skip navigation

More signal. Less noise.

Get trending threat insights delivered to your inbox.

Do you want trending information on hackers, exploits, and vulnerabilities every day for free? Subscribe now to the Recorded Future Cyber Daily.

Daily briefing.

Chinese espionage services are, according to FireEye, vigorously prospecting Cambodian political, media, and government targets in advance of that country's elections.

The large Ticketmaster breach disclosed on June 17th was, according to RiskIQ, just a small part of a much larger criminal card-skimming operation. Magecart, a criminal gang that's been active since at least 2015, is thought responsible. The entire caper extends to somewhat more than eight-hundred e-commerce sites worldwide. Magecart works by installing skimmer software into third-party components and services used by the retail sites.

iPhones have been crashing as they enter a denial-of-service condition that Apple patched Monday. The problem seems, observers say, to be related to Apple's willingness to placate China's government by ensuring that iOS devices in China won't display Taiwan's flag among its emoji options. Digita Security's Patrick Wardle, who investigated, believes devices crashed because iOS was coded to treat the Taiwan emoji as an invalid input. Confusion over location and language settings appear to trigger the problem.

The Pirate Bay is now telling users, upfront, that it intends to cryptojack their CPUs. They can like it or lump it: install an adblocker or get off their site.

The US Congress continues to question Google and Apple over user-tracking practices.

Facebook also remains under scrutiny. The UK's Information Commissioner has fined the company £500 thousand. Observers dismiss this as chickenfeed, but the Commissioner also called for an "ethical pause" in micro-targeted advertising, which could be more consequential if it turns out to more than aspirational.


Today's issue includes events affecting Australia, Cambodia, China, Mexico, NATO/OTAN, Russia, Untied Kingdom, United States.

Is your malware lab a pain to use? Want a ridiculously easy to use malware lab?

Security teams who use a cloud browser can reduce the time spent investigating cases by more than 50%. Instead of wasting time spinning up a VDI, using Tor or connecting to a jumpbox, get online in seconds with Silo, a secure cloud browser and egress from hundreds of points of presence around the world.

In today's podcast, we speak with our partners at the SANS Institute, as Johannes Ullrich (dean of research and proprietor of the Stormcast Podcast) discusses ways of securing DNS. Our guest, Ken Spinner from Varonis, cautions us against not allowing ourselves to be distracted by high-profile threat cases.

The Cyber Security Summit: Seattle on July 19 and Chicago on August 29 (Seattle, Washington, United States, July 19, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, The NSA, Dell, CenturyLink and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350).

Dragos Industrial Security Conference (DISC) 11/5/18 (Hanover, Maryland, United States, November 5, 2018) Reserve your spot now for the Dragos Industrial Security Conference (DISC) on November 5th, 2018. DISC is a free, annual event for our customers, partners, and those from the ICS asset community. Visit for more information.

Cyber Attacks, Threats, and Vulnerabilities

Chinese Cyber-Spy Hackers Target Cambodia as Elections Loom ( Chinese cyber spies have targeted Cambodian government institutions, opposition party members, diplomats and media, possibly to gather information ahead of elections later this month, according to cybersecurity firm FireEye Inc.

Ticketmaster Breach Part of Massive Payment Card Hacking Campaign (Dark Reading) Threat actor Magecart has infiltrated over 800 e-commerce sites with card skimming software installed on third-party software components, RiskIQ says.

Ticketmaster breach part of massive credit card skimming campaign (Help Net Security) RiskIQ researchers have discovered that the Ticketmaster breach was part of a massive card-skimming campaign affecting 800+ e-commerce sites.

Inside and Beyond Ticketmaster: The Many Breaches of Magecart (RiskIQ) The hack of Ticketmaster was not a one-off event, but part of a massive digital credit card-skimming campaign by the threat group Magecart.

Asian APT Groups Most Active in Q2 (Dark Reading) Researchers at Kaspersky Lab published data on the most prolific threat groups and campaigns, compiled from private intelligence reports developed this quarter.

iPhone crashing bug likely caused by code added to appease Chinese gov’t (Ars Technica) Apple fixed the denial-of-service flaw in update released Monday.

Apple's China-Friendly Censorship Caused an iPhone-Crashing Bug (WIRED) Security researcher Patrick Wardle's friend thought China had hacked her iPhone. In reality, a bug crashed it any time she used a Taiwanese flag emoji.

Another Linux distro poisoned with malware (Naked Security) Arch Linux user repository altered to host malware, Arch maintainers say they’re “surprised it doesn’t happen more often”.

Security Researchers Find New Loophole in IAB's Ad Fraud Prevention Framework (Ad Week) Thousands of apps are masquerading as premium publishers in order to bypass new industrywide protections against ad fraud, according to new data.

Cryptocurrency Social Engineering Schemes Helped Criminals Net Nearly £7.5 Million Last Year (Information Security Buzz) Kaspersky Lab experts have exposed a relatively new fraudulent trend: the development of cryptocurrency is not only attracting investors, but also cyber-criminals seeking to boost their profits. During the first half of 2018, Kaspersky Lab products blocked more than a hundred thousand triggers related to cryptocurrencies on fake exchanges and other sources. With each attempt, …

Malware and ransomware see huge rises across the world (IT Pro Portal) Cybercriminals turn to encryption to help deliver their malicious payloads.

Ransomware back in big way, 181.5 million attacks since January (Help Net Security) The 2018 SonicWall Cyber Threat Report offers insight into numbers for malware volume, ransomware attacks, encrypted threats and chip-based attacks.

The Pirate Bay: We mine Monero from your CPU, install Adblocker or leave (HackRead) The Pirate Bay is now displaying a message on its home page stating that it uses visitor's CPU to mine Monero coins.

Security Patches, Mitigations, and Software Updates

Patch Tuesday, July 2018 Edition (KrebsOnSecurity) Microsoft and Adobe each issued security updates for their products today.

Microsoft Fixes 17 Critical Bugs in July Patch Tuesday Release (Threatpost) Microsoft patches 17 critical bugs and 34 important bugs as part of its monthly security bulletin.

Microsoft July Security Updates Mostly Browser-Related (Dark Reading) Patch Tuesday includes 53 security updates, including mitigation for the latest side-channel attack.

July Patch Tuesday: Large Adobe Security Update and Patches for 18 Critical Microsoft Vulnerabilities (TrendLabs Security Intelligence Blog) Patch Tuesday for July addresses 53 Microsoft and 107 Adobe vulnerabilities.

Over 100 Vulnerabilities Patched in Adobe Acrobat, Reader (SecurityWeek) Adobe has patched over 100 vulnerabilities in Acrobat and Reader, and several flaws in some of the company’s other products

Update Flash (and Adobe Acrobat) now! (Naked Security) Flash: “I’ve got a critical vulnerability.” Acrobat: “hold my beer…”

Cyber Trends

IBM Study: Hidden Costs of Data Breaches Increase Expenses for Businesses (IBM News Room) IBM (NYSE: IBM) Security today announced the results of a global study examining the full financial impact of a data breach on a company's bottom line. Overall, the study found that hidden costs...

Businesses Collect More Data Than They Can Handle, Reveals Gemalto (BusinessWire) With pressure to ensure consumer data is protected mounting, Gemalto, the world leader in digital security, today released the results of a global stu

Microsoft bug reports up 121%, virtualization software bugs up 275% (CSO Online) The Zero Day Initiative saw a 33% increase in the number of bugs reported so far in 2018, which may shatter 2017's 'busiest year ever' record.

HackerOne Report Unveils Latest Hacker-Powered Security Trends From Largest Vulnerability Data Set (BusinessWire) HackerOne, the leading bug bounty and vulnerability disclosure platform, today announced findings from the 2018 Hacker-Powered Security Report, based

'White hat' hacker rewards skyrocket as cyber attack threat looms (The Telegraph) Technology giants are handing out record payouts to stay-at-home hackers who spot bugs in their products according to industry insiders.

ThreatConnect Research Finds Majority of Cybersecurity Leaders Say Threat Intelligence Programs Successfully Blocked Attacks and Prevented Breaches Last Year (ThreatConnect) Organizations credit threat intelligence programs with saving businesses an average of $8.8 million over twelve month

Innovation in healthcare: A hacker's dream and CISO's nightmare? (Help Net Security) Ground-breaking tech inevitably comes with associated risks, and it is important to weigh up the benefits of innovation with the potential cyber threats.

Not enough CISOs and business leaders cooperate on a cybersecurity plan and budget (Help Net Security) Accenture survey finds fewer than one-third of CISOs and business leaders collaborate on a cybersecurity plan and budget.


PE Firm Thoma Bravo Buys Majority Stake in Centrify (SecurityWeek) Private equity investment firm Thoma Bravo said it will acquire a majority interest in identity and access management (IAM) solutions firm Centrify.

Cybersecurity provider Mimecast acquires Bethesda company (Washington Business Journal) International email and data security company Mimecast Ltd. has acquired Ataata Inc., a Bethesda cybersecurity training and awareness platform.

Bomgar Acquires Avecto to Provide a Best-in-Class PAM Solution Suite (Bomgar) With Avecto’s endpoint privileged management technology, Bomgar customers can remove excess admin rights throughout their organizations, and only elevate privileges for approved applications and actions.

4 of the most highly-anticipated tech IPOs in the pipeline (TheStreet) The IPO market is back in action, with tech companies driving the most excitement and highest returns. Here's a look at who's on deck.

SonicWall CEO rubbishes redundancy reports but confirms 'pulling resources' in Asia (CRN) Vendor says that EMEA has not been impacted by the changes,Security,Vendor ,SonicWall,Infinigate,vendor,UK

BAE launches cyber security intelligence network (Sky News) The industry forum has been launched to address the difficulties that companies are having in sharing cyber security intelligence.

Teramind Announces Record Growth with Key Customer Acquisitions, Opens (PRWeb) Teramind Inc., a leading global provider of insider threat and data loss prevention (“DLP”) solutions, today announced record breaking 2Q2018 performance.

Palo Alto Networks proposes USD 1.5 billion senior notes offering (Telecompaper) Global cyber security platform provider Palo Alto Networks has announced a proposed USD 1.5 billion offering of convertible senior notes due 2023, subject to market conditions and other factors.

Cellebrite's newest target: Your IoT-infested home (Cyberscoop) A new set of technical updates, commercial webinars and sales pitches from Cellebrite outline the company's drive into IoT.

Georgia looks to build on the Army’s cyber investment (Fifth Domain) When complete, the $100 million facility will be home to cybersecurity research, training and operations.

Cyber innovation centre opens (New Electronics) London cyber innovation centre opens and welcomes first cohort of UK-based cyber security businesses.

Huntsmam Security Expansion in Australia (PRWire) Huntsman Security announced today its expansion in the Australian market to support the increasing demand for the ASD Essential Eight Monitoring  solution that gives organisations the ability ...

Products, Services, and Solutions

Ivanti Unifies IT, Service Management and Security Operations with Ivanti Automation (Ivanti) Free for Integration with Ivanti Products, Ivanti Automation Streamlines the Management of Infrastructure, Cloud and Workspace Processes Across the Ivanti Product Portfolio and Beyond

Cryptomathic Signer Achieves eIDAS Certification for Remote Qualified Electronic Signatures (Cryptomathic) Banks and trust service providers across Europe can now benefit from a new gold standard in remote qualified electronic signatures, following the eIDAS certification of Cryptomathic’s remote qualified eSignature solution, Signer.

Illumio Achieves Federal Compliance for Securing High Value Assets (PRNewswire) Software-defined micro-segmentation solution achieves Common Criteria "in evaluation" milestone and FIPS 140-2 compliance to support digital transformation efforts for the government

Proofpoint Launches Innovative Cloud Account Defense Solution to Detect and Respond to Compromised Microsoft Office 365 Accounts (GlobeNewswire News Room) Cybersecurity leader enables organizations to detect, investigate, and remediate Microsoft Office 365 credential theft, mitigating financial and data loss

5nine Expands Platform with Hybrid Cloud Management and Security for M (PRWeb) 5nine, a provider of security and management solutions for the Microsoft Cloud, today announced it is expanding the 5nine solution suite to support the...

Checkpoint Systems and Impinj team to create ARC-qualified RFID inlay (Help Net Security) The Vortex R6-A inlay is based upon the Monza R6-A tag chip, which helps retailers implement “Privacy by Design” principles to protect consumer privacy.

Nozomi Networks and IBM Team Up to Answer Demand for Integrated IT/OT Cyber Security (Nozomi Networks) We’re excited to tell you that Nozomi Networks and IBM Security have teamed up to address the exploding demand for effective, integrated IT/OT cyber security services and solutions. Read on to see how industrial organizations around the world now get easy access to deep OT network visibility and continuous threat detection.

EclecticIQ Integrates with MITRE's Attack Framework (Help Net Security) The integration of the ATT&CK matrix into EclecticIQ Platform, attack patterns used in separate attacks can now be pinpointed.

VMware NSX 6.4 introduces upgrade planner, HTML5 features (SearchVMware) VMware NSX 6.4 introduces a host of new features, including an upgrade planner, improved HTML5 capabilities and numerous firewall functionality improvements. Keep up to date with the development of NSX and learn how these new features can enhance deployment.

Rapid7 Introduces Canada and Australia Instances of its Security Analytics and Automation Platform (GlobeNewswire News Room) Rapid7’s global footprint continues to expand with introduction of new platform data regions

Technologies, Techniques, and Standards

DOD seeks classification “Clippy” to help classify data, control access (Ars Technica) Would integrate with Microsoft Office, email and prevent sharing of sensitive documents.

Feds Can Achieve Better Security Through Network Segmentation (MeriTalk) Keeping pace with growing cyber threats is an uphill battle for Federal agencies as network complexity increases and the boundaries of networks extend to systems and devices not always under the control of their IT organizations.

What is continuous user authentication? The best defense against fraud (CSO Online) Authenticating all user actions and attributes throughout a session ultimately provides the best defense against fraud and account abuse.

Why (and how) law firms should up their security game (CSO Online) Lawyers have been slow to adopt modern technology — and even slower to respond to security threats. That may be changing.

With So Many Eyeballs, Is Open Source Security Better? (eSecurity Planet) VIDEO: Dirk Hohndel, VP and Chief Open-Source Officer at VMware, talks about how dev security should be done, whether the code is open source or proprietary.

Security Automation - The Future Starts Now! (SecurityWeek) Incident response playbook sharing helps the community respond to those threats without having to reinvent the wheel.

7 Key Cybersecurity Factors Shaping Threat Hunting Technologies (Bricata) Cybersecurity has more tools than ever, but attacks still occur and breaches still happen. While this is driving force behind the threat hunting initiative, there are several factors influencing how these technologies are evolving. #ciso #cloudsecurity #cyberthreatintel

Why You Should Be Dwelling on Dwell Time (SecurityWeek) If your board isn't already asking for dwell time reporting, I can virtually guarantee you the questions are coming.

Security Automation - The Future Starts Now! (SecurityWeek) Incident response playbook sharing helps the community respond to those threats without having to reinvent the wheel.

The Marine Corps wants to protect its Hornets from GPS jammers (Marine Corps Times) The Corps is facing down increased threats from electronic warfare. In Syria, adversaries have used EW attacks against AC-130 gunships.

Seven Things To Look For In A Secure Work-At-Home Customer Care Provider (Forbes) Be picky when it comes to protecting your business and your customers -- always.

Design and Innovation

Facebook Is Testing a Feature to Tell You If That DM Came from Russia (Motherboard) Facebook has faced a wave of misinformation and scam campaigns. Users may soon have more information about that unsolicited direct message, judging by a new feature Facebook is currently trying out.

HTC’s blockchain phone is real, and it’s arriving later this year (TechCrunch) HTC isn’t gone just yet. Granted, it’s closer than it’s ever been before, with a headcount of fewer than 5,000 employees worldwide — that’s down from 19,000 in 2013. But in spite of those “market competition, product mix, pricing, and recognized inventory write-downs,” the company’s still trucking …

How a Startup Is Using the Blockchain to Protect Your Privacy (WIRED) Oasis Labs is working with Uber as it aims to cure some of the ills of the internet.

Obscurity should be a universal security feature (Cyberscoop) There’s a common belief in information security that obscurity shouldn’t be a layer of protection. Jonathan Wilkins thinks the opposite.

3D Printing Is the Future of Factories (for Real This Time) (WIRED) A technology that for years has been good for making prototypes and tchotchkes promises to usher in a new industrial revolution.


Bismarck State College to start cybersecurity partnership (kansas) A college in Bismarck is partnering with a California-based company to address a growing gap in computer safety jobs.

Legislation, Policy, and Regulation

Waging cyber war without a rulebook (FCW) As the U.S. looks to go on the offense in the cyber domain, critical questions remain unanswered around who will take the lead and how clearly to draw the rules of engagement.

Mexico orders banks to step up security to prevent cyber attack (Retail Banker International) Mexico has alerted the domestic banks about potential cyber attack and ordered them to strengthen preventive security measures.

Cyber ambiguity: NATO’s digital defense in doubt amid unstable alliances (Fifth Domain) The very future of NATO’s cyber strategy is left intentionally murky.

Trump’s Supreme Court pick: ISPs have 1st Amendment right to block websites (Ars Technica) Net neutrality violates ISPs' right to edit the Internet, judge wrote.

Analysis | The Cybersecurity 202: Privacy advocates blast Kavanaugh for government surveillance support (Washington Post) Members of Congress from both parties are concerned.

Litigation, Investigation, and Law Enforcement

Apple and Google questioned by Congress over user tracking (Naked Security) Inquiring lawmakers’ minds want to know, for one thing, whether our mobile phones are actually listening to our conversations.

Facebook Gave a Russian Internet Giant a Special Data Extension (WIRED) also ran hundreds of apps on Facebook at a time when the platform’s policies allowed app developers to collect their users' friends' data.

Facebook under fresh political pressure as UK watchdog calls for “ethical pause” of ad ops (TechCrunch) The UK’s privacy watchdog revealed yesterday that it intends to fine Facebook the maximum possible (£500k) under the country’s 1998 data protection regime for breaches related to the Cambridge Analytica data misuse scandal. But that’s just the tip of the regulatory missiles now be…

UK’s Information Commissioner will fine Facebook the maximum £500K over Cambridge Analytica breach (TechCrunch) Facebook continues to face fallout over the Cambridge Analytica scandal, which revealed how user data was stealthily obtained by way of quizzes and then appropriated for other purposes, such as targeted political advertising. Today, the U.K. Information Commissioner’s Office (ICO) announced t…

Facebook stares down barrel of $660,000 fine over data slurping (Naked Security) The UK privacy regulator has fired a £0.5M shot across Facebook’s bows in the looks-set-to-go-on-for-ages “Cambridge Analytica” saga

Australian litigator IMF Bentham files complaint against Facebook over privacy breaches (CRN Australia) Sydney-based IMF Bentham may sue over Cambridge Analytica breach.

Surely we can find, and stop, high-tech spies (TheHill) It’s rumored that the U.S. intelligence community has commissioned The Eagles to rewrite some of their famous lyrics to serve as a deterrent to Russia and China.

Justice walks back claims of data from OPM breach was used in a crime ( The Justice Department tells Sen. Mark Warner (D-Va.) that it came to a premature conclusion on a recent case regarding information from the OPM data breach.

Hacker Caught Selling Maintenance Manuals for Military Drones (Defense One) A poorly configured router allowed the theft of drone manuals, a list of maintainers, material on the Abrams tank, and more.

Ex-Apple employee charged with stealing trade secrets (CRN Australia) Accusing of downloading self-driving car blueprints.

Former Apple Employee Charged With Theft of Trade Secrets Related to Autonomous Car Project [Updated] (Mac Rumors) The United States Federal Bureau of Investigation this week charged former Apple employee Xiaolang Zhang with theft of trade secrets, according to...

This former Navy sailor wants to sue the feds over classified submarine photos (Navy Times) A former U.S. Navy sailor who spent a year in prison for taking photos in classified areas of a nuclear submarine based in Connecticut wants to sue the Justice Department and several former government officials, including President Barack Obama.

Google to pay billions in fines for Android practices: report (CRN Australia) Allegedly pressured smartphone vendors to bundle apps.

Woman who once bought bitcoins for $300,000 cash in paper bags sent to prison (Ars Technica) At one point, Theresa Tetley had an upstanding client named "Pirate Sh*t."

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Cyber Security Summit 2018 (Newport, Rhode Island, USA, July 18 - 20, 2018) Join us for Opal Group’s Cyber Security Summit – set in Newport, RI, this premier event will gather C-Level & Senior Executives responsible for defending their companies’ critical infrastructures together...

The Cyber Security Summit: Seattle (Seattle, Washington, USA, July 19, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.

Health Cybersecurity Summit 2018 (Santa Clara, California, USA, July 20, 2018) Worried about being hacked? Not sure how to respond to a cyber incursion? The first line of defense is a cyber threat preparedness strategy that includes coordination with critical infrastructure and emergency...

Global Cyber Security Summit (Kathmandu, Nepal, July 27 - 28, 2018) Information Security Response Team Nepal (NPCERT) is all set to host a Global Cyber Security Summit (GCSS) on July 27 with the theme “Building Global Alliance for Cyber Resilience”. The two-day event aims...

SINET61 2018 (Melbourne, Victoria, Australia, July 31 - August 1, 2018) Promoting cybersecurity on a global scale. SINET – Melbourne provides a venue where international solution providers can engage with leaders of government, business and the investment community to advance...

Community College Cyber Summit (3CS) (Gresham, Oregon, USA, August 2 - 4, 2018) 3CS is the only national academic conference focused on cybersecurity education at community colleges. Who should attend 3CS? College faculty and administrators, IT faculty who are involved or who would...

2018 Community College Cyber Summit (3CS) (Gresham and Portland, Oregon, USA, August 2 - 4, 2018) 3CS is organized and produced by the National CyberWatch Center, National Resource Center for Systems Security and Information Assurance (CSSIA), CyberWatch West (CWW), and Broadening Advanced Technological...

2nd Billington Automotive Cybersecurity Summit (Detroit, Michigan, USA, August 3, 2018) The 2nd summit on August 3 in Detroit, MI will be the top leadership summit on auto cybersecurity convening a who’s who of speakers in the automotive cybersecurity ecosystem. The inaugural summit included,...

2nd Billington Automotive Cybersecurity Summit (Detroit, Michigan, USA, August 3, 2018) The 2nd summit on August 3 in Detroit, MI will be the top leadership summit on auto cybersecurity convening a who’s who of speakers in the automotive cybersecurity ecosystem. The inaugural summit included,...

Black Hat USA 2018 (Las Vegas, Nevada, USA, August 4 - 9, 2018) Now in its 21st year, Black Hat USA is the world's leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2018 opens with four days...

Audit Your Digital Risk (Washington, DC, USA, August 7 - 8, 2018) Recent reports indicate that manufacturing is the most heavily targeted industry for cyber attacks in the past year. According to a study released by NTT Security, 34% of all documented cyber attacks in...

DefCon 26 (Las Vegas, Nevada, USA, August 9 - 12, 2018) DEF CON has been a part of the hacker community for over two decades. $280.00 USD, cash for all four days. Everyone pays the same: The government, the media, the ‘well known hackers’, the unknown script...

CyberTexas 2018 (San Antonio, Texas, USA, August 14 - 15, 2018) The 2018 CyberTexas Conference will bring members of the CyberUSA community together with industry and government members of Texas to create long-term values for the cybersecurity ecosystem in San Antonio...

SecureWorld Bay Area (Santa Clara, California, USA, August 21, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.