skip navigation

More signal. Less noise.

How are you handling your cloud monitoring and security?

Cloud providers offer many security measures, but you’re ultimately responsible for securing your own data. While 53% of organizations are training their staff to manage cloud security, 30% of organizations plan to partner with an MSP. In our white paper, we discuss the considerations you need to make before choosing a solution.

Daily briefing.

Friday it was announced that Nghia Hoang Pho had pleaded guilty in the US District Court for the District of Maryland to willful retention of national defense information: between 2010 and May 2015, he took quantities of classified information home, with him, both in hard-copy and on his laptop. According to documents unsealed Friday, Pho was a developer with the National Security Agency's Tailored Access Operations (TAO) unit. He faces up to ten years in prison. He's free until sentencing, scheduled for April 6th, 2018.

The laptop Pho used to take classified information home with him is the one that's long been discussed in connection with the US Government's ban on Kaspersky products. He had Kaspersky security software installed which detected some of the sensitive files he'd placed on his machine. Kaspersky acknowledges that it did detect the files, but denies having read them, or done anything with them. Pho doesn't appear to be the source of the Shadow Brokers' leaks, so that mole-hunt remains ongoing.

Ciaran Martin, director of the UK's National Cyber Security Centre, Friday advised permanent departmental secretaries that Kaspersky software should not be used in systems holding information whose compromise would damage British national security. Saturday Barclay's withdrew free Kaspersky software it formerly provided to customers.

A PayPal Canadian unit, TIO Networks, reports losing 1.6 million customers' information in a breach.

Developments in the Uber breach investigation and litigation involving Waymo prompt three more Uber executives to leave the company.

Recent Apple patches are being tweaked.


Today's issue includes events affecting Brazil, Canada, China, European Union, Republic of Korea, Netherlands, Russia, United Kingdom, United States.

DevSecOps experts from Visa and CYBRIC talk cyber threat survival.

How can you protect yourselves against breaches like Equifax? Swapnil Deshmukh, Sr. Director of Emerging Technologies Security, Visa and Mike D. Kail, CTO, CYBRIC weigh in. Rapid innovation and continuous delivery via DevOps exposes organizations to a constant, evolving cyber threat. Seamlessly embedding continuous security within existing ecosystems will enforce security across the production environment. In this webinar, you’ll learn cultural changes needed for true DevSecOps. Register for this webinar December 12 at 1PM ET.

In today's podcast, we hear from our partners at the SANS Institute and the ISC Stormcast, as Johannes Ullrich talks about the Kaspersky data exfiltration accusations.

Flying Blind: 2017 Cloud Configurations Gone Wrong (Webinar, December 7, 2017) How can you avoid data breaches from public cloud misconfigurations in the future? Join our team of cloud security experts for a 45-minute webinar to learn more about the steps you can take to improve your cloud security posture and keep your critical information protected.

Earn a master’s degree in cybersecurity from SANS (Online, December 21, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Thursday, December 21st, at 12:00pm noon ET. For complete information on master’s degree and graduate certificate programs, visit

Cyber Attacks, Threats, and Vulnerabilities

Russia Is Now Providing North Korea With Internet: What That Could Mean For Cyber Warfare (Forbes) Amid diplomatic fallout between North Korea and China, its only major trade partner, Russia is positioning itself to be a stronger North Korean ally, reaching out to provide North Korea with an internet connection.

'We are not safe' – Russia will 'target UK and influence operations' using a simple trick (Express) Russia could “target the UK” and “influence operations” through loopholes in commonly used software, a cyber security chief has claimed.

Hacking the House: are MPs cyber-secure? (BBC News) Security experts are horrified by a claim that many politicians routinely share passwords with staff.

When Terrorists Learn How to Hack (The Cipher Brief) Terrorist groups are expanding their use of the internet beyond mere messaging and disseminating operational know-how, slowly adding a cyber-hacking toolset that could one day rival that of criminal or state-sponsored hacking. To date attacks have included website defacement, doxing of personally identifiable information, and distributed denial of service (DDoS) attacks. But this could grow …

Leaked DHS memo accused drone maker DJI of spying for China (CSO Online) An intelligence-issued bulletin accused popular drone manufacturer DJI of spying for China.

FBI Warns of Mounting Collaboration Between Nations, Criminals to Launch Cyberattacks (Washington Free Beacon) FBI Director Christopher Wray warned that adversarial governments are more often collaborating with criminals to carryout cyber attacks against the U.S.

A Tricky PayPal Phishing Scam That Comes From Official PayPal Email (HackRead) Nothing is surprising about a PayPal phishing scam but what might raise some eyebrows is the fact that these scams are becoming sophisticated day by day. U

Phishing campaign uses old ".bat" script to spread banking malware - and it is flying under the radar (SANS Internet Storm Center) While hunting this week, I came across a phishing campaign spreading a banking malware using an old DOS Batch script to drop it.

UBoatRAT targets firms in East Asia (SC Media UK) A new remote access Trojan (RAT) has been discovered aiming at people and organisations based in South Korea.

Google Detects New Android Malware Can Spy Users (Digimark Times) Recently, the security team of the tech giant Google has discovered a new variety of Android Malware for the well-known and most widely used Android operating system.

Thousands of Serial-To-Ethernet Devices Leak Telnet Passwords (BleepingComputer) A security researcher has identified thousands of Serial-to-Ethernet devices connected online that leak Telnet passwords that could be used to attack the equipment that is placed behind them.

How susceptible are you to enterprise phishing? (Enterprise Times) PhishMe Enterprise Phishing Resiliency and Defence Report 2017 shows that companies and users are getting better at spotting phishing attacks.

Halloware Ransomware on Sale on the Dark Web for Only $40 (BleepingComputer) A malware author by the name of Luc1F3R is peddling a new ransomware strain called Halloware for the lowly price of $40.

New Shadow BTCware Ransomware Variant Released (BleepingComputer) A new variant of the BTCWare ransomware was discovered by Michael Gillespie, that appends the .[email]-id-id.shadow extension to encrypted files. The BTCWare family of ransomware infections targets its victims by hacking into poorly protected remote desktop services and manually installing the ransomware.

Top five ransomware attacks that caught the world’s attention (TEISS) Security research firm Malwarebytes had, in August, revealed that Mac and Android devices were hit by more ransomware attacks in the first half of this year compared to all of 2016, thereby signifying how this attack vector has become a weapon a choice for cyber criminals.

What's Behind the Rising Tide of Ransomware? (Security Intelligence) The rate of ransomware is rising, largely due to the availability of exploit kits and ransomware-as-a-service (RaaS) packages in underground marketplaces.

Cryptocurrency apps for Android are a security vulnerability minefield (TechRepublic) Bitcoin app developers take note: Nearly 100% of Android apps contain serious vulnerabilities that could compromise user security and wallets.

Cyber-thieves cash in on Bitcoin boom (BBC News) The Bitcoin boom has prompted a massive rise in crypto-currency based malware, experts say.

PayPal Says 1.6 Million Customer Details Stolen in Breach at Canadian Subsidiary (BleepingComputer) PayPal says that one of the companies it recently acquired suffered a security incident during which an attacker appears to have accessed servers that stored information for 1.6 million customers.

Victoria's Secret warned of impending cyber attack (Lingerie Insight) Cybercriminals are planning to offer tools to hack the lingerie brand and its customers, research shows.

Hacked Password Service Leakbase Goes Dark (KrebsOnSecurity) Leakbase, a Web site that indexed and sold access to billions of usernames and passwords stolen in some of the world largest data breaches, has closed up shop. A source close to the matter says the service was taken down in a law enforcement sting that may be tied to the Dutch police raid of the Hansa dark web market earlier this year.

Student Hacks High School, Changes Grades, and Sends College Applications (BleepingComputer) Tenafly High School has informed parents earlier this month that a student has gained access to its internal IT systems, changed grades to improve his GPA, and sent out college applications immediately after.

CyberX Security Researchers Demonstrate How to Jump the ICS/SCADA Air Gap at Black Hat Europe 2017 (Business Insider) CyberX, provider of the most widely-deployed industrial cybersecurity platform for continuously reducing industrial control system (ICS) risk, today announced that its groundbreaking ICS security research will be featured at Black Hat Europe 2017 in London

Britain's undersea internet links can be attacked (Computing) Attack on IT under the sea

Covert warfare: How likely are attacks on the UK's critical infrastructure? (SC Magazine) Attacks on critical national infrastructure are growing in number and sophistication. So how big is the UK's risk?

Electric reclosers can be hacked to cause wildfires (Control Global) The ability to communicate by Bluetooth provides a potential doorway for cyber attackers to manipulate utilities recloser operation.

Security Patches, Mitigations, and Software Updates

Multiple Vulnerabilities in Cisco Data Center Network Manager Software (Cisco) Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software.

Updating macOS can bring back the nasty “root” security bug (Ars Technica) The security fix was rolled back when users updated to macOS 10.13.1.

iOS 11 Encrypted Backup Change Reduces Security, Boosts Data Safety (TidBits) In iOS 11, Apple has changed things so encrypted iTunes backups can now be restored with either the separate backup password or the device passcode. This move reduces security, but it also reduces the likelihood that users will forget the password and lose access to their backups.

Microsoft discharges Windows XP fix for WannaCrypt ransomware (Magazish) Still resolutely running an old variant of Windows, in spite of the security dangers?

Cyber Trends

Five key trends to watch in 2018 as cybercriminals continue to innovate (Help Net Security) When it comes to key infosec trends 2018 will be interesting. Human intelligence amplified by technology will be the winning factor in the arms race.

The next Sputnik: Here's why US stands to lose technological edge to China (Defense News) As defense companies struggle to balance the interests of the military customers with those of shareholders, the Pentagon needs to rethink how it buys or else risk sacrificing its technological edge.

Heightened security risks dictate a proactive corporate board (SecurityInfoWatch) Juggling risks in today's threat landscape is a delicate balancing act for business leaders

The right to be forgotten: 75% of employees likely to exercise GDPR rights (Information Age) The right to be forgotten is a major aspect of the impending GDPR, and it could cause severe headaches for businesses

IT Staff Blame Themselves for Security Risk (Infosecurity Magazine) IT staff have access to business-critical data through the IT systems they manage, making them a prime target for cyber-criminals.

2018 & Beyond – Cybersecurity’s Future (BizCatalyst) Perspectives from 3 of the top SMEs in information security

Was Online-Spieler über IT-Sicherheit denken (Eurogamer) Was denken eigentlich Online-Spieler über das Thema IT-Sicherheit.


UK cyber agency targets Kaspersky in warning on Russian software (Reuters) Britain's main cyber security agency on Friday warned British government agencies to avoid using anti-virus software from Russian companies, the latest in a series of moves targeting Moscow-based security software maker Kaspersky Lab.

Barclays axes Kaspersky anti-virus perk (BBC News) The bank emailed 290,000 customers on Saturday following warnings about Russian security software.

Is cyber insurance prepared for GDPR? (Property Casualty 360) BitSight's Jake Olcott sheds light on the EU's pending GDPR implementation and cyber insurance preparedness.

Eight Cyber-Security Vendors Raise New Funding in November 2017 (eWEEK) Though the pace of funding slowed in November, multiple firms raised new venture capital to develop and improve their cyber-security products.

Bitdefender cyber security company valued at more than $600m (Financial Times) Anti-virus software business latest in sector to win new investment in recent months

Gauging FireEye’s Value Proposition in the Cybersecurity Space (Market Realist) FireEye’s scale in the cybersecurity space

Cisco Leads in Security Appliances—But for How Long? (Market Realist) Cisco leads, but PANW reported the most YoY growth

Why this long-suffering tech stock is finally a buy (CNBC) IBM's Z14 mainframe is a game-changer for the tech company, says AlphaOne Capital founder Dan Niles. Here's why.

ClearCenter Acquires Minebox IT Services GmbH (Business Insider) ClearCenter today announced that it has acquired Minebox IT Services GmbH in a move to round out ClearCenter's Hybrid IT Linux-based IT management operating system, ClearOS.

How Could Cyphort’s Acquisition Benefit Juniper Networks? (Market Realist) Acquisition will help Juniper target the ATP space

BlueteamGlobal Announces Corporate Name Change to BlueVoyant (Business Insider) BlueteamGlobal, a global cybersecurity services firm launched earlier this year, today announced that it is changing its name to BlueVoyant, effective immediately.

Founders of hacking firm linked to Michael Flynn turn to cyber defense (Fast Company) The founders behind NSO Group, an Israeli company that makes “lawful intercept” tools used by governments to spy on terrorists and criminals—but also, as I reported yesterday, civilians in multiple countries—are doubling down not on attacking devices but defending them.

IT-Sicherheit: Wenn Legoland zurückhackt (Spiegel) Cyberangriffe können jeder Firma gefährlich werden, vom Maschinenbauer bis zur Bank. Erst allmählich erkennen Unternehmen in Deutschland das Risiko - und bereiten sich vor.

Interview with Gravwell CEO, Corey Thuen (Medium) Gula Tech Adventures recently became an investor in a very exciting data storage and analytics company named Gravwell.

Austin cybersecurity company NSS Labs hires execs from Cisco, Zimperium to lead divisions (Austin Business Journal) One of Austin's fastest-growing companies has a new senior vice president of products and chief revenue officer.

TruNarrative commits to machine learning with Data Scientist appointments (TruNarrative) Further committing to using Machine Learning to help improve fraud detection and decision-making processes, TruNarrative has appointed two data scientists.

Products, Services, and Solutions

5 best IoT antivirus and antimalware solutions (Windows Report - Windows 10 and Microsoft News, How-to Tips) Most users won’t usually forget to protect their laptops and computers from all kinds of viruses that are able to wipe out or to severely infect their programs or their work and compromise their whole system’s security. But we don’t have to forget also to protect our IoT gadgets and gizmos and provide them with …

Gravwell releases version 1 and attracts notable investor (Gravwell) Gravwell announces the release of version 1 of it's software analytics platform, opens up a sandbox for experimentation, and attracts notable investors.

Trillium aims to shield your high-tech car against cyberattacks (TechCrunch) Cars these days are basically computers with wheels, and as with other computers, you'll probably want to make a few changes to protect against cyberthreats...

Technologies, Techniques, and Standards

Israel walks the cyber tightrope (Jerusalem Post) How do states identify their cyberattackers and can they be tricked?

How to prepare for GDPR: Experts share their top tips (Computing) Experts from Balfour Beatty, IBM, ACCA and Age UK share their strategies and warn of the pitfalls in preparing for GDPR compliance

Why Data Breaches have become regular news, and how to actively prevent them ( The primary reason cyber defenses are failing is the dependence on preventive defense. No organization can prevent a breach at all costs; regardless of how sophisticated their security technologies are. So, the focus should shift from a preventive approach to a hunting approach.

Future-proofing security: Protecting against the new arsenal of weaponized malware (Healthcare IT News) Plan for sophisticated threats and evaluate IT tools on the horizon to be as ready as possible for what’s ahead.

Deception: Why It's Not Just Another Honeypot (Dark Reading) The technology has made huge strides in evolving from limited, static capabilities to adaptive, machine learning deception.

Fully Staffed, New U.S. Cyber Command Teams Look to Deploy Artificial Intelligence (Meritalk) The Army and Navy recently announced that their Cyber Mission Teams were fully operational, and the U.S. Cyber Command now has all of their planned complement of 133 teams in business.

Quarterly cyber briefings part of maturing Cyber Command (Federal Times) A provision in the NDAA seeks to update current law outlining specific items DoD must brief to Congress on a quarterly basis pertaining to cyber operations.

Design and Innovation

Blockchain increases security through transparency (FreightWaves) Security within the supply chain can be increased with blockchain technology because of its transparency.

AI 3.0: Why Hashgraph and how it will revolutionize Blockchain and AI (Medium) I have been working with Artificial Intelligence (AI) and machine learning since my graduate school days back in the early 90s where I used…

Bitcoin: Seven questions you were too embarrassed to ask (Ars Technica) What's a bitcoin? How do I get some? What's it good for? Ars explains the basics.

Deep Thinking Book review: A book by Garry Kasparov gives fresh perspective on artificial intelligence (The Financial Express) Deep Thinking gives a very fresh perspective on AI, a technology that has become the hotbed of innovation today.

Research and Development

Google's AI Built Its Own AI That Outperforms Any Made by Humans (ScienceAlert) In May 2017, researchers at Google Brain announced the creation of AutoML, an artificial intelligence (AI) that's capable of generating its own AIs.

Legislation, Policy, and Regulation

Tim Cook and Sundar Pichai's surprise remarks at China's "open internet" conference (Quartz) The attendance of chiefs of top US tech firms at an annual gathering around "cyber sovereignty" in China is a coup for Beijing.

UK and EU will crack down on Bitcoin due to tax evasion fears (Computing) The UK and EU Governments have unveiled plans to crack down on Bitcoin

Is IoT really being regulated to address security concerns? (IoT Agenda) The internet of things is quickly becoming the next frontier of technological innovation for consumers, businesses, industry and governments.

Should Platforms Like Google And Facebook Be Regulated? (Points and Figures) If you don’t know who economist George Stigler is, you should. He received a Nobel Prize for proving the concept of “regulatory capture”.

A New Bill Wants Jail Time for Execs Who Hide Data Breaches (WIRED) A bill to punish hack hiders, Apple bug fix bumbling, and more of the week's top security stories.

Data Security and Breach Notification Act (US Senate) To protect consumers by requiring reasonable security policies and procedures to protect data containing personal information, and to provide for nationwide notice in the event of a breach of security.

NSA Surveillance Bill Sparks Lawmaker Debate Over ‘Unmasking’ (Bloomberg) Legislation to extend a major U.S. surveillance program that’s about to expire became a forum Friday for partisan debate over President Donald Trump’s allegation that the Obama administration “wiretapped” Trump Tower last year.

Litigation, Investigation, and Law Enforcement

Former N.S.A. Employee Pleads Guilty to Taking Classified Information (New York Times) Nghia H. Pho, a software developer for the intelligence agency, admitted taking secrets that Russian hackers then stole from his home computer.

NSA Employee at the Middle of the Kaspersky Saga Admits Taking Files Home (BleepingComputer) The US Department of Justice (DOJ) has formally charged a former NSA employee for taking classified documents home. The man, Nghia Hoang Pho, 67, of Ellicott City, Maryland, pleaded guilty today, according to court documents released by the DOJ.

Elite U.S. Government Hacker Charged With Taking Secret Information (Security Week) A member of the US National Security Agency's elite hacking team has been charged with illegally removing top secret materials, in an embarrassing breach for the crucial electronic espionage body.

Guilty: NSA bloke who took home exploits at the heart of Kaspersky antivirus slurp row (Register) Maryland man cops to making illegal copies of top-secret code

Former NSA Employee Pleads Guilty to Taking Classified Data (KrebsOnSecurity) A former employee for the National Security Agency pleaded guilty on Friday to taking classified data to his home computer in Maryland. According to published reports, U.S. intelligence officials believe the data was then stolen from his computer by hackers working for the Russian government.

Here's the NSA Agent Who Inexplicably Exposed Critical Secrets (WIRED) The Justice Department has struck a plea deal with Nghia Hoang Pho, a programmer in the NSA's elite operations unit, for taking his highly classified work home with him.

Maryland Man Pleads Guilty to Willful Retention of National Defense Information (US Department of Justice) Nghia Hoang Pho, 67, of Ellicott City, Maryland, pleaded guilty today to willful retention of national defense information.

United States of America v. Nghia Hoang Pho, Defendant (US District Court for the District of Maryland) Willful Retention of National Defense Information...

Michael Flynn Pleads Guilty to Lying to the F.B.I. (New York Times) The guilty plea by President Trump’s former national security adviser brings the special counsel investigation of Russian interference in the 2016 election into Mr. Trump’s inner circle.

Top FBI official assigned to Mueller’s Russia probe said to have been removed after sending anti-Trump texts (Washington Post) Private conduct of a senior counterintelligence agent and an FBI lawyer could stoke further debate about the bureau’s impartiality.

If Flynn Is Small Fry, Who’s the Bigger Fish in Mueller’s Net? (The Atlantic) The former national-security adviser’s guilty plea suggests he is now cooperating with the special counsel’s investigation.

New documents reveal FBI's Clinton cover-up (Fox News) In Washington, the ostensible story is rarely the real story.

FBI’s reputation ‘in tatters’ over Russia inquiry, says Trump (Times) President Trump launched a furious attack on the FBI yesterday, declaring that the agency’s reputation was “in tatters” as the investigation into Russian interference in last year’s election and...

3 top Uber managers resign amid backlash from data breach and Waymo lawsuit (CNBC) Three top managers have resigned from Uber's international, business operations and physical security teams.

Wickr, the Encrypted Messaging App used by Uber may Lay Legal Precedents (Exclusive Facts) After so many rumours and legal cases, here comes something new from the ride-hailing company.

Police kept secret copy of p[0]rn file on Damian Green (Times) A secret file containing details of the p[0]rnography on Damian Green’s computer was preserved by police despite a command from senior officers that the data should be deleted. The disclosure raises...

Former Sysadmin Caught Hacking His Ex-Employer by His Replacement (BleepingComputer) On Wednesday, November 29, a Kansas City court sentenced a Missouri man to six years in federal prison without parole for hacking his former employer, stealing trade secrets, and for accessing child pornography.

Opinion | Business gets order against two customers, barring them from ‘publishing on social media platforms any statements’ about the business (Washington Post) The owners of Cleveland's Barley House bar are suing two popular YouTube posters, Alissa Violet and FaZe Banks, who alleged that bar employees assaulted them.

PhishMe Inc. and Wombat Security Technologies, Inc. Announce Settlement of Patent Dispute (PRNewswire) PhishMe Inc. and Wombat Security Technologies, Inc....

Morrisons found liable for data breach - UPDATED (Computing) The supermarket has been found culpable for the actions of a rogue employee, in a new landmark ruling

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

cyberSecure (New York, New York, USA, December 4 - 5, 2017) cyberSecure is a unique cross-industry conference that moves beyond the technology of cyber risk management, data security and privacy. It brings together corporate leaders from multiple function areas...

cyberSecure (New York, New York, USA, December 4 - 5, 2017) cyberSecure is a unique cross-industry conference that moves beyond the technology of cyber risk management, data security and privacy. Unlike other cybersecurity events, cyberSecure brings together corporate...

National Insider Threat Special Interest Group Meeting (Virginia Chapter) (Herndon, Virginia, USA, December 5, 2017) The National Insider Threat Special Interest Group (NITSIG) is excited to announce it has established a Virginia Chapter. NITSIG Members and others may attend meetings at no charge. Attendees will receive...

Hackers Challenge (New York, New York, USA, December 6, 2017) Welcome to the Hackers Challenge - a must-attend event for IT security professionals across all industries. Radware and Cisco invite experienced hackers to attack the cyber-defense of a website within...

Cyber Security Indonesia 2017: Shaping National Capacity for Cyber Security (Jakarta, Indonesia, December 6 - 7, 2017) Cyber Security Indonesia 2017 exhibition and conference, brought to you by the organisers of the Indonesia Infrastructure Week, will bring cyber security solutions providers together with key government...

Third International Conference on Information Security and Digital Forensics (ISDF 2017) (Thessaloniki, Greece, December 8 - 10, 2017) A 3 day event, with presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures.

International Conference on Cyber Security: Forging Global Alliances for Cyber Resilience (New York, New York, USA, January 8 - 11, 2018) The Federal Bureau of Investigation and Fordham University will host the Seventh International Conference on Cyber Security (ICCS 2018) on January 8-11, 2018, in New York City. ICCS is held every eighteen...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.