skip navigation

More signal. Less noise.

Do you know the best practices for applying threat intelligence?

Threat intelligence is one of the most talked about areas of information security today, but how do you actually use it? Learn best practices for applying threat intelligence with Recorded Future's latest white paper. Download your free copy now.

Daily briefing.

Borrowing from the ISIS playbook, al Qaeda goes online as it seeks to inspire attacks in response to the US embassy's relocation to Jerusalem.

Hacking and cybercrime show two longstanding trends: greater coordination and an increasing convergence between criminal gangs and nation-state security services. 

Group-IB reports finding a Russian-speaking gang, "MoneyTaker," that's looted as much as $10 million from Russian and US banks.

Some four-hundred-sixty models of HP laptops are found to contain a keylogger pre-installed with their Synaptics Touchpad driver. Affected models include the EliteBook, ProBook, Pavilion, and Envy series. HP has issued fixes for the devices, saying that neither HP nor Synaptics has received access to customer data through the bug.

Bitcoin continues its rapid rise in value and receives commensurate criminal attention. Fortinet reports observing a phishing campaign that pretends to be marketing the Bitcoin trading application "Gunbot." Gunbot is a real, if new, trading tool, but the payload the bogus emails deliver is the malicious Orcus RAT. SANS says it's seen adult-content email contributing to the delinquency of a coin miner. And a knock-off Bitcoin wallet has made it into the Apple store. 

There's nothing inherently criminal or even shady about cryptocurrencies, but any speculative bubble will draw crooks and fraudsters. One such conman, the impresario behind that PlexCoin ICO the US Securities and Exchange Commission found objectionable, has been convicted of fraud. His sentence includes both confinement and a fine.

Lots of ideas about combatting fake news circulate, but there are no obvious killer apps.


Today's issue includes events affecting Bangladesh, Bulgaria, European Union, India, Iran, Iraq, Democratic Peoples Republic of Korea, Malta, New Zealand, Russia, United Kingdom, United States.

When 95% of breaches are human error, why is it on the last line of our security budget?

Probably because until now, you haven’t found a solution that works. NINJIO produces 3-4-minute-long animated Episodes that teach your end-users how not to get hacked. This is done through Hollywood story telling. A new Episode is produced every 30 days on the most current breaches. Your end-users emotionally connect with the first scene of every Episode, so they’re engaged throughout the Episode. NINJIO tells stories, not lectures and has a 98.5% renewal rate. NINJIO works. See a free in person demo.

In today's podcast, we hear from our partners at the University of Maryland's Center for Health and Homeland Security, as  Ben Yelin discusses the proposed Cybersecurity Improvement Act of 2017, now before the US Congress.

Earn a master’s degree in cybersecurity from SANS (Online, December 21, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Thursday, December 21st, at 12:00pm noon ET. For complete information on master’s degree and graduate certificate programs, visit

Cyber Attacks, Threats, and Vulnerabilities

Al Qaeda seeks to incite violence after US recognizes Jerusalem as Israel's capital (FDD's Long War Journal) Al Qaeda's general leadership and regional branches have released statements denouncing the US decision to recognize Jerusalem as Israel's capital.

Unmasked: Anonymous Historian Leaked Islamic State Secrets (Voice of America) He led a secret double life as the blogger Mosul Eye, documenting Islamic State’s atrocities for the world. Now in Europe on Dec. 5, 2017, Omar Mohammed no longer wants to remain anonymous.

Cybersecurity Expert: Iranian Hacking is a “Coordinated, Probably Military, Endeavor” (The Tower) On the heels of a report this week documenting Iran’s increasingly aggressive hacking attacks around the globe, a cybersecurity expert assessed that the advanced nature of the attacks suggests a “coordinated, probably military, endeavor,” CyberScoop an online industry news site reported Thursday.

Malware-free attacks on the rise as line between cybercrime and nation states blurs (SC Media US) Malware-free or fileless, attacks are on the rise as the lines between nation-state sponsored attack groups and eCrime threat actors are blurred.

Malwarebytes sees New Mafia launching cyber-attacks (Enterprise Times) Malwarebytes releases a report looking at the rise of the New Mafia as cybercrime creates new gangs of criminals, including those with government support 

Dark web’s key to success nothing sexy, it’s just ‘good customer service’ (VIDEO) (RT International) .Jamie Bartlett, author of The Dark Net, spoke to RT about the dark web and protecting yourself online

Untangling the Patchwork Cyberespionage Group (TrendLabs Security Intelligence Blog) Patchwork is a cyberespionage group known for targeting diplomatic and government agencies that has since added businesses to their list of targets.

HP laptops found to have hidden keylogger (BBC News) A researcher finds more than 460 models have the hidden software pre-installed.

Researcher finds keylogger on HP laptops (Computing) Laptops exposed through Synaptics Touchpad driver

MoneyTaker group: Group-IB uncovered a cyber gang attacking banks in the USA and Russia (Security Affairs) Group-IB spotted the operations of a Russian-speaking cyber gang tracked as MoneyTaker group that stole as much as $10 million from US and Russian banks.

Windows 10: UK's GCHQ found out how to hack Windows Defender to own your PC (ZDNet) And it didn't keep the vulnerability to itself.

Is source code inspection a security risk? Maybe not, experts say (CSO Online) Some information security insiders raised a red flag when Russian requests to review security software code became known. The controversy may be a tempest in a teapot.

1.4 Billion Clear Text Credentials Discovered in a Single Database (Medium) A Massive Resource for Cybercriminals Makes it Easy to Access Billions of Credentials.

Android Flaw Allows Attackers to Poison Signed Apps with Malicious Code (Threatpost) An Android vulnerability called Janus allows attackers to inject malicious code into signed Android apps.

Android vulnerability allows attackers to modify apps without affecting their signatures (Help Net Security) Among the many Android vulnerabilities patched by Google this December is one that allows attackers to modify apps without affecting their signatures.

Secure Apps Exposed to Hacking via Flaws in Underlying Programming Languages (BleepingComputer) Research presented this week at the Black Hat Europe 2017 security conference has revealed that several popular interpreted programming languages are affected by severe vulnerabilities that expose apps built on these languages to attacks.

Orcus RAT Campaign Targets Bitcoin Investors (Security Week) In an attempt to benefit from the recent spike in the value of Bitcoin, the authors of a remote access Trojan have started targeting Bitcoin investors with their malicious software, Fortinet has discovered.

P[0]rnographic malspam pushes coin miner malware (SANS Internet Storm Center) On Saturday 2017-12-09 and Sunday 2017-12-10, I came across a wave of malicious spam (malspam) with links to a Bitcoin miner disguised as p[0]rnographic material.

Phishing Attacks on Bitcoin Wallets Intensify as Price Goes Higher and Higher (BleepingComputer) It was only natural that the Internet's cyber-criminal element would turn its gaze towards the Bitcoin ecosystem after the cryptocurrency's price has surged from $11,000 on Monday to almost $17,500 earlier today.

Apple let a knockoff version of one of the world’s biggest crypto wallets into the App Store (TechCrunch) An app masquerading as, one of the internet's most popular services for storing ETH and other crypto coins, has made its way to the top of..

Bitcoin futures are now tradable on the CBOE (TechCrunch) Bitcoin futures trading on CBOE, the world's largest futures exchange, just launched at 5pm CT. Within a minute of the launch bitcoin spiked about 10% from..

How to Explain the current surge in the Bitcoin price? (Bankless Times) Bitcoin has demonstrated phenomenal growth - and many are asking how and why this has happened? There are several factors which are immediate visible on th

Will bitcoin go bust as it tops $17,000? Maybe, says Raleigh attorney and cryptocurrency evangelist (WRAL TechWire) Blockchain evangelist John Fallone, an attorney and entrepreneur in Raleigh, thinks this "bitcoin crash" so speculated upon will be something we can ride out - if it happens at all.

The cryptocurrency conundrum (The Statesman) Cryptocurrency is the term used to denote a set of currencies which are a subset of digital currencies using the technique of cryptography and which exist only on the digital platform. As of July 2017, there are 900 digital currencies in existence. Bitcoin is best known of such currency formats and is based on the …

00Bitcoin! British Spy Agency to Review Potential Bitcoin Risks ( The UK is calling upon its spy agency, the GCHQ, to review the potential risks that Bitcoin can bring and share that information with other government depa

Blackbook: Another Darknet Social Media Site Hacked (DarkOwl) While shoppers were off searching for the best Black Friday deals the day after Thanksgiving, users of Blackbook, commonly considered the "Facebook of Tor," were in for a shock when their regular login screen was replaced with an ominous image and a message alerting users that Blackbook ha

The Cumulative Effect of Major Breaches: The Collective Risk of Yahoo & Equifax (Security Week) Until quite recently, people believed that a dizzying one billion accounts were compromised in the 2013 Yahoo! breach… and then it was revealed that the real number is about three billion accounts.

Think twice before buying a connected toy (The Verge) Lots of kids will be gifted connected toys this holiday season, and while I'm all for spoiling children, I also suggest thinking about the risks that come with an internet-connected plaything. Many...

Security Patches, Mitigations, and Software Updates

HPSBHF03564 rev 1 - Synaptics Touchpad Driver Potential, Local Loss of Confidentiality (HP Customer Support) Notice:: The information in this security bulletin should be acted upon as soon as possible.

Microsoft Patches Two Critical Defender Bugs (Infosecurity Magazine) Microsoft Patches Two Critical Defender Bugs. RCE flaws spotted by UK’s National Cyber Security Centre

Cyber Trends

Welcome to the age of digital warfare. Here's what the future holds. (Futurism) These battles are more pernicious and less visible than the typical.

Exposing Russian Interference - The Value of Real-Time Forensics (The Cipher Brief) Russian President Vladimir Putin has sought to exploit open and free U.S. cyberspace, which serves as a force multiplier for commerce and freedom of expression, with hacking and discoverable influence operations. Conducting all-source forensics following these Russian attacks on our democratic process, U.S. social media networking sites are in the incident response phase ...

What’s the military’s role in fighting fake news? (C4ISRNET) Understanding today's information warfare is key to U.S. training and operations to achieve superiority or dominance in cyberspace, Department of Defense officials agree.

Fake news, cybercrimes to gain more ground in 2018 – cybersecurity experts (Rappler) Global losses through business email compromise scams are expected to increase to $9.1 billion in 2018

Tech Companies' Transparency Efforts May Be Inadvertently Causing More Censorship (Motherboard) When should American companies comply with government censorship requests?

'Nature' Editorial Juxtaposes FOIA Email Release With Illegal Hacking (Motherboard) One of science's most important publications assumes science journalists don't know how to do their jobs.

Centrify predicts how to turn the cybersecurity tide in 2018 (Impress) Centrify, a leader in securing hybrid enterprises through the power of identity services, has identified seven trends that will shape enterprise security in Australia and New Zealand during 2018.

Cybersecurity, Fraud and Operational Risk: The Time for Cognitive Convergence Is Now (Security Intelligence) The threat landscape is expanding, and organizations must undergo a cognitive convergence to manage evolving security, fraud and operational risks.

The State of Cybersecurity in the Legal Industry: Are Things Improving? ( ALM Intelligence’s third annual cybersecurity study of law firms and law departments has found that law firms and law departments are increasingly being tasked by C-Suite and management to take the lead on cybersecurity. Yet, both law firms and law departments continue to struggle with their preparation and response to the cyber threat.

How Email Open Tracking Quietly Took Over the Web (WIRED) You give up more privacy than you might think each time you open an email.


WannaCry and NotPetya Had Little Impact on Security Spend (Infosecurity Magazine) WannaCry and NotPetya Had Little Impact on Security Spend. Security teams still underfunded and under-appreciated, says AlienVault

Post-Breach Carnage: Worst Ways The Axe Fell in 2017 (Dark Reading) Executive firings, stock drops, and class action settlements galore, this year was a study in real-world repercussions for cybersecurity lapses.

Ukroboronprom head: Ukraine’s military industrial complex during hybrid warfare (Defense News) Hybrid war in the east of Ukraine forced us – taking into account combat experience – to develop unmanned equipment for performing various tasks on the battlefield without putting our soldiers’ lives at risk.

Menlo Security secures $40 million Series C to keep malware at bay (TechCrunch) Menlo Security, a startup with a unique approach to protecting your company from malware and phishing attacks, announced a $40 million Series C round today...

Security Technology Startup Closes Series C Funding ( Contrast Security announced the close of a new round of Series C financing from AXA Strategic Ventures and Microsoft Ventures. Contrast Security’s technolo

3 Top Cybersecurity Stocks to Consider Buying Right Now (The Motley Fool) The threat posed by hackers will only grow, which means the opportunities for Palo Alto Networks, Fortinet and Cyberark will too.

$322M NGA cyber contract trains war fighters, protects their eye in the sky (Fifth Domain) NGA provides intelligence on geospatial imagery and mapping information, which is used by the U.S. military for planning and response for national disasters, combat, terrorist attacks and other events. But those assets are being threatened by cyberattacks as nation-states and non-nation actors attempt to disrupt or intercept that information.

Start-ups see opportunity in tackling fake news (Financial Times) Fighting misinformation on social media has proved lucrative for some companies

Betamore CEO departs for cybersecurity firm (Baltimore Sun) Betamore CEO Jen Meyer will become ZeroFox vice president

Skybox Security names Uri Levy as new VP of Worldwide Channels (ANI) Global leader in cybersecurity management Skybox Security has announced Uri Levy as the new Vice President of Worldwide Channels to lead the growth of the company's global reseller network.

Sydney security startup LMNTRIX hires former Symantec & CA exec (Security Brief) Vic Mankotia is now LMNTRIX's new vice president of Strategic Alliances.

Products, Services, and Solutions

New chat bot targeting New Zealand's cybercrime issue (New Zealand Herald) Netsafe has unleashed a new weapon aimed at beating scammers at their own game.

VMware partners with Carbon Black for security in virtual data centre (The Stack) VMware and Carbon Black have finalised a new security product that uses smart whitelisting for software-defined data centres.

How to Encrypt All of the Things (WIRED) Want to keep outsiders from listening in on your chats, phone calls, and more? Encrypt them. All of them.

SafeDNS Tackles Wi-Fi Router Security (eSecurity Planet) The web filtering specialists is working with Wi-Fi router vendors to help keep users safe on the internet.

LeClairRyan Launches Technology and Innovations Practice Team (PRNewswire) LeClairRyan has launched a new cross-office, cross-disciplinary practice team...

Technologies, Techniques, and Standards

NIST Publishes Second Draft of Cybersecurity Framework (Security Week) The National Institute of Standards and Technology (NIST) announced this week that it has published a second draft of a proposed update to the “Framework for Improving Critical Infrastructure Cybersecurity,” better known as the NIST Cybersecurity Framework.

Severe cybersecurity attacks need stronger response plans, 9/11 investigator warns (CSO) Companies are getting better at detecting breaches – but must be prepared to mount large-scale crisis responses as increasing sophistication amongst cybercriminals blurs the distinction between nation-state attacks and malicious intruders.

Fighting Automation with Automation (Security Week) Disruptions caused by autonomous malware could have devastating implications

A layered approach to modern identity (Help Net Security) The modern identity is changing fast, but many organizations are slow to adopt new security approaches due to the negative impact on user experience.

Physical Measures to Amp Up Your Digital Security (WIRED) Not every digital problem requires a software solution. For an added layer of safety, look to these real-world reinforcements.

Using Machine Learning Concepts and Applying to Cryptography (Infosecurity Magazine) How three AI networks adversely interacted together to learn how to protect their communications.

How to Rip the Mics Out of Your MacBook and iPhone (WIRED) One way to make sure no one's listening in on your private conversations? Drop the mics. Literally.

Take These 7 Steps Now to Reach Password Perfection (WIRED) Admit it: Your passwords aren't great. But if you fix them up, you'll have a solid first-line digital defense.

Resist Phishing Attacks with Three Golden Rules (WIRED) They're preying on your emotions. Don't get stuck on their digital hooks.

The A-B-C’s of Keeping Your Kids Safe Online (WIRED) You can't lock your offspring out of the internet forever. But you can prepare them to navigate it properly.

Tips for keeping your phone safe from cyber threats while travelling (Channel News Asia) Travelling these days is made much easier with technology. But mobile devices could also ruin your vacation, if you become a victim of cybercrime overseas.

CrowdStrike compiles 'casebook' of cybersecurity's important lessons (Security Brief) The casebook found that attack trends towards fileless malware, such as those that execute code from memory, made up 66% of all attacks.

Design and Innovation

Blockchain vs. Bitcoin: In 2018, Will We Finally Get the Difference? - RTInsights (RTInsights) What will 2018 bring in the world of edge technologies? Will we finally get that blockchain isn't (just) Bitcoin? Will self-driving cars get a conscience?

Microsoft has set up an internal AI University to try and get around the skills shortage (Business Insider) The company is competing with Google, Amazon, Facebook and others for the best minds.

Research and Development

Google AI teaches itself ‘superhuman’ chess skills in four hours (Naked Security) Move aside, ugly, giant bags of mostly water, the computers are teaching themselves now


Louisiana Tech opens Cyber Training Center (News@Tech) A ribbon-cutting ceremony Thursday morning at the National Cyber Research Park in Bossier City commemorated Louisiana Tech’s most recent step toward delivering both greater college and career opportunities to Shreveport-Bossier, and greater cyber support and training to both the area’s students and the nation’s military.

Legislation, Policy, and Regulation

Will IoT botnets catapult the industry toward security regulation in 2018? (Help Net Security) The next attack will be larger than the DDoS attack caused by Mirai and that it will create enough impact to trigger government regulation of IoT.

Cybersecurity is a challenge we must push up the political agenda (Times) Michel Barnier, the EU’s chief Brexit negotiator, has announced that the UK will be no longer be a member of Europol once it leaves the EU. Yet the nature of modern-day organised crime knows no...

NO DEAL: How Secret Talks With Russia to Prevent Election Meddling Collapsed (BuzzFeed) With the 2018 midterms on the horizon, Moscow proposed a sweeping noninterference agreement with the United States, US officials tell BuzzFeed News. The Trump administration said no.

New rule coming for US names mentioned in spy reports (Statesman) President Donald Trump's national intelligence director next month will tighten rules for providing...

Here’s how Ellen Lord will reduce acquisition time by 50 percent (Defense News) The Pentagon’s top acquisition official plans to cut the time for early lead procurement by 50 percent, with a future goal of compressing the timeline of request for proposals to contract on major defense acquisition programs from two and a half years down to about 12 months.

How US Army Cyber Command plans to increase employee morale (Fifth Domain) Despite a rocky start in its inaugural year being assessed by the Partnership for Public Service, U.S. Army Cyber Command is taking steps to help create a healthier work environment for the future.

Coast Guard Cyber Command 'just as important as cutters and aircraft' ( The Coast Guard's Cyber Command has to balance its identity as a military service with its role as a component of the Homeland Security Department.

Essye Miller named acting CIO at the Department of Defense (Fedscoop) The Department of Defense announced on Friday that it has found a new acting CIO — none other than Pentagon CISO and Deputy CIO Essye Miller. Miller steps into a role left open when President Donald Trump named John Zangardi CIO of the Department of Homeland Security back in October. Zangardi had been filling the role since …

Qiliho calls to regulate cyber space (Fiji Times) Police Commissioner Brigadier General Sitiveni Qiliho has called for the regulation of cyber space.

Victims of cybercrime must be better informed on methods of protection - Miriam Dalli (MaltaToday) The Labour MEP stressed the need for people learning to protect themselves against negative consequences, including reputational damage

Stefanik talks cybersecurity improvements, challenges (Watertown Daily Times) U.S. Rep. Elise M. Stefanik, R-Willsboro, spoke Thursday to the Times about recent efforts to improve the nation’s cybersecurity strategy.

Guide to Section 702 Value Examples (IC on the Record) Set forth below is a guide to officially released information on the value of information collected under Section 702 of the Foreign Intelligence Surveillance Act (FISA).

No right answer yet to ‘privacy vs security’ parley (The Hindu) Expect one in 3-5 years, says Huawei’s cybersecurity chief, who is also impressed with the massive scale of Aadhaar

This is the future if net neutrality is repealed; the creeping, costly death of media freedom (TechCrunch) When a country lacks an open internet, the government (and companies friendly with said government) are able to do anything from simply blocking or banning..

Litigation, Investigation, and Law Enforcement

Report: Bangladesh asks NY Fed to join lawsuit for cyber heist (TheHill) Officials from Bangladesh's central bank encouraged counterparts from the New York Federal Reserve last month to join a lawsuit against Manila-based Rizal Commercial Banking Corp (RCBC) for its role in routing stolen funds in an $81 million cyber heist

PlexCoin Scam Founder Sentenced to Jail and Fined $10K (Motherboard) The Canadian scam made international headlines.

Is Bulgaria sitting on $3.5 BILLION worth of Bitcoin seized from criminals? (Graham Cluley) Bulgarian police say criminals planted of malware on customs' computer networks to slip shipments through without paying tax... but what happened to the Bitcoins?

Governments Using Crypto as a Reason to Spy on Us (Cointelegraph) Are governments trying to use cryptocurrencies as another reason to spy on us?

Lawsuits Lurk if Foreign Surveillance Law Not Reauthorized (Bloomberg Law) Communications providers ordered to assist government efforts to monitor foreigners abroad may bring court challenges if the government proceeds with surveillance without Congress renewing the underlying law, former […]

Experts Look For Lessons in FDA's Pacemaker Cybersecurity Recall (Regulatory Affairs Professional Society) In a paper in JAMA this week, two experts highlight lessons that could be learned from the US Food and Drug Administration's (FDA) first major cybersecurity-related recall for a permanent implantable medical device.

ABA Warns Judges of Ethical Problems Over Benches’ Internet Research (New York Law Journal) A formal opinion issued Friday from the ABA's ethics committee outlines when judges should or shouldn’t use the internet for their own research.

The Trump-Russia Probe Is About to Get Uglier (Bloomberg) Unpleasant facts are spilling out. Republicans don't want to know them.

The U.S. Media Suffered Its Most Humiliating Debacle in Ages: Now Refuses All Transparency Over What Happened (The Intercept) How did ”multiple sources” all innocently feed the same false information to multiple media outlets? The refusal of CNN and MSNBC to say only compounds the damage they caused.

Bias allegations in Robert Mueller's probe offer Trump allies a new counterargument (Washington Examiner) White House officials received a gift from special counsel Robert Mueller’s team this week in the form of revelations about questionable beh...

The FBI Is No Friend of Liberty and Justice (Reason) The FBI's handling of the Michael Flynn case is disturbing.

The Unsolved Mystery of Michael Flynn’s Plea Deal (Foreign Policy) It might be a dramatic breakthrough in the investigation of Donald Trump — or a revelation of Robert Mueller’s weak hand.

Uber settles lawsuit with woman who accused executives of obtaining medical records after she was raped (TechCrunch) Uber has settled its lawsuit with a woman (Jane Doe) who accused its now-former CEO Travis Kalanick, president of business in Asia Eric Alexander and SVP of..

Judge orders man to serve 29 months after he pleads guilty to online fraud (Ars Technica) DOJ cracks down on online scammers who trick people on eBay and other sites.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Automotive ISAC Fall 2017 Summit (Derborn, MIchigan, USA, December 13 - 14, 2017) This year’s theme is “Start your engines” and is about how to build relationships and learn about a variety of timely and topical subjects in the world of automotive cybersecurity. The summit will focus...

International Conference on Cyber Security: Forging Global Alliances for Cyber Resilience (New York, New York, USA, January 8 - 11, 2018) The Federal Bureau of Investigation and Fordham University will host the Seventh International Conference on Cyber Security (ICCS 2018) on January 8-11, 2018, in New York City. ICCS is held every eighteen...

2018 Leadership Conference (Arlington, Virginia, USA, January 17 - 19, 2018) We invite you to join us for this unique opportunity to share information, participate in leadership training, collaborate on solutions to common problems, and network with peers from around the globe.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.