In an unusual announcement, Germany's security agency BfV (Bundesamt für Verfassungsschutz) revealed the results of their long counterintelligence inquiry into how Chinese intelligence services use social media. LinkedIn drew particular attention, and BfV director Hans-Georg Maaßen said China is using the platform to collect information on targeted individuals. The Chinese services are said to have catphished more than ten-thousand Germans. Most of the fictitious profiles used were swiftly taken down, but some journalists got a peek before the catphish spit the hook and vanished, and the profiles appeared to be what the BfV said they were. The Chinese Foreign Ministry dismisses the German report as "groundless" and "hearsay," desiring Berlin to "speak and act more responsibly."
Taking out insurance against cyberattack is a sensible way of transferring risk, but Watchguard thinks it sees signs of small businesses in particular thinking that insurance enables them to rest easy with poor cyber hygiene.
The blockchain and the barista: it appears that at least one Starbucks Wi-Fi provider may have used the coffee shop's network to install a Monero miner in unwitting patrons' devices.
The vigilante known variously as "The Doctor" and "The Janitor," the one responsible for Brickerbot, has indicated he's retiring. He claims to have bricked more than ten million vulnerable IoT devices, thereby preventing them from being herded into malicious botnets. Doctor Janitor never got much love—he was generally regarded as a destructive, self-righteous pest.
The US Securities and Exchange Commission has stopped another ICO, this one for Munchee.
Today's issue includes events affecting Australia, Bangladesh, China, European Union, Germany, India, Ireland, Italy, Nigeria, Philippines, Romania, Russia, Singapore, Taiwan, United Kingdom, United States, and Vietnam.
When 95% of breaches are human error, why is it on the last line of our security budget?
Probably because until now, you haven’t found a solution that works. NINJIO produces 3-4-minute-long animated Episodes that teach your end-users how not to get hacked. This is done through Hollywood story telling. A new Episode is produced every 30 days on the most current breaches. Your end-users emotionally connect with the first scene of every Episode, so they’re engaged throughout the Episode. NINJIO tells stories, not lectures and has a 98.5% renewal rate. NINJIO works. See a free in person demo.
Earn a master’s degree in cybersecurity from SANS(Online, December 21, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Thursday, December 21st, at 12:00pm noon ET. For complete information on master’s degree and graduate certificate programs, visit www.sans.edu.
Spider: A New Thread in the Ransomware Web(Netskope) Netskope Threat Research labs has detected new ransomware named Spider propagating in a mid-scale campaign. This ongoing campaign, identified on the 10th December, uses decoy Office documents which usually arrive as email attachments. These attachments are auto-synced to the enterprise cloud storage and collaborations apps. Netskope Threat Protection detects the decoy document as “VB:Trojan.VBA.Agent.QP” and...
macOS Backdoor Uses Innovative Disguise Technique(Security Week) A variant of the macOS-targeting OceanLotus backdoor is using an innovative technique to disguise the fact that it is an executable in order to avoid alerting users on its execution, Malwarebytes warns.
A brief history of ICS Cyber Security(Control Global) The November 2017 Issue of Control magazine had a section entitled “Serious cybersecurity sources”. In it, they included Unfettered and mentioned it being 10 years old. This got me thinking about a timeline of important ICS cyber security first-of-a-kind events.
New Alerting Technology Stops Airplane Hackers at System Level(Avionics) For veteran F-18 fighter pilot Brooks Cleveland, it’s not the obvious things that can go wrong in the cockpit that worry him, it’s the unseen attacks that can affect aircraft systems without being aware of them. “The threats that sci-fi novelists write about are not what I’m worried about as a pilot — of the …
Comodo, firm in cybersecurity partnership(Punch) Comodo, a global innovator and developer of cybersecurity solutions, and Tros Technologies, a Nigerian Information Technology solutions provider, have announced a strategic partnership on cybersecurity for the West African region.
Hacking bitcoin and blockchain(CSO Online) Both bitcoin and blockchain are vulnerable to attack. Here's what you need to know to protect yourself and why blockchain is becoming a foundational technology.
How to Check Your HP Laptop for the Synaptic Keylogger and Remove It(BleepingComputer) With that said, if you have an HP laptop, you may be wondering if your laptop has the driver installed that contains this debug trace, or keylogging, feature. This article will tell you how to check if you have the affected driver installed on your laptop and how to update it to the latest version.
The 8 biggest IT management mistakes(CIO) Sure, nobody’s perfect. But for those in charge of enterprise technology, the fallout from a strategic gaffe, bad hire, or weak spine can be disastrous. Here’s how to avoid (or recover from) big-time IT leadership mistakes.
Making order from chaos in cyber warfare law(The Jerusalem Post) It’s important for the US – even if it wants to preserve some flexibility in its cyber actions – “to work hard to keep its operations within the four corners of the law."
SWIFT And The New Regulatory Environment Of 2018(Forbes) From January 1 2018, financial institutions that use SWIFT, the global banking messaging platform, will have to comply with a new cybersecurity framework that aims to establish a baseline for security.
SEC shuts down Munchee ICO(TechCrunch) In what should be an interesting beginning to the coming avalanche of ICO failures, the SEC has come down hard on Munchee, a company that built a $15 million..
Officials deny security, personal leaks over e-Gate(Taipei Times) There is no evidence that Taiwanese travelers’ personal information was leaked by allegedly Chinese-made biometric scanners used at the nation’s three international airports, the Ministry of the Interior and the National Immigration Agency said on Sunday.
Ireland risks shooting itself in the foot in crucial Microsoft email case(Digital Tech Insider) In what could be a very misguided move, the Government signalled on Sunday that it may undermine its former position on an enormously important technology case involving Microsoft Ireland that is before the United States supreme court. In doing so it risks irreparably damaging Ireland’s attractiveness as a business location for a …
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Automotive ISAC Fall 2017 Summit(Derborn, MIchigan, USA, December 13 - 14, 2017) This year’s theme is “Start your engines” and is about how to build relationships and learn about a variety of timely and topical subjects in the world of automotive cybersecurity. The summit will focus...
2018 Leadership Conference(Arlington, Virginia, USA, January 17 - 19, 2018) We invite you to join us for this unique opportunity to share information, participate in leadership training, collaborate on solutions to common problems, and network with peers from around the globe.
Connected Medical Device & IOT Security Summit(Baltimore, Maryland, USA, January 25 - 26, 2018) The Summit will offer practical solutions to many of the daunting security challenges facing medical device and connected health technology companies, healthcare providers, payers and patients. The program...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.