skip navigation

More signal. Less noise.

How are companies actually using machine learning for threat intelligence?

Artificial intelligence, and in particular machine learning, has seen huge strides in recent years and is now impacting all aspects of society and business. Learn the four ways machine learning is powering smarter threat intelligence with Recorded Future's latest white paper. Download your copy now.

Daily briefing.

An open-source ransomware project forms the basis of a new family of ransomware, desuCrypt and its Deuscrypt variant, now being widely distributed in criminal souks. Researcher Michael Gillespie has developed a decryptor for infected files.

Fortinet reports that SpriteCoin, a bogus cryptocurrency that's nothing more than phishbait that leads to ransomware, not only encrypts victims' files, but, after they pay the ransom (only Monero is accepted) then installs malware that parses images, harvests certificates, and activates web cameras.

IoT devices containing ARC chipsets are turning up in Satori botnets, which indicates that botnet controllers have significantly increased the number of maverick devices they can rope into their herd.

Intel tells users to disregard its recent Spectre patch. A new, less troublesome version is due out soon.

Farsight Security has issued a study of how Internationalized Domain Names (IDNs) can use non-Latin characters from, say the Greek or Cyrillic alphabets, to craft sites that impersonate urls that use the more familiar Roman characters. Spoofed sites are used for more persuasive phishing. Thus a Cyrillic мягкий знак ("myagkii znak") softsign, "ь," can be used to spell "faceьook," which might fool the casual eyes of users normally alert to the urls they follow. Companies whose sites have been impersonated in this way include Apple, Adobe, Amazon, Bank of America, Cisco, Coinbase, Credit Suisse, eBay, Bittrex, Google, Microsoft, Netflix, New York Times, Twitter, Walmart, Yahoo, Wikipedia, YouTube, and Yandex.

ISIS seeks to inspire lone wolf terrorists (and frighten infidels) with the slogan "We are in your home."

Notes

Today's edition of the CyberWire reports events affecting Bahrain, China, Egypt, Iran, Oman, Qatar, Russia, Saudi Arabia, Sweden, Syria, Taiwan, United Arab Emirates, United Kingdom, United States.

Is your security team equipped to make the very best tactical decisions?

Conducting business in another country and need to know more about international business laws? Want to know some of the biggest threats to the 2018 Winter Olympics or North Korea’s cyber capabilities? You need finished intelligence…from the experts. Join LookingGlass’ Sr. Director of Investigation and Analysis, Olga Polishchuk and Jonathan Tomek, Sr. Director of Research on February 20 @ 2PM ET, as they discuss what your security team needs to make more effective business decisions.

In today's podcast, we speak with our partners at the Johns Hopkins University's Information Security Institute, as  Joe Carrigan responds to listeners' mail about disabling links in email. Our guest is Chris Webber from SafeBreach, who talks about how one can use simulations to test for Meltdown and Spectre vulnerabilities. 

Cyber Security Summits: February 13 in Silicon Valley & Atlanta on February 28 (Silicon Valley, California, USA, February 13, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Darktrace, IBM and more. Register with promo code cyberwire50 for half off your admission (Regular price $350) https://CyberSummitUSA.com

Cyber Attacks, Threats, and Vulnerabilities

‘We are in your home’: After losses, ISIS steps up campaign to inspire attacks (Washington Post) The diminished terrorist group turns up the volume in urging lone-wolf strikes abroad.

Major cyber-attack on UK a matter of 'when, not if' – security chief (the Guardian) Exclusive: Ciaran Martin says Britain fortunate so far to avoid major, crippling attack

Chinese Hacking Against Taiwan: A Blessing for the United States? (The Diplomat) Is the the long-time threat of APTs to Taiwan a blessing in disguise?

Should Investors Worry About A Stock Exchange Hack? (ValueWalk) After a cyber breach was found in one of the largest stock exchange in the Middle East relating to lax password management, the culprit has been found. Should investors be concerned? Oops: Stock exchange forgets to change password from factory …

desuCrypt Ransomware in the Wild with DEUSCRYPT and Decryptable Insane Variants (BleepingComputer) An modified version of the open-source ransomware project called desuCrypt is being used as the base code for a new ransomware family being actively distributed. This family currently has two variants being distributed, with one appending the .insane extension and the other appending .DEUSCRYPT.

Study Finds Top Sites Can Be Impersonated Using Non-Latin Alphabet (Silicon UK) Homograph attacks using international characters to spoof well-known web domains were found targeting more than 100 top brands

Satori Botnet Malware Now Can Infect Even More IoT Devices (Dark Reading) Latest version targets systems running ARC processors.

Hacker Makes Off With Nearly £300K Stellar Lumens In BlackWallet Theft (Information Security Buzz) A hacker hijacked BlackWallet to steal nearly £300K from Bitcoin rival Stellar Lumen; an incident that Ilia Kolochenko, CEO of web security company High Tech Bridge commented below. Ilia Kolochenko, CEO at High Tech Bridge: “Unfortunately, startups in digital currencies and other blockchain technologies often ignore or underestimate information security and privacy fundamentals. They operate on …

Fictional SpriteCoin Cryptocurrency Packs a Ransomware Punch (Infosecurity Magazine) The malware attempts to trick victims by masquerading as a password-protected storage mechanism for a new cryptocurrency.

Fake cryptocurrency wallet carries ransomware, leads to spyware (Help Net Security) Criminals have noticed the cryptocurrency rush and are doing their level best to cash in on it. The latest attack on cryptocurrency-hungry users comes in the form of a fake cryptocurrency wallet carrying ransomware.

Paradise Ransomware strikes again (Acronis) The Paradise ransomware that was active in September 2017 is back with a new round of attacks, starting at the beginning of January 2018.

The impact of Spectre and Meltdown vulnerabilities on storage (SearchConvergedInfrastructure) Not all storage systems may need fixes for Spectre and Meltdown vulnerabilities, but hyper-converged and software-defined storage products may require patches.

The New Way Your Computer Can Be Attacked (The Atlantic) Unprecedented computer-chip vulnerabilities exposed this month paint a grim picture of the future of cybersecurity.

Triton Malware Exploited Zero-Day Flaw in Schneider Electric Safety Controllers (Security Boulevard) Triton was the first case of malware designed to specifically infect industrial controllers after Stuxnet, which was used to destroy uranium enrichment centrifuges at Iran's Natanz nuclear plant in 2010.

Infant Social Security numbers are for sale on the dark web (CNNMoney) What happens when an identity thief steals your child's data?

Here’s why the epidemic of malicious ads grew so much worse last year (Ars Technica) Forced redirects from Zirconium group push phony malware and fake Flash updates.

One million email credentials from the top-500 UK law firms' found for sale on the 'dark web' (Computing) Law firms wide open to phishing scams following security breaches

UK’s Top Law Firms at Risk After 1m+ Credentials Found on Dark Web (Infosecurity Magazine) UK’s Top Law Firms at Risk After 1m+ Credentials Found on Dark Web. Spear-phishing, CEO fraud and data theft could follow, says RepKnight

Popular Sonic the HedgeHog Apps at Risk of Leaking User Data to Unverified Servers (Threatpost) Researchers have found three Sega game apps that connect to insecure servers and risk leaking user data.

Sonic the Hedgehog accused of leaking Android users' data (Graham Cluley) Researchers claim some Sega Android games are leaking users’ geolocation and device data.

Politicians and cyber security experts at Swedish defence conference fooled by fake Wi-Fi network (The Local) Up to 100 people including journalists, politicians and cyber security experts were fooled into connecting to a fake wireless network at this year's edition of Sweden’s annual 'Folk och försvar' security conference, the youth branch of the Swedish Pirate Party claims.

File Inclusion Vulns, SQL Injection Top Web Defacement Tactics (Dark Reading) Hacktivists driven by political, religious, and other causes commonly exploit basic vulnerabilities to spread their messages, researchers say.

Pakistani hacking campaign leads in website defacements: study (TheHill) Cybersecurity firm analyzed 13 million web defacement reports over nearly two decades.

OTX Trends Part 2: Malware (AlienVault) This is the second of a three part series on trends identified by AlienVault.Part 1 focused on the exploits tracked by OTX. This blog will talk about the malware, and Part 3 will discuss trends we’re seeing in threat actors.Which malware should I be most concerned about?Most security incidents that a security team will respond to involve malware. We took a look at three sources of malware telemetry to help prioritise popular malware families:

KnowBe4 Unveils New Phishing Benchmark Data and Showcases Most At-Risk Industries (Sys-Con Media) New proprietary phishing study of six million users shows insurance organizations and not-for-profits lead all other industries with greater than thirty percent of users falling for baseline phishing tests.

Like bank charges, Dridex refuses to go away (Enterprise Times) Banking malware Dridex shows yet another variation as it moves from malicious HTTP links to hosting malware on compromised FTP sites.

Net neutrality is bad? 1 million P[0]rnHub employees can’t be wrong. Oh, wait. (Ars Technica) Millions of comments sent to FCC through bulk system used fake email addresses.

Sensitive medical records on AWS bucket found to be publicly accessible (SC Media UK) A large cache of sensitive medical records handled by a US-based digital records management company was found in an Amazon S3 storage bucket.

Uber hit with criticism of “useless” two-factor authentication (Naked Security) An Indian researcher has created a stir by claiming Uber’s 2FA is “useless”. What’s the full story?

Uber dismissive about security flaw that lets hackers bypass its 2FA (HackRead) Uber has no plans to fix a critical security flaw in its two-factor authentication (2FA) protocol reported by an IT security researcher.

A silver bullet for the attacker (Securelist) We confront hundreds of thousands of new threats every day and we can see that threat actors are on a constant lookout for new attack opportunities. According to our research, connecting a software license management token to a computer may open a hidden remote access channel for an attacker.

Google Denies Using Google Arts & Culture App to Collect Selfie Data (HackRead) Google Arts & Culture App was recently introduced and its numbers of downloads on iTunes has left YouTube and Instagram behind.

Security Issue at Sabre Affects Rosewood Hotel Group Guests' Payment Card Information (PR.com) Rosewood Hotel Group (“Rosewood”) announced today an issue affecting certain Rosewood guest reservation information that was maintained on the systems of Sabre Hospitality Solutions ...

The Most Terrifying Personal Data Hacks of All Time (The Most Terrifying Personal Data Hacks of All Time) The danger of major hacks grows every year. See the worst personal data breaches ever and make sure you haven't already fallen prey to some of these issues.

Security Patches, Mitigations, and Software Updates

Intel Urging Users To Not Download Security Update; New Version On The Way (Channel News) Intel has told its users to hold off on updating their software if they haven’t already as it is causing systems to reboot.

Intel promises fixed Spectre patch to stop PCs rebooting (iTnews) As Torvalds declares patches "complete garbage".

Linus Torvalds declares Intel fix for Meltdown/Spectre ‘COMPLETE AND UTTER GARBAGE’ (TechCrunch) The always outspoken Linus Torvalds, best known for his continuing work on the innermost code of Linux systems, has harsh words to say and accusations to..

Stock exchange finally fixes telnet router weakness (Naked Security) Oman’s stock exchange has fixed a serious router security misconfiguration.

Security Threats Remain Despite Oracle Patch Update (Credit Union Times) “The velocity of Java software flaws continues to trend in the wrong direction,” Waratek founder says.

DuckDuckGo adds tracker blocking to help curb the wider surveillance web (TechCrunch) Some major product news from veteran anti-tracking search engine DuckDuckGo: Today it's launched revamped mobile apps and browser extensions that bake in a..

Cyber Trends

Frequency and Complexity of DDoS Attacks is Rising; Defenders Turn to Automation and Managed Services for Support (BusinessWire) NETSCOUT Arbor released its 13th Annual Worldwide Infrastructure Security Report (WISR) offering insights from network and security professionals.

DDoS attacks becoming bigger and more complex, warns report (Computing) DDos attacks are booming with disgruntled gamers and extortionists the biggest threat

Netwrix Survey: 39% of Organizations Blame their Own IT Teams for Security Incidents in the Cloud (PRNewswire) Netwrix Corporation, provider of a visibility platform for user...

Making Your Data Unreadable to Whoever Steals It Might Be the Only Way to Keep It Safe (Entrepreneur) Encryption is slowly becoming the gold standard for data security, which is a tacit acknowledgment that there is no keeping hackers out.

The Culture Connection Gets Real: Secure Software Development Requires a New Mindset (CA Technologies) CA Technologies (NASDAQ:CA) today revealed results following the second phase of a global survey of more than 1,200 IT leaders around the topic of secure software development.

Cybercriminals stole $172 billion from 978 million consumers in the past year (Help Net Security) Consumers are confident they’re safe online, but hackers have proven otherwise, stealing $172 billion from 978 million consumers in 20 countries in the past year.

​Your website is under constant attack (ZDNet) Do you think no one's going to bother with trying to hack your small business website? Think again and start defending your site.

Marketplace

Under the hoodie: what makes bug bounty hunters tick? (Naked Security) Where do they live? Why do they do it? HOW do they do it? HackerOne surveyed its registered ethical hackers to find out.

Does Your Construction Business Need Cyberinsurance? (business.com) Cyberattacks pose an increasing threat to businesses of all sizes. Learn more about cyberinsurance to protect against these attacks.

A Spyware Company Audaciously Offers ‘Cyber Nukes’ (Motherboard) Aglaya, one of the many firms trying to jump on the surveillance gold-rush, is now offering ridiculous capabilities that it compares to a nuclear strike, including at trade shows attended by government agencies.

Nvidia Says 'Gamers Come First' as Cryptocurrency Miners Continue to Hoard GPUs (Motherboard) "We recommend our trading partners to take according measures to ensure they can provide the needs of gamers per usual."

Inside The Fight For One Of The World's Biggest Antivirus Companies (BuzzFeed) Kaspersky Lab is under fire in the US over concerns that it could provide its clients' private — and at times secret — information to the Russian government. A new investigation by Russian news site Meduza, published here exclusively in English, goes inside the battle for control of the company — a battle sources say was won by the side allied with Russian security services.

Russia's former servicemen get unlimited access to Kaspersky Lab clients' computers (Crime Russia) From now on, Russian law enforcement agencies have an opportunity to download any files from the computers, on which the system is installed.⁠

Huawei, ZTE cut lobbying spending but find other ways to spread influe (Reuters) Chinese telecommunications equipment companies Huawei [HWT.UL] and ZTE, which face strong political headwinds in the United States, sharply cut lobbying expenditures last year, according to fourth-quarter spending disclosures.

What does Grindr’s acquisition by a Chinese company mean for users? (Digital Trends) Grindr's recent acquisition has a few intelligence officials and China experts rather concerned about what this could mean for users and their privacy.

What Happens When a Chinese Giant Swoops In on Your Tiny Cryptocurrency (Motherboard) Bitmain maintains a near-monopoly on Bitcoin hardware, now it’s coming for Siacoin.

Another short-lived, overfunded startup is shutting down: Primary Data (TechCrunch) A startup that's operating in stealth mode raises an almost stunning amount of money before it releases a product. Investors write outsized checks to the..

Microsoft reportedly laying off staff (Computing) More cuts across the board at Microsoft, according to reports

Is The Worst Over For IBM? (Seeking Alpha) The strong performance in the fourth quarter was driven by demand for the new IBM z14 mainframe. However, it remains to be seen if IBM will be able to sustain t

Weidenhammer, KnowBE4 form partnership (Reading Eagle) Weidenhammer has partnered with KnowBe4 Security Awareness, the Wyomissing-based technology solution company said in a press release.KnowBe4 is a pro

Corelight Reports Strong Growth in 2017, Listed as a Vendor to Watch in Gartner’s January 2018 Magic Quadrant for Intrusion Detection and Prevention Systems (GlobeNewswire News Room) Corelight, provider of the most powerful network visibility solution for cybersecurity, today announced record growth in 2017 and that it now has 10 of the Fortune 200 as customers.

EVOTEK Expands Leadership Team, Appoints Macy Dennis as Chief Security Officer (PRNewswire) EVOTEK (www.EVOTEK.com), the nation's premier enabler of digital business,...

Fortinet Vet Named Bitdefender Global Channel Chief (Channel Partners) Joe Sykora has more than 20 years of experience in the security industry, previously serving as Fortinet's vice president of Americas channels, sales operations and advanced technologies; and before that he founded, built and sold his own systems integration company.

Michael Cody Joins CounterTack Board of Advisors (PRWeb) Industry veteran will help develop acquisition strategy for leading EDR vendor

Strategic Cyber Ventures Board Names Hank Thomas as New CEO (Business Insider) Strategic Cyber Ventures (SCV), the industry's first cybersecurity focused venture capital firm led by cybersecurity operators, announced today that its Board of Directors has appointed Hank Thomas as Chief Executive Officer (CEO) effective immediately. Thomas, co-founder of SCV, previously served as Chief Operating Officer (COO) and a member of SCV's Board of Directors.

Products, Services, and Solutions

Carbon Black Announces Cb ThreatSight, the Latest Cybersecurity Innovation Powered by the Cb Predictive Security Cloud (PSC) (BusinessWire) Carbon Black, a leader in next-generation endpoint security, today announced the introduction of Cb ThreatSight, the latest cybersecurity innovation powered by the Cb Predictive Security Cloud ™ (PSC).

Anonymizer Supports Network Neutrality by Preserving Online Anonymity (BusinessWire) Anonymizer Inc. today announced its continued support for network neutrality.

Air Force Space Command Awards Telos General and Special Agent of the Security Control Assessor License (Telos) Telos’ licenses renewed for providing fast and experienced cyber security and risk management services and streamlined accreditations in Air Force environments.

Technologies, Techniques, and Standards

Give Your Users a Leg Up with Clear Security Guidelines (CSO Online) Anticipate all the possibilities, then create and communicate workable recommendations for every stage of the data lifecycle.

The Marine Corps Wants to Make Cyber More Like Special Ops (Military.com) Marine leaders have been vocal about their desire to build more cyber capabilities into the force.

Research and Development

The new-age Manhattan Project: How do we protect today’s secrets from tomorrow’s quantum computers? (Fedscoop) While quantum computers aren't here yet, there are growing calls to develop the cryptography to protect against them today.

For a moonshot, you need more than just the moon (CSO Online) At one time, we were challenged to ask not what our country could do for us but what we could do for our country. It is time that the leading organizations in digital technology come together once again to ask the same.

Academia

Delaware Announces Innovative Cybersecurity Partnership for Young Women (State of Delaware News) Governor announces a cybersecurity partnership, Girls Go CyberStart, that offers online cybersecurity training for young women in Delaware high schools.

Legislation, Policy, and Regulation

Exclusive: Top cybersecurity experts give advice for the Davos crowd (Yahoo! Finance) Cybersecurity is top of mind for many attendees of Davos.

U.S. Sanctions Abet Iranian Internet Censorship (Foreign Policy) If the United States wants to stand behind the next #IranProtests, it should liberalize rules that impede access to cutting-edge tools against repression.

Anti-terror states: Qatar’s provocations undermining security will be confronted (Al Arabiya) The Ministers of Foreign Affairs of the four Arab countries combating terrorism; Saudi Arabia, Egypt

What you need to know about the government's renewed surveillance law (Yahoo! Finance) Congress has renewed the National Security Agency's controversial surveillance bill, and it could have an impact on Americans.

Daines Upset Over FISA Reauthorization Bill (AM 1450 KMMS) Senator Steve Daines is upset about legislation to reauthorize the Foreign Intelligence Surveillance Act, without fixing the necessary reforms needed to protect Americans’ Fourth Amendment rights.

Montana governor’s executive order could force ISPs to follow net neutrality rules (TechCrunch) The FCC’s wildly unpopular decision to kill net neutrality has sent legislators, companies and individuals scrambling for ways to keep the Obama-era..

California to make it harder for your license plate to be tracked (Naked Security) In other words keep data-collecting, privacy-invading license plate cameras away from our cars.

Litigation, Investigation, and Law Enforcement

Human trafficking victims forced to defraud Chinese computer users (Help Net Security) The Croatian police executed a coordinated raid on two houses where 59 individuals were confined and forced into defrauding Chinese and Taiwanese computer and smartphone users.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Legal CIO (New York, New York, USA, January 31 - February 1, 2018) LegalCIO: Formerly the Law Firm Chief Information and Technology Officers Forum, combines cutting-edge updates on legal technologies with the chance to exchange practical guidance and discuss daily challenges...

Upcoming Events

DistribuTECH (San Antonio, Texas, USA, January 23 - 25, 2018) The 15-track conference brings industry thought leaders from all over the world opportunities to network, share knowledge and problem solve with worldwide utilities and product and service providers. Among...

CYBERTACOS (Arlington, Virginia, USA, January 24, 2018) CYBERTACOS is back and becoming one of the DC metro area’s biggest cybersecurity networking events! Register today and join us for networking, food and drinks. This event includes a 45-minute meet the...

ATARC Federal CISO Summit (Washington, DC, USA, January 25, 2018) This educational, one-day symposium will discuss the security challenges faced by Federal Chief Information Security Officers and examine the lessons learned and best practices used to secure the information...

Connected Medical Device and IoT Security Summit (Baltimore, Maryland, USA, January 25 - 26, 2018) We are at a critical juncture in Healthcare. As an industry, we must combat these threats in multiple dimensions and on many fronts. The Summit will bring together healthcare, medical device, and security...

CyberUSA (San Antonio, Texas, USA, January 29 - 30, 2018) The CyberUSA Conference will be held in San Antonio, TX at the Henry B. Gonzalez Convention Center on Tuesday, January 30, 2018. A welcome reception will be held on the evening of Monday, January 29, 2018.

Women in Data Protection, Securing Medical Devices and Health Records (Washington, DC, USA, February 9, 2018) Join some of the top cyber and privacy professionals as they talk about the landscape of the medical device and electronic health records market. They will also talk about the dangers to patients' health...

Security Titans (Scottsdale, Arizona, USA, February 23, 2018) Security Titans is a ground-breaking event, bringing the biggest names in Information Security together - all in one day, on a single stage to give the nation's cyber security industry access to the very...

European Cybersecurity Forum – CYBERSEC Brussels (Brussels, Belgium, February 27, 2018) CYBERSEC Forum is an unique opportunity to meet and discuss the current issues of cyber disruption and ever-changing landscape of cybersecurity related threats. Our mission is to foster the building of...

Insider Threat Program Management With Legal Guidance Training Course (Herndon, Virginia, USA, March 6 - 7, 2018) The course will cover current regulations like National Insider Threat Policy NITP and NISPOM Conforming Change 2, and more. The course will provide the ITP Manager and Facility Security Officer with the...

SINET ITSEF 2018 (Silicon Valley, California, USA, March 7 - 8, 2018) Bridging the gap between Silicon Valley and the Beltway. SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.