019 FAIR Conference brings leaders in information and operational risk management together to explore best FAIR practices that produce greater...

SecureWorld New York (New York, New York, USA, September 25, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...

Little Rock Cybersecurity Conference (Little Rock, Arkansas, USA, September 26, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.