skip navigation

More signal. Less noise.

How are you handling your cloud monitoring and security?

Cloud providers offer many security measures, but you’re ultimately responsible for securing your own data. While 53% of organizations are training their staff to manage cloud security, 30% of organizations plan to partner with an MSP. In our white paper, we discuss the considerations you need to make before choosing a solution.

Daily briefing.

The Mirai botnet has resurfaced. Attacks were reported over the weekend in Africa and South America, with Argentina particularly affected. Reaper, the evolved botnet based on Mirai, has yet to live up to its much-feared potential, but researchers at CenturyLink and reports in Cybrary warn that Reaper is a loaded and cocked weapon, ready to fire at the Internet.

PayPal users are receiving phishing emails warning them that their payments aren't going through. Those who swallow the bait will be directed to a page that asks them to enter their PayPal credentials and user information. (What the criminals will do with that information we leave to the readers as an exercise.)

A variant of the familiar Microsoft tech support scam displays a phony blue screen of death and then offers to sell you a cut-rate security product to solve the non-existent problem.

Google is working to clamp down on applications and websites that ask for too much information: at the end of January Mountain View will warn proprietors of apps and sites that violate Google's privacy-related terms of service. How violators will be punished beyond this good talking-to remains unclear.

The US Securities and Exchange Commission (SEC) is cracking down on Initial Coin Offerings (ICOs) it determines to be fraudulent.

An international police operation has taken down the Andromeda botnet (a.k.a. Gamarue, Avalanche, and Wauchos) with cooperation of companies like ESET and Microsoft. Recorded Future believes the arrests, centered in Belarus, included cybercriminal "mastermind" Ar3s, a very big fish indeed.


Today's issue includes events affecting Argentina, Australia, Belarus, Colombia, Egypt, Ecuador, European Union, Israel, Netherlands, Panama, Russia, Tunisia, United Kingdom, United States.

DevSecOps experts from Visa and CYBRIC talk cyber threat survival.

How can you protect yourselves against breaches like Equifax? Swapnil Deshmukh, Sr. Director of Emerging Technologies Security, Visa and Mike D. Kail, CTO, CYBRIC weigh in. Rapid innovation and continuous delivery via DevOps exposes organizations to a constant, evolving cyber threat. Seamlessly embedding continuous security within existing ecosystems will enforce security across the production environment. In this webinar, you’ll learn cultural changes needed for true DevSecOps. Register for this webinar December 12 at 1PM ET.

In today's podcast, we hear from our partners at Accenture as  Justin Harvey talks about cyber ranges. Our guest is Adam Meyers from CrowdStrike, discussing supply chain attacks.

Flying Blind: 2017 Cloud Configurations Gone Wrong (Webinar, December 7, 2017) How can you avoid data breaches from public cloud misconfigurations in the future? Join our team of cloud security experts for a 45-minute webinar to learn more about the steps you can take to improve your cloud security posture and keep your critical information protected.

Earn a master’s degree in cybersecurity from SANS (Online, December 21, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Thursday, December 21st, at 12:00pm noon ET. For complete information on master’s degree and graduate certificate programs, visit

Cyber Attacks, Threats, and Vulnerabilities

New Mirai Attack Attempts Detected in South America and North African Countries (TrendLabs Security Intelligence Blog) A few days after a campaign in Argentina, there was a spike of activity from Mirai in a series of attack attempts in South American and North African countries.

Reaper – Calm Before IoT Botnet Attack (Cybrary) Last year the world witnessed how some of the world’s top Web sites were taken down by “Mirai”, a zombie malware that hijacked “Internet of Things” (IoT) devices like wireless routers, digital video recorder and also security cameras in parts of the U.S. The attack was made

100,000-strong botnet built on router 0-day could strike at any time (Ars Technica) New strain of Mirai is sophisticated, locked, and loaded.

The UK's Kaspersky warning is a reminder: data ignores borders (WIRED) Should you stop using Kaspersky software? Probably not. But everyone needs to be aware of what borders their data is crossing

Phishers target panicking PayPal users with fake "failed transaction" emails (Help Net Security) An email from PayPal saying their transactions were impossible to verify or their payments were not processed will throw most users for a loop.

PayPal Unit TIO Networks Discloses Breach of 1.6 Million Accounts (eWEEK) Months after acquiring TIO Networks, PayPal discovers that the payment processor was the victim of data breach.

Ursnif Trojan Adopts New Code Injection Technique (Threatpost) Researchers have found a variant of Ursnif Trojan they said is a “v3 build” that targets Australian bank customers with new redirection attack techniques.

BankBot trojan hits Google Play (SecEMS) A security researcher is warning that an Android banking trojan BankBot has infected more than 400 bank apps on the Google Play store

Tech Support Scam Malware Fakes the Blue Screen of Death (Infosecurity Magazine) Troubleshooter asks for $25 to fix the fake problem.

Malware display fake BSOD to sell phony Windows anti-virus for $25 (HackRead) Microsoft has a never-ending malware problem, in fact, millions of Windows devices worldwide have been plagued with some sort of malicious software. Recent

A brief history of Bitcoin hacks and frauds (Ars Technica) Bitcoins have been a juicy target for hackers since 2011.

What is a supply chain attack? Why you should be wary of third-party providers (CSO Online) The weak link in your enterprise security might lie with partners and suppliers. Here’s how to understand and mitigate that risk.

Security Patches, Mitigations, and Software Updates

Google Cracks Down On Nosy Android Apps (Threatpost) Google beefs up privacy protections on apps distributed via third-party Android marketplaces and Google Play that that collect personal data without user consent.

Google is working on 47 Android fixes (Computing) Google has found more than 47 bugs in its mobile OS

Researchers call bull on Dirty Cow Patch, find flaw (SC Media US) Bindecy security researchers identified a flaw in the original patch code of the Dirty Cow vulnerability which could ultimately lead to a privilege escalation attack.

Dell Now Shipping Laptops With Intel's Management Engine Disabled (ExtremeTech) Dell is now selling laptops with Intel's Management Engine disabled, following Linux laptop vendors in doing so. It's the first major OEM to disable the security solution after Intel's Nov 22 bug disclosures.

Cyber Trends

Cybersecurity Professionals Aren’t Keeping Up with Training (CSO Online) While infosec pros agree that continuous training is important, they are too busy to keep up

The Evolution of Data Leaks (WIRED) Equifax aside, companies are doing better at securing their info. But the phishers keep coming.

5 computer security facts that surprise most people (CSO Online) As a 30-year road warrior, I’ve learned some security truths that seem wrong, but must be accepted if you really want to understand the threats you face.

Five key trends to watch in 2018 as cybercriminals continue to innovate (Help Net Security) When it comes to key infosec trends 2018 will be interesting. Human intelligence amplified by technology will be the winning factor in the arms race.

Cybersecurity concerns may stop consumers from purchasing a connected car (Help Net Security) Of the consumers who plan on purchasing a vehicle in the future, 53% are likely to research the car’s ability to protect itself from a cyberattack.

Gigamon Introduces the First Scalable SSL Decryption Solution for 100Gb Networks (PRNewswire) Gigamon Inc. (NYSE: GIMO), the leader in traffic visibility...


IRONSCALES Secures $6.5 Million to Automate Email Phishing Threat Detection, Incident Response and Intelligence Sharing (PRWeb) Funding led by K1 Investment Management as global demand soars for its machine learning technologies to solve the complex technological, operational and human challenges of phishing attacks

Enveil Announces Strategic Investment and Partnership with In-Q-Tel (Enveil | Encrypted Veil) Nonprofit Strategic Investor for U.S. Intelligence Community Backs Data Security Startup Protecting Data in Use Washington, D.C. – December 5, 2017 – Enveil, a pioneering data security company protecting Data in Use, today announced a strategic partnership with and investment from In-Q-Tel (IQT), th

The cyber security insurance industry must adapt and thrive in Israel (The Jerusalem Post) Tel Aviv start-up Cyberwrite has started to develop an underwriting platform for cyber insurance policies.

IT help wanted, cybersecurity experience preferred (CSO Online) To fix the cybersecurity labor shortage, IT organizations should cross-train IT workers on cybersecurity.

CenturyLink wins communications contract at Peterson Air Force Base (Business Insider) CenturyLink, Inc. (NYSE: CTL) recently won a contract to provide communications services to Peterson Air Force Base in Colorado Springs, Colo.

Intercede Wins Contract With UK Government Ministerial Department (Interactive Investor) Software company Intercede Group PLC said on Monday it has signed a contract with a UK government ministerial department in a deal potentially worth GBP750,000.

Forget FireEye, Palo Alto Networks Is a Better Cybersecurity Stock (The Motley Fool) Palo Alto is firing on all cylinders, but FireEye’s growth is grinding to a halt.

Versasec Opens Singapore Office to Serve Growing Asia-Pacific Business (Versasex) Industry Expert Yin Hong Lee Joins Smart Card Management Systems Company to Run New Office

Cybersecurity firm Dtex Systems opens Australian headquarters in Canberra (CRN Australia) Partners with Canberra-based professional services firm.

Bugcrowd Accelerates Growth, Expands Executive Team and Global Footprint (GlobeNewswire News Room) With nearly double the number of programs in 2017, Bugcrowd opens three new offices around the world to meet growing demand

OGSystems adds former Novetta chief Lamontagne to board (Washington Technology) OGSystems adds former Novetta CEO Peter LaMontagne to the board of directors.

Products, Services, and Solutions

Mocana Joins GE Digital Alliance Program to Advance Security of the Industrial Internet (GlobeNewswire News Room) Edge-to-Cloud Security Features Protect Critical Assets to Ensure Safety and Reliability of Industrial Systems

Gemalto Enables User-Managed Encryption Keys for Google Cloud Platform (Mobile ID World) Google Cloud Platform users can now leverage encryption key security from Gemalto. The company has announced that its SafeNet Luna Hardware Security Module—

GDPR Ready Solutions (ZL Tech) Accelerate GDPR compliance by identifying personal data across the organization and taking action in-place.

CENTRI Technology Launches Atonomi Network to Bring Security and Trust to Internet of Things (PRNewswire) Leading IoT security firm building blockchain-based network offering trust and security for IoT devices

Graphite GTC Announces Industry-First Code Guarantee (Sys-Con Media) Graphite GTC sets a new standard of excellence in the software industry by guaranteeing zero warning security scans to their enterprise customers.

Kobiton and App-Ray Partnership Provides Unique Service that Improves the Security of Mobile Apps (PRNewswire) With high-profile cyber attacks continuing to erode consumer and enterprise...

8 Low or No-Cost Sources of Threat Intelligence (Dark Reading) Here's a list of sites that for little or no cost give you plenty of ideas for where to find first-rate threat intelligence.

Technologies, Techniques, and Standards

MPs Cybersecurity Admissions Highlight Need For Culture Change (Silicon UK) ANALYSIS: MPs admit to sharing passwords and leaving computers unlocked because of convenience, but the people deserve better

Banks Prep For Apocalyptic Cyberattack ( In a world where attacks on computers are nearly de rigueur at this point, it isn’t much of a surprise that U.S. banks have begun quietly doomsday-prepping for a successful apocalyptic attack on their computers by hackers. The goal is to head off a run on the bank by panicked citizens. Called Sheltered Harbor, the […]

ICS-CERT Advice on AV Updates Solid, But Impractical (Security Week) The U.S. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has offered some advice on how antivirus software should be updated in industrial environments, but the recommended method is not very practical and experts warn that organizations should not rely only on antiviruses to protect critical systems.

Can biometrics be the key to securing the IoT chain of trust? (IoT Agenda) The booming internet of things is on course to double in just five years, growing from 15 billion connections in 2015 to nearly 31 billion by 2020 according to IDC . As the number of connections and use cases explodes, so does the number of security vulnerabilities. The fate of the marketplace depends on our ability to trust the devices, data and networks that make IoT possible.

How to Remove DarkoderCrypt0r Ransomware ( DarkoderCrypt0r Ransomware Removal Guide and Removal Tool by SpywareTechs. Follow our guide on how to remove DarkoderCrypt0r Ransomware.

Ransomware's lucrative next stop? The Point of Sale (Help Net Security) The instances of POS-based ransomware have been sporadic, but what’s to stop the POS malware trend from turning into a devastating, evolved threat?

How Firms Can Prepare for Massive NSA Breach Consequences (Inside Counsel | Corporate Counsel) Recently the U.S. National Security Agency was disastrously compromised flooding the dark web with its own cyberweapons that are now available to…

CenturyLinkVoice: How To Defend Against Bad Rabbit And Other Ransomware Threats (Kopitiam Bot) (Source: Ransomware is one of the biggest, most insidious cybersecurity threats today. “And it’s getting worse,” said Terry Barbounis, cybersecurity evangelist at Centur…

How to Keep Your Kids Safe Online (WIRED) From Net Nanny to parental blocks to, you know, actually talking to your kids about their online behavior.

‘Need to understand cyber threats before fighting them’ (The Indian Express) At IEThinc, experts discuss emerging threats to national security in the fast-changing digital world.

Eglin gets first Air Force cybersecurity group (Northwest Florida Daily News) Approximately 50 new personnel will be coming to Eglin over the next two years as the new group gets established.

Design and Innovation

Ghostery Deploys AI in the Fight Against Ad Trackers (WIRED) With the release of Ghostery 8, the popular ad-blocker introduces artificial intelligence and a whole new level of usability for beginners.

Research and Development

The Dutch government defines cyber threat actors ( The Dutch government commissions the creation of a scientific classification of individuals and groups involved in cyber crime.


UGA, U.S. Army Cyber Command look to partner (Online Athens) The University of Georgia and the U.S. Army’s Cybersecurity Command could soon be exchanging students and workers, according to a civilian Army official.

Girl Scouts to train next generation of cybersecurity, AI, and robotics professionals (TechRepublic) Girl Scouts of the USA and Raytheon are partnering to create a national computer science program for middle and high school girls, in efforts to diversify the STEM workforce.

CyberPatriot Releases First-Ever Cyber Security Storybook (GlobeNewswire News Room) The Air Force Association’s (AFA) CyberPatriot program announced today the release of its first published children’s storybook, Sarah the Cyber Hero.

Legislation, Policy, and Regulation

German government wants backdoors for spying added to cars, computers (CSO Online) The German government proposed an Orwellian nightmare: Backdoors for spying added to internet-connected devices, including cars.

Artificial Intelligence and Chinese Power (Foreign Affairs) China is on track to overtake the United States in the military applications of artificial intelligence.

China Reasserts Cyber Sovereignty Policy as Google Pleads for Better Access (Variety) Apple’s Tim Cook and Google’s Sundar Pichai were in attendance this weekend at the World Internet Conference in Wuzhen, China. There, they would have heard Chinese President Xi Jinping, in a letter…

The Kremlin's Latest Crackdown on Independent Media (Foreign Affairs) The new Russian media "foreign agent" law is part of a more than decadelong effort by Putin’s regime to repress independent media and civil society.

Hope grows that a larger SEC crackdown on ICOs is coming — and soon (TechCrunch) That wait-and-see stance looks to evolve into much more action 2018, suggest those who've either spoken with the Securities & Exchange Commission or..

How to Save the Pentagon’s Innovation Insurgency (Defense One) The former chief of the US Army’s Rapid Equipping Force suggests parallel tracks for innovation and execution.

Proposed law would jail execs who fail to report data breaches (Naked Security) The Senate’s looking at YOU, Uber!

State Dept insists cyber a priority despite office closure (TheHill) Lawmakers have expressed concerns on Tillerson's decision to close office dedicated to cyber diplomacy.

Litigation, Investigation, and Law Enforcement

FBI, Europol, Microsoft, ESET Team Up, Dismantle One of World's Largest Malware Operations (Dark Reading) Avalanche, aka Gamarue, aka Wauchos, malware enterprise spanned hundreds of botnets and 88 different malware families.

Mastermind Behind Andromeda Botnet Arrested in Belarus (Recorded Future) Recently, a joint task-force dismantled the Andromeda botnet and arrested the cybercriminal responsible. We believe that person is threat actor Ar3s.

World Police Shut Down Andromeda (Gamarue) Botnet (BleepingComputer) Law enforcement agencies across the globe and members of the private sector announced today they shut down the Andromeda (Gamarue or Wauchos) botnet.

Andromeda botnet dismantled in international cyber operation (Help Net Security) An international cyber operation dismantled one of the longest running malware families in existence called Andromeda (also known as Gamarue).

ESET plays crucial part in disrupting botnets using malware family (WeLiveSecurity) Malware family known as Wauchos is disrupted as ESET plays crucial role alongside researchers from Microsoft and law enforcement to disrupt botnets.

Feds shut down allegedly fraudulent cryptocurrency offering (Ars Technica) Cryptocurrency offerings are no longer a regulation-free zone.

FCC Agrees to Assist New York AG in Probe of Alleged ID Theft in Net Neutrality Comments (New York Law Journal) The FCC’s Office of Inspector General has agreed to cooperate with New York’s investigation into thousands of comments on net neutrality that were posted to the commission's website allegedly without the knowledge or consent of the individuals New York Attorney General Eric Schneiderman said Monday. An FCC Commissioner also asked the Dec. 14 hearing be postponed until an investigation is complete.

Democrat asks why FCC is hiding ISPs’ answers to net neutrality complaints (Ars Technica) Records request for net neutrality complaints and resolutions still unfulfilled.

Opinion | Ban on speech ‘about a person’ that negligently causes ‘significant mental suffering, anxiety or alarm’ struck down (Washington Post) A new -- and correct -- decision from the Illinois Supreme Court this morning.

Breached Password-Trading Site Leakbase Goes Dark (Infosecurity Magazine) Breached Password-Trading Site Leakbase Goes Dark. It now redirects to legit breach notification site Hacked Password Service Goes Dark (BleepingComputer) Over the weekend,, a web site that sold subscriptions to usernames and passwords leaked in data breaches at other companies, suddenly discontinued their service.

Man Hacks Jail Computer Network to Get Friend Released Early (BleepingComputer) A Michigan man pleaded guilty last week to hacking the computer network of the Washtenaw County Jail, where he modified inmate records in an attempt to have an inmate released early.

Hacker admits cyber crime offences including Google and Skype attacks (Times and Star) Alex Bessell admitted nine cyber crime offences, including receiving 50,000 pounds from a website he set up to sell malware and botnets

Apple agrees to set aside more than $15 billion to Ireland in back taxes (Ars Technica) Despite EU ruling, neither Apple nor Ireland wants the Cupertino company to pay.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

National Insider Threat Special Interest Group Meeting (Virginia Chapter) (Herndon, Virginia, USA, December 5, 2017) The National Insider Threat Special Interest Group (NITSIG) is excited to announce it has established a Virginia Chapter. NITSIG Members and others may attend meetings at no charge. Attendees will receive...

Hackers Challenge (New York, New York, USA, December 6, 2017) Welcome to the Hackers Challenge - a must-attend event for IT security professionals across all industries. Radware and Cisco invite experienced hackers to attack the cyber-defense of a website within...

Cyber Security Indonesia 2017: Shaping National Capacity for Cyber Security (Jakarta, Indonesia, December 6 - 7, 2017) Cyber Security Indonesia 2017 exhibition and conference, brought to you by the organisers of the Indonesia Infrastructure Week, will bring cyber security solutions providers together with key government...

Third International Conference on Information Security and Digital Forensics (ISDF 2017) (Thessaloniki, Greece, December 8 - 10, 2017) A 3 day event, with presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures.

International Conference on Cyber Security: Forging Global Alliances for Cyber Resilience (New York, New York, USA, January 8 - 11, 2018) The Federal Bureau of Investigation and Fordham University will host the Seventh International Conference on Cyber Security (ICCS 2018) on January 8-11, 2018, in New York City. ICCS is held every eighteen...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.