skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

Black Hat and Def Con

Black Hat and Def Con have concluded. Here are few observations about the discussion of technology and policy that took place at the events.

We heard speakers in several sessions at Def Con urge that those professionally involved with cybersecurity also involve themselves with legislators, that they attend Congressional hearings, send direct messages to their representatives, and so on. Some of this was civics-class, good-government advice, some advocacy, and some a call to contribute from the distinctive perspective security expertise might lend a citizen. There were signs of mutual interest: several members of congress attended, which speaks to some recognition of the security community's importance, and of interest in the conversations taking place last week in Nevada.

Some such cross fertilization was intended by Def Con's organizers. "We are trying to breakdown the barriers between the people in tech who know what they're doing and the people in Congress who know how to take that knowledge to make laws," Phil Stupak, an organizer of the AI Village and a fellow at Cyber Policy Initiative at the University of Chicago, told CNN.

There were comparable signs of such interest at Black Hat. Bruce Schneier delivered an address in which he called for technologists to contribute their expertise to the policy process. "No policy makers understand technology," Infosecurity Magazine quoted him as saying. "Technologists are in one world, and policy makers are in a different world. It's no longer acceptable for them to be in separate worlds though, as technology and policy are deeply intertwined." Your influence as a consumer, he argued, is negligible, but your influence as a technologist can be considerable. And that influence can also be wielded within the companies technologists work for.

Contributions of knowledge by those who have it are surely welcome, as no thinking person would want laws to be written (and amended in committee) and passed by the ill-informed or clueless. Part of the expertise one hopes the technologists would deploy is a clear understanding of the scope of their knowledge. A self-appointed clerisy pushing whatever views they happen to hold on various topics because they're having difficulty distinguishing an "is" from an "ought" would quickly prove tiresome. Everyone has a right to an opinion, and to that opinion's expression, but of course that right doesn't automatically confer expertise any more than passionate expression does. Lawyers have plenty of valuable expertise, but it doesn't necessarily extend to, say, quantum entanglement. And the cogency of a line of reasoning is seldom well-correlated with the volume used in expressing it.

That said, there was commendable self-awareness and appreciation of complexity on display. A proposal for widespread online voting, for example, received a cool reception because the audience of technologists perceived how hard it would be to pull that off.

And on right-to-repair laws, a hot-button issue to many, one salient point made to the hacker crowd was that corporations are not necessarily malicious in their intent, and that they are often good people making decisions answerable to a different set of criteria from those a consumer (or hacker) might use. Others noted that decisions about the right-to-repair are largely made in first-world settings that have moved toward a more disposable economy. The same rules might not necessarily apply to emerging economies where equipment has a much longer lifecycle, and repair and reuse are not only common, but necessary.

We'll have more later this week as we wrap up our discussion of the events in Las Vegas.

The UK sustained a power failure Friday that left about a million users in England and Wales without electricity. The Independent reports that two power stations, one wind-driven, the other gas-fired, went offline almost simultaneously, after which automatic safety features caused outages to protect the grid as a whole. Some had jumped to the conclusion that the outages were the result of a cyberattack, but according to the Washington Post, this was quickly ruled out. Power was largely restored Friday evening, but railroads felt the effects linger into Saturday. It was not a case of graceful degradation: some essential medical and transportation systems were disrupted. Authorities tell the BBC they're determined to learn lessons.

Deutsche Welle reports that Russia's Internet regulatory body, Roskomnadzor, warned Google not to permit YouTube to incite opposition protests. On Saturday between twenty-thousand and nearly fifty-thousand demonstrators took to the streets in Moscow over allegations of municipal election fraud, according to the Guardian. The lower figure comes from police, the higher from independent estimates.

PC Magazine comments on some forthcoming research by IntSights that explores the connections between Russia's cyber criminal gangs and the country's intelligence services. The gangs operate at the sufferance of the security organs, on the condition that they leave certain targets alone, and from time-to-time accept taskings. The intelligence and security services themselves find the relationship useful.

China's Foreign Ministry dismisses FireEye's report on APT41 as "ill-intentioned fabrications." Besides, the spokesman adds, attribution is difficult, and China opposes all forms of cybercrime.

Notes.

Today's issue includes events affecting China, European Union, France, Iran, Israel, Luxembourg, Russia, United Kingdom, United States.

Bring your own context.

So how was it at Black Hat this year?

"So it's been a relatively positive mood. I wouldn't say it's significantly different [from] previous years. You know, every year, you kind of sense increasing maturity in the industry as a whole. Particularly, you know, as people are harnessing technologies in more sophisticated ways, they're getting to grips with the realities of some of the threats and things like that. There's definitely an increasing evolution, shall we say, in how people are dealing with threats, pushing towards more automation and things like that."

—Matt Aldridge, senior solutions architect at Webroot, on the CyberWire Daily Podcast, 8.8.19.

So a positive mood. Good.

What are the best practices and tools for SecOps in 2019?

Read the 2019 SANS Security Operations Survey report for key insights & strategies from principal SANS Instructor Christopher Crowley & SANS Director of Emerging Technologies John Pescatore. Download your copy now.

In today's podcast, out later this afternoon, we speak with our partners at the Johns Hopkins University Information Security Institute, as Joe Carrigan offers thoughts on corporate password policies. Our guest is Ralph Russo Director of Applied Computing at Tulane University's School of Professional Advancement, and he discusses how Tulane and other universities are shaping their programs to meet the needs of business and government.

CyberTexas Job Fair, August 20, San Antonio. Visit ClearedJobs.Net or CyberSecJobs.com for details. (San Antonio, Texas, United States, August 20, 2019) Cleared and non-cleared cybersecurity pros make your next career move at the free CyberTexas Job Fair, August 20 in San Antonio. Meet face-to-face with leading cyber employers. Visit our site for more details.

Cyber Warrior Women Summer Social: Sip and Paint (Columbia, MD, United States, August 21, 2019) Join the Cybersecurity Association of Maryland, Inc. (CAMI) for the annual Cyber Warrior Women Summer Social, an all-about-fun-and-networking event! We're adding an artistic element to this year's event with a wine glass painting exercise. No previous art experience required.

Second Annual DataTribe Challenge (Online, October 1, 2019) Register now for a chance to be DataTribe's next world-class company. Finalists will split a $20,000 prize, and the winner may receive $2m in funding from DataTribe. Contestants have until October 1st to apply at www.datatribe.com/challenge­.

Dateline Black Hat and Def Con

Black Hat 2019: The Craziest, Most Terrifying Things We Saw (PCMAG) Black Hat is over for another year, but we'll be thinking of the fascinating and terrifying things we heard and saw for years to come.

#BHUSA: Schneier Advocates For Public Interest Technologists (Infosecurity Magazine) In his talk at Black Hat 2019 in Las Vegas, Bruce Schneier emphasized the importance of tech experts being involved in setting public policy though the role of public interest technologist.

Lawmakers embrace hackers in Vegas as 2020 election looms (FOX 61) Multiple members of congress, dozens of congressional staffers and members of the intelligence community are gathering in Las Vegas this weekend to rub shoulders with hackers at Def Con, one of the world's largest hacking conferences.

Automakers warm up to friendly hackers at cybersecurity conference (Reuters) At a conference where hackers can try their hand at picking locks and discover c...

Black Hat 2019: Addressing Supply-Chain Risk Starts with People, Microsoft Says (Threatpost) Hardware, software, services and people make up supply-chain risk — but the latter should be the guiding focus.

#BHUSA: Why Standards and DNS Are Key to Email Security (Infosecurity Magazine) Outlining standards and techniques used to combat phishing

Critical Windows 10 Warning: Millions Of Users At Risk (Forbes) All modern versions of Windows affected by firmware driver vulnerability revealed at the DEF CON hacker convention. Here's everything you need to know.

That 4G hotspot could be a hotbed for hackers (CNET) Security researchers found serious vulnerabilities with a line of devices that gave potential hackers full access.

Watch a Drone Take Over a Nearby Smart TV (Wired) Smart TVs continue to look dumber by the day.

A Remote-Start App Exposed Thousands of Cars to Hackers (WIRED) The bugs could have let an industrious hacker locate cars, unlock them, and start them up from anywhere with an internet connection.

This Teen Hacker Found Bugs in School Software That Exposed Millions of Records (WIRED) Some kids play in a band after school. Bill Demirkapi hacked two education software giants.

Hackers Take on Darpa's $10 Million Voting Machine (WIRED) At this year's Defcon hacking conference, Darpa brought the beginnings of what it hopes will be impervious hardware.

DARPA's $10 million voting machine couldn't be hacked at Defcon (for the wrong reasons) (CNET) The voting machine was supposed to be available for hackers to find security flaws. An unexpected bug stopped the experiment from starting until Defcon's day.

How Safecrackers Can Unlock an ATM in Minutes—Without Leaving a Trace (WIRED) At Defcon this week, security researcher Mike Davis will show how he can pick the lock of an ATM safe in no time, thanks to its electric leaks.

DEF CON 2019: Researchers Demo Hacking Google Home for RCE (Threatpost) Researcher show how they hacked Google Home smart speakers using the Megellan vulnerability.

Hackers Can Turn Everyday Speakers Into Acoustic Cyberweapons (WIRED) A security researcher has demonstrated how to force everyday commercial speakers to emit harmful sounds.

A sonic cyberattack could hijack a device's speakers (Yahoo) Weapons that injure crowds of people by emitting dangerous sounds may seem like the stuff of science fiction. Unfortunately, malicious hackers might be able to do just that -- but with Bluetooth- or WiFi-capable smartphones, headphones, speakers, or laptops.Researcher Matt Wixey is unveiling research

Inside the Hidden World of Hacking Elevator Phones (WIRED) Eavesdropping, reprogramming, talking to strangers: Welcome to the harmless and not-so-harmless fun of hacking elevator call boxes.

What a security researcher learned from monitoring traffic at Defcon (CNET) He spent thousands on a data-collecting monstrosity to figure out why people considered the security conference's network dangerous.

DEF CON 2019: New Class of SQLite Exploits Open Door to iPhone Hack (Threatpost) Researchers exploit a SQLite memory corruption issue outside of a browser.

#dianainitiative2019: Fight Against FUD With Education (Infosecurity Magazine) Increase education of problems and ask the right questions to defeat FUD.

#dianainitiative2019: Certifications, Careers and Prohibitors for Women in Cybersecurity (Infosecurity Magazine) A panel shared advice on careers and certification at the women's security conference.

ZeroFOX's new AI capabilities improve detection of deepfake videos (Help Net Security) ZeroFOX announced the latest evolution of its artificial intelligence (AI) capabilities with the release of new video analysis features.

Bishop Fox Introduces New AI-Based, OSP Tool at 2019 Black Hat Arsenal (AiThority) Bishop Fox, the largest private professional services firm focused on offensive security testing, has created a new AI-based,

Endgame, MRG Effitas and VMRay Partner on Machine Learning Static Evasion Contest (Yahoo) Cybersecurity vendors Endgame and VMRay, and testing house MRG Effitas, announced today that they have partnered under AI Village to launch the Machine Learning Static Evasion Contest at DEF CON 27. The second annual AI Village is a place where experts in artificial intelligence (AI) and security can

Black Hat Talk About ‘Time AI’ Causes Uproar, Is Deleted By Conference (Vice) A controversial sponsored talk at the Black Hat security conference caused an uproar among security professionals and prompted the conference to delete the talk from the internet.

Crown Sterling Issues Statement Regarding Recent Allegations Made at Black Hat 2019 (BusinessWire) Crown Sterling, an emerging digital cryptography firm, today issued a statement to address recent claims made at Black Hat 2019 regarding the company’

Black Hat 2019 | It's a Wrap! (SentinelOne) Missed out on all the Black Hat fun? Never mind, catch up with the latest innovations as we round up our final day at Black Hat USA 2019

Black Hat USA 2019 Cybersecurity Conference: Day 4 News (MSSP Alert) Black Hat USA 2019 conference news spans MSSPs, AT&T Cybersecurity, Carbon Black, BlackBerry, enSilo, ID Experts, SentinelOne, ThreatConnect, Virtru & more.

Cyber Attacks, Threats, and Vulnerabilities

U.K. Seeks Answers After Biggest Power Failure in a Decade (New York Times) The country’s energy regulator has asked for a report after around a million homes were left without electricity on Friday.

Cyber-attack ruled out in UK power outage (New York Post) Neither a cyber-attack nor unpredictable wind power generation were behind a power outage that left nearly one million people in England and Wales in the dark Friday. The outage stranded trains, di…

The Observer view on Britain’s blackout | Observer editorial (the Guardian) Last week’s widespread disruption illuminated the brittle nature of our infrastructure

The Evolution of Russia's Dark Web (PCMAG) Russia is the birthplace of the dark web, and its tech-savvy population includes some brilliant hackers. We talk to two researchers who will present a report on the topic here at Black Hat.

The Dark Side of Russia: How New Internet Laws and Nationalism Fuel Russian Cybercrime (IntSights) The Dark Side of Russia: How New Internet Laws and Nationalism Fuel Russian Cybercrime

Who is GOSSIPGIRL: Revisiting the Threat Actor Supergroup (Infosecurity Magazine) This whitepaper investigates the connection between Flame and the O.G. threat actor super group GOSSIPGIRL.

China’s cyber-spies make money on the side by hacking video games (MIT Technology Review) Just because you’re a world-class Chinese government hacker busy conducting espionage against geopolitical adversaries doesn’t mean you can’t make a little extra money on the side.The hackers behind a sophisticated seven-year Chinese government intelligence operation simultaneously use their talents to hack for personal profit by putting a bull’s-eye on targets in the cryptocurrency and video game industries, according to the American security firm FireEye.

Robocall blocking apps caught sending your data without permission (TechCrunch) Robocall-blocking apps promise to rid your life of spoofed and spam phone calls. But are they as trustworthy as they claim to be? One security researcher said many of these apps can violate your privacy as soon as they are opened. Dan Hastings, a senior security consultant at cybersecurity firm NCC…

Your Skype Translator calls may be heard by humans (Naked Security) A Skype Translator insider claims it’s good because humans are listening in and helping to train its artificial intelligence.

New Ursnif Variant Spreads Through Infected Word Documents (BankInfo Security) A new variant of the Ursnif Trojan is targeting vulnerable systems in an attempt to steal banking passwords and other credentials. The malware is spreading through

Google Reveals That Android Has Been Selling Phones with Pre-Loaded Malware (KoDDoS Blog) It came to prominence this week that tens of millions of smartphones with the Android operating system have dangerous malware preloaded.

Bishop Fox Finds Trove of Secrets on Amazon Elastic Block Store (Yahoo) Bishop Fox, the largest private professional services firm focused on offensive security testing, has discovered a flaw in Amazon's Elastic Block Store (Amazon EBS) that makes many users' virtual hard disk available to anyone on the internet. Security Associate

Say Cheese: Ransomware-ing a DSLR Camera (Check Point Research) Research by: Eyal Itkin TL;DR Cameras. We take them to every important life event, we bring them on our vacations, and we store them in a protective case to keep them safe during transit. Cameras are more than just a tool or toy; we entrust them with our very memories, and so they are very important... Click to Read More

Vulnerabilities found in more than 40 Windows device drivers that could be exploited to compromise PCs and servers (Computing) The drivers belong to 20 Microsoft-certified hardware and BIOS vendors, including Intel and Huawei

Screwed Drivers – Signed, Sealed, Delivered (Eclypsium) Download the PDF > Introduction Common Design Flaw In Dozens of Device Drivers Allows Widespread Windows Compromise As part of Eclypsium’s ongoing hardware and firmware security research, we have become increasingly interested in the area of insecure drivers and how they can be abused in an attack against a device.…

Nasty New Malware Waits Until You Visit A Pornsite, Then Starts Recording (Forbes) Did Black Mirror just come to life?

iNSYNQ Ransom Attack Began With Phishing Email (KrebsOnSecurity) A ransomware outbreak that hit QuickBooks cloud hosting firm iNSYNQ in mid-July appears to have started with an email phishing attack that snared an employee working in sales for the company, KrebsOnSecurity has learned.

Anatomy of an attack: How Coinbase was targeted with emails booby-trapped with Firefox zero-days (Register) Elaborate browser break-out betrayed by unusual behavior

Phishing: Watch out for this new version of trojan malware that spreads through malicious Word documents (CRYPTOID) Now researchers at cybersecurity firm Fortinet have identified a new version of Ursnif in the wild that is spreading via phishing emails containing weaponised Word documents.

Ransomware Attacks Shift Tactics (Security Boulevard) According to recent research, malicious encryption of shared network files is now the most popular form of ransomware attacks.

Smishing and vishing: How these cyber attacks work and how to prevent them (CSO Online) Smishing and vishing are types of phishing attacks that try to lure victims via SMS message and voice calls. Both rely on the same emotional appeals employed in traditional phishing scams and are designed to drive you into urgent action. The difference is the delivery method.

Blackmailed for Bitcoin – exchange rebuffs $3.5m ransom demand (Naked Security) Here’s a story of super-sized digital blackmail aimed at one of the biggest cryptocoin exchanges out there.

Instagram boots ad partner for location tracking and scraping stories (Naked Security) A “preferred Facebook Marketing Partner” is alleged to have tracked millions of Instagram users’ locations and stories.

Teenagers watching Fortnite streams targeted by hacking campaign (The Telegraph) Parents of children who watch gaming streams on Twitch or YouTube on their phones or computers may be at risk of fraud thanks to a six-month long hacking rampage that targeted gamers.

TfL Suspends Oyster Site After Credential Stuffing Blitz (Infosecurity Magazine) Customers encouraged not to reuse passwords

Parents, it’s time to delete Pet Chat from your child’s LeapPad (Naked Security) LeapFrog has done lots to fix the security of the LeapPad. Now all that’s left is for parents to scrape Pet Chat off of older tablets.

Officials: Elk County school district gets hit with cyber-attack, investigation is ongoing (WTAJ) The Ridgway Area School District reported that they were hit with an electronic virus on July 30, 2019. The virus locked network servers and files, limiting …

Officials: Elk County school targeted in national cyber attack, DHS investigating (WJAC) An Elk County school district is part of a Department of Homeland Security investigation after an apparent cyberattack targeted school districts, police departments and municipalities across the country, Ridgway Area School District officials wrote in a Facebook post. School officials say the school district was hit with an electronic virus July 30 that locked network servers and files and limited access to users.

8Chan Refugees Blow Their Anonymity (The Daily Beast) An unofficial new version of the hate-filled forum isn’t as anonymous as its users might hope.

Security Patches, Mitigations, and Software Updates

Security researchers find that DSLR cameras are vulnerable to ransomware attack (The Verge) Canon has issued a security advisory and firmware patch for the vulnerability

Valve fixes zero-day exploit for Steam in latest beta (Neowin) Valve has now begun fixing a zero-day exploit in Steam that could result in an escalation of privilege attack, after public criticism from the researcher who found it made headlines.

Cyber Trends

How tech is transforming the intelligence industry (TechCrunch) Shay Hershkovitz Contributor Share on Twitter Shay Hershkovitz is a Senior Research Fellow at The Intelligence Methodology Research Center (IMRC). At a conference on the future challenges of intelligence organizations held in 2018, former Director of National Intelligence Dan Coats argued that he t…

Opinion | Epstein Suicide Conspiracies Show How Our Information System Is Poisoned (New York Times) With each news cycle, the false-information system grows more efficient.

The age of cyber influencing (The Express Tribune) Like it or not, the age of cyber influencing is upon us and only time will tell what it is capable of

How physical systems integrators can monetize cybersecurity (SecurityInfoWatch) Using your current model for physical assessment and deployment can be mirrored when adding cybersecurity services

Vietnam suffers the most Southeast Asia offline cyber attacks Q2 2019 (KrASIA) The levels of Vietnamese spoken in hacker forums and on the dark web appears to have risen significantly in recent times.

Marketplace

‘Shark Tank’ Star Herjavec: Broadcom-Symantec Deal Is A Dinosaur ‘Buying Another Dinosaur’ (CRN) Robert Herjavec is skeptical that Broadcom's proposed $10.7 billion purchase of Symantec's enterprise security business will help the later catch up with the likes of CrowdStrike.

Apple's $1 Million Bug Bounty Comes Under Fire (Infosecurity Magazine) Apple’s $1 million bug bounty is being criticized.

McAfee buys container security startup NanoSec (ZDNet) McAfee intends to use NanoSec to bolster its MVISION Cloud and MVISION Server Protection products.

McAfee acquires Cupertino-based security platform NanoSec (Silicon Valley Business Journal) Cybersecurity company McAfee on Friday announced its acquisition of NanoSec, a Cupertino-based company that's focused on keeping applications secure. Neither company disclosed the financials behind the purchase.

Why Broadcom Is Buying Symantec's Enterprise Security Business For $10.7 Billion: Analysis (Forbes) Atherton Research's Principal Analyst and Futurist Jeb Su reviews Broadcom's $10.7 billion acquisition of Symantec's enterprise business.

Broadcom CEO says Symantec will focus on endpoint, web, and DLP (CRN Australia) CEO Hock Tan expects to nearly quadruple Symantec's enterprise security EBITDA.

ManTech eyes greater geospatial, automation capabilities in latest acquisition (Washington Technology) ManTech International already is a significant provider of cyber and IT services to NGA. The company sees its latest acquisition of a business co-founded one of their former executives as adding the geospatial and analytics piece.

G4S carve-out lacks compelling valuation bump (breakingviews.com) The British security firm is spinning off its cash-handling unit, a no-brainer given the shift to digital money. That allows more focus on its core business of guarding people and businesses. But a share price bump requires investors to place a high value on the latter.

Report: Palantir's U.S. government contracts top $1.5B (Silicon Valley Business Journal) Alex Karp, the head of Palantir, whose software has been used to target terrorists, at the company's headquarters in Palo Alto, Calif., on March 13, 2014. Karp says American companies have a moral obligation to support the country and its military no matter who is president.

Preclusio uses machine learning to comply with GDPR, other privacy regulations (TechCrunch) As privacy regulations like GDPR and the California Consumer Privacy Act proliferate, more startups are looking to help companies comply. Enter Preclusio, a member of the Y Combinator Summer 2019 class, which has developed a machine learning-fueled solution to help companies adhere to these privacy…

The Techlash Has Come to Stanford (Slate Magazine) Even in the famed computer science program, students are no longer sure they’d go to work for Facebook or Google.

New funding for York College 'Knowledge Park' gives startups room to grow (York Dispatch) Land purchased by York College more than 10 years ago will finally see a purpose, thanks to a state grant that will fund a Knowledge Park.

Products, Services, and Solutions

Denim Group Incorporates Jenkins Plugin into ThreadFix Vulnerability Management Platform (BusinessWire) Denim Group, the leading independent application security firm, today announced the latest version of their Jenkins Plugin to integrate with their fla

Technologies, Techniques, and Standards

Does the Solution to the Cyber Skills Gap Already Exist? (SIGNAL Magazine) The MITRE ATT&CK Framework may be as effective at enhancing cyber defense skills as it is at identifying the adversary’s antics.

How to give the military’s tactical information warriors a chance (Fifth Domain) When Jim Mattis stepped down as the Secretary of Defense, momentum for information operations slowed. Here's how Pentagon leaders could accelerate it again.

This 3-star Army general explains what multi-domain operations mean for you (Army Times) Lt. Gen. Eric Wesley heads the Army Futures Command Future Concepts Center.

Digital Stiletto: Army Pursues Precision Electronic Warfare (Breaking Defense) The US Army can't match Russia's battalions of powerful radio jammers. Instead, it wants to build a nimble high-tech David to defeat the EW Goliath.

Here Is How The Pentagon Comes Up With Code Words And Secret Project Nicknames (The Drive) We venture into the dark, fascinating, and often misunderstood world of the Defense Department's code word and nickname generating processes.

Design and Innovation

Twitter backs down, allows McConnell to post video of protestor threats (Ars Technica) Twitter has struggled to develop consistent moderation policies.

Think Twice When You Limit Online Speech to Curb Violence (Wired) Opinion: Silencing forums that spread mass violence can also silence the marginalized

Shoot-'Em-Up Videogames Don't Warp Minds—Big Tech Does (WIRED) It takes a lot of effort, research, and efficiency to manipulate people online and influence their behavior in the real world. Silicon Valley has it down to a science.

YouTube’s Susan Wojcicki: 'Where's the line of free speech – are you removing voices that should be heard?' (the Guardian) As the crisis-hit video site struggles to stem the flow of extreme content, the CEO talks about her role as the internet’s gatekeeper

White Nationalists Have Flocked to Telegram (Slate Magazine) The encrypted app was built for pro-democracy activists. Now it’s the latest stop for groups banned for hate speech by Facebook and Twitter.

Research and Development

Stanford University and Avast team up to examine cyber risks of connected homes (WhaTech) Internet security providers Avast have released a report, in conjunction with Stanford University, that looks at the growing adoption of IoT and connected devices in homes around the world, and how this is exposing home networks to increased risk of cyber attack.

Focus: Entangling Photon Sources on a Tiny Bridge (Physics) Researchers entangled a pair of atomic-scale light emitters in a micrometer-scale device, which could potentially be useful for quantum communication and cryptography.

Academia

Top secret teens: The high schoolers recruited by the National Security Agency (CNN) Summer's high school friends think she's monitoring their phones and listening in on their conversations. They speculate about the "wild things" she does at work and jokingly accuse her of being a spy.

NSA program trains high school students in work study program (SC Media) The National Security Agency (NSA) is tapping high school students, as part of a work study program, to polish their cyber skills and lure them into

Legislation, Policy, and Regulation

Iran's Spies Are at War With Each Other (Foreign Policy) As international tensions rise, two different branches of the Iranian security state are increasingly butting heads.

Russian Intel Agencies Are a Toxic Stew of Competition and Sabotage (PCMAG) Western audiences might view the disarray in Russian's intelligence agencies as a good thing, but security expert Kimberly Zenz argues at Black Hat that it just encourages risky behavior.

Trump says US won't do business with Huawei (CNET) The trade war with China continues.

Foreign Ministry Spokesperson Hua Chunying's Remarks on August 9, 2019 (MInistry of Foreign Affairs of the People's Republic of China) ...Q: According to a report issued by the cyber-research firm FireEye, a hacker group working for the Chinese government attacked game companies and cryptocurrency providers for personal profit. FireEye said those hackers work for the Chinese government and are involved in commercial hacking behaviors for profit. I wonder what is your response?

Top DHS cyber official calls paper ballot backups necessary for 2020 election (CNN) The top cybersecurity official at the Department of Homeland Security said Friday that backup paper ballots would be a necessary part of 2020 election security.

Trump ‘In No Rush’ to Select Permanent Intelligence Chief (Wall Street Journal) President Trump said he was in no hurry to select a candidate for the nation’s permanent intelligence chief, after current and former national-security officials and Democratic lawmakers warned of instability following the ouster of the director of national intelligence and his top deputy.

Temporary spy chief calms unease over Trump's shakeup — for now (POLITICO) Joseph Maguire's selection comes after several months of instability in several key national security posts.

Passed over by Trump for top job, intel deputy chief Sue Gordon quits (NBC News) Gordon, a career CIA official, told the White House she would leave after learning she would be passed over as director of national intelligence.

Top intel official interrupted meeting to urge his deputy to resign (CNN) The country's No. 2 intelligence official, Sue Gordon, knew it was likely she would have to eventually step down from her post, but the timing of that decision became more urgent on Thursday after her boss -- outgoing spy chief Dan Coats -- interrupted a meeting she was holding on election security and asked his deputy to submit her letter of resignation, sources familiar with the events told CNN.

Air Force cyber commander departing (Fifth Domain) Maj. Gen. Robert Skinner is leaving AFCYBER.

New York State Toughens Data Security Laws (Cooley) On July 25, 2019, New York enacted a pair of data security laws. First, the Stop Hack and Improve Electronic Data Security Act (SHIELD Act) updates New York’s data security requirements. Second, th…

Litigation, Investigation, and Law Enforcement

Russia demands Google delete anti-government protest videos from YouTube (Deutsche Welle) Russia's media oversight agency has demanded Google take action to stop the spread of information about illegal mass protests. Thousands of its YouTube channels livestreamed one of Russia's biggest demos on Saturday.

Opinion | Egypt seized a U.S. art teacher over her Facebook posts. Trump must get her free. (Washington Post) The Trump administration must do more for Americans being held by the Sissi regime.

Senators Release New Details of Expanded Department of Homeland Security Watchdog Probe of Customs and Border Protection Surveillance of Journalists, Activists, and Lawyers (Sierra Sun Times) U.S. Senators Kamala D. Harris (D-CA), Tom Udall (D-NM), Elizabeth Warren (D-MA), and Richard Blumenthal (D-CT) on Thursday released customs border patrol logoa letter from the Department of Homeland Security (DHS) Inspector General (OIG) detailing its investigation into the alleged compiling of lists and targeted government surveillance of journalists, activists, and lawyers at the U.S.-Mexico border by Customs and Border Protection (CBP).

Amazon’s lead EU data regulator is asking questions about Alexa privacy (TechCrunch) Amazon’s lead data regulator in Europe, Luxembourg’s National Commission for Data Protection, has raised privacy concerns about its use of manual human reviews of Alexa AI voice assistant recordings. A spokesman for the regulator confirmed in an email to TechCrunch it is discussing the …

Judge voids share waiver by co-founder of $220m startup (Globes) Tel Aviv District Court judge Magen Altuvia found that Moshe Ben-Abu's partners deprived him of most of his stake in cybersecurity company Cyvera, which was sold to Palo Alto for $220 million.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Cybersecurity Summit, New York (New York, New York, USA, August 13 - 14, 2019) The Cybersecurity Summit, New York, invites information security practitioners to learn about the latest trends in data breaches and frauds, and about mitigation strategies. ISMG’s Global Summit focuses...

Virginia Cybersecurity Education Conference (Fairfax, Virginia, USA, August 13 - 14, 2019) The goal of the Virginia Cybersecurity Education Conference is to get attendees thinking about ways to engage students at all grade levels in hands-on, meaningful educational activities related to cybersecurity.

AcceleRISE (Minneapolis, Minnesota, USA, August 14 - 16, 2019) Prepare for your future. Designed for young industry professionals like yourself, and presented by SIA, AcceleRISE brings together tomorrow’s security leaders for two-plus days of idea sharing, coaching, The conference, hosted by SIA’s RISE community for young professionals and those new to the industry, will present blended learning sessions featuring a mix of keynotes, panel sessions, team building exercises, peer networking and workshops.

PCI Security Standards 2019 Latin America Forum (São Paulo, Brazil, August 15, 2019) Don’t miss the data security event of the year for the payment card industry. We provide you with the information and tools to help secure payment data. We lead a global, cross industry effort to increase...

Austin Cybersecurity Conference (Austin, Texas, USA, August 15, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.