skip navigation

More signal. Less noise.

Daily briefing.

Ukraine continues to investigate Saturday's apparent cyberattack on the electrical utility serving Kiev and its environs. Authorities, who say the outage was remediated in less than an hour and a half, disclosed the incident yesterday.

The ShadowBrokers, whose English hasn't improved even to the point of broken plausibility, are still offering Equation Group code at a deep discount.

In the Subcontinent, the "Team Pak Cyber Attackers" deface Google's Bangladesh domain with a security awareness taunt; the incident seems more skid caper than patriotic hacktivism or other serious attempt. 

OurMine is back, hacking a Netflix Twitter account and other high-profile online identities.

Panasonic denies with some heat an IOActive report that Panasonic in-flight entertainment systems could compromise airline passenger data or even open flight control systems to interference. IOActive stands by its claims.

After last week's disclosure of Yahoo!'s second major breach, Verizon is rumored to be reviewing its planned acquisition of Yahoo!'s core assets. What Verizon eventually does is likely to set significant precedents in M&A activity.

NIST asks cryptographers for input on information security standards in a post-quantum-computing world.

Wassenaar renegotiation will be deferred, in the US, until the new Administration takes office.

German police pursue suspected terrorists' online trail as ISIS claims responsibility for the murders committed at the Berlin Christmas market. ISIS appears to be concentrating its recruiting effort on children—one twelve-year-old is suspected of building a nail bomb for use against "Crusader" targets. Much Caliphate current chatter appears to fantasize about attacking Christians observing Christmas.


Today's issue includes events affecting Australia, Bangladesh, China, European Union, Pakistan, Russia, Saudi Arabia, Ukraine, United Kingdom, United States.

A note to our readers: We'll be observing US Federal holidays, as is our custom, and since this year both Christmas and New Year's Day fall on Sunday, that means we'll take a break on Monday, December 26th, and again on Monday, January 2nd. Other than that we'll publish on our normal schedule.

An additional, Kessel-themed note: The new Star Wars flick, Rogue One, is billed as "the epic tale of a scrappy group of rebels and their daring mission to steal the plans for the Death Star." Given what's known about information security, however, one wonders if perhaps the plans might actually have been compromised in a different way. (Like using "camaro" as your password for both a deathstar [dot] edu email account and your Heavybreather social media handle...not that a Sith Lord and a T.I.E. ace would do that, y'know...)

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we'll hear from our partners at the Johns Hopkins University, as Joe Carrigan talks about the use of burner email addresses (and not dot-gov or dot-mil). us on recent advances in homomorphic encryption. Our guest, Sam McLane from Arctic Wolf, takes up those aspects of an incident response plan people commonly overlook.

A special edition of our Podcast is also up—the topic is venture capital. In it we examine the current state of investment in cyber security, speak to experts in the field, and learn from top cyber security-focused venture capitalists about what they expect before they invest.

The podcast will take a holiday break on December 26th and January 2nd. Next week, December 27th through December 30th, we'll be running special best-of-episodes from 2016. All returns to normal on January 3rd. Today marks a milestone for us: it's the first anniversary of the CyberWire Daily Podcast's soft launch. A special thanks to those who've participated in the more than 500 interviews we've been able to include in our programming. If you've enjoyed the podcasts, please consider giving us an iTunes review. On the day we first podcast we had three downloads; a year later we're seeing several thousand daily. So, as always, but especially today, thanks for listening.

Cyber Attacks, Threats, and Vulnerabilities

Ukraine investigates suspected cyber attack on Kiev power grid (Reuters) Ukraine is investigating a suspected cyber attack on Kiev's power grid at the weekend, the latest in a series of strikes on its energy and financial infrastructure, the head of the state-run power distributor said on Tuesday

Germany Releases Berlin Attack Suspect as ISIS Claims Involvement (New York Times) For a Germany that likes to see itself as meticulous, the slip-up was startling: Hours after the authorities said they had grabbed a suspect in the deadly truck rampage at a Christmas market in Berlin, they acknowledged they may have detained the wrong man and began a desperate search for the actual driver

The Virtual Caliphate: ISIS's Information Warfare (Institute for the Study of War) The Islamic State of Iraq and al-Sham (ISIS) poses an evolving threat to the U.S., its allies, and its broader interests. Its approach to information warfare has represented a key component of its overall strategy, including during the period it has faced sustained pressure. ISIS has suffered significant setbacks on the ground, yet has demonstrated the ability to adapt

Amid rising German fears, experts warn of a new attacker profile in Europe: ‘Underage terrorists’ (Washington Post) Over the weekend, Germany's attention was focused on a 12-year-old boy with Iraqi parents who had allegedly planned a nail bomb attack at a German Christmas market. He may have received instructions from the Islamic State, according to media reports that cited unnamed intelligence sources

Pakistani hackers deface Google Bangladesh domain (HackRead) It looks like a case of DNS hijacking

When a Russian-speaking hacker cracks a US Election website… (Naked Security) Lots of people seem to be seriously worried about the question, “Did Russia hack the US election?”

Russian group used Harvard paper that warned of election hacking to hack nonprofits, report says (MassLive) Hackers believed to be the same Russians who stole emails from the Democratic National Committee used a fabricated Harvard University paper to steal data from think tanks and nonprofits, according to a cybersecurity firm

PowerDuke: Widespread Post-Election Spear Phishing Campaigns Targeting Think Tanks and NGOs (Volexity) In the wake of the 2016 United States Presidential Election, not even six hours after Donald Trump became the nation’s President-Elect, an advanced persistent threat (APT) group launched a series of coordinated and well-planned spear phishing campaigns

Shadow Brokers are back with ‘stolen NSA cyberweapons’, now 99.9% off (Naked Security) Remember Shadow Brokers?

The Great Cyber Game: Commentary (3) (Medium) In the first part of this commentary I looked at what and why the cyber full court press is happening. The second part was a textual analysis of the Shadow Brokers drop (matryoshka messaging.) This third part will explore how we know that this was such an expensive message

Malware Disguises Installer as Windows "Save As" Dialog Box (Bleeping Computer) Malware distributed via affiliate programs and bundled with other applications is using a devious tactic to fool users into installing it on their systems

Census outage marked boom year for global DDoS attacks (CSO) 85 per cent of attacked organizations were hit more than once

Cyber Attack: The Next Frontier is the One You Don't See (IoT Evolution) The IoT is in a quiet crisis

OurMine hacks Netflix’s U.S. Twitter account (TechCrunch) OurMine is up to its old tricks again, with an attack on Netflix’s official U.S. Twitter account. The hacking team has been responsible for taking over a number of high-profile Twitter accounts during the past year or so, including Google’s Sundar Pichai, actor Channing Tatum – and us, TechCrunch dot com

Hackers Expose Security Flaws with Major Airlines (Newsweek) Updated | Security vulnerabilities within entertainment systems used by 13 major airlines could allow hackers to infiltrate in-flight systems, researchers claim

Panasonic Inflight Entertainment System Vulnerable To Attack (Dark Reading) Flaws could theoretically allow access to aircraft control systems, IOActive says in disputed report

Panaxonic, IOActive Clash on Vulnerability Report (Threatpost) Panasonic Avionics has pushed back against research released Tuesday by IOActive suggesting that in-flight entertainment system firmware used by more than a dozen airlines contains vulnerabilities that allow a local attacker to manipulate data displayed to passengers, or put their personal data at risk

Pen Tester in Bust Up with Aircraft Electronics Firm (Infosecurity Magazine) Pen testing firm IOActive has been forced to defend its findings after Panasonic Avionics reacted angrily to a new report highlighting potential weaknesses in aircraft computer systems this week

Report: $3-5M in Ad Fraud Daily from ‘Methbot’ (KrebsOnSecurity) New research suggests that an elaborate cybercrime ring is responsible for stealing between $3 million and $5 million worth of revenue from online publishers and video advertising networks each day. Experts say the scam relies on a vast network of cloaked Internet addresses, rented data centers, phony Web sites and fake users made to look like real people watching short ad segments online

One phishing attack: 756K potential victims (CIO Dive) More than 756,000 Californians are currently being notified that their private information may have been compromised after a single phishing email scammed 108 Los Angeles County employees last May

WAN Complexity Hampers Security for Orgs (Infosecurity Magazine) Complexity at branch locations is the primary factor that makes securing and managing WAN a major struggle for organizations

Cyber Trends

12 cybersecurity trends & predictions for 2017 (IT Pro Portal) Identity, Internet of Things and blockchain technology will shape up IT in 2017

G DATA Security-Ausblick 2017: Mittelstand, kritische Infrastrukturen und IoT-Geräte rücken in den Fokus der Angreifer (FinanzNachrichten) Erpressertrojaner waren das IT-Sicherheits-Thema im Jahr 2016


Insurance Stats Reveal UK Firms’ Poor Cybersecurity (Infosecurity Magazine) UK firms still have lower levels of cybersecurity maturity than their US counterparts, according to newly revealed stats from a leading global underwriting firm

If hacks scuttle Yahoo’s sale to Verizon, it could set precedent (San Francisco Chronicle) Cybersecurity is an increasingly important consideration in tech mergers and acquisitions — and Verizon’s fraught acquisition of Yahoo may serve as a blueprint for future deals, experts say

RUAG Acquires Cyber Security Specialist Clearswift (PRNewswire) The RUAG Defence division is acquiring the British Cyber Security specialist Clearswift. With this acquisition, RUAG is making a significant investment in the expansion and long-term development of its cyber security business. Clearswift's leading products will be a significant addition to the RUAG Defence Cyber Security business unit. As previously announced, the business unit will be headed by cyber security expert Dietmar Thelen as of 1 January 2017

Huawei in talks to buy Israeli cyber company HexaTier: sources (Reuters) Chinese smartphone maker Huawei [HWT.UL] is negotiating the acquisition of Israeli start-up HexaTier, whose technology secures databases in the cloud, industry sources in the two countries said on Tuesday

root9B Holdings Announces Uplisting to Nasdaq Capital Market; Stock to Commence Trading on December 21, 2016 (Yahoo! Finance) root9B Holdings, Inc. (RTNB) ("Company") today announced that its common stock has been approved for listing on the Nasdaq Capital Market, and will commence trading under the symbol "RTNB" at the opening of trading on December 21, 2016

root9B Holdings Announces Definitive Agreement for the Sale of CEI Subsidiary; Company Announces Availability of Chairman's Letter to Stockholders (PRNewswire) oot9B Holdings, Inc. (OTCQB: RTNBD) ("Company") today announced the signing of a definitive stock purchase agreement for the sale of its wholly-owned subsidiary Control Engineering, Inc. ("CEI"). Closing of the transaction, which is subject to certain specified terms and conditions, is expected by December 31, 2016

Bugcrowd Caps 2016 with Record Growth (Yahoo!) Bugcrowd, the leader in crowdsourced security testing, today announced the company has achieved its fourth consecutive year of significant growth with nearly double the number of fully-managed programs and nearly triple the payouts to security researchers in their 45,000-strong crowd. In 2016, the company also expanded its executive team, released new innovations to its Crowdcontrol platform and more than doubled employee headcount

Blue Coat buy syncs with Symantec’s vision: Brian Kenyon (CSO) 'Our integrated cyber defence strategy is an impeccable arsenal for CSOs' says Brian Kenyon, Chief Strategy Officer, Symantec

Why Cisco Systems Could Have a Great 2017 (Fox Business) Networking hardware giant Cisco Systems (NASDAQ: CSCO) has been cautious when talking about its outlook for the new year. The company is anticipating a revenue decline during its fiscal second quarter, driven by what the company calls "a challenging global business environment." CEO Chuck Robbins pointed to macroeconomic uncertainty as well as uncertainty surrounding the political and regulatory environments following the election as the main reasons for the weak guidance. The company is taking a conservative approach and not modeling any improvement in these areas going forward

Darktrace CEO Poppy Gustafsson on how to raise $104.5m and employing curious minds (Tech City News) At Tech City News, we’re always keen to shine a light on members of the UK’s growing technology community

Security Current Surveys Chief Information Security Officers (CISOs), Finds Average Salary of $273,033 in the United States (PRNewswire) Seventy-four CISOs across industries and regions take part

Products, Services, and Solutions

Contrast Security Makes .NET Applications Self-Defending (PRNewswire) Contrast Security, the leader in next-generation application security, today announced that Contrast Protect now supports Microsoft .NET applications. Contrast Protect uses runtime application self-protection (RASP) technology to empower applications to automatically detect and fix vulnerabilities, identify attacks and defend themselves. Microsoft .NET remains one of the top three enterprise application development environments. As a result, more enterprise applications can be self-protecting than ever before

SAIC and root9B Partner to Offer Advanced Cybersecurity Simulation and Training (BusinessWire) Science Applications International Corp. (NYSE: SAIC) is teaming with root9B, a root9B Holdings Company (OTCQB: RTNBD), to provide advanced cybersecurity training and simulation environments to government clients. As part of the agreement, SAIC and root9B will focus on redefining how organizations prepare their personnel to conduct cyber operations through tailored training, dynamic simulation, and realistic scenarios

Outertech Releases Cacheman 10.03 Windows Optimizer That Improves Performance, Privacy, and Security of a PC (PRNewswire) Memory is one of the most important pieces of computer hardware as it is in constant use no matter what a PC is used for. Many variables can influence the speed and performance of memory, and this in turn will affect the overall performance of a computer. Cacheman (short for Cache manager) can help by making it possible to automatically optimize system cache and take control of RAM. A computer cache is a software or hardware component that stores user data so that future requests for that data can be served faster

Inside LeakedSource and Its Database of 3 Billion Hacked Accounts (Wired) By new it's hard to keep track of which companies have been hacked and which haven’t. Remember the FourSquare hack? What about Adobe? Even breaches that were high-profile at the time are fading into obscurity as bigger and scarier ones crop up. (Ahem, Yahoo.) And if you can’t remember what’s been hacked, you’re probably struggling to keep track of which leaks have included your personal data. That’s where “the Google of data breaches” comes in

Technologies, Techniques, and Standards

NIST Asks Public to Help Future-Proof Electronic Information (NIST) The National Institute of Standards and Technology (NIST) is officially asking the public for help heading off a looming threat to information security: quantum computers, which could potentially break the encryption codes used to protect privacy in digital systems. NIST is requesting methods and strategies from the world’s cryptographers, with the deadline less than a year away

Rapid7 Named CVE Numbering Authority (Infosecurity Magazine) Security firm Rapid7 has been designated as a Common Vulnerability and Exposures (CVE) Numbering Authority (CNA)

New Decryptor Unlocks Cryptxxx v.3 Files (Threatpost) Researchers have neutralized the threat of the latest strain of the CryptXXX v.3 ransomware, releasing a decryption tool for unlocking files, and have added it to the RannohDecryptor, a free utility hosted by Kaspersky Lab’s No Ransom Project.

‘Lock down Your Login’ to Improve Security (ReadITQuik) The National Cyber Security Alliance (NCSA), a non-profit public-private partnership that promotes awareness and education on cyber-security and privacy in the United States of America, has shared some tips to enhance personal security in an era when the boundary between our digital and personal lives is quickly vanishing. With the world becoming more and more connected, NCSA advises that individuals should also commit to staying safe and secure when online, in order to protect personal data

Design and Innovation

How Google’s Search business and humanity’s information is disappearing (TechCrunch) Search, Google’s crown jewel, and humanity’s way of finding the world’s information, has big problems. These problems threaten the internet as we know it; if they’re allowed to continue developing, unchecked, the consequences will be far-reaching and severe. Collectively, these threats are called Dark Matter

DoD unveils open data project (C4ISRNET) The Defense Department is continuing to break down digital barriers, this time unveiling an open data project. — a cooperative project with, a data resource organization — and the Defense Digital Services within the Pentagon seek to make military data available and searchable

IBM blockchain in healthcare rallies for patients (CIO) IBM is creating solutions to connect the global healthcare delivery system. A recent IBM Institute for Business Value survey found the trailblazers of blockchain adoption will focus on three areas

Legislation, Policy, and Regulation

Wasenaar Renegotiaion will be in Trump Administration's Hands (Threatpost) A nearly two-year effort to renegotiate language related to export controls around intrusion software in the Wassenaar Arrangement was rejected earlier this month during the member states’ plenary meeting

Wassenaar weapons pact talks collapse leaving software exploit exports in limbo (Register) Some progress, but it's glacial

Tech companies like Privacy Shield but worry about legal challenges (CSO) The future of data transfers between the EU and US is uncertain, companies say

U.S. Blacklists 15 Russian Entities Linked to Ukraine and Crimea (New York Times) President Obama on Tuesday blacklisted 15 Russian individuals and companies for their dealings in Crimea and Ukraine, creating an early test for the new administration of President-elect Donald J. Trump, who is widely expected to roll back the pressure campaign against Russia

Obama's long years of cyber neglect (Washington Examiner) President Obama is calling on President-elect Trump to prevent foreign cyber-meddling in future U.S. elections. But Obama himself already has had the power to preempt cyberattacks — a power he has used poorly and insufficiently, according to experts and Obama's opponents

Congressional report sides with Apple on encryption debate (CSO) The bipartisan panel advises Congress to look into using legal hacking methods to break into tech products

Operationalizing Cyberspace to Prevail in the Competition of Wills (Small Wars Journal) Human factors in military operations must become a central consideration in Joint Force campaign planning and execution

DOD watchdog lists top 10 challenges for 2017 (FCW) The Department of Defense Office of Inspector General has released its 2017 Oversight Plan that outlines 10 areas of focus, including cyber

For America's Top Spy Catcher, A World Of Problems To Fix — And Prevent (NPR) William Evanina holds two official job titles: national counterintelligence executive and director of the National Counterintelligence and Security Center

Dear Mr. Trump: To ‘Cyber’ Better, Try the Blockchain (Wired) A massive distributed denial-of-service (DDoS) attack took several high-profile websites—Twitter, Amazon, the New York Times, even WIRED—offline in October. This attack didn’t target any of these companies directly, but rather Dyn, the company that provides DNS services for each of those sites. Dyn is one of many vulnerable, centralized chokepoints in the infrastructure of the web; a targeted attack on this one company allowed the perpetrators to momentarily disable a big chunk of the internet for people all over the US. The attack is an unsettling precedent and should serve as a warning: Our digital infrastructure is more fragile than we imagine

EFF urges companies to prepare for more surveillance and censorship (TechCrunch) The Electronic Frontier Foundation – a group of tech pioneers trying to keep the Internet open and free – have published an open letter to tech companies pleading them to prepare for an era of increased Internet surveillance and censorship

Litigation, Investigation, and Law Enforcement

Investigatory Powers Act mass surveillance powers ruled illegal by ECJ (Computing) Key chunk of Investigatory Powers Act is illegal, declares European Court of Justice

Cloud security vendor Zscaler bats away patent infringement lawsuit (TechCrunch) Symantec, one of the world’s largest cybersecurity companies, closed its giant acquisition of Blue Coat Systems in August, ushering in a new regime under incoming CEO Greg Clark. He hasn’t wasted much time in disparaging upstarts in the market, either, including the well-funded, venture-backed companies Cylance, Tanium and Carbon Black

Anonymous’ Barrett Brown Is Free—and Ready to Pick New Fights (Wired) When Barrett Brown was arrested in his home by FBI agents in 2012—a moment captured by chance in a public videochat streamed to his fans and haters alike—the hacker group Anonymous was an online force to be reckoned with. Just nine months earlier the group had hacked the private intelligence firm Stratfor and dumped five million of its emails, the crime to which Brown would later be tied and sentenced to five years in prison

VW agrees to $1 billion settlement over 3.0L diesels from emissions scandal (Ars Technica) Specifics of owner compensation have not been meted out yet, though

Sexuelle Übergriffe durch einen Lehrer an Wetzlarer Werner-von-Siemens-Schule ( Gießener Anzeiger) Nachdem Anfang November der Leitung der Werner-von-Siemens-Schule in Wetzlar sexuelle Übergriffe eines Lehrers bekannt wurden, schaltete sie sofort die Kriminalpolizei ein. Staatsanwaltschaft und Kriminalpolizei in Wetzlar ermitteln derzeit gegen einen 40-jährigen Lehrer dieser Einrichtung, wie diese in einer gemeinsamen Presseerklärung bekannt gaben

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

CES® CyberSecurity Forum (Las Vegas, Nevada, USA, January 5, 2017) Now in its second year, the CES® CyberSecurity Forum presented by CyberVista is designed to ensure all stakeholders in developing high tech solutions understand the complexity and the need for action in...

SANS Security East 2017 (New Orleans, Louisiana, USA, January 9 - 14, 2017) Start the year off right by choosing from outstanding, cutting-edge courses presented by our top-rated instructors. SANS is looking forward to an exciting kickoff of 2017 with SANS Security East 2017 in...

Global Institute CISO Series Accelerating the Rise & Evolution of the 21st Century CISO (Scottsdale, Arizona, USA, January 11 - 12, 2017) These intimate workshops address the challenges that Board of Directors are placing on security and risk executives, and how to successfully manage and communicate today’s enterprise and organizational...

Cybersecurity of Critical Infrastructure Summit 2017 (College Station, Texas, USA, January 11 - 13, 2017) An inaugural event to convene thought-leaders, experts, and strategic decision makers from government, industry, and academia to discuss the technology and policy implications of the ever-evolving cyber-threats...

ShmooCon 2017 (Washington, DC, USA, January 15 - 17, 2017) ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and...

SANS Las Vegas 2017 (Las Vegas, Nevada, USA, January 23 - 28, 2017) Attend SANS Las Vegas 2017, where SANS will provide outstanding courses in IT security, forensics, and security management presented by the best cybersecurity teachers in the country. At SANS events you...

BlueHat IL (Tel Aviv, Israel, January 24 - 25, 2017) Announcing BlueHat IL – a special edition of Microsoft's leading cyber security conference for top professionals, to be held for the very first time in Tel Aviv, Israel. Over the past 10 years, BlueHat conferences have drawn the brightest minds in security to discuss key industry challenges. And now, BlueHat IL is here to crank it up by exploring and creating new cyber security thoughts and boundaries. This exclusive, by invitation only, single track event will host top cyber security professionals from around the world, who will come together to tackle the present and peek into the future. It will feature brilliant speakers and focus on breakthrough research, key trends and emerging threats in the field. Registration closes December 28.

SANS Cyber Threat Intelligence Summit & Training 2017 (Arlington, Virginia, USA, January 25 - February 1, 2017) Join SANS at this innovative Summit as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities. Most organizations are familiar with threat intelligence, but...

Blockchain Protocol and Security Engineering (Stanford, California, USA, January 26 - 27, 2017) This conference will explore the use of formal methods, empirical analysis, and risk modeling to better understand security and systemic risk in blockchain protocols. The conference aims to foster multidisciplinary...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.