Russia's been facing a wave of what the Moscow Times is calling "telephone terrorism cyberattacks." They're essentially bomb threats; Russian authorities say they've caused two-million people to be evacuated since September, and that the threats originate in Syria.
Facebook finds three more Russian-purchased ads related to information operations surrounding the Brexit vote.
A Russian defendant in a Russian court (it's the trial of members of the "Lurk" hacking crew) is said to have claimed President Putin ordered him to hack the US Democratic National Committee. But both the court and the news source are Russian, and this particular informational matryoshka should be viewed with appropriate skepticism until more is known.
DDoS attacks against Bitfinex are impeding Bitcoin trading. Ethereum trading exchange CoinBase may also be under attack (or it may just be clogged by traders). Speculators drive surging Bitcoin rivals Litecoin and Ether to new highs.
An interesting development in the Mirai case: as has long been believed, it was the work of a couple of guys in Pennsylvania and New Jersey. Both pleaded guilty to writing and using the DDoS code this week.
The Far Eastern International Bank has been fined by Taiwan regulators for deficiencies that permitted its SWIFT system to be hacked in October.
Yesterday was Patch Tuesday. Flash issued its traditional monthly fix for Flash Player. Microsoft pushed out a number of fixes—20 "critical," 12 "important"—which observers are calling a relatively light update. SAP also patched, with their newly-assumed ability to issue CVE numbers.
When 95% of breaches are human error, why is it on the last line of our security budget?
Probably because until now, you haven’t found a solution that works. NINJIO produces 3-4-minute-long animated Episodes that teach your end-users how not to get hacked. This is done through Hollywood story telling. A new Episode is produced every 30 days on the most current breaches. Your end-users emotionally connect with the first scene of every Episode, so they’re engaged throughout the Episode. NINJIO tells stories, not lectures and has a 98.5% renewal rate. NINJIO works. See a free in person demo.
ON THE PODCAST
In today's podcast we hear from our partners at Dragos as Robert M. Lee talks about the security of the water supply. Our guest is Evan Dornbush from Point3 Security, who discusses the disconnect between employers and educational institutions.
Earn a master’s degree in cybersecurity from SANS(Online, December 21, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Thursday, December 21st, at 12:00pm noon ET. For complete information on master’s degree and graduate certificate programs, visit www.sans.edu.
Millions Impacted by Credential-Stealers in Google Play(Security Week) During October and November 2017, Kaspersky Lab researchers discovered 85 applications in Google Play that were designed to steal credentials for Russian social network VK.com. One of the malicious applications had more than a million downloads.
Patch Tuesday, December 2017 Edition(KrebsOnSecurity) The final Patch Tuesday of the year is upon us, with Adobe and Microsoft each issuing security updates for their software once again. Redmond fixed problems with various flavors of Windows, Microsoft Edge, Office, Exchange and its Malware Protection Engine. And of course Adobe’s got another security update available for its Flash Player software.
SAP Becomes CVE Numbering Authority(Security Week) Released this week with fixes for 11 vulnerabilities, SAP’s Security Patch Day for December 2017 marks a change in the history of SAP patches: it also includes CVE numbers in the titles of the security notes.
Email is the biggest source of data breaches(Modern Healthcare) Email has been the biggest source of data breaches this year, with 73 breaches between Jan. 1 and the end of November reported to HHS, affecting 573,698 people.
Inspecting Barracuda's Private Buyout(Seeking Alpha) Barracuda's tepid growth is justifying the looming buyout. Its product portfolio can generate more value in the absence of market irrationality. I think there i
China week in cyberland: US companies ‘kiss the ring’(AEI) Transfixed by sex scandals, tax legislation, and the president’s Jerusalem gambit, Washington observers may have missed or passed over a truly signal week for Beijing’s emergence as a leader in the global digital world.
M-Files 2018 ou la gestion de l'information nouvelle génération(ITR) M-Files Corporation lance sa nouvelle solution de gestion intelligente de l'information baptisée tout simplement M-Files 2018. Elle offre une interface simple et unifiée permettant aux utilisateurs d’accéder rapidement à leurs documents, quel que soit le système où ils sont stockés.
5 top machine learning use cases for security(CSO Online) Machine learning will make sense of the security threats your organization faces and help your staff focus on more valuable, strategic tasks. It could also be the answer to the next WannaCry.
Asimov's Laws For Artificial Intelligence(Forbes) A week and a half ago I was in Berlin for the hub conference. I had the opportunity to speak on a panel about cybersecurity (no surprise there) and shared my views on how countries and corporate entities can work together.
Mirai IoT Botnet Co-Authors Plead Guilty(KrebsOnSecurity) The U.S. Justice Department on Tuesday unsealed the guilty pleas of two men first identified in January 2017 by KrebsOnSecurity as the likely co-authors of Mirai, a malware strain that remotely enslaves so-called “Internet of Things” devices such as security cameras, routers, and digital video recorders for use in large scale attacks designed to knock Web sites and entire networks offline (including multiple major attacks against this site).
Supreme Court Searches for Fourth Amendment Line for the Digital Economy(Ropes & Gray) On November 29, 2017, the Supreme Court heard oral argument in Carpenter v. United States. The Court’s decision could have critical implications for companies operating in the digital economy and their ability to limit government access to data about consumers, particularly so-called non-content data.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Third Annual Cyber Investing Summit(New York, New York, USA, May 15, 2018) Renowned cyber security executive David DeWalt will deliver the keynote address at the Third Annual Cyber Investing Summit. The Cyber Investing Summit is a unique all-day conference focused on the financial...
Automotive ISAC Fall 2017 Summit(Derborn, MIchigan, USA, December 13 - 14, 2017) This year’s theme is “Start your engines” and is about how to build relationships and learn about a variety of timely and topical subjects in the world of automotive cybersecurity. The summit will focus...
2018 Leadership Conference(Arlington, Virginia, USA, January 17 - 19, 2018) We invite you to join us for this unique opportunity to share information, participate in leadership training, collaborate on solutions to common problems, and network with peers from around the globe.
Connected Medical Device & IOT Security Summit(Baltimore, Maryland, USA, January 25 - 26, 2018) The Summit will offer practical solutions to many of the daunting security challenges facing medical device and connected health technology companies, healthcare providers, payers and patients. The program...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.