skip navigation

More signal. Less noise.

How are companies actually using machine learning for threat intelligence?

Artificial intelligence, and in particular machine learning, has seen huge strides in recent years and is now impacting all aspects of society and business. Learn the four ways machine learning is powering smarter threat intelligence with Recorded Future's latest white paper. Download your copy now.

Daily briefing.

In an unusual announcement, Germany's security agency BfV (Bundesamt für Verfassungsschutz) revealed the results of their long counterintelligence inquiry into how Chinese intelligence services use social media. LinkedIn drew particular attention, and BfV director Hans-Georg Maaßen said China is using the platform to collect information on targeted individuals. The Chinese services are said to have catphished more than ten-thousand Germans. Most of the fictitious profiles used were swiftly taken down, but some journalists got a peek before the catphish spit the hook and vanished, and the profiles appeared to be what the BfV said they were. The Chinese Foreign Ministry dismisses the German report as "groundless" and "hearsay," desiring Berlin to "speak and act more responsibly."

Taking out insurance against cyberattack is a sensible way of transferring risk, but Watchguard thinks it sees signs of small businesses in particular thinking that insurance enables them to rest easy with poor cyber hygiene.

The blockchain and the barista: it appears that at least one Starbucks Wi-Fi provider may have used the coffee shop's network to install a Monero miner in unwitting patrons' devices.  

The vigilante known variously as "The Doctor" and "The Janitor," the one responsible for Brickerbot, has indicated he's retiring. He claims to have bricked more than ten million vulnerable IoT devices, thereby preventing them from being herded into malicious botnets. Doctor Janitor never got much love—he was generally regarded as a destructive, self-righteous pest.

The US Securities and Exchange Commission has stopped another ICO, this one for Munchee.

Notes

Today's edition of the CyberWire reports events affecting Australia, Bangladesh, China, European Union, Germany, India, Ireland, Italy, Nigeria, Philippines, Romania, Russia, Singapore, Taiwan, United Kingdom, United States, and Vietnam.

When 95% of breaches are human error, why is it on the last line of our security budget?

Probably because until now, you haven’t found a solution that works. NINJIO produces 3-4-minute-long animated Episodes that teach your end-users how not to get hacked. This is done through Hollywood story telling. A new Episode is produced every 30 days on the most current breaches. Your end-users emotionally connect with the first scene of every Episode, so they’re engaged throughout the Episode. NINJIO tells stories, not lectures and has a 98.5% renewal rate. NINJIO works. See a free in person demo.

In today's podcast we hear from our partners at Palo Alto Networks, as Rick Howard discusses DevOps versus site reliability engineers. Our guest, Marcelle Lee from LookingGlass, updates us on the Bad Rabbit ransomware strain.

Earn a master’s degree in cybersecurity from SANS (Online, December 21, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Thursday, December 21st, at 12:00pm noon ET. For complete information on master’s degree and graduate certificate programs, visit www.sans.edu.

Cyber Attacks, Threats, and Vulnerabilities

Espionage: Germany unmasks fake Chinese LinkedIn profiles (CSO Online) Germany's BfV says Chinese intelligence services targeted more than 10,000 German citizens in a massive social engineering effort that included LinkedIn.

China rubbishes claims that its intelligence services use LinkedIn to gather information (The Straits Times) The Chinese Foreign Ministry has rubbished allegations by Germany's intelligence service that Chinese intelligence uses social network profiles to gather information about German officials and politicians.. Read more at straitstimes.com.

US Officials, Lawmakers Warn More Cyberattacks Coming (Voice of America) Upcoming elections, business interests are among the likely next targets of a combination of disinformation and hacking campaigns

Ex-Spy Chief: Russia’s Election Hacking Was An ‘Intelligence Failure’ (POLITICO Magazine) Former acting CIA director Michael Morell says the agency missed the meddling until it was too late.

Spider: A New Thread in the Ransomware Web (Netskope) Netskope Threat Research labs has detected new ransomware named Spider propagating in a mid-scale campaign. This ongoing campaign, identified on the 10th December,  uses decoy Office documents which usually arrive as email attachments. These attachments are auto-synced to the enterprise cloud storage and collaborations apps. Netskope Threat Protection detects the decoy document as “VB:Trojan.VBA.Agent.QP” and...

Return of Necurs botnet brings new ransomware threat (Help Net Security) The Necurs botnet has returned to the top ten most prevalent malware during November 2017, as cybercriminals used it to distribute a new form of ransomware.

Is cyber insurance provoking more cyberattacks? (Insurance Business) It is designed to deal with the consequences of a breach – but is the "hot new" insurance policy having the opposite effect?

MoneyTaker: Yet another Russian hacking group exposed (Computing) Banks, law firms and financial software vendors in the UK, US and Russia among groups targeted by MoneyTaker, according to Group-IB

MoneyTaker's stealthy hacking spree spread from US to Russia (Help Net Security) A stealthy group of Russian-speaking hackers has been targeting financial organizations in the US and Russia, stealing money and documentation.

macOS Backdoor Uses Innovative Disguise Technique (Security Week) A variant of the macOS-targeting OceanLotus backdoor is using an innovative technique to disguise the fact that it is an executable in order to avoid alerting users on its execution, Malwarebytes warns.

Banking trojans sneak into Google Play again (SC Media US) Banking trojans have once again made their way past Google Play's security mechanisms, this time to target the Polish Financial sector.

Hackers' delight: Mobile bank app security flaw could have smacked millions (Register) Certificate pinning unpicked

Nope, this isn’t the HTTPS-validated Stripe website you think it is (Ars Technica) How extended validation certificates can be used to scam, not help, end users.

A Popular Bitcoin Puzzle Has Revealed an Even Larger Mystery (Motherboard) A Bitcoin puzzle from 2015 was recently used as the springboard to reveal what appears to be an automated Bitcoin siphon.

In-Store WiFi Provider Used Starbucks Website to Generate Monero Coins (HackRead) The value of Bitcoin is increasing rapidly making it almost impossible for most of the world to invest and that is why users are trying to invest or mine o

The Only Thing That Will Save $150M In Locked Ethereum Is a Hard Fork (Motherboard) Parity Technologies lays out a potential fix.

What Lies Beneath – Avoiding the Unseen Dangers of OT Vulnerabilities (Automation) A recent Accenture survey found that 76 percent of utility executives in North America believe the country faces a moderate risk of interruption to electricity due to a cyberattack.

A brief history of ICS Cyber Security (Control Global) The November 2017 Issue of Control magazine had a section entitled “Serious cybersecurity sources”. In it, they included Unfettered and mentioned it being 10 years old. This got me thinking about a timeline of important ICS cyber security first-of-a-kind events.

Comcast continues to inject its own code into websites you visit (The Next Web) Even without the repeal of net neutrality Comcast continues to show disregard for a free and open internet by inserting its own code into webpages at whim.

This Fidget spinner app is sending other apps data to Chinese server (HackRead) A few months ago, Bluetooth-enabled fidget spinners were in the news for blowing up and putting lives in danger. This time, these toys are in discussion fo

Vulnerability Found in Two Keyless Entry Locks (Threatpost) Researchers are warning of a default-configuration vulnerability in the enterprise-class keyless entry products made by AMAG Technology.

BrickerBot Author Retires Claiming to Have Bricked over 10 Million IoT Devices (BleepingComputer) The author of the BrickerBot malware has announced his retirement in an email to Bleeping Computer, also claiming to have bricked over 10 million devices since he started the "Internet Chemotherapy" project in November 2016.

Is Your Smart TV Hacker-Proof? (CSO) If you thought hacker-proofing your phone, your email, and your computer were the extent of your security worries, you forgot to consider your smart TV.

Users warned over wi-fi security (TechRadar) Wandera survey sets out risks of open hotspots

Several applications back online after Mecklenburg Co. cyber attack (Spectrum News Charlotte) Several applications from Mecklenburg County’s server are up and running after a ransomware attack.

Lil Bub, a special-needs celebrity cat, gets hacked (Naked Security) The Instagram account of a kitty who suffers from extreme feline dwarfism and terminal cuteness has been hacked by somebody who says they’re 11.

Someone hacked this traffic sign with anti-Trump messages (HackRead) A traffic sign near North Central Expressway in Dallas was hacked by unknown perpetrator on Friday (November 8th) night and defaced with an obscene message

Security Patches, Mitigations, and Software Updates

Verizon rolls out software update for Samsung Galaxy S8, S8+ (Android Community) Aside from AT&T rolling out the Android 8.1 Oreo update for the Pixel 2 and Pixel 2 XL, we have another mobile carrier releasing a software update for a couple of Android devices. Verizon Wirel…

Cyber Trends

Cyber Threats Are Still Being Brushed Aside, Even After WannaCry and NotPetya (AlienVault) AlienVault survey analyzing the impact of WannaCry and NotPetya finds that attitudes towards cyber security have hardly changed as a result

Business leaders don't understand cyber risks, making investment difficult to secure (Computing) Only 30 per cent told CA Veracode that they had heard of the Equifax breach

Cyber security outlook 'ominous', says Centrify's King (iTWire) Global security vendor Centrify has warned that the major data breach revelations that have marked the past year would continue in 2018 as organisatio...

The True Cost of Compliance with Data Protection Regulations (Globalscape) Multinational organizations in all industries must comply with privacy and data protection laws, regulations and policies designed to protect individuals' sensitive and confidential information.

Enterprise USB security is outdated and inadequate (Help Net Security) Enterprise USB security is still terrible. Security policies for these devices are severely outdated or inadequate for protecting critical enterprise data.

'Tis the Season for Increased Cybersecurity Vigilance (Security Intelligence) Cybersecurity vigilance is crucial during the holiday shopping season, but it's equally important to carry that security awareness into the new year.

The Fake News Culprit No One Wants to Identify: You (WIRED) Facebook and Twitter won't fix this problem alone, says Danah Boyd. Today's information wars are also a reflection of us.

Marketplace

5 Reasons the Cybersecurity Labor Shortfall Won't End Soon (Dark Reading) The number of unfilled jobs in our industry continues to grow. Here's why.

Three things you need to know before you lose your shirt trading Bitcoin futures (IBS Intelligence) As of today, investors can trade in Bitcoin futures as an alternative to buying the actual cryptocurrency

Cyber insurance premiums ‘still quite soft’ says Iron Cove Partners’ D’Agostino (Hedge Week) Now is probably the best time to be thinking about cybersecurity insurance given that premiums in the marketplace remain soft. Hedge fund managers who grasp the nettle and get their protection policies in place ahead of the herd could find themselves at a financial advantage.

Cybersecurity Stocks: What to Watch in 2018 (The Motley Fool) The seemingly endless streak of data breaches could set the cybersecurity market on fire next year.

Cisco eyes acquisitions for real-time cyber security intelligence data (The Economic Times) Cisco Systems will continue looking for acquisitions as it pushes towards working real time on cyber security intelligence data.

Why JPMorgan, Amex, HSBC are backing ‘isolation’ web browsing (American Banker) In a rare show of public support for a security technology, the banks are leading a $40 million funding round for Menlo Security, provider of browser technology that keeps malware at bay — and they’re using it, too.

Atos offers to buy Gemalto for 4.3 billion euros to boost cyber securi (Reuters) French technology consulting firm Atos offered to buy Gemalto for 4.3 billion euros ($5.06 billion) on Monday to boost its cyber security services as states an

Atos proposes to acquire Gemalto to create a global leader in cybersecurity, digital technologies and services (GlobeNewswire News Room) Atos [Euronext Paris: ATO], a global leader in digital transformation, announces that it has made a formal proposal to acquire Gemalto [Euronext Amsterdam: GTO] by way of a public offer for all of Gemalto issued and outstanding shares.

Synopsys Completes Acquisition of Black Duck Software (Business Insider) Synopsys, Inc. (Nasdaq: SNPS) has completed its acquisition of Black Duck Software, Inc., a privately held leader in automated solutions for securing and managing open source software.

Xator adds Merlin's services arm (Washington Technology) Technology services company Xator acquires the professional services group of cyber and health IT contractor Merlin International.

Simility Secures $17.5M in Latest Funding as Company Experiences Explosive Growth (Simility) Latest funding round led by Accel with participation from PayPal, Inc, will expand global operations to meet industry demand for enterprise fraud prevention solution

Tempered Networks raises another $7M for ‘identity-defined networking’ cybersecurity software (GeekWire) Tempered Networks has raised another $7 million to help protect companies from cyberattacks with its “identity-defined networking” technology. Jeff Hussey, the company’s co-founder and CEO who…

Jaci Tomek Brings Fresh Approach to Security Sales and Technology Implementation Strategies with TomahawX Technologies LLC (BusinessWire) Jaci Tomek, a 20-year veteran of the security industry, today announced the launch of TomahawX Technologies LLC.

GCHQ opens accelerator programme to nine new UK startups (Computing) Scheme will help new businesses to develop their ideas and secure investment

Why Greylock's Asheem Chandna thinks most tech companies shouldn't do an IPO (Silicon Valley Business Journal) Chandna is one of the most successful security technology and data management investors in Silicon Valley, counting Palo Alto Networks, Imperva and Sourcefire among his big hits of the past.

The Data Defenders: How Firms Focused on Privacy and Security Make Their Living (Legaltech News) Tackling some of the newest and most perilous legal risks these law firms are defining and protecting life in the information age.

ITS America welcomes new Board Officers and Directors for 2018 (American Journal of Transportation) The Intelligent Transportation Society of America (ITSA) announced Friday the election of Officers for 2018, and welcomed six new Directors.

Fidelis Appoints Wayne Bergland as Head of Sales (BusinessWire) Fidelis Cybersecurity (Fidelis), the company that empowers security operations teams with automated and intelligent technology to better protect the w

Northrop Vet Matt McQueen Named Peraton Chief Comms Officer; Stu Shea Comments (GovCon Wire) Matt McQueen, previously a communications executive in charge of cyber branding at Northrop Grumman

Products, Services, and Solutions

New Alerting Technology Stops Airplane Hackers at System Level (Avionics) For veteran F-18 fighter pilot Brooks Cleveland, it’s not the obvious things that can go wrong in the cockpit that worry him, it’s the unseen attacks that can affect aircraft systems without being aware of them. “The threats that sci-fi novelists write about are not what I’m worried about as a pilot — of the …

Alpin Launches SaaS Subscription Management Platform that Illuminates Shadow IT and Provides Total Visibility, Cost Control and Security (BusinessWire) Alpin, provider of SaaS monitoring and management tools for IT administrators, was launched today by founders Julien Denaes, Benjamin Soulier and Mark

Event Logs Manipulated With NSA Hacking Tool Recoverable (Security Week) Researchers at security firm Fox-IT have developed a tool that allows investigators to detect the use of specific NSA-linked malware and recover event log data it may have deleted from a machine.

Comodo, firm in cybersecurity partnership (Punch) Comodo, a global innovator and developer of cybersecurity solutions, and Tros Technologies, a Nigerian Information Technology solutions provider, have announced a strategic partnership on cybersecurity for the West African region.

Japanese Insurance Giant Sompo Utilizes prooV's Platform to Expedite Proof-of-Concept Process (Business Insider) prooV, the world's first PoC-as-a-Service platform that facilitates and streamlines the Proof of Concept (PoC) process, today announced a worldwide, strategic partnership with Deloitte to offer a virtual Cyber Lab to its global customers.

Google Releases Tool To Help iPhone Hackers (Motherboard) Google’s elite team of hackers released a much-anticipated tool to help security researchers hack and jailbreak the iPhone.

NoPassword enters partnership with ForgeRock (Planet Biometrics) Authentication firm NoPassword has revealed that it will partner with digital identity firm ForgeRock.

Optiv Security Helps Organizations Further Optimize Software Security Programs and Minimize Risk with eLearning Curriculum Powered by CA Veracode (Sys-Con Media) Optiv Security, a market-leading provider of end-to-end cyber security solutions, today announced the general availability of Optiv Secure Coding Powered by CA Veracode, a leader in securing the world’s software and acquired by CA Technologies (NASDAQ: CA).

Drive Trust Alliance Announces Free Fix for Lurking Ransomware Threats (PRNewswire) There are many millions of computer hard drives, from every hard drive...

Secure Channels Inc. and Access Smart Partner to Create an End-to-End Solution for Data Security (Broadway World) Secure Channels Inc., provider of innovative security solutions designed to complement existing security investments, announces a partnership with Access Smart, a provider of authentication and access security controls.

Technologies, Techniques, and Standards

Waves, IGF, ‎Ethereum and Deloitte Form Alliance to Regulate ICO ‎Industry (Finance Magnates | Financial and business news) Some ICOs have been fraught with their own problems.

Hacking bitcoin and blockchain (CSO Online) Both bitcoin and blockchain are vulnerable to attack. Here's what you need to know to protect yourself and why blockchain is becoming a foundational technology.

How to Check Your HP Laptop for the Synaptic Keylogger and Remove It (BleepingComputer) With that said, if you have an HP laptop, you may be wondering if your laptop has the driver installed that contains this debug trace, or keylogging, feature. This article will tell you how to check if you have the affected driver installed on your laptop and how to update it to the latest version.

The Necessity of Having an Employee Social Media Use Policy or “Boy, that was one rough week for social media, employees and the President!” (Galkin Law) Companies need to have properly prepared Social Network Use Policies for their employees.

Guide for Preparing Your Employee Social Media Policy (Galkin Law) Companies need to have properly prepared Social Network Use Policies for their employees.

The 8 biggest IT management mistakes (CIO) Sure, nobody’s perfect. But for those in charge of enterprise technology, the fallout from a strategic gaffe, bad hire, or weak spine can be disastrous. Here’s how to avoid (or recover from) big-time IT leadership mistakes.

Research and Development

Microsoft’s Q# quantum programming language out now in preview (Ars Technica) It’s pronounced “Q sharp.”

Quantum Technology Creates "Hack Proof" Internet (Edgy Labs) Although many QKD systems have been limited by a lack of hardware and slow transmission speeds, researchers have found a way to improve transmission speed.

Academia

Grand Prize in Science Competition Goes to Bethesda Teen for Work on Auction Security (Bethesda Magazine) Andrew Komo, a Montgomery Blair High senior, wins more than $ 100,000 in scholarships

University of Georgia, Army Cyber Command eye partnerships (Fifth Domain) The University of Georgia and the U.S. Army’s Cyber Command could soon be exchanging students and workers.

Northrop Grumman Expands Longstanding Support for US Naval Academy (Northrop Grumman Newsroom) For decades, Northrop Grumman has been a valued partner of the U.S. Navy. The company is also a strong supporter of science, technology, engineering and mathematics (STEM) education, and it continues to find ways to connect both...

Legislation, Policy, and Regulation

Making order from chaos in cyber warfare law (The Jerusalem Post) It’s important for the US – even if it wants to preserve some flexibility in its cyber actions – “to work hard to keep its operations within the four corners of the law."

SWIFT And The New Regulatory Environment Of 2018 (Forbes) From January 1 2018, financial institutions that use SWIFT, the global banking messaging platform, will have to comply with a new cybersecurity framework that aims to establish a baseline for security.

Mindef invites hackers to test public-facing systems for vulnerabilities (TODAYonline) In a first for a government agency here hackers will be invited to put the Ministry of Defences Mindef public-facing systems including the National Service NS Portal to the test in order to expose vulnerabilities.The move announced by Mindefs defence

IT ministry sets up NIC-CERT to detect, prevent cyber attacks (Live Mint) NIC-CERT will work to ensure early detection and immediate mitigation of cyber attacks by monitoring data across the NIC platform

House passes Homeland Security cyber overhaul bill (TheHill) GOP chairman notches win as House approves bill to elevate DHS cyber mission.

New rule coming for US names mentioned in spy reports (Federal Times) The new policy aims to stiffen existing safeguards to ensure that names aren’t disclosed for political reasons, especially during presidential transitions.

Warrantless surveillance can continue until April, say Feds (Naked Security) Thought FISA Section 702 was due to bite the dust on New Year’s Eve? Think again, say Trump’s lawyers: you’re stuck with it until the spring

New York Lawmaker Wants to Bolster Cyber Briefings (GovTech) Akin to the counterterrorism briefings U.S. Congressional members already receive, cyberoperations briefings are increasingly important.

Litigation, Investigation, and Law Enforcement

SEC shuts down Munchee ICO (TechCrunch) In what should be an interesting beginning to the coming avalanche of ICO failures, the SEC has come down hard on Munchee, a company that built a $15 million..

Officials deny security, personal leaks over e-Gate (Taipei Times) There is no evidence that Taiwanese travelers’ personal information was leaked by allegedly Chinese-made biometric scanners used at the nation’s three international airports, the Ministry of the Interior and the National Immigration Agency said on Sunday.

Secret message apps on the rise at work (CNNMoney) More companies are starting to approve the use of ephemeral messaging apps for internal communications.

House science chairman dives into Kaspersky cyber investigation (Washington Examiner) Two questions that still need to be answered are how and why the previous administration approved the use of Kaspersky.

The Truth About Espionage (Observer) Russia’s awareness of our politics and national security extends far beyond its secret agents and online spy-antics.

Focus on Flynn, Trump timeline suggests obstruction is on Mueller's mind (NBC News) Mueller's team seems focused on what happened during the 18 days between Trump learning Flynn had lied about Russia and Trump's firing of Flynn.

Trump officials were warned about Mike Flynn at least 6 separate times before removing him (Business Insider) Top officials on President Donald Trump's transition team and in the Trump administration were repeatedly warned about hiring Michael Flynn.

As Russia probes progress, one name is missing: Bannon's (POLITICO) People close to the probe say the former campaign and White House strategist will be a key witness for prosecutors and Hill investigators.

Italian Prosecutor Makes Request to Close Hacking Team Investigation (Motherboard) After more than two years, the Italian prosecutors have nothing to show for their investigation into the spectacular hack of Italian surveillance tech vendor Hacking Team.

US man is behind the 2015 Hacking Team hack? (Help Net Security) According to a notice received by Guido Landi, a 30-year old Nashville, Tennesee resident might have had something to do with the 2015 Hacking Team hack.

Romanian Nationals Admit to Racketeering Conspiracy, ATM Skimming (Dark Reading) Seven Romanian nationals pleaded guilty in connection with an ATM skimming scheme and RICO conspiracy, in addition to other crimes.

Vietnamese man hacked Australian airport computers; stole security data (HackRead) A 31-year-old Vietnamese hacker, Le Duc Hoang Hai, stole highly sensitive data belonging to Perth Airport's building and security infrastructure after brea

Bangladesh Bank Accused of Hiding Details Related to $81m Theft (Infosecurity Magazine) Bangladesh Bank Accused of Hiding Details Related to $81m Theft. Philippines lender says it has been completely transparent with authorities

Ireland risks shooting itself in the foot in crucial Microsoft email case (Digital Tech Insider) In what could be a very misguided move, the Government signalled on Sunday that it may undermine its former position on an enormously important technology case involving Microsoft Ireland that is before the United States supreme court. In doing so it risks irreparably damaging Ireland’s attractiveness as a business location for a …

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Automotive ISAC Fall 2017 Summit (Derborn, MIchigan, USA, December 13 - 14, 2017) This year’s theme is “Start your engines” and is about how to build relationships and learn about a variety of timely and topical subjects in the world of automotive cybersecurity. The summit will focus...

International Conference on Cyber Security: Forging Global Alliances for Cyber Resilience (New York, New York, USA, January 8 - 11, 2018) The Federal Bureau of Investigation and Fordham University will host the Seventh International Conference on Cyber Security (ICCS 2018) on January 8-11, 2018, in New York City. ICCS is held every eighteen...

2018 Leadership Conference (Arlington, Virginia, USA, January 17 - 19, 2018) We invite you to join us for this unique opportunity to share information, participate in leadership training, collaborate on solutions to common problems, and network with peers from around the globe.

Connected Medical Device & IOT Security Summit (Baltimore, Maryland, USA, January 25 - 26, 2018) The Summit will offer practical solutions to many of the daunting security challenges facing medical device and connected health technology companies, healthcare providers, payers and patients. The program...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.