skip navigation

More signal. Less noise.

How are you handling your cloud monitoring and security?

Cloud providers offer many security measures, but you’re ultimately responsible for securing your own data. While 53% of organizations are training their staff to manage cloud security, 30% of organizations plan to partner with an MSP. In our white paper, we discuss the considerations you need to make before choosing a solution.

Daily briefing.

As the US prepares to make good on its long-promised recognition of Jerusalem as Israel's capital, Israel and the US brace for a wave of hacktivism expected to accompany the promised "second Intifada."

Citizens Lab confirmed the Ethiopian government's use of intercept tools procured from Cyberbit to surveil dissidents, when it connected suspicious emails to a misconfigured command-and-control server that exposed the government's target list. 

Russian cyber gangs are particularly active in ransom campaigns against businesses in the UK. Cerber remains their most popular strain of ransomware. Extortion demands commonly run to £100,000.

Cryptocurrencies continue to draw criminal attention as raw meat draws flies. Denial-of-service attacks remain popular against Bitcoin sites. A planned Bitcoin rival, Electroneum, failed to launch as its proprietors pulled their offering in the face of effective hacking. An updated version of the Quant Trojan is raiding cryptocurrency wallets. And Nicehash, a popular Bitcoin mining pool, is reported to have suffered a compromise, with some $56 million in coin stolen.

A keylogger has been found in more than 5000 infected WordPress sites.

Android app development tools are found vulnerable to backdoors. Fixes are in progress.

Ashley Madison comes in for more security criticism as its default settings are found vulnerable to leakage.

Apple has again updated MacOS High Sierra to close security holes.

As Section 702 electronic surveillance authority approaches sunset and renewal works its way slowly through the US Congress, the Administration suggests that aspects of the program might legally continue in the absence of reauthorization. 


Today's issue includes events affecting Australia, Belarus, China, Ethiopia, European Union, Iran, Israel, New Zealand, Palestinian Territories, Russia, United Kingdom, United States.

DevSecOps experts from Visa and CYBRIC talk cyber threat survival.

How can you protect yourselves against breaches like Equifax? Swapnil Deshmukh, Sr. Director of Emerging Technologies Security, Visa and Mike D. Kail, CTO, CYBRIC weigh in. Rapid innovation and continuous delivery via DevOps exposes organizations to a constant, evolving cyber threat. Seamlessly embedding continuous security within existing ecosystems will enforce security across the production environment. In this webinar, you’ll learn cultural changes needed for true DevSecOps. Register for this webinar December 12 at 1PM ET.

In today's podcast we hear from our partners at the University of Maryland, as Jonathan Katz discusses NIST’s call for algorithms suitable to post-quantum computing. Our guest, Drew Cohen from MasterPeace Solutions, describes drawing government talent to the private sector.

Flying Blind: 2017 Cloud Configurations Gone Wrong (Webinar, December 7, 2017) How can you avoid data breaches from public cloud misconfigurations in the future? Join our team of cloud security experts for a 45-minute webinar to learn more about the steps you can take to improve your cloud security posture and keep your critical information protected.

Earn a master’s degree in cybersecurity from SANS (Online, December 21, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Thursday, December 21st, at 12:00pm noon ET. For complete information on master’s degree and graduate certificate programs, visit

Cyber Attacks, Threats, and Vulnerabilities

Israel on alert as Hamas leader calls for new intifada (Times) Hamas called this morning for a new “intifada” or uprising against Israel in response to President Trump’s recognition of Jerusalem as Israel’s capital. In his first comments after Mr Trump’s...

Ethiopian Cyber-Spies Left Spyware Operational Logs on Public Web Folder (BleepingComputer) The Ethiopian government used spyware acquired from an Israeli company to spy on dissidents living in the country and abroad, but government operatives have failed when configuring their command and control (C&C) server, exposing a list of all their targets.

enSilo Reveals Evasive Attack Technique Bypassing Antivirus (AV) and Next Generation Antivirus (NGAV) Prevention Defenses at Black Hat Europe (PRNewswire) enSilo, the company that protects endpoints pre- and post-infection and stops...

StorageCrypt Ransomware Targets NAS Devices via SambaCry Exploit (Security Week) A new ransomware family is using the SambaCry vulnerability that was patched in May to infect network-attached storage (NAS) devices, researchers have discovered.

Russian hackers hold UK to ransom (Times) Thousands of British businesses have paid ransoms to Russian hackers who are launching hundreds of attacks every day and demanding up to £100,000 to release files. Experts said that the “epidemic”...

Cerber, the ransomware responsible for 40 per cent of cyberattacks (Times) “Attention! Attention! Attention! Your documents, photos, databases and other important files have been encrypted!” You opened an attachment on what was, in hindsight, a malicious email and...

Why phishers love HTTPS (Help Net Security) As more and more sites switch to encrypting traffic (using HTTPS), the number of phishing sites hosted on HTTPS domains is also increasing.

Quant Trojan upgrade targets Bitcoin, cryptocurrency wallets (ZDNet) Popular malware updates have highlighted a growing trend in targeting Bitcoin stashes.

73% of All Bitcoin Sites Were DDoSed This Quarter (Wccftech) Criminals Have Started to Focus on Attacking Cryptocurrency Exchanges - Over 73% of All Bitcoin Sites Affected

$56 million stolen from leading Bitcoin mining pool (Computing) One of the most popular Bitcoin mining tools has been compromised by cyber crooks

Kent rival to Bitcoin cryptocurrency Electroneum forced to abandon launch after users' accounts 'hacked' (Kent Online) A start-up which aimed to launch a rival to Bitcoin has suffered a barrage of criticism from frustrated users after allegations it had been “hacked”.

Android Development Tools Riddled with Nasty Vulnerabilities (Security Week) Java/Android developers are exposed to vulnerabilities affecting the development tools, both downloadable and cloud based, used in the Android application ecosystem, Check Point warns.

Google and pals rush to repair Android dev tools, block backdoor risks (Register) Involves big hitter Android Studio, APKTool and more

Proofpoint discovers cybersecurity vulnerability within Australian government departments and the ASX50 (Australian) Last month, the U.S. Department of Homeland Security issued a Binding Operational Directive (BOD 18-01), mandating that federal agencies authenticate their email to remove spoofers’ ability to impersonate them.

Keylogger Found on Nearly 5,500 Infected WordPress Sites (BleepingComputer) Nearly 5,500 WordPress sites are infected with a malicious script that logs keystrokes and sometimes loads an in-browser cryptocurrency miner.

Love Uptime? Too Bad, DDoS Attacks Have Doubled (Cylance) The DDoS Trends Report for the second and third quarters of 2017 indicates that the number of distributed denial of service (DDoS) attacks have been rapidly increasing.

Okay, Say Someone Hacks into the US Power Grid. Then What? (Defense One) A joint research project between the Department of Energy and a geographic analytics company is mapping just how far the repercussions could spread.

Behind the Scenes: How IOActive Revealed Inmarsat Security Flaws (Via Satellite) IOActive’s process of reverse engineering satellite communications products has unveiled a range of potential vulnerabilities that have become commonplace

Preparing for the Coming Hacks (TV Technology) In July, HBO’s media content library was hacked when 1.5 TB of data was illegally accessed and

Trump Voter Fraud Probe Is Creating A 'Treasure Trove' For Hackers, Security Experts Say (HuffPost) A huge database of personal information "is an extremely attractive target for cyberattacks."

Cayla doll too eavesdroppy to put under the Christmas tree, says France (Naked Security) That Bluetooth Cayla doll and i-Que surveillance robot can be taken over by any creep within 9 meters who wants to talk to your kid.

Ashley Madison is leaking users' private and explicit photos yet again (International Business Times UK) The data leak is caused by the website's flawed default security settings, leaving users vulnerable to blackmail and hacking.

North Carolina County Refuses to Pay $23,000 Ransom to Hackers (New York Times) The government of Mecklenburg County, N.C., said it would not pay a ransom to hackers who took control of several of its computer systems.

Spring Hill Residents: How to Pay Your Utility Bill After Cyber Attack (Williamson Source) After a cyber attack, the city of Spring Hill has important news regarding your utility bill.

Security Patches, Mitigations, and Software Updates

macOS High Sierra 10.13.2 is here with enterprise and security updates (Ars Technica) Enterprise and security updates comprise most of the update that launched today.

Apple updates everything. Again. (SANS Internet Storm Center) After a rushed release of iOS 11.2 over the weekend to fix a "December 2nd Crash" bug, and last weeks special update to fix the passwordless root authentication bypass in macOS, Apple today released its official set of security updates.

Google unveils new version of Chrome for added business security (Computing) Google has unveiled new security features for businesses using Chrome

IBM Security Adds New Multifactor Authentication Capabilities (eWEEK) New partner integrations expand the multifactor authentication options available to IBM Security Access Manager users.

Cyber Trends

Looking Ahead: Cyber Security in 2018 « Looking Ahead: Cyber Security in 2018 (FireEye) To learn more about what to expect in the coming year, check out our report: Looking Ahead: Cyber Security in 2018.

CyberArk Global Advanced Threat Landscape Survey 2018: Focus on DevOps (CyberArk) Unaware and unprepared: a lack of security awareness and planning increases risk of DevOps secrets exposure

Survey: Nearly Three-Quarters of Retail Orgs Lack Breach Response Plan (The State of Security) A Tripwire survey found that 72% of respondents don't feel their organization has a fully functional security breach response plan in place.

What's on the horizon for security and risk management leaders? (Help Net Security) Security and risk management leaders are giving more weight to the risks associated with the ecosystems that are an integral part of digital businesses.

Cybersecurity Survey Reveals Significant GDPR Readiness Gap (GlobeNewswire News Room) Despite progress, 60% of EU and 50% of U.S. cybersecurity professionals worry about compliance by the May deadline

Industrial Firms Slow to Adopt Cybersecurity Measures: Honeywell (Security Week) Industrial companies are slow to adopt cyber security capabilities and technology to protect their data and operations, according to a report released on Wednesday by industrial giant Honeywell.

SPAWAR: Artificial intelligence should be the next space race (C4ISRNET) Chris Miller, executive director of SPAWAR Atlantic, said Dec. 6 that

21 Interesting Cyber Security Statistics (2017-2018) ( Cyber attacks are growing in prominence every day – from influencing major elections to crippling businesses overnight, the role cyber warfare plays in our daily lives should not be underestimated. In fact, billionaire investor Warren Buffett claims that cyber threats are the biggest threat to mankind, and that they are bigger than threats from nuclear …

Trump, UK Government, DoD Had the Worst Passwords of 2017 (Observer) Here’s the full list of the 10 worst password offenders of 2017.

CrowdStrike Releases Annual Cyber Intrusion Services Casebook (BusinessWire) CrowdStrike® Inc., the leader in cloud-delivered endpoint protection, today announced the release of the annual CrowdStrike® Cyber Intrusion S


DoD spent $7.4 billion on big data, AI and the cloud last year. Is that enough? (C4ISRNET) Despite spending more than $7 billion in 2017 – a 32 percent increase over five years ago – anything short of a technological revolution could threaten the United States, according to a new report.

Our Chips, Code Are More Secure Than Silicon Valley’s: Northrop Grumman (Breaking Defense) The Pentagon has fallen in love with Silicon Valley — though it’s largely unrequited — but traditional defense firms argue there are some things only they can do. One striking example: this Northrop Grumman factory, where the company makes its own microchips “from sand” with unique security features that are not available from commercial vendors.

Tim Cook Respects China’s Cyber Rules–in Order to Play the Game (Observer) Cook’s view reflects a broader sentiment among tech leaders at Fortune’s event.

Emerging Winners in Cybersecurity (Emerging Winners in Cybersecurity) There have been some interesting dynamics at play across the security sector so far in the Q3 earnings season. The vendors of next-generation secur

These AI Stocks Are At the Front of the Next Tech Revolution (InvestorPlace) Here are seven of the best AI stocks to buy. They all share a compelling risk/reward outlook, Street support and serious upside potential.

Symantec Investors Shouldn’t Miss the Bigger Picture (The Motley Fool) Symantec shares have taken a beating following the company's latest results, but there's more than meets the eye.

Why FireEye Is One of the Top Cybersecurity Stocks (Market Realist) FireEye (FEYE) went public in September 2013 and in December 2014, it acquired Mandiant for ~$1.0 billion. Mandiant was considered one of the most prominent data breach and response players in the space.

FireEye sales chief opens up on repairing 'stressed' channel partnerships (Channelnomics) EVP of worldwide sales says FireEye channel saw a 'solid reset' this year,Vendor,Security ,FireEye,Partner programs

Prevoty Secures $13 Million in Series B Round Led by Trident Capital Cybersecurity (GlobeNewswire News Room) The Innovator Behind Autonomous Application Protection Technology Will Use Financing to Address Soaring Demand

Coalition, a Cyber Insurer and Cybersecurity Firm, Makes Its Debut (Insurance Journal) Coalition is making its formal debut into the cyber insurance space, but with a twist. The San Francisco-based startup is also a cybersecurity firm. Founde

Cambridge Mathematicians Founded This $825 Million Cybersecurity Firm to Call Out the Biggest Threat in Your Office ( Plenty of security companies offer to help fend off external threats. Darktrace is one of the few that aim to find wrongdoing from within.

Cybersecurity unicorn's Austin office turns historic space into modern, fun tech workplace (Austin Business Journal) The real estate hunt is a constant one for fast-growing companies.

inBay Technologies Connects to Silicon Valley Through Its Board of Directors (inBay) Cybersecurity firm adds two new directors to its board

Products, Services, and Solutions

GDPR Compliance | Trustwave (Trustwave) The EU General Data Protection Regulation (GDPR) is a data protection law for Europe as well as any organizations doing business in Europe. Trustwave delivers a GDPR Privacy and Information Security Risk Assessment to help you holistically and strategically assess how well your organization is addressing the GDPR.

Digital Defense, Inc.’s Interoperability of Frontline Vulnerability Manager™ with RSA Archer® Suite Offers Organizations a Broadened View of Security Risk (Business Insider) Digital Defense, Inc., an industry recognized provider of security assessment solutions, today announced the interoperability of their proprietary platform, Frontline Vulnerability Manager (Frontline VM™), with RSA Archer.

Anomali Partners With Global Resilience Federation for Industry Threat Sharing (BusinessWire) Anomali, the leading provider of market-leading threat intelligence solutions, announced today it has partnered with Global Resilience Federation.

Align Partners with RootSecure to Boost Cybersecurity Capabilities (PRNewswire) Align has selected RootSecure as a strategic partner...

IBM Security Expands Partner Ecosystem for Multifactor Authentication (Security Intelligence) New partner integrations for IBM Security Access Manager are now available via IBM Security App Exchange.

U.S. Air Force, Viasat Prepare to Deploy Small Form Factor Cryptographic High Value Product for Encrypted Communications (PRNewswire) The U.S. Air Force, in partnership with Viasat Inc. (NASDAQ: VSAT), a...

Mphasis Selects Fortinet to Deliver Advanced Threat Protection and Secure Data Networks in Virtualized Platform to Service its Customers - ( Fortinet Security Fabric solutions deliver high-performance, scalable security to protect client data networks and enable secure application access

Untangling cybersecurity in San Antonio: SecureLogix seeks to make business phones secure (San Antonio Business Journal) The voice information security company secures telephone systems for businesses.

Find out how Digital Shadows is protecting British firms from data breaches (London Loves Business) Dark web, Cloud, reputational risk, and more...

IBM Unveils Industry's Most Advanced Server Designed for Artificial Intelligence (Business Insider) IBM (NYSE: IBM) today unveiled its next-generation Power Systems Servers incorporating its newly designed POWER9 processor.

Sumo Logic Receives High GDPR Readiness Rating from Netskope (GlobeNewswire News Room) Netskope’s Evaluation of Company’s GDPR Readiness Makes It Well-Positioned to Protect the Data of Global Customers

Technologies, Techniques, and Standards

Too many CISOs ‘going through the motions,’ says Palo Alto Networks exec (IT World Canada) Chief information and security officers aren’t being rigorous enough in their strategies to protect their organizations, says the CTO and co-founder of Palo Alto Networks.

Artificial intelligence: 7 Common Mistakes Even Experienced Tech Execs May Make (PRNewswire) McKinsey & Company estimates major technology companies...

Research and Development

Performance analysis tools developed for IARPA’s insider threat program (Military Embedded Systems) Engineers at Charles River Analytics developed prediction and sensitivity analysis tools and algorithms under the Continuous Insider Threat Evaluation (SCITE) program for the Intelligence Advanced Research Projects Activity (IARPA).

Raytheon using artificial intelligence to help military planners understand what causes conflict (PRNewswire) Raytheon BBN Technologies will explore artificial intelligence and...

The solution to more jamming may be another battle management system (C4ISRNET) While the individual services have turned to battle management systems to operationalize the electromagnetic spectrum, the joint community has begun publicly discussing the need for its own electromagnetic battle management system.


Cyber Advisor Stresses Developing Human Capital to Counter Adversaries (U.S. DEPARTMENT OF DEFENSE) The scope, sophistication, pace and spread of today’s cyber threats is unmatched in history, the deputy principal cyber advisor to the secretary of defense said.

Northrop Grumman Awards Scholarships to Australian Professors (WebWire) Northrop Grumman Corporation (NYSE: NOC) will support multiyear research projects of three Australian academics with initial grants of AU$75,000 for interdisciplinary research collaboration in engineering, quantum communications, human machine interactions and cognitive radio systems. Senator Birmingham announced the awards recently at Parliament House.

Students learn job skills from ethical hackers (Press Publications) Picking locks and infiltrating buildings aren’t part of the typical high school curriculum, but they were a few of the unique lessons during a recent off-campus excursion

Legislation, Policy, and Regulation

US cyberweapons have been stolen and there’s nothing we can do (New Scientist) Malicious code exploits are the new weapons of war, but can we ever reach international agreement on how they should be used and who gets to control them?

Former US State Department cyber man: We didn’t see the Russian threat coming (Register) Cyber no longer domain of techies, says ex-diplomat

Deloitte alerts City to a cyber regulatory overhaul in 2018 (Financial News) Consulting firm warns financial services that regulators will want to see evidence the threat of cyber attack is treated — and resourced — seriously

The High Stakes of Misunderstanding Section 702 Reforms (Lawfare) In less than a month, Section 702 of the Foreign Intelligence Surveillance Act (FISA) is set to expire. As the clock runs out on one of the U.S. government’s most important national security tools, public discussion remains mired in misunderstandings, misrepresentations, and political sound bites.

Warrantless Surveillance Can Continue Even if Law Expires, Officials Say (New York Times) Lawyers for the Trump administration have concluded that the warrantless surveillance program can keep operating into April, even if the law authorizing it expires on New Year’s Eve.

Updated Guide to Section 702 Value Examples (IC on the Record) To facilitate public understanding of what the government has released regarding Section 702’s value, the ODNI has prepared a guide that gathers together those examples in one place. We originally posted this Guide on October 27, 2017. We have now updated this Guide to include additional value examples.

Executive Order Holds Agency Heads Responsible for Cyber Risks (American Security Today) The recently released 2018 federal budget includes an Executive Order that holds department and agency heads responsible for cybersecurity risk to their networks.

Litigation, Investigation, and Law Enforcement

The Guardian view on fighting terror: maintain trust | Editorial (the Guardian) Editorial: The security agencies have marked their own homework in their investigations into failings behind the London and Manchester attacks. They may have got it right – but we can only take their word for it

Science panel asks DHS for update on government-wide Kaspersky Lab purge (The Washington Times) The chairman of the House Science, Space and Technology Committee has asked the Department of Homeland Security for an update on the federal government’s efforts to identify and remove software made by Kaspersky Lab, an embattled Moscow-based antivirus vendor accused of having ties to Russian intelligence.

On Kaspersky, New Zealand intelligence community treads lightly (New Zealand Reseller News) Government Communications Security Bureau says agencies could take 'current international commentary' into account when making security software decisions.

FBI lacks 'technical ability' to crack most smartphone encryption (Washington Examiner) The FBI was unable to access data on about 7,800 mobile devices, even though they had the legal authority to try.

Arrested Belarussian identified as significant cyber-criminal figure (SC Media UK) The suspect whom international authorities arrested in Belarus during a 29 November operation to dismantle the Andromeda botnet has been identified.

HBO Hacker Linked to Iranian Spy Group (Security Week) A man accused by U.S. authorities of hacking into the systems of HBO and attempting to extort millions of dollars from the company has been linked by security researchers to an Iranian cyber espionage group tracked as Charming Kitten.

The Uber hacker was a 20-year-old Florida man who lived with his mother (Business Insider) A hacker stole data on 57 million customers — and Uber paid them $100,000 to delete it.

Net Neutrality comments “deeply corrupted” – NY Attorney General (Naked Security) Eric Schneiderman called for the postponement, declaring that the public comment process in advance of the vote.

Flynn Said Russian Sanctions Would Be ‘Ripped Up,’ Whistle-Blower Says (New York Times) The whistle-blower said Mr. Flynn thought that ending the sanctions would allow a business project he was once involved with to move forward.

Questions linger as data breach trading site LeakBase disappears (Naked Security) On 2 December LeakBase started redirecting to Troy Hunt’s campaigning breach site Have I Been Pwned? (HIBP), but why?

DeWolfe takes cellphone-search case to Supreme Court (Maryland Daily Record) The mere contention that criminals use cellphones to memorialize their crimes cannot be sufficient to secure a warrant to search a suspect’s phone, Maryland’s public defender has stated in papers u…

Action Fraud launches 24/7 helpline to combat cyber attacks (SC Media UK) Action Fraud, the UK's national fraud and cyber-crime reporting centre, has launched a 24/7 live cyber-attack helpline.

Packet Intelligence patents see different infringement outcomes in separate Eastern Texas cases ( | Patents & Patent Law) A jury verdict in a patent infringement case in the Eastern District of Texas held that plaintiff Packet Intelligence did not prove infringement against...

Knobbe Martens Secures Victory for SecureAuth Corporation (BusinessWire) Knobbe Martens, one of the leading intellectual property law firms in the United States, secured a patent victory for SecureAuth Corporation.

'Jeopardy!' champion Jass accused of hacking emails (The Daily Telegram) A news release from the Michigan State Police Cyber Command Center said it began an investigation after being contacted by staff at Adrian College.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Third International Conference on Information Security and Digital Forensics (ISDF 2017) (Thessaloniki, Greece, December 8 - 10, 2017) A 3 day event, with presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures.

Automotive ISAC Fall 2017 Summit (Derborn, MIchigan, USA, December 13 - 14, 2017) This year’s theme is “Start your engines” and is about how to build relationships and learn about a variety of timely and topical subjects in the world of automotive cybersecurity. The summit will focus...

International Conference on Cyber Security: Forging Global Alliances for Cyber Resilience (New York, New York, USA, January 8 - 11, 2018) The Federal Bureau of Investigation and Fordham University will host the Seventh International Conference on Cyber Security (ICCS 2018) on January 8-11, 2018, in New York City. ICCS is held every eighteen...

2018 Leadership Conference (Arlington, Virginia, USA, January 17 - 19, 2018) We invite you to join us for this unique opportunity to share information, participate in leadership training, collaborate on solutions to common problems, and network with peers from around the globe.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.