The CyberWire Daily

The CyberWire 12.21.15
The CyberWire 12.22.15
The CyberWire 12.23.15
The CyberWire Week in Review 12.23.15
The CyberWire 12.28.15
The CyberWire 12.29.15
The CyberWire 12.30.15
The CyberWire Week in Review 12.30.15
The CyberWire 1.4.16
The CyberWire 1.5.16
The CyberWire 1.6.16
The CyberWire 1.7.16
The CyberWire 1.8.16
The CyberWire Week in Review 1.8.16
The CyberWire 1.11.16
The CyberWire 1.12.16
The CyberWire 1.13.16
The CyberWire 1.14.16
The CyberWire 1.15.16
The CyberWire Week in Review 1.15.16
The CyberWire 1.19.16
The CyberWire 1.20.16
The CyberWire 1.21.16
The CyberWire 1.22.16
The CyberWire Week in Review 1.22.16
The CyberWire 1.25.16
The CyberWire 1.26.16
The CyberWire 1.27.16
The CyberWire 1.28.16
The CyberWire 1.29.16
The CyberWire Week in Review 1.29.16
The CyberWire 2.1.16
The CyberWire 2.2.16
The CyberWire 2.3.16
The CyberWire Daily Podcast 2.4.16
The CyberWire Daily Podcast 2.5.16
The CyberWire Week in Review 2.5.16
The CyberWire Daily Podcast 2.8.16
The CyberWire Daily Podcast 2.9.16
The CyberWire Daily Podcast 2.10.16
The CyberWire Daily Podcast 2.11.16
The CyberWire Daily Podcast 2.12.16
The CyberWire Week in Review 2.12.16
The CyberWire - 2.16.2016 - Daily cyber security news brief.
Dridex & Locky, macro-spread malware. Apple, FBI, spar in & out of court. Dark Reading watches 20 startups.
Dridex, Locky, PadCrypt, and extortion. Hollywood vs. ISIS? ISIS vs. ISIS? Apple vs. FBI.
Daily: DDoS by pingback. Twitter flaw patched. Security system flaws. Apple vs. FBI, continued.
Week-in-Review: Apple hangs tough. Ransomware gets paid. Online bomb threats. Ukraine's grid hack. US asks Hollywood for anti-ISIS help.
Daily: Russian cyber ops in Syria. Ransomware evolutions. Apple vs. the US Justice Department.
Daily: Anonymous hits Belgium & Cincinnati. Twitter vs. jihad? MouseJack. Apple, FBI dispute updates.
Daily: Operation Dust Storm vs Japan. Operation Blockbuster vs. The Lazarus Group. Venture capital gets tight.
Daily: Hacktivism vs. Italy & the UN. Ransomware update. Report on healthcare's cyber threat model. Apple takes the 5th?
Daily: US Govt on Ukraine grid hack. ISIS threatens social media hacks. Ransomware rising. "Government OS."
Week in Review: Utilities advised to isolate control systems. Crimeware industrialized. Operation Blockbuster. Operation Dust Storm. US Gov looks to foster cyber exports. Apple vs FBI.
Daily: Norway reports Chinese cyber espionage. Hospital ransomware. Carding black market. RSA update.
Daily: RSA updates. US opens anti-ISIS cyber offensive. Industry consolidation?
Daily: RSA updates. DROWN SSL vulnerability. Apple vs. DoJ.
Daily: RSA update - SecDef sounds libertarian? Ashley Madison extortion. DROWN update. More on Ukraine grid hack.
Daily: RSA wraps up. Naikon disappears, BlackEnergy is scrutinized, and mobile threats get sophisticated.
Week in Review: RSA wraps up. Much debate over Apple vs FBI. US DoD steps up offensive against ISIS. Angler still out there.
Daily: Looking back at RSA. "Transparent Tribe" and "Pawn Storm" expand target sets. Mac ransomware found, blocked. Apple's amici.
Daily: RSA retrospective. RoK accuses DPRK of hacking. KeRanger updates. Cyberwar investments.
RSA Special: Threat Intelligence [Special Edition]
Daily: DPRK attempt on RoK rail ICS? Ransomware updates. US tax season cyber issues.
RSA Special: Emerging Technologies [Special Edition]
Daily: ISIS rival in Syria. OnionDog hits Korea. Ransomware and DDoS. Remorse in Manitoba.
RSA Special: Trade and Investment [Special Edition]
Daily: US to indict Iranians for Rye hack? ISIS loses HR records. Apple vs. FBI gets nastier.
Week in Review: Apple vs DOJ heats up. Ransomware and DDoS. Patching gets out of hand?
Daily: ISIS security breaches threaten narrative. Cyber industry issues. Updates on the crypto wars.
Daily: Naming & shaming Iran's hackers? Palo Alto spots "Digital Quartermaster." Team Apple bigger than Team DoJ.
Daily: Crypto wars updates. Iran vs. US in cyberspace. Big Angler malvertising campaign.
Daily: Spies & crooks, together again. Artful spearphishers will eventually learn to proofread.
Daily: Buhtrap raked in the rubles. Dridex is back. So are Stagefright and Rowhammer.
Week in Review: ISIS messaging & countermessaging. Cryptowar updates. Notes on the cyber sector.
Daily: Elves vs. trolls in the Baltic. Updates on Bangladesh bank heist, DoJ vs. Apple.
Daily: ISIS inspiration, radicalization. FBI says no help needed to crack iPhone.
Daily: Inspiration in info ops. Processing unstructured data. Ethics & standards of care.
Daily: Collection outstrips analysis & dissemination. When an air-gap...isn't.
Daily: ISIS info ops target gangsta demo. Snakes in walled gardens. US indicts Iranians.
Week in Review: Inspiring gangsters & cyber riots? Operation Dust Storm. ISIS seeks gangsters; EU seeks intelligence capability. Verizon breached. New ransomware out. Google & Oracle patch.
Daily: Ransomware and hospitals. Why random numbers matter. Stolen certificates.
Daily: Healthcare cyber risks. Jihadi's iPhone accessed. Working with MSSPs.
Daily: Hospital hack, ransomware evolution, the FBI, and Scotland Yard.
Daily: DDoS, business email threats remain. How to set up your new machine.
Daily & Week in Review: Ransomware, state actors, the current state of the crypto wars.
Daily: MedStar recovers. More on ransomware, and one weird trick to hiding $2B.
Daily: Governments nervously investigate Panama Papers. Industry sees layoffs & an IPO.
Daily: Panama Papers count coup. Trojanized Android apps found.
WiCyS_SE_-_Master_Timeline_-_Draft_1.mp3
Daily: Panama Papers, privacy, & financial transparency. MedStar ransomware incident update. Current scams.
In Their Own Words — The 2016 Women in Cybersecurity Conference [Special Edition]
Daily & Week in Review: Anonymous vs. Israel. Panama Papers. The view from Japan.
Daily: Ukraine's PM resigns, in part over Panama Papers controversy. Patch news.
Daily: State hacking, state messaging. Crimeware evolution.
Daily: Dogs still not barking in Panama. (But ransomware bites.)
Daily: Info ops for and against ISIS. Industry notes.
Daily & Week in Review: Industry notes, including a look at labor markets. Cyber gangland and its neighborhoods.
Daily: Confidence building. Offensive cyber ops. M&A notes.
Daily: New ransomware, along with some golden oldies. Quantifying cyber risk.
Daily: Industry news, and some plaintiffs may wish to reconsider.
Daily: Australia's new cyber strategy, Dorkbot's old; CryptXXX is new.
Daily & Week in Review: Voter dbase compromises. How not to sell security.
Daily: US cyberwar vs. ISIS. IPO fizzle? (Investors want profit.)
Daily: Snowden advanced crypto by 7 years." Proofread your way to security.
Daily: Paranoia -as-a-service? Cyber con jobs.
Daily: Malware found in nuclear plant. Threat actors tracked in Asia. And who's Aquaman?
Daily & Week in Review: Backdoors or legit apps? Serpents in walled gardens. Verizon's Data Breach Report.
Daily: DPRK jamming prompts search for GPS alternative. Satoshi, is that you?
Daily: Anonymous hits Bank of Greece. I am Satoshi!
Daily: Hey, padawans: Supreme Leader Snope hints he's got your back!
Daily: World Password Day, OpIcarus
Daily & Week in Review: Responsible disclosure & why the cool miscreants are on Twitter.
Daily: Panama Papers updates, info ops, pro- & anti-ISIS, market jitters.
Daily: Ransomware evolves (and gets brutal). Dataminr blocks IC--bad Gov-industry blood?
Daily: Reports of venture capital's death seem much exaggerated. Quantum technology, adapted to the meanest understanding.
Daily: US-CERT warns of SAP issues. Business disruption big criminal business. A talk with IBM about Watson.
Daily & Week in Review: Android issues, SWIFT hacks, the cyber security marketplace.
Daily: Social media collection suggests ISIS in trouble. Russian government cyber activities. US VA wants dark web help.
Daily: Current exploits and bugs, fraught China-US cyber relations, and industry notes.
Daily: LinkedIn may have been breached. Malicious apps, a new Skimmer, and honor among thieves.
Daily: Cyber-chumming the Donbas. Cisco surprises (in a good way).
Daily & Week in Review: TeslaCrypt says "sorry, here's the key." 50-cent-ers troll China.
Daily: SWIFT seeks better security, what business wants from (US, UK) government, fast exploits.
Daily: Good guy update: SWIFT. Bad guy update: Turla, CryptXXX, DMA Locker, Flash 0-day... Bonus: Scunthorpe Problem.
Daily: Ransomware & DDoS combining. Malicious USB chargers. Cyber ops aren't 'bombs?
Daily: Ransomware threats. Industry (mostly good) news. US State Department IG reports on email.
Daily & Week in Review: Crypto wars update, story stocks, AI, encryption, and the usual crime.
Daily: Social media breach woes, sector analysts & investor sentiment.
Daily: Stealth Falcon, OEM issues, black market trends.
Daily: A look at markets, legitimate and criminal. ICS proof-of-concept exploit.
Daily & Week in Review: Money laundering, cyber fraud, lost laptops, & how cyber criminals get paid.
Daily: Sovereign mafia state? Spearphishing with Pay Commission bait. IoT risks.
Daily: Hybrid SUV proof-of-concept hack. Al Qaeda peeks over Twitter's parapet.
Daily: US banks warned to get their security act together. Security trends.
Daily: Ransomware spreads (backup or pay up?). Safe travels. FTC, NFL embarrassed.
Daily & Week in Review: Breach reactions. Attention grid substations: squirrels, and snakes, and monkeys, oh my...
Daily: Jihadists continue online inspiration. India worries about China's cyber activity. Symantec buys Blue Coat, Microsoft LinkedIn.
Daily: Run DNC. Online inspiration and the limits of investigation. North Korean cyber ops.
Daily: Run DNC has legs. NFL players get social media savvy. Online jihad. More big breaches.
Daily: xDedic, Guccifer 2.0...but what really knocks us out is those cheap sunglasses.
Daily & Week in Review: Car hacking. Flash Player Patched. DNC hack updates, fighting terror in cyberspace.
Daily: Assange to DNC: buckle up. False flags and acts of war. Blockchain notes.
Daily: DNC hack looks like Russia's work, but Guccifer 2.0 still says no. (Nyet?)
Daily: Android malware circulating in the wild. Did bears find Clinton Foundation servers just right? Help me, ObiWan.
Daily: Insecurity cascades from credential breaches, homebrew servers? Cyber casus belli. Waiting for Brexit (or not).
Daily & Week in Review: Brexit beats Bremain. Cyber combat support. The usual ransomware.
Daily: Ransomware: MIRCOP, Cerber, CryptXXX, Bart, TeslaCrypt (& the #95 car). Intel selling security unit?
Daily: Not interested in Fancy Bear? Fancy Bear's interested in you. No dark-grey hats, please.
Daily: Istanbul bombings prompt global intel collection re-look. Cyber threats to transportation.
Daily: Hacktivism or denial-&-deception? (Smart money's on D&D.) LizardStressor herds CCTV bots.
Daily & Week in Review: Conficker worms into medical IoT. Talking key management, DevOps. NERC standards take effect.
Daily: Statecraft, spycraft, & warcraft: inspiration, cells, & espionage. Cybercrime & punishment.
Daily: Cybercrime campaigns. States hope ISIS overplayed its violent hand. No indictment of Clinton over email.
Daily: Blockchains and their uses. Pirrit adware attribution. Avast buys AVG for $1.3B.
Daily & Week in Review: Classified info--goose sauce, gander sauce. Security industry buoyed by Avast, AVG.
Daily: Pokémon Go is out, with troubles in its popular trail. Cybercrime & hacktivist miscellany.
Daily: Medical device, record hacks. (Un)welcome new ransomware: Alfa, Ranscam. ISIS online decline?
Daily: Patch Tuesday notes. Pokémon Go (of course), ICS security, energy recon, fansmitters.
Daily: Slinging cyber lingo. Bad robots. Pokémon Go's long march.
Daily & Week in Review: Pokémon Go's astonishing success. (And attack surface?) Crime, folly, the punishment thereof.
Daily: Dark web observations on coups and lists. Pokémon Go and the madness of crowds.
Quantifying Cyber Risk [Special Edition]
Daily: Influence online, from jihad to kawaii. Cybercrime. Industry updates.
Daily: Brazilian, Chinese groups pledge allegiance to ISIS. Turkey's coup aftermath online.
Daily: DDoSing ISIS. Political hacks. Inspiration is an info op.
Daily & Week in Review: Hacktivists hit Library of Congress, Stingrays and Security Clearances
Daily: ISIS, al Qaeda compete online. WikiLeaks doxes DNC (courtesy FSB, GRU).
Daily: Russians interested in US elections? Russia says nyet, but DNC says da.
Daily: DNC hacks, encryption, IoT hacks, and Pokémon.
Daily: ISIS doubles down on info ops. Window shopping in crimeware souks.
Daily & Week in Review: US sifts ISIS recruiting files. Black market economics. Should leakers curate?
Daily: Election, infrastructure hacks in US, Russia. Advice on Black Hat.
Daily: US, Russia trading hacks in cyberspace? Brazilian cybercrime ramps up.
Daily: Black Hat USA, Android upgrades, and mind control (maybe).
Daily: Black Hat, of course. US election concerns, and more jihadist info ops.
Black Hat - Cyber Security Trends and Investment [Special Edition]
Daily: Election hacking, layoff rumors, the unbearable lightness of Pokemon.
Daily: DARPA CTF: Mayhem (win), Xandra (place), Mechphish (show). Blame it on Rio.
Black Hat, Part 2 - Trends and Insights from Industry Leaders [Special Edition]
Daily: A look back at Vegas. Rio's rogue Wi-Fi. Cyberwar & actual war.
Daily: Australia's census clogged. Iran ups its offense? Ransomware and file deletion.
Daily: Info ops as battlespace prep. It's hard to count Australians.
Daily & Week in Review: FBI has "high confidence" Russians hacked DNC. Olympic hacks, cyber vigilantes, criminal markets.
Daily: Cryptocoin for DDoS? ISIS info ops more murderous as territory shrinks.
Daily: All your attack code are belong us. Guccifer 2.0 suddenly more fluent.
Daily: Shadow Brokers warn 'Wealthy Elite'--new cyber cold war? And cybercrooks are still out there.
Daily: Who is Boson Spider? Legit zero-days among Shadow Brokers' leaks.
Daily & Week in Review: Hulk smash. Pokemon smish. And more on the Shadow Brokers.
Daily: Hacking and hybrid warfare. Industry notes (including Wassenaar's next round).
Daily: Shadow Brokers: zero-day hoarding (or not) and firewall exploitation.
Daily: "It walks, it talks, it reports back to Moscow. (Other news, too, gamers.)
Daily: Info ops drive hacks. Cryptowar resurgence in Europe, and more.
Daily & Week in Review: Sorry, kids, it's back-to-school. What you should know, fellow youths, and more.
Daily: Bug bounty? Nah, just short the stock. Pegasus, cyber arms control, and more.
Daily: Bug hunters turn shorts. Cyber frame-ups, election fraud, spearphishing, whalephishing, and more.
Fundraising and Cyber Startups [Special Edition]
Daily: The compleat hacker: wading pool, laptop, MiG 21; no hoodie, no problem, and more.
Daily: Russia's cyber long game, SWIFT fraud, hack physics (not metaphors), and more.
Daily & Week in Review: Election hacking, OS X patched, cyber saber-rattling, finding security talent, and more.
Daily: Slap leather, Vlad. If cyberspace is the "Wild West," here's the best showdown since Blazing Saddles, and more.
Daily: Election hacking (again). Also key sharing risks, and more.
Daily: US voting security, cyber M&A action, OPM breach post mortem, Pokémon, and more.
Daily & Week in Review: Malware mines Monero. That sad OPM breach, Crackas cracked, and more.
Daily: Zero-days, industry notes, the Intelligence & National Security Summit, and more.
Daily: Lessons from recent incidents. Russia says, it's not us, it's you, and more.
Daily: Pentesting meets the gig economy. Stingrays, machine learning, and more.
Daily: Does Fancy Bear care if it's caught? Retaliation, vulnerabilities, litigation, and more.
Daily & Week in Review: VIPs scrub email, cyber war vs cold war, industry news and more.
Daily: New York area bombings, ISIS defacements, Snowden pardon debate.
Daily: FBI hunts Russian bears, election hacking, chat bot warnings.
Daily: Russian hackers hit German targets. New ransomware. DPRK domains revealed.
Daily: Record breaking DDoS, record breaking account info theft.
Daily & Week in Review: Yahoo! breach, infected torrents, insider threats.
Daily: Yahoo! breach fallout, Krebs back online, election hack concerns.
Daily: Yahoo!'s Verizon deal still on. Mac trojan hits aerospace. Facebook poked by German privacy laws.
Daily: Alleged Russian hacking & info ops, under investigation by US. IoT botnets continue to exact a DDoS toll. Yahoo! security practices.
Daily: Yahoo! hackers seem to have been crooks (who sold to other crooks, and to government(s)). Toxic data and credential problems. Election hacking.
Daily & Week in Review: Election hacking, journalist hacking, and the rise of TbpS DDoS. More reflections on the Yahoo! breach. Ransomware and other forms of extortion.
Daily: Hackers said to "probe" US voting systems. IoT botnet source code released. "DressCode" malware afflicts Android devices. Industry notes. SEC urged to make an example of Yahoo!
Daily: AUSA update. Mirai botnet shows risks of default IoT passwords. US-Russian tensions rise over imposition of costs.
Daily: Guccifer 2.0 claims (to general skepticism) a Clinton Foundation hack. Information operations versus voting. Yahoo! and surveillance of customers. Insulin pump vulnerability reported.
Daily: NSA contract worker arrested with classified material. TalkTalk gets a record data breach fine. Yahoo! surveillance story's still murky. Thoughts from AUSA on cyber innovation and information warfare.
Daily & Week in Review: Skepticism concerning Guccifer 2.0's claimed hack of the Clinton Foundation. NSA contractor arrest. Mirai botnet exploits. Security fatigue.
Daily: US attributes DNC hacking to Russian government, promises to protect itself. Russia dismisses attribution as "rubbish." WikiLeaks posts Clinton campaign emails.
Daily: Australia confirms foreign intelligence service hacked Bureau of Meteorology. TV5Monde and its false-flag hack. Trojan hitting SWIFT. Patch Tuesday notes. US-Russian cyber showdown.
Daily: Patriotic hacktivism in South Asia? US, Russia cyber stare-down continues. IoT devices exploited as proxies. Cyber sector sees market volatility. Cartels launder money through games.
Daily & Week in Review: Political hacks: email, Twitter, and iCloud. Calls mount for tough US response to Russian cyber operations. Two Android vulnerabilities and one threat revealed. Verizon calls Yahoo! breach "material."
Daily: Pakistan phishes Indian Army. US election hacks continue as the US investigates and mulls its response. New ransomware strains. More IoT botnet infestations. ISIS struggles to explain loss of Dabiq.
Daily: Assange still has asylum, but not so much connectivity. RT's banking woes. US-Russian cyber relations continue to worsen. General (ret.) Cartwright pleads guilty to lying about Stuxnet leaks. Email server controversy gutters on.
Daily: Blockchains at a brewery. Ecuador says it cut Assange's Internet connection. US retaliation against Russian cyber ops may aim at embarrassment. Ransomware in London's City.
Daily: CyberMaryland updates. Great power cyber conflict (and organized cyber crime on the side). Vote hacking, agents of influence, and information operations. IoT botnets continue to romp.
Daily & Week in Review: Bear again, and WikiLeaks (also again). Chinese hackers return, now after infrastructure companies. Debit card hacking epidemic in India.
Daily: Recovering from Friday's IoT-botnet driven Internet outages. Industry notes and news of cyber conflict in East Asia and the Middle East. And US-Russian tension in cyberspace remains high.
Daily: The Mirai botnet DDoS attack, its consequences and attribution, with commentary from various observers.
Daily: Youth and cyber make a bad-news-good-news story (it's complicated). Mirai DDoS may be the work of skids. ISIS adjusts its messaging.
Daily: DDoS concerns mount—not just Mirai botnets, but LDAP exploitation. Ukrainian hacktivists release emails they say belong to one of Putin's closest advisors. (Moscow says they're fake. Moscow's on its own.)
Exploring Cyber Security Education [Special Edition]
Daily & Week in Review: Not all experts agree you should resign yourself to being hacked. The state of fraud, 2016. Ransomware and DDoS updates. The Kremlin gets doxed.
Daily: Halloween special: mummies, lycanthropes, vampires, villagers with pitchforks, and virtual stakes through virtual hearts.
Daily: The Shadow Brokers say trick or treat to the Amerikanski. Are free elections like free beer? Google wants faster patching. The state of Mirai.
Daily: To disclose or not to disclose…in public. A look into the dark web. Chrome and Firefox disallow shaky certificates. Anonymous gets an incomplete. The Shadow Brokers are still after the Wealthy Elite.
Daily: Sources say FBI is confident foreign intelligence services penetrated former Secretary of State's private email server. WikiLeaks says it's not a Russian tool. Notes on industry; notes on cybercrime.
Mirai, "Botnet #14," hits Liberian networks. Anonymous doesn't much care for either jihad or the Man. A new security company forms with acquisition of Cryptzone, Catbird, Easy Solutions, and Brainspace. Election hacking updates.
Daily: Election Eve cyber threat roundup. Retail bank Tesco stops online banking after wave of fraud.
Daily: Election Day cyber updates. Mirai goes to pieces. Five Eyes and Europol take down dark web souks. Turkey and clamps down on their Internet.
US elections proceeded undisrupted by hacking. Patch Tuesday review. Banking Trojans, Android trigger-malware, and thermostats gone wild.
Daily: Yahoo! warns Verizon deal may be at risk. More OPM-themed ransomware phishing. Cyber policy advice for, and speculation about, the next US Administration.
Daily: Russian banks suffer IoT botnet DDoS. Fancy Bear's still phishing. Lessons from Tesco fraud. Third-party risk hits Michael Page. Casino Rama data breach. Adult website loses data for 339 million accounts. FTC litigation. Moscow anti-trust case.
Daily: It walks, it talks, it reports to Shanghai. Locky takes a run at US Army Cyber Command. CrySis decrypted. SpamTorte 2.0 is out. Adults should be warned off by "adult."
Daily: An insider threat deadline approaches. Lawful intercept tools from Italy. Carbanak moves to new targets. Security policy in Germany and the US. A guilty plea in the TalkTalk hack.
Daily: Social media aren't automatically on the right side of history, it seems. More on the Adups backdoor. Holiday shopping cyber-safety and security.
Daily & Week in Review: US DNI Clapper says Russia "curtailed" election hacking after being named. Three Mobile breached. Android and iOS issues. Good news on ransomware. Start-up rundown. China calls its Internet controls "wisdom."
Daily: More of the customary cybercrime, but with additional warnings of new ransomware vectors. Dodgy apps and holiday shopping. Credential abuse. No pardon for Snowden, for now, anyway.
Daily: Banks are vulnerable to more than carding and transfer fraud. Ransomware updates. Lessons for users from the Three Mobile hack. Biometrics (with hedgehog). Election hacking retrospective.
Daily: ISIS shows a slightly different face in cyberspace. BITAG issues advice to the IoT industry. Jackpotting and carding investigated.
Daily: Military, law enforcement cooperation take a toll of ISIS operators. DDoS investigations. Mirai botnet can be rented on the black market. Beware ATM skimmers. Ransomware hits San Francisco light rail. Bogus news of cable show hacking.
Securing a Deal - Cyber Security Venture Capitalists on what they look for. A CyberWire Special Edition. [Special Edition]
Daily: ISIS online sympathizers (but not ISIS itself, which is lying a bit low) claim Ohio State attacker. German security agencies warn of possible Russian disruption of elections. Mirai strikes again. San Francisco's Muni shrugs off ransomware. A look a
Daily: Mirai remains a threat; experts expect more IoT-driven DDoS. ISIS, online radicalization, and terror attacks in the US. Snooper's Charter and its alternatives. Gooligan Android malware.
Daily: Shamoon and Fancy Bear are back. Mirai never left. San Francisco Muni saved by good backups. New Android Trojan found. Firefox patches threat to Tor anonymity. Surveillance policy, ISIS investigations in Germany. 
Daily & Week in Review: Europol and its partners say they've got the head of the Avalanche snake. DDoS and IoT botnet updates. Android vulnerability. New rules for warrants and insider threats.
Presidential Commission on Cybersecurity offers its recommendations to the next President. Russia says its financial system is under cyber threat. Cybercrime notes, and a scorecard.
Daily: State-directed cyberattacks in the 2017 forecast. Tenable's Cybersecurity Assurance Report Card. DDoS and ransomware notes. Content filtering in social media. Connected toys too curious.
Daily: Ransomware updates. IP camera vulnerabilities. Steganography makes a comeback. Controlling content, with or without Internet autarky. Zo replaces Tay? 
Daily: IP theft in Germany. "Sledgehammer" looks like DDoS by Turkish patriotic hacktivists. Floki Bot and Dridex in the wild. Competition for cyber talent in a tight labor market.
Daily & Week in Review: Korean cyber alert amid a presidential impeachment. Germany calls out Fancy Bear for influence ops. Georgia—the Dixie one, not the one in the Caucasus—demands a cyber explanation. Holiday phishing, the enduring DDoS threat, and
Daily: Stressor, booter shoppers arrested. Small DDoS against Russian banks. Botnets and home routers. Popcorn Time ransomware. US investigates Russian influence operations.
Daily: SWIFT issues new fraud warnings. US investigates Russian influence operations. Patch news. Wages of sin are in-game purchases?
Daily: Nation-state hacking (and nation-state victims of hacking). Loyalty program breaches, and a new Android Trojan strain.
Daily: Yahoo's big breach—industry reactions. Spyware circulates in the wild. Investigation of election hacking continues. Hacktivism and "faketivism." The ShadowBrokers are back.
Daily & Week in Review: US Election Assistance Commission hacked. US, Russia, swap hard words over influence operations. Ransomware updates. More on the effects of the Yahoo! breach. Autonomous vehicles approaching.
Daily: ShadowBrokers update. More consequences of the Yahoo! breach. Other sites suffer data compromises. US investigations of, plans for retaliation against, Russian influence operations proceed.
Daily: Another Ukrainian power grid outage may have cyber causes. ShadowBrokers may have got Equation Group code from a rogue insider. WordPress brute-forcing. Evading volumetric detection. Methbot ad fraud. Wassenaar remains controversial. 
Daily: Grid hacking in Ukraine? German terror investigations. Airliner vulnerability dispute. NIST wants post-quantum crypto standards. Project Wycheproof. Wassenaar update.
Daily: ISIS offers Christmas inspiration (and it's got nothing to do with peace or good will). Fancy Bear makes a battlefield appearance. Blogging services under attack.
Daily & Week in Review: Gunnery hacking. Influence operations and a proportionate response thereto? Yahoo breach post mortems. NIST issues Special Publication 800-184: "Guide for Cybersecurity Event Recovery."
Best of: Abby Smith Rumsey
Best of: Tom Wingfield
Best of: Tom Coale
Buying Cyber Security [Special Edition]
Best of: Daniel Ennis
Attribution issues: one story fizzles; another looks disappointingly circumstantial. Great powers jostle in cyberspace. Hacktivists resurface online. So, alas, do terrorists.
Hacktivists claim to perform a public service. Once and Recorded Future ransomware. Attribution controversies. Disturbing toys.
Indiscriminate IOCs erode confidence in attributions. Official leaks erode trust in information sharing. Exploit updates.
Spearphishing in industrial espionage. Ransomware gets more widespread, ruthless, and perfidious. The US Intelligence Community assures the Senate that the Russians hacked the DNC.
Election hacking, influence operations, and official reports. EU hacking concerns. Lawsuit over email's invention. Twitter frowns on unrequited love. Billy Bass, meet Alexa.  
Witch hunts and yard sales. See relationships, not dox. Rebrandings, mergers, acquisitions, and executive moves. Building anti-witch capabilities.
Shamoon is back, now with credentials for virtual desktops. Ukraine believes it was hacked again. Ransomware updates. Elections, investigations, and influence operations. The Pokemon threat?
Grid hacks and influence operations. Propaganda sauce spread liberally over geese and ganders. Peace sign hacks? Hamas catphishes the IDF.
Grid hacking in Ukraine. Cellebrite breached. WhatsApp encryption issue. EyePyramid notes. Sharing SIGINT. IG looks at FBI. Guccifer 2.0 and the ShadowBrokers take their bows.
Election influence and election security. Threats to power grids. Ransomware and phishing updates. Loyalty program risks.
Carbanak gang is back. GhostAdmin works on data theft. Trolling security researchers. M&A notes. Pardons, commutations, and extraditions.
France braces for election hacking. Ukrainian utility says December blackouts were hacker-induced. Finding "Fruitfly." Tracking Mirai's master.
Carbanak gets trickier and more ambitious. Ransomware updates. It's beginning to look a lot like 1949 (at least from Moscow).
Fake news tweets (from hijackers, not opinion-makers). Ransomware. New Android Trojans. Closing in on Mirai's master?
Shamoon and Greenbug. HummingWhale purged from Play Store. Apple patches across its product line. Leadership changes at CIA, GCHQ. Lloyds Bank incident update. Honor among thieves? Nope.
Cleaning ransomware out of the Play Store (but snakes still get into the walled garden, so watch your apps). Vigilantes, vulnerabilities, and industry news.
Dark Web trading post compromised. Ransomware updates. Reactions to Risk Based Security's 2016 breach report. International cyber conflict notes, and a treason case in Russia.
LeakedSource is down. DoubleFlag's called out for bogus stolen goods. Fancy Bear is in UK, German networks. Shamoon alert in Saudi Arabia. Scamming tech support scammers.
Russian treason arrests may be tied to espionage. ANSSI director warns of cyber jihad. Symantec remediates Shamoon 2. U.S. Cellular was not breached.
2017 Cyber Security Forecast [Special Edition]
Ransomware updates. Netgear vulnerabilities and patches. Breaking Android pattern lock. Delegated Recovery. Information operations.
Bear prints around the Czech Foreign Ministry. Tinker, tailor, soldier, hacker, Humpty Dumpty. Gamer forum breaches. Where in the world is Phineas Phisher?
A black market for insider information. Cisco studies data breaches. The Internet as a threat actor's R&D infrastructure.
Jailbreaking or forensics? W-2s and business email compromise. Router vulnerabilities. Windows zero-day. Enterprise security priorities. Iranians cyber ops and Iranian dissent. US-Russian cyber tensions.
Crime, not education. Slot machine scams. Ransomware updates. Fancy Bear in Norway? Russian treason charges. GCHQ say no to "witchcraft."
Brokerages in Taiwan face DDoS extortion. Polish banks hit in watering hole attack. Cyber vigilantes. Information operations. ShadowBrokers update?
Islamist hackers hit websites in Britain and Austria. Mac malware linked to Iran. Criminals follow the money into the cloud. M&A notes. Dendroid RAT author gets probation.
The Martin NSA-contractor case. Fileless malware hits banks worldwide. DDoS tools undergo refinement. Ransomware developments. Industry notes.
Patching: the good, the bad, and the ugly. Script kiddies and disinhibition (with a caution about attribution). Industry notes, RSA, and Valentine's Day.
Cyber attacks reported in the Middle East, from both states and non-state actors. Italy's Foreign Ministry hacked for months in 2016. Cyber and kinetic operations. RSA's Innovation Sandbox.
RSA Updates. Microsoft calls for Geneva Convention for cyber. Phishing.
Nation-states or criminal gangs? Update on Polish banking attacks. And an update on RSA.
Ukraine accused Russia of renewed hacking by BlackEnergy actors. ASLR bypass proof-of-concept reported.  Notes from RSA, and an update on Android gunnery malware.
International norms of cyber conflict. Fancy Bear's tradecraft (with a side of дезинформа́ция). RDPPatcher, Cerber, Ticketbleed, and Hermes. And the vibe around RSA 2017.
A coming surge in North Korean hacking? Middle Eastern cyber espionage campaigns. Microsoft patch issues. Infowar updates. NIST's draft electrical utility cyber guidance. Problematic toys.
Influence operations. A new Mirai version is potentially more dangerous than the old one. Proofs of concept. New York's cyber security regulations for banks. What Verizon will get from Yahoo!
Patcher ransomware. Locky, Cryptowall, and Cerber are still active; so is old-fashioned blackmail. NSA keeps the VEP. Reactions to New York State's cyber regs for banks. Observations of BugDrop, and thoughts on cyber war and attribution.
SHA-1 is broken. Grizzly Steppe and Carbanak. M&A notes. Linux patched. Arrest in Deutsche Telekom hack. The insecurities of connected cars. 
Cloudbleed and what it means to you. Ransomware updates. News from the Moscow treason trials. Coachella Festival breached.
If I Only Had a Brain... Artificial Intelligence Gets Real at RSA 2017 [Special Edition]
Alleged BND surveillance of news organizations. Snake Wine in Japan, for disinformation? Singapore military phished. Google discloses more Microsoft unpatched bugs. Cloudbleed update. CloudPets may have privacy issues.
Internet outages were errors, not attacks. Evolving Trojans and botnets. M&A news. Cyber casus belli. Terminators and teddy bears.
Online banking funds transfer fraud. Telegram and phone scams. FCC regulatory update. Insider threats in the IC. And bad robots.
Risk mitigation scores some wins this week. Amazon finds the typo that took out the Internet. Symantec gets into the VC game. Yahoo! agonistes. Wassenaar's prospects. PRC wants cyber peace. And farewell to Howard Schmidt.
Warnings of DNSMessenger. Cyber deterrence, and cyber offensive operations. Notes on DDoS. Election surveillance allegations.  
RSA 2017 Roundup – Perspectives, Pitches and Predictions [Special Edition]
StoneDrill succeeds Shamoon. Trojanized Android Facebook Lite. Progressive groups threatened with doxing, blackmail. WikiLeaks' Vault 7. Hacking back? Wiretapping?
WikiLeaks and Vault 7
Vault 7 doesn't show much evidence of false flag operations. The most interesting question the WikiLeaks dump raises is, where did the material come from? RAND studies the zero-day market. The Near Abroad wishes for more US soft power.
WikiLeaks, responsible disclosure, and insider threats. Playstation credentials rumored to have been compromised. Apache Struts bug being actively exploited. DPRK missile cyber security. A look at West African cybergangs.
Vault 7 updates—observers speculate about an inside leaker. Pre-loaded Android malware raises supply chain concerns. Ransomware in Japan. Convincing Chrome-spoofing malware. GCHQ warns UK parties to expect Russian influence operations.
Canadian government sites recover from the Apache Struts vulnerability. FireEye's M-Trends report is out, calling out greater sophistication in financial cybercrime. USAF accidentally exposes SF86s. Vault 7 update.
Influence ops, third-party apps with an appetite for permissions, and criminal competition. Google purges malicious apps from the Play Store. Advice for whistleblowers. Farewell to Becky Bace.
Lazarus Group is back. Dun & Bradstreet loses data; so does ABTA. Patriotic cyber rioting or state influence operations. US indicts four in the Yahoo! breach.
Cyberspace and "Cold War Two." Who's leaking to WikiLeaks? Wishbone breached—warn the kids. Crimeware-as-a-service. The Active Cyber Defense Certainty Act.
Careless criminals, Cisco mitigations, and Vault 7 disclosure conditions. A look at the Atlantic Council's Cyber 9/12. Cabin fever and malware infections. Kirk ransomware.
Extortion claims. Election influence operations seem likely to continue. A Russian bank claims it's being framed by DNS spoofing. "Cyber Pearl Harbor" fears may be a distraction.
Laptop restrictions are for physical, not cyber reasons. Necurs is back, pumping and dumping. MajikPOS notes.
Newly disclosed threats and vulnerabilities, mostly criminal. Catphishing peer review. The US may indict North Korea for the Bangladesh Bank heist.  
WikiLeaks' Vault 7 "Dark Matter" docs. Information operations, Russian style and ISIS style. Job database exposed. 
Lone wolves howl to each other over WhatsApp? Industry yawns at WikiLeaks zero-days. How online gamers cheat. America's JobLink breach update. Ukrainian artillery hack notes. April 7 deadlines.
Updates on Cozy Bear and Shamoon tradecraft. Crypto wars flare in the UK. FBI warns of attacks against FTP servers. Typosquatting, scareware, and other problems.
Hybrid warfare objectives and tactics. Physical threats, lost and found. Vulnerability and threat recap.
Apple patched this week—how are your systems? Lastpass working on a patch for an undescribed bug (said to be complex). What IT staff actually work on. And a long talk about emerging Administration cyber policy.
Fancy Bear's phishing expeditions. Cryptowars and privacy regs in the EU. Is that really you, Dr. Niebuhr? 
WikiLeaks dumps alleged CIA obfuscation code. Attribution skeptics speculate about Russian ops (or the lack thereof). ISIS information operations manual revealed. RATs in the wild.
Pegasus version now affects Android. UK on alert for ISIS infrastructure cyberattack. DPRK tied, again, to Bangladesh Bank heist. Fancy Bear and Turla updates. Samsung Tizen 0-day. Tax season security. 
Operation Cloudhopper. Chrysaor spyware. Microsoft to upgrade Office security. Notes from SeaAirSpace. High school hacking.
Operations TradeSecret and Cloudhopper attributed to APT10. Third party risks. Lazarus Group update. US investigation of Russian influence operations and US surveillance allegations proceeds.
APT10's Operation TradeSecret. BrickerBot may be vigilante PDoS. Amnesia and Sathurbot exploit known vulnerabilities in, respectively, DVRs and WordPress. Ransomware, surveillance, and info ops updates.
Information operations respond to kinetic strikes. Dallas emergency sirens hacked. Alleged spam king arrested. Okta files its IPO.
Word zero-day spreading Dridex. Password reuse bites Amazon third-party sellers. Mirai now mines Bitcoin. WikiLeaks, the ShadowBrokers, and war in Syria. Cyber first use. Crypto wars in Europe. APT10 in India. Penn State prof takes  Gödel Prize
Women in Cybersecurity 2017: A CyberWire Special Edition [Special Edition]
Patch Tuesday notes. Cyber threats to healthcare, New Helsinki information operations center forming. Updates on WikiLeaks and the ShadowBrokers
Ewind adware infesting Android third-party app stores. Influence operations. Russian state use of organized crime. Finspy a payload in Word zero-day exploits. 
ShadowBrokers frustrated with the peoples. Callisto Group was active against UK Foreign Office. US DCI denounces WikiLeaks as a hostile intelligence service. Surveillance vendors said willing to deal with pariah regimes. Weaponized memes.
Missiles and malware? ShadowBrokers' leaks examined. Syrian info ops. ISIS recruits women for martyrdom. Ransomware, medical device vulnerability updates. Troubled unicorn?
Karmen in the black market. Homograph vulnerabilities. Vault 7 and ShadowBrokers updates. Hacks and missiles. Competing for botnets.
Vigilantes in the IoT. Bad actors find a friend in the ShadowBrokers. BankBot is back in the PlayStore. Pixel-tracking for target recon. A very big Oracle patch.
Trojanized apps in the PlayStore. How cybergangs talk, cooperate, and improve their game. More troubles reported for Tanium.  A Chicago lawsuit brings privacy issues to the fore.
States and gangs. Insider threats and mole hunts. The misguided vigilante behind BrikerBot. Hollywood hacks. Not a Nigerian prince this time, just the Director General of the National Intelligence Agency.
Nation-state tensions in cyberspace over North Korean threats and presumably Russian cyberespionage. Locky returns. More pharma spam. Seleznev gets 27 years for carding.
Fancy Bear spotted in France, Denmark, and maybe Bulgaria. Tensions mount around North Korean weapon programs. Power grid fragility. Milkydoor in the PlayStore. AV misunderstanding. Kelihos indictment. Ashley Madison blackmail.
Elections, influence operations, and hacking. How clever phishing succeeds. Chipotle's point-of-sale breach. Hacking in Fast and Furious 8.
Fancy Bear in France (and in Germany, too). Israel debates Cyber Authority's charter. Sudan says its using Electronic Jihad against ISIS. Verizon, Symantec threat reports out. Adware campaigns.
OilRig fingered as Iranian state-sponsored group behind attempted hacks of Israeli targets. Shamoon still under the same management. Botnet wars in the IoT. Countermessaging, hopes of missile hacks, and more. 
NSA changes collection policy in a privacy-friendly direction. Latest Vault7 leaks look anodyne. Election influence concerns in Europe and the US. Blocking social media. DarkOverlord returns with extortion caper.
IBM, Apple, and Intel all fix vulnerabilities and block threats. Neustar's DDoS report. Updates on the DarkOverlord and (separately) LizardSquad. Info ops and what they're after.
Shamoon update. Sabre discloses possible breach to SEC. Mobile device and VPN threats and vulnerabilities. Information operations and cyberespionage.
Phishing with a big worm (and other lures). Botnet mining cryptocurrency. Blackmoon upgraded. Aadhaar troubles in India. Passwords, security questions, and Grand Moff Tarkin's CISO.
Influence operations and elections, and the difficulty of doing anything about them. Dynamite phishing investigation. Snake hisses at Macs. Fatboy at your (criminal) service.
Election cyber-influence campaign in France. (Will UK and Germany follow?) AMT bug to be fixed. HandBrake compromised. Kazuar upgrade for Snake. Ransomware black market.
Metadata signs point to St. Petersburg in l'affaire Macron. UK, Germany, US expect more Russian election influence ops. New IoT botnet appears. US FCC sustains DDoS. Microsoft fixes MsMpEngine. SS7 weakness and 2FA.
NSA says it warned France of election influence ops. Deterrence and retaliatory capability. SLocky ransomware rising. Patch Tuesday. FBI Director Comey dismissed.
French media recover from DDoS. XaverAd infests Android ecosystem. Zero-days patched, but exploited in the wild. Mother's day giftcard hacking. Telephonic harassment.
WannaCry ransomware spreads via ShadowBrokers' dumped exploit. Necurs delivers Jaff ransomware. Fancy Bear spoofs NATO emails. President Trump's Executive Order on cybersecurity.
WannaCry ransomware—a pandemic. Baijiu spyware in East Asia. APT32 seems to be spying for Vietnam. Al Qaeda calls to lone wolves. Influence operations and tactical operations. The long arm of the law reaches out to tech-support scammers.
WannaCry, worm wars, ransomware pandemics, and a place for kill switches. And what might a cyber Pearl Harbor look like?
Gothic Panda seems to have a government job. Not all extortion is ransomware (ask Disney). WannaCry update. The ShadowBrokers are back. So is WikiLeaks
OilRig hires the Russian cyber-mob. WannaCry updates. Other EternalBlue exploits surface in the wild. Pending legislation in the US Congress. NIST issues guidelines for Executive Order compliance.
WannaCry wraps up its first week. No patches for Marshmallow. Women in Cybersecurity survey results.
How were US agents in China compromised between 2010 and 2012? EternalBlue updates (including notes on WannaCry and EternalRock).
ISIS claims Manchester concert bombing. The case for a North Korean Wannacry. US lawmakers consider cyber legislation.
Manchester bombing investigators look at bomber's network. EnSilo patches ESTEEMAUDIT. Cron cyber gangsters arrested. What we hear at the Cyber Investing Summit.
Worm alert. Stumblebums or masterminds? Widia commodity ransomware in its early stages. Taking the fight to ISIS in cyberspace.
WannaCry aftershocks. Influence ops and data corruption. Samba patched. Biometrics and impersonation. GDPR approaches. US legislation update.
Implications of Manchester bombing investigation on policy, Five Eyes relations. British Airways IT outage. Fancy Bear and Malta? ShadowBrokers prep exploit-of-the-month club. Google deals with Chrome, PlayStore issues. Mall boards and ricrolling.
Exploit-of-the-month club open for business. Disinformation technology. Lazarus Group tied to North Korean intelligence (again). Extortion is big, but carding is still with us. Spammy apps in Google Play.
It's the first of June, and the ShadowBrokers' exploit-of-the-month club is open for business (exploits to be delivered to subscribers in July).
Patriotic and free-spirited hacking? WikiLeaks has a new Vault7 dump. Cyber conflict over the South China Sea. Fireball malware infests more than 250 million devices. Trident security. Kmart breach. Bikers turn hackers.
ISIS claims responsibility for inspiring attacks in London. More are expected during Ramadan. Hacks roil Middle Eastern diplomatic waters. Ransomware updates. Indian investigates possible aircraft hacking.
Report leaked on Russian influence operations (alleged leaker in custody). ISIS continues inspiration; anarchist groups said to follow same playbook. The DarkOverlord is back.
Farewell to Jean Sammet, co-developer of COBOL. Remembering Midway. NSA leak investigation. Signs of Russian disinformation in the Gulf. Data breaches, script kiddies, EternalBlue, and Turla.
Qatar—provocation, and disinformation online. Influence operations move from doxing to disinformation. 2FA still a good idea. Former FBI Director Comey testifies. And assume the boss is watching.
Comey's testimony calls Russian election influence operations massive and ongoing. New Android malware. Malicious hyperlinks infect with a mouse-over. Data privacy issues.
CrashOverride implicated in Ukraine grid hack—possibly as a proof-of-concept. Hack-induced Gulf diplomatic troubles continue. New malware strains, exploits appear.
CrashOverride update. Influence ops harder to disrupt than infrastructure. Samba exploited for cryptocurrency mining. NSO Group for sale. Botnets and fake news. Airliner laptop bans.
A CrashOverride update from Robert M. Lee. Patch news. Terrorist funding goes cyber. Cozy and Fancy Bear were more active than earlier believed.
Hidden Cobra strikes from Pyongyang. Microsoft patches last of ShadowBrokers' leaked exploits. Sanctions coming over Russian election influence operations. Electrical and natural gas sectors brace for CrashOverride.
More from Vault7. How and why the DPRK hacks. FIN10 hits North American businesses with extortion demands. UK unis sustain ransomware infestation. Free decryptors are out, and ISACs seem to be working.
Bouncing bad adware apps from Google Play. More on WannaCry attribution. Voter data exposed on an Amazon S3 account. Assessment of Russian influence on UK elections: they didn't do it. (Didn't need to?) Hackers sentenced.
Who's behind the Android malware infestations? Mirai and Erbus updates. Industry notes. Brussels takes the pro-crypto side in the crypto wars. CrashOverride as a weapon. IG report on NSA insider threat management.
Investigation, introspection, watchdogs, and leakers. The risk of collecting and storing data. 
WannaCry's back and the industrial IoT's got it. Business email scams hit the unwary (and most of would count as unwary). Testimony on Russian election influence operations. Grid security.
Vault7 leak: Brutal Kangaroo toolkit. Data breach and ransomware updates. Notes on code audit requirements.
Brute-forcing Parliament. Election hacking retaliation? Cyberspies hunt IP in East Asia. Microsoft security issues. ISIS hacktivists deface Ohio websites. 
Petya goes WannaCry one better. Westminster email hack. ISIS in Maryland and Ohio websites.
Petya/PetrWrap/Goldeneye updates.
IoT 2017 – Securing the Things: A CyberWire Special Edition [Special Edition]
Ransomware, nyet; wiper, da. Shipping, manufacturing, and Big Law may share some common risks. WikiLeaks and the ShadowBrokers are back again.
What's up with Petya/Nyetya/NotPetya? It's a wiper—the extortion is just misdirection. WikiLeaks dumps "OutlawCountry" from Vault7. The ShadowBrokers raise prices. Russia says boo to cybercrime.
Recovery and attribution: Petya/Nyetya/NotPetya. Cyber conflict and collective defense. Online inspiration and online censorship. The EU's regulatory big stick. Vishing Parliament.
Recovering from NotPetya. State-actor seen behind wiper attack. Ukraine mulls criminal negligence charges. Documents behind US Congressional wariness of Kaspersky.
Ukraine says it blocked a second wave of NotPetya attacks. Notes on hybrid warfare and the challenges of sharing data. Will the EU get a right to repair?
NotPetya still looks like an act of state; intended result or not, companies warn of possible material effect from the attack. Another S3 database found exposed.
Infrastructure hacking. No Russo-American agreement in cyberspace. Android malware infestations. Misspelling as OPSEC
Russia's phishing for nuclear power plants. NATO offers aid to Ukraine. Election hacking updates. M&A and venture news. Crime, punishment, and cryptocurrency.
Patch Tuesday. Infrastructure hacking and hackers. Industry notes. Influence operations. Jamming a radio station.
Motives behind NotPetya, other operations. Verizon customer data exposed. Industry notes. Licensing hackers in Singapore.
More from WikiLeaks' Vault7. Cyber ops and national policy. NotPetya's costs. Clouds of misconfiguration. Chasing innovation. AlphaBay takedown. Phishbait.
Qatar accuses UAE of disinformation, hacking campaign. Other international cyberconflict. Ransomware and clickfraud in one campaign. Banking credential-stealing malware vs. Macs.
Qatar and the United Arab Emirates at loggerheads over hacking. Commonly used gSOAP IoT code vulnerable to exploitation. A data exposure risk in connected toys. And what could be in that EULA.
Dow Jones AWS S3 bucket exposed. FedEx 10-K and NotPetya. Game of Thrones torrent virus. Securing voting. Botnet defense research. M&A and VC notes. Initial coin offering hacked.
Configuring AWS buckets. New threats and vulnerabilities. Apple and Oracle patch.
Hansa Market takedown. Recovery from EternalBlue exploits is a long slog. Banking malware rising. Power grid vulnerabilities. Devil's Ivy and the IoT. A look at criminal markets.
Buckets leak, but so do CDs. NotPetya and Sandworm. Fruitfly versus Macs. ISIS strained in cyberspace. A look at dark web souks. Hacked fish tank.
Google Groups oversharing. E-discovery don'ts. Energetic Bear may be back. The CopyKittens seem to be Persian cats. Ethereum hacks (and white hats).
Counterattackers' advantage? Juche no competition for cat videos, next-day delivery. CopyKitten crude but effective. FBI investigated Fruitfly Mac malware. Adobe will retire Flash in 2020. BSides notes.
"Mia Ash" is an Iranian catphish. WikiLeaks dumps UMBRAGE from Vault7. Germany braces for hacking by Russia, China, and Iran. Google kicks unwelcome intercept tool Lipizzan out of the PlayStore. WhatsApp scammers phish for banking credentials. Anti-drone
WikiLeaks and the ShadowBrokers are both back. Catphishing the French elections. Pyongyang's Bitcoin miners. Malware notes, industry news, and a rundown of the Pwnie Awards.
Investigation into ShadowBrokers focuses on former insiders. Threat analyst doxed. Trickbot and NotPetya updates. Sweden's big breach. DPRK hacks online gaming for revenue.
Black Hat 2017 - Research and Investment [Special Edition]
HBO hacked. Operation #LeakTheAnalyst targets individual security researchers. Election hacking notes. UK's Home Secretary opposes strong encryption. Russia bans VPNs. Bitcoin, crime, and punishment.
Following up on security scrambles in Sweden and Ukraine. #LeakTheAnalyst. Blu Product phones booted by Amazon. BitCoin's hard fork. The Internet of Things Cybersecurity Improvement Act of 2017.
WikiLeaks dumps Dumbo dox. HBO's hack gets bigger. Group IB outs the United Islamic Cyber Force. Cerber goes after Bitcoin. Lawsuits over NotPetya; more companies warn. Election fraud in Venezuela.
MalwareTech arrested over Kronos banking Trojan. "Bateleur" in the wild. Long DDoS hits Chinese telco. Russian influence operations no longer novel? FBI investigates HBO hack.
US Army bans DJI COTS drones. Amazon will scan AWS customers' S3 buckets for public accessibility. Recommendations for election security. Marcus Huchins pleads not guilty to Kronos-related charges.
Power grid risks. Update on the Mandiant employee hack. "Mr. Smith" holds HBO for ransom. Shipping industry looks for GPS backup. DHL sees a NotPetya windfall. Google patches ten Android remote-code execution vulnerabilities. NIST issues a Cybersecurity W
Patches, passwords, wipers, and pseudoransomware. New fronts in hybrid war? KONNI, OnionDog, and Israbye.
Kenyan elections, not hacked? Someone's poking into DPRK systems. DDoS in Ukraine. Pseudoransomware protection. Spyware in Play Store. HBO hack.
HBO offered Mr. Smith a bug bounty, but no takers. Fancy Bear's in hotel Wi-Fi. DNC leak argument resumes. Locky and Mamba ransomware are back. ISIS on eBay. NotPetya arrest. WikiLeaks dumps more from Vault7.
Charlottesville hacking. Operation #LeakTheAnalyst. Dissatisfied customer calls ShadowBrokers a "ripoff." More HBO leaks. Google purging SonicSpy. Collusion attacks. Marcus Hutchins in court.
Lazarus Group is back, phishing in English. Extremist content online. Google cleans up SonicSpy. Arrests for HBO hacking are unrelated to "Mr. Smith." Marcus Hutchins is out on. DJI drones get a security makeover. Help desk scams.
NIST SP 800-53 updated. Attack on Scotland Parliament's email system. Consequences of Equation Group leaks. "Mr. Smith" and HBO. Attacks of note: Trickbot, OLE exploits, NetSarang backdoor. Extremist inspiration. BEC.
Email brute-forcing. Aadhaar woes. Leaked Equation Group exploits remain a problem. Hijacked Chrome extensions. Pulse wave DDoS. FBI interviews "Profexor." Extremism and vigilantism. OurMine hacks HBO Twitter, Facebook.
Ransomware updates. ShadowPad backdoor may have got into the supply chain from a Chinese APT group. Apple Secure Enclave decryption key released. Profexor and Fancy Bear. Misconfigured AWS S3 exposes voter data. Countering extremism online. FBI continues
GCHQ and MalwareTech's arrest. Chinese oilfield sustains malware infestation. US Cyber Command now a UCC. Ukraine fears another cyber campaign. Turla returns. GPS spoofing. Extremism online. ICO hack.
Cyber concerns about naval and maritime shipping operations. AWS S3 data exposure. Game of Thrones hack. NHS breach? Killer robots. Scareware.
Independence day cyberattack worries in Ukraine. US Navy eliminating possibility of cyberattack on USS McCain. More malicious apps in Google Play. US state cyber regs. ISIS still works to inspire online.
Cyberattacks that may not have been. Ropemaker corrupts email after delivery. Concerns about companies working for intelligence services.
Clouds, crooks, cheats, and cryptocurrencies. Vault7 leaks liaisonware. Rumors about FSB officers charged with treason. FBI arrests Chinese national in OPM hack. Extremism online flows more than it ebbs.
Maritime cybersecurity concerns. ExpressLane dump stirs up international trouble. IoT botnet threat addressed. Defray ransomware. Cyberattack in Scotland. Tehran's info-ops rapper.
Cyberespionage in South Asia. NHS hack confirmed as ransomare. Notes on Hancitor. WireX Android botnet taken down. Fat-fingering BGP. Topical phishbait.
NIST Cybersecurity Framework [Special Edition]
Phishing and watering hole alerts. Is DPRK stealing Bitcoin? NHS Lanarkshire ransomware identified as Bit Paymer. Onliner spambot has hundreds of millions of email addresses. St. Jude pacemaker patch.
Turla's Gazer backdoor. OurMine vs. WikiLeaks; WikiLeaks vs. CIA. Reality Winner trial. House of Cards material leaks. Patching notes. Insecure APIs.
Kenyan election nullified over electronic irregularities. South China Sea cyber espionage. WikiLeaks' Vault7 dumps Angelfire. Accused leaker wants her statements excluded. DPRK raids ROK Bitcoin. WhopperCoin is here.
Influence operations in Germany. More Turla. KHRAT looks like political spying. Exposed AWS S3 and MongoDB databases hit. Ransomware notes. Cyber gangland rumbles.
Apache Struts patched. Dragonfly is in the power grid. Ransomware notes. Taringa breached. Cryptocurrencies in China and Russia. Signal stealing that's not SIGINT.
DragonFly 2.0 in power grids. Cyberespionage in the South China Sea. Russian Facebook ads. "Fake News" survey.
Equifax decides to tell people it's been breached. Notes from the Intelligence and National Security Summit. WikiLeaks dumps missile guidance documents from Vault7. The ShadowBrokers are back, with a new offer.
Everything Equifax, with some notes on German election vulnerabilities and an update on the Crackas With Attitude.
Equifax breach news. Unsecured admin accounts. BlueBorne via Bluetooth. Hackable medical devices. Bots convince. A guilty plea draws a long sentence.
North Korea turns to cryptocurrency theft. Equifax breach gets worse. Patch Tuesday. Duma says US election hacked
Binding Operational Directive 17-01 hits Kaspersky. Point-of-sale malware found in some ElastiSearch servers. BlueBorne proves widespread. Equifax breach updates, industry notes, a look at the Billington Summit.
Equifax agonistes. Kaspersky denies his company's a security risk. Political database for sale found exposed. Trolling the DCI.
Cobian RAT: Zscaler’s Deepen Desai describes some clever malware. [Research Saturday]
Russian dogs not yet barking in German elections. ISIS is doing a lot of howling at lone wolves. Equifax updates. CCleaner found unclean. OurMine hacks Vevo to avenge its honor.
Russia Spy Files from WikiLeaks. Disinformation and influence operations. Equifax sustained a breach in March. Software supply chain issues.
German election update: nichts neues. Equifax breach. Viacom dodges a bad bucket. Like Sandworm, but from Tehran. Less than fully successful criminals.
EDGAR hack enabled illicit stock trades? Equifax tweets phishing url to troubled inquirers. Kaspersky ban clarified.
Hacks shake confidence in financial system. FinFisher using MitM. CCleaner backdoor had specific targets in mind? US Forces Korea debunks bogus NEO warning. Locky masters like Game of Thrones. nRansomware asks for a different kind of payout.
Pacifier APT : Bitdefender's Liviu Arsene describes a sophisticated, multifaceted malware campaign. [Research Saturday]
Deloitte hacked. Verizon AWS S3 exposure. Phantom Squad's protection racket. Nuclear tension expected to spawn cyberattacks. Updates on CCleaner backdoor and FinFisher distro. Carlos Danger goes to jail.
Equifax C-suite retirements continue. Deloitte still has little to say about its breach. Mac OS zero-day goes unpatched. Russian influence operations.
Comments on the Deloitte breach. SEC Commissioner talks to the Senate. Sonic breached. Vulnerable stock-trading apps. Russian influence operations shift their focus.
Deloitte and Equifax under the microscope. Congress grills the SEC. Credential theft trends.
Whole Foods breached. Illusion gap and Windows Defender. Exposed AWS S3 buckets. Equifax incident response. Reality Winner proceedings.
APT 33: FireEye's John Hultquist on an Iranian Cyber Espionage Group. [Research Saturday]
Bots, sockpuppets, and trolls. Facebook talks to Congress. Some suggest China hacked Equifax. DPRK gets more Internet. ISIS inspiration. Section 702 authority in doubt.
Fake news and information operations with no obvious solution. Equifax update. US Cyber Command vs. DPRK
No insight yet into Las Vegas gunman's motive as ISIS inspiration generally discounted. Yahoo! breach affected 3, not 1, billion user accounts. Equifax updates.
NSA breach announced today (occurred in 2015, discovered in 2016) may be final nail in Kaspersky Lab's coffin.
FSB got NSA with an assist (witting or unwitting) from Kaspersky? Germany calls off mass surveillance investigation. Reality Winner stays in jail.
Android Toast Overlay: Ryan Olson from Palo Alto Networks. [Research Saturday]
GDPR: Privacy from Across the Pond [Special Edition]
Cyberespionage in the Korean peninsula. Russian influence operators bought Facebook, Google ads. Forrester hacked. Kovter, OilRig get upgrades. US CYBERCOM CSM notes.
Israel said to have tipped the US off concerning Kaspersky risks. Accenture databases exposed. Deloitte breach may be worse than initially thought.
Panama Papers pinch. North Korean spearphishing against ICS. CyberMaryland notes. Google Home Mini was tale-bearing (but now it's better).
Germany's BSI sees no problem in Kasperky software. Equifax, TransUnion, suffer from third-party malvertizing code. ISIS expected to change its inspiration. Notes on the dark web.
Synthesized DNA Malware with Peter Ney. [Research Saturday]
KRACK attacks. Iran's growing capability in cyberspace. Swedish and Polish targets probed by state-directed cyber ops. QR code security issues. Russia to introduce official cryptocurrency.
Panama Papers assassination? Black Oasis exploits Flash Player. DPRK hacked TV show. Patching KRACK and ROCA. WikiLeaks prepping something? DHS BOD 18-01. SCOTUS to rule on data warrants.
DPRK returns to bank robbery. Ransomware updates. Patches from Oracle, Lenovo, BlackBerry. Criminal coin miners.
Leviathan group exploits patched .NET flaw. North Korean cyber ops. Russian suspicions. Cutlet Maker ATM malware, Sockbot Minecraft malware. Ransomware and backups.
IoT DDoS hurricane forming? Sofacy exploits patched Flash bug. NotPetya continues to impose costs. Snooping with mobile app ads.
WireX BotNet with Justin Paine from Cloudflare. [Research Saturday]
Reaper botnet looming, but not yet landed. CyCon phishing. How to troll for influence.
Reaper botnet update, Election hacking in Kenya, Czech Republic. M&A notes. APT28's phishing. Kaspersky's offer of code review. FBI shots in the crypto wars.
BadRabbit hopping though Eastern and Central Europe, and Southwest Asia. DUHK risks. Kaspersky on how a laptop was backdoored. Notes from Atlanta's ICS Cybersecurity Conference.
Dogs that haven't barked. Surveillance authority reauthorization advances in the US Senate. Notes on ICS cybersecurity.
BadRabbit ransomware and Reaper botnet updates. SATCOM bugs. ICS cybersecurity notes. Moscow's free commercial speech piety. Anonymous is back.
Tracking a Trojan: KHRAT. [Research Saturday]
Reaper looks like a criminal booter on the Chinese black market. BadRabbit shows some moves. Catch-All malicious Chrome extension. Android currency miners in Google Play. Indictments in Russia probe.
A BadRabbit and Reaper update. EU and cyberwar. DPRK denies WannaCry responsibility. China's cyber espionage shifts. Oracle emergency patch. Buganizer wide open. Influence ops. Heathrow security.
Ransomware old and ransomware new, but can you distinguish it from a wiper? Influence operations hearings on Capitol Hill.
The Manhattan terror suspect claims allegiance to ISIS, but ISIS hasn't claimed him. Crimeware notes. Patching news. Crypto wars update. What the Senate learned about info ops.
BadRabbit misdirection? Fancy Bear's wish list. AWS misconfigurations. Data breach notes.
Exploring Phishing Kits with Duo Security's Jordan Wright. [Research Saturday]
The Paradise Papers, tax avoidance, and quiet investments. Kaspersky affair updates. Retaliation against influence operations?
Stolen Paradise Papers aren't making people or companies look good. Off-year election security. Trollhunting. Notes on the future of cyber conflict from CyCon 2017.
Fancy Bear's new moves. OceanLotus and Sowbug cyber espionage groups active. Notes from CyCon, and a look at industry news.
Macro-less malware. Metacriminals and botnet herders. Hacking ships and airliners. Cryptocurrency glitch. Congratulations to the SINET 16.
Taiwan Bank Heist and Lazurus Group with BAE's Adrian Nish. [Research Saturday]
Vault 8 and false-flag allegations. Mole hunting. Equifax breach costs. ISIS returns to WordPress defacements. RoK domestic political influence scandal.
Influence operations in Catalonia? IcedID banking Trojan. The Shadow Brokers: an intelligence service or a bunch of moles? Patch notes.
Hidden Cobra's RATs. IoT bugs. Patch Tuesday notes. Backdoored smartphones. Russian trolling, propaganda. DPRK short wave hacked?
Revisions to the US VEP (and comparisons to China's). DPRK hacking. Laurel mole hunt. BlueBorne is back. Snakes in the Play Store. Can you sound like a child?
AWS S3 misconfigurations. Kaspersky's report on the Equation Group affair. Cybercrime notes. DPRK cyber campaigns. The VEP reviews continue positive. Amazon Key has issues.
Dark Net Pricing with Flashpoint's Liv Rowley. [Research Saturday]
PwC Principal Jocelyn Aqua on Earning Consumer Trust and Business
Cyberspace in Peace and War author Martin C. Libicki
The Right to Be Forgotten with Yale Law School's Tiffany Li
Waiting for Terdot, a sneaky banking Trojan. [Research Saturday]
Breach disclosure: fast and slow. Mirai's minor comeback. Anti-ISIS Hacktivsts strike Amaq. North Koreans studying blockchain. Alleged Game of Thrones hacker indicted.
Who's the third man in the Shadow Brokers leaks? ISIS diaspora means more ISIS online. Monero miner identified. Tizi backdoored apps booted from Google Play. Scarab ransomware. M&A notes. Indictments in IP theft.
Another misconfigured AWS S3 bucket, this one with US Army INSCOM files. Apple fixes a major issue in MacOS. Influence ops and autarky. Boyusec disbanded.
Building your cyber security career. [Special Edition]
Breaches, extortion, and insider threats. Credit bureaus and GDPR. HP addresses spyware allegations. When is a snack bag more than a snack bag?
Flynn pleads guilty in Mueller probe. Misconfigured AWS S3 buckets, again. Election trolling and spy versus oligarch. Black Friday fraud down. Crime and punishment.
Staying ahead of Fast Flux Networks. [Research Saturday]
Nghia Hoang Pho charged with mishandling classified NSA material. A review of other recent leaks. Kaspersky under fire in the UK. More Uber executives depart.
Andromeda takedown (with an arrest in Belarus). Mirai is back; Reaper still threatens. PayPal phishing. Tech support scam evolves. Cryptowars notes. SEC goes after an ICO.
Satori botnet is awake (and it's not engaged in enlightenment). State-sponsored spyware campaigns. ISIS threatens cyberattacks.
Hamas calls for intifada; hacktivism expected. Ethiopian government surveillance ops. Crime and cryptocurrency. Keylogger in the wild. Fixes to MacOS, Android app development tools. Uber hack and bug bounties.
Iranian reconnaissance of critical infrastructure? Leaky banking apps. Microsoft's emergency patch. Ghosts of the Caliphate threaten, but have yet to deliver. New horizons in biometrics.
Stealthy Zberp Banking Trojan. {Research Saturday]
Al Qaeda tries its hand at inspiration. MoneyTaker cyber bank robbers. Dark web database holds a billion credentials. Bitcoin speculation and Bitcoin fraud.
Catphishing for spies. Banking Trojans. Spider ransomware. CoinHive comes to Starbucks. SEC stops another ICO. BrickerBot retired?
A look back at Patch Tuesday. Classic games on Android serve malware. Cryptocurrency speculation. Info ops updates. Phony hitmen. Guilty pleas in Mirai case.
Hacktivism threatened over embassy move. Significant probe of an industrial plant. That was no BGP error. TV blues.
Internet shut down in Ethiopia. TRITON ICS malware updates. Security products patched. Cryptocurrency capers.
The unique culture of the Middle Eastern and North African underground. [Research Saturday]
Zealot and Monero mining. Bitfinex DDoS. Triton/Trisis shows risks of committing safety and control to the same systems. Bitcoin crime. M&A news. Hair of the dog.
North Korea officially blamed for WannaCry. US National Security Strategy and cyber. Hex Men are up to no good. Cryptocurrency crimes. Cyberespionage. Misconfigured printers. Bad passwords.
Pyongyang's snarling through cyberspace, and what others are doing about it. Coppersmith espionage campaign in the Middle East. GDPR approaches. Giving your kid a smartphone?
More data found exposed in an AWS S3 bucket. EtherDelta's DNS impersonation issue. DPRK says it doesn't hack. FISA Section 702 nears sunset. Wassenaar updated. Kaspersky says its due process rights have been violated.
Updates on Triton ICS malware attack. DPRK and WannaCry. Cryptocurrency crime and an alt-coin market correction. Fancy Bear sightings.
Keyboys back in town. [Research Saturday]
Active defense and “hacking back" with Johnathan Braverman from Cymmetria
"Hacked Again" author Scott Schober
The CISO's changing role with Andrew Wild
The German Cybersecurity Market with Gerald Hahn
Hunting the Sowbug. [Research Saturday]
ISIS claims responsibility for bombing in Russia. Iranian unrest involves Telegram, Instagram. Proposed FERC reporting standards. YouTube gone bad, and an arrest in a horrific swatting prank.
Iranian dissent takes to Tor. Iran cracks down on Internet services (and Infy gets busy). Kernel memory issue in Intel processors. macOS bug published. "Trackmageddon." Curating YouTube. Condolences to a SWATTING victim's family.
Meltdown and Spectre arose from engineering for speed—most chips are affected. Bogus security apps kicked out of Google Play. Iran's Internet crackdown. Indications of a guilty plea in NSA leak case.
Meltdown and Spectre, risks and mitigations. Aadhaar compromised. Blockchain bubbles.
TRISIS Malware: Fail-safe fail. [Research Saturday]
Korean-language phishing targets interest in the Winter Olympics. Unrest continues in Iran. Meltdown and Spectre updates. Aadhaar security. Admiral Rogers will retire this spring from NSA.
Spectre and Meltdown mitigations. Psiphon and Iran's unrest. Olympic phishing. Mobil pop-up redirection. Alt-coin speculation.
Turla returns. Moscow interested in Mexican elections? FakeBank mobile Trojan hits Russian banks. Phishing the Olympics. Patch Tuesday. Bad flashlights, nice doggie.
Aadhaar updates. Fancy Bear doxes the Olympics. WhatsApp snooping vulnerability discussed. Spectre and Meltdown patching. US House reauthorizes Section 702. Bitcoin isn't Bitcoin Cash.
Spectre and Meltdown patches may be messy, but not as performance-killing as feared. AMT exploit. Mobile ICS apps. Monero mining. Badness in the Play Store. Huawei ban? Droning while drunk.
Shake Your MoneyTaker. [Research Saturday]
New Mirai variant forming. Meltdown and Spectre remediation updates. Notes on Russian hacking. Charges in swatting death.
Section 702 update. Kaspersky reports on Skygofree—dangerous Android spyware. Recorded Future on DPRK spearphishing. Healthcare hacks. Bogus patches. VR game could expose users.
Big healthcare data breach. False civil defense alerts. Davos will take up cyber next week (among other topics). Exobot on the block. Satori in your wallet? Ponzi scheme or pump-and-dump?
AllScripts works to remediate ransomware in medical apps. Group 123 hits ROK targets. Triton/Trisis zero-day. Dark Caracal espionage op. Section 702 renewed. GhostTeam ejected from Play Store.
Fancy Bear Duping Doping Domains. [Research Saturday]
Evrial and the Clipboard threat. SamSam ransomware recovery. Olympic hacking? Russian bots. Crime and punishment. Speculated origins of Bitcoin.
ISIS messaging. Intel will roll out new Spectre/Meltdown patches. Identities for sale on the dark web. IDN spoofing. SpriteCoin ransomware, with a malware chaser. Three Sonic games may be trouble.
Satori variants. Hacking in Anatolia. Lazarus Group improves its tradecraft. Tindr vulnerabilties. UK's new office to combat disinformation. Pirated pdfs hold malware.
Patriotic hacktivism. HNS botnet spreads P2P. Electron vulnerabilities found, mitigated, Criminals target ICOs. Ransomware-as-a-service. Cryptowars. Fancy Bear doxes luge.
2018 forecast [Special Edition]
Lebal's layered approach to infection. Crytominers are becoming a big problem. Tracking influence ops. Dutch intelligence spotted Cozy Bear early. Exploiting password recovery.
Targeting Olympic organizations. [Research Saturday]
Coincheck cryptocurrency heist. ICO phishing. Jackpotting comes to America. Dridex and FriedEx. Transduction attack threat to IoT sensors. Jihadist steganography. Oversharing with Strava?
Netherlands financial sector recovers from DDoS. Lizard Squad, Mirai, and coin mining. IOTA wallets emptied. Snooper's Charter loses in court. US House may release surveillance memos. Strava OPSEC.
Phishing campaign targets Israeli scientists. Low-level contract phishing in China's hinterlands? Apps with privacy flaws. Cisco patches ASA products. Cryptocurrency speculation and fraud.
ISIS war on families. Cryptomining botnets. The weaponization of Spectre and Meltdown. Phishig with bogus emails spoofing Google, Microsoft. Apps that know too much.
JenX botnet and DDoS-for-hire. RoK CERT warns of Flash Player zero-day. Cryptocurrency mining and scamming. ICS security trends. Twitter cleared in terror trial. The Nunes Memo is out.
Advanced adware with nation-state tactics. [Research Saturday]
DPRK exploiting Flash Player zero-day. ISIS wants hacking help. JenX DDoS, Scrareby ransomware updates. Crime and punishment.
More Eternal exploits found more troublesome. Cryptominer updates. NIST SP 800-171. Paycard skimmers. Tsunami false alarm.
Dutch DDoS arrest. Pyongyang is interested in cryptocurrency. So is the US SEC (in a different way). Uber explains its breach disclosure. New wrinkle in the "Microsoft" Help Desk scam.
Operation Shadow Web rolls up carding gang. Fancy Bear sightings. DPRK buying zero-days? Cryptojacking ICS. Huawei, ZTE get Congressional razzing. Jita scams.
Trends in phishing. Olympic hacking. Cryptojacking spreads. Litecoin gains black market share. Influence operations. Can Strava be exploited by bicycle thieves?
IcedID banking trojan. [Research Saturday]
Olympic hacking, cryptojacking and other illicit coin mining. Ransomware updates. The curious case of an alleged kompromat buy. Bots turn to ticket scalping.
Patch Tuesday notes. Skype DLL hijacking vulnerability. Olympic Destroyer malware described. Lazarus Group newly active. BitGrail heist? Cyber Valentine.
Olympic Destroyer updates. Cyber forecasts from the US Intelligence Community. Patch notes. Cryptojacking and coinming. Ad blockers (also an incentive to coin mining).
Olympic Destroyer took its time, compromised the IT supply chain. NotPetya attribution. Coin scams. Coin miners. Botnets old and new.
The complexities of Olympic Destroyer. More blame for Russia in the matter of NotPetya. Congress mulls election security. New York cyber milestone. Ed Snowden as phishbait.
The uncanny HEX men. [Research Saturday]
SWIFT fraud in India. DPRK hacking updates. Notes on Russian influence ops, both indictments and continuing activity. Alleged Florida gunman may have been an Internet known wolf.
SWIFT phishbait. DPRK hacking gets better; GRU hacking looks east. Coldroot RAT. Cryptojacking. Election cybersecurity.
Code signing certificates for sale. Impact of cybercrime on the world economy. Reaper out from under Lazarus's shadow. Catphishing. Cyber intelligence against terror. Ransomware and other hacks.
Mirai variant establishes proxies. Buggy smart contracts. Banking glitch. Studies from Verizon, Thales. FTC addresses credential stuffing.
Phishing for holiday winnings. [Research Saturday]
Olympic hacking—false flags and attack infrastructure. Cryptojacking. Smartphone security bans. Heraldic animals of hacking.
Cryptojacking through an AWS S3 bucket. Threats, risk, and unintentional mistakes. Crime and punishment. Industry notes. Alien hackers?
Memcrash and amplification attacks. SAML vulnerabilities. Thanatos ransomware. Petya returns (so does Marcher). Deterrence and election security.
Fancy Bear finds Berlin just right. RedDrop Android blackmail malware. Another AWS S3 exposure. FTC settles; SEC investigates. Blockchain radix malorum?
Memcrashing no longer just a theoretical possibility. Fancy Bear's pawprints in German networks and other peoples' embassies. Deterrence in cyberspace. High-profile fraud victims.
Lebal malware phishes for victims. [Research Saturday]
Humanitarian organizations targeted. Memcrash extortion. Spring Break bug. Equifax breach update. Russian influence operations (and American "yelling and hollering").
Cyber espionage in Central and Eastern Europe. Cyber deterrence. Notes from Matrosskaya Tishina. Exabeam describes what crooks can get from your browser.
Patchable vulnerabilities in Apache Struts and Exim. CombJack malware. DPRK vs. UN Panel of Experts. Cyberwar and legal limits. Espionage Act prosecution. Infowars turn grimly kinetic.
A Memcrash kill-switch. Shadow Brokers' leaked "Territorial Dispute" tools. Dutch DDoS, Indian hacks. FBI and backdoors. Notes from SINET ITSEF.
Cyber reconnaissance. Vulnerability database misdirection. Cryptoming attempts. New Memcrash DDoS. Policy changes in the US coming as agencies report?
Dark Caracal APT steals out of Lebanon. [Research Saturday]
Iran grows more capable and assertive in cyberspace. Bots have nothing on humans when it comes to peddling disinformation. Chinese influence ops. Fancy Bear, Slingshot updates.
May hands Putin an ultimatum (and cyber conflict is expected). HenBox spies on Uyghurs. Vixen Panda creeps in UK targets by backdoors. Changes at US State Department, CIA. SINET ITSEF notes.
AMD investigates report of processor flaws. A look at OceanLotus. Patch Tuesday. Russo-British tensions high. MuddyWater threatens researchers.
Chip vulnerability disclosure controversial. Black market and point-of-sale malware. SEC charges ex-Equifax exec with breach-related insider trading. Tensions over Salisbury nerve agent attack.
NATO-Russian cyber tensions high. They're also high between Saudi Arabia and Iran. Updates on AMD vulnerability report. Another exposed AWS S3 bucket?
Cryptojacking injections heat up. [Research Saturday]
Power grid hacking fears running high. Social media problems. Election DDoS reported in Russia. FTC and SEC cyber enforcement actions. NSA hoarder case update.
Power grid threats coming through the router. Cambridge Analytica and Facebook face tough questions.
Preparing for grid attacks. Notes on breaches, crime, and punishment. And Facebook's no-good, bad, awful week.
Kaspersky burned a JSOC op? Facebook affair: apps, legal fallout, regulatory inspiration, apologies and resolution to sin no more. Tariffs against IP theft. Best Buy shows Huawei the highway.
US indicts Iranian hackers. Guccifer 2.0 is a GRU Bear. Atlanta hit with ransomware. Equifax breach cost consumers plenty. Facebook's troubles persist, as do Cambridge Analytica's.
Code comments cause SAML conundrum. [Research Saturday]
Persona non grata, Ivan Ivanovich. Grid threat worries. Data scandal updates. Malware notes. Reaction to Iranian indictments. Alleged Carbanak kingpin collared.
Phishing from the library. Facebook and Cambridge Analytica updates. Bots as propaganda readers. SamSam still plagues Atlanta. Aadhaar leaky? Many nations expel Russian diplomats.
Blockchains that bind us. [Special Edition]
Tensions over Salisbury nerve agent attack remain high. BranchScope raises concerns about side-channel attacks. Facebook data scandal updates. Atlanta and Baltimore recover from hacks.
Russia retaliates against the US with tit-for-tat PNGs, consular closure. Assange has no more Internet (until he behaves). Fauxpersky and WannaCry seen in the wild. Facebook works on privacy.
Under Armour fitness app breached. Warning shot from WannaCry. Lazarus Group update. Aadhaar security questions. Ransomware and city governments. FBI agent charged in leak case.
Chasing FlawedAMMYY. [Research Saturday]
Department stores suffer a paycard breach. Atlanta still working on SamSam recovery. Ransomware in India. SWIFT fraud attempt. Facebook's troubles. Kremlin doxed. Reality Winner case update.
Magento brute-forcing. Android IM spyware. njRAT updated. Panera breach. Pipeline operator hacked. Cyber tensions. Cambridge Analytica named in class action suit.
Facebook boots Russian trolls for being trolls. Zuckerberg will testify before Congress. Different continents, different privacy protections. YouTube shootings. Pipeline hacks. Panera Bread's incident response.
Facebook agonistes. Really agonizing. Ad-supported apps like them some data. Sino-US trade tensions and Chinese cyber espionage. Russian wet work and disinformation. Western reprisals.
Multibreach via chat app. OceanLotus notes. Mirai vs. Banks. Energetic Bear vs. Switches. Russia warns Britain against provocation. DataTribe finalists.
Crypto crumple zones. [Research Saturday]
Hacktivists may be warning Russia and Iran against interfering in US elections. Britain on alert for Russian moves against infrastructure. Facebook preps for Congress. Ransomware updates.
Facebook comes to Washington. Research ethics? IoT threats. Switch bug exploited in the wild. Criminal misdirection. Russia and the West, again. And what do cybercriminals earn?
Mark Zuckerberg testifies about Facebook, big data, and influence. Patch Tuesday notes. Deterrence or open conflict in cyberspace?
Zuckerberg testimony. Supply chain cyber threat to satellites. DPRK destructive malware. "Early bird" code injection. GCHQ vs. ISIS. Germany blames compromise on Russia. Salisbury attack update.
Operation Parliament seems to have got what it came for. EITest finally sinkholed. Facebook testimony on Capitol Hill. Estonia reports. Swatting case teaches nothing?
Energetic Dragonfly and DYMALLOY Bear 2.0. [Research Saturday]
Info ops follow airstrikes, to be followed by sanctions. Expect cyberattacks and reprisals, with a chance of kompromat.
Russia versus routers. Desert Scorpion swept out of Google Play. ZTE faces sanctions. RSA notes, and a Sandbox winner.
More cyber battlespace preparation. Hacking as the continuation of war by other means. Ongoing social media privacy concerns. Tech glitch extends tax deadline. Notes from RSA.
Dispatches from RSA 2018. Russia continues to test the Five Eyes' patience and resolve. Trustjacking, Stresspaint, and an exposed AWS bucket.
RSA wraps up. Staging offensive cyber operations. (Information ops, too.) Business email compromise affects maritime shipping sectors. Sanctions bit Chinese device giants.
InnaputRAT exfiltrates victim data. [Research Saturday]
ISIS coordinates online inspiration campaign with terror attacks. APT10 spearphishing. IE zero day. Twitter won't sell Kaspersky ads. UK sentence in Crackas with Attitude case.
Ransomware in Ukraine's Energy Ministry. Energetic Bear infrastructure. Anonymous Twitter accounts equal bots? Orangeworm in x-ray, MRI machines. Sanction notes. Election security.
DPRK plays offense and defense. PyRoMine and EternalRomance. Russian disinformation on Syrian massacre. Alt-coin heist may be misdirection. Nakasone confirmed at NSA. Webstresser takedown.
Some fix fast, others not at all. Ransomware campaign's demands are non-negotiable (for most victims—Russians get a hometown discount). Content filtering. Jamming in Syria.
Crimeware kits, ransomware, and source code breaches. The Internet conduces to organic radicalization. Russia in Finland. Snooper's Charter notes. Crypt armistice or just key escrow?
New MacOS backdoor linked to OceanLotus. [Research Saturday]
Bank hack in Mexico. FacexWorm goes cryptomining. SamSam's volume discount. Influence ops. Researchers confirm that teams use teamwork.
Payment system hack investigated. Patch weaponization. Medical zero-days for sale. Responsible disclosure. Bad bots attack. Car hacking. Trends in phishbait.
New nation-state actors in cyberspace. SiliVaccine AV said to incorporate pirated code. Credential stuffing and password reuse. GravityRAT evades sandboxes. GDPR approaches.
Lojack for Laptops backdoor? World Cup cybersecurity. Schneider Electric patch. Reward points for sale. Medical device vulnerabilities. PPD-20 revision?
In the shredder or off the truck? Battlespace prep for a supply chain campaign? NG-Spectre found in Intel chips. No domain fronting for you. Kitty mines monero. NSA, US Cyber Command under new management.
BlackTDS and ThreadKit offered in criminal markets. [Research Saturday]
Winnti Umbrella covers multiple threat actors. DPRK off-shores cyber ops. ZooPark is in its fourth generation. GPON router bugs exploited in the wild. Russian Twitterbots. Block the EU?
2018 RSAC Outlook. [Special Edition]
Greek and Turkish hacktivists swap defacements. Process Doppelgänging in the wild. GDRP is coming (like winter, for you Game of Thrones fans.) Profiling infosec enthusiasts.
Subborn IoT botnets. Razzle-dazzle HTML phishing lure. Fancy Bear's false flag. Busy Yahoo boys. Crooks turn from Tor to Telegram. Kaspersky and contractors. Patch notes. SB 315 vetoed.
Cyber conflict between Iran and the US widely expected. ALLENITE threat group is after US, UK power grids. Jack-in-the-Box vulnerability. Signal's memory. Is ZTE going down?
Vigilantes and hacktivists. Point-of-sale malware source code leaks. Malicious extensions and apps. US Federal indictments: spying and hacking. Robo-caller gets record fine.
Three pillars of Artificial Intelligence. [Research Saturday]
Unauthorized banking transfers in Mexico? A lifeline for ZTE. Iranian cyber op-tempo rises. Russian troll farm's ad buys. Reining in apps. Cell tracking. Anonymous is back.
Email client vulnerabilities. Sanctions and trade policy. FinFisher in Turkey. myPersonality data scandal. Patch news. High school phishing.
Spyware campaigns: phishing and watering holes. Signal patches (fast). DHS cyber strategy. Russian election hacking. Cyber Investing Summit. Do smart people pick better passwords?
Competing for terrorist mindshare. ICS threat group update. AnonPlus vandalizes US state sites. GDPR's disclosure timeline. Congressional hearings. DarkOverlord collared.
Something Wicked this way comes. Automating wallet pilferage. Office 365 phsihing scams. DPRK hackers remain active. Recognizing alt-coin investment frauds.
Threat actors hijack Lojack. [Research Saturday]
DPRK's Sun Team works from three apps in Google Play. PII for sale in Zheijiang. SPEI theft. Jihadist content in social media. SEA charges. DDoS-for-hire sentencing. ZipperDown bug.
Speculative Store Bypass. GPON-based botnet. Customer data exposures. Roaming Mantis gets more capable. Nation-state threats.
Variant 4 and other chipset vulnerabilities. Confucius and Patchwork. Turla goes two-stage. Misconfigured not-for-profit bucket. ZTE's fraying lifeline. Facebook and the EU. Brain Food.
VPNFilter and battlespace preparation. XENOTIME may be back, and after industrial systems. GDPR updates. Following Presidential Tweets.
VPNFilter takedown. Low-cost Android phones with preloaded adware. Alexa's selective attention. BMW patches connected cars. Cryptocurrency crimes. New swatting charges. GDPR is here.
UPnProxy infiltrates home routers. [Research Saturday]
Rebooting routers against VPNFilter. Canadian banks compromised? Cobalt gang is back. 51% attacks on blockchains. "Courvoisier" sentenced. NATO looks at Russia's weaponized jokes.
More North Korean malware identified. EOS scanned for misconfigurations by parties unknown. Canadian banks won't pay extortion. Stay away from Joker's Stash. Crime and punishment.
Hacking Humans - Social engineering works because we're human.
Kaspersky loses court challenge to US Government ban. Cryptomix ransomware. US Departments of Commerce, Homeland Security, and Energy plan resiliency. A packrat at CIA? Reboot your routers.
Lazarus Group updates. Cybercrime's GDP. New Zealand a Chinese espionage target? ZTE and Huawei criticized. BND will continue to monitor Frankfurt hub. Google's knowledge panels.
Islamic State propaganda persistence. [Research Saturday]
Microsoft buys GitHub for $7.5 billion. VPNFilter tries to reconstitute itself. Ransomware and DDoS notes. USA Really seems to be latest in Russian disinformation.
DPRK hackers quieter in the run-up to the Kim-Trump summit. Russian EW. Cryptocurrencies and crime. Law firm social engineering. Dodgy World Cup Wi-Fi. Bad AI, a time-traveler's poly.
Espionage, influence, summits, and elections. What counts as a luxury? An iCloud warrant raises cryptowars speculation. Microsoft's GitHub acquisition. Facebook's coziness with Shanghai?
Hacking Humans — A flood of misinformation and fake news
New criminal campaigns out and about. Fancy Bear changes style, but not management. VPNFilter hits more devices. CloudPets overshare, but maybe more benignly than Google and Facebook.
Adobe patches a zero-day being exploited in the wild. Chinese cyber espionage, and the risks of data-sharing. Facebook default settings glitch. Industry notes.
Winnti Umbrella Chinese threat group. [Research Saturday]
SWIFT fraud (behind a wiper). Coinrail ICO robbery. Chinese espionage. G7 agrees to a coordinated response to hostile cyber operations. Malwaretech faces new charges.
Don't get cozy with Cozy Bear. Code-signing issues stem from muddled documentation. Devices ship with inadvertent backdoor. Matryosha attack. Operation WireWire versus BEC scammers.
Cable-tapping for a new century. Lazarus Group update. BabaYaga's cannibalistic malware. Patch Tuesday notes. Cryptojacking. World Cup surveillance. Beware of strangers bearing gifts with USB connections.
Hacking Humans — Gaming pro athletes online.
Chinese espionage in Central Asia. Dixons Carphone data exposure. Lazy State speculative execution bug. Pyongyang is expected to come roaring back into cyberspace. Unlucky 13. Chinese espionage in Central Asia. Dixons Carphone data exposure. Lazy State sp
MysteryBot developed from LokiBot. Satan rebranded as DBGer. Snooping on iOS got harder, but maybe not impossible. IG report on the FBI is out, not damning but not good, either.
Cyber bank heists. [Research Saturday]
Date extortion attempt against Liberty Life. Rex Mundi, Black Hand arrests. Hidden Cobra's back. Clipboard hijacking hits cryptocurrency wallets. ZTE, Huawei security fears. Pulp fiction.
Charges in Vault 7 case. Olympic Destroyer appears to be back. Liberty Life hack. Does Tesla have a rogue insider? US Senate hits at ZTE. Guilty plea in OPM hack-related fraud. Motive: blackmail.
Satellite communications suffer from Thrip(s). Zacinlo rootkit poses as a VPN. Insecure Firebase apps. EU copyright legislation. Kardon Loader. Bithumb robbed. #Opicarus2018. Bitcoin Baron jailed.
Playing on Kindness — Hacking Humans
Malicious apps, a clever botnet, and cryptojacking. Patch notes. EU copyright regulations. Congress still doesn't like the cut of ZTE's or Huawei's jib. Tesla sues a former employee.
Phishing plays small ball with depressing success. Chinese cyberespionage up. US IC, JCS, worries about innovation. Guilty plea in US espionage case. Ex-Knesset member suspected of spying. Supreme Court decides location privacy case.
LG smartphone keyboard vulnerabilities. [Research Saturday]
Nation-state cyberespionage and cybercrime. Cryptocurrency fraud and theft give alt-coins a rocky ride. Sino-US trade conflict update. GDPR data extortion. Spammy protection racket.
Romania, UK, warn of Russian cyber ops. International norms of cyber conflict. Bronze Butler's USB drives. Too-smart batteries not smart enough. Industry notes. Game cheater gets jail time.
DDoS attack on ProtonMail. Rancor cyberespionage campaign. PythonBot serves ads and a cryptominer. EU joint cyber response unit forming. Arrests in BEC campaign. Reality Winner's plea.
Separating fools from money. — Hacking Humans
Ukraine accuses Russia of preparing a cyber campaign. China eyes Tibetan diaspora. A decryptor for Thanatos ransomware. Nudging away from privacy. Dark web undercover.
Data breaches and data exposure. Privacy legislation. Improperly collected phone call records destroyed.
VPNFilter malware could brick devices worldwide. [Research Saturday]
Adidas data breach. Facebook on data abuse. Investigation of Exactis data exposure continues. Algonquin College hacked. Tenable's IPO. US-Russia summit will talk election influence ops.
Hybrid warfare. Inveterate DDoS against ProtonMail. Security concerns about Chinese companies. Retail breaches. Agencies scrutinize Facebook data abuse. Infrasound weapons?
Catphish and Charming Kittens. Data-sharing receives more scrutiny. European copyright law won't be fast-tracked. ZTE gets some relief. Juggalos and Juggalettes defeat facial recognition tools.
When catphishing, it pays to know what bait they'll take. Permission hogs are often misers. Cyber comes to the NTC. Natural intelligence screening for artificial intelligence. The Thermanator.
No Distribute Scanners help sell malware. [Research Saturday]
Malware infections down during World Cup matches. UK-Russia tensions. Australian National University hacked. Data breach notes. Calls for cooperation. Tell it to the Marines.
More Elon Musk impersonators in social media. Cryptocurrency raided. Spearphishing in Palestine. BlackTech espionage group. Apple upgrades. Polar Flow fitness app and oversharing.
Ticketmaster paycard breach is part of a very large skimmer campaign. Chinese cyberespionage and censorship. Smartphone privacy issues. Data misuse litigation. Affirming the consequent.
Timehop refines its breach disclosure. Speculative execution side-channel attacks described. Tech manuals offered for sale on the dark web. Twitter versus bots.
Fancy Bear indictments. VPNFilter found in Ukrainian water-treatment chlorine plant. Comment spam. Speculative execution side-channel attacks. MDM exploits in India.
A new approach to mission critical systems.
DNI warns of cyber threats. Russo-US summit. Mueller investigation and indictments. Huawei agonists. Congress reconsiders ZTE reinstatement. Kaspersky receives no emergency ban relief.
Trump-Putin summit. East Asian cyberespionage campaigns. Vulnerable DVRs. Concern about census security.
Magnibur ransomware spreads. LabCorp discloses suspicious incident on its networks. Spectre, Meltdown notes. Oracle patches. Helsinki summit backing and filling and backing.
Fancy Bear's Roman Holiday. RAT phishing in Ukraine. AWS S3 bucket leaks robocaller data. Bug or abuse? NIST to withdraw outdated cybersecurity publications. Content moderation.
Cyberespionage and influence operations. Big botnet assembled in less than a day. Monetizing stolen paycards through online games. Amazon nudges developers. Report on Huawei. Phishing notes.
Measuring the spearphishing threat. [Research Saturday]
SingHealth breach hits Singapore. Manufacturers afflicted with third-party data exposure. Aspen Security Forum takes cyber threats seriously. Ecuador may withdraw asylum from Assange.
Warnings of Russian cyber threat to power grids. Phishing rises. Patch gets patched. SingHealth breach. Satori botnet. Bluetooth MitM. Evil maids?
Leafminer wants to learn from the best, and that's not good. Shipper hacked. Old malware resurfaces in improved form. Russian grid and election threats. What insurance covers.
LifeLock closes proof-of-concept hole. US-CERT warns of active campaigns against ERP applications. Ad blockers may function as spyware. Parasite HTTP RAT. Underminer EK. NSA's IG scowls.
Fancy Bear sniffs around Senatorial staffs. US NSC considers Russian election interference. Chinese and Iranian cyberespionage. Malware loaders. Smart home bugs. Stealing WiFi.
BabaYaga strangely symbiotic Wordpress malware. [Research Saturday]
NetSpectre proof-of-concept. Election hacking, in the US and Australia. Cyber industrial espionage. Cyber threats to power grids. Hacking JPay.
Infrastructure security, especially power, finance, and elections. Preparation pays off. Proofpoint warns of new AZORult malware. Check Point tracks Master134 malvertising. Crime news.
Data-centric security. [Special Edition]
Reddit Hacked. Ukrainians nabbed. Facebook boots "inauthentic" accounts for malign influence. Pegasus spyware found in Amnesty phone. Yale's old breach. Google and censorship.
RASPITE noses around the US power grid. Cisco will buy Duo Security. Sandworm afflicts lab investigating Novichok attack. Influence ops can be no-lose proposition.Crytpojacking and malspam.
Russian threats and threats to Russia. Cryptojacking wave spreads out from Brazil. Recovering from malware in Alaska and Atlanta. Notes on automotive cybersecurity.
Cortana voice assistant lets you in. [Research Saturday]
More data exposures, from banks and a major CRM provider. Ransomware strikes back. The irresistibility of data. An unhackable wallet gets hacked…maybe. Spreading goodwill through Akido?
TSMC recovers from WannaCry infection. OpenEMR fixes 30 bugs. UK will ask Russia to extradite two GRU operators for Novichok attacks. Twitterbots flourish.
Payment processors probed with BGP exploits for redirection attacks. WhatsApp vulnerable to manipulation? Deterrence and retaliation. Anonymous vs. QAnon. Notes from Black Hat.
State-sponsored ransomware campaigns coming? DarkHydrus and Phishery. Hitting ATMs for alt-coin. US sanctions Russia. IBM looks at artificially intelligent malware. Black Hat notes.
DPRK RAT in the wild. Vulnerable WPA2 4-way handshake implementations. Black Hat notes. Sanctions and retaliation. RoK to reorganize Cyber Command. PGA and ransomware.
Thrip espionage group lives off the land. [Research Saturday]
Spyware for states and spouses. Election hacking demos. New ransomware strains, and a clipper for Android. Airline Wi-Fi is not only irritating, but insecure as well.
Cryptowars notes. DDoS in Finland. Bears aren't under the beds; they're in the routers. Smart city attack surfaces. Sanction notes. Training through puzzle-solving .
Notes on patching. Foreshadow speculative execution vulnerability. Influence operations. The FBI's new cyber chief. Are stickers a temptation to thieves, hackers, and customs officers?
Hacking Old Man River. Nation-state cyber conflict: objectives and norms of behavior. Australia's new cyber laws. ATM campaign. Lawsuits, and the Dread Pirate Robert asks for pardon.
Election risks—hacking and influence. Chinese industrial espionage spike. Misconfigured project management. Necurs appears briefly. Bogus Fortnite downloads. What they heard in the banya.
Stealthy ad fraud campaign evades detection. [Research Saturday]
DarkHotel is back. So is Necurs, and it's distributing a modular malware dropper. Industrial espionage follows international trade. Election meddling. The use and abuse of data.
Beers with Talos — Live from the RiRa at Black Hat
Fancy Bear bogus sites taken down. Some in the US Congress think they want hack-back laws. Cyber and sanctions. Operation Red Signature. Doxing Chinese Intelligence. Buggy medical devices.
Facebook takes down "inauthentic" Russian and Iranian fronts. Twitter blocks Iranian false-flags, and FireEye explains why they think it's Tehran. Triout Android spyware described. Hacking back?
If you're running a red team, let someone know it's a drill. Apache patches Struts. Another exposed AWS bucket. Remcos abused by hackers. DPRK goes after Macs. Dark Tequila runs in Mexico.
More action against Iranian influence operations. Tehran's cyberespionage against universities. Counter-value targeting in cyber deterrence. Sino-Australian trade war? Law and order.
Cyber espionage coming from Chinese University. [Research Saturday]
Moscow HUMINT drought? Spying on the Patriarch. Ottoman hacktivism. Iranian information operations. ISIS in cyberspace. RtPOS malware discovered.
Social media struggle with their social role. Election hacking concerns remain high. Australia's new government shuffles cybersecurity responsibilities.
Unpatched Apache Struts installations being exploited in the wild. Windows local privilege escalation flaw. Similarities among spyware. Stalkerware hack. Criminal threats to the grid. Breaches.
Twitter bots in Swedish politics. A different approach to influence operations. Hotel guest PII for sale. Medical device vulnerabilities. Charges in the case of the Satori botnet.
Recruiting spies via LinkedIn. WindShift in the Gulf. GlobeImposter ransomware. Blocking Telegram is harder than it looks. Policy notes from the Five Eyes.
ATM hacks on the rise. [Research Saturday]
Tracking Stone Panda to the Tianjin Bureau. Ad-fraud and Tokelau. RansomWarrior decrypted. US Congress to grill Facebook, Google, and Twitter. Celebrity scams.
Sleeper malware. Hakai botnet spreads. SamSam is still with us. US DNI warns of election threats. Congressional panels interrogate Facebook and Twitter, but not Google.
Cyberwar looms between Russia and the UK. Twitter and Facebook complete testimony, but inquiries continue. Unpatched MikroTik routers exploited. OilRig's new tricks.
Russia does the info ops dance. An indictment of a Lazarus Groupie. FOIA shares too much. British Airways breaches. Silence makes some noise. Notes from the Billington Cybersecurity Summit.
Leafminer espionage digs the Middle East. [Research Saturday]
Elections and information operations, but not necessarily the elections you expect. Apple purges dodgy security apps. Who are the Silence criminals? BA's breach. Cyber moonshots.
Trend Micro answers spying allegations. Magecart blamed for British Airways breach. Tor Browser exploit disclosed. Google vs. the right to be forgotten. Accused JPMorgan hacker extradited.
Executive Order mandates election interference sanctions. British Airways regulatory exposure. Patch Tuesday notes. EU passes copyright law. Russia says no to Novichok. WhatsApp scam.
Domestic Kitten spyware. Crypto wallet shenanigans. Firmware issues enable cold boot attacks. BlueBorne bugs are still out and about. Tech support scams. Election security.
Magecart continues its way. Evil cursor attacks. Seasonal trends in Trojans. More Novichok disinformation. Pyongyand denounces a "smear campaign." Wait and see on pipeline fires.
Android device eavesdropping investigation. [Research Saturday]
Ransomware and cryptojacking are all the rage. Iran seeks IP, North Korea seeks a quick buck. More on EU content moderation. Alleged Russian hacking of WADA, Spiez Laboratory. Propaganda overreach?
Tracking Pegasus. OilRig spearphishing. IP theft from universities. Peekaboo bug in surveillance cameras. WannaMine won't be EternalBlue's last ride. Preventing data abuse.
State Department cybersecurity issues. Iron Group's pseudoransomware. Bristol Airport's deliberate recovery. State of cryptojacking. Facebook offers campaigns help. US cyber strategy. Mirai masters.
Magecart is back. Bad apps booted from Google Play. OilRig taken seriously. Election influence operations. Sending in the National Guard. ICO fines Equifax for last year's breach.
US National Cyber Strategy. New sanctions. GCHQ beefs up Russia unit. Cryptocurrency heist. Hacking Senatorial Gmail. Crime and punishment.
ICS honeypots attract sophisticated snoops. [Research Saturday]
Terror attack in Iran prompts info skirmishing, and perhaps worse to come. JET bug disclosed. ANSSI open-sources OS. Anglo-American response to Russian cyber ops. Russian elections. Scam notes.
Follow-up to terror attack in Iran. UN data exposure. Kodi and cryptojacking. SHEIN retail breach. Atlanta's ransomware remediation. Payroll phishing. Quantum strategy.
Cryptojacking and ransomware news. The black market in zero-days looks like a bear market. Google budges (a little) on Chrome login. Senate hearings on privacy. Political campaign cybersecurity.
Fancy Bear, again and again. QRecorder is a banking Trojan. Authentication issues with Apple's Device Enrollment Program. Notes on regulation. Farewell to a code-breaker.
Facebook discloses a major breach. Botnet brute forcing ransomware. Retail domain typosquatting. ATM wiretapping. Ransomware in San Diego. SEC hits cyber deficiencies. Assange retires?
Sophisticated FIN7 criminal group hits payment card data. [Research Saturday]
Facebook agonistes. Election meddling. Livestreamed hack gets cancelled.
RDP exploitation. More on the Facebook breach. Google and content moderation. Reaper Group stayed busy even after US-DPRK summit. Spyware in Canada. Hacking an airport.
Facebook breach updates. Bogus Zoho Office Suite. Brazil's big botnet. Vulnerable router firmware. Patch news. A DGSI officer arrested for dark web collusion with the mob. Bad Fortnite cheats.
Bloomberg reports a seeding attack on the supply chain by Chinese intelligence services. GRU is named, shamed, indicted, and expelled.
Reports of Chinese seeding attacks on the supply chain. Five Eyes and other allies push back at Russia's GRU. NPPD to become Cybersecurity and Infrastructure Security Agency
Cryptojacking criminal capers continue. [Research Saturday]
Update on supply chain seeding reports. GRU comes in for more criticism. UK prepares cyber retaliatory capability. Power grid resilience. Panda Banker. Google's good and bad news.
Updates on supply-chain seeding reports. DDoS in Ukraine. GAO reports on US weapon system cyber vulnerabilities. Bugs exploited by Mirai persist. Patch note and toe dialing.
Seeding-attack skepticism. MSS officer arrested, will face industrial espionage charges in the US. Russia says again that it didn't hack the OPCW.
Busy Bears, again. Mixing IT and OT is a risky business. New Android Trojan. Supply chain seeding attack updates. Facebook purges more "inauthentic" accounts. Data privacy. Cyber sanctions.
Driving GPS manipulation. [Research Saturday]
Facebook breach details. Privacy issues and an image problem for advocates. Supply-chain-attack skepticism. Info ops, bikers, and deniable paramilitaries.
Facebook in Myanmar. Supply chain seeding attack update. Election hacking. NCSC reports. EU prepares sanctions (Russia feels ill-used).
Two ways of hacking the vote. BlackEnergy is active in Poland and Ukraine. ISIS and info ops. Hurricane-stressed utility further stressed by ransomware. Silicon Valley governance.
Meddling with the midterms. [Special Edition]
Looks like Comment Crew, but probably isn't. Facebook breached by spammers. Twitter's big troll trove. Router issues. Who dunnit to YouTube?
Chinese supply-chain hack story gets vanishingly thin. Twitter downs pro-Saudi bots. SEO poisoning. OceanLotus evolves. Ransomware notes.
Stormy weather in the Office 365 cloud. [Research Saturday]
Russian indicted in US midterm election influence conspiracy case. Styles and goals of info ops. Cyber deterrence. DPRK petty crime. Alt-coin scammer. Spy chip story remains unconfirmed, unretracted.
Making the business case for privacy. [Special Edition]
Influence operations in Brazil and the US. Vulnerabilities disclosed in commonly used software. Healthcare.gov breach. Industrial control system cybersecurity.
Trolling the trolls. Triton/Trisis attributed to Russia. Asset management in ICS. Threat intelligence drives threat evolution. Shadow web-apps. Apple likes GDPR, hates the Data-Industrial Complex.
Influence operations, da. Direct hacking? Maybe nyet. Chalubo botnet borrows old tricks. Financial sector alert in Mexico. Airline breach disclosed. Lawsuits over privacy. ICS Security notes.
Airline breach bigger than thought. Securing Mexican financial institutions. Demonbot vs. Hadoop. New decryptor out for GandCrab ransomware. Civilian Cybersecurity Corps?
Faxploitation. [Research Saturday]
Facebook takes down Iranian-run accounts. Criminal investigations look online. IBM to buy Red Hat. Satori is still with us. British Airways and Magecart.
This cybersecurity stuff is tougher than it looks, US state election officials learn. Saudi surveillance. Espionage in Iran. New attack varieties. Chinese hardware concerns. US sanctions chipmaker.
Influence operations, and advice on recognizing them. Ransomware updates. US indicts Chinese nationals for industrial espionage. An object lesson from the US Geological Survey.
Wi-Fi access point zero-day reported. US Cyber Command on the offensive. Transparency is tougher than it looks. GandCrab not paying out as much—good. PIPEDA takes effect. Soulmate spyware.
Cyber Sitzkrieg. Waiting for the Bears to show up (and ready to set the Dogs on them). Facebook private messages for sale.
Election protection. [Research Saturday]
US midterm election cybersecurity updates. PortSmash side-channel proof-of-concept. Botnets compete to cryptojack Android devices. And will the GRU get its "R" back?
Iran complains, threatens, and spies. Election Day cybersecurity notes.
A quick look back at the US midterms, and the cyber Pearl Harbor that wasn’t. Update Apache Struts. Smishing with the Play Store. Another advance fee scam.
Post hack ergo propter hack: DHS calls Russian claims “noisy garbage.” Responsible and irresponsible disclosure. FCC wants an end to robocalls. USPS Informed Delivery abused. Post Canada—whoa.
Critical infrastructure resiliency. Lazarus Group’s FASTcash robberies. China’s ongoing industrial espionage. Trolls aside, Russian observers think the US elections were A-OK.
Establishing international norms in cyberspace. [Research Saturday]
Regulation in the U.S. [CyberWire-X}
GPS jamming. Jihadist account hijacking. ISIS on Wickr? Magecart exposed. Cathay Pacific breach. Paris Call for Trust and Security in Cyberspace.
When BGP hijacking isn’t hijacking at all. The White Company’s Operation Shaheen. SWAuTistic pleads guilty. NPPD will become CISA.
RATs and the long game. New ransomware, Learning from other espionage services. Advance-fee scams continue to infest Twitter. Fancy Bear says it can’t be sued.
GPS jamming. Bank phishing. Exposed server. Censorship, East, West, and South. Is there a sealed indictment of Julian Assange?
Doubling down on Cobalt Group activity. [Research Saturday]
CISA is now officially an agency. Cozy Bear is back. Gmail spoofing issue opens social engineering possibilities. Speculation about “cyber 9/11s.”
Nation-state cyber campaigns: North Korean, Iranian, Russian, and unknown. Social media outages.
Perils of paycards, as Cyber Weekend approacheth. Tessa88 is identified. Many more people than before have now heard of High Tail Hall.
A quick look at the state of spam. Phishing for power grids. Industrial espionage. Free and command economy versions of social control. Lessons from JTF Ares.
Rotexy Trojan gets worse. Bad apps in Google Play. Backdoor for crypto-wallets. Facebook goes before Parliament. Pegasus spyware versus journalists. Russian hybrid war. Too-smart devices.
DNSpionage. Cobalt Dickens’ unwelcome return. iOS spyware may be more widespread than believed. Governments move toward content moderation. Small towns, big problems.
Reconnaissance and degradation. Hybrid war in Eastern Europe and Southwest Asia. Eternal Silence infects unpatched systems. Dell customers reset passwords. SamSam indictments.
Marriott suffers data breach. Dunkin Donuts credential stuffing attack. Urban Massage database exposed, unsecured. Fancy Bear paws at German government targets. SamSam cost.
Getting an education on Cobalt Dickens. [Research Saturday]
Settling in with GDPR. [CyberWire-X]
US Defense Department and UK’s MI6 aren’t buying Russian honey over cyber operations. Iranian influence operations. Marriott breach fallout. Court upholds Kaspersky ban. Ransom and sanctions.
Fancy Bear in Czech government systems. Watering hole attacks. Quora breached. Marriott breach follow-up. Kubernetes privilege escalation flaw. Scams kicked out of Apple’s App Store.
DDoS and BEC risks rising. Ukraine says it stopped Russian cyber campaign. EU looks to stopping disinformation. NRCC email compromise. Facebook emails released by Parliament.
Huawei CFO arrested in Canada, faces extradition to US. Anonymous claims that Chinese intelligence hacked Marriott. Russian hospital phished. SamSam indictments, warnings. Facebook agonistes.
Huawei legal and security updates. A shift to personalized spam in attacks on retailers. “Hollywood hacks” in Eastern European banks.
Operation Red Signature targets South Korean supply chain. [Research Saturday]
A bail hearing in Vancouver. The prospect of indictments in IP theft cases. Kubernetes vulnerabilities. Russia and Ukraine swap hacks? An advance fee scam asks for help getting out of jail.
Audit finds no Chinese spy chips on motherboards. Huawei CFO hearings continue in Vancouver. Oilfield services firm’s servers attacked. Spyware and adware. Congressional hearings, reports.
Operation Sharpshooter. Meng makes bail. Sino-American cyber tensions. Leadership crises in the UK and France. Congress doesn’t lay a glove on Google. 2018’s bad password practices.
Shamoon variant implicated in Saipem hack. Charming Kitten reappears. Sino-American tension over trade and industrial espionage.
False flags and real flags. ISIS claims the Strasbourg killer as one of its soldiers. A bogus bomb threat circulates by email.
The Sony hack and the perils of attribution. [Research Saturday]
Huawei and the Five Eyes. Report on Russian trolling finds fluency in American. Boomstortion scammers turn to new threats. PewDiePie followers hack printers, again.
Shamoon 3 and Charming Kitten. Czech CERT issues warning concerning Huawei, ZTE. Influence ops and a Facebook boycott. PewDiePie’s followers versus the Wall Street Journal.
Suspicion of Chinese hardware manufacturers continues. EU diplomatic cables leaked. Hiding out by dumbing down. Facebook data-sharing. NASA PII exposed. Parrot uses Alexa to advantage.
US indicts two Stone Panda operators amid ongoing international concern over Chinese IP theft. Suspicious customer support traffic on Twitter. Emergency IE patch. Influence experiment.
Risk and regulation in the financial sector. [CyberWire-X]
Operation Cloudhopper and industrial espionage. Anonymous social network Blind server left exposed. Reputation jacking. Alexa shares too much, by accident. Hitman scam is back.
Apple Device Enrollment Program vulnerabilities explored. [Research Saturday]
Stop the presses—the presses were stopped by ransomware. Video security system found vulnerable to oversharing. Changes in US DoD leadership. An arrest in Moscow, a court ruling in Baltimore. 
2019’s first noteworthy breach. Update on the Tribune Publishing hack. reCAPTCHA defeated in proof-of-concept. Dark Overlord should avail itself of the right to remain silent.
Doxing in Germany. How Lojax works. Spyware found in apps downloaded from Google Play. ISIS hijacks dormant Twitter accounts. Update on Moscow spy case. Chromecast hacking endgame.
NOKKI, Reaper and DOGCALL target Russians and Cambodians. [Research Saturday]
German doxing incident remains under investigation. Marriott breach update. Dark Overlord watch. Can cryptocurrency become less burdensome in terms of energy consumption?
German police have a suspect in #hackerangriff. Cyber espionage awareness campaign. Cyber cold war in the offing? US political operators learn from Russian trolls. WikiLeaks on the record.
ICEPick-3PC in the wild. Influence ops warning in Israel. Hackerangriff and a lone hacktivist. OXO and Magecart. The Dark Overlord wants you. Oversharing. Internet autarky. Kaspersky helped NSA?
TA505’s new tools. ISIS turns to emerging chat apps. Reddit asks for password resets. The EU’s right to be forgotten gets some court-imposed limits. The tweets Kaspersky flagged to NSA.
Iran linked to DNS hijacking campaign. Smart doorbells not smart enough about security. Fuze cards are convenient for crooks, too. Huawei espionage arrest in Poland. Russian sympathy for NSA.
Magecart payment card theft analysis. [Research Saturday]
Polish espionage case. Ryuk tactics, and some thoughts on its attribution. Access-control system zero-days. Lawsuit may bring clarity to cyber insurance war exclusion clauses.
Web hosts fix account takeover issues. Passenger Name Record exposure proof-of-concept. Swatting isn’t funny. Chinese manufacturers and suspicions of espinonage.
SEC, DoJ, issue civil and criminal complaints against EDGAR hackers. Lazarus Group in Chile? Iran’s Ashiyane Forum. Cryptomix ransomware. Money laundering through Fortnite. Fake WaPo edition.
Cyber espionage vs. the RoK MoD. Fancy Bear’s old Lojax tricks. US rumored to be prepping another case against Huawei. Database exposure in Oklahoma. Yes Men prank Post.
Collection #1 and the threat of credential stuffing. Cryptojacker disables some cloud security tools. Don’t chat with strange bots. Facbebook shutters more Russian coordinated inauthenticity.
Luring IoT botnets to the honeypot. [Research Saturday]
Ex-employee backdoor. Stealthy DDoS. Anubis dropper looks for motion. Influence operations. Privacy actions. The curious case of the espionage arrest in Russia.
Emergency Directive 19-01 versus DNS hijacking. 2019 US National Intelligence Strategy on cyber. France says cyber war is upon us. Courts in UK have email trouble. Hacks and lulz.
The US House of Representatives wants to know more about DNS-hijacking. Huawei skepticism. Anonymous dunnit, say the Russians. Financial data exposed. Family spooked by hackers.
Glitches, not attacks or takedowns. Tracing Gray Energy and Zebrocy back to their servers. US Army tactical cyber operations. Venezuela crisis. Bellingcat and OSINT. Roger Stone arrested.
Amplification bots and how to detect them. [Research Saturday]
Someone takes an unhealthy interest in Citizen Lab. Ukraines accuses Russia of election phishing. Russian bigshots doxed. Tension over Venezuela. Swatting indictments. National Privacy Day.
FaceTime’s odd bug, and how to squash it. FormBook malware surges through a new hosting service. Some international law enforcement wins. International conflict in cyberspace.
Case studies in risk and regulation. [CyberWire-X]
US IC on cyber threats. Iran goes after PII. UAE surveillance described. Scanning for unpatched routers. Huawei’s possible fates. Scam exploits child. FaceTime disclosure. Facebook Research.
Commodity credential stuffing gets four new collections. Google was also doing a pay-to-pwn, like Facebook. Russian trolling. FaceTime bug investigation. Joanap botnet. Other online scams.
No more Apple time-out for Facebook and Google. Inauthentic sites taken down. Fancy Bear paws at Washington, again. Malware-serving ads. Amplification DDoS. Data exposures in India.
Online underground markets in the Middle East. [Research Saturday]
Tracking the impresario behind Collection#1. OceanLotus and a new downloader. CookieMiner malware afflicts Macs. Huawei’ prospects. Influence ops. Extortion by bluff.
ExileRAT versus Tibet. SpeakUp backdoors Linux. Facebook bans Myanmar militias. Norway sees a threat in Huawei. Westminster gets hacked? Bangladesh Bank sues over SWIFT caper.
APT10 stays busy. More skepticism about Huawei (and ZTE, for that matter). No foreign “material effect” on US midterms. Reverse RDP risk. IIoT bug found. RSA Innovation Sandbox finalists.
Social engineering and the power of brands. Insecure check-ins? APT10 is quiet but not gone. MacOS Keychain bug. Assessment of Chinese device manufacturers continues.
Australia’s Federal Parliament has a cyber incident. DHS warns of third-party spying. Legit privacy app tampered with. Credit Union phishing. Bezos vs. Pecker. FaceTime bounty. Seal scat.
Trends and tips for cloud security. [Research Saturday]
Cryptojackers gone wild. Attempted hack of Australia’s Parliament investigated. Huawei security concerns continue. Russia tests Internet autarky. Prosecutors investigate alleged blackmail.
VFEmail attacked, infrastructure wiped. EU considers a response to APT10. US Executive Order on AI is out. GPS jamming threat. Stryker hack. Shadow IT in the Corps.
China says it had nothing to do with the Parliament hack in Australia. Notes on Patch Tuesday. Shlayer and GreyEnergy malware analyzed. Tomorrow is Valentine’s Day—act accordingly.
Former Air Force counterintelligence specialist indicted on charges of spying for Iran. Where’s the stolen Equifax data? Two alleged Apophis Squad clowns indicted.
GandCrab notes. Make tests, not bans, says GSMA. Content moderation. Takedown of inauthentic accounts. Influence operations. Happy birthday, GCHQ.
Seedworm digs Middle East intelligence. [Research Saturday]
International cyber conflict: India and Pakistan; Australia and China. Rietspoof malware. Microsoft ejects cyptojackers from its store. NCSC may go easy on Huawei. Parliament criticizes Facebook.
Fancy Bear phishes in think tanks. Lazarus Group takes a swipe at Russian organizations. New decryptor for GandCrab. Citizen Lab and Novalpina discuss NSO Group. Ryuk’s lousy help desk.
Hybrid war and tactical influence operations. Separ lives off the land. NoRelationship attacks get past email filters. Responsible disclosure. Man-in-the-room bug. Ship hacking. Password managers.
Influence operations in Ukraine’s elections. Australian hacks look more like China’s work. Huawei and the 5G future. Objectionable content in comments. DrainerNot. No more soldier-selfies in Russia.
Rosneft suspicions shift from espionage to business email compromise. [Research Saturday]
Another warning of DNS hijacking. B0r0nt0k ransomware is out and about, and in too many servers. Whitelisting a controversial CA. Blockchain security. Bots get on the consular calendar.
Sino-Australian, Sino-American cyber tensions. Threat trends. Bare-metal cloud issues addressed. USB-C and memory attacks, Credential stuffing in tax season. Twitter hijacking.
Router vulnerabilities. Hacking around the Hanoi summit. DDoSing an election. Brushing back a troll farm. Crytpojacking an embassy.
Third-parties can misconfigure, too. Coinhive goes out of business. Intel decides 5G project with Chinese partner is too hard. Bronze Union. Clearing Facebook data. Proper disposal of lawful intercept tools.
Qbot spreads. Bug hunting makes a millionaire. US Cyber Command shows what “persistent engagement” looks like. Huawei agonistes. There’s no Momo, really.
Fake Fortnite app scams infect gamers. [Research Saturday]
Operation Sharpshooter. Canada begins extradition process. Huawei will sue the US. Facebook’s global lobbying practices revealed. Visitor management systems are vulnerable.
India hacks back. Rob Joyce discusses cyber conflict. Chinese hackers look for maritime technologies. Google reveals a macOS vulnerability.
5G worries. Whitefly vs. SingHealth. Speculative execution bug.
Scope of APT33 attacks revealed. GandCrab criminals shift tactics. Slub malware uses Slack.
Chinese influence campaigns. Egyptian spear phishing. Hundreds of million email records exposed.
Job-seeker exposes banking network to Lazurus Group. [Research Saturday]
Allegations and information operations. Iridium group may have compromised Citrix. Sino-American trade and security conflicts continue. Fashions in trolling.
Venezuela power blackout updates. Social media and social control. Trojanized games. Free decryptor out for ransomware strain. Ads on Facebook. A look at 30 years of the web.
Election security and influence operations. Hacking the Fleet. Undersea cable competition. 5G worries. Calls to rein in Big Tech. UN report outlines North Korean cyber crime (there’s a lot of it).
Indonesian election security. Watering hole in Pakistani passport site. RAT hunting. “Intelligence brute-forcing.” Just-patched zero-day exploited. PoS DGA attack. Operation Sheep. BND advises “nein” to Huawei.
Terror, announced and celebrated online. JavaScript sniffer afflicts e-commerce sites. Cryptojacking in the cloud. Perspectives on regulation, thoughts on a pervasive IoT. China’s IP protection law.
ThinkPHP exploit from Asia-Pacific region goes global. [Research Saturday]
Online content and terrorism. Huawei’s shifting strategy. Venezuela’s grid failure is explicable by corruption and incompetence--no hacking or sabotage required. Gnostiplayers are back. AI and evil.
LockerGoga hits Norse Hydro. Mirai botnet malware gets an update. The DHS is concerned about cybersecurity.
Norsk Hydro recovers from LockerGoga infection. Cyber conflict, cyber deterrence, and an economic case for security. EU out of compliance with GDPR? Big Tech in court. Thoughts on courtship.
Russian APTs target EU governments. FIN7 is back. Google and Facebook scammed.
Finland’s data protection authority investigates suspicious smartphone activity. GitHub repos are leaking keys. Cardiac devices can be hacked.
Ryuk ransomware relationship revelations. [Research Saturday]
Mueller finds no evidence of Russia collusion. ISIS no longer holds any ground. LockerGoga hits chemical plants. FEMA fumbles PII. Cyber 9/12. PewDiePie versus T-Series.
More on ASUS supply chain backdoor. FEMA data mishandling. LockerGoga ransomware. Mueller report responses.
State cyber-espionage. Influence operations and coordinated inauthenticity. Add Lucky Elephant to the menagerie. ASUS supply chain updates. Notes on Norsk Hydro’s recovery. Reactions to the Mueller Report.
Gustuff is out and after Android devices. Microsoft takes down Phosphorus. Elfin is working for Tehran. Russian cyber troops come to help Venezuela’s Chavistas. Guilty plea expected in Martin case.
Russian information operations, and lessons on election security from the Near Abroad. Magneto proof-of-concept exploit. Huawei, security, and bugs. Training AI. Labor market news.
Alarming vulnerabilities in automotive security systems. [Research Saturday]
Bonus Episode: The grugq illuminates influence operations
Patch Magento soon. Toyota hacked again. Exodus spyware hits app stores. Moscow seeks to corral VPN providers. Facebook wants regulation. Swatting sentence. Phishing tackle in Nigeria.
Ransomware deletes dupes. Exodus scandal grows in Italy. Election reports from Ukraine and Israel.
For OceanLotus, a picture is worth a thousand words (or at least a few lines of loader code). Georgia Tech breached. Mounties raid offices associated with Orcus RAT.
Keeping Winnti out of the goods while keeping an eye on them. GlitchPOS malware. What do apps want? Third-party Facebook data exposure. Digital hygiene. A scareware scam.
Crooks use Facebook, too. Congress asks FEMA for an explanation. Card skimmers in Mexico.
Lessons learned from Ukraine elections. [Research Saturday]
US DHS Secretary Nielsen resigns. Credential stuffing campaigns. Cryptojacking disrupts a business. A duty of care, online. Tax season scams.
GossipGirl, the supra threat actor. LockerGoga’s destructive functionality. More hacking allegations out of Caracas. Revolutionary Guard now a designated terrorist group. Creepy crime.
The Triton actor seems to be back. Project TajMahal is after diplomatic secrets. California’s motor-voter program and a DMV hack.
Julian Assange is out of the embassy and in custody. Pyongyang’s HOPLIGHT. Operations SneakyPastes. Incident response planning blues. High school jam.
Mr. Assange’s courthouse future(s). Dragonblood Wi-Fi vulnerabilities. Tax fraud and identity theft dark web souks.
Establishing software root of trust unconditionally. [Research Saturday]
The ghost and the mole; Eric O'Neill's Gray Day. [Special Editions]
ISIS inspiration in exile. Facebook’s Sunday outage. A Microsoft IE bug, and a web-mail breach. Issues with VPNs. Last minute tax scams. Oculus Easter eggs.
Fraud will follow fire, alas. Wipro compromise. DDoS in Ecuador. Brazil’s hacker underground. Selling a keylogger. Facebook and data. EU copyright law. Huawei’s prospects. Fact-checkin’, fer real.
Spearphishing from “Luhansk.” Pro-Assange hacktivism. Another undercover private eye? Pirated Game of Thrones episodes carry malware.
Mueller Report is out. Sea Turtle DNS-manipulation campaign. Over-privileged and under-honest apps kicked out of Google Play. Facebook has another privacy incident. Fraud and destruction.
Observations on the Mueller Report. Doxing Iranian intelligence. Insecure messaging. Old Excel macros. Wipro hack and gift cards.
Undetectable vote manipulation in SwissPost e-voting system. [Research Saturday]
Sri Lanka’s social media clamp-down, and investigation of Easter massacres. CIA said to have details on Huawei’s relationship with China’s security services. Marcus Hutchins pleads guilty.
ISIS claims responsibility for Sri Lanka massacre. Spearphishing embassies in Europe. How the Blockchain Bandit probably did it. Mexican embassy doxed.
Sri Lanka bombing investigation update. Christchurch call. ShadowHammer moves upstream. Carbanak in VirusTotal after all. Spoofing banks. Bots vs. Mueller Report. ASD’s best practices.
Pledging allegiance to ISIS, and then going forth to kill. Adware in Google Play. Context-aware phishbait. Facebook and the FTC. Server crash or exit scam?
Sri Lanka bombing investigation updates. Cryptojacking targets enterprises in East Asia. Oracle web server zero-day. The criminal-to-criminal credential-stuffing market. Who talked about Huawei in UK?
Deep Learning threatens 3D medical imaging integrity. [Research Saturday]
IoT devices exposed in peer-to-peer software vulnerability. Car hacking claims. More warnings of possible violence in Sri Lanka. Curating app stores for security. eScooter’s “voices” hacked.
Telnet may not be the backdoor you’re looking for. Large PII database left exposed by parties unknown. DHS has a Critical Functions List. ISIS inspiration is back.
US Energy Department alludes to March cyber incident. BND 19-02 is out. Facebook likes privacy. Assange gets a short nickel.
Wipro update. Office 365 attacks. The "Smart Content Store" is bad mojo. Russian Internet sovereignty. Global Cyber Innovation Summit notes.
Utility hack update. Surveillance tool proliferation. Exploit black market. Novel ransomware, old distro channel. Notes from the Global Cyber Innovation Summit.
Sea Turtle state-sponsored DNS hijacking. [Research Saturday]
Supply chain hacking campaign looks like espionage. Airstrikes versus hackers. FTC versus Facebook. Notes from the Global Cyber Innovation Summit. What’s up with MegaCortex.
Reverse engineering Equation Group attack tools (and putting them to bad use). Hacking, jamming, and airstrikes. Taking down coordinated inauthenticity. How big is the dark web?
Turla’s new backdoor. Verizon’s 2019 Data Breach Investigations Report. Bad actors seek to influence the EU. US CYBERCOM preps for 2020. Baltimore’s ransomware. Monolingual content moderation.
Someone is after Tehran’s hackers. GitLab misconfiguration. AI’s attack potential. Amazon pursues hackers who defrauded sellers. DeepDotWeb indictments. Evil Clippy. Lunch hacks in San Mateo.
Breaches at AV companies? Pyongyang’s ElectricFish. Symantec’s CEO steps down. Calls to break up Facebook and regulate the pieces. US Federal indictments for leaks and breaches. Verizon DBIR reviewed.
Steganography enables sophisticated OceanLotus payloads. [Research Saturday]
Security companies allegedly hacked by Fxmsp remain unidentified. SharePoint bug exploited in the wild. G7 preps major cyber exercise. Anthem hack motive? Amnesty takes NSO Group to court.
Russians hacked two Florida counties. Fxmsp targets named. WhatsApp patches spyware-enabling flaws. Breach costs. Cisco patches routers. Endless Mayfly’s endless hogwash.
Sharing espionage tools and infrastructure. Speculative execution flaws found in Intel chips. A big Patch Tuesday. CrowdStrike’s IPO. WhatsApp exploitation. Cyber Solarium. Ransomware in Baltimore.
US Executive Order aimed at China, and Huawei. Hunting backdoors in Dutch networks. Spyware proliferation. Cipher stunting. Titan key spoofing. Meaconing warning. Exposed PII in Russia.
Slack closes a vulnerability. Email tracking in a court martial. Restrictions on doing business with Huawei come into place. A case of responsible disclosure.
Elfin APT group targets Middle East energy sector. [Research Saturday]
Huawei agonistes. Hacktivism is way down. New EU sanctions regime. Facebook goes after more coordinated inauthenticity. Salesforce still fixing its fix. OGuser hacked.
BlackWater snoops through the Middle East. TeamViewer hacked. Android app behaving badly. A misconfigured database with scraped Instagram data. Ransomware notes. Huawei updates.
Fancy Bear fingered, again. Warnings for travelers. Political parties get a cybersecurity grade. Updates on US restrictions on Chinese companies.
NATO and UK to Russia: hands off elections and infrastructure. More trouble for Huawei, and maybe for others. Notes from the Cyber Investing Summit. Equifax downgraded over 2017 breach. Is it art?
Stone Panda update. A new strain of Mirai. Bogus cryptocurrency apps are trending in Google Play. Mr. Assange is charged under the Espionage Act. Info ops. Law firms as phishbait.
A fresh look at GOSSIPGIRL and the Supra Threat Actors. [Research Saturday]
Sensitive mortgage documents left exposed online. Someone’s scanning for BlueKeep RDP issues. Huawei updates. The case of Baltimore City’s ransomware.
Special Counsel Mueller speaks about his investigation of Russian influence in the 2016 US presidential campaign. Iranian coordinated inauthenticity. BlueKeep, Pegasus updates.
Malicious misdirection. Found on the subway. A summary of file exposure. Turla’s back, and as clever as ever. ICRC proposes rules of cyberwar. Baltimore ransomware update.
Malicious misdirection. Found on the subway. A summary of file exposure. Turla’s back, and as clever as ever. ICRC proposes rules of cyberwar. Baltimore ransomware update.
Blockchain bandits plunder weak wallets. [Research Saturday]
Recovery from network congestion. GandCrab to close. BlackSquid drops XMRig. BlueKeep patching lags. Crypto for criminals trial. Antitrust investigation of Google. “Persistence of Chaos” sold.
Iranian brute-forcing tool leaked. Third-party data breach touches medical testing company. Ransomware news and updates. An antitrust look at Silicon Valley?
AMCA breach extends to LabCorp. Still no EternalBlue in Baltimore ransomware attack. Frankenstein malware. Real hacking isn’t like the movies. Huawei’s no-spy deal. US Data Strategy. Patch BlueKeep.
BlueKeep proofs-of-concept. BeiTaAd plug-in is a serious Android pest. Cyber espionage against the EU’s Moscow embassy. Influence operations. A motive for GPS spoofing?
Recruiting spies at university? GoldBrute botnet and RDP vulnerabilities. MuddyWater update. RIG delivers Buran. Achilles claims to sell access. NRC’s IG reports on cyber. Antitrust for Big Tech.
Xwo scans for default credentials and exposed web services. [Research Saturday]
An espionage campaign succeeds without zero-days. Spam serves up old Office exploit. Disinformation makes it into YouTube. The Huawei Affair. Raytheon to be acquired.
Russia’s sovereign Internet. Huawei updates. CBP discloses exposure of images collected at a border crossing. Gmail features used for social engineering. M&A notes. Top bugs found by bounty hunters.
Shifting techniques in cybercrime. Miscreants take note: “the aperture” will henceforth be wider for US Cyber Command and offensive ops. What Radiohead did.
Telegram recovers from DDoS. Fishwrap campaign breaks old news. Ransomware hits ACSO plants. Congress considers hacking back, again. That ol’ devil limbic system.
Xenotime is now interested in the power grid. Vulnerable Exim servers under attack. Mr. Assange goes to court. Credential-stuffing attacks on gamers. And that Ms Katie Jones? Not a real person.
Apps on third-party Android store carry unwelcome code. [Research Saturday]
Cyber deterrence? What grid failure looks like (and it needn’t come from a cyberattack). EU complains of Russian info ops. Twitter takes down inauthentic accounts.
Power grids, accidents, the challenge of forensics, and the nature of deterrence. BlueKeep considerations. Third- and fourth-party risks.
BlueKeep, again. Facebook’s cryptocurrency play. Updates on alleged or suspected electrical grid hacks. Catphishing and spying. Compromised social media accounts.
Turla hijacks OilRig infrastructure. Bouncing Golf is no game. CISA panel recommends supply chain security reforms. AMCA driven toward bankruptcy by data breach. Florida town pays ransom.
US-Iranian tensions find expression in cyberspace as Refined Kitten returns. Facebook tries friction against abuse. Cryptominers in the wild. Lead generation for cyber criminals.
Middleboxes may be meddling with TLS connections. [Research Saturday]
Notes on a reported US cyberattack against Iran. A look at “Secondary Infektion.” And some cases of cyber stalking.
Operation Soft Cell targets mobile networks. DC and Tehran trade barbs. Critical infrastructure concerns. Maryland’s Cyber Defense Initiative.
Militia said to be target of US cyberattack. Myanmar shuts down networks. Spam campaign. Supply chain issues for Huawei gear. Election security. Recovering from ransomware by paying up?
Washington and Tehran confront one another in cyberspace. Dominion National investigates data incident. Facebook on info ops (and identity). Labor market notes. Skids on skids.
Regin in Yandex? Golang is out and busy. So is the ShadowGate crew. The ICO wants an explanation from the Metropolitan Police. Trackers in news sites. Phishing those who seek “Verification.”
Giving everyone a stake in the success of Open Source implementation. [Research Saturday]
Huawei spits the hook? CISA warns about the risk of Iranian cyberattack. Power grid security. Cryptocurrency and fraud. Content moderation. Senators like Hack the Pentagon.
US-Iranian tension expressed in cyberspace. OceanLotus and Ratsnif. Ransomware in Georgia, again. Going low-tech to protect the grid. Magecart update. Cryptowars and agency equities.
Warnings of Outlook exploitation, with a possible Iranian connection. GPS jamming in the Eastern Med. Satellite vulnerabilities. 505 errors. TA505’s new tactics. Content moderation updates.
Another ransomware victim pays extortionists. Business email compromise. Government impostor scams. ShadowBrokers still airborne. Exploit supply chain. Silence suspected in bank heists.
Security issues with Zoom for Macs. Astaroth fileless malware reported in Brazil. GoBotKR distributed by torrent. ICO hits British Airways with a record fine. State attacks and state defenses.
Zoom addresses concerns about call joining and cameras. ICS vulnerabilities addressed. Patch Tuesday notes. Tracing a disinformation campaign.
Magecart is getting interested in exposed databases. Agent Smith may be in your Android app store. Tracking FinSpy. A contractor gets spearphished.
Buhtrap gets into the spying game. US cyber operations against Iran considered: there are both strategic and Constitutional issues. Election security. Water bills. And again with the WannaCry.
Opportunistic botnets round up vulnerable routers. [Research Saturday]
Voting machine woes. Router exploits trouble Brazil, Bitpoint alt-coin exchange investigates theft. Facebook fined $5 billion. Power failures probably unrelated to cyberattacks. Amazon Prime phishing.
GandCrab hoods may be back with new ransomware. Video-on issues. Broadcom-Symantec talks are off, for now. Treason or just business? Robo-calls. A decryptor for Ims0rry ransomware.
Telco data breach. Firmware supply chain problems. Hacking BLE. Census security. Continuity of operations. Decryptor for GandCrab, NSPM 13. Bulgaria’s tax hack.
TrickBot’s new tricks. Poisoning the ad supply chain. Clouds get schooled. Novel phishing tackle, but stale bait. Cyberwar powers. Election interference. FaceApp fears. Bad macro suspect arrested.
Following K3chang. Bulgaria’s tax agency breach. An alternative currency gets some incipient regulatory scrutiny. Why towns are hit with ransomware. A hair-care hack.
Nansh0u not your normal cryptominer. [Research Saturday]
The Fifth Domain coauthor Richard A. Clarke. [Special Editions]
FSB contractor hacked. Pegasus now able to rummage clouds? Iranian cyber ops spike. Fraudulent student profiles. Judgement in Equifax FTC case. NSA hoarder gets nine years.
Venezuela blames power failure on exotic sabotage, again. Huawei may have built North Korea’s 3G wireless networks. Were record privacy fines high enough? Logic bombing the customer.
Lancaster University breached. Kazakhstan is testing out HTTPS interception. The UK postpones its decision on Huawei’s 5G gear. The FTC is requiring Facebook to set up a privacy committee.
News about Russian and Chinese government threat actors. Powerful crimeware active in Brazil. BlueKeep really needs to be patched. Messenger Kids issues. Dispatches from the cryptowars.
Winnti and other Chinese espionage activity. Volume I of the US Senate report on election meddling is out. Ransomware from Sabine, Louisiana, to Johannesburg, South Africa.
Day to day app fraud in the Google Play store. [Research Saturday]
Cult of the Dead Cow author Joseph Menn extended interview. [Special Editions]
Bears sniff at Bellingcat. Magecart in spoofed domains. MyDoom is still active. Shipboard malware was Emotet. Hutchins sentenced. Digital assistants have big ears. Taxes owed on alt-coin gains.
Capital One sustains a major data breach. Phishing in LinkedIn. VxWorks patches and mitigations. Brute-forcing NAS credentials. LAPD doxed?
Capital One breach update. CISA warns of avionics CAN bus vulnerabilities. More attacks on local Louisiana governments. Change at the SEC. Cyber summer school for NATO, EU diplomats.
Capital One investigation update. Don’t give up on the cloud. Exposed databases and backdoors. Cybercrime as high-stakes poker. Phishing the financials. Bots on holiday.
Spearphishing utility companies. Bellingcat as gadfly, and target. Facebook takes down more coordinated inauthenticity. Card skimming. Tech regulation. Random acts of cruelty.
Package manager repository malware detection. [Research Saturday]
Ransomware attacks in Mexico and Germany. Wipers in criminal service. Supervising Siri and Alexa. Mass shooters find inspiration and online expression.
Fancy Bear is snuffling around corporate IoT devices. Machete takes its cuts at Venezuelan military targets. What Mr. Kim is buying. MegaCortex goes for automation. Vigilantes, misconfigurations, etc.
Another speculative execution flaw. LokiBot evolves. APT41 moonlights. Scammers exploit tragedies. Black Hat notes.
Hacking in the Gulf region. Vulnerability research into airliner avionics. Phishing and ransomware move to the cloud. EU data responsibilities. US bans five Chinese companies.
Voting machine security. Airliner firmware. Attribution and deterrence in cyberwar. Monitoring social media. Broadcom buys Symantec’s enterprise security business. Policing, privacy, and an IoT OS.
Unpacking the Malvertising Ecosystem. [Research Saturday]
A look back at Black Hat and Def Con. Sometimes failures that look like accidents are accidents. Russia wants better content suppression from Google. Notes on intelligence services.
UN Security Council looks at North Korean cybercrime. Notes on PsiXBot and BITTER APT. The state of spearphishing. Election security. A final look back at Black Hat and Def Con.
Hacking the Czech Foreign Ministry. Microsoft patches new wormable bugs. More controversial human review of AI. Insecure links, exposed databases, and a California vanity plate.
Huawei accused of abetting domestic surveillance in Africa. Cyber gangs adapt and evolve. Prosecutors indicate they’ll add charges to “erratic.” Bluetana detects card skimmers.
ECB sustains an intrusion into a third-party-hosted service. Norman quietly mines Monero. MetaMorph appears in a stealthy phishing campaign. Information operations.
Detecting dating profile fraud. [Research Saturday]
ISIS claims Kabul massacre. Huawei gets a temporary break. Texas governments hit by ransomware. Hy-Vee warns of point-of-sale attack.
Chinese information operations on Twitter and Facebook. iOS jailbreak released. Adult websites leak information.
China criticizes Twitter and Facebook. Silence expands internationally. A popular Ruby library was backdoored.
North Korean and Chinese cyber espionage. Updates on Texas ransomware. Steam zero-day released.
Google takes down YouTube influence operation. Cryptomining in a nuclear plant. Spyware in the Google Play Store.
Gift card bots evolve and adapt. [Research Saturday]
BioWatch info potentially exposed. Scammers indicted. Ukrainian cryptojacking exposed sensitive data. Social engineering notes. Boo birds and lawsuits. Data use and privacy. Low-earth orbit hack.
Hostinger resets passwords after an intrusion. Social media fraud. Notes on RATs and ransomware. Free decryptor for Syrk. Hedge funds go bananas.
LYCEUM active against Middle Eastern energy-sector targets. LinkedIn used to recruit spies. Autonomous car expert indicted. Imperva exposure. VPN software patches. AI writes.
Cyberattacks and intelligence trade-offs. TrickBot’s new interests. Fancy Bear versus machine learning. Facebook looks for more ad transparency. Retadup take-down.
Watering hole for iPhones. Dental record service hit with ransomware. Huawei reportedly under investigation for IP theft. “erratic” faces cryptojacking charges. Farewell to a Bletchley Wren.
Emotet's updated business model. [Research Saturday]
Stuxnet’s story. Watering hole was designed to attract China’s Muslim minority. USBAnywhere affects some Supermicro servers. Twitter’s CEO has his Twitter stream hijacked.
Ransomware, Bitcoin, underwriters, and the bandit economy. OTA provisioning could lead to subtle phishing. Alleged spammers indicted. ZAO flashes and flickers out, for now.
Scraped data found gurgling around in an unsecured third-party database. Ransomware and election security. Spy in your pocket? (Probably not.) Guilty plea in the Satori case.
China hacks to track. Turning the enemy’s weapons against them? Notes from the Billington CyberSecurity Summit. Anti-trust investigations for Facebook and, probably, Google.
VOIP phone system harbors decade-old vulnerability. [Research Saturday]
BEC attack pulls millions from car parts company. Wikipedia DDoS. NERC and FERC on grid hacking. Trolling Pyongyang. Mike Hammer goes to the DMV.
US National Security Advisor to be replaced. Stealth Falcon’s new backdoor. DDoS, social engineering investigations proceed. Exfiltrating an agent. Patch Tuesday notes.
Cobalt Dickens, coming to a university library near you. UNICEF data exposure. Election security notes. Operation reWired arrests 281 alleged BEC scammers.
The StingRays that were n DC. Old-school file formats and attack code. Ransomware becomes spyware. Joker apps ejected from the Play store. Multifaceted deterrence. Advice on BEC.
CRASHOVERRIDE tried to be worse than it was. InnfiRAT scouts for wallets. Simjacker exploited in the Middle East. SINET 16 are out. Pentesting scope. Back up your files, Mayor.
Bluetooth blues: KNOB attack explained. [Research Saturday]
Espionage and counter-espionage in at least three of the FIve Eyes. New sanctions against North Korea. Password managers and flashlights.
More updates on the Royal Canadian Mounted Police counterintelligence case. Australian elections and China’s interests. ISIS howls to the lone wolves. Ed Snowden would prefer Paris to Moscow.
Tortoiseshell threat-actor active in the Middle East. Simjacker less dangerous than thought? Decentralizing cyber attack. The Ortis affair. Mr. Snowden’s book deal.
Notes from the CISA Summit. New DDoS vector reported. Medical images exposed online. Huawei and US sanctions. Engaging ISIS in cyberspace.
Coordinated inauthenticity in five countries draws action from Twitter. Cryptomining continues. Huawei fights its ban in US Federal court. Notes from CISA’s Cybersecurity Summit.
Leaky guest networks and covert channels. [Research Saturday]
YouTube account hijacking. Facebook finds more apps misusing data. Cyber deterrence in the Gulf region. Huawei’s CFO continues to fight extradition from Canada to the US. Pentesting blues.
Utility phishing. Google wins on the right to be forgotten. Transatlantic data transfer. Responsible state behavior in cyberspace. Huawei and 5G. Permanent Record, temporarily phishbait.
Notes on Tortoiseshell. Fancy Bear snuffles around embassies and foreign ministries. Poison Carp targets Tibetan groups. GandCrab unretires. And Chameleon’s curious spam.
Lazarus Group in India. Suspected Chinese APT uses fake Narrator. Fleeceware. DNI testimony. TalkTalk hacker charged in US. Yahoo breach compensation. Chameleon spam campaign.
Supply chain hacks versus Airbus. Phishing around Google Cloud. Masad Clipper and Stealer on the criminal-to-criminal market. Quick zero-day exploitation. DoorDash hack. Inside JTF Ares.
Focusing on Autumn Aperture. [Research Saturday]
Industrial firms disclose cyber incidents. US DHS to check airliner cybersecurity. RCMP security case update. Bulletproof host taken down. Gnosticplayers. Royal phish.
Piling on sanctions. The disinformation-as-a-service black market. Technological sovereignty through R&D investment? Ransomware continues to rise. NSA’s new Cybersecurity Directorate.
RATs, ransomware, payloads, and unsecured data: a look at the cybercriminal underground.
A new threat group, Avivore, is called out in the Airbus hack. Ransomware and VPN exploit warnings. EU tells Facebook to take down some content, everywhere. Spearphishing ANU. SandCat’s bad opsec.
Android vulnerability exploited in the wild. Careless spycraft. The Eye on the Nile. A new Chinese threat actor. A spoiling attack in the CryptoWars. Take election interference, please.
The fuzzy boundaries of APT41. [Research Saturday]
Iran hacks for influence. Brazilian PII up for auction. Prince Harry vs. Fleet Street. Electrical infrastructure cyber risk. Paying ransom. HildaCrypt developers say they’re going straight.
Riding herd on Mustang Panda. Drupalgeddon2 is out in the wild. VPN warnings and mitigations. Patch notes. An offer to share intelligence about Huawei. Presidential sites get low privacy grades.
Twitter and two-factor authentication. Privacy concerns. The US Senate Intelligence Committee reports on Russian troll farms. Turla is back with some new tricks.
Alleged DIA leaker. Europol cybergang study. Protecting the DIB. Chinese information operations.
Ransomware and a zero-day. A newly discovered espionage platform. FIN7’s new tricks. Beijing speaks and Apple listens. A visit to NSA’s Cybersecurity Directorate.
Decrypting ransomware for good. [Research Saturday]
Ransomware hits US, French companies. ISPs as combat support arms. Lawful intercept gone rogue? Lazarus Group is back and in GitHub. China’s security laws and security risks.
Cyber retaliation for a kinetic attack, again. Industrial espionage from China. Botnet does sextortion. Typosquatting the other candidate. A poor approach to reputation management.
Cozy Bear never really left. Iran denies it suffered a US cyberattack. Malicious WAV files. Darknet dragnet hauls in child exploitation ring. Graboid infests Docker hosts.
Clickfraud and third-parties (both SDKs and stores). Trojanized TOR browser steals from Russian users. WiFi bugs. Sketchy jailbreak. Big Tech on free speech. Cooperation against terrorism.
Hoping for SOHO security. [Research Saturday]
Not every incident is necessarily an attack. Not everything that purrs is a kitten (sometimes it’s a bear that would like you to think it’s a kitten). ICS security notes.
More coordinated inauthenticity taken down. The Westphalian system and cyber conflict. VPNs and an AV company sustain incidents. Assange and extradition.
Criminal connections. The risky business of acquisition. Joker is back, and it’s not funny. Most dangerous celebrities. Notes from SecurityWeek’s ICS Cyber Security Conference.
Caveat — Crowdsourced private surveillance.
Clouds are back after being out. Bitpaymer hits German manufacturer. Cross-plaform mobile malware. SecurityWeek’s 2019 ICS Cyber Security Conference.
Spearphishing the UN and NGOs. Clickware kicked out of app stores. ICS security notes. Close-reading the Turla false-flag reports. A good use for the dark web. Senators call for investigations.
Masad Steals via Social Media. [Research Saturday]
Actionable intelligence, and the difficulty of cutting through noise. Extortion hits Johannesburg. Criminal-to-criminal markets. Who’s more vulnerable to phishing, the old or the young?
Fancy Bear paws at anti-doping agencies. Johannesburg says no to the Shadow Kill Hackers. Adwind jRAT’s new misdirection. US FCC versus Huawei, ZTE. Georgia hacked.
WhatsApp sues NSO Group over Pegasus distribution. Georgia continues its recovery, as does Johannesburg. Facebook stops more inauthentic action. A Bed, Bath, and Beyond breach.
Caveat Ep 2 — Privacy and biometric data.
The Malware Mash
Malware in nuclear plant business system, but not in control systems. Facebook versus inauthenticity and spyware. Twitter refuses political ads. NIST wants comments. Cyber risk a factor in credit ratings.
Cyber espionage. Russia tries Web autarky. The US will investigate TikTok. A bad keyboard app is out of Google Play but still in circulation. Crime comes to e-sports. Happy hundredth, GCHQ.
Usable security is a delicate balance. [Research Saturday]
Insider Threats [Special Editions]
BlueKeep is exploited for cryptojacking. Ransomware hits Canadian provincial government. Pegasus lands in India. Magecart, GandCrab updates. US Cyber Command deploys to Montenegro.
Ransomware in Spain. Pegasus in India. TikTok on the Huawei highway? Booz Allen predicts! And good dogs sniff out bad data.
App developers had access to more Facebook Group data than intended. Election security and disinformation. DarkUniverse described. Millions lost to business email compromise.
US off-off-year elections go off OK, but don’t get cocky, kids. US charges three in Saudi spy case. Adware dropping apps removed from Google Play. Patch Confluence.
Warnings about Emotet and BlueKeep. Crooks test their stolen cards before the holiday shopping season. Amazon fixes Ring. Chinese security gear allegedly sold as made-in-USA.
Monitoring the growing sophistication of PKPLUG. [Research Saturday]
Andy Greenberg from WIRED on his book "Sandworm." [Special Editions]
Labour Party reports a cyberattack. What the Lazarus Group is up to. Platinum adds a quiet backdoor. Buran competes on price. PCI DSS compliance falling. Ahoy, Yantar.
NAM hacked during US-China trade tensions. DDoS against British political parties. Pemex recovers from ransomware. Project Nightingale gets US Federal scrutiny. Patch notes.
PureLocker ransomware. APT33 update. Hong Kong and information war, in the courts and on PornHub. Facebook content takedowns. Alleged criminals prepare to face the court.
Pemex ransomware update. Spearphishing with spoofed government phishbait. Trojan two-fer. AntiFrigus ransomware avoids C-drive files. BLE bug. DataTribe’s annual Challenge.
Sodinokibi aka REvil connections to GandCrab. [Research Saturday]
Disney+ credentials hacked. Kudankulam reassurance. Chinese, Iranian documents leak. Iran and Venezuela restrict Internet access. Russia proposes Internet control treaty. Hacktivist notes.
Ransomware recovery in Louisiana. DPRK phishing for aerospace jobseekers? Cybercrime campaigns. Notes on current legal matters.
Louisiana works to recover from Monday’s ransomware attack. Gekko Group sustains a massive data exposure. US student charged with coding for ISIS.
Refined Kitten paws at ICS. Debunking BlueKeep rumors. FBI warns Detroit of cyber threats. The UN’s long deliberation over cybercrime. Cryptowars. 5G security and a 5G czar. Ransomware updates.
Sandworm in Google Play. Internet sovereignty. Bogus accounts on LInkedIn. Pupil becomes teacher. Six-year sentence for DDoS. Big bug bounty at Google. Ransomware updates. Pegasus inquest.
Mustang Panda leverages Windows shortcut files. [Research Saturday]
Arrest by algorithm. Dangers of data enrichment. Golden Falcon in Kazakhstan. FCC vs. Huawei and ZTE. Internet sovereignty. Chuckling Squad popped for Twitter caper. Other crime and punishment.
Potentially malicious SDKs draw cease-and-desist letters. Nursing homes get ransom demands. A look back at the Sony Pictures hack. CISA offers advice on safe online shopping.
Phishing, cryptojacking, and commodity malware. New supply chain security measures. And have you heard about this Black Friday thing?
John Maeda author of How to Speak Machine [Special Editions]
Peter W. Singer author of LikeWar [Special Editions]
Caveat 04 — Slowly awakening to the problems we face
ANSSI considering retaliation for ransomware attack. MixCloud breached. Imminent Monitor shut down.
Secondary Infektion may be back, and interested in UK elections. Quantum Dragon. FaceApp risks. PyXie RAT in the wild. An Ethereum developer is charged with helping North Korea evade sanctions.
Lazarus Group interested in thorium reactors? Disinformation by phishing. ZeroCleare wiper in the wild. NATO addresses cyber conflict. NotPetya litigation. Black market takedown.
Data center ransomware. Third-party breach hits telco customers. Buran and Buer on the black market. The Great Canon opens fire. Russia trolls Lithuania. Big bad BEC.
Facebook sues over ad fraud. Tampering with VPN connections. Russian disinformation in Lithuania.
Targeting routers to hit gaming servers. [Research Saturday]
Ocean Lotus versus car manufacturers. Ransomware versus dental practices. $5 million reward offered in Dridex case. Information operations and the UK’s general election.
Pensacola under cyberattack. Notes on ransomware. The US Justice Department IG report on Crossfire Hurricane. Who let the bots out?
Hacking in Iran? The Lazarus Group hires Trickbot. Election influence ops. Cryptowars updata. Ransomware in municipal and tribal governments. Patch Tuesday notes. Do it for State.
False flags and attack kit hijacking. Maze ransomware in Pensacola. China’s own OS. Crypto Wars update. TrickBot phishing. And Krampus spoils Christmas.
Phishing for credentials. Compromised Telegram accounts. Lateral movement. Crypto Wars updates. Data retention compliance. Iago did it for the lulz.
WAV files carry malicious data payloads. [Research Saturday]
Capturing the flag at NXTWORK 2019 [Special Editions]
Iran says it stopped a cyber espionage campaign by China’s APT27. India closes the Internet in two states. Ransomware in Louisiana and New Jersey. National Security Letters.
Ransomware updates. Lazarus Group’s new Trojan. IoT insecurity. Exploiting older versions of WhatsApp. Mr. Assange’s extradition. Door kick in IP beef. Someone naughty’s still running XP.
Steal first, encrypt later. Cobots at risk? Gangnam Industrial Style looks for industrial info. Rancor update. FISC takes FBI to the woodshed. Vlad the Updater.
TV program swap-out. Cyber espionage out of Beijing. US Congress in a mood to sanction. Emotet phishing spoofs Germany’s BSI. A Dark Overlord pleads not guilty.
Pegasus and Pakistan. What’s in Legion Loader. Threats to financial markets. Seasonal scams. What would Clippy do?
Inside Magecart and Genesis. [Research Saturday]
Special Edition - Sean O'Brien with @RISK Technologies on Election Security.
Special Edition - Kevin Lancaster from ID Agent on monitoring people affected by the OPM breach
Special Edition - Bob Ackerman from Allegis Capital with Insights on the cyber security VC environment
Special Edition - Phil Quade from Fortinet on his book "The Digital Big Bang"
Special Edition - Mandy Rogers from Northrup Grumman on her career and diversity in cyber security
Ron Gula and Mike Janke - VC pitfalls and how to avoid them. [Special Editions]
Special Edition - Daniel Garrie from Law & Forensics on eDiscovery
Taking down Thallium. Cloud Hopper: bigger (and worse) than thought. US tightens screws on the supply chain. The bite of winter and the scent of plums.
A Jira vulnerability that’s leaking data in the public cloud. [Research Saturday]
Escalation in the Gulf as a US air strike kills Iran’s Quds commander. Travelex and RavnAir continue their recovery from cyberattacks. Taiwan’s memes against misinformation.
Sequelae of the US Reaper strike against the Quds Force commander. Warnings of Iranian retaliation, with an emphasis on cyberspace. Espionage in Austria, and a second look at an LSE outage.
No more Iranian cyberattacks since the minor weekend vandalism, but the US Government advises all to look to their defenses. Fancy Bear is the usual suspect in Austria. A guilty plea by an insider threat.
No major Iranian cyberattacks against the US so far, as both sides appear interested in cooling off. The Cyber Solarium offers a preview of its coming report on US cyber strategy.
Cyber alert remains high as the US-Iranian confrontation cools. Information ops, wipers, and energy sector targeting.
Updates on US-Iranian tensions, and especially on hacktivism and possible power grid battlespace preparation. Researchers complain of preinstalled malware said to be in discount Android phones.
Profiling the Linken Sphere anti-detection browser. [Research Saturday]
Cyber tensions and cyberwar. China’s influence ops against Taiwan apparently backfire. Maze gang goes for doxing. SIM swapping. FBI promises FISA Court it will do better.
Microsoft patches a vulnerability NSA disclosed. Fronting for APT40 in Hainan. Fancy Bear pawed at Burisma. The NSA Pensacola shooting and the debate over encryption.
Disclosure, patching, and warning. Norway takes on “out-of-control” data sharing by dating apps. Ransomware all-in on doxing. What to do about Huawei.
Curveball proofs-of-concept. CISA warns chemical industry. Military families harassed online. Phishing the UN. Fleeceware in the Play Store. Moscow says there was no Burisma hack.
Hacks, and rumors of hacks. Burisma incident under investigation. SharePoint exploitation. How to spark a run on a bank. WeLinkInfo taken down. Phishbait update.
Clever breaches demonstrate IoT security gaps. [Research Saturday]
RATs, backdoors, and a remote code execution zero-day. Hoods breach Mitsubishi Electric. Telnet credentials dumped.
The UN takes up a case of spyware; it’s linked to an extrajudicial killing. Glenn Greenwald indicted on hacking charges in Brazil. NetWire and StarsLord are back.
Phishing with a RAT in the Gulf. More on how Jeff Bezos was hacked. Microsoft discloses data exposure. Ransomware continues to dump data. Windows 7, already back from the great beyond.
PupyRAT is back. So is the Konni Group. Twitter storm over claims that MBS hacked Jeff Bezos. Anti-disinformaiton laws considered. Canada is ready to impose costs on cyber attackers.
Know Thine Enemy - Identifying North American Cyber Threats. [Research Saturday]
Hank Thomas and Mike Doniger, getting the specs on the cyber SPAC [Special Editions]
A cyber espionage campaign is to use DNS hijacking. More observations on l’affaire Bezos. Operation Night Fury versus e-commerce hackers. Farewell to Clayton Christensen.
Huawei will play in UK infrastructure, at least a little. Citizen Lab on KINGDOM, a Pegasus operator. Avast and sale of user data. Happy Data Privacy Day.
Ransomware in industrial control systems. Phone hacks, proved and unproved. Britain’s compromise decision on Huawei. Wawa cards in the Joker’s Stash. CardPlanet boss pleads guilty.
Hacking the UN. Avast closes Jumpshot over privacy uproar. Facebook settles a biometric lawsuit. Data exposures, a LiveRamp compromise, and more newly aggressive ransomware.
The Winnti Group is interested in Hong Kong protestors. The UK, the US, and the EU all look for a cooperative way forward into 5G. DDoS for hire hits an independent Serbian media outlet. Ransomware may have hit a US defense contractor. EvilCorp is back. T
Tracking one of China's hidden hacking groups. [Research Saturday]
Eric Haseltine on his book, "The Spy in Moscow Station." [Special Editions]
More on EKANS, the ransomware with an ICS kicker. Shipping company customer-facing IT disrupted in cyber incident. Coronavirus as phishbait. Election security, new DoD rules, and insider threats.
Buggy app delays count in Iowa Democratic caucus. US county election sites ill-prepared against influence ops. Twitter fixes API exploited by fake accounts. NIST on ransomware.
Update on the Iowa Democrats’ bad app. DDoS warning for state election sites. DDoS trends. New ransomware tracked. Tehran spoofing emails? Nintendo hacker pleads guilty.
Iowa caucus problems induced by buggy counting and reporting app. Bitbucket repositories used to spread malware. Gamaredon active again against Ukraine. Charming Kitten’s phishing.
Chinese cyber espionage in Malaysia and Japan. Android Bluetooth bug. Google expels suspect apps from the Play store. More Iowa caucus finger-pointing. US preps indictments of Chinese nationals.
The Chameleon attacks Online Social Networks. [Research Saturday]
US indicts PLA officers in Equifax hack. Pyongyang shows pariah states how it’s done. DDoS in Iran. Updates on Democratic Party caucus IT issues. Likud has a buggy app, too.
Pyongyang’s guide to hacking on behalf of rogue regimes. RATs in the supply chain? Data exposures and data breaches. Securing elections (and caucuses, too).
Facebook takes down coordinated inauthenticity. US says it’s got the goods on Huawei. EU will leave facial recognition policy up to member states. Patch Tuesday. Counting on the caucus.
Internecine phishing in the Palestinian Territories. What could Iran do in cyberspace? US Census 2020 and cybersecurity. Mobile voting. How to make bigger money in sextortion.
Huawei gets a RICO prosecution. Details on DPRK Hidden Cobra Trojans. Google takes down Chrome malvertising network. Run DNC. Hacker madness. Happy St. Valentine’s Day.
If you can't detect it, you can't steal it. [Research Saturday]
Fox Kitten campaign linked to Iran. LokiBot’s new clothes. Unsigned firmware. Iowa Democratic caucus post-mortem. SoftBank and the GRU. Hacker madness.
Ransomware hits US natural gas pipeline facility. DRBControl’s espionage campaign. Firmware signing. No bill of attainder against Huawei. A mistrial in the Vault 7 case?
UK, US blame Russia for 2019 Georgia hacks. Senator Sanders thinks Russian bots could impersonate supporters. Mr. Assange’s extradition. MGM Resorts breach. Ms Winner wants a pardon.
DISA data breach. More complaint against alleged GUR operations in Georgia. Trolls move from creation to curation. The UK deals with high-risk 5G vendors.
New vulnerabilities in PC sound cards. [Research Saturday]
Rigging the game.
Reactions to allegations in Georgia’s October cyber incidents. Commodification of spamming kit. Satellite vulnerabilities. Election security. FISA reauthorization? Mr. Assange’s extradition. RSAC 2020.
Cloud Snooper is out and about. US states’ contracts with Chinese vendors. Voatz receives more scrutiny. Facebook’s troll hunt--no joy this time. Notes from RSAC 2020.
Chrome zero-day patched. Ransomware against infrastructure. Notes from RSAC 2020. Julian Assange’s extradition hearing.
RSAC 2020. Naming and shaming. Kitty espionage update. Wi-Fi crypto flaw. Impersonating the DNC. Ransomware gets more aggressive. When is removing a GPS tracker theft?
South Carolina primary affords the next test of US election security. Cerberus evolves. Bot-driven fraud. FCC to fine wireless carriers for location data handling. FISA changes.
Application tracking in Wacom tablets. [Research Saturday]
Super Tuesday eve primary jitters. DoppelPaymer hits an aerospace supplier. WordPress plugins exploited in the wild. Vote for the catphish.
Vault 7, again, as Beijing names and shames. Schulte case goes to jury. Maersk to cut incident response jobs. The Cyberspace Solarium’s election security preview. Advice for intel collection.
Election security--a look back at Super Tuesday. Cyberspace Solarium preview. Rapid Alert System engaged in EU. Cyber capability building in Ukraine. Cloud backups as attack surface.
Credential stuffing attacks and data breaches. Coronavirus-themed phishbait is an international problem. Super Tuesday security post mortems. Huawei agonistes.
Misconfigured databases, again. Vulnerable subdomains. Dark web search engines. Troll farming. An update on the crypto wars.
Overworked developers write vulnerable software. [Research Saturday]
Coronavirus misinformation, phishbait, and disinformation. Ransomware’s growing reach. How criminals’ desire for glory works against their desire to escape apprehension.
Caution in the Play store. EU power consortium’s business systems hacked. Cablegate--a look back. Schulte trial ends in minor convictions, but a hung jury on major counts. The cyber underworld.
The Cyberspace Solarium reports. Coronavirus scams and coronavirus realities. Notes on March’s Patch Tuesday.
The return of Turla. Data exposure incidents disclosed. Beijing accuses Taipei of waging cyberwarfare against the PRC. Coronavirus disinformation.
COVID-19 as both incentive for remote work and phishbait. Offshored trolling. A list of “digital predators.” US Senate doesn’t extend domestic surveillance authority.
TLS is here to stay. [Research Saturday]
COVID-19’s effects on cyberspace: disinformation, espionage, data theft, fraud, and extortion. Also far greater remote working.
Cyberattack on US HHS probably a minor probe. Disinformation about COVID-19 continues to serve as both phishbait and disruption. US prosecutors move to stop prosecution Concord Management.
Coronavirus phishing. Money mule recruiting. Remote work and behavioral baselining. HHS incident seems to have been...an incident. Advice from NIST, and from Dame Vera Lynne.
EU suspects Russia of disinformation. TrickBot’s latest module is a brute. Parallax RAT and the MaaS black market. Pandemic hacking trends. What to do with time on your hands.
CISA on running critical sectors during an emergency. Disinformation, phishbait, and rumor. What’s Fancy Bear up to these days? Distinguishing altruism from self-interest.
The security implications of cloud infrastructure in IoT. [Research Saturday]
Coronavirus fraud booms; prosecutors are taking note. Stolen data on the dark net. Software updates affected by pandemic. A new Mirai variant is out. A DDoS that wasn’t.
Active ICS threats. TrickBot and TrickMo. RCE vulnerability in Windows. Google ejects click-fraud malware infested apps from Play. Attackers hit WHO, hospitals, and biomedical research.
APT41 is back from its Lunar New Year break. Commodity attack tools for states and gangs. Russia takes down a domestic carding crew. Restricting misinformation.
Advice on secure telework. Magecart infestations. DNS hijacking with a COVID-19 twist and an info-stealer hook. Patch notes. The US 5G security strategy.
Some notes on cyber gangland. South Koren APT using zero days against North Koreans? USB attacks. Telework challenges. CMMC remains on schedule.
Hidden dangers inside Windows and LINUX computers. [Research Saturday]
Updates on the cyber ramifications of the coronavirus pandemic. Saudi surveillance program. Ransomware developments. Lost USB attacks are in progress.
Supply chain attack warning. CFAA clarified. COVID-19 and its economic squalls.
More data breaches. DPRK spearphishing. DoJ IG sees problems in FISA warrant processes. Houseparty updates. Huawei sanctions. And notes about the pandemic.
WHO email accounts prospected. Mandrake versus Android users. Vollgar versus MS-SQL servers. Ransomware and hospitals. Notes on the effects of COVID-19, and a disinformation campaign.
Cybersecurity notes during the pandemic emergency. Twitter bots. Ransomware attack on a biotech firm. WHO updates. And how are the cyber gangs doing these days?
A rough year ahead for ransomware attacks - and how to stop them. [Research Saturday]
Your Security Stack is Moving: SASE is Coming.
COVID-19 updates: crime, propaganda, and craziness. (Also telework.) BGP hijacking. DarkHotel sighting. Apps behaving badly. And a risk of sim-swapping.
Trends in COVID-19-themed cybercrime. Social media seek to inhibit the misinformation pandemic. Corp[dot] off the market. BEC in cloud services. Investment notes. Big big fraud.
Joint UK-US warning on COVID-19-themed cyber threats. Disinformation in the subcontinent. Public and private apps with privacy issues. A new IoT botnet. APT notes. Frontiers in biometrics.
Operation Pinball. Implausibly spoofed, not really official, COVID-19 emails. CISA updates US Federal telework guidance. ICO defers some big GDPR fines. Zoom agonistes. Fleeceware in Apple’s store.
That odd and bogus 5G meme. Malvertising. Data breach hits Pakistani mobile users. xHelper update. Data privacy and data utility. COVID-19 and cybersecurity.
Profiling an audacious Nigerian cybercriminal. [Research Saturday]
Alexa, are you actually self-aware? (And, does it matter?)
Ill-received pranks. SFO breach. Silicon Valley cooperates on contact tracking. COVID-19 disinformation and scams. Notes on ransomware and booter services.
The online stresses of the COVID-19 pandemic. APT41’s backdoor campaign. Contact-tracking and privacy. Virtual court is now in online session. Zoom’s fortunes. And tax-season online fraud.
Energetic Bear lands at SFO. Windpower utility hit with RagnarLocker ransomware. COVID-19-themed threats. Telework advice. Zooming.
US warns of DPRK cyber activity. Replacing Huawei. COVID-19-themed cybercrime and state-directed activity. Telework notes.
Warnings on healthcare attacks and espionage campaigns. Post-patching issues in VPNs. COVID-19 phishing. Contact tracing, for lungs and minds. Telework notes.
How low can they go? A spike in Coronavirus phishing. [Research Saturday]
Complementary colors: teaming tactics in cybersecurity. [Research Saturday]
Four cybersecurity novels to distract you from the current zombie apocalypse.
Update on threats to Czech infrastructure. Relief funds looted. PoetRAT vs. ICS. CISA updates essential workforce guidelines. Data breaches. Zoom-bombing.
DPRK leadership crisis? Probably not. Economic espionage in the oil patch. COVID-19 relief fraud. US Supreme Court will take up CFAA. Virtual proctoring.
COVID-19 relief. Data exposure at the SBA. Ransomware gangland. The CTL-League’s volunteer defenders. Active measures, disinformation, and cyber deterrence.
APT32 activity reported. Florentine Banker’s patient BEC. iOS zero-days exploited in the wild. Sinkholing a cryptomining botnet. Intelligence services and gangs follow the news.
iOS zero-days, reconsidered. Hacking during a pandemic. An old campaign connected with the ShadowBrokers comes to light. Advice on web shells. Astroturfing and influence.
Contact tracing as COVID-19 aid. [Research Saturday]
Where’s Kim Jong-un? Disinformation campaigns against European targets. Cyberattack against wastewater treatment plants. Hupigon RAT is back.
Shade shuts down. CLOP hits pharma. Medical research firm breached. The pain caused by disinformation. Mr. Kim goes downy ocean?
Content farmers and disinformation tactics. PhantomLance: quiet, selective, and apparently effective. Lawful intercept and contact-tracing apps. A look at the black market.
The persistence of ransomware. Exposure notifications and contact tracing. Doxing and conspiracy theories. More notes on the underworld.
China hacks at Vietnam over a territorial dispute. Kim’s still in charge, but could Hidden Cobra get loose if his grip slackens? COVID-19 and cybersecurity.
Fingerprint authentication is not completely secure. [Research Saturday]
A state of emergency over bulk power in the States. Beijing’s disinformation about COVID-19, and its motivation for a coverup. Hacking biomedical research. Curious Xiaomi phones.
Bear hunt in the Bundestag. Kaiji botnet described. Cryptojacking. Joint US-UK warning against attacks on COVID-19 response. Contact tracing. Puppy scams.
Taking down coordinated inauthenticity. Contact tracing and other COVID-19 notes. BlackInfinity taken down.
Mining Monero. A RAT in a 2FA app. The decline of the Cereal botnet. Markets during the pandemic. Ransomware in Taiwan. Twitter appeals to reason.
PLA cyber espionage, and training WeChat censorship algorithms against the Chinese diaspora. Snake is back, and so is Charming Kitten. Election security. Recruiting money mules.
The U.S. campaign trail is actually quite secure. [Research Saturday]
Cybersecurity First Principles
Cyberattacks with kinetic consequences. Thunderspy and evil maids. Developing background to the US bulk power security executive order. Conspiracy theories and the culture of social media.
Cyberwar looms in the Middle East? Hidden Cobra’s fangs described. Evasive Astaroth. Ransomware in Texas courts. COVID-19 espionage. Content moderation.
More data theft by ransomware. Patch Tuesday notes. Espionage and possible data corruption against COVID-19 researchers. Be a role model for your AI.
ARCHER incident. Contact tracing smishing. Malware vs. air gaps. A surcharge for deletion. Anti-creepware. 5G coronavirus delusions.
Malware versus air-gapped systems. Ransomware against utilities and hospitals. Lessons for cybersecurity from the pandemic response. Outlaw blues.
Gangnam Industrial Style APT campaign targets South Korea. [Research Saturday]
Supercomputers as cryptomining rigs. UK grid operator recovers from hack. EU Parliament data exposure. REvil ransomware gang promises dirty laundry. US-China conflict. Catphishing.
Cyber conflict in the Middle East. EasyJet breached. More errors than exploits. The Dark Web during the pandemic. 5G misinformation. REvil updates.
Cyber espionage: many operations and many targets. Misinformation and online fraud during the pandemic. Beer and conviviality versus operational security.
Cyberwar, cybercrime, and hacktivism: updates on all three. Contact tracing and its discontents. Cybersecurity economic trends during the pandemic.
An election database leaks. Phishing from Firebase. Shiny Hunters sell Mathway user records. COVID-19-themed scams. On that return to the office thing...
Naming and shaming is the worst thing we can do. [Research Saturday]
The evolution of malware, both criminal and state-run.
Berserk Bear is back, and still loves that critical infrastructure honey. COVID-19 apps: good, bad, and bogus. Android issues discovered. A FIN7 arrest. Mr. Faraday’s underwear.
Hackers for hire. A bulk power distribution risk? An Executive Order on social media is under consideration. COVID-19 and cybersecurity.
Sandworm is out and about, so patch already. Steganography used in attacks on industrial targets. An Executive Order on Preventing Online Censorship. Breaches, ransomware, and lessons.
Twofold snooping venture. [Research Saturday]
Extending security tools to the at home workforce during the pandemic. [Research Saturday]
Cyberattacks and hacktivism around Minnesota’s unrest. Amtrak breach. Port scanning. Some lessons from the pandemic.
Current forms of hacktivism, misinformation, and disinformation. More recommendations from the Cyberspace Solarium. Fraud accompanies Test and Trace.
Slacktivism and vandalism in a time of unrest. Ransomware operators continue to evolve. Email voting. Looking up how-to-guides to cybercrime during social isolation.
Nuisance-level hacktivism. Ongoing cyberespionage and cybercriminal campaigns. EU unhappy with Russia’s hacking the Bundestag. CISA has a new cybersecurity resource.
Hurricane Panda and Charming Kitten paw at, respectively, the campaigns of Mr. Biden and Mr. Trump. Lies’ bodyguard of truth. Information warfare in the Gulf.
Due diligence cannot be done as a one-off. [Research Saturday]
Ask more people to dance.
Ask more people to dance. [Career Notes]
Regional rivals jostle in cyberspace. Election interference and vulnerable online voting. Phishing for a competitive advantage. Reducing dependence on foreign companies for infrastructure.
Tracking down hackers-for-hire. SNAKE ransomware bites Honda. Anti-DDoS for criminal markets. And a menu for cyber contraband.
A big Patch Tuesday. Honda ransomware update. Facebook helped the FBI with a zero-day. Cloud service outages. Breach settlements. BellTroX explains itself, sort of.
Gamaredon ups its crazy game. Doxing during unrest. Bogus contact-tracing apps spread spyware. Thanos in the ransomware market. Crypto Wars notes. Another 419 scam.
Chinese, Russian, and Turkish domestic influence campaigns. Zoom’s China troubles. Honda, Enil recover from Ekans. Ransomware attacks against a city and an M&A consultancy.
The value of the why and the who. [Research Saturday]
The mark of making a difference.
The mark of making a difference. [Career Notes]
ActionSpy Android spyware deployed against Uyghurs in Tibet. Anonymous claims an action against Atlanta PD. Security vendor or malware purveyor? Spelling counts.
Cyberespionage and counterespionage. The DDoS that never was. A very strange case of cyberstalking. And leaky niche dating sites.
Ripple20 flaws in the IoT supply chain. Operation In(ter)ception looks for intelligence, and cash, too. Sino-Indian tensions. A look at Secondary Infektion. How not to influence reviewers.
Cyber support for a kinetic conflict. Cyberespionage. Spyware in Chrome extensions. Criminal phishing bypasses defenses. Proposed revisions to Section 230. Zoom and encryption.
Australia warns of a large-scale espionage campaign. China indicts two long-detained Canadians. And the Lazarus Group may be about to undertake a widespread COVID-19-themed fraud effort.
Click here to update your webhook. [Research Saturday]
Superhero origin stories and lessons that last.
Superhero origin stories and lessons that last. [Career Notes]
BlueLeaks hacktivists dump police files online. NSO Group back in the news. COVID-19 apps and databases versus privacy. Cyber conflict: China versus India and Australia. An alt-coin baron’s story.
Hacking attends international conflicts and disputes in India, Australia, and Ethiopia. US designates four Chinese media outlets foreign missions. Sodinokibi evolves; Evil Corps rises from its virtual grave.
BlueLeaks updates and fallout. Hidden Cobra hunt. Hacking leads to trade wars. What the crooks are watching, from their home and yours.
Big big DDoS. Evolving malware families. (More) privacy by default. A superseding indictment in the US case against Julian Assange. The EU reviews two years of GDPR.
Patch Exchange already, will ya? GoldenSpy lurks in tax software Chinese banks prefer their foreign clients to use. Magecart gets cleverer. Another unsecured AWS S3 bucket, and this one’s not funny.
Camille Stewart from Google and Lauren Zabierek from Harvard's Belfer Center on the Sharethemicincyber event.
Enter the RAT. [Research Saturday]
Get your foot in the door and prove your worth. [Career Notes]
Get your foot in the door and prove your worth.
Ransomware pays, in California. Kashmir utility recovers from cyberattack. Update on hacktivism vs. Ethiopia. Another misconfigured AWS account. Guilt and sentencing in high-profile cybercrime.
Critical bug disclosed in Palo Alto products (a fix is available). StronPity (a.k.a. Promethium) is back. A big Bitcoin scam. Lots of PII newly offered in the dark web. Australia and India look to their defenses.
EvilQuest ransomware identified. Out-of-band patches. The scope of Chinese surveillance of Uighurs. Hong Kong and the National Security Law. FCC finds against Huawei, ZTE.
Evil Corp versus newspapers. Trolling for unprotected MongoDB. Taurus in the criminal souks. Law and security. Loot boxes as gambling items.
Solving hard problems and pursuing your passions. [Career Notes]
Solving hard problems and pursuing your passions.
Damage at Natanz, maybe cyber-induced but maybe not. Official Huawei skepticism spreads. Big European dragnet. Hushpuppi in custody.
Sabotage, not cyber? Cosmic Lynx pounces on some big companies with BEC. Purple Fox upgrade. Coordinated inauthenticity in the journalistic supply chain.
Traditional sabotage at Natanz. CISA’s ICS strategy. DDoSecrets’ server seized by German police at the request of the US. COVID-19-themed phishing infrastructure taken down. Cyberespionage.
Coordinated inauthenticity with a domestic bent. Preinstalled malware in discount phones. Evilnum and the Joker continue to evolve. Incidents at FreddieMac and RMC.
The importance of staying up-to-date. Conti ransomware gains as Ryuk fades. Germany warns of Chinese companies’ data collection. Huawei’s fortunes in Canada and UK. Hushpuppi update.
Are you running what you think you're running? [Research Saturday]
Turn challenges into opportunities. [Career Notes]
Turn challenges into opportunities.
Presidential authorization for US Cyber Command action. DPRK hacking and internal regime dynamics. TrickBot’s developers. Cybercriminals in the dock.
Huawei to be closed out of UK’s 5G infrastructure. Spyware, ransomware, and botnets. The odd case of Data Viper. SAP has a major patch out.
A 2018 Presidential finding authorized the CIA to conduct a broad range of offensive cyber ops. Data breaches and ransomware incidents. Sloppy VPNs. SEC warns, and China woofs.
Twitter takes down verified accounts after major hack (most service now restored). Russian influence operations. Cozy Bear’s biomedical intelligence collection. Spearphishing in Hong Kong.
High-grade grifter. Twitter’s disinformation potential. Hacking vaccine research and doxing trade talks. What Iran’s hackers are up to. And CISA says, for heaven’s sake, patch already.
Every time we get smarter, the bad guy changes something. [Research Saturday]
Have to be able to communicate to everybody. [Career Notes]
Have to be able to communicate to everybody.
Following the spoor of the Twitter hackers, a couple of whom seem to be talking to the press. Marketing databases and intelligence collection. TikTok ban? Hacking biomedical research.
Parliament gets its report on Russian hacking. A look at the cyber criminal economy. Russia says it has no hackers.
Meowing exposed databases. US indicts two Chinese nationals for hacking, and orders China to close its Houston consulate.
Twitter: hackers got a few accounts’ DMs. French policy toward Huawei hardens. Crooks against British sport. You and your boss should talk more.
A warning for US critical infrastructure operators. Blackbaud extortion and data breach update. Who’s got the keys to Twitter? Sino-American cyber tensions.
It was only a matter of time. [Research Saturday]
No matter the statistic, even if against the odds, focus on what you want.
No matter the statistic, even if against the odds, focus on what you want. [Career Notes]
Vigilante action against Emotet. Third-party risks and data breaches. Cerberus is for sale. And WastedLocker ransomware and the fortunes of crime.
Data breaches and responsibility. Where do you get a decryptor for WastedLocker? Third-party risk. Misconfigured databases. Follow-up on the Twitter hack.
Alleged Russian disinformation campaigns. Beijing’s cyberespionage hits the Vatican. Costly PII losses. VPNs and OT security. Big Tech’s day with Congress. Online bar exams. Snooping for the Saudis.
A quick look at Big Tech’s antitrust testimony. BootHole may be tough to patch. Fake COVID contact tracers. Netwalker warning. And Chinese espionage against the Vatican and the United Kingdom.
Social engineering at Twitter. Phishing kits and hackers for hire. Cyberespionage. The EU sanctions actors for Cloudhopper, WannaCry, and NotPetya. And security advice from NSA and NIST.
Detecting Twitter bots in real time. [Research Saturday]
Rely on your strengths in the areas of the unknown. [Career Notes]
Rely on your strengths in the areas of the unknown.
Microsoft considers acquiring TikTok. The US considers other Chinese companies as potential security threats. Charges in the Twiter hack. DDoS turns out to be a glitch. Garmin hack update.
US attributes Taidoor RAT to China’s government. Pegasus spyware in Togo. The TikTok affair. More fallout from the Blackbaud ransomware incident.
Privacy, Fort Meade style. Interpol looks at cybercrime. Oilrig gets DNSExfiltrator. Please move on from Windows 7. Updates on the Twitter hack.
US Clean Network program outlines measures against Chinese operations. $10 million reward offered for info on election interference. Australia’s cyber strategy is out. Grand larceny and petty lulz.
US Executive Orders against TikTok, WeChat. Chimera takes chip IP. Intel data leaked. Texting Rewards for Justice. Coordinated inauthenticity. Magecart’s homoglyph attacks.
Like anything these days, you have to disinfect it first. [Research Saturday]
The Green Goldfish and cyber threat intelligence. [Career Notes]
The Green Goldfish and cyber threat intelligence.
What are the adversaries’ goals in election interference? A case study in the ransomware-as-a-service market. Untangling TikTok, as the clock ticks toward September 15th.
NMAP (noun) [Word Notes]
Introducing Word Notes - NMAP (noun)
Internet blackout in Belarus. Papua New Guinea’s insecure National Data Centre. Chrome and CSP rule bypass. Zoom gets sued in DC. Patch Tuesday. Go Spartans.
Domestic cyber squabbling in Belarus and Iran. Pakistan accuses India of a cyber offensive. More on Papua’s data center. More privacy questions for TikTok. Parental control or stalker’s tool?
This Woodcutter’s no Railsplitter. Operation Dream Job. COVID-19 phishing.
Bad Woodcutter is still bad, but not invincible. CactusPete is in Eastern European networks. Exploiting COVID-19. Celebrity endorsements (not).
Waiting for their victims.
Waiting for their victims. [Research Saturday]
The ABCs of cybersecurity for the education sector. [CyberWire-X]
Trying for a win, win, win game. [Career Notes]
North Korea harasses defectors. Researchers exploited Emotet bug for six months. RedCurl APT conducts corporate espionage.
Patriotic hacktivism? Cryptomining worm steals AWS credentials. Carnival discloses data incident.
Phone spearphishing is catching on after the Twitter hack. Taiwan blames China for hacking government agencies. FritzFrog botnet is cryptomining, for now.
Gamaredon Group is phishing ahead of Ukraine’s independence day. North Korea blamed for BLINDINGCAN RAT. Google patches Gmail flaw.
Transparent Tribe upgrades Crimson RAT. More countries interested in influencing US elections. University pays ransom.
Using global events as lures. [Research Saturday]
Kiersten Todt: Problem solving and building solutions. [Career Notes]
Crooks and spies, together again? Hiding ad-fraud malware in an SDK. A turn to the DarkSide.
The pandemic and trends in cybersecurity. The secret to the handset’s low, low price? Fleeceware and adware. TikTok’s lawsuit. Influence ops. Bogus Bitcoin exchange.
New Zealand stock exchange sustains DDoS attacks. Flash alert on GoldenSpy. Cyber mercenaries and industrial espionage. Lèse-majesté online. Offering $1 million to a potential co-conspirator?
Cybercrime pays, criminal tools are commodities, and some cyber gangs get sophisticated. The skid market for booters. Pyongyang unleashes the BeagleBoyz.
Stock exchange DDoS continues. Another criminal market exits. Pyongyang cybercrooks face criminal forfeiture. Instagram hijacking. Old malware returns. Treason’s motives. An attempt to hack Tesla.
They fooled a lot of people. [Research Saturday]
Jack Rhysider: Get your experience points in everything. [Career Notes]
DDoS continues to trouble New Zealand’s stock exchange. A glitch, not an attack. New Chinese export controls. Oversharing agencies? Who’s the bank robber? A botnet serving ad fraud.
The difference between a breach and, well, a public record. Pioneer Kitten’s lucrative bycatch. Malware gets past Gatekeeper. A gamer’s bandit economy. And happy birthday, Cyber Branch.
Facebook’s latest takedowns reach Pakistan, Russia, and the US. Election meddling. Chinese espionage looks inward, again. New alt-coin stealer. NZX DDoS update. That Twitter hack.
Cyberattacks in Norway under investigation. Developments in the criminal marketplace. Scammers do TikTok. Disrupting school, from Florida to Northumberland.
Ransom DDoS is now a widespread problem. Phishing campaign stages malicious payloads in legitimate file-sharing services. Back to school? Back with a new cyber risk.
Going after the most valuable data. [Research Saturday]
Elizabeth Wharton: Strong shoulders for someone else to stand on. [Career Notes]
Exploring the cultural values of personal privacy. [Caveat]
Ransomware or wiper? Emotet’s resurgence. Updates on Services NSW breach. COVID-19 cyberespionage. BTS replaces Guy Fawkes?
Ransomware slows down many students’ return to school, even virtually. Hacking gamers. Patch Tuesday. Notes on election security from CISA.
Ransomware hits Equinix. Tools for vandalism for sale. Stealing VoIP call data records. ByteDance negotiates for TikTok. EU clamps down on Facebook data handling. A high-profile Twitter hijacking.
Elemental election meddling spooks US campaigns. CISA’s email advice. Remote workers behaving badly. Momentum Cyber’s state of the Sector. The SINET 16. And remember 9/11.
Leveraging legitimate tools. [Research Saturday]
Brandon Robinson: Built from the ground up. [Career Notes]
Ode to Wealthy Elite. [Shadowspeak]
Turning good words into bad. Crooks push those exploits through aging software while they still can. A big OSINT DB out of Shenzehn. TikTok’s fate grows narrower but murkier. Wildfire misinformation.
Zerologon: hey, patch already. CISA describes China’s cyberespionage techniques (and, hey, patch already). A data breach at the US Department of Veterans Affairs.
VPNs in Tehran’s crosshairs. US indictments of foreign cyber threat actors. Strife exacerbated by social media. ByteDance’s plan for TikTok.
Criminal markets and the criminals who shop there. Elections may be safe and secure, but influence operations seem here to stay. TikTok’s state of play. Indictments and extraditions.
Sunday looks like sanction day for WeChat and TikTok. Grayfly and Blackfly (and APT41). Maze hides payloads in VMs. Ransomware is implicated in a death. Google Play housecleaning. Fox, chickencoop.
Election 2020: What to expect when we are electing. [Research Saturday]
The cybersecurity paradox. [CyberWire-X]
Monica Ruiz: Moving ahead when not many look like you. [Career Notes]
Patch by midnight, and reply by endorsement. Cerberus is howling; Rampant Kitten is yowling. TikTok and WeChat both get reprieves. German police want ransomware operators for homicide.
Bing backend exposed, for a bit. CIA thinks Russian influence ops are top-directed. TikTok Global spin-off may not be enough. Destination automation. Hacks that weren’t, and one big guilty plea.
Naval Gazing around the South China Sea, and other disinformation. LokiBot is back in a big way. Darknet merchants busted. Cyber rioting along the Blue Nile.
Not the Gremlin from the Kremlin. Zerologn exploited in the wild. Cyberespionage phishing in NATO’s pond. US Treasury announces sanctions. Four guilty pleas coming in eBay cyberstalking case.
Lots of coordinated inauthenticity, but a small return in influence. Confidence building in cyberspace? CISA reports finding that a Federal agency was hacked. Cyberattacks on hospitals are up.
What came first, the Golden Chickens or more_eggs? [Research Saturday]
Richard Torres: Getting that level of experience is going to be crucial. [Career Notes]
Will no one rid me of this turbulent newsletter? US court delays TikTok ban. Microsoft takes down cyberespionage operation. Huawei’s CFO gets another day in court. REvil recruits.
Ransomware versus shipping, hospitals, and schools. Cyberattacks’ growing sophistication. An interim rule enables implementation of the US Defense Department’s CMMC program.
Opportunistic paydays and soft targets. Crooks use captchas and padlocks, too. Protecting against Zerologon. A microelectronics strategy.
Ransomware incidents: worse than feared. And some of them pose a threat to patient safety. A Fancy Bear sighting? Glitch suspends trading in Tokyo.
CISA and Cyber Command describe a new RAT. Emotet spams Team Blue. Spyware campaigns described. Maritime sector hacks. And another reason not to pay the ransom.
Smaug: Ransomware-as-a-service drag(s)on. [Research Saturday]
Diane M. Janosek: It's only together that we are going to rise. [Career Notes]
Maritime shipping hacks remind observers of NotPetya. Spyware through the firmware. New ransomware strain. Huawei in Europe. Go ahead, Lefty, give ‘em your fingerprints.
New, Mirai-based threat in the wild. PLA told to steer clear of US election stories. Big data in small spreadsheets. John McAfee arrested. A hackable marital (or something) aid.
Cyber conflict in the Caucasus. Zerologon exploited in the wild. Emotet rising. The Four Horsemen of Silicon Valley. Alt-coin regulation. DDoS in Honolulu.
Bahamut’s hackers-for-hire. SlothfulMedia looks made-in-China. Domains run by IRGC seized. Phishbait uses current events as chum. Who dunnit? Not us, or rather, prove it, says Moscow.
A Parliamentary report alleges active Huawei cooperation with Chinese intelligence. Coordinated inauthenticity, mostly focused on domestic opinion. Guilty pleas from former eBayers.
It's still possible to find ways to break out. [Research Saturday]
Geoff White: Suddenly all of the pieces start to line up. [Career Notes]
Rigging the game. [Caveat]
Suppressing Trickbot: cyber warfare and cyber lawfare. Chaining vulnerabilities. An intergovernmental call for backdoors in the aid of law enforcement.
Cyber conflict and cyberespionage. Social engineering as a turnstile business. Inside a social engineering campaign. A warning about fraudulent unemployment claims.
Disinformation, foreign and domestic. Content moderation, always harder than it seems. US Cyber Command’s defend forward doctrine.
Misdirection and redirection. Content moderation, influence operations, and Section 230. Money-laundering gang taken down. And no wolves in Nova Scotia.
Intentionally not drawing attention. [Research Saturday]