skip navigation

More signal. Less noise.

Beginner’s Guide: Open Source Network Security Tools

With so many open source tools out there, it's hard to know where to start. Get your copy of “Beginner’s Guide: Open Source Network Security Tools” today to learn how you can use open source tools for: network discovery, network IDS, vulnerability scanning & penetration testing.

Daily briefing.

Black Hat, BSides, and Def Con

More observations from Black Hat.

The anthropology of security.

In his keynote speech at Black Hat yesterday, Dino Dai Zovi, staff security engineer at Square, argued that software security depends primarily on the culture of an organization. Dai Zovi described working as the first security hire of a trading firm. He said that most of his work at the company was focused on implementing the basics of security and making sure the IT systems were running smoothly.

When he moved to Square, he noticed how different the culture was, particularly because “security engineers had to write code like everyone else.” Dai Zovi said that because of this, there was much more collaboration between the security team and software engineers, with the software coders actually asking security engineers for advice rather than treating security as a nuisance. Being part of the software development gave the security team a much deeper understanding of why the software engineers did what they did, and Dai Zovi says it allowed him to start “showing and not telling.”

Dai Zovi then stated that “software is the universal substrate of value today, and is the key success differentiator for many companies, just by being good at software delivery.” He outlined three lessons that companies should follow in order to improve their software delivery process.

The first is to “work backwards from the job.” He cited Unix as an example, saying it was “the most successful software project in history.” Dai Zovi said that Unix grew incrementally based on the job it was meant to fulfill. He added that Unix had an “implementation before specification.” Security teams and software developers need to understand the job their software is supposed to accomplish and work backwards from there.

The second lesson is to seek and apply leverage. Dai Zovi said that automation in software is a force multiplier, and it can allow defenders to stay ahead of a much broader range of threats.

The third lesson is that culture is more powerful than strategy, and strategy is more powerful than tactics. Dai Zovi argued that security teams need to start saying “yes” to proposed changes in order to adapt to rapidly changing technology. He said that empathy is a central component of this process, which called back to his earlier point about security engineers being involved in and assisting with the software development process. Security engineers need to overcome their fear of change and the unknown if they want to keep up with this process.

We'll have more from Las Vegas in tomorrow's issue.

According to the Wall Street Journal, Bahrain has sustained incursions into the networks of its National Security Agency (whose mission is criminal investigation), the Ministry of Interior, the first deputy prime minister’s office, the Electricity and Water Authority, and manufacturer Aluminum Bahrain. Bahrain believes the activity was the work of regional rival Iran, and that the activity directed against the Electricity and Water Authority amounted to staging and rehearsal for an attack on critical infrastructure.

The US Maritime Administration has issued a formal warning of Iranian cyber interference with shipping in the region.

WIRED reports that, as Boeing continues to debug the troubled 737 MAX MCAS avionics, code for the company's 787 appears to have been exposed on an unprotected server. 

The US Government has issued an interim rule ("Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment") that restricts contractors from purchasing from five Chinese firms: Huawei, ZTE, Hikvision, Hytera, and Dahua. The prohibition addresses concerns that Chinese equipment represent a security risk. As the Wall Street Journal notes, Huawei has a challenge pending to the National Defense Authorization Act that provided authority for the ban. The company argues that the NDAA amounts to an unconstitutional bill of attainder.

Separately, three Republican Senators have asked Google to explain why it had cooperated with Huawei to develop smart speakers for home use.

How can you recognize a phony Equifax settlement come-on? For one thing, as Naked Security observes, the FTC won't charge you to submit a claim.

Notes.

Today's issue includes events affecting Bahrain, China, European Union, Germany, Iran, Kuwait, Oman, Qatar, Russia, Saudi Arabia, Spain, United Arab Emirates, United Kingdom, United States.

Bring your own context.

Bad turtle! Bad!

"Sea Turtle is one of two separate campaigns that we believe are operated by different actors that we're seeing in the Middle East and North Africa involving 'DNS tomfoolery,' we'll call it: basically, actors hijacking DNS to redirect victims to their site. And the Sea Turtle campaign, primarily, it's been reserved for strategic military targets at this point. When we identified this actor, you know, we worked with CyberWire and several of our partners in the Cyber Threat Alliance to get the word out there so that people could see the difference in the TTPs. Normally, when you do something like that, bad actors - particularly those who are likely related to nation-states - tend to stop their activity, right? They don't want to be openly seen doing bad things. Unfortunately for us, the Sea Turtle actors did not stop. They continued with their mission. They basically changed their TTPs a little bit. They added some additional infrastructure, but overall, they just continued to compromise sites.... If you're a bank robber, and all of a sudden, one of the witnesses misidentifies somebody else as the bank robber, and the police get him. Normal criminals would be like, hey, I'm going to stop this week, and then tomorrow, I'm going to come back in a completely different outfit and continue robbing banks if I want. But, you know, they would probably stop to not get caught. These actors have not stopped. They have changed their operations a little bit. We were able to identify some additional past activity with them, and unfortunately, they seem to be broadening the types of places that they target.

—Craig Williams, head of Talos outreach at Cisco on the CyberWire Daily Podcast, 8.6.19.

Sea Turtle started with military and strategic targets, but its target list has expanded to include other government organizations, energy companies, think tanks, international organizations, and airports.

What if your security strategy added zeros to your bottom line?

Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.

In today's podcast, out later this afternoon, we speak to two experts who offer insights and observations from this year’s Black Hat conference. Matt Aldridge is from our partners at Webroot, and Bob Huber is CSO at Tenable.

And Hacking Humans is up. In this week's episode, "Positive pretexting on the rise," Joe shares a cautionary Facebook tale from his own life. Dave has the story of an Australian IT company put out of business by scammers. The catch of the day tracks the response writer and comedian Dave Holmes had to scammers pretending to be from the IRS. Rachel Tobac from Social Proof Security returns with voting security information and the latest scams she's been tracking.

CyberTexas Job Fair, August 20, San Antonio. Visit ClearedJobs.Net or CyberSecJobs.com for details. (San Antonio, Texas, United States, August 20, 2019) Cleared and non-cleared cybersecurity pros make your next career move at the free CyberTexas Job Fair, August 20 in San Antonio. Meet face-to-face with leading cyber employers. Visit our site for more details.

Cyber Warrior Women Summer Social: Sip and Paint (Columbia, MD, United States, August 21, 2019) Join the Cybersecurity Association of Maryland, Inc. (CAMI) for the annual Cyber Warrior Women Summer Social, an all-about-fun-and-networking event! We're adding an artistic element to this year's event with a wine glass painting exercise. No previous art experience required.

Dateline Black Hat, BSides, and Def Con

Ill Communication: Improving Security By Talking It Out (Decipher) Improving communication between security teams and the rest of the organization can greatly improve an enterprise’s security posture.

Black Hat 2019: Security Culture Is Everyone's Culture (Dark Reading) In his Black Hat USA keynote, Square's Dino Dai Zovi discussed lessons learned throughout his cybersecurity career and why culture trumps strategy.

WhatsApp Hack Attack Can Change Your Messages (Forbes) During the Black Hat conference in Las Vegas, Facebook-owned WhatsApp was shown being hacked to change the text of a message and the identity of the sender.

13-Year-Old Encryption Bugs Still Haunt Apps and IoT (WIRED) RSA encryption has been around for decades. Unfortunately, so have bad implementations that leave it less secure.

Hackers Can Break Into an iPhone Just by Sending a Text (WIRED) You don't even have to click anything.

Analysis | The Cybersecurity 202: Hackers are going after medical devices — and manufacturers are helping them (Washington Post) Def Con's biohacking testing ground will be at a hospital replica inside a casino.

Vulnerability Exposed Microsoft Azure Users to Cyberattack (Vice) New report says flaw with common remote desktop access protocol left millions of users and researchers open to attack.

Researchers Discovered a Big Security Flaw In This Important Microsoft Product (Fortune) Check Point researchers discovered a big security flaw in Microsoft's Hyper-V software that may have impacted Azure.

Black Hat 2019: Microsoft RDP Flaw Also Impacts Hyper-V (Threatpost) At Black Hat USA 2019, researchers showed how a flaw on Windows systems could allow arbitrary code execution on Hyper-V.

Microsoft Ignored RDP Vulnerability Until it Affected Hyper-V (BleepingComputer) A vulnerability in Microsoft's Remote Desktop Protocol (RDP) can also be used to escape virtual machines running on Hyper-V, the virtualization technology in Azure and Windows 10.

Rome Lab launches challenge (Rome Daily Sentinel) Rome Lab is partnering with the Griffiss Institute and the Red Balloon Security firm to launch a sophisticated cyber challenge at the DEFCON 27 hacker convention in Las Vegas, Nev. on Friday through …

Secureworks® Extends Red Cloak™ TDR with Managed Services to Help More Companies Leverage the Power of Its Cloud-Native Software (Secureworks) By coupling its advanced security analytics with human expertise, Secureworks pushes new boundaries for hunting adversaries and reducing time to detect and respond.

AttackSurfaceMapper - Automate and Simplify the OSINT Process (Trustwave) AttackSurfaceMapper (ASM) aims to greatly simplify the reconnaissance process by taking a single target domain or a list of IPv4 addresses as input, then analysing it using passive OSINT techniques and active reconnaissance methods.

Ann Arbor-Based Censys Unveils Enterprise-Level Attack Surface Management Software Platform (Pulse 2.0) Censys is premiering the upcoming launch of its new enterprise-level attack surface management software platform at the Black Hat USA 2019 conference.

Morphisec Announces 2019 Women in Cybersecurity Scholarship Winners (PRWeb) Morphisec, the leader in Moving Target Defense, today announced the 2019 winners of the Morphisec Women in Cybersecurity Scholarship at Black Hat USA. Through th

NSS Labs Announces 2019 Breach Prevention Systems Group Test Results (NSS Labs, Inc.) Data provides insight into the capabilities of product suites across the cybersecurity market.

Cyber Attacks, Threats, and Vulnerabilities

High-Level Cyber Intrusions Hit Bahrain Amid Tensions with Iran (Wall Street Journal) Suspected Iranian hackers infiltrated critical infrastructure and government computers in the Persian Gulf nation of Bahrain within the last month, raising fears among leaders in the region that Tehran is stepping up its cyberattacks amid growing tensions.

US government warns of Iranian threats to commercial shipping, including GPS interference (CNN) The US Department of Transportation's Maritime Administration has issued a new warning to commercial shipping about Iranian threats in the Strait of Hormuz and Persian Gulf, saying that some ships have reported having their GPS interfered with.

State-Sponsored Chinese Hacking Group Targeting Crypto Firms: Report (CoinDesk) An intelligence company released a report indicating the connection between Chinese authorities and a crypto-exploitative hacking collective.

Microsoft Nabs Russian Hackers Exploiting Flimsy IOT Security (Techdirt.) Week after week we've documented how internet of things devices are being built with both privacy and security as a distant afterthought, resulting in everything from your television to your refrigerator creating both new attack vectors and...

North Korean Hackers' $2 Billion Heist Is 'Funding WMD Programs' (Forbes) A leaked U.N. report shows that North Korean government-backed hackers are stealing and laundering cryptocurrencies to fund the nation’s military weapons program. Here’s how this worrying development demonstrates the very real and physical threat coming from North Korea.

A Boeing 737 MAX Test Flight Had Its Ups and Downs (WIRED) The aircraft flying loops off the Oregon Coast on Monday was likely testing potential fixes for the troubled MCAS system, implicated in two crashes.

A Boeing Code Leak Exposes Security Flaws Deep in a 787's Guts (WIRED) One researcher's discovery suggests troubling oversights in Boeing's cybersecurity.

State Farm says hackers confirmed valid usernames and passwords in credentials stuffing attack (ZDNet) State Farm suffered a credential stuffing attack in July and is now notifying impacted customers.

Revealed: Microsoft Contractors Are Listening to Some Skype Calls (Vice) Documents, screenshots, and audio obtained by Motherboard show that humans listen to Skype calls made using the app's translation function.

Instagram's lax privacy practices let a trusted partner track millions of users' physical locations, secretly save their stories, and flout its rules (Business Insider) More than a year after the Cambridge Analytica scandal, Facebook is still struggling to protect user data.

“Patient Zero”: The Philippines Offers A Preview Of The Disinformation Tactics The US Could See In 2020 (BuzzFeed News) Disinformation campaigns in the Philippines ahead of its 2016 election offered a preview of things to come to the United States. History may be repeating itself in 2020.

The El Paso And Dayton Shootings Show How Disinformation Spreads On Messaging Apps (BuzzFeed News) “It becomes harder and harder for us, particularly going into 2020.”

Utilities Are Prime Target for Cyberattacks (Wall StreetJournal) Electric utilities are particularly vulnerable to cyber threats, experts say, in part because fixing security flaws can interrupt services and few of their employees have security clearances that let them receive timely government alerts.

Bad Guys Exploit CapitalOne Breach to Push Backdoor Trojan (KnowBe4) The bad guys are now exploiting news of the CapitalOne breach to push a malicious backdoor trojan via a phishing email purporting to offer a Windows Security Update.

Capital One cyber attack designated as PCS Global Cyber loss event (Artemis) The recent Capital One cyber hack attack and resulting significant data breach could lead to a significant cyber insurance and possibly reinsurance market

Vectra research reveals that the most significant ransomware threat is the malicious encryption of shared network files in cloud service providers (PR Newswire) Vectra, the leader in network threat detection and response (NDR), today disclosed that cybercriminals' most...

2019 Spotlight Report on Ransomware (Vectra) Vectra research in Spotlight Report on Ransomware reveals that cybercriminals’ most effective weapon in carrying out a ransomware attack is the network itself, which is instrumental in enabling the malicious encryption of shared files on network servers.

Is your pentesting provider moonlighting as a malicious cybercrime group? (CSO) Investigation finds the line between the two is blurrier than you think – and data is being exposed

Report: Thin Red Line - Penetration Testing Practices Examined (Threat Vector) The Thin Red Line report sheds light on questionable pentesting practices, byproducts and outcomes that raise critical questions about expectations of client privacy, confidentiality and security.

Phishing Actor Using XOR Obfuscation Graduates to Enterprise Cloud Storage on AWS (Proofpoint) A phishing actor has been observed using public cloud storage at AWS to host their landing pages, using various obfuscation techniques including multibyte XOR...

Don’t let the crooks ‘borrow’ your home router as a hacking server (Naked Security) Crooks don’t have to break *into* your network to benefit – they can bounce *off* it so you take the blame and look like a hacker yourself.

Scammers recruiting money mules on dating sites is on the rise, says FBI (Naked Security) It’s no longer enough to be wary of flash-in-the-pan “lovers” who ask you to send money; now they’re asking you to open accounts for them.

Don’t fall for fake Equifax settlement sites, warns FTC (Naked Security) Equifictitious sites popped up within days of Equifax agreeing to pay up to $700m to settle claims over the 2017 data breach.

BA claims to have resolved the check-in system IT problems that caused around 100 flight cancellations (Computing) British Airways has resolved the IT issues that have kept its check-in systems down all day

Wellness Platforms Provide Flexibility, Raise Data-Privacy Concerns (SHRM) Wellness programs are going digital, with online platforms that pull data from employees’ fitness trackers, and virtual fitness classes available on smartphone apps. But the technology is raising concerns about how secure this data is.

Tablet for kids had flaws that exposed info, location (CNET) Toy maker LeapFrog says it's now secured the devices.

LeapFrog LeapPad Ultimate Security Vulnerabilities (Checkmarx) The application security testing world is made up of various different solutions, all with one ultimate aim – to protect software from hackers and attacks.

Schools take precautions after cyber attack warning (Hanna Newspapers) Franklin Parish principals and central office personnel worked late Sunday night turning off computers and disconnecting internet networks at parish schools and School Board buildings after the Louisiana Department of

Township of Maplewood, NJ Provides Media Notification of Data Security Incident (Yahoo) The Police Department to the Township of Maplewood, NJ (" Maplewood Township ") is providing notice of suspicious activity that was discovered and remediated from ...

Security Patches, Mitigations, and Software Updates

Latest Android patches fix critical ‘QualPwn’ Wi-Fi flaws (Naked Security) The August 2019 security bulletin is out – and two of the critical flaws could allow an attacker to compromise the Android system kernel.

Android Security Bulletin—August 2019 (Android Open Source Project) The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2019-08-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version.

'Critical' security flaws identified in Cisco 220 Series Smart Switches (Computing) Cisco urges users of its Small Business 220 series of switches to update ASAP or risk corporate network compromise

Slack unveils new admin security controls (Cloud Pro) Collaboration platform now supports 2FA, data sharing limits and device blocking

Cyber Trends

SlashNext Survey Finds Only 1 in 8 Organizations Report Real-Time Operationalization of Threat Intelligence Feeds to Block Live Web Threats (PR Newswire) SlashNext, a leading provider of real-time anti-phishing and social engineering protection solutions, today...

The threat of disaster leaves many companies worried (IT Brief) Only one third (35%) of organisations have confidence in their disaster recovery (DR) plans, according to new research from Databarracks.

Not Everyone Has a Data Disaster Recovery Plan in Place (Computer Business Review) Only 35 percent of UK organisations have confidence in their ability to successfully carry out a disaster recovery plan.

PC Matic Releases 2019 Password Hygiene And Habits Report (PR Newswire) Today, PC Matic, the world's only 100% American-made anti-virus software, announced the completion and release...

Marketplace

Broadcom Nears Deal to Buy Symantec’s Enterprise Business (Wall Street Journal) Broadcom is nearing a deal to buy Symantec’s enterprise business after its earlier attempted purchase of the entire cybersecurity firm fell apart.

Could Symantec be split in two? (CRN) Talks regarding a complete takeover reportedly stalled last month

Capsule8 Adds Significant Funding from Intel Capital (Capsule8) Strategic Investment to Fuel Expansion of Capsule8’s Go-to-Market Efforts

Digital supply chain tracking service Cloudleaf raises $26M from investors including Intel Capital (Silicon Valley Business Journal) Cloudleaf CEO Mahesh Veerina announced Wednesday that his company had raised $26 million from Intel Capital and WRVI Capital among other investors.

Restore offers to buy Arrow's failing UK ITAD business (CRN) Restore CEO has 'approached' the company to buy unit but distributor has been tight-lipped on its plans

Cybereason raises $200 million from SoftBank to expand global... (Reuters) Antivirus startup Cybereason said on Tuesday it raised $200 million in investmen...

IBM Says Security Concerns Should Benefit Its Hybrid Cloud Business (Wall Street Journal) International Business Machines is betting that its strategy of giving big companies the flexibility to run their data and applications anywhere they want will help it win over enterprises concerned about cybersecurity.

ManagedMethods Increases Revenue by 141 Percent in the First Half of 2019 (Newswire) Growth powered by a significant rise in customer count and commercial market expansion

The Weird, Dark History of 8Chan (WIRED) Its founder Fredrick Brennan is appalled by the notorious chat site’s links to right-wing extremism and mass shootings. Inside his tortured journey through the web’s cesspool and his attempt at redemption.

Six cybersecurity start-ups transforming global risk management (Silicon Republic) The World Economic Forum’s Technology Pioneers of 2019 include six cybersecurity companies tackling global data protection issues.

3 Cybersecurity Stocks to Buy as the Industry Takes Off (Yahoo) As the amount of data being produced and processed is surging, so are the number of cyber attacks being reported. One of the largest and most compromising for customers was the attack on Equifax (EFX) that occurred in 2017. The company stated that hackers gained access to 143 million U.S. customers’

Sally Kenyon Grant, Neal Harper, Thomas Jurewicz Take Leadership Roles at Semantic AI (ExecutiveBiz) Semantic AI has hired Sally Kenyon Grant, Neal Harper and Thomas Jurewicz to take leadership roles to support the firm’s efforts to drive growth in the cyber, cloud and government market areas.

Products, Services, and Solutions

Digital Defense, Inc. Debuts Frontline Network Map™ (Security Boulevard) Feature Provides Visual Topography of Network Vulnerabilities and Threats San Antonio, TX  August 7, 2019 – Digital Defense, Inc. today announced

The VIA Venafi No Outage Guarantee Letter (Venafi) We are so certain that Venafi customers who follow the Venafi Way will experience no certificate-related outages, we guarantee it. VIA Venafi pairs technology with proven experience to drive our customers to common goals, which includes preventing certificate-related outages. Read about our guarantee.

Proofpoint Achieves FedRAMP In Process Status for Proofpoint Security Awareness Training (Proofpoint) Proofpoint, Inc., today announced Proofpoint Security Awareness Training has achieved Federal Risk and Authorization Management Program (FedRAMP) In Process status.

CenturyLink Provides Secure Cloud Connectivity to U.S. Census Bureau for 2020 Census (PR Newswire) CenturyLink, Inc. (NYSE: CTL) announced that it recently won a contract to provide secure cloud connectivity to the...

JASK Deepens Visibility to Security Data Through Advanced SIEM Platform and Joins MISA (AiThority) JASK, the provider of one of the industry’s first cloud-native SIEM platforms, announced it joined the Microsoft Intelligent Security Association

OPSWAT Deploys CrowdStrike to Enhance Security Offering (Yahoo) OPSWAT, a leader in critical infrastructure protection, today announced that it has partnered with CrowdStrike® Inc., a leader in cloud-delivered endpoint protection, to enhance the multiscanning capabilities of MetaDefender, its flagship content security platform

Bugcrowd University Expands Education and Training for Whitehat Hackers (Bugcrowd) Bugcrowd uplevels skills of security researcher community with new Bugcrowd University training modules Bugcrowd, the #1 crowdsourced security company, today an

Technologies, Techniques, and Standards

A Secure Network Is Not Enough, Cyber Wargames Show (Breaking Defense) If a hacker shuts off a base's electricity or stops spare parts from arriving on time, they can sabotage a military mission without ever attacking a military network.

Army to build at least two new multi-domain task forces (Army Times) The force is moving toward soldiers at the company level thinking and working in all domains.

Cybersecurity best practices in USA (Lexology) A review of cybersecurity best practices in USA, including industry standards, codes of practice, recommended procedures and insurance cover.

Design and Innovation

Visa to Test Advanced AI to Prevent Fraud (Wall Street Journal) The company is rolling out a platform to help its engineers quickly test advanced artificial-intelligence algorithms aimed at detecting and preventing credit-card fraud.

DISA, Cyber Command Are Launching a Zero-Trust Pilot Program (Nextgov.com) The effort will explore frameworks and technologies that would protect the Pentagon’s networks from unauthorized access.

Academia

Cybint Solutions offers 5 key takeaways from 2019 Community College Cyber Summit (PR Newswire) Global cyber education leader Cybint Solutions furthered its commitment to enhance the collective level of cyber...

$438K grant extended for cybersecurity education at PCT (Williamsport Sun-Gazette) The Pennsylvania College of Technology announced a National Science Foundation grant totalling $438,391 aimed at cybersecurity workforce development has been ex

Rutgers Students Learn Cybersecurity During Big Ten Internship (Rutgers Today) A group of students spent part of their summer learning how to hunt down viruses, thwart hackers, and protect organizations from ever-increasing cyber-threats during a one-of-a-kind internship program with a cybersecurity operations center co-founded by Rutgers.

Legislation, Policy, and Regulation

GCC organisations need stronger resilience strategies to restore critical functions after disruptive events: Booz Allen Hamilton (Oil & Gas Middle East) Annual spend on data security breaches is far above global average, however GCC organisations take longer than European counterparts to contain a breach

U.S. government contractors get first look at Huawei ban (Reuters) The U.S. agency responsible for government contracts on Wednesday released an in...

Federal agencies banned from purchasing equipment from Huawei, other Chinese groups (TheHill) The Department of Defense, the General Services Administration and the National Aeronautics and Space Administration issued an interim rule Wednesday banning federal purchases of telecommunications equipment from Huawei and four other Ch

Trump administration bans federal agencies from buying Huawei, ZTE tech (TechCrunch) The Trump administration has banned U.S. federal agencies from buying equipment and obtaining services from Huawei and two other companies as part of the government’s latest crackdown on Chinese technology amid national security fears. Jacob Wood, a spokesperson for the White House’s Of…

Huawei security chief: We pose no greater risk to US than any other foreign telecom company (CNBC) Andy Purdy says the U.S. government should implement risk mitigation programs for Huawei like it does for Nokia and Ericsson.

White House invites tech companies to discussion of violent online extremism (Washington Post) The gathering marks the Trump administration's first major engagement on the issue days after two mass shootings left 31 dead.

White House drafting executive order to tackle Silicon Valley’s alleged anti-conservative bias (POLITICO) The federal government has only limited options to police alleged ideological bias in the tech industry.

Far-Right Accounts Retweeted by Trump Keep Getting Suspended (The Daily Beast) “Twitter’s always been fair to me,” said one Trump supporter. “Until the president of the United States retweeted me.”

CISA Implementing Threat-Based Approach to Cybersecurity (Executive Gov) Branko Bokan, an official under the Cybersecurity and Infrastructure Security Agency’s cybersecurity

DoD Cyber Officials Tackling Supply Chain, Workforce Culture Issues (Meritalk) Officials from the Defense Department (DoD) highlighted supply chain and workforce and culture issues as two significant problems the agency faces in maintaining strong cybersecurity, during a panel discussion at FCW’s Cybersecurity Summit.

DOD Leaders Highlight Talent, Technology in Cybersecurity Strategy (U.S. DEPARTMENT OF DEFENSE) Defense Department officials discussed the importance of defending against the cyber threat and the focus on recruiting new talent to help fight it during a Cybersecurity Summit in Washington.

Buttigieg campaign hires CISO, citing cybersecurity emphasis (POLITICO) Mick Baccio, the Buttigieg pick for CISO, was branch chief of White House Threat Intelligence.

NYC Moves to Prohibit Sharing of Location Data (Womble Bond Dickinson) New York City (NYC) Council members are proposing unprecedented action to curb location data sharing.

Litigation, Investigation, and Law Enforcement

Google targeted by Republican senators over Huawei project (CNET) The lawmakers demand answers about a smart speaker the two companies were reportedly developing.

[Letter to Google CEO Pichai from Senators Rubio, Cotton, and Hawley] (United States Senate) Dear Mr. Pichai: Three weeks ago, a representative from your company denied, under oath, that Google has been conducting any substantial business in China.

Banks Hand Over Documents on Russians Possibly Linked to Trump (Wall Street Journal) Major Wall Street banks have given congressional committees investigating President Trump thousands of pages of documents related to Russians who may have had dealings with the president, his family or his business, people familiar with the congressional probes said.

The Mystery Man in the Senate Russia Report (Foreign Policy) New details suggest Moscow’s interference in the U.S. election may have been more extensive than thought, experts say.

The FBI is diving deeper into the Methbot ad fraud case (CyberScoop) The U.S. government's investigation into Methbot, a very large advertising-fraud operation, isn’t over yet. The group is also known as 3ve.

Fashion ID Case: CJEU Rules on Plug-ins and Joint Controllership (Cooley) On 29 July 2019, the Court of Justice of the European Union handed down its decision in the Fashion ID case, dealing with alleged unlawful data collection through the Facebook Like button and the c…

How two college students tried to outfox the feds and get Trump’s tax returns (Washington Post) “It was like Beavis and Butt-Head saying, ‘Hey, let’s get this,’ ” one of their attorneys said.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Sacramento Cybersecurity Conference (Sacramento, California, USA, August 8, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Wicked6 Cyber Games (Las Vegas, Nevada, USA, August 8, 2019) On August 8, 2019, six elite collegiate cyber teams go head-to-head in the thrilling environment of a Las Vegas esports arena. They’ll battle it out as they search for and defeat the foe, all while an...

Hack the Sea (Las Vegas, Nevada, USA, August 8 - 11, 2019) Hack The Sea is a three day mini-conference that will be held in the villages of DEF CON 27. Hack The Sea will provide a variety of hands-on, collaborative learning experiences ranging from mini-workshops...

DEF CON 27 (Las Vegas, Nevada, USA, August 8 - 11, 2019) DEF CON is a hacker convention which takes place immediately following Black Hat in Las Vegas every year.

Cybersecurity Summit, New York (New York, New York, USA, August 13 - 14, 2019) The Cybersecurity Summit, New York, invites information security practitioners to learn about the latest trends in data breaches and frauds, and about mitigation strategies. ISMG’s Global Summit focuses...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.