skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

Swell prizes for lucky survey takers.

We're working to improve the quality, relevance and overall value of the CyberWire’s content, and so we’ve put together a short audience survey that should take five minutes or less to complete. This survey is (obviously, we needn't add, but will) completely voluntary, anonymous and confidential. Click here to take our survey and look for your chance to win some official CyberWire swag at the end.

Ars Technica and others report that Risk Sense has a BlueKeep proof-of-concept exploit.

The EU's mission to Moscow suffered a long-running "sophisticated cyber espionage event" that began in February 2017 and continued through its discovery in April, BuzzFeed reports. Russian organizations, probably intelligence services, are believed to be behind the attack, which netted the hackers an undisclosed haul of information. The EU did not disclose the incident, evidently not wishing to roil political waters on the eve of European elections.

Symantec's report on Russian influence operations in the 2016 US elections reveals Moscow's efforts to have been more extensive, more patient, and more balanced, ideologically, than previously assumed. A core group of main accounts (often bogus news services) was supported by a very large number of auxiliary accounts responsible for amplification. Messaging was designed to appeal to left and right roughly equally, with the most disaffected partisans most heavily targeted.

C4ISRNET suggests a possible motive for Russian GPS spoofing in the Black Sea: executive protection against drones. The incidents were highly correlated with President Putin's movements.

Lookout finds the advertising plug-in "BeiTaAd" in a lot of Google Play apps—about 230. This is more than just mildly irritating: BeiTaAd uses obfuscation normally seen in malware to obtrude itself into users' attention, yammering wildly across lockscreens, hooting video ads while the phone's supposed to be asleep, and so on. More than 440-million devices are believed to be infested. BeiTaAd can be hyperactive enough to render a phone effectively unusable, Threatpost comments.

Notes.

Today's issue includes events affecting Australia, Canada, China, European Union, France, Israel, Russia, United Kingdom, United States, and Vietnam.

Bring your own context.

Is it possible to devise a security system that can't be defeated by inventive human laziness, more or less well-intentioned, but still at bottom ergophobic? What about this blockchain thing we've heard about?

"Basically, the way you interact with the blockchain is you have a secret, which is known as a private key. If you're the holder of that private key, you can commit funds to the blockchain and you can take funds out. The private key is basically like a PIN number to your bank account. If anybody is able to get that private key, they can steal your funds. I was researching one day how exactly your private key is generated, and during my research, I found that people were using the private key of 1. The private key is supposed to be 78 digits long... But, you know, somebody decided, hey, let's use 77 digits, all of those being zero, and then the last digit is 1. So, effectively, they had the private key of 1. And if you go in and look at that address that's generated from a private key of 1, you'll see thousands of transactions committed to that key. So there've been lots of people interacting and colliding using this shared private key."

—Adrian Bednarek, senior security analyst at Independent Security Evaluators, hipping everyone to Ethercombing on Reserch Saturday's 6.1.19 edition.

What? Technically, seventy-seven zeroes followed by a one is seventy-eight digits, right? So what's the problem? Next time make it seventy-seven ones and a zero. What? That wouldn't do it either? There's no pleasing this blockchain thing...

Get the In-Depth Guide to Operationalizing Threat Intelligence.

Threat intelligence is critical but often difficult to manage, automate, or operationalize. Threat Intelligence Gateways are an exciting, emerging network security technology that take the heavy lifting out of making threat intelligence actionable, operational, and useful. Learn about how this technology is turning threat intelligence into action to block threats at scale in the whitepaper, Operationalizing Threat Intelligence: An In-Depth Guide to Threat Intelligence Gateways.

In today's podcast, out later this afternoon, we speak with our partners at the SANS Institute, as Johannes Ullrich (Dean of Research and proprietor of the ISC Stormcast podcast) discusses the implications of Google's throwing its weight behind MTA-STS, a protocol intended to make e-mail more secure. Our guest, Josh Stella from Fugue, talks about security and compliance in cloud infrastructure.

In case you missed it, Recorded Future's latest podcast, produced in partnership with the CyberWire, is also up. This episode, #110, deals with "Advocating OWASP, Securing Elections, and Standing Your Ground." The featured guest is Tanya Janca, senior cloud advocate at Microsoft,

And, of course, Hacking Humans is out. In this episode, "The best way to break in is to walk through the front door," Joe describes one of history’s great con artists, Victor Lustig, who sold the Eiffel Tower. Twice. Dave shares a story from a listener involving a UPS tracking number scam. The catch of the day involves am attempted romance scam on the XBOX platform. Dave interviews Sherri Davidoff, CEO of LMG Security and the hacker named “Alien” in Jeremy Smith’s Breaking and Entering. She has her own book coming out later this year, Data Breaches: Crisis and Opportunity.

Cyber Howard Conference (Columbia, Maryland, United States, June 19, 2019) Join us for our 10th annual cyber conference in Howard County. We will tackle the topic of Cyber Sensemaking which is a fluid and continuous approach for establishing better defenses and best practices as a cyber community.

Cyber Warrior Women Summer Social: Sip and Paint (Columbia, Maryland, United States, August 21, 2019) Join the Cybersecurity Association of Maryland, Inc. (CAMI) for the annual Cyber Warrior Women Summer Social, an all-about-fun-and-networking event! We're adding an artistic element to this year's event with a wine glass painting exercise. No previous art experience required.

Cyber Attacks, Threats, and Vulnerabilities

Election Security Is Still Hurting at Every Level (WIRED) With the 2020 election fast approaching, too many problems from 2016 persist.

EU mission in Moscow discovers potential hack into systems (POLITICO) The attack reportedly took place in 2017 but was only discovered in April this year.

The EU’s Embassy In Russia Was Hacked But The EU Kept It A Secret (BuzzFeed News) A “sophisticated cyber espionage event” began in February 2017. Russian entities are believed to be behind the hack, a source told BuzzFeed News.

Vietnam Cyber Threat: Government-Linked Hackers Ramping Up Attacks (SecurityWeek) Vietnam-linked hackers have ramped up their efforts in recent years, attacking foreign economic competitors and governments alike.

Russia Effort in 2016 US Election Was 'Vast,' 'Professional' (SecurityWeek) Russia's efforts to sow misinformation on Twitter ahead of the 2016 US election was more extensive and professional than earlier believed, security researchers from Symantec say.

Russia's manipulation of Twitter was far vaster than believed (POLITICO) A cybersecurity firm analyzed a massive data set Twitter released in October 2018 on nearly 3,900 accounts and 10 million tweets.

Did Russia spoof coastal GPS to protect Putin from drones? (C4ISRNET) Multiple spoofing incidents showed ships unusually close to airports.

New BlueKeep malware proof-of-concept enables full system takeover, warns researcher (Computing) The vulnerability has seen Microsoft quickly release patches for end-of-life Windows products.

Warnings of world-wide worm attacks are the real deal, new exploit shows (Ars Technica) Latest Metasploit module is being kept private, but time is running out.

BlueKeep ‘Mega-Worm’ Looms as Fresh PoC Shows Full System Takeover (Threatpost) A working exploit for the critical remote code-execution flaw shows how an unauthenticated attacker can achieve full run of a victim machine in about 22 seconds.

NSA warns that 'BlueKeep' vulnerability in Windows XP and Windows 7 is especially dangerous (PCWorld) The National Security Agency has joined Microsoft in warning that a recent vulnerability for Windows 7 and Windows XP is "wormable" and can be exploited by malware without user intervention.

Platinum Hackers Use Steganography to Mask C&C Communications (SecurityWeek) Attacks recently attributed to the "Platinum" cyber espionage group have employed an elaborate, previously unseen steganographic technique, researchers from Kaspersky say.

Fake Cryptocurrency Trading Site Pushes Crypto Stealing Malware (BleepingComputer) Malware distributors have setup a site that impersonates the legitimate Cryptohopper cryptocurrency trading platform in order to distribute malware payloads such as information-stealing Trojans, miners, and clipboard hijackers.

Monero-Mining Malware PCASTLE Zeroes Back In on China, Now Uses Multilayered Fileless Arrival Techniques (TrendLabs Security Intelligence Blog) We saw a campaign that uses multiple fileless techniques to deliver a cryptocurrency-mining malware, including the use of EternalBlue exploit.

440 Million Android Users Plagued By Extremely Obnoxious Pop-Ups (Threatpost) The mobile ad plugin, found in hundreds of Google Play apps, uses well-honed techniques from malware development to hide itself.

New adware "BeiTaAd" found hidden within popular applications in app store (Lookout) BeiTaAd is a well-obfuscated advertising plugin hidden within a number of popular applications in Google Play. The plugin forcibly displays ads on the user’s lock screen, triggers video and audio advertisements even while the phone is asleep, and displays out-of-app ads that interfere with a user’s interaction with other applications on their device.

Wajam: From start-up to massively-spread adware (WeLiveSecurity) ESET researchers show how a "social search engine" application has become an adware operation that keeps changing its tactics in a bid to avoid detection.

Critical Vulnerabilities Lead to Account Takeover in Major IPTV Streamer (SecurityWeek) Critical vulnerabilities have been found in the Ukrainian IPTV video streaming platform Ministra, which uses Infomir-manufactured set top boxes (STBs) to transmit streaming content from the platform to end users' televisions.

Crime doesn't pay? Crime doesn't do secure coding, either: Akamai bug-hunters find hijack hole in bank phishing kit (Register) Absolutely criminal behavior – unrestricted file upload, really?

Buggy Phishing Kits Allow Criminals to Cannibalize Their Own (Threatpost) The vulnerable kits also offer a point of entry to compromise legitimate website servers.

Identifying Vulnerabilities in Phishing Kits (Akamai) While recently examining hundreds of phishing kits for ongoing research, Akamai discovered something interesting - several of the kits included basic vulnerabilities due to flimsy construction or reliance on outdated open source code. Considering the impact phishing kits have on...

LabCorp: 7.7 Million Consumers Hit in Collections Firm Breach (KrebsOnSecurity) Medical testing giant LabCorp. said today personal and financial data on some 7.7 million consumers were exposed by a breach at a third-party billing collections firm. That third party — the American Medical Collection Agency (AMCA) — also recently notified competing firm Quest Diagnostics that an intrusion in its payments Web site exposed personal, financial and medical data on nearly 12 million Quest patients.

#Infosec19 Dark Web Sales Offer Network Access for $10,000 (Infosecurity Magazine) Access to FTSE 100 and Fortune 500 corporate networks has increased on the dark web.

Inside the Operations of a West African Cybercrime Group (SecurityWeek) Security researchers documented the of evolution a Nigerian cybercriminal group from its emergence as a one-man shop into a large business email compromise (BEC) operation employing dozens of threat actors.

The People of Baltimore Are Beginning Their Fifth Week Under Electronic Siege (Defense One) It's more important than ever to be vigilant, responsible digital citizens.

Baltimore calls for federal emergency declaration after cyber attack (Smart Cities World) City council president wants the federal government to have a larger supporting role in helping the city recover from the attack that disabled computer systems and key citizen services.

Cyber Criminals Are Making Bank Using Stolen Doctor Credentials on the Dark Net (Gizmodo) A new report by a leading cybersecurity firm finds that healthcare organizations are becoming an increasingly attractive target for criminal hackers due to the premium that black markets place on private health information—and in particular, the credentials of physicians that can be used to facilitate health insurance fraud.

Healthcare Cyber Heists in 2019 | Carbon Black (Carbon Black) To better determine how these cybercriminals are hiding behind invisibility cloaks to remain undetected, Carbon Black conducted a survey, comprising input from CISOs of many of the world’s largest financial institutions. The purpose of the survey is to improve telemetry for threat hunt teams and defenders. Read the report to learn more.

Ellwood City Medical Center Victim Of Cyber Attack, Not Sure If Patient Records Were Exposed (CBS Pittsburgh) Ellwood City Medical Center officials are investigating whether any patient records were compromised Tuesday after a cyber attack.

Comment: Australian uni breach (Information Security Buzz) Following news that an Australian university has been hacked, affecting sensitive data going back 19 years, please find below comment from SailPoint, the identity governance experts. The comment covers the importance of ensuring that sensitive data is governed by cybersecurity measures, regardless of the system in which it is kept – on premises or in the …

Security Patches, Mitigations, and Software Updates

NSA, Microsoft implore enterprises to patch Windows' 'BlueKeep' flaw before it's too late (Computerworld) The warnings refer to vulnerabilities in Windows' Remote Desktop Services that could be exploited by attackers; patches have been available since May 14.

GitLab urges users to upgrade after disclosing 13 security flaws (Computing) GitLab advises users to upgrade immediately after admitting to a series of vulnerabilities.

Patch Android! June 2019 update fixes eight critical flaws (Naked Security) It’s that time again. June’s patches for Android are here.

Unofficial Patch Available for Recent Windows 10 Task Scheduler Zero-Day (SecurityWeek) An unofficial patch has been released for a recently disclosed zero-day vulnerability in Windows 10’s Task Scheduler.

Cisco Fixes High Severity Flaws in Industrial, Enterprise Tools (BleepingComputer) Cisco patched two high severity improper input validation vulnerabilities found in the update feature of the Cisco Industrial Network Director (IND) software and the authentication service of Cisco Unified Presence (Cisco Unified CM IM&P Service, Cisco VCS, and Cisco Expressway Series).

Cyber Trends

Trust nothing: A life in infosec is a life of suspicion (Help Net Security) Like many before him, Amit Serper started his cybersecurity career in one of Israel's intelligence agencies. Nine years later, he left for the private

Do personality traits matter in cyber security? (ITWeb) Certain personality traits seem to make us more or less likely to fall prey to specific attacks or scams, says Anna Collard, MD and founder of Popcorn Training – a KnowBe4 company.

SolarWinds Finds Insider Threats Cited as Leading Cause of Security Incidents (Nasdaq) New Study Underscores the Need for Affordable, Accessible Security Solutions

Many Americans Say Made-Up News Is a Critical Problem That Needs To Be Fixed (Pew Research Center's Journalism Project) Many Americans say the creation and spread of made-up news and information is causing significant harm to the nation and needs to be stopped, according to

#Infosec19: Infosecurity's Second State of Cybersecurity Report, Available Now (Infosecurity Magazine) Launching Infosecurity's second State of Cybersecurity Report

Apps: Gateway to Your Private Data (Infosecurity Magazine) For companies that store personal data, there is a hefty burden of responsibility.

Marketplace

China grants first 5G licenses amid Huawei global setback (TechCrunch) It’s official. After much anticipation, China named the first companies to receive 5G licenses for commercial use on Thursday. The announcement from the Ministry of Industry and Information Technology, the country’s telecoms authority, came as Huawei, the Chinese company that captured n…

In race for 5G, European companies hope to profit from security doubts over Chinese giant Huawei (Yahoo News - Latest News & Headlines) Nokia CEO Rajeev Suri in the past has boosted Nokia’s more secure products and hinted Huawei’s failure would be Nokia’s ultimate gain. “Ultimately, it’s for the country” looking to purchase 5G networks “to decide, not for Nokia,” said Lindroos.

Sophos Halts Cybersecurity Sales, Patches to Huawei (ChannelE2E) Sophos halts sales to Huawei; tells channel partners to cease cybersecurity sales to the China-based technology company. U.S. vs. Huawei showdown escalates.

Ripping Huawei out of US networks could be a nightmare for rural providers (The Verge) As the US tries to drive out the Chinese manufacturer, rural carriers are bracing for impact

Rural telecoms, including Alaska, worry over Huawei order (Alaska Journal) A new rule about how telecommunications companies can use some of their funding from the federal government may poke a hole in their wallets, especially as they are looking to migrate their networks to 5G.

Which Cybersecurity Career Is Right For Me? (Inside Out Security) Finding the right career path in the cybersecurity industry isn’t always easy. We interviewed cybersecurity experts to find out what inspired them!

CrowdStrike cybersecurity competitor scores $120M in funding (Silicon Valley Business Journal) Mountain View-based SentinelOne, led by Tomer Weingarten, raised $120 million in new funding for its automated endpoint data security.

Elastic Announces Intent to Acquire Endgame (Elastic) Proposed acquisition will add Endgame’s endpoint security product into the Elastic Stack; joint product development and go-to-market will extend Elastic’s existing SIEM efforts

Welcome Endgame: Bringing Endpoint Security to the Elastic Stack (Elastic Blog) We are excited to announce that we have entered into an acquisition agreement to join forces with Endgame, Inc. an endpoint security company.

He Sold His First Business For $190 Million And Just Sold His Second One For $780 Million (Forbes) Christopher Ahlberg has raised millions of dollars for his data intelligence, AI and cybersecurity startups, and just sold his most recent venture for $780 million.

Advancing transparency and accountability in the cybersecurity industry (Help Net Security) NSS Labs, the Texas-based company that specializes in testing the world’s security products, has a new CEO: Jason Brvenik.

Palo Alto Networks Investors Shouldn't Miss the Big Picture (The Motley Fool) The cybersecurity specialist's drop is a buying opportunity.

The Most Important Details Behind The CrowdStrike IPO (Seeking Alpha) CrowdStrike, a cybersecurity firm famous for its fighting against foreigner hackers, has filed for a $4.5 billion IPO which could raise up to $476 million. The

Palantir Dropped by Berkeley Privacy Conference After Complaints (Bloomberg) Privacy Law Scholars Conference ends sponsorship arrangement. Critics of data-mining company cite work on U.S. immigration.

Labs are for nerds, it's simply Kaspersky now – just hold still while we cyber-immunise you (Register) Inoffensive, nondescript logo screams 'building a safer world'

Dimension Data name and brand to start disappearing next month (CRN Australia) Parent company is rebranding everything to NTT.

Innovative Solutions to Enhance Cybersecurity (Times of Israel) In recent years, our world has become hyper-connected, and while that offers many substantial benefits to both corporations as well as individuals, these benefits come with a hefty price tag on our privacy and security.

Armis Expands Leadership Team with the Appointment of Jeff Williams as CRO to Fuel Next Stage of Growth (PR Newswire) Armis, the enterprise IoT security company, today announced Bain Capital Ventures Operating Partner Jeff...

Products, Services, and Solutions

7 Big Security Surprises Coming to macOS 10.15 Catalina (SentinelOne) Apple have announced big security changes to macOS 10.15 Catalina. How will they affect the enterprise? Find out with our early-bird take on what's new.

Teramind Puts Privacy First: Delivers Industry's Most Privacy-aware Employee Monitoring, Insider Threat Prevention and DLP Platform (Benzinga) Teramind Inc. (https://www.teramind.co/), a leading global provider of employee monitoring, user & entity behavior analytics ("...

Application Security – Solving the Hardest Problem First (Cequence Security) CQ appFirewall takes full advantage of the ongoing customer feedback, threat research, and feature enhancements we have made over the past three years.

Furnace - Developers Eliminate Cloud Lock-In and Accelerate Data Driven Businesses with Powerful Serverless Platform: Now Native Across AWS, Microsoft Azure and Google Cloud Platform (West) Simplifies multi-Cloud strategies, speeds development of complex ‘big data’ pipelines and creates new levels of application-dev velocity - ‘Zero to Hero’ in days, not months

Fugue Releases Unified SaaS Product for Autonomous Cloud Infrastructure Security & Compliance (Fugue) Fugue Platform and Risk Manager merge along with a new API for an easy-to-use solution that enables a “Shift Left” on cloud security and compliance

Optiv Security Launches New Cloud Threat Monitoring and Compliance as-a-Service Offering to Help Organizations Harden Security Fundamentals and Reduce Cyber Digital Transformation Risk (BusinessWire) Cloud services provide the speed and agility necessary for enterprises to transform business. However, the dynamic and intangible nature of cloud is c

Optiv Security Doubles Down On Client Success with New Services Approach, Business and Engagement Model; Further Advances Ability to Help Global Clients Optimize, Integrate and Operationalize Cybersecurity (BusinessWire) Optiv Security today announced it has implemented a new cybersecurity services approach, business and engagement model.

35 of the Best Information Security Podcasts to Follow in 2019 (Digital Guardian) Podcasts are a go-to resource for security professionals – here's our roundup of 35 of the top podcasts covering information security.

Technologies, Techniques, and Standards

The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) Joins Cyber Readiness Institute (CRI) Champion Network (Cyber Readiness Institute) The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) today was named a Cyber Readiness Champion, enabling retailers, restaurants, hotels, gaming casinos, consumer product manufacturers and other customer-facing companies to access free resources and tools from the Cyber Readiness Institute (CRI).

How William Hill's CISO sells cyber security to the board: Simple, practical, pragmatic and obvious (Computing) CISOs need to sell security to the board like a marketeer, says William Hill's Group CISO Killian Faughnan.

How Deception Technology Can Defend Networks and Disrupt Attackers (SecurityWeek) Experts say that deception technology works and it’s one of the last bastions of active asymmetrical defense that we have to help blue teams start to gain ground on defending their organizations.

Creating Data-Powered Products and Services in the Age of Privacy (Cooley) On Friday, June 14, Cooley’s cyber/data/privacy practice will be hosting an event focused on the use of data in the development of products and services in our New York office. The intense fo…

Unclassified data creates security blind spots for most companies (Help Net Security) 52% of all data within organizations remains unclassified, indicating that businesses have no visibility, creating a target for hackers.

Embrace chaos to improve cloud infrastructure resilience (Help Net Security) Netflix is a champion of using chaos engineering to improve the resilience of its cloud infrastructure. That’s how it ensures its customers don’t have

#Infosec19: Identify and Protect your Very Attacked People (Infosecurity Magazine) Identify and protect your “very attacked people” as attackers look for high value targets

82nd Airborne Division hosts cyber network defense class (DVIDS) The 82nd Airborne Division hosted its first cyber network defenders class at the division headquarters, on Fort Bragg, May 31, 2019. The All American Cyber Academy provided 15 students further training on network defense tools taught in Advanced Individual Training. It also introduced students, attending the academy, to new techniques and practices to better defend Army networks.

Design and Innovation

Created By Former Palantir and Microsoft Engineers, Tonic Makes Fake Data That Looks Just Like the Real Thing (Hypepotamus) Synthetic data provider Tonic generates realistic synthetic data that looks and acts just like your actual customer data, with just a few clicks.

Our ongoing work to tackle hate (Official YouTube Blog) Over the past few years, we’ve been investing in the policies, resources and products needed to live up to our responsibility and protect th...

In trying to clear “confusion” over anti-harassment policy, YouTube creates more confusion (TechCrunch) After a series of tweets that made it seem as if YouTube was contradicting its own anti-harassment policies, the video platform published a blog post in an attempt to clarify its stance. But even though the post is supposed to “provide more details and context than is possible in any one string of …

YouTube just banned supremacist content, and thousands of channels are about to be removed (The Verge) YouTube is trying to reduce the prevalence of extremist content on the platform

YouTube bans hate speech in crackdown on white supremacists  (The Telegraph) YouTube will delete tens of thousands of videos glorifying Nazi ideology and extremist views online in its latest move against "hateful" speech.

YouTube bans neo-Nazi and Holocaust-denial videos in push against hate speech (Ars Technica) White supremacists and others who promote discrimination will be banned.

YouTube says 'homophobic harassment' is allowed on its site (The Telegraph) YouTube has been accused of allowing homophobic slurs and harassment on its service after it declined to remove videos which targeted a gay journalist.

YouTube deletes award-winning history teacher's videos in 'hate speech' purge (The Telegraph) A history teacher said he was “devastated” after his YouTube account, which has become popular among GCSE students learning about World War II, was banned by the video-sharing website for violating its hate speech policy.

YouTube Confuses Everyone, Satisfies Nobody With Half-Measure Against Homophobe Steven Crowder (The Daily Beast) Right-wing performer gay-bashed a Vox reporter for years. They initially declined to do anything, then ‘demonetized’ him, then gave alternating explanations for why.

How Mr. Robot ‘fudged’ its hacks to protect the public (IT PRO) Showrunners debated over how accurate to make the show’s exploits

Research and Development

Following Schrödinger’s cat to its death and giving it a reprieve (Ars Technica) Spotting a superposition state's formation predicts oncoming random event.

Academia

Augusta Cyberworks Academy offers free course to community (WRDW) The Augusta and CSRA community has the chance to learn a little more about the cyber world.

NETSCOUT Partners with UMass Lowell to Protect the University’s Network from Cyber Attacks (BusinessWire) NETSCOUT Donating Arbor Edge Defense Software and Hardware to IT Department

Legislation, Policy, and Regulation

Russia and Iran Plan to Fundamentally Isolate the Internet (WIRED) Opinion: Russia and Iran’s decisions to build isolated, domestic internets represent a new form of internet fragmentation—one that is far more physical than what we’ve seen before.

Trump to seek consensus on China pressure with France's Emmanuel Macron (Foreign Brief) President Trump is set to meet with French President Emmanuel Macron today in Normandy. The two will focus on the

Pentagon, NASA seek industry advice on banning Huawei, ZTE products before August deadline (Inside Cybersecurity) The Defense Department and NASA have announced a public meeting next month to get industry advice and concerns about implementing a ban on federal purchases of telecommunications equipment from China-based companies Huawei and ZTE, prior to an August deadline under the defense authorization law enacted last year.

HikVision's Case Raises Awareness of National Security and Human Rights Risks (NTD News) The Trump administration may place restrictions on five Chinese companies that make surveillance equipment in an effort to ...

Government can’t clearly say what £1.9bn security strategy will achieve, warn MPs (NS Tech) The Cabinet Office has come under fire for failing to clearly articulate what the £1.9bn National Cyber Security Strategy will have achieved by the time it has concluded in 2021. A review by the Publi

Experts Call For IoT Security Regulation (Threatpost) Experts hope to see regulation for connected devices security in 2020.

A Cyber Force for Persistent Operations (Joint Forces Quarterly) Harvard’s Samuel Huntington, then just 27, asked the U.S. Navy in 1954, “What function do you perform which obligates society to assume responsibility for your maintenance?”

Cyber Command’s Strategy Risks Friction With Allies (Lawfare) The U.S. may have to operate in allied networks to adequately check its adversaries. Allies may not be so keen.

Senate Intelligence Committee summons mysterious British security consultant (POLITICO) The committee has asked Walter Soriano for a closed-door interview and documents.

Securing Our Cyber Future (Stanford University) Download the new white paper "Securing American Elections: Prescriptions for Enhancing the Integrity and Independence of the 2020 U.S. Presidential Elections and Beyond," by Stanford scholars affiliated with the new Cyber Policy Center using the button below.

DHS needs help peeking into state and local networks, cybersecurity official says | StateScoop (StateScoop) Rick Driggers, the deputy assistant director of the Cybersecurity and Infrastructure Security Agency, said more information-sharing agreements are needed.

Feds to test North Carolina election computers for hacking (Bismarck Tribune) More than two years after North Carolina check-in software failed on Election Day, federal authorities will finally examine equipment from a company targeted by Russian military

A Push to Protect Political Campaigns from Hackers Hits a Snag (WIRED) The FEC may prevent an anti-phishing firm providing its services to campaigns for free or cheap.

Analysis | The Cybersecurity 202: FEC poised to limit who can give political campaigns free cybersecurity help (Washington Post) Non-profits are OK. Companies, apparently not.

Lawmakers promotes cyber education, accountability in defense bill (FCW) House defense panels think DOD's cyber recruiting efforts -- and cyber tools -- are too spread out to be effective.

Draft NDAA Includes Multiple Requirements for DoD IT (MeriTalk) The House Armed Services Committee draft version of the fiscal year 2020 National Defense Authorization Act (NDAA), released June 3, includes multiple provisions that would increase congressional oversight over multiple Defense Department (DoD) technology initiatives.

Rebel with a cause (C4ISRNET) Chris Lynch reflects on his years guiding the Defense Digital Service and how his

CYBERCOM Official Calls Data Fusion ‘Critical’ Among Intel Agencies (MeriTalk) David Luber, Executive Director and third highest ranking official at U.S. Cyber Command, said today it is vital for intelligence agencies to embark on “data fusion” efforts that will create interoperability of data and data-handling systems between agencies.

Litigation, Investigation, and Law Enforcement

Kelkoo contacts US antitrust authorities over Google (Computing) Kelkoo believes that not enough is being done in Europe to tackle Google's unfair promotional practices.

’A bad, sad and dangerous day’: Australian police raid public broadcaster, seize emails and documents (Washington Post) Federal police reviewed thousands of documents related to the Australian Broadcasting Corporation's reporting on misconduct by soldiers in Afghanistan.

Meg Whitman: Mike Lynch's conduct during HP's Autonomy takeover was 'completely unnacceptable' (Computing) Whitman claims that Lynch only informed her of impending quarterly revenue shortfalls at Autonomy at 'the eleventh hour'.

Despite disclosure laws, cybercrime may be widely underreported (Help Net Security) ISACA's 2019 State of Cybersecurity Study found that attack volume will increase and cybercrime may be vastly underreported.

Tennessee Valley Authority Isn't Compliant with Federal Directives (Infosecurity Magazine) The review was part of an annual audit plan to ensure the TVA's websites and emails were federally compliant.

ATM skimming crook behind bars after draining bank accounts for 2 years (Naked Security) A multi-state ATM card-skimming spree netted his gang over $800k from 531 people’s bank accounts.

Judge allows racist FB page as evidence in fatal stabbing of newly commissioned 2nd lieutenant (Army Times) Racist memes on a cellphone and a racist Facebook page can be used as evidence in the trial of a white man charged with murder and a hate crime in a black student’s fatal stabbing on the University of Maryland’s campus, a judge ruled Wednesday.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Hack the Sea (Las Vegas, Nevada, USA, August 8 - 11, 2019) Hack The Sea is a three day mini-conference that will be held in the villages of DEF CON 27. Hack The Sea will provide a variety of hands-on, collaborative learning experiences ranging from mini-workshops...

PCI SSC 2019 North America Community Meeting (Vancouver, British Columbia, Canada, September 17 - 19, 2019) The PCI Security Standards Council’s 2019 North America Community Meeting is THE place to be. We will provide you with the information and tools to help secure payment data. We lead a global, cross industry...

Upcoming Events

Cybertech Midwest 2019 (Indianapolis, Indiana, USA, April 24 - July 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...

National Cyber Summit (Huntsville, Alabama, USA, June 4 - 6, 2019) National Cyber Summit is the nation’s most innovative cyber security-technology event, offering unique educational, collaborative and workforce development opportunities for industry visionaries and rising...

Infosecurity Europe (London, England, USA, June 4 - 6, 2019) Europe’s Leading Event for Information and Cyber Security Bringing business, tech and cyber communities together to discuss and discover how best to protect companies and individuals. Join in to find ‘everyone...

Seattle Cybersecurity Conference (Seattle, Washington, USA, June 6, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Gateway Innovation Center: Partners in Cyber (Columbia, Maryland, USA, June 6, 2019) The Howard County Economic Development Authority will host a multifaceted panel event on June 6. Each of our speakers represents leading cyber and technology organizations in the region which provide valuable...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.