skip navigation
Audio Install Install Audio Macupdate Book Book Audio Install Install Audio Macupdate Book Book

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Audio Install Install Audio Macupdate Book Book

A known SharePoint vulnerability is being actively exploited in the wild. AT&T Alien Labs is tracking incidents involving CVE-2019-0604, a vulnerability Microsoft addressed in late winter. The Canadian Centre for Cyber Security warned last month of "China Chopper" malware hitting unpatched servers. Saudi Arabia's National Center for Cyber Security has also observed remote code execution exploitation of the vulnerability.

SC MagazineEmail – Joviallyideas… Id Make To Fake How says that the (probably) Moscow-based gang Fxmsp may have stolen code from a fourth security company. None of the companies allegedly affected have been publicly named, but researchers at Advanced Intelligence have "high confidence" that Fxmsp has the code it says it does.

Thomson Reuters reports that the G7 are preparing a major exercise next month that will simulate a cross-border cyberattack against financial services and associated infrastructure.

Amnesty International will tomorrow petition the District Court of Tel Aviv to direct that Israel's Ministry of Defence revoke NSO Group's export license. NSO's lawful-intercept tool Pegasus is alleged to have been improperly used in surveillance by the governments of Mexico, Saudi Arabia, and the United Arab Emirates. The New York University School of Law's Bernstein Institute for Human Rights and Global Justice Clinic is supporting the suit.

Facebook is suing South Korean analytics firm Rankwave for allegedly abusing developer's platform data, reports TechCrunch.

Following incidents in which Chinese government money found its way to startups, the US Defense Department is moving forward with its Trusted Capital Markteplace program, intended to connect entrepreneurs with investors who don't represent a security threat.


Today's issue includes events affecting Argentina, Brazil, Canada, China, European Union, France, Germany, India, Ireland, Italy, Japan, Mexico, Montenegro, Panama, Russia, Saudi Arabia, South Africa, Sweden, United Arab Emirates, United Kingdom, United States.

Bring your own context.

When a business is shopping for cyber insurance, what features should it look for?

"Find a cyber insurance offering that offers a breach coach. Now, a breach coach is typically your outside counsel. So it is an outside legal firm, outside of your own general counsel, that you are protected through client-attorney privilege. And this breach coach will actually step you through and guide you through the whole incident or breach. And they will help you - they will place you with an incident response firm that's ready to go.... 

And Pharming Vishing Phishing Smishing

"And it's all covered under your policy. So instead of you having to fork out the hundreds of thousands of dollars - or in some case, hopefully not - millions of dollars to these services individually, you go with one provider, one breach coach. They bring in all of the ancillary services, and it's covered - all covered under the insurance premium." Justin Harvey of Accenture, reviewing cyber insurance on our 5.9.19 Daily Podcast.

The interests of insurer and insured are aligned, post-incident: both want to limit their losses.

Automation techniques by Coalfire and AWS enable FedRAMP ATO in half the time

Automation is dramatically changing the times and costs to compliance—in many cases by half compared to traditional methods. Furthermore, these techniques can slash the demands on in-house staff and eliminate much of the redundant work across frameworks. Download the white paper explaining the benefits of new automation techniques pioneered by Coalfire and AWS.

In today's podcast, out later this afternoon, we speak with our partners at the University of Maryland, as Jonathan Katz talks about differential privacy, a technique for providing privacy for individuals taking part in studies. 

Uniting Women in Cyber (Arlington, VA, United States, May 17, 2019) Join us as we celebrate the women in today’s cybersecurity ecosystem at the Uniting Women in Cyber Symposium on May 17, 2019! This full-day event features dynamic women speakers discussing the future of tech, cybersecurity and business. Network among 300–400 business and technical professionals and attend our awards reception recognizing women in tech and business.

DreamPort Event: Tech Talk Series: How DevOps and Automation Can Accelerate Warfighting Readiness (Columbia, Maryland, United States, June 19, 2019) Come hear NetApp's own DevOps journey and lessons learned and see how NetApp has equipped large enterprises to change fast and manage risk, with its deep integration with DevOps tools. In this interactive demonstration and discussion, NetApp will guide conversation towards a DevSecOps vision that can be realized immediately with capabilities that are available today to Defense Department developers.

DreamPort Event: RPE- 006: The Defense at Pemberton Mill (Columbia, Maryland, United States, June 21, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM is hosting RPE -006: The Defense at Pemberton Mill. For this event, we'll be looking for solutions that monitor a fictitious network for vulnerabilities and detect attacks in progress. We want participants to bring solutions for monitoring both information technology (IT) and operational technology (OT) networks both in live (with network taps) and offline (PCAP) mode. This event is June 21.

Wicked6 Cyber Games (Las Vegas, Nevada, United States, August 6, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.

Cyber Attacks, Threats, and Vulnerabilities

Licenses Now N Have To Numbers Make Random Tougher Theft Id h Driver’s

Update: 4th US anti-virus company in secrets for sale as cyber-criminals sell source code (SC Magazine) Russian and English-speaking Fxmsp group hackers are trying to sell source code of anti-virus products obtained from a data breach of three US-based antivirus software vendors

Russia Is Targeting Europe’s Elections. So Are Far-Right Copycats. (New York Times) Digital fingerprints link pro-Russian and anti-European websites, part of an online ecosystem that is sowing discord ahead of European elections this month.

Sharepoint vulnerability exploited in the wild (AT&T Cybersecurity) AT&T Alien Labs has seen a number of reports of active exploitation of a vulnerability in Microsoft Sharepoint (CVE-2019-0604).

Microsoft SharePoint servers are under attack (ZDNet) Canadian and Saudi cybersecurity agencies warn of attacks that have been going on for at least two weeks.

Month Long Attack on Microsft SharePoint Servers (KoDDoS Blog) This comes from advisories from both the Canadian and Saudi Arabian cybersecurity agencies. The flaw the hackers are trying to exploit has been patched by Microsoft security updates in February, March, and April of this year and is known as CVE-2019-0604 in the Microsoft Security Update Guide.

Unsecured server exposes data for 85 percent of all Panama citizens (ZDNet) Server contained patient data, but no medical records were exposed --only personally identifiable information (PII).

New Intel firmware boot verification bypass enables low-level backdoors (CSO Online) By replacing a PC's SPI flash chip with one that contains rogue code, an attacker can can gain full, persistent access.

Source Code Discovery Sheds Light on the Business of Malware (Infosecurity Magazine) The uncovering of the Carbanak source code has been an eye-opener into the sophisticated factory-line product development techniques of malware

Fake Pirate Chick VPN Pushed AZORult Info Stealing Trojan (BleepingComputer) Adware bundles are installing a VPN software called Pirate Chick, which then connects to a remote server to download and install malicious payloads such the AZORult password-stealing Trojan.

FBI uncovers 'ElectricFish' malware linked to North Korea's Hidden Cobra group (Inquirer) Threat bypasses proxy servers' authentication procedures

‘Unhackable’ eyeDisk flash drive exposes passwords in clear text Audio Install Install Audio Macupdate Book (ZDNet) The eyeDisk USB drive does not appear to meet its lofty security claims.

Alpine Linux Docker Images Shipped for 3 Years with Root Accounts Unlocked (Threatpost) Alpine Linux Docker images available via the Docker Hub contained a critical flaw allowing attackers to authenticate on systems using the root user and no password.

Cryptocurrency hacking now targets Electrum hot wallet users with DDoS botnets (Cryptonewsbytes) Crypto hot wallets continue to be targets of cryptocurrency hacking. In a recent incident, DDoS botnets targeted 152,000 users of popular Bitcoin wallet Electrum.

[Heads-Up] If This Is True It's A Disaster. Three Major US Antivirus Companies Breached? (KnowBe4) Ars Technica is getting me worried here. We were all at KB4-CON in Orlando the last few days, and during the conference word got to me that security researchers found out that high-profile hackers have breached three US AV companies and are selling the source code. The most annoying thing is that they have alerted the authorities, but no one has mentioned the actual vendors as of yet.

SHA-1 collision attacks are now actually practical and a looming danger Audio Install Install Audio Macupdate Book (ZDNet) Research duo showcases first-ever SHA-1 chosen-prefix collision attack.

SMS Spammers Expose 80 Million Records Online (Infosecurity Magazine) Unprotected MongoDB instance found by researcher

Two years after WannaCry, a million computers remain at risk (TechCrunch) Two years ago today, a powerful ransomware began spreading across the world. WannaCry spread like wildfire, encrypting hundreds of thousands of computers in over 150 countries in a matter of hours. It was the first time that ransomware, a malware that encrypts a user’s files and demands crypt…

Sextortion mail from yourself? It doesn’t mean you’ve been hacked… (Naked Security) Here’s a 30-second video you can show your friends and family if they freak out after receiving a scam email apparently from themselves…

Be aware! A new sextortion campaign was found up in the wild and it is affecting millions! (CyberByte Blog) Not so long ago we have told you about a clever phishing technique that leverages Word attachments to infect victims via a sextortion campaign. Today we an

Airbnb Superhost’s creepy spycam sniffed out by sleuthing infosec pro (Naked Security) Why motion sensors in the bedrooms, she wondered? Why the extra light and weird wiring on the router?

Investigation In Baltimore City Ransomware Attack Continues (CBS Baltimore) A federal investigation continues in Baltimore into a ransomware attack on the city's servers.

Crippling ransomware attacks targeting US cities on the rise (WFTS) Targeted ransomware attacks on local US government entities — cities, police stations and schools — are on the rise, costing localities millions as some pay off the perpetrators in an effort to untangle themselves and restore vital systems.

Early Findings: Review of State and Local Government Ransomware Attacks (Recorded Future) Allan Liska reports on various findings and trends to determine whether or not ransomware is on the rise in the state and local government sector.

Swatting Attacks Increase Security Concerns Across Silicon Valley (Wall Street Journal) Tech companies are spending more to protect their executives, as so-called swatting attacks point to growing animosity and vulnerability in Silicon Valley.

Indiana Pacers disclose security breach (ZDNet) Company behind Indiana Pacers and Indiana Fever said hackers breached employee accounts, stole personal data.

Security Patches, Mitigations, and Software Updates

Chrome browser pushes SameSite cookie security overhaul (Naked Security) Slowly but steadily, developers are being given the tools with which to tame the promiscuous and often insecure world of the browser cookie.

Google Wants to Change How Cookies Are Used (Decipher) Google I/O is a good place to announce a whole lot of new privacy features “coming soon.” It is also a good place to bury plans to change how Google will handle HTTP cookies in Chrome.

Cyber Trends

How scammers made ad fraud a billion-dollar criminal industry - CyberScoop (CyberScoop) Ad fraud is set to cost the industry as much as $44 billion annually by 2022. How did this number get so high and what are people doing to stop it?

Cyber Risks to Exceed Natural Disasters for Insurers: Scor CEO (Bloomberg) Re-insurer CEO Kessler says sector must build coverage system. ECB calls on financial firms to conduct cyber stress tests.

The Surprising Role Of Social Deviance In Viral News Audio Install Install Audio Macupdate Book (Fast Company) A new study I completed at the Columbia University J-school says there is a strong relationship between the “social deviance” of the event or topic in a headline and the number of retweets it gets on Twitter.

Infographic: The future of cybersecurity budgeting (Techaeris) As data shows, most C-level execs (60%) believe they are safe from cyber threats and break-ins, and not investing enough into information security products and services.

This is how much money South Africans are losing to SIM-swap fraud (Business Tech) The number of reported SIM-swap fraud incidents in South Africa has doubled in the past year, according to cybersecurity experts from Kaspersky.

One third Indian firms face serious cyber attack risk : Study (The Indian Wire) While 69 per cent Indian and 63 per cent Australian companies are most at risk of cyber attack, 35 per cent of organisations in the region suffered at least one cyber security incident in the last 12 months, says a sector study. According to a recent study by leading IT analyst firm …

Researchers Are Liberating Thousands of Pages of Forgotten Hacking History From the Government (Vice) Using FOIA, they’ve already published NASA’s official report about the infamous WANK worm.


The Government Narrowed Its Tech Workforce Age Gap for the First Time in a Decade Audio Install Install Audio Macupdate Book (Nextgov) But agencies efforts to recruit young talent still have a long way to go.

Women Know Cyber: 100 Fascinating Females Fighting Cybercrime (Cybercrime Magazine) An enlightening book for students, parents, educators, and the cybersecurity community.

Exclusive: Tech workers organize protest against Palantir on the GitHub coding platform (Fast Company) The protest action is designed to target employees where they live.

Rome cybersecurity firm awarded $93.6 million government contract (Oneida Dispatch) Assured Information Security (AIS) in Rome, N.Y., has been awarded a $93.6 million Indefinite Delivery/Indefinite Quantity (IDIQ) contract, which provides a funding mechanism for any federal government

Curv Crypto Wallet Gets $50 Million Worth of Insurance Coverage | BTC Wires (BTC Wires) Curv, a crypto securities company, has recently tied up with Munich Re, an insurance company to get coverage worth $50 million for its customers. A press release published by Curv on the 10th of May, 2019 announced this new development. The new insurance coverage is meant to account for all…

One year later: A cybersecurity commitment shared by more than 100 companies (Cybersecurity Tech Accord) Today, the Cybersecurity Tech Accord welcomes 16 new companies to its ranks, bringing the total number of signatories to 106 companies committed to improving the security of cyberspace.

Proofpoint Joins the National Cyber Security Alliance Board of Directors (Yahoo) Proofpoint, Inc., (PFPT), a leading cybersecurity and compliance company, today announced its National Cyber Security Alliance (NCSA) Board of Directors membership, demonstrating a continued commitment to safeguard organizations worldwide from sophisticated people-centric cyberattacks and prioritize

NI hails cyber jobs (Professional Security) NI hails cyber jobs Security Summit Belfast BBC Radio 4 In Business programme critical infrastructure

Retired Army Intelligence Specialist: Augusta Will Be Cybersecurity 'Epicenter' ( Augusta's burgeoning cyber industry puts the region on a collision course with companies looking for government contracts.

How to prepare for a cybersecurity interview (Acumin) Just because there is a significant lack of cybersecurity professionals in the workplace currently, doesn’t mean you will automatically be offered every cybersecurity job you apply for, despite having the requisite hard skill set.

Symantec Needs Security at the Top (Wall Street Journal) The software maker announced new leadership in conjunction with a disappointing fourth-quarter earnings report. Following the news, Symantec’s market value fell 15%, erasing the stock’s gains for the year.

Symantec flags massive channel changes (CRN Australia) New interim CEO wants the channel to carry Symantec products further.

Symantec adds former IBM exec Borene (Washington Technology) Symantec adds former IBM public sector executive Andrew Borene to the cyber firm's national security group.

Former NGA director joins a pair of advisory boards (C4ISRNET) Although former National Geospatial-Intelligence Agency Director Robert Cardillo left the agency in February, his decision to join two organizations in the broader intelligence community signal his intention to stay involved in the national security community.

Consultant firm taps US army to bulk up cyber security pitch (Australian Financial Review) Aussie management consultancy Partners in Performance is the latest to target cyber security work, hiring the former head of electronic warfare of the US army.

Products, Services, and Solutions

Checking Vertcoin Savings Litecoin Bitcoin Cash

New infosec products of the week: May 10, 2019 (Help Net Security) New infosec products of the week feature releases from the following vendors: D3 Security, Endace, MobileIron and NeuVector.

Perception Point Adds Business Email Compromise (BEC) Protection to Its Security Platform (PR Newswire) Perception Point, a leading cybersecurity firm preventing file and URL based attacks in email, cloud storage and ...

News: SIRP Partners with ZServices (SIRP) SIRP announces major partnership with Z Services, a leading cybersecurity SaaS provider in the MENA region, to deliver Security Orchestration, Automation and Response solution across the Middle East and North Africa (MENA)

HyTrust Launches Full-Scale Security Platform for VMware, AWS, Containers (eWEEK) HyTrust CloudControl 6.0 expands to include VMware vSphere and NSX, the AWS cloud and Kubernetes. The expanded platform addresses problems organizations currently face in trying to secure and ensure compliance of their hybrid, multi-cloud environments efficiently.

Cybersecurity: This is how Microsoft Defender ATP tackles password-stealing credential dumping attempts (ZDNet) Microsoft reckons Microsoft Defender is up to the task of detecting legit tools for credential dumping from lsass.exe memory.

Canada Enhances Public Safety With Gemalto Fingerprint Identification Solution Audio Install Install Audio Macupdate Book (WebWire) A recent initiative undertaken by the Government of Canada and the Royal Canadian Mounted Police (RCMP) to advance public safety measures has led to the digitalization of biometric records across the country which will allow for faster and more accurate criminal and civil identity checks.

Technologies, Techniques, and Standards

G7 countries to simulate cross-border cyber attack next month - France (Thomson Reuters Foundation) G7 countries to simulate cross-border cyber attack next month - France

Is Access Control Permission a Possible Gateway for Hackers? (Infosecurity Magazine) If your devices and services have misconfigured settings, it could be a step up for an attacker

How military leaders got a clearer view of the cyber environment (Fifth Domain) Cyber Command's new integrated cyber center drastically improves the information sharing of cyber threats across the government.

Securing The Space Cloud: It’s Really Hard (Breaking Defense) "Security in space is different than security on Earth," says Jeb Linton of IBM Watson. "If you lose command and control for even five minutes, your satellite could be completely shut down."

When zero trust in government is a good thing (Fifth Domain) Federal agencies are increasingly looking to a specific framework to keep critical IT systems and data safe.

How We Collectively Can Improve Cyber Resilience (Dark Reading) Three steps you can take, based on Department of Homeland Security priorities.

Why Network Complexity Kills Security (Security Boulevard) The increasing complexity of networks is a growing concern for most enterprises. Networks have been built with a number of diverse network technologies, often starting with switches, routers, servers, and firewalls, all likely procured from different vendors at different times.

Closing the Security Gaps in Cloud Infrastructure Management (Redmondmag) A recent IDG survey unveiled a clear message on IT and security leaders’ challenges and strategies for managing server access: Cloud is changing where and how IT infrastructure is accessed and the traditional security methods aren’t keeping pace.

Preparing For A Cyberattack—In Four Steps (OPEN MINDS) Cyberattacks—an attempt by hackers to damage, destroy, or hold hostage a computer network, system, or data—have come to health and human service organizations.

The Empty Promise of Data Moats (Andreessen Horowitz) Data has long been lauded as a competitive moat for companies, and that narrative’s been further hyped with the recent wave of AI startups. Network effects have been similarly promoted as a defensi…

SWIFT Responds to India Cyber Threat With New Paper (Regulation Asia) SWIFT has published a new paper to help financial institutions in India improve their monitoring of anomalous and potentially fraudulent transactions.

Shared SIEM helps 3 UK local governments avoid outsourcing security (CSO Online) A single SIEM serves three UK councils, allowing for solution consolidation that saves costs while improving efficiency and regulatory compliance.

Why GE consolidated its identity and access management infrastructure (CSO Online) A multi-year effort to centralize GE's IAM functionality has resulted in significant cost savings, improved onboarding and better ability to meet regulatory requirements.

A Hacking Methodology Explainer (Secjuice Infosec Writers Guild) In this explainer I will attempt to explain hacking methodology in simple terms, because it can often be difficult for infosec outsiders to understand even the most commonly used terms.

Design and Innovation

Rattled by Cyberattacks, Hospitals Push Device Makers to Improve Security (Wall Street Journal) U.S. hospitals are pressing medical-device makers to improve cyber defenses of their internet-connected infusion pumps, biopsy imaging tables and other health-care products as reports of attacks rise.

Tech Companies Are Deleting Evidence of War Crimes Audio Install Install Audio Macupdate Book (The Atlantic) Algorithms that take down “terrorist” videos could hamstring efforts to bring human-rights abusers to justice.

Amazon mistakenly told some sellers that it's now blocking ads with 'religious content' (CNBC) The incident is the latest example of Amazon marketplace sellers getting caught in the crossfire as the company has struggled to manage the sprawling growth of the third-party marketplace, which now accounts for more than half of the company's e-commerce volume.

Research and Development

Cryptanalysis of He’s quantum private comparison protocol and a new protocol (International Journal of Quantum Information) Recently, He proposed a novel quantum private comparison protocol without a third party (G. P. He, Int. J. Quantum Inf.15(2) (2016) 1750014). This paper points out that two security loopholes in He’s protocol are existent. And a new QPC protocol which can avoid these loopholes is proposed without the help of a third party in this paper.

Ultra-secure virtual money capable of transfer across the Solar System proposed by University of Cambridge researcher (Computing) The idea, dubbed S-money was inspired by quantum theory and relativity, according to Cambridge University's Professor Adrian Kent

An AI Pioneer Explains the Evolution of Neural Networks (WIRED) Google's Geoff Hinton was a pioneer in researching the neural networks that now underlie much of artificial intelligence. He persevered when few others agreed.


Virginia Tech launches search for vice president and executive director of Innovation Campus (Virginia Tech) Julia Ross, the Paul and Dorothea Torgersen Dean of Engineering, will chair the search committee.

Judicial Academy organises training programme on ‘Cyber Law’ (Kashmir Reader) Jammu and Kashmir State Judicial Academy (JKSJA) organized one-day training programme on ‘Cyber Law’ for the Advocates of Jammu and Samba districts h

Legislation, Policy, and Regulation

Israel Bombed Cyber Hackers (That Is Historic, For Many Reasons) (The National Interest) Should nation-states start kinetic conflicts over cyber battles?

IDF air strike against Hamas hackers shocks infosec world (Daily Swig) When is it legitimate for a nation-state to respond to a cyber-attack with the use of force?

We are on the verge of a no-win AI arms race, warns NGO (C4ISRNET) A report from nongovernmental organization Pax warns that gains from AI-enabled weapons will be nasty, brutish and short-lived.

China is helping Venezuela 'shut down internet,' Sen. Marco Rubio says (American Military News) China has becoming increasingly involved in the Venezuela conflict and has helped the country in its cyber operations, according to Sen. Marco Rubio.

Spies will target new 5G network, cabinet told (Times) The government has been warned the new broadband and 5G network technologies about to be introduced across Ireland will be targeted by foreign intelligence services and could pose a significant...

UK has concerns about 'significant and widespread' Chinese cyber... (Reuters) Britain has a strong relationship with China but has expressed concerns about it...

Huawei Heads South (Foreign Affairs) The battle over 5G comes to Latin America.

US anxiety over Huawei a sequel of the Yellow Peril (South China Morning Post) In the years leading up to the end of the cold war, opinion polls revealed more Americans feared the ascendant economy of Japan – their ally – than the Soviet Union. The same is happening now to Huawei as its products become superior.

FTC renews call for single federal privacy law (Naked Security) It also wants to be the country’s data-privacy police: commissioners called for more resources and ability to impose penalties.

Friend portability is the must-have Facebook regulation (TechCrunch) Choice for consumers compels fair treatment by corporations. When people can easily move to a competitor, it creates a natural market dynamic coercing a business to act right. When we can’t, other regulations just leave us trapped with a pig in a fresh coat of lipstick. That’s why as th…

Zuckerberg says breaking up Facebook “isn’t going to help” (TechCrunch) With the look of someone betrayed, Facebook’s CEO has fired back at co-founder Chris Hughes and his brutal NYT op-ed calling for regulators to split up Facebook, Instagram, and WhatsApp. “When I read what he wrote, my main reaction was that what he’s proposing that we do isn’…

Chris Hughes Is Right: We Should Dismantle Facebook (WIRED) The former Facebook employee says the government should break up the company and then comprehensively regulate it. The only problem: It might not be enough.

Opinion | Breaking Up Facebook Is Not the Answer (New York Times) Dismantling our company won’t fix what’s wrong with social media.

A Big Choice for Big Tech Audio Install Install Audio Macupdate Book (Foreign Affairs) Don't break up digital giants that monopolize online markets; force them to share their data with their competitors instead.

IRS Needs to Improve Oversight of Third-Party Cybersecurity Practices (Government Accountability Office) Third-party providers, such as paid tax return preparers and tax preparation software providers, greatly impact IRS’s administration of the tax system.

FEC again delays Defending Digital Campaigns decision (POLITICO) ElectricFish reeled in — Cybersecurity Tech Accord plots second year

May 9, 2019 open meeting - ( Agenda and related material for the Federal Election Commission's May 9, 2019 open meeting

To counter China, Pentagon wants to create patriotic investors (Defense News) The Pentagon wants to play matchmaker between investors and companies looking for cash.

Lawmakers offer measure requiring cyber, IT training for House (TheHill) Lawmakers on Friday introduced a resolution to require members and employees of the House of Representatives to undergo annual cybersecurity and information technology training.

A better way for Cyber Command to get the tools it needs? (Fifth Domain) U.S. Cyber Command is reconsidering how it buys and develops the tools cyber warriors need.

To counter China, Pentagon wants to create patriotic investors (Defense News) The Pentagon wants to play matchmaker between investors and companies looking for cash.

Ellen Lord: DoD Aims to Bring Together Investors, Companies via ‘Trusted Capital Marketplace’ (Executive Gov) Ellen Lord, undersecretary for acquisition and sustainment at the Department of Defense, said she ap

Department of Defense Press Briefing by Under Secretary of Defense Lor (U.S. DEPARTMENT OF DEFENSE) LT. COL. MIKE ANDREWS:  Okay.  Good morning, ladies and gentlemen.  Thank you for joining us today. This morning, Under Secretary of Defense Ellen Lord will provide an update on the department's

NGA’s new deputy director is a familiar face (C4ISRNET) A leader that's no stranger to the National Geospatial-Intelligence Agency has been named to replace current Deputy Director Justin Poole, who announced in April that he would resign June 11.

Marines expand their reach to take up global counterterror cyber mission (Fifth Domain) In their support of Special Operations Command globally, the Marine Corps Forces Cyberspace Command is responsible for thwarting terrorist activity online.

Admiral censured in 'Fat Leonard' scandal to be named director of Congress' new cybersecurity commission (Task & Purpose) Sure, why not.

EAC Welcomes New Testing & Certification Director Jerome Lovato (U.S. Election Assistance Commission blog) Yesterday, the EAC appointed Jerome Lovato as its new Testing & Certification Director.

Litigation, Investigation, and Law Enforcement

Indictment Alleges Who Hacked Anthem, but Not Why (WIRED) For years, China was rumored to be behind the health insurance company's massive data breach, but now the Justice Department is noticeably silent on the hackers' motives and affiliation.

US Indicts Chinese Man for Anthem Breach (Infosecurity Magazine) US Indicts Chinese Man for Anthem Breach. Motives remain a mystery and individual is unlikely to be extradited

Russian spies found guilty of Montenegro coup attempt (AL Jazeera) Court found 14 people intended to take over parliament, assassinate PM to set up pro-Russia, anti-NATO leadership.

Http 66ttc3yp4o" دخولا مع On Whitefalcon Http t وخروجا بطاقات الدواعش الهوية سوريا Twitter mzltsdwyxf co ع وأشقائهم الحدود co t "تزوير التركية ليستخدمها السورية (Washington Post) The department asserts that the former deputy attorney general has a conflict of interest in the fraud and sanctions violation case against the Chinese tech giant.

Mahato Identify Tips Girl Tech Find How Id Fake Simple Real On To Facebook Fb - (Washington Post) Indictments for Anthem breach hackers are the fourth round in 18 months.

Maria Butina Says She Was 'Building Peace.' That's Not How The Feds See It (NPR) The Russian agent gave an interview to NPR from the detention center where she has been in custody since last summer. She denies being a spy or taking part in election interference.

Why is WannaCry hacking 'hero' Marcus Hutchins facing a criminal sentence, rather than fighting cyber crime? (The Telegraph) On this day in 2017, one of the worst cyber attacks in history raged.

Ecuador will give Julian Assange’s embassy computers and files to the US (EL PAÍS) Judicial authorities greenlight search of a room used by the WikiLeaks founder during his seven-year stay in the diplomatic headquarters in London

Sweden reopens rape case against Julian Assange (the Guardian) Lawyer for woman involved in allegations from 2010 has asked for investigation to resume

Chelsea Manning will risk return to jail over new subpoena (the Guardian) Manning said she would not comply with a subpoena to testify about her interactions with Julian Assange

‘There was no attempted coup’: FBI’s former top lawyer defends Russia probe (Washington Post) James Baker said he made sure the bureau followed the law.

Roger Stone asks court to toss out evidence, saying Russian hacking of Democrats in 2016 is ‘assumption’ (Washington Post)For Afghan Gula Artspace Pakistan Mccurry - Girl Sharbat Sale Steve Stone claims court-approved search warrants illegally relied on unproven assumptions.

Facebook sues analytics firm Rankwave over data misuse (TechCrunch) Facebook might have another Cambridge Analytica on its hands. In a late Friday news dump, Facebook revealed that today it filed a lawsuit alleging South Korean analytics firm Rankwave abused its developer platform’s data, and has refused to cooperate with a mandatory compliance audit and requ…

amp; Dot Control Access rf Design Card Id Printing (Infosecurity Magazine) Tax office must delete all Voice ID data obtained without consent

License Local Expect Lines News Coming Driver's In The - D'alene Weeks Longer At Dmv Coming; Press Design New Coeur (CyberScoop) Human rights advocates plan to file a petition Tuesday in Israeli court to revoke mobile spyware vendor NSO Group's export license.

Amnesty is supporting legal action to stop NSO Group's chilling spy web (Amnesty) The Israeli company has been linked to attacks on Ahmed Mansoor, Jamal Khashoggi, Mexican journalists and Amnesty staff

Analysis | The Cybersecurity 202: Federal agencies are spending millions to hack into locked phones (Washington Post) Agencies have spent $2.6 million in two years on iPhone hacking tools

Only 0.25% of Reported Data Breaches Have Led to Fines Since GDPR (Infosecurity Magazine) The ICO has handed out just 29 monetary punishments since May 25 2018

US Firm Accuses Huawei of Enlisting Chinese Professor to Obtain Its Tech (Epoch Times) A U.S. startup company is accusing Chinese telecommunications gear provider Huawei of enlisting a Chinese university professor working ...

Counterfeit hard drive gang smashed by Chinese police (CRN Australia) Chinese Police seize fake HPE and IBM disks.

Hackers allegedly stole $2.4 million in cryptocurrency in a six-month SIM hijacking spree Audio Install Install Audio Macupdate Book (CyberScoop) Nine people were charged with crimes related to stealing more than $2.4 million in cryptocurrency by hijacking victims’ mobile phone numbers, the U.S. Department of Justice said Thursday.

Missouri Granted 21 Now Wdaf-tv Extension Jan Fox 4 Through Sports Airports Kansas Accepted At Ids City News Weather Audio Install Install Audio Macupdate Book (KrebsOnSecurity) Eight Americans and an Irishman have been charged with wire fraud this week for allegedly hijacking mobile phones through SIM-swapping, a form of fraud in which scammers bribe or trick employees at mobile phone stores into seizing control of the target’s phone number and diverting all texts and phone calls to the attacker’s mobile device.

Software update crashes police ankle monitors in the Netherlands (ZDNet) Borked update prevents ankle monitors from sending data back to police control rooms.

2 men charged in multi-state cyber porn sting (Eagle-Tribune) Men in New Jersey and Pennsylvania face online child pornography charges after being arrested in undercover sting operations run by Newbury and Salisbury police.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Insider Threat Symposium & Expo (Laurel, Mayland, USA, September 10, 2019) The National Insider Threat Special Interest Group's event is for anyone involved in Insider Threat Program (ITP) Management / Insider Threat Mitigation. Speakers will come from the White House, Missile...

Upcoming Events

Cybertech Midwest 2019 (Indianapolis, Indiana, USA, April 24 - July 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...

Insider Threat Program Management With Legal Guidance Training Course (Washington, DC, USA, May 13 - 14, 2019) The Insider Threat Defense Group will hold our highly sought after Insider Threat Program (ITP) Management With Legal Guidance Training Course, in Washington, DC, on May 13-14, 2019. This comprehensive...

NIST IT Security Day (Gaithersburg, Maryland, USA, May 14, 2019) From nanoscale devices so tiny that tens of thousands can fit on the end of a single human hair…to earthquake-resistant skyscrapers and global communication networks, the National Institute of Standards...

Transport Security Congress (Washington, DC, USA, May 14 - 15, 2019) The Transport Security Congress brings together business and security leaders from all sectors of passenger and goods transportation to discuss solutions to the evolving security and safety risk landscape.

TechNet Cyber (Baltimore, Maryland, USA, May 14 - 16, 2019) TechNet Cyber 2019, formerly the Defensive Cyber Operations Symposium, will be the staging area for military, industry and academia to discuss and plan how to achieve persistent engagement, persistent...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.Store And Data App Annie amp; Scan Shop Pay Kohl's Ranking Save

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.

Download, install, or update Audio Book for Mac from MacUpdate.Install Audio Book | MacUpdate
ShareThis Copy and Paste