The CyberWire

Trend Micro answers spying allegations. Magecart blamed for British Airways breach. Tor Browser exploit disclosed. Google vs. the right to be forgotten. Accused JPMorgan hacker extradited.

Sept. 11, 2018

19:48

Elections and information operations, but not necessarily the elections you expect. Apple purges dodgy security apps. Who are the Silence criminals? BA's breach. Cyber moonshots.

Sept. 10, 2018

19:30

Leafminer espionage digs the Middle East. — Research Saturday

Sept. 8, 2018

22:23

Russia does the info ops dance. An indictment of a Lazarus Groupie. FOIA shares too much. British Airways breaches. Silence makes some noise. Notes from the Billington Cybersecurity Summit.

Sept. 7, 2018

24:38

Cyberwar looms between Russia and the UK. Twitter and Facebook complete testimony, but inquiries continue. Unpatched MikroTik routers exploited. OilRig's new tricks.

Sept. 6, 2018

20:00

Sleeper malware. Hakai botnet spreads. SamSam is still with us. US DNI warns of election threats. Congressional panels interrogate Facebook and Twitter, but not Google.

Sept. 5, 2018

20:01

Tracking Stone Panda to the Tianjin Bureau. Ad-fraud and Tokelau. RansomWarrior decrypted. US Congress to grill Facebook, Google, and Twitter. Celebrity scams.

Sept. 4, 2018

15:28

ATM hacks on the rise. — Research Saturday

Sept. 1, 2018

22:45

Recruiting spies via LinkedIn. WindShift in the Gulf. GlobeImposter ransomware. Blocking Telegram is harder than it looks. Policy notes from the Five Eyes.

Aug. 31, 2018

25:12

Twitter bots in Swedish politics. A different approach to influence operations. Hotel guest PII for sale. Medical device vulnerabilities. Charges in the case of the Satori botnet.

Aug. 30, 2018

17:45

Unpatched Apache Struts installations being exploited in the wild. Windows local privilege escalation flaw. Similarities among spyware. Stalkerware hack. Criminal threats to the grid. Breaches.

Aug. 29, 2018

20:00

Social media struggle with their social role. Election hacking concerns remain high. Australia's new government shuffles cybersecurity responsibilities.

Aug. 28, 2018

20:00

Moscow HUMINT drought? Spying on the Patriarch. Ottoman hacktivism. Iranian information operations. ISIS in cyberspace. RtPOS malware discovered.

Aug. 27, 2018

17:25

Cyber espionage coming from Chinese University. — Research Saturday

Aug. 25, 2018

26:02

More action against Iranian influence operations. Tehran's cyberespionage against universities. Counter-value targeting in cyber deterrence. Sino-Australian trade war? Law and order.

Aug. 24, 2018

24:44

If you're running a red team, let someone know it's a drill. Apache patches Struts. Another exposed AWS bucket. Remcos abused by hackers. DPRK goes after Macs. Dark Tequila runs in Mexico.

Aug. 23, 2018

19:50

Facebook takes down "inauthentic" Russian and Iranian fronts. Twitter blocks Iranian false-flags, and FireEye explains why they think it's Tehran. Triout Android spyware described. Hacking back?

Aug. 22, 2018

20:00

Fancy Bear bogus sites taken down. Some in the US Congress think they want hack-back laws. Cyber and sanctions. Operation Red Signature. Doxing Chinese Intelligence. Buggy medical devices.

Aug. 21, 2018

19:56

Beers with Talos — Live from the RiRa at Black Hat

Aug. 21, 2018

01:22:45

DarkHotel is back. So is Necurs, and it's distributing a modular malware dropper. Industrial espionage follows international trade. Election meddling. The use and abuse of data.

Aug. 20, 2018

16:56

Stealthy ad fraud campaign evades detection. — Research Saturday

Aug. 18, 2018

19:21

Election risks—hacking and influence. Chinese industrial espionage spike. Misconfigured project management. Necurs appears briefly. Bogus Fortnite downloads. What they heard in the banya.

Aug. 17, 2018

24:42

Hacking Old Man River. Nation-state cyber conflict: objectives and norms of behavior. Australia's new cyber laws. ATM campaign. Lawsuits, and the Dread Pirate Robert asks for pardon.

Aug. 16, 2018

19:55

Notes on patching. Foreshadow speculative execution vulnerability. Influence operations. The FBI's new cyber chief. Are stickers a temptation to thieves, hackers, and customs officers?

Aug. 15, 2018

19:58

Cryptowars notes. DDoS in Finland. Bears aren't under the beds; they're in the routers. Smart city attack surfaces. Sanction notes. Training through puzzle-solving .

Aug. 14, 2018

19:59

Spyware for states and spouses. Election hacking demos. New ransomware strains, and a clipper for Android. Airline Wi-Fi is not only irritating, but insecure as well.

Aug. 13, 2018

16:30

Thrip espionage group lives off the land. — Research Saturday

Aug. 11, 2018

25:46

DPRK RAT in the wild. Vulnerable WPA2 4-way handshake implementations. Black Hat notes. Sanctions and retaliation. RoK to reorganize Cyber Command. PGA and ransomware.

Aug. 10, 2018

22:05

State-sponsored ransomware campaigns coming? DarkHydrus and Phishery. Hitting ATMs for alt-coin. US sanctions Russia. IBM looks at artificially intelligent malware. Black Hat notes.

Aug. 9, 2018

19:05

Payment processors probed with BGP exploits for redirection attacks. WhatsApp vulnerable to manipulation? Deterrence and retaliation. Anonymous vs. QAnon. Notes from Black Hat.

Aug. 8, 2018

17:03

TSMC recovers from WannaCry infection. OpenEMR fixes 30 bugs. UK will ask Russia to extradite two GRU operators for Novichok attacks. Twitterbots flourish.

Aug. 7, 2018

19:03

More data exposures, from banks and a major CRM provider. Ransomware strikes back. The irresistibility of data. An unhackable wallet gets hacked…maybe. Spreading goodwill through Akido?

Aug. 6, 2018

19:39

Cortana voice assistant lets you in. — Research Saturday

Aug. 4, 2018

21:32

Russian threats and threats to Russia. Cryptojacking wave spreads out from Brazil. Recovering from malware in Alaska and Atlanta. Notes on automotive cybersecurity.

Aug. 3, 2018

24:52

RASPITE noses around the US power grid. Cisco will buy Duo Security. Sandworm afflicts lab investigating Novichok attack. Influence ops can be no-lose proposition.Crytpojacking and malspam.

Aug. 2, 2018

18:06

Reddit Hacked. Ukrainians nabbed. Facebook boots "inauthentic" accounts for malign influence. Pegasus spyware found in Amnesty phone. Yale's old breach. Google and censorship.

Aug. 1, 2018

19:49

Data-centric security. — Special Edition

Aug. 1, 2018

27:39

Infrastructure security, especially power, finance, and elections. Preparation pays off. Proofpoint warns of new AZORult malware. Check Point tracks Master134 malvertising. Crime news.

July 31, 2018

19:22

NetSpectre proof-of-concept. Election hacking, in the US and Australia. Cyber industrial espionage. Cyber threats to power grids. Hacking JPay.

July 30, 2018

16:25

BabaYaga strangely symbiotic Wordpress malware — Research Saturday

July 28, 2018

20:30

Fancy Bear sniffs around Senatorial staffs. US NSC considers Russian election interference. Chinese and Iranian cyberespionage. Malware loaders. Smart home bugs. Stealing WiFi.

July 27, 2018

21:21

LifeLock closes proof-of-concept hole. US-CERT warns of active campaigns against ERP applications. Ad blockers may function as spyware. Parasite HTTP RAT. Underminer EK. NSA's IG scowls.

July 26, 2018

19:25

Leafminer wants to learn from the best, and that's not good. Shipper hacked. Old malware resurfaces in improved form. Russian grid and election threats. What insurance covers.

July 25, 2018

20:00

Warnings of Russian cyber threat to power grids. Phishing rises. Patch gets patched. SingHealth breach. Satori botnet. Bluetooth MitM. Evil maids?

July 24, 2018

19:54

SingHealth breach hits Singapore. Manufacturers afflicted with third-party data exposure. Aspen Security Forum takes cyber threats seriously. Ecuador may withdraw asylum from Assange.

July 23, 2018

14:30

Measuring the spearphishing threat — Research Saturday

July 21, 2018

23:41

Cyberespionage and influence operations. Big botnet assembled in less than a day. Monetizing stolen paycards through online games. Amazon nudges developers. Report on Huawei. Phishing notes.

July 20, 2018

21:59

Fancy Bear's Roman Holiday. RAT phishing in Ukraine. AWS S3 bucket leaks robocaller data. Bug or abuse? NIST to withdraw outdated cybersecurity publications. Content moderation.

July 19, 2018

19:52

Magnibur ransomware spreads. LabCorp discloses suspicious incident on its networks. Spectre, Meltdown notes. Oracle patches. Helsinki summit backing and filling and backing.

July 18, 2018

20:13

Trump-Putin summit. East Asian cyberespionage campaigns. Vulnerable DVRs. Concern about census security.

July 17, 2018

19:59

DNI warns of cyber threats. Russo-US summit. Mueller investigation and indictments. Huawei agonists. Congress reconsiders ZTE reinstatement. Kaspersky receives no emergency ban relief.

July 16, 2018

19:31

A new approach to mission critical systems — Research Saturday

July 14, 2018

21:16

Fancy Bear indictments. VPNFilter found in Ukrainian water-treatment chlorine plant. Comment spam. Speculative execution side-channel attacks. MDM exploits in India.

July 13, 2018

25:07

Timehop refines its breach disclosure. Speculative execution side-channel attacks described. Tech manuals offered for sale on the dark web. Twitter versus bots.

July 12, 2018

20:00

Ticketmaster paycard breach is part of a very large skimmer campaign. Chinese cyberespionage and censorship. Smartphone privacy issues. Data misuse litigation. Affirming the consequent.

July 11, 2018

19:37

More Elon Musk impersonators in social media. Cryptocurrency raided. Spearphishing in Palestine. BlackTech espionage group. Apple upgrades. Polar Flow fitness app and oversharing.

July 10, 2018

20:00

Malware infections down during World Cup matches. UK-Russia tensions. Australian National University hacked. Data breach notes. Calls for cooperation. Tell it to the Marines.

July 9, 2018

15:39

No Distribute Scanners help sell malware

July 7, 2018

14:30

When catphishing, it pays to know what bait they'll take. Permission hogs are often misers. Cyber comes to the NTC. Natural intelligence screening for artificial intelligence. The Thermanator.

July 6, 2018

22:47

Catphish and Charming Kittens. Data-sharing receives more scrutiny. European copyright law won't be fast-tracked. ZTE gets some relief. Juggalos and Juggalettes defeat facial recognition tools.

July 5, 2018

19:52

Hybrid warfare. Inveterate DDoS against ProtonMail. Security concerns about Chinese companies. Retail breaches. Agencies scrutinize Facebook data abuse. Infrasound weapons?

July 3, 2018

19:20

Adidas data breach. Facebook on data abuse. Investigation of Exactis data exposure continues. Algonquin College hacked. Tenable's IPO. US-Russia summit will talk election influence ops.

July 2, 2018

15:52

VPNFilter malware could brick devices worldwide — Research Saturday

June 30, 2018

28:43

Data breaches and data exposure. Privacy legislation. Improperly collected phone call records destroyed.

June 29, 2018

24:55

Ukraine accuses Russia of preparing a cyber campaign. China eyes Tibetan diaspora. A decryptor for Thanatos ransomware. Nudging away from privacy. Dark web undercover.

June 28, 2018

19:58

Separating fools from money. — Hacking Humans

June 28, 2018

29:47

DDoS attack on ProtonMail. Rancor cyberespionage campaign. PythonBot serves ads and a cryptominer. EU joint cyber response unit forming. Arrests in BEC campaign. Reality Winner's plea.

June 27, 2018

19:54

Romania, UK, warn of Russian cyber ops. International norms of cyber conflict. Bronze Butler's USB drives. Too-smart batteries not smart enough. Industry notes. Game cheater gets jail time.

June 26, 2018

19:59

Nation-state cyberespionage and cybercrime. Cryptocurrency fraud and theft give alt-coins a rocky ride. Sino-US trade conflict update. GDPR data extortion. Spammy protection racket.

June 25, 2018

14:28

LG smartphone keyboard vulnerabilities — Research Saturday

June 23, 2018

16:22

Phishing plays small ball with depressing success. Chinese cyberespionage up. US IC, JCS, worries about innovation. Guilty plea in US espionage case. Ex-Knesset member suspected of spying. Supreme Court decides location privacy case.

June 22, 2018

24:06

Malicious apps, a clever botnet, and cryptojacking. Patch notes. EU copyright regulations. Congress still doesn't like the cut of ZTE's or Huawei's jib. Tesla sues a former employee.

June 21, 2018

19:52

Playing on Kindness — Hacking Humans

June 21, 2018

22:17

Satellite communications suffer from Thrip(s). Zacinlo rootkit poses as a VPN. Insecure Firebase apps. EU copyright legislation. Kardon Loader. Bithumb robbed. #Opicarus2018. Bitcoin Baron jailed.

June 20, 2018

19:57

Charges in Vault 7 case. Olympic Destroyer appears to be back. Liberty Life hack. Does Tesla have a rogue insider? US Senate hits at ZTE. Guilty plea in OPM hack-related fraud. Motive: blackmail.

June 19, 2018

19:57

Date extortion attempt against Liberty Life. Rex Mundi, Black Hand arrests. Hidden Cobra's back. Clipboard hijacking hits cryptocurrency wallets. ZTE, Huawei security fears. Pulp fiction.

June 18, 2018

18:46

Cyber bank heists — Research Saturday

June 16, 2018

15:57

MysteryBot developed from LokiBot. Satan rebranded as DBGer. Snooping on iOS got harder, but maybe not impossible. IG report on the FBI is out, not damning but not good, either.

June 15, 2018

22:40

Chinese espionage in Central Asia. Dixons Carphone data exposure. Lazy State speculative execution bug. Pyongyang is expected to come roaring back into cyberspace. Unlucky 13. Chinese espionage in Central Asia. Dixons Carphone data exposure. Lazy State sp

June 14, 2018

18:44

Hacking Humans — Gaming pro athletes online.

June 14, 2018

30:00

Cable-tapping for a new century. Lazarus Group update. BabaYaga's cannibalistic malware. Patch Tuesday notes. Cryptojacking. World Cup surveillance. Beware of strangers bearing gifts with USB connections.

June 13, 2018

16:40

Don't get cozy with Cozy Bear. Code-signing issues stem from muddled documentation. Devices ship with inadvertent backdoor. Matryosha attack. Operation WireWire versus BEC scammers.

June 12, 2018

19:46

SWIFT fraud (behind a wiper). Coinrail ICO robbery. Chinese espionage. G7 agrees to a coordinated response to hostile cyber operations. Malwaretech faces new charges.

June 11, 2018

17:33

Winnti Umbrella Chinese threat group — Research Saturday

June 9, 2018

20:59

Adobe patches a zero-day being exploited in the wild. Chinese cyber espionage, and the risks of data-sharing. Facebook default settings glitch. Industry notes.

June 8, 2018

24:50

New criminal campaigns out and about. Fancy Bear changes style, but not management. VPNFilter hits more devices. CloudPets overshare, but maybe more benignly than Google and Facebook.

June 7, 2018

19:18

Hacking Humans — A flood of misinformation and fake news

June 7, 2018

30:07

Espionage, influence, summits, and elections. What counts as a luxury? An iCloud warrant raises cryptowars speculation. Microsoft's GitHub acquisition. Facebook's coziness with Shanghai?

June 6, 2018

19:49

DPRK hackers quieter in the run-up to the Kim-Trump summit. Russian EW. Cryptocurrencies and crime. Law firm social engineering. Dodgy World Cup Wi-Fi. Bad AI, a time-traveler's poly.

June 5, 2018

18:30

Microsoft buys GitHub for $7.5 billion. VPNFilter tries to reconstitute itself. Ransomware and DDoS notes. USA Really seems to be latest in Russian disinformation.

June 4, 2018

14:57

Islamic State propaganda persistence — Research Saturday

June 2, 2018

19:02

Lazarus Group updates. Cybercrime's GDP. New Zealand a Chinese espionage target? ZTE and Huawei criticized. BND will continue to monitor Frankfurt hub. Google's knowledge panels.

June 1, 2018

24:37

Kaspersky loses court challenge to US Government ban. Cryptomix ransomware. US Departments of Commerce, Homeland Security, and Energy plan resiliency. A packrat at CIA? Reboot your routers.

May 31, 2018

19:56

Hacking Humans - Social engineering works because we're human.

May 31, 2018

30:08

More North Korean malware identified. EOS scanned for misconfigurations by parties unknown. Canadian banks won't pay extortion. Stay away from Joker's Stash. Crime and punishment.

May 30, 2018

18:41

Rebooting routers against VPNFilter. Canadian banks compromised? Cobalt gang is back. 51% attacks on blockchains. "Courvoisier" sentenced. NATO looks at Russia's weaponized jokes.

May 29, 2018

19:55

UPnProxy infiltrates home routers — Research Saturday

May 26, 2018

20:26

VPNFilter takedown. Low-cost Android phones with preloaded adware. Alexa's selective attention. BMW patches connected cars. Cryptocurrency crimes. New swatting charges. GDPR is here.

May 25, 2018

24:52

VPNFilter and battlespace preparation. XENOTIME may be back, and after industrial systems. GDPR updates. Following Presidential Tweets.

May 24, 2018

19:58

Variant 4 and other chipset vulnerabilities. Confucius and Patchwork. Turla goes two-stage. Misconfigured not-for-profit bucket. ZTE's fraying lifeline. Facebook and the EU. Brain Food.

May 23, 2018

19:46

Speculative Store Bypass. GPON-based botnet. Customer data exposures. Roaming Mantis gets more capable. Nation-state threats.

May 22, 2018

18:57

DPRK's Sun Team works from three apps in Google Play. PII for sale in Zheijiang. SPEI theft. Jihadist content in social media. SEA charges. DDoS-for-hire sentencing. ZipperDown bug.

May 21, 2018

16:47

Threat actors hijack Lojack — Research Saturday

May 19, 2018

17:08

Something Wicked this way comes. Automating wallet pilferage. Office 365 phsihing scams. DPRK hackers remain active. Recognizing alt-coin investment frauds.

May 18, 2018

23:48

Competing for terrorist mindshare. ICS threat group update. AnonPlus vandalizes US state sites. GDPR's disclosure timeline. Congressional hearings. DarkOverlord collared.

May 17, 2018

19:24

Spyware campaigns: phishing and watering holes. Signal patches (fast). DHS cyber strategy. Russian election hacking. Cyber Investing Summit. Do smart people pick better passwords?

May 16, 2018

19:21

Email client vulnerabilities. Sanctions and trade policy. FinFisher in Turkey. myPersonality data scandal. Patch news. High school phishing.

May 15, 2018

19:44

Unauthorized banking transfers in Mexico? A lifeline for ZTE. Iranian cyber op-tempo rises. Russian troll farm's ad buys. Reining in apps. Cell tracking. Anonymous is back.

May 14, 2018

15:17

Three pillars of Artificial Intelligence — Research Saturday

May 12, 2018

32:15

Vigilantes and hacktivists. Point-of-sale malware source code leaks. Malicious extensions and apps. US Federal indictments: spying and hacking. Robo-caller gets record fine.

May 11, 2018

23:25

Cyber conflict between Iran and the US widely expected. ALLENITE threat group is after US, UK power grids. Jack-in-the-Box vulnerability. Signal's memory. Is ZTE going down?

May 10, 2018

19:58

Subborn IoT botnets. Razzle-dazzle HTML phishing lure. Fancy Bear's false flag. Busy Yahoo boys. Crooks turn from Tor to Telegram. Kaspersky and contractors. Patch notes. SB 315 vetoed.

May 9, 2018

18:28

Greek and Turkish hacktivists swap defacements. Process Doppelgänging in the wild. GDRP is coming (like winter, for you Game of Thrones fans.) Profiling infosec enthusiasts.

May 8, 2018

18:49

2018 RSAC Outlook - Special Edition

May 8, 2018

17:51

Winnti Umbrella covers multiple threat actors. DPRK off-shores cyber ops. ZooPark is in its fourth generation. GPON router bugs exploited in the wild. Russian Twitterbots. Block the EU?

May 7, 2018

16:34

BlackTDS and ThreadKit offered in criminal markets — Research Saturday

May 5, 2018

21:16

In the shredder or off the truck? Battlespace prep for a supply chain campaign? NG-Spectre found in Intel chips. No domain fronting for you. Kitty mines monero. NSA, US Cyber Command under new management.

May 4, 2018

24:55

Lojack for Laptops backdoor? World Cup cybersecurity. Schneider Electric patch. Reward points for sale. Medical device vulnerabilities. PPD-20 revision?

May 3, 2018

19:47

New nation-state actors in cyberspace. SiliVaccine AV said to incorporate pirated code. Credential stuffing and password reuse. GravityRAT evades sandboxes. GDPR approaches.

May 2, 2018

19:27

Payment system hack investigated. Patch weaponization. Medical zero-days for sale. Responsible disclosure. Bad bots attack. Car hacking. Trends in phishbait.

May 1, 2018

18:58

Bank hack in Mexico. FacexWorm goes cryptomining. SamSam's volume discount. Influence ops. Researchers confirm that teams use teamwork.

April 30, 2018

19:53

New MacOS backdoor linked to OceanLotus — Research Saturday

April 28, 2018

19:59

Crimeware kits, ransomware, and source code breaches. The Internet conduces to organic radicalization. Russia in Finland. Snooper's Charter notes. Crypt armistice or just key escrow?

April 27, 2018

20:58

Some fix fast, others not at all. Ransomware campaign's demands are non-negotiable (for most victims—Russians get a hometown discount). Content filtering. Jamming in Syria.

April 26, 2018

19:49

DPRK plays offense and defense. PyRoMine and EternalRomance. Russian disinformation on Syrian massacre. Alt-coin heist may be misdirection. Nakasone confirmed at NSA. Webstresser takedown.

April 25, 2018

19:55

Ransomware in Ukraine's Energy Ministry. Energetic Bear infrastructure. Anonymous Twitter accounts equal bots? Orangeworm in x-ray, MRI machines. Sanction notes. Election security.

April 24, 2018

18:40

ISIS coordinates online inspiration campaign with terror attacks. APT10 spearphishing. IE zero day. Twitter won't sell Kaspersky ads. UK sentence in Crackas with Attitude case.

April 23, 2018

15:18

InnaputRAT exfiltrates victim data — Research Saturday

April 21, 2018

20:18

RSA wraps up. Staging offensive cyber operations. (Information ops, too.) Business email compromise affects maritime shipping sectors. Sanctions bit Chinese device giants.

April 20, 2018

18:51

Dispatches from RSA 2018. Russia continues to test the Five Eyes' patience and resolve. Trustjacking, Stresspaint, and an exposed AWS bucket.

April 19, 2018

19:04

More cyber battlespace preparation. Hacking as the continuation of war by other means. Ongoing social media privacy concerns. Tech glitch extends tax deadline. Notes from RSA.

April 18, 2018

16:29

Russia versus routers. Desert Scorpion swept out of Google Play. ZTE faces sanctions. RSA notes, and a Sandbox winner.

April 17, 2018

20:59

Info ops follow airstrikes, to be followed by sanctions. Expect cyberattacks and reprisals, with a chance of kompromat.

April 16, 2018

14:07

Energetic Dragonfly and DYMALLOY Bear 2.0 — Research Saturday

April 14, 2018

18:53

Operation Parliament seems to have got what it came for. EITest finally sinkholed. Facebook testimony on Capitol Hill. Estonia reports. Swatting case teaches nothing?

April 13, 2018

24:47

Zuckerberg testimony. Supply chain cyber threat to satellites. DPRK destructive malware. "Early bird" code injection. GCHQ vs. ISIS. Germany blames compromise on Russia. Salisbury attack update.

April 12, 2018

19:21

Mark Zuckerberg testifies about Facebook, big data, and influence. Patch Tuesday notes. Deterrence or open conflict in cyberspace?

April 11, 2018

15:45

Facebook comes to Washington. Research ethics? IoT threats. Switch bug exploited in the wild. Criminal misdirection. Russia and the West, again. And what do cybercriminals earn?

April 10, 2018

18:54

Hacktivists may be warning Russia and Iran against interfering in US elections. Britain on alert for Russian moves against infrastructure. Facebook preps for Congress. Ransomware updates.

April 9, 2018

14:33

Crypto crumple zones — Research Saturday

April 7, 2018

35:43

Multibreach via chat app. OceanLotus notes. Mirai vs. Banks. Energetic Bear vs. Switches. Russia warns Britain against provocation. DataTribe finalists.

April 6, 2018

21:44

Facebook agonistes. Really agonizing. Ad-supported apps like them some data. Sino-US trade tensions and Chinese cyber espionage. Russian wet work and disinformation. Western reprisals.

April 5, 2018

19:38

Facebook boots Russian trolls for being trolls. Zuckerberg will testify before Congress. Different continents, different privacy protections. YouTube shootings. Pipeline hacks. Panera Bread's incident response.

April 4, 2018

19:50

Magento brute-forcing. Android IM spyware. njRAT updated. Panera breach. Pipeline operator hacked. Cyber tensions. Cambridge Analytica named in class action suit.

April 3, 2018

19:45

Department stores suffer a paycard breach. Atlanta still working on SamSam recovery. Ransomware in India. SWIFT fraud attempt. Facebook's troubles. Kremlin doxed. Reality Winner case update.

April 2, 2018

16:12

Chasing FlawedAMMYY — Research Saturday

March 31, 2018

19:48

Under Armour fitness app breached. Warning shot from WannaCry. Lazarus Group update. Aadhaar security questions. Ransomware and city governments. FBI agent charged in leak case.

March 30, 2018

20:36

Russia retaliates against the US with tit-for-tat PNGs, consular closure. Assange has no more Internet (until he behaves). Fauxpersky and WannaCry seen in the wild. Facebook works on privacy.

March 29, 2018

19:27

Tensions over Salisbury nerve agent attack remain high. BranchScope raises concerns about side-channel attacks. Facebook data scandal updates. Atlanta and Baltimore recover from hacks.

March 28, 2018

19:51

Blockchains that bind us — Special Edition

March 28, 2018

33:44

Phishing from the library. Facebook and Cambridge Analytica updates. Bots as propaganda readers. SamSam still plagues Atlanta. Aadhaar leaky? Many nations expel Russian diplomats.

March 27, 2018

18:33

Persona non grata, Ivan Ivanovich. Grid threat worries. Data scandal updates. Malware notes. Reaction to Iranian indictments. Alleged Carbanak kingpin collared.

March 26, 2018

17:42

Code comments cause SAML conundrum — Research Saturday

March 24, 2018

15:41

US indicts Iranian hackers. Guccifer 2.0 is a GRU Bear. Atlanta hit with ransomware. Equifax breach cost consumers plenty. Facebook's troubles persist, as do Cambridge Analytica's.

March 23, 2018

26:22

Kaspersky burned a JSOC op? Facebook affair: apps, legal fallout, regulatory inspiration, apologies and resolution to sin no more. Tariffs against IP theft. Best Buy shows Huawei the highway.

March 22, 2018

19:14

Preparing for grid attacks. Notes on breaches, crime, and punishment. And Facebook's no-good, bad, awful week.

March 21, 2018

18:45

Power grid threats coming through the router. Cambridge Analytica and Facebook face tough questions.

March 20, 2018

19:27

Power grid hacking fears running high. Social media problems. Election DDoS reported in Russia. FTC and SEC cyber enforcement actions. NSA hoarder case update.

March 19, 2018

19:07

Cryptojacking injections heat up - Research Saturday

March 17, 2018

22:00

NATO-Russian cyber tensions high. They're also high between Saudi Arabia and Iran. Updates on AMD vulnerability report. Another exposed AWS S3 bucket?

March 16, 2018

23:53

Chip vulnerability disclosure controversial. Black market and point-of-sale malware. SEC charges ex-Equifax exec with breach-related insider trading. Tensions over Salisbury nerve agent attack.

March 15, 2018

19:17

AMD investigates report of processor flaws. A look at OceanLotus. Patch Tuesday. Russo-British tensions high. MuddyWater threatens researchers.

March 14, 2018

19:44

May hands Putin an ultimatum (and cyber conflict is expected). HenBox spies on Uyghurs. Vixen Panda creeps in UK targets by backdoors. Changes at US State Department, CIA. SINET ITSEF notes.

March 13, 2018

19:55

Iran grows more capable and assertive in cyberspace. Bots have nothing on humans when it comes to peddling disinformation. Chinese influence ops. Fancy Bear, Slingshot updates.

March 12, 2018

18:39

Dark Caracal APT steals out of Lebanon — Research Saturday

March 10, 2018

36:40

Cyber reconnaissance. Vulnerability database misdirection. Cryptoming attempts. New Memcrash DDoS. Policy changes in the US coming as agencies report?

March 9, 2018

21:35

A Memcrash kill-switch. Shadow Brokers' leaked "Territorial Dispute" tools. Dutch DDoS, Indian hacks. FBI and backdoors. Notes from SINET ITSEF.

March 8, 2018

16:07

Patchable vulnerabilities in Apache Struts and Exim. CombJack malware. DPRK vs. UN Panel of Experts. Cyberwar and legal limits. Espionage Act prosecution. Infowars turn grimly kinetic.

March 7, 2018

18:07

Cyber espionage in Central and Eastern Europe. Cyber deterrence. Notes from Matrosskaya Tishina. Exabeam describes what crooks can get from your browser.

March 6, 2018

18:10

Humanitarian organizations targeted. Memcrash extortion. Spring Break bug. Equifax breach update. Russian influence operations (and American "yelling and hollering").

March 5, 2018

16:15

Lebal malware phishes for victims — Research Saturday

March 3, 2018

14:08

Memcrashing no longer just a theoretical possibility. Fancy Bear's pawprints in German networks and other peoples' embassies. Deterrence in cyberspace. High-profile fraud victims.

March 2, 2018

21:16

Fancy Bear finds Berlin just right. RedDrop Android blackmail malware. Another AWS S3 exposure. FTC settles; SEC investigates. Blockchain radix malorum?

March 1, 2018

16:51

Memcrash and amplification attacks. SAML vulnerabilities. Thanatos ransomware. Petya returns (so does Marcher). Deterrence and election security.

Feb. 28, 2018

18:03

Cryptojacking through an AWS S3 bucket. Threats, risk, and unintentional mistakes. Crime and punishment. Industry notes. Alien hackers?

Feb. 27, 2018

18:35

Olympic hacking—false flags and attack infrastructure. Cryptojacking. Smartphone security bans. Heraldic animals of hacking.

Feb. 26, 2018

19:36

Phishing for holiday winnings — Research Saturday

Feb. 24, 2018

19:53

Mirai variant establishes proxies. Buggy smart contracts. Banking glitch. Studies from Verizon, Thales. FTC addresses credential stuffing.

Feb. 23, 2018

22:07

Code signing certificates for sale. Impact of cybercrime on the world economy. Reaper out from under Lazarus's shadow. Catphishing. Cyber intelligence against terror. Ransomware and other hacks.

Feb. 22, 2018

18:16

SWIFT phishbait. DPRK hacking gets better; GRU hacking looks east. Coldroot RAT. Cryptojacking. Election cybersecurity.

Feb. 21, 2018

19:36

SWIFT fraud in India. DPRK hacking updates. Notes on Russian influence ops, both indictments and continuing activity. Alleged Florida gunman may have been an Internet known wolf.

Feb. 20, 2018

17:56

The uncanny HEX men — Research Saturday

Feb. 17, 2018

22:03

The complexities of Olympic Destroyer. More blame for Russia in the matter of NotPetya. Congress mulls election security. New York cyber milestone. Ed Snowden as phishbait.

Feb. 16, 2018

22:45

Olympic Destroyer took its time, compromised the IT supply chain. NotPetya attribution. Coin scams. Coin miners. Botnets old and new.

Feb. 15, 2018

18:57

Olympic Destroyer updates. Cyber forecasts from the US Intelligence Community. Patch notes. Cryptojacking and coinming. Ad blockers (also an incentive to coin mining).

Feb. 14, 2018

18:58

Patch Tuesday notes. Skype DLL hijacking vulnerability. Olympic Destroyer malware described. Lazarus Group newly active. BitGrail heist? Cyber Valentine.

Feb. 13, 2018

18:17

Olympic hacking, cryptojacking and other illicit coin mining. Ransomware updates. The curious case of an alleged kompromat buy. Bots turn to ticket scalping.

Feb. 12, 2018

14:25

IcedID banking trojan — Research Saturday

Feb. 10, 2018

20:35

Trends in phishing. Olympic hacking. Cryptojacking spreads. Litecoin gains black market share. Influence operations. Can Strava be exploited by bicycle thieves?

Feb. 9, 2018

22:28

Operation Shadow Web rolls up carding gang. Fancy Bear sightings. DPRK buying zero-days? Cryptojacking ICS. Huawei, ZTE get Congressional razzing. Jita scams.

Feb. 8, 2018

18:50

Dutch DDoS arrest. Pyongyang is interested in cryptocurrency. So is the US SEC (in a different way). Uber explains its breach disclosure. New wrinkle in the "Microsoft" Help Desk scam.

Feb. 7, 2018

19:24

More Eternal exploits found more troublesome. Cryptominer updates. NIST SP 800-171. Paycard skimmers. Tsunami false alarm.

Feb. 6, 2018

17:03

DPRK exploiting Flash Player zero-day. ISIS wants hacking help. JenX DDoS, Scrareby ransomware updates. Crime and punishment.

Feb. 5, 2018

16:07

Advanced adware with nation-state tactics — Research Saturday

Feb. 3, 2018

16:02

JenX botnet and DDoS-for-hire. RoK CERT warns of Flash Player zero-day. Cryptocurrency mining and scamming. ICS security trends. Twitter cleared in terror trial. The Nunes Memo is out.

Feb. 2, 2018

24:18

ISIS war on families. Cryptomining botnets. The weaponization of Spectre and Meltdown. Phishig with bogus emails spoofing Google, Microsoft. Apps that know too much.

Feb. 1, 2018

18:32

Phishing campaign targets Israeli scientists. Low-level contract phishing in China's hinterlands? Apps with privacy flaws. Cisco patches ASA products. Cryptocurrency speculation and fraud.

Jan. 31, 2018

18:40

Netherlands financial sector recovers from DDoS. Lizard Squad, Mirai, and coin mining. IOTA wallets emptied. Snooper's Charter loses in court. US House may release surveillance memos. Strava OPSEC.

Jan. 30, 2018

18:08

Coincheck cryptocurrency heist. ICO phishing. Jackpotting comes to America. Dridex and FriedEx. Transduction attack threat to IoT sensors. Jihadist steganography. Oversharing with Strava?

Jan. 29, 2018

14:20

Targeting Olympic organizations — Research Saturday

Jan. 27, 2018

18:25

Lebal's layered approach to infection. Crytominers are becoming a big problem. Tracking influence ops. Dutch intelligence spotted Cozy Bear early. Exploiting password recovery.

Jan. 26, 2018

22:45

2018 forecast — CyberWire Special Edition

Jan. 26, 2018

32:39

Patriotic hacktivism. HNS botnet spreads P2P. Electron vulnerabilities found, mitigated, Criminals target ICOs. Ransomware-as-a-service. Cryptowars. Fancy Bear doxes luge.

Jan. 25, 2018

19:04

Satori variants. Hacking in Anatolia. Lazarus Group improves its tradecraft. Tindr vulnerabilties. UK's new office to combat disinformation. Pirated pdfs hold malware.

Jan. 24, 2018

17:37

ISIS messaging. Intel will roll out new Spectre/Meltdown patches. Identities for sale on the dark web. IDN spoofing. SpriteCoin ransomware, with a malware chaser. Three Sonic games may be trouble.

Jan. 23, 2018

17:23

Evrial and the Clipboard threat. SamSam ransomware recovery. Olympic hacking? Russian bots. Crime and punishment. Speculated origins of Bitcoin.

Jan. 22, 2018

15:43

Fancy Bear Duping Doping Domains — Research Saturday

Jan. 20, 2018

13:22

AllScripts works to remediate ransomware in medical apps. Group 123 hits ROK targets. Triton/Trisis zero-day. Dark Caracal espionage op. Section 702 renewed. GhostTeam ejected from Play Store.

Jan. 19, 2018

25:11

Big healthcare data breach. False civil defense alerts. Davos will take up cyber next week (among other topics). Exobot on the block. Satori in your wallet? Ponzi scheme or pump-and-dump?

Jan. 18, 2018

17:08

Section 702 update. Kaspersky reports on Skygofree—dangerous Android spyware. Recorded Future on DPRK spearphishing. Healthcare hacks. Bogus patches. VR game could expose users.

Jan. 17, 2018

16:42

New Mirai variant forming. Meltdown and Spectre remediation updates. Notes on Russian hacking. Charges in swatting death.

Jan. 16, 2018

20:00

Shake Your MoneyTaker — Research Saturday

Jan. 13, 2018

18:14

Spectre and Meltdown patches may be messy, but not as performance-killing as feared. AMT exploit. Mobile ICS apps. Monero mining. Badness in the Play Store. Huawei ban? Droning while drunk.

Jan. 12, 2018

24:50

Aadhaar updates. Fancy Bear doxes the Olympics. WhatsApp snooping vulnerability discussed. Spectre and Meltdown patching. US House reauthorizes Section 702. Bitcoin isn't Bitcoin Cash.

Jan. 11, 2018

19:23

Turla returns. Moscow interested in Mexican elections? FakeBank mobile Trojan hits Russian banks. Phishing the Olympics. Patch Tuesday. Bad flashlights, nice doggie.

Jan. 10, 2018

15:46

Spectre and Meltdown mitigations. Psiphon and Iran's unrest. Olympic phishing. Mobil pop-up redirection. Alt-coin speculation.

Jan. 9, 2018

17:04

Korean-language phishing targets interest in the Winter Olympics. Unrest continues in Iran. Meltdown and Spectre updates. Aadhaar security. Admiral Rogers will retire this spring from NSA.

Jan. 8, 2018

16:03

TRISIS Malware: Fail-safe fail — Research Saturday

Jan. 6, 2018

35:18

Meltdown and Spectre, risks and mitigations. Aadhaar compromised. Blockchain bubbles.

Jan. 5, 2018

21:38

Meltdown and Spectre arose from engineering for speed—most chips are affected. Bogus security apps kicked out of Google Play. Iran's Internet crackdown. Indications of a guilty plea in NSA leak case.

Jan. 4, 2018

16:40

Iranian dissent takes to Tor. Iran cracks down on Internet services (and Infy gets busy). Kernel memory issue in Intel processors. macOS bug published. "Trackmageddon." Curating YouTube. Condolences to a SWATTING victim's family.

Jan. 3, 2018

17:57

ISIS claims responsibility for bombing in Russia. Iranian unrest involves Telegram, Instagram. Proposed FERC reporting standards. YouTube gone bad, and an arrest in a horrific swatting prank.

Jan. 2, 2018

13:58

Hunting the Sowbug — Research Saturday

Dec. 30, 2017

17:05

The German Cybersecurity Market with Gerald Hahn

Dec. 29, 2017

12:33

The CISO's changing role with Andrew Wild

Dec. 28, 2017

14:48

"Hacked Again" author Scott Schober

Dec. 27, 2017

18:08

Active defense and “hacking back" with Johnathan Braverman from Cymmetria

Dec. 26, 2017

14:26

Keyboys back in town — Research Saturday

Dec. 23, 2017

18:13

Updates on Triton ICS malware attack. DPRK and WannaCry. Cryptocurrency crime and an alt-coin market correction. Fancy Bear sightings.

Dec. 22, 2017

23:39

More data found exposed in an AWS S3 bucket. EtherDelta's DNS impersonation issue. DPRK says it doesn't hack. FISA Section 702 nears sunset. Wassenaar updated. Kaspersky says its due process rights have been violated.

Dec. 21, 2017

19:40

Pyongyang's snarling through cyberspace, and what others are doing about it. Coppersmith espionage campaign in the Middle East. GDPR approaches. Giving your kid a smartphone?

Dec. 20, 2017

18:26

North Korea officially blamed for WannaCry. US National Security Strategy and cyber. Hex Men are up to no good. Cryptocurrency crimes. Cyberespionage. Misconfigured printers. Bad passwords.

Dec. 19, 2017

19:05

Zealot and Monero mining. Bitfinex DDoS. Triton/Trisis shows risks of committing safety and control to the same systems. Bitcoin crime. M&A news. Hair of the dog.

Dec. 18, 2017

14:18

The unique culture of the Middle Eastern and North African underground — Research Saturday

Dec. 16, 2017

22:04

Internet shut down in Ethiopia. TRITON ICS malware updates. Security products patched. Cryptocurrency capers.

Dec. 15, 2017

22:48

Hacktivism threatened over embassy move. Significant probe of an industrial plant. That was no BGP error. TV blues.

Dec. 14, 2017

16:44

A look back at Patch Tuesday. Classic games on Android serve malware. Cryptocurrency speculation. Info ops updates. Phony hitmen. Guilty pleas in Mirai case.

Dec. 13, 2017

19:02

Catphishing for spies. Banking Trojans. Spider ransomware. CoinHive comes to Starbucks. SEC stops another ICO. BrickerBot retired?

Dec. 12, 2017

19:03

Al Qaeda tries its hand at inspiration. MoneyTaker cyber bank robbers. Dark web database holds a billion credentials. Bitcoin speculation and Bitcoin fraud.

Dec. 11, 2017

13:35

Stealthy Zberp Banking Trojan — Research Saturday

Dec. 9, 2017

23:07

Iranian reconnaissance of critical infrastructure? Leaky banking apps. Microsoft's emergency patch. Ghosts of the Caliphate threaten, but have yet to deliver. New horizons in biometrics.

Dec. 8, 2017

21:09

Hamas calls for intifada; hacktivism expected. Ethiopian government surveillance ops. Crime and cryptocurrency. Keylogger in the wild. Fixes to MacOS, Android app development tools. Uber hack and bug bounties.

Dec. 7, 2017

16:54

Satori botnet is awake (and it's not engaged in enlightenment). State-sponsored spyware campaigns. ISIS threatens cyberattacks.

Dec. 6, 2017

19:09

Andromeda takedown (with an arrest in Belarus). Mirai is back; Reaper still threatens. PayPal phishing. Tech support scam evolves. Cryptowars notes. SEC goes after an ICO.

Dec. 5, 2017

17:35

Nghia Hoang Pho charged with mishandling classified NSA material. A review of other recent leaks. Kaspersky under fire in the UK. More Uber executives depart.

Dec. 4, 2017

13:58

Staying ahead of Fast Flux Networks — Research Saturday

Dec. 2, 2017

17:08

Flynn pleads guilty in Mueller probe. Misconfigured AWS S3 buckets, again. Election trolling and spy versus oligarch. Black Friday fraud down. Crime and punishment.

Dec. 1, 2017

19:46

Breaches, extortion, and insider threats. Credit bureaus and GDPR. HP addresses spyware allegations. When is a snack bag more than a snack bag?

Nov. 30, 2017

16:28

Building your cyber security career — CyberWire Special Edition

Nov. 30, 2017

32:32

Another misconfigured AWS S3 bucket, this one with US Army INSCOM files. Apple fixes a major issue in MacOS. Influence ops and autarky. Boyusec disbanded.

Nov. 29, 2017

19:51

Who's the third man in the Shadow Brokers leaks? ISIS diaspora means more ISIS online. Monero miner identified. Tizi backdoored apps booted from Google Play. Scarab ransomware. M&A notes. Indictments in IP theft.

Nov. 28, 2017

17:07

Breach disclosure: fast and slow. Mirai's minor comeback. Anti-ISIS Hacktivsts strike Amaq. North Koreans studying blockchain. Alleged Game of Thrones hacker indicted.

Nov. 27, 2017

14:23

Waiting for Terdot, a sneaky banking Trojan — Research Saturday

Nov. 25, 2017

17:31

The Right to Be Forgotten with Yale Law School's Tiffany Li

Nov. 22, 2017

18:31

Cyberspace in Peace and War author Martin C. Libicki

Nov. 21, 2017

26:49

PwC Principal Jocelyn Aqua on Earning Consumer Trust and Business

Nov. 20, 2017

20:20

Dark Net Pricing with Flashpoint's Liv Rowley — Research Saturday

Nov. 18, 2017

19:06

AWS S3 misconfigurations. Kaspersky's report on the Equation Group affair. Cybercrime notes. DPRK cyber campaigns. The VEP reviews continue positive. Amazon Key has issues.

Nov. 17, 2017

20:46

Revisions to the US VEP (and comparisons to China's). DPRK hacking. Laurel mole hunt. BlueBorne is back. Snakes in the Play Store. Can you sound like a child?

Nov. 16, 2017

18:22

Hidden Cobra's RATs. IoT bugs. Patch Tuesday notes. Backdoored smartphones. Russian trolling, propaganda. DPRK short wave hacked?

Nov. 15, 2017

18:52

Influence operations in Catalonia? IcedID banking Trojan. The Shadow Brokers: an intelligence service or a bunch of moles? Patch notes.

Nov. 14, 2017

18:55

Vault 8 and false-flag allegations. Mole hunting. Equifax breach costs. ISIS returns to WordPress defacements. RoK domestic political influence scandal.

Nov. 13, 2017

15:35

Taiwan Bank Heist and Lazurus Group with BAE's Adrian Nish — Research Saturday

Nov. 11, 2017

13:22

Macro-less malware. Metacriminals and botnet herders. Hacking ships and airliners. Cryptocurrency glitch. Congratulations to the SINET 16.

Nov. 9, 2017

20:34

Fancy Bear's new moves. OceanLotus and Sowbug cyber espionage groups active. Notes from CyCon, and a look at industry news.

Nov. 8, 2017

18:27

Stolen Paradise Papers aren't making people or companies look good. Off-year election security. Trollhunting. Notes on the future of cyber conflict from CyCon 2017.

Nov. 7, 2017

19:15

The Paradise Papers, tax avoidance, and quiet investments. Kaspersky affair updates. Retaliation against influence operations?

Nov. 6, 2017

13:09

Exploring Phishing Kits with Duo Security's Jordan Wright — Research Saturday

Nov. 4, 2017

29:45

BadRabbit misdirection? Fancy Bear's wish list. AWS misconfigurations. Data breach notes.

Nov. 3, 2017

20:46

The Manhattan terror suspect claims allegiance to ISIS, but ISIS hasn't claimed him. Crimeware notes. Patching news. Crypto wars update. What the Senate learned about info ops.

Nov. 2, 2017

17:30

Ransomware old and ransomware new, but can you distinguish it from a wiper? Influence operations hearings on Capitol Hill.

Nov. 1, 2017

17:36