skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

News from the 10th Annual Billington CyberSecurity Summit

Some additional notes from last week's Billington CyberSecurity Summit, including reflections on inherent government responsibilities with respect to cybersecurity from NCSC's Ciaran Martin. And the US Department of Defense finds it more difficult to retain cyber operators than it does to recruit them in the first place.

The distributed denial-of-service attack that struck Wikipedia over the weekend remains under investigation, but BleepingComputer reports some speculation that the incident was the result of a botnet testing round. (They also report that the UK's NCSC recommends dusting off DDoS protection advice it's offered for some time.)

ESET says it's associated a hitherto overlooked backdoor with Stealth Falcon. Stealth Falcon itself has been connected by the University of Toronto's Citizen Lab with the distribution of spyware against a range of Middle Eastern targets. It's regarded as being, probably, a United Arab Emirates' operation, linked to Project Raven, which Reuters described earlier this year.

In a disclosure coordinated with manufacturer Telestar Digital, Vulnerability-Lab reports that Dabman and Imperial web radios were vulnerable to exploitation through an "undocumented Telnet service on the standard port 23." Telestar has fixed the vulnerabilities.

Toyota Boshoku, a parts unit of Toyota Group, continues to investigate a business email compromise scam in a European subsidiary that may have cost the company ¥4 billion (approximately $37 million). According to Infosecurity Magazine, the incident occured on August 14th, and if it followed the usual business email compromise template, the theft depended on social engineering.

The Washington Post reports that in 2017 the US exfiltrated an "asset" (a source, an agent) from Russia. The asset had provided the US with information about 2016 Russian election hacking.

Today is Patch Tuesday, and updates will appear throughout the day. Ivanti recently offered a forecast of Microsoft's expected patches in Help Net Security.


Today's issue includes events affecting Australia, Canada, China, Czech Republic, European Union, India, Japan, Republic of Korea, Netherlands, Oman, Philippines, Poland, Russia, Saudi Arabia, Thailand, Ukraine, United Arab Emirates, United Kingdom, United States.

Bring your own context.

What lessons can CISOs learn from venture capitalists?

"VCs are used to working with the financial stakeholders. They're used to building funds and generating specific targeted returns, but, you know, you look at a lot of the folks that move into these roles of CISO and CSO. There is not a lot of training, whether it's how to put cybersecurity into a business context and think of it as a kind of key strategic plank for the business, whether it's defining the risk not as an IT risk but as an enterprise risk. You know, those kinds of strategic skills and that kind of board interaction are not commonplace in terms of their career path development, so gaining those skills and building that capability, I think, is one of the really significant challenges facing most CISOs."

—Doug Grindstaff, senior vice president of cybersecurity solutions for the CMMI Institute, on the CyberWire Daily Podcast, 9.6.19.

Think in terms of enterprise risk, and pay close and continuous attention to the stakeholders.

Conduct secure and anonymous research on the open and dark web.

If you are doing online research, the common web browser can betray you by exposing you and your organization to cyber attacks. Authentic8, the maker of Silo Cloud Browser and Silo Research Toolbox, ends this betrayal. Silo insulates and isolates all web data and code execution from user endpoints, providing powerful, proactive security even if you are gathering data and collections across the deep and dark web. Learn more.

In today's podcast, out later this afternoon, we talk with our partners at Booz Allen Hamilton, as Michael Sechrist discusses how geopolitical issues spill over into cyber security. Our guest, Ashish Gupta from Bugcrowd, talks through the economics of hacking and the adoption of ethical hacking.

And Recorded Future's podcast, produced in cooperation with the CyberWire, is up. In this episode, "The Intersection of Political Science, Risk Management, and Cybersecurity," Matt Devost, CEO and co-founder of OODA LLC, shares his insights on managing cyber risk in a complex world, as well as his thoughts on threat intelligence.

Cyber Security Summits: September 17 in Charlotte and October 3 in NYC (Charlotte, North Carolina, United States, September 17, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The NSA, The FBI, Google, IBM, Darktrace, and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Passes are limited, secure yours today:

Second Annual DataTribe Challenge (Online, October 1, 2019) Register now for a chance to be DataTribe's next world-class company. Finalists will split a $20,000 prize, and the winner may receive $2m in funding from DataTribe. Contestants have until October 1st to apply at­.

Dateline 10th Annual Billington CyberSecurity Summit

Recruiting Cyber Workforce Easier Than Retaining Them (U.S. DEPARTMENT OF DEFENSE) The military is doing a great job recruiting cyber talent into military and civilian service, but retention is more difficult, said the deputy assistant secretary of defense for cyber policy said.

Lessons learned, presented by the UK's NCSC. (The CyberWire) If NCSC CEO Ciaran Martin has learned anything during his tenure at the Centre, it's that pieties about public-private partnership can be a recipe for inaction, and that governments need to step up and understand their inherent responsibilities in cyberspace.

New cyber directorate reorgs to help NSA shift focus on nation state adversaries (Federal News Network) Anne Neuberger, the director of cybersecurity at NSA, said the new cybersecurity directorate is expected to reach initial operational capability on Oct. 1 and full operational capability by Dec. 31.

Thoughts on preventing a cyber 9/11. (The CyberWire) Public and private sector leaders share thoughts on how to prevent a "cyber 9/11." There are lessons to be learned from preparing for and responding to natural disasters.

Warfighting in the fifth domain. (The CyberWire) A Marine Corps dictum: when good people meet bad process, bad process wins. Major General Crall, Deputy Principal Cyber Advisor and Senior Military Advisor for Cyber Policy in the Department of Defense, reminded the summit that, "This is all about outcomes."

Can states get ahead of election system cyberthreats? (Fifth Domain) A federal agency charged with protecting critical infrastructure is raising awareness of cyber hygiene resources before the 2020 election.

CISA's vision. (The CyberWire) A young agency offers a fresh perspective on cybersecurity, and the way it intends to accomplish its mission.

CDM Prepares to Release Cybersecurity Assessment Results (Executive Gov) The Continuous Diagnostics and Monitoring program will release cybersecurity risk scores of differen

OMB Updating CyberStat Security Assessment Program Ahead of FY20 (Executive Gov) The Office of Management and Budget is planning to modify its CyberStat program for evaluating agenc

Cyber Attacks, Threats, and Vulnerabilities

ESET Discovers Backdoor Linked to Stealth Falcon Group (Infosecurity Magazine) ESET discovers backdoor linked to malware used by group attacking Middle East with spyware

ESET discovered an undocumented backdoor used by the infamous Stealth Falcon group (WeLiveSecurity) Analysis of a backdoor linked to Stealth Falcon, an operator of targeted spyware attacks against journalists, activists and dissidents in the Middle East

Telnet backdoor vulnerabilities impact over a million IoT radio devices (ZDNet) Devices can be remotely exploited as root without any need for user interaction.

Potential 'Mirai-style botnet' could be created via Telestar Digital Radio vulnerabilities (SC Media) Two security holes in popular IoT products, relating to telnet, open ports and weak hardcoded passwords reminiscent of the methods used by the Mirai botnet, reveal just how vulnerable IoT devices remain.

Critical vulnerabilities in Telestar IoT radio devices could enable attackers to remotely capture systems (Computing) Hackers can also transmit audio as commands and force a play stream using the security bugs

Imperial & Dabman Internet Radio - Undocumented Telnetd & Code Execution (Vulnerability) A few weeks ago, in the context of a security, we had carried out individual investigations following an anomaly in a private network.

Oklahoma pension fund reports $4.2 million cyber theft (Fifth Domain) Duane Michael, the executive director of pension system, told The Oklahoman newspaper that the theft happened Aug. 26 after an employee's email account was hacked.

Over $37 Million Lost by Toyota Boshoku Subsidiary in BEC Scam (BleepingComputer) Toyota Boshoku Corporation, a car components manufacturer member of the Toyota Group, announced today that one of its European subsidiaries lost more than $37 million following a business email compromise (BEC) attack.

Toyota's European subsidiary loses £30 million in BEC scam (SC Magazine) Cyber-criminals have swindled a major Toyota supplier for £30.3 million through its European subsidiary - investigation underway.

Toyota Subsidiary Suffers $37m BEC Loss (Infosecurity Magazine) Toyota Subsidiary Suffers $37m BEC Loss. Car parts maker was tricked into wiring four billion yen

Discovery of European subsidiary being subject of fraud (Toyota Boshoku) Toyota Boshoku Corporation (TOKYO:3116) announce a recent case involving fraudulent payment directions from a malicious third party that has resulted in a financial loss at our European subsidiary.

Bots evolving to better mimic humans during elections (Help Net Security) Bots or fake accounts enabled by AI on social media have evolved and are now better able to copy human behaviors in order to avoid detection.

URGENT/11 - New ICS Threat Signatures by Nozomi Networks Labs (Nozomi Networks) A well-known RTOS (Real-Time Operating System), widely used in industrial sectors, is at risk from a series of 11 vulnerabilities dubbed URGENT/11.

Wikipedia DDoS Attacks Prompt NCSC to Remind of DoS Mitigation (BleepingComputer) UK's National Cyber Security Centre urges organizations worried about Denial-of-Service (DoS) attacks to implement mitigation measures following a worldwide Wikipedia outage caused by Distributed Denial-of-Service (DDoS) attacks.

Wikipedia went offline in various countries after a Cyber Attack (Digital Information World) Recently, Wikipedia went offline after a malicious attack and we are worried about it.

US city balks at paying $5.3 million ransomware demand (Naked Security) The attack quickly encrypted 158 workstations – and would have been worse had it struck later in the working day.

Souderton Area School District cyber attack was ransomware (Montgomery News) The cyber attack on Souderton Area School District's computer systems was a ransomware attack, the district said in an update posted on the district website Sept. 9.

Vulnerability Summary for the Week of September 2, 2019 (CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available

Period Tracking Apps Used By Millions Of Women Are Sharing Incredibly Sensitive Data With Facebook (BuzzFeed News) Data including when women last had sex was sent to Facebook and other third-party services, according to new research shared exclusively with BuzzFeed News.

Private Instagram Posts Aren’t Exactly Private (BuzzFeed News) A shockingly simple work-around allows your followers to share private photos and videos posted to both Facebook and Instagram.

YouTube promised to halt comments on videos with young kids. It hasn't (CNET) A pedophilia scandal compelled YouTube to vow to suspend comments on videos with kids age 13 and younger. Six months later, comments are still easy to find.

Law Firm Catfishing Is Real, and It’s a Problem (Legaltech News) Aware of the urgency an email from a lawyer can invoke, hackers and scammers are pretending to be attorneys online. Can firms and their clients protect themselves?

Security Patches, Mitigations, and Software Updates

Telegram fixes bug that failed to delete ‘unsent’ photos and videos (TechCrunch) Mobile messaging app Telegram has fixed a bug allowing users to recover photos and videos “unsent” by other people. Telegram, which has more than 100 million users, has an ephemeral messaging feature that allows users to “unsend” sent messages from other people’s inbox…

WordPress 5.2.3 fixes new clutch of security vulnerabilities (Naked Security) WordPress version 5.2.3 has just appeared on the download pipe featuring half a dozen security fixes and software enhancements.

Cyber Trends

Over 430,000 cyberattack attempts within Omani cyberspace thwarted (MENAFN-Muscat Daily) Over 430,000 cyberattack attempts within the Omani cyberspace were thwarted by the cybersecurity agencies...

Among 13 countries, Philippines most worried about data security (Rappler) The Unisys Security Index says 1 in 5 Filipinos stop dealing with an organization after a data breach


Microsoft, Hewlett Foundation preparing to launch nonprofit that calls out cyberattacks (CyberScoop) Microsoft and the Hewlett Foundation will soon launch a nonprofit organization known as the "Cyber Peace Institute" that calls out bad actors in cyberspace.

Cyber firm NSO vows to tackle human rights misuse (Reuters) The Israeli-based NSO Group said on Tuesday it would abide by U.N. guidelines to...

Cyware Labs Raises $3 Million in Seed Funding Led by Emerald Development Managers (BusinessWire) Cyware Labs today announced that it has raised $3 million in seed funding from a consortium of investors led by Emerald Development Managers.

Symantec’s Consumer Business Said to Draw $16 Billion Bid (Channel Partners) According to the Wall Street Journal, Permira and Advent International have proposed a deal to take over the Symantec's consumer business. The consumer unit includes the Norton antivirus and LifeLock identity protection products.

Should Symantec Agree to a Private Equity Buyout Offer? (Market Realist) After Friday's buyout offer for Symantec's Consumer Cyber Safety segment, its stock soared 4.5% to $24.52. This pushed its market cap to $15.2 billion.

Air Force asks Bowhead to provide cyber security and trusted computing for intelligence and targeting (Military & Aerospace Electronics) The AFNTI program capitalizes on signals intelligence (SIGINT) information and intelligence, surveillance, and reconnaissance (ISR) capabilities.

Abandoned And Left For Dead, CYREN Wakes Up (Seeking Alpha) CYREN is a small company with $38 million in sales and $100 million market cap.

RiskLens Appoints Cybersecurity Veterans as Chief Revenue Officer, Vice President of Products (RiskLens) Brian Stone Joins as Chief Revenue Officer, Orion Suydam as Vice President of Products as RiskLens Continues Explosive Growth as the Leader in Cyber Risk Quantification

Jackie Todd Joins Bishop Fox as Associate Vice President of Resource Management (Yahoo) Bishop Fox , the largest private professional services firm focused on offensive security ...

CyberSN Appoints Cyber Staffing Industry Veteran as President (Yahoo) Cybersecurity Staffing Industry Veteran Mark Aiello bolsters CyberSN's commitment to serve the Cybersecurity community. BOSTON, Sept. 10, 2019 /PRNewswire/ -- CyberSN, the largest technology and cybersecurity talent acquisition firm with a self-service job platform enabling employers and job seekers

Former CISO of Salesforce Joins SAASPASS Team (Yahoo) SAASPASS today announced a significant addition to its team, bolstering the firm's enterprise security expertise with the former Salesforce Chief Information ...

Veteran Cyber Threat Intelligence Leader Tommy McDowell Joins Celerium As Vice President of Strategy (Yahoo) McDowell brings nearly 20 years of experience, knowledge and insight to strengthen and expand Celerium's cyber defense solutions. McDowell has helped private sector and governmental organizations transform their cybersecurity understanding and practices in the areas of cyber threat intelligence,

Products, Services, and Solutions

GE Power and Xona Systems to Enhance Remote Operations for Energy and (PRWeb) Xona Systems, Inc., has been selected by the Remote Operations division of GE Power Digital to provide comprehensive real-time user access visibility to energy and other critical infrastructure customers across the globe.

Baffin Bay Networks Makes Global Threat Data Available with Release of Free Threat Insight Service (BusinessWire) Baffin Bay Networks Makes Global Threat Data Available with Release of Free Threat Insight Service Offers Image Analysis to Help Organizations Find Personally (PRWeb), the leading provider of data and privacy management control solutions, announced today the addition of image analysis to its platform, enabli

Symphion Applies Unique Cyber Hardening Service Solution to Broader IoT (EIN News) Symphion new service address anticipated need for cyber hardening of corporate IoT devices

Technologies, Techniques, and Standards

NIST asks for comments on new cyber resilience guidance (Continuity Central) The international business continuity management news, jobs and information portal

Can these guidelines help reduce privacy risks? (Federal Times) The National Institute of Standards and Technology released a new draft of its data privacy standards.

A year in cybersecurity: the view from industry (Army Technology) After hearing the NCSC’s insights into trends in cybersecurity, we asked cybersecurity experts about how cybersecurity threats are evolving.

Ransomware attacks are hitting local governments. Here’s how they can fight back. (Philadelphia Inquirer) Cyberattacks that hold data hostage have targeted dozens of local governments this year. There's a 1-in-4 chance a municipality will get hit, one expert said.

NYC Cyber Command Uses Google Cloud to Battle Threats (Technology Solutions That Drive Government) New York uses the search giant’s cloud platform to analyze reams of cybersecurity data.

#GartnerSEC: How to Keep Your Job After a Cyber-Attack (Infosecurity Magazine) Overcoming these challenges will make an organization’s security program more defensible

Analysis | The Cybersecurity 202: How state election officials are contributing to weak security in 2020 (Washington Post) A new report finds their offices are falling short on basic protections.

Can states get ahead of election system cyberthreats? (Fifth Domain) A federal agency charged with protecting critical infrastructure is raising awareness of cyber hygiene resources before the 2020 election.

The Benefits, Characteristics and Components of Flyaway Kits for Incident Response | Bricata (Bricata) Bricata and Ixia, a Keysight Business, have worked together to design and test a way for incident responders to easily build and deploy flyways kits.

Design and Innovation

Investors Gather to Hear New Cyber Security Tech Coming Out of South Korea (Yahoo) Cutting Edge Korean Tech Startups Pitch Cyber Security Services to Investors WASHINGTON , Sept. 10, 2019 /PRNewswire/ -- The 'KIC-FedTech Accelerator' demo day is the final event of the accelerator program ...

Research and Development

Facebook launches $10m deepfake detection project (Naked Security) If you’re worried about the evil potential of deepfake video, you’re not alone; so is Facebook.

Companies Explore Encryption That Withstands Quantum Computing (Wall Street Journal) Quantum computers strong enough to crack today’s encryption are at least a decade away, but the market for quantum-safe applications is already developing.

Can DARPA CREATE an AI for unmanned-unmanned teaming? (C4ISRNET) A new opportunity would fund development of an AI framework to coordinate actions between a mix of machines on the battlefield.


Delta College earns federal cyber defense designation (Midland Daily News) Delta College has been designated as a National Center of Academic Excellence in Cyber Defense Education, jointly sponsored by the U.S. National Security Agency and the U.S. Department of Homeland Security..

Ideagen Partners with Nottingham Girls’ Academy to Encourage more Women into Technology (News Powered by Cision) The global software firm – headquartered in Nottingham’s Ruddington Fields Business Park – has

Legislation, Policy, and Regulation

Virtual boots on the ground: British Army grapples with operating in the gray zone (Defense News) The British Army, not unlike its closest allies such as the U.S., is struggling with how to effectively operate below the threshold of real physical conflict often referred to as the gray zone where information warfare is effectively waged by adversaries.

Our shared commitment to law, norms and confidence building in cyberspace (GOV.UK) Open-ended Working Group on developments in the field of information and telecommunications in the context of international security.

Is it time for Australia to develop an integrated cyber command? (Defence Connect) As state and non-state cyber capabilities continue to evolve and pose an ever growing threat to critical infrastructure, the national economy and political system, is it time for Australia to combi

Norad asked Canada to 'identify and mitigate' cyberthreats to critical civilian sites (CBC) Norad sought reassurance that Canada was doing all it could to guard critical civilian infrastructure from crippling cyberattacks. CBC News obtained an exchange of letters between the U.S. commander of Norad and Canada's top soldier. Experts say they shine a bright light on a key vulnerability.

US Officials Fear Disjointed Battle Against the ‘Global Cyber Pandemic’ (Voice of America) Security officials these days are anything but shy when they describe the dangers facing the United States in cyberspace. “We’re in the midst, I think we all know, of a global cyber pandemic,” the National Security Agency’s top lawyer warned at a conference last week.

Huawei feels no big impact from Czech, Polish security fears (Reuters) Security concerns in Poland and the Czech Republic over telecoms equipment made ...

Australian cyber officials warned India against using Huawei:... (Reuters) Australian government officials advised India to ban Chinese technology maker Hu...

Opinion | Will Trump Sell Out the U.S. on Huawei? (Wall Street Journal) His China policy is a great achievement. He may undermine it in pursuit of a deal with Xi Jinping.

DISA is Merging Its Cyber Operations Into a Single Cloud-Based Platform ( The Unified Situational Cyber Awareness capability would help cyber analysts keep tabs on every part of the Department of Defense Information Network.

U.S. got key asset out of Russia following election hacking (Washington Post) Concerns that Russia would determine who was spying for the United States mounted after officials revealed Putin’s role in attacking the 2016 election.

U.S. Finalizes Rule Banning Kaspersky Products From Government Contracts ( The final rule will go into effect Tuesday, replacing an interim rule in place for over a year.

Litigation, Investigation, and Law Enforcement

U.S. Files Criminal Charges Against Chinese Professor Linked to Huawei (Wall Street Journal) The U.S. has filed criminal charges against a Chinese professor in Texas accused of stealing a U.S. startup’s technology for Huawei Technologies, escalating the U.S.’s investigations into issues related to the telecom giant.

Huawei drops one of its lawsuits against the US after its seized equipment was returned (CNBC) In September 2017, U.S. authorities confiscated Huawei gear which was on its way back to China from California. The seizure was in relation to whether the gear required a specific license to be shipped back to China.

Judge lets Facebook privacy class action proceed, calls company's views 'so wrong' (Reuters) A federal judge on Monday ordered Facebook Inc to face most of a nationwide laws...

Their personal information was hacked. But the Trump administration doesn’t want to pay. (Washington Post) One breach involved records on some 21.5 million federal, military and contractor personnel and others who had undergone background checks since about 2000.

Google faces a new antitrust probe by 50 attorneys general (CNBC) The news follows the announcement of a joint state Facebook probe led by the attorney general of New York.

Microsoft's LinkedIn loses appeal over access to user profiles (Reuters) A federal appeals court on Monday rejected LinkedIn's effort to stop a San ...

Democrats move to undercut Trump's Ukraine investigation (Washington Examiner) House Democrats announced they are launching a “broad investigation” into President Trump’s efforts to determine if Ukraine officials attempted to damage his 2016 campaign.

Huge House Investigation Launched Into Trump Scheme To Blackmail Ukraine Into Investigating Biden (POLITICUSUSA) A huge three committee investigation has been launched into the Trump/Giuliani scheme to blackmail Ukraine into investigating Joe Biden.

Student faces two years behind bars for trying to hack into Trump's tax records - CyberScoop (CyberScoop) A Philadelphia man has pleaded guilty in connection with a scheme to trick a U.S. government website into serving up the president’s tax returns.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Global Security Exchange (GSX) (Chicago, Illinois, USA, September 8 - 12, 2019) Global Security Exchange (GSX) is the only event that brings together security professionals from all vertical markets throughout the world to network, learn, and re-invest in the industry. It’s home for...

Insider Threat Program Development & Management Training Course + Insider Threat Symposium & Expo (Laurel, Maryland, USA, September 9 - 10, 2019) The Insider Threat Defense Group will hold its highly sought after and very affordable Insider Threat Program (ITP) Development-Management Training Course, in Laurel, MD, on Sept. 9, 2019. This 1 day training...

Insider Threat Symposium & Expo (Laurel, Mayland, USA, September 10, 2019) The National Insider Threat Special Interest Group's event is for anyone involved in Insider Threat Program (ITP) Management / Insider Threat Mitigation. Speakers will come from the White House, Missile...

Atlanta Cybersecurity Conference (Atlanta, Georgia, USA, September 12, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

SINET Canada (Toronto, Ontario, Canada, September 12, 2019) SINET Canada's theme this year is "accelerating innovation clusters." The conference follows SINET's proven approach: a rich yet intimate conference where participants from industry and government can...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.