skip navigation

More signal. Less noise.

How are companies actually using machine learning for threat intelligence?

Artificial intelligence, and in particular machine learning, has seen huge strides in recent years and is now impacting all aspects of society and business. Learn the four ways machine learning is powering smarter threat intelligence with Recorded Future's latest white paper. Download your copy now.

Daily briefing.

Russia's been facing a wave of what the Moscow Times is calling "telephone terrorism cyberattacks." They're essentially bomb threats; Russian authorities say they've caused two-million people to be evacuated since September, and that the threats originate in Syria.

Facebook finds three more Russian-purchased ads related to information operations surrounding the Brexit vote. 

A Russian defendant in a Russian court (it's the trial of members of the "Lurk" hacking crew) is said to have claimed President Putin ordered him to hack the US Democratic National Committee. But both the court and the news source are Russian, and this particular informational matryoshka should be viewed with appropriate skepticism until more is known.

DDoS attacks against Bitfinex are impeding Bitcoin trading. Ethereum trading exchange CoinBase may also be under attack (or it may just be clogged by traders). Speculators drive surging Bitcoin rivals Litecoin and Ether to new highs.

An interesting development in the Mirai case: as has long been believed, it was the work of a couple of guys in Pennsylvania and New Jersey. Both pleaded guilty to writing and using the DDoS code this week.

The Far Eastern International Bank has been fined by Taiwan regulators for deficiencies that permitted its SWIFT system to be hacked in October. 

Yesterday was Patch Tuesday. Flash issued its traditional monthly fix for Flash Player. Microsoft pushed out a number of fixes—20 "critical," 12 "important"—which observers are calling a relatively light update. SAP also patched, with their newly-assumed ability to issue CVE numbers.


Today's issue includes events affecting Australia, China, European Union, Iran, Russia, Syria, United Kingdom, United States.

When 95% of breaches are human error, why is it on the last line of our security budget?

Probably because until now, you haven’t found a solution that works. NINJIO produces 3-4-minute-long animated Episodes that teach your end-users how not to get hacked. This is done through Hollywood story telling. A new Episode is produced every 30 days on the most current breaches. Your end-users emotionally connect with the first scene of every Episode, so they’re engaged throughout the Episode. NINJIO tells stories, not lectures and has a 98.5% renewal rate. NINJIO works. See a free in person demo.

In today's podcast we hear from our partners at Dragos as Robert M. Lee talks about the security of the water supply. Our guest is Evan Dornbush from Point3 Security, who discusses the disconnect between employers and educational institutions.

Earn a master’s degree in cybersecurity from SANS (Online, December 21, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Thursday, December 21st, at 12:00pm noon ET. For complete information on master’s degree and graduate certificate programs, visit

Cyber Attacks, Threats, and Vulnerabilities

Following the developing Iranian cyberthreat (Fifth Domain) Like Russia and China, the history of Iran’s cyberspace operations begins with its hackers.

‘Telephone Terrorism’ Cyber Attack Originated in Syria, Russia Says (Moscow Times) More than two million people were evacuated since September

Facebook’s Brexit probe unearths three Russian-bought “immigration” ads (TechCrunch) Facebook has provided more details about the extent of Russian digital interference related to the UK's Brexit vote last year.

Major traffic destinations rerouted to Russia (Computing) Internet destinations rerouted to Russia in new BGP incident

Millions Impacted by Credential-Stealers in Google Play (Security Week) During October and November 2017, Kaspersky Lab researchers discovered 85 applications in Google Play that were designed to steal credentials for Russian social network One of the malicious applications had more than a million downloads.

Golduck Malware Infects Classic Android Games (Security Week) Several classic game applications in Google Play have been silently downloading and installing a malicious APK file onto Android devices, Appthority reports.

Stealthy Admin Accounts Found in Hybrid Office 365 Deployments (Security Week) Vulnerability in Azure AD Connect Software Can Provide Stealthy Admins With Full Domain Control

Leading cryptocurrency exchange faces outages as bitcoin rivals surge (Ars Technica) Litecoin, a leading bitcoin rival, has soared 150 percent in four days.

Bitfinex cryptocurrency exchange hit by massive DDoS attacks​ (HackRead) Bitfinex, known as one of the world largest cryptocurrency exchange was forced to shut down its ongoing operations after suffering a series of non-stop dis

Streaming sites mine cryptocurrency while you watch free movies (CSO Online) AdGuard discovered crypto-jacking schemes at Openload, Streamango, Rapidvideo and OnlineVideoConverter, affecting nearly 1 billion users per month.

Variation of 19-Year-Old Cryptographic Attack Affects Facebook, PayPal, Others (BleepingComputer) Three security researchers have discovered a variation to an old cryptographic attack that can be exploited to obtain the private encryption key necessary to decrypt sensitive HTTPS traffic under certain conditions.

Ransom email scam from ‘hitman’ demands: pay up or die (Naked Security) It’s a horrible email scam that’s supposed to scare the life out of you

New Spider Ransomware Comes With 96-Hour Deadline (Threatpost) A ransomware campaign targeting the Balkans comes with a 96-hour deadline and includes a link to a video that assures victims payments can be made easily.

Ransomware's bitcoin problem: How price surge means a headache for crooks (ZDNet) Ransomware authors are profiting from the rise of the cryptocurrency -- but it's also bringing some unexpected problems for them and other dark web operators.

North Carolina County Goes Public With Ransomware Attack (Bloomberg Law) A North Carolina county went public with its recent ransomware attack and decision not to pay a ransom, providing a rare look inside such crippling hacks, the vast […]

Fake email, stolen log-ins opened door to widespread hack on Mecklenburg County (Charlotte Observer) Mecklenburg County ransomware comes as government spends more to guard against cyber attacks and data breaches. The attack started as phishing email.

This database may be about to spark a cyber crime epidemic (Newsweek) A database of 1.4 billion user passwords compiled from 252 data breaches is suspected to be the largest ever.

Security Patches, Mitigations, and Software Updates

Microsoft December Patch Tuesday Fixes 34 Security Issues (BleepingComputer) Microsoft has released security updates as part of its monthly Patch Tuesday release train, and this month, the company has patched 34 issues affecting eight products.

December Patch Tuesday: Yearender Includes Updates for MMPE Vulnerabilities (TrendLabs Security Intelligence Blog) It was a relatively low-key year-ender for Microsoft’s Patch Tuesday, as the company’s monthly release of updates was relatively light in terms of noteworthy vulnerabilities. With that said, there were still a few notable vulnerabilities that were addressed.

Microsoft Releases a Light Dusting of Patches for December (Infosecurity Magazine) Microsoft Releases a Light Dusting of Patches for December. Most fixes this month affect IE and Edge

Patch Tuesday, December 2017 Edition (KrebsOnSecurity) The final Patch Tuesday of the year is upon us, with Adobe and Microsoft each issuing security updates for their software once again. Redmond fixed problems with various flavors of Windows, Microsoft Edge, Office, Exchange and its Malware Protection Engine. And of course Adobe’s got another security update available for its Flash Player software.

Adobe Patches 'Business Logic Error' in Flash Player (Security Week) The only security update released by Adobe this Patch Tuesday addresses a moderate severity regression issue affecting Flash Player.

SAP Becomes CVE Numbering Authority (Security Week) Released this week with fixes for 11 vulnerabilities, SAP’s Security Patch Day for December 2017 marks a change in the history of SAP patches: it also includes CVE numbers in the titles of the security notes.

Android's poor system update process is putting devices at risk (Security Brief) Singh says that even one year after Android 7.0 Nougat was released, only 17% of devices run the operating system. The statistics are poorer for 7.1.

Making Sense of Apple's Recent Security Stumbles (WIRED) Apple's had some prominent security lapses lately. But is it just a rough patch, or something deeper?

Cyber Trends

Security Expert Warns That Cryptocurrency Hacking Will Intensify Next Year (Cryptovest) Lee Chen, A10 Networks' CEO, said in an interview today that we could expect the frequency of cyber attacks in the cryptocurrency space "to continue to increase in 2018."

Data Breach Predictions: The Trends to Shape 2018 (PRNewswire) Today's organizations face a cyber security landscape that is more...

Are cyber threats still not a priority? (Information Age) An AlienVault survey analysing the impact of WannaCry and NotPetya has found that attitudes to cyber security have hardly changed as a result

99% of Office Workers Commit Actions that Dramatically Increase the Likelihood of Workplace Data Breach (Intermedia) Part 3 of Intermedia’s new 2017 Data Vulnerability Report finds office workers often ignore data security best practices, putting themselves and their employers at great risk

Email is the biggest source of data breaches (Modern Healthcare) Email has been the biggest source of data breaches this year, with 73 breaches between Jan. 1 and the end of November reported to HHS, affecting 573,698 people.

Healthcare Phishing, Computer Viruses Top Cyber Attack Methods (HealthITSecurity) A recent Accenture and AMA survey showed that healthcare phishing was the most common cause for cyber attacks.

Industry Threat Report: Healthcare It’s Time for a Cybersecurity Check-up (eSentire) In the Healthcare Industry Threat Report, the eSentire Threat Intelligence team looks at why the healthcare industry is a growing target and reveals some common exposures and attack methods used by today’s cybercriminals.

Automation Could Be Widening the Cybersecurity Skills Gap (Dark Reading) Sticking workers with tedious jobs that AI can't do leads to burnout, but there is a way to achieve balance.

Hard things are hard, security will never be easy (CSO Online) There isn’t a skills shortage for security because these are skills you can’t teach.


Lockheed Wins Potential $78M Navy IT Security Support Contract - GovCon Wire (GovCon Wire) Lockheed Martin (NYSE: LMT) has won a potential five-year, $77.7 million contract to provide cyberse

Cisco maintains grip on IT security market after ‘strong channel partner focus’ (Channel Life) ​Canalys has released its latest predictions surrounding the global IT security market’s performance over the third quarter in 2017.

3 Hot Cybersecurity Stocks to Focus On to Ring in 2018 ( As the eventful 2017 comes to a close, we believe this is the right time to make your investment plans for the upcoming year.

Inspecting Barracuda's Private Buyout (Seeking Alpha) Barracuda's tepid growth is justifying the looming buyout. Its product portfolio can generate more value in the absence of market irrationality. I think there i

I used to be a bitcoin bull—here’s why that changed (Ars Technica) With "buy bitcoin with credit card" trending on Google, investors should be wary.

China week in cyberland: US companies ‘kiss the ring’ (AEI) Transfixed by sex scandals, tax legislation, and the president’s Jerusalem gambit, Washington observers may have missed or passed over a truly signal week for Beijing’s emergence as a leader in the global digital world.

Products, Services, and Solutions

enSilo Helps Security Community Detect Far-reaching "Process Doppelgänging" Evasion Techniques Bypassing Popular AV and NGAV Defenses (PRNewswire) enSilo, the company that provides unified endpoint security with NGAV...

KnowBe4 Offers Employees a “Second Chance” to Make Smarter Security Decisions (GlobeNewswire News Room) Employees given a chance to turn back time on a careless click. IT Admins can use this new, unique email security tool to toughen their human firewall.

Hotel chain needs only two days to prove PCI compliance (Netwrix) Netwrix Auditor enables Mountain Park Lodges to achieve sustainable compliance

AIG Launches New Cyber Model That Scores Client Cyber Risk; Introduces CyberMatics℠ in Collaboration with CrowdStrike and Darktrace (BusinessWire) American International Group, Inc. (NYSE: AIG) today announced a new cyber benchmarking model that quantifies and scores client cyber risk. The AIG mo

M-Files 2018 Is Industry’s First Solution to Intelligently Unify and Manage Information Stored in Other Systems without Requiring Migration (The Daily Telescope) M-Files 2018 introduces a new approach we call ‘intelligent information management’ that has driven analysts, industry experts and all types of organizations to completely re-think their traditiona…

M-Files 2018 ou la gestion de l'information nouvelle génération (ITR) M-Files Corporation lance sa nouvelle solution de gestion intelligente de l'information baptisée tout simplement M-Files 2018. Elle offre une interface simple et unifiée permettant aux utilisateurs d’accéder rapidement à leurs documents, quel que soit le système où ils sont stockés.

Blue Cedar Introduces Enforce, a Cloud-Native Solution for In-App Mobile Policy Enforcement (BusinessWire) Blue Cedar Enforce, which launches on the Microsoft Azure Cloud, provides users greater modularity and the nimbleness of cloud-native architecture

Leidos Partners with Nozomi Networks for Passive Monitoring of Cyber Threats to Industrial Control Systems (Nozomi) Integration offers new, passive monitoring for threat detection and enhanced asset discovery capabilities

Passage.AI Partners With Edgewood Networks to Expand Into Key Vertical Markets and Grow Global Footprint (PRNewswire) Passage.AI, a pioneer in AI/NLP-enabled conversational...

Juniper Security Platform Adds Automation, One-Touch Mitigation (SDxCentral) Juniper Networks security platform now automates policy management and includes one-touch mitigation to respond to threats.

CRN Exclusive: Fortinet Tightens IoT Security Focus With New OT Security Solution For Partners (CRN) The new solution will help industrial organizations deliver segmentation, access control and malware protection across their operational technology.

Polaris Alpha, Imprimis, Inc. Partner for Cyber Risk Management and Compliance (PRWeb) With this partnership, the team of Polaris Alpha and Imprimis, Inc. can support a full range of contractors or other organizations from small to very large.

Balabit Launches Integrated ‘Out of the Box’ PAM Solution for Monitoring Privileged User Sessions (BusinessWire) Balabit, today announced the launch of its new Privileged Access Management (PAM) solution.

AWS security services expand, but still room for improvement (SearchAWS) AWS security services continue to expand, but they won't supplant third-party tools or build-your-own compliance software for some large enterprises.

Lastline Announces Threat Intelligence Team Delivering Timely Analysis of New Attacks and In-Depth Reports on Malware-Based Threats (BusinessWire) Lastline Inc., the leader in advanced network-based malware protection, today announced the creation of the Lastline Threat Intelligence Team comprise

Karamba Security Launches End-to-End Automotive Authentication with Zero Network Overhead (Business Insider) Karamba Security, the world leader in automotive cyberattack prevention, today announced SafeCAN, its new security software that seamlessly protects automotive networks from hacking by authenticating in-vehicle communications with zero network overhead.

Technologies, Techniques, and Standards

5 top machine learning use cases for security (CSO Online) Machine learning will make sense of the security threats your organization faces and help your staff focus on more valuable, strategic tasks. It could also be the answer to the next WannaCry.

Coinbase: don’t expect to trade your cryptocurrency at busy times (Naked Security) It’s OK to be excited about Bitcoin and other digital currencies, according to Brian Armstrong, CEO of digital currency exchange Coinbase… just maybe not that excited.

Prevent attacks with these security testing techniques (SearchSecurity) A single software error can leave enterprises open to attack. Learn how to identify vulnerabilities with these security testing techniques.

Don't let the Grinch steal your data: 13 tips to help you avoid a hacked holiday (TechRepublic) Whether you're shopping online or just received a new tech toy, here are some ways to protect your information from cybersecurity threats this holiday season.

Design and Innovation

Asimov's Laws For Artificial Intelligence (Forbes) A week and a half ago I was in Berlin for the hub conference. I had the opportunity to speak on a panel about cybersecurity (no surprise there) and shared my views on how countries and corporate entities can work together.

Research and Development

US researchers develop tool to detect website data breaches (Computing) Tens of millions of websites are compromised every year

Psychologists Want in on Social Media's Big Data Trove (WIRED) A Princeton sociologist wants to use your digital data to solve some of the hardest research problems in social science.

Legislation, Policy, and Regulation

FCA Forces UK Banks to Come Clean on Security Incidents (Infosecurity Magazine) FCA Forces UK Banks to Come Clean on Security Incidents. New rules come ahead of PSD2

Trump signs law banning use of Kaspersky products within US government (Computing) Trump signs law banning Kaspersky products from US government agencies

Kaspersky dragged into US govt's trashcan as weaponized blockchain agile devops mulled (Register) Trump signs defense law with No Eugenes clause, Kaspersky weighs options

A Republican lawmaker urges FCC to delay net neutrality repeal vote (Ars Technica) FCC should wait for Congress to create net neutrality law, Republican says.

How Reddit and others “broke the Internet” to support net neutrality today (Ars Technica) Gallery: Major websites join last-ditch effort to save net neutrality rules.

Opinion: Net neutrality safeguards democracy, the economy and national security (Mercury News) It’s wrong to view equal access to the Internet as just a business decision

Army's first directly-commissioned cyber officers could be on duty by next May ( The Army is beginning its first experiment in fast-tracking the officer accession pipeline for civilians with cyber skills, but only five officers per year.

Litigation, Investigation, and Law Enforcement

A Russian hacker admitted to stealing Clinton's emails and hacking the DNC under Putin's orders (Newsweek) Konstantin Kozlovsky says Russia's Federal Security Service told him to hack Clinton's emails.

«Я был завербован»: хакер из Екатеринбурга взял на себя ответственность за взломы в США (The Bell) Один из обвиняемых по делу хакерской группы Lurk утверждает, что это он по заказу ФСБ атаковал Демпартию США.

Mirai IoT Botnet Co-Authors Plead Guilty (KrebsOnSecurity) The U.S. Justice Department on Tuesday unsealed the guilty pleas of two men first identified in January 2017 by KrebsOnSecurity as the likely co-authors of Mirai, a malware strain that remotely enslaves so-called “Internet of Things” devices such as security cameras, routers, and digital video recorders for use in large scale attacks designed to knock Web sites and entire networks offline (including multiple major attacks against this site).

EU proposes to streamline databases across bloc to reduce terror attacks (Deutsche Welle) The proposed service would allow border guards and police to simultaneously search multiple systems across the EU to verify identity documents. EU officials hope part of the system will become operational next year.

US bomb suspect warned Trump on Facebook (BBC News) Akayed Ullah, 27, faces a series of terror charges over Monday's bus terminal attack in New York.

Taiwan's Far Eastern International fined T$8 million over SWIFT hackin (Reuters) Taiwan's financial regulator said on Tuesday it had fined Far Eastern International Bank T$8 million ($266,524) due to deficiencies related to its SWIFT system

The Contractor that Hired Russian Coders for a Pentagon Project Has Struck a Deal with Prosecutors (Defense One) The deal ends a criminal investigation and imposes restrictions and audits on Netcracker Technology.

Australian airport hack was “a near miss” says government’s cybersecurity expert (Hot for Security) A 31-year-old Vietnamese man has been jailed for a hacking attack that compromised the computer network of Perth International Airport, and reportedly resulted in the theft of building plans and sensitive security protocols.

Supreme Court Searches for Fourth Amendment Line for the Digital Economy (Ropes & Gray) On November 29, 2017, the Supreme Court heard oral argument in Carpenter v. United States. The Court’s decision could have critical implications for companies operating in the digital economy and their ability to limit government access to data about consumers, particularly so-called non-content data.

Updated Guide to Posted Documents Regarding Use of National Security Authorities (IC on the Record) On September 19, 2017, we posted a guide with links to certain officially released documents related to the use by the Intelligence Community (IC) of national security authorities.

4 Applied Materials executives fleece company and get indicted (CSO Online) U.S. Attorney for Northern California indicted four former executives for stealing intellectual property and trade secrets from Applied Materials.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Third Annual Cyber Investing Summit (New York, New York, USA, May 15, 2018) Renowned cyber security executive David DeWalt will deliver the keynote address at the Third Annual Cyber Investing Summit. The Cyber Investing Summit is a unique all-day conference focused on the financial...

Upcoming Events

Automotive ISAC Fall 2017 Summit (Derborn, MIchigan, USA, December 13 - 14, 2017) This year’s theme is “Start your engines” and is about how to build relationships and learn about a variety of timely and topical subjects in the world of automotive cybersecurity. The summit will focus...

International Conference on Cyber Security: Forging Global Alliances for Cyber Resilience (New York, New York, USA, January 8 - 11, 2018) The Federal Bureau of Investigation and Fordham University will host the Seventh International Conference on Cyber Security (ICCS 2018) on January 8-11, 2018, in New York City. ICCS is held every eighteen...

2018 Leadership Conference (Arlington, Virginia, USA, January 17 - 19, 2018) We invite you to join us for this unique opportunity to share information, participate in leadership training, collaborate on solutions to common problems, and network with peers from around the globe.

Connected Medical Device & IOT Security Summit (Baltimore, Maryland, USA, January 25 - 26, 2018) The Summit will offer practical solutions to many of the daunting security challenges facing medical device and connected health technology companies, healthcare providers, payers and patients. The program...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.