skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

Blackberry Cylance has released its study of a "suspected Chinese advanced persistent threat group" that's using the open-source PcShare backdoor modified for side-loading by a legitimate NVIDIA application. Once established, the attackers run a version of the Narrator ease-of-access application ("Fake Narrator") to achieve system-level access. The APT is interested in exfiltrating sensitive data, conducting reconnaissance, and moving laterally across networks. The researchers see some possible connection with the Tropic Trooper threat actor, a group that's been most active against targets in Taiwan and the Philippines, but they carefully avoid firm attribution.

Kaspersky says it's found renewed campaigns by Dtrack and the related ATMDtrack in India. Both have been associated with North Korea's Lazarus Group.

Sophos calls it "fleeceware:" Android apps that provide functionality freely available elsewhere, and that hit users with big fees after expiration of a trial period.

Bloomberg reports that acting US Director of National Intelligence Maguire will testify before the House Intelligence Committee today concerning President Trump's conversation with Ukrainian President Zelensky.

CBS News has a summary of compensation available under terms of the Yahoo breach settlement. You could get as much as $100, provided too many other people don't file, too. Also, you'll need to be able to demonstrate actual harm, like having already paid for a credit-monitoring service. You've got until March 6 to object to the arrangement, and until June 20 to file a claim. May it profit you.

Bravo, Emsisoft and Kaspersky, who have released decryptors for WannaCryFake, Yatron, and FortuneCrypt ransomware.

Notes.

Today's issue includes events affecting Canada, China, Czech Republic, France, European Union, India, Italy, Kazakhstan, Democratic Peoples Republic of Korea, Russia, Ukraine, United Kingdom, United States.

Bring your own context.

What's a guest network, and what good does it do us, Doctor?

"If you set up your router to have a guest network, it means that some of the computers that connect to this router can't see the other computers. They can go to the Internet, but they can't actually connect to other computers on your network. So even if they try to look for them or to scan for them, they won't be able to see. So if you have a device you really don't trust – maybe you bought a really cheap camera or a monitor or a sprinkler or something like that – and you really need it to connect to the cloud, but you don't want it to be hacking into your network, you would put this device on your guest network. And what happens that every time this router gets a network packet from this guest network, it won't send it over to the host network, which is where all your sensitive stuff is hiding. It will only send it to the Internet. This is at least how it's supposed to work."

—Dr. Yossi Oren from Ben-Gurion University of the Negev, on Research Saturday, 9.21.19.

There is, of course, a lot more to be said. Listen to the whole thing.

Is your cybersecurity program aligned with your business goals and objectives?

Cybersecurity is a business risk, not an IT problem, and a critical part of business strategy. Security should not be an afterthought. Taking a proactive approach facilitates board-level cyber initiative buy in, supports traction across business units, establishes management alignment for key priorities, and manages data complexity. Let Edwards Performance Solutions better structure and position your cybersecurity program – making it a business asset for continued success. Learn more

In today's Daily Podcast, out later this afternoon, we speak with Jonathan Katz of George Mason University; he gives us an overview of salting and hashing. Our guest, Greg Martin from JASK, describes the US Justice Department's efforts to improve outreach to hackers.

And Hacking Humans is also up. In this episode, "The usefulness of single sign on," Joe outlines online threats from social media. Dave shares a story of scammers try to scare a community into purchasing security products. The catch of the day features a promise of riches from Facebook's Mark Zuckerberg. Our guest is Yaser Masoudnia from LogMeIn, who addresses listener questions about Single Sign On.

Second Annual DataTribe Challenge (Online, October 1, 2019) Register now for a chance to be DataTribe's next world-class company. Finalists will split a $20,000 prize, and the winner may receive $2m in funding from DataTribe. Contestants have until October 1st to apply at www.datatribe.com/challenge­.

The 6th Annual Journal of Law and Cyber Warfare Symposium (New York, NY, United States, October 17, 2019) The 6th Annual Cyber Warfare Symposium features discussions around emerging cybersecurity issues, focusing on cyber warfare and how companies can respond to cyber-attacks. Use discount code CyberWire50 for 50% off. Email info@jlcw.org for a chance to receive a complimentary ticket.

Zero Day Con (Washington, DC, USA, October 22, 2019) Zero Day Con hosts a day of expert discussion on security approaches to regain control over your systems, data, and information. Join us to examine insights, security technologies, and key priorities to secure your systems. Get a 20% discount: CYBER_WIRE20

Cyber Attacks, Threats, and Vulnerabilities

Czech intelligence blames China for major cyber attack (CNA) China was behind a major cyber attack at a key government institution in the Czech Republic last year, the EU member's intelligence agency ...

LookBack in Anger: 17 US Utilities Firms Targeted by RAT (Infosecurity Magazine) Proofpoint issues update for ongoing phishing campaign

How Tortoiseshell created a fake veteran hiring website to host malware (Cisco Talos) A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group

Russian state hackers rarely share code with one another (ZDNet) A first-of-its-kind research project highlights the connections between nearly 2,000 samples of Russian APT malware.

Shock Android Warning: Millions Have Installed Apps Hiding A Nasty Trick—Uninstall Now (Forbes) Another week, another Google Play warning. But this one has a different twist.

‘Fleeceware’ apps overcharge users for basic app functionality (Sophos News) Unscrupulous publishers take advantage of Play Market policy loopholes to charge app users hundreds of dollars

Dtrack RAT is Behind Virulent ATM-Espionage Campaign (Threatpost) Seen this month attacking victims in India, the Dtrack malware is bent on financial gain and high-end spying.

Hackers Replace Windows Narrator to Get SYSTEM Level Access (BleepingComputer) Chinese hackers are replacing the legitimate Narrator app on targeted Windows systems with a trojanized version that gives them remote access with privileges of the most powerful account on the operating system.

PcShare Backdoor Attacks Targeting Windows Users with FakeNarrator Malware (Threat Vector) BlackBerry Cylance researchers have uncovered a suspected Chinese APT group conducting attacks against technology companies located in south-east Asia.

New NetWire RAT Variant Being Spread Via Phishing (Fortinet) NetWire is a Remote Access Trojan (RAT) malware that has been widely used for many years. Recently, FortiGuard Labs noticed a malware spreading via phishing email, and during the analysis on it, we discovered that it was a new variant of NetWire RAT.

Magecart skimmers seen targeting routers for customer Wi-Fi networks (Ars Technica) Web-skimming malware makers appear to be testing attacks against layer 7 routers.

Hackers looking into injecting card stealing code on routers, rather than websites (ZDNet) Magecart (web skimming) attacks are evolving into a direction where they're gonna be harder and harder to detect.

Magecart web skimming group targets public hotspots and mobile users (CSO Online) IBM researchers discover new Magecart scripts suggest planned advertisement injection through Wi-Fi and supply chain attacks.

Zero Day Vulnerability in Rich Reviews Plugin Exploited In The Wild (Wordfence) Description: XSS Via Unauthenticated Plugin Options Update Affected Plugin: Rich Reviews

Microsoft Phishing Attack Uses Google Redirects to Evade Detection (BleepingComputer) A new phishing campaign uses Google search query redirects to send potential victims to a phishing landing page designed to collect Microsoft Office 365 credentials via encoded URLs.

TrickBot or Treat – Knocking on the Door and Trying to Enter (Fortinet) The FortiGuard SE Team discovered a particularly interesting targeted attack towards the end of August in Virus Total. The attack targeted a supplier for a distribution/logistics provider to a nation state.

Docusign phishing scam using a compromised law firm webspace (My Online Security) Every now and again we see a phishing scam that stops you in your tracks and you think WTF. this is one of them. It starts with a fake Docusign email that contains a link to a bit.ly short url.

What kind of information do hackers get from hospital data breaches? (ConsumerAffairs) Cybersecurity continues to be at the forefront of consumers’ minds, especially when their personal information is involved. Now, a new study conducted...

70% of Data Involved in Healthcare Breaches Increases Risk of Fraud (HealthITSecurity) New research shows that the majority of patient data impacted by healthcare data breaches could be used for fraud or identity theft attempts, rather than sensitive medical data like diagnoses.

Detecting macOS.GMERA Malware Through Behavioral Inspection (SentinelOne) New malware hits macOS with well-worn techniques. Can behavioral detection prevent attacks that evade legacy AV and built-in Apple security?

Tracking the Chameleon Spam Campaign (Trustwave) In this blog, we draw attention to a persistent high-volume spam campaign that has been very prominent in our spam traps recently. The various campaigns emanate from the same spam botnet system and often resemble phishing messages, although they are typically not. The messages have randomized headers, and the templates often change, hence the moniker ‘Chameleon.’

When Seeing Isn’t Believing: Deepfakes in the Digital Age (Infosecurity Magazine) Deepfakes are the new visual content taking the social media sphere by storm

Contributing Data to Deepfake Detection Research (Google AI Blog) Posted by Nick Dufour, Google Research and Andrew Gully, Jigsaw Deep learning has given rise to technologies that would have been thought ...

The campaign is similar to the "Ave-Maria" malware observed earlier (Gadget Now) This campaign is particularly dangerous because it has similarities with the “Ave-Maria” malware which came with DLL hijacking capability that allowed it to get advanced admin access and bypass traditional detection methods. This malware can also secretly download other plugins and malicious content.

BBB warns of Facebook scam asking 'Is this you?' (13 WTHR Indianapolis) The Better Business Bureau is warning the public of a phishing scam hitting Facebook users.

Charlottesville Officials Respond to Security Breach, Experts Offer Tips (NBC 29) The city of Charlottesville announced a security breach has affected some current and former utility customers by exposing some of their personally identifiable information.

Email Restored At Livermore City Hall Following Cyber Attack (Livermore, CA Patch) If you emailed the city while email was down, please allow several days for a response while staff downloads past messages.

Possible data breach affects 8,500 Palm Bay residents who used online billing system (WFTV) The city of Palm Bay is monitoring a possible data breach involving the city’s online utilities payment system. 

Longueuil reveals that it was recently hit by a cyberattack (Montreal) The city says it has managed to maintain all services to citizens, 911 and online service.

Georgia State Patrol working on computer fix after cyber attack (Atlanta Journal Constitution) Three months after hackers struck, the Georgia Department of Public Safety has 50 workers trying to mitigate the damage to its computer system and regain access to records.

Iowa city officials warn about security breach affecting 1,000 people who paid parking tickets online (Des Moines Register) The breach occurred on the city's web server its uses to communicate with Click2Gov, a third-party vendor. That server has since been replaced.

FBI investigating ransomware attack on Smyth school system (SWVa Today) Payroll was the biggest concern, but that was quickly resolved and school employees will be paid on time.

Yet Another U.S. School District Has Been Ravaged By Malware (Forbes) Yet another American school has been hit with a devastating cyberattack.

Cyberattacks vandalized Kansas county websites in August, exposing security weaknesses (The Garden City Telegram) Cyberattacks crippled the websites of about a dozen Kansas counties in early August — replacing their homepages with cryptic

Wisconsin couple describes the chilling moment that a hacker cranked up their heat and started talking to them through a Google Nest camera in their kitchen (Business Insider) Samantha Westmoreland said she didn't suspect a hacker until she heard a voice talking through a Nest camera in her kitchen.

Security Patches, Mitigations, and Software Updates

Microsoft rushes out fix for Internet Explorer zero-day (Naked Security) Microsoft has rushed to patch two flaws affecting IE versions 9 to 11, one of which the company says is being exploited in real attacks.

Debian Releases New Linux Kernel Security Update for Debian 10 and Debian 9 (Softpedia) The security update fixes five vulnerabilities.

Adobe Fixes Critical Security Vulnerabilities in Coldfusion (BleepingComputer) Adobe released security updates for three vulnerabilities in ColdFusion. Two of these vulnerabilities are rated as Critical as they allow code execution and can bypass access controls. The other is an labeled critical as it allows information disclosure.

Cyber Trends

6 IoT Security Reminders Three Years After Mirai (IoT World Today) IoT security may have had its moment in the limelight in late 2016, but the story has only gotten more interesting in the intervening years. 

WatchGuard’s Internet Security Report Finds Malware Hiding on Popular Content Delivery Networks (socPub) Kali Linux modules make malware top ten list with dramatic year-over-year increase in malware volume and increasing focus on Europe 25 September 2019 – WatchGuard’s® latest quarterly Internet Security Report reveals and ranks the most common domains attackers use to host malware and launch phishing attacks.

Independent Study Uncovers Biggest Security Challenge Companies Face (PR Newswire) Panaseer, the first Continuous Controls Monitoring platform for enterprise cybersecurity, today released...

Independent Study Uncovers Biggest Security Challenge Companies Face (Panaseer) Misplaced confidence in cybersecurity tools revealed a key challenge for security leaders

99% of misconfiguration incidents in the cloud go unnoticed (Help Net Security) 99% of IaaS misconfigurations go unnoticed—indicating awareness around the most common entry point to new “Cloud-Native Breaches” (CNB) is extremely low.

Malicious RDP Behavior Detected in 90% of Organizations (Infosecurity Magazine) Popular remote working tool is favored hunting ground of cyber-criminals

RiskSense Reveals Major Vulnerabilities used in Enterprise Ransomware (CISO MAG) RiskSense revealed the list of topmost vulnerabilities used across multiple ransomware attacks targeting public and private firms

Enterprises Lack Clear Security Guidance for 5G (Decipher) Enterprises need guidance on how to get ready for 5G networks, but the current fear-mongering about Huawei doesn’t give enterprises the information they need to make sure the applications are secure.

Marketplace

Once Ripe for Taking, Computer Security Market Reveals Winners—and Losers—Cyber Saturday (Fortune) The "endpoint" cybersecurity era is ending—HP bought Bromium, VMware took Carbon Black, Symantec sale rumored—as winners like CrowdStrike arise.

Making money from cyber security (ETF Stream) Cyber security is designed to reduce the risk of cyber attacks and protect against the exploitation of networks and technology. It’s intended to be a big part of the future, but should you be investing in it?

Sharp Questions Can Help Boards Oversee Cybersecurity (Wall Street Journal) Corporate directors say they are more informed about cybersecurity risks than they were a few years ago but they might not be taking the right steps to verify what they hear from senior executives, according to governance experts.

Integrating Cybersecurity Into M&A Compliance Reviews: Avoiding Hidden Cyber Risks In The Acquisition Of Government Contractors (JD Supra) So you want to acquire a government contractor? Makes sense, and you’re not alone. Over the past few years, the federal contracting landscape...

Alibaba heralds 'data intelligence' era, but likely faces security concerns over Chinese ties (ZDNet) Chinese tech vendor will likely face spillover concerns over security as it looks to become a hardware and software powerhouse with the launch of its Hanguang 800 artificial intelligence chip, but the thing that will prove to be a valuable proposition will be its ties to China.

The Huawei Story: An Analysis (Infosecurity Magazine) Reflecting on the ongoing dispute between the US and the Chinese telecoms company Huawei, and what the future might have in store

Huawei's 5G Ban Will Benefit Ericsson, Nokia - But Will They Keep Up? (Wccftech) National security is a major concern on the US government’s mind as 5G networks start to mature. American carriers, especially smaller ones based in rural areas, use Huawei’s equipment extensively to provide telecommunications services to users who might not be able to stay connected otherwise. But in 5G, courtesy of the Trump administration’s hard stance, …

CyberFortess of San Antonio Lands $3 Million in Funding to Develop its Insuretech Product (SiliconHills) CyberFortess, an insuretech startup, announced Wednesday that it has received $3 million in seed-stage funding. The San Antonio-based startup, founded in 2018, plans to use the funding to hire additional employees, develop its product and launch into the Texas market early next year. Greycroft and LiveOak Venture Partners led the round. Existing investor Monte Tulum …

Belcan acquires Lagoni Engineering – Aerospace Manufacturing Magazine (Aerospace Manufacturing Magazine) Belcan, a global supplier of engineering, supply chain, technical recruiting, and IT services has announced the acquisition of Lagoni Engineering, a London-based multi-disciplinary engineering consultancy and technical services provider focused on the energy industry. Terms of the transaction were not disclosed.

Centauri Buys Kord Technologies (WashingtonExec) In an effort to bolster its defense technology capabilities, Centauri has acquired Kord Technologies, Inc., an integrated defense and aerospace firm

Leonardo eyes partnerships in cyber security expansion - CEO (Reuters) Italian defence group Leonardo is seeking partnerships with hi-tech companies in...

A new contract offers on-demand support for cyber missions (Fifth Domain) The $590 million GSA contract will not only support DoD, but also agencies' needs across the government.

LORCA Launches Open Call for Fourth Cohort of Cybersecurity Innovators (Infosecurity Magazine) Latest cohort will receive bespoke support with scaling in the UK and abroad

Optiv Survey: 58% of CISOs Believe Experiencing a Data Breach Makes Them More Attractive to Potential Employers (BusinessWire) Optiv Security has published a new “State of the CISO” that explores how chief information security officers (CISOs) perceive the state of their profe

Cybersecurity: Why you should hire staff from firms which have fallen victim to hackers (ZDNet) It used to be the case that staff who'd dealt with the fallout of a cyber attack were seen as having failed - but they could be the answer to protecting your organisation from data breaches and cyber incidents.

Baby Rhino Adopted by Rhino-Inspired, Reston-Based Cybersecurity Company (Reston Now) ThreatQuotient, a Reston-based cybersecurity firm, has a new creature under its wing: baby rhino Mtetho.

Products, Services, and Solutions

Cyber Catalyst by Marsh Designation for Aruba Policy Enforcement Firewall and HPE Silicon Root of Trust Enables Organizations to Reduce Risk (Aruba Blogs) Marsh McLennan and eight leading cyber insurance underwriters have joined together to help organizations invest in security solutions that will reduce risk.

Netskope Receives FedRAMP Authorization for Security Cloud Platform (PR Newswire) Netskope, the leader in cloud security, today announced that its Security Cloud Platform meets the Federal...

Cloudflare Launches Its Security-Focused Mobile VPN, Again (Wired) When the company first launched the Warp VPN, “all hell broke loose,” its CEO says. After a few months of tinkering, Cloudflare wants a do-over.

WARP is here (sorry it took so long) (The Cloudflare Blog) Today, after a longer than expected wait, we're opening WARP and WARP Plus to the general public. If you haven’t heard about it yet, WARP is a mobile app designed for everyone which uses our global network to secure all of your phone’s Internet traffic.

You Need a Password Manager. Here Are the Best Ones (Wired) We picked our favorite password managers for PC, Mac, Android, iPhone, and web browsers.

Oracle’s Autonomous Cloud Security Claims Met with Skepticism (Data Center Knowledge) Is it really possible to eliminate data breaches by eliminating human operators, and would Oracle be the one to do it?

Honeywell launches Forge Cybersecurity platform for IIoT (ZDNet) The platform aims to help businesses manage common security pain points for operational technology (OT) and Industrial Internet of Things (IIoT) environments.

Amazon announces new 'Home Mode' privacy feature for Ring doorbells (CNET) The video doorbells won't record when owners are home, if they want it that way.

Founded by Medical Doctors, Clinical Cyber Defense Systems (CCDS) Launches Security Analytics Platform (HIT Consultant) Founded by two medical doctors, Clinical Cyber Defense Systems (CCDS) launches in Boston with a new security analytics platform called DYNAMIKANALYTIX.

Securonix Integrates MITRE ATT&CK Framework into Analytics and Threat Hunting (West) Securonix, Inc., a leader in modern SIEM, announced an analytics and threat hunting content package that leverages the MITRE ATT&CK framework as a standard for predicting, detecting and investigating advanced cyber threats.

Technologies, Techniques, and Standards

NIST to Finalize Privacy Framework Soon (BankInfo Security) The National Institute of Standards and Technology expects to release its much anticipated privacy framework by year’s end. It’s now accepting comments on the

NIST Releases Cybersecurity Guide for Energy Sector to Improve Operational Technology (Security Magazine) The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) built a laboratory environment to demonstrate how energy organizations can strengthen their operational technology (OT) asset management practices by leveraging capabilities that may already exist within their operating environment or by implementing new capabilities.

Energy is using cyber risk assessments to make cloud decisions (FedScoop) The Department of Energy has started factoring quantitative cybersecurity risk into its internal budget decisions. DOE adopted the Factor Analysis of Information Risk (FAIR) management framework and has begun initial, daily risk assessments at interested national laboratories, Emery Csulak, the department’s chief information security officer, told FedScoop. This fall, DOE plans to onboard even more …

How To Create a Modern Ransomware Security Strategy (Communal News) After sharp spikes in ransomware attacks in recent years, the total number of incidents is trending downward in 2018. But that’s not necessarily good news because these attacks also are becoming more targeted and potentially more dangerous. Unit 42, the research arm of Palo Alto Networks, says it tracked 890,000 ransomware attacks across state and ...

Riding the cybersecurity compliance wave: How defense contractors can navigate the rising tide of cybersecurity regulations (Lexology) Cybersecurity attacks targeting government information have drastically increased, and both the federal government and private industry have…

Google takes sole stand on privacy, rejects new rules for fear of 'authoritarian' review (Register) Lone 'no' vote nixes renewal of W3C's Privacy Interest Group

TikTok—Yes, TikTok—Is the Latest Window Into China’s Police State (Wired) Expat Uyghurs are gaming the social platform known for fluff to find loopholes in Xinjiang’s information lockdown.

Ransomware Decryptors Released for Yatron, WannaCryFake, & FortuneCrypt (BleepingComputer) Security vendors released decryptors for three ransomware infections today that allow victims to recover their files for free. These decryptors are for the WannaCryFake, Yatron, and FortuneCrypt Ransomware infections.

Private internet browsing won't protect you as much as you think (ABC7 Chicago) Private browsing options can help you hide your internet history, but they might not offer as much protection as you think.

Security Awareness for the Masses (Infosecurity Magazine) From an attacker perspective, there are three broad areas of attack

How can we thwart email-based social engineering attacks? (Help Net Security) More than 99 percent of cyberattacks rely on human interaction to work. More often than not, the principal attack method is phishing emails.

6 actions to take after your personal data is disclosed by a breach (TechGenix) Companies hit by data breaches get the headlines, but the affected users get the headaches. Victims should consider these data breach remedial actions.

Cybersecurity automation? Yes, wherever possible (Help Net Security) Cybersecurity automation is invaluable when it comes to performing asset discovery, evaluation and vulnerability remediation, and much more.

Design and Innovation

'Privacy by Design': Building Better Apps (BankInfo Security) Technology companies often don't build in controls to protect privacy during the application development process, says Jason Cronk, a lawyer and privacy engineer.

Amazon pushes Alexa privacy with new delete options (The Verge) ‘Alexa, delete what I just said’

Twitter’s new policy bans financial scams (Naked Security) “Oh no! However shall I give away Bitcoin to all my followers?” sobbed a bunch of crooks.

Research and Development

DOD to Lay Foundation for AI-based Cybersecurity (FedTech) The Pentagon’s Joint Artificial Intelligence Center will work with other agencies and vendors to standardize the collection of cyber data.

Steering Young Hackers in the Right Direction (Infosecurity Magazine) Early signs of autism spectrum disorder, along with other factors, could signal tech-savvy teens headed for trouble

Academia

UNF School of Computing recognized for cyber defense education (WJXT) The University of North Florida was recognized for its cyber defense education.

Legislation, Policy, and Regulation

Analysis | Saudi, UAE Twitter takedowns won’t curb rampant disinformation on Arab Twitter (Washington Post) Recent activity by social media networks to rein in bot and troll networks is only a token gesture.

China Wants the World to Stay Silent on Muslim Camps. It’s Succeeding. (New York Times) Beijing is using economic and diplomatic pressure to quash any outcry, while governments are reluctant to risk financial ties and trade deals.

Italy towards an effective National Cyber Security Strategy: new obligations for ICT companies in the context of cyber security, 5G network and golden power (Lexology) Following the transposition of the NIS Directive (Legislative Decree no. 65 of May 18th, 2018), the Italian Government has recently taken a further…

Huawei 5G backdoor entry unproven (The Economic Times) The controversy surrounding the Chinese telecom giant was triggered by the US stance that Huawei should be barred from 5G network rollouts due to concerns on alleged cyber snooping.

Huawei espionage concerns reach UK (JD Supra) The UK 5G debate is emblematic of protectionist sentiments in the technology sector. Huawei and the technology cold war - ...

Analysis | The Cybersecurity 202: White House blocking Congress from auditing its offensive hacking strategy (Washington Post) Rep. Jim Langevin says it might be time to force the president's hand.

Lawmakers Approve Cybersecurity Advisors for Homeland Security (Bloomberg) The Department of Homeland Security would get a cybersecurity advisory board of local government and business representatives under a bill approved unanimously by the House Homeland Security Committee.

Senate approves bill to boost cyber assistance for federal agencies, private sector (TheHill) The Senate on Tuesday passed legislation intended to boost the federal government’s ability to respond to and assist agencies and private sector companies in the event of debilitating cyber incidents. 

National Emergency Communications Plan (CISA) The National Emergency Communications Plan (NECP) is the Nation’s strategic plan to strengthen and enhance emergency communications capabilities.

Is there a plan to protect the electric grid from cyberattacks? (Fifth Domain) The Government Accountability Office examined whether a national strategy exists to identify and respond to cybersecurity threats.

Watchdog: Energy Department not doing enough to protect grid against cyber attacks (TheHill) A report released Wednesday by the Government Accountability Office (GAO) found that the Department of Energy (DOE) has not done enough to protect the electrical grid against increasing cyber attack attempts, the same day a Senate committee approv

CISA to announce NCCIC restructuring to reflect merger of cyber 'watch' functions (Inside Cybersecurity) The DHS Cybersecurity and Infrastructure Security Agency is poised to announce a restructuring of the National Cybersecurity and Communications Integration Center, which an official says is intended to unify cyber “watch” functions from across the agency.

New York, Nevada, Washington and Oregon Enact Privacy Laws and Expand Data Breach Notification Requirements, Which May Apply Even to Businesses Located in Other States (Lexology) Various states have enacted or expanded privacy laws in the past few months. This is unsurprising, given the general trend towards increased consumer…

Maryland insurers must follow new data breach rules: 4 things to know. () As of Oct. 1, health insurance providers in Maryland must notify the Maryland Insurance Administration if patient information is exposed in a cybersecurity incident, according to the HIPAA Journal.

Litigation, Investigation, and Law Enforcement

How a sanctions-busting smartphone business thrives in North Korea (Reuters) North Korea is evading U.N. sanctions to cash in on soaring domestic demand for ...

Attorney General Barr Seeks DOJ Facebook Antitrust Probe (Bloomberg) Facebook now target of two federal cases simultaneously. FTC already has separate Facebook investigation underway.

Google takes hard line, refuses to pay French news sites despite new law (Ars Technica) Google is taking a hard line in negotiations with European news sites.

Experts Question ECJ’s Right to be Forgotten Ruling (Infosecurity Magazine) Google victory raises more questions on GDPR’s territorial extent

Spy Chief to Face Democrats on ‘Disturbing’ Whistle-Blower Claim (Bloomberg) Acting DNI Maguire to testify in House Intelligence hearing. Ukraine allegations at center of Democrats’ impeachment pledge.

Ukraine's president says Trump could not have pressured him—and only person who can "is my son who is 6" (Newsweek) Volodymyr Zelensky is meeting the U.S. president at the United Nations, as controversy grows over the allegation that Trump urged him to investigate Joe Biden and his son, Hunter.

How Trump’s Ukraine Mess Entangled CrowdStrike (Wired) A US cybersecurity company became a topic of interest for President Donald Trump in his call with Ukraine’s Volodymyr Zelensky.

Why Trump asked Ukraine's president to look into CrowdStrike, a U.S. cybersecurity company that recently went public (CNBC) The company, CrowdStrike, is a security software vendor that went public earlier this year.

Trump impeachment inquiry: Call log reveals president pressed Ukraine to investigate Biden (Times) President Trump pressed Ukraine’s leader to help him to substantiate corruption allegations against Joe Biden and his son while repeatedly reminding him of his reliance on American military aid...

Hunter Biden: Corruption in Kiev lies at the heart of Donald Trump’s claims (Times) Hunter Biden entered the murky world of Ukrainian business at a time when his father was trying to press a new government in Kiev to clean up its act or miss out on hundreds of millions of dollars...

Opinion | Democrats’ double standard on Ukraine (Washington Post) Joe Biden's son's career is a clear conflict of interest.

This time, Democrats think Trump is cornered (Times) In some curious Anglosphere danse macabre, the political and legal paths of Boris Johnson and Donald Trump seem to be moving in parallel. This week, as the prime minister was rebuked by the Supreme...

Hacker House shoved under UK Parliament's spotlight following Boris Johnson funding allegs (Register) Half of government grant to infosec training biz suspended as MPs demand probe

An illegal prostitution ring took Kazakhstan offline (HackRead) On 31st July 2019, internet users within Kazakhstan experienced a show of dismay unseen before.

Teenage TalkTalk hacker indicted in US (BBC News) A young man from Norfolk faces court over cryptocurrency computer fraud.

Teenage TalkTalk hacker accused of $800,000 cryptocurrency theft in the United States (Graham Cluley) Elliott Gunton – aka “Glubz” – is charged in relation to the December 2017 security breach of cryptocurrency exchange EtherDelta.

USA: Russian Hacker Admits Largest Theft of Data in History (OCCRP) A Russian hacker pleaded guilty before the US District Court in Manhattan on Monday, admitting “one of the largest thefts of customer data from a US financial institution in history,” Geoffrey S. Berman, the US Attorney for the Southern District of New York, announced.

Senator Demands Imaging Firm Share Cybersecurity Practices After Breach (HealthITSecurity) Sen. Warner is asking TridentUSA and affiliate MobileXUSA to explain its cybersecurity practices, after ProPublica reported the imaging firm breached the data of millions from an unencrypted server.

Roger Stone Judge Won’t Let Defense Tie Case to Russian Hackers (Bloomberg) Roger Stone was charged as part of the investigation of Russian interference with the 2016 U.S. presidential election, but jurors at his November trial won’t hear much about that probe after a federal judge barred his lawyers from basing their defense on what it failed to conclusively prove.

District Court dismisses investors’ 2017 data breach claims (Lexology) On September 18, the U.S. District Court for the Northern District of California dismissed with prejudice a class action suit brought against an…

Cash in on Yahoo's Data Breach Settlement, but Don't Expect a Big Pay Day (WFMY) Yahoo is paying people affected by data breaches from 2012-2016. But as more people file a claim, the less money you'll get

Kerala Police Announce India's First Cybersecurity Team Dedicated to Child Exploitation Investigations (PR Newswire) Kerala Police unveiled today the successes of the first dedicated Child Sexual Exploitation (CSE) Cyber Security...

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Little Rock Cybersecurity Conference (Little Rock, Arkansas, USA, September 26, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

The Risk Institute's 6th Annual Conference: Emerging Technologies (Columbus, Ohio, USA, September 26, 2019) The Risk Institute at The Ohio State University Fisher College of Business, a leading risk-management research organization, will host its Sixth Annual Conference, focused this year on Emerging TechnologiesThe...

Security Leaders Summit Boston (Boston, Massachusetts, USA, September 26, 2019) If there is anything that unifies CISOs, change is the one constant. For 2019, the focus is on the rapid evolution of the security industry, the rising tide of visibility on security organizations, and...

Securing Elections – Global Lessons Learned (Washington, DC, USA, September 26, 2019) A forum on securing elections featuring global experts on policy and operations from the public and private sectors. The discussion will address risks, vulnerabilities, best practices and what needs to...

Detect '19 (National Harbor, Maryland, USA, September 29 - October 2, 2019) Insights from compelling customer presentations highlighting real-world threat intelligence big data issues. Threat intelligence data is a valuable asset for security teams who unlock the value it contains.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.