skip navigation

More signal. Less noise.

How are companies actually using machine learning for threat intelligence?

Artificial intelligence, and in particular machine learning, has seen huge strides in recent years and is now impacting all aspects of society and business. Learn the four ways machine learning is powering smarter threat intelligence with Recorded Future's latest white paper. Download your copy now.

Daily briefing.

FireEye reports a significant attack on an unnamed industrial plant (Reuters, quoting Dragos, calls it a "watershed" event). The attacker hit Triconex industrial safety technology supplied by Schneider, a system widely used in the energy sector, including oil and gas, and nuclear power generation. Dragos says the affected plant was in the Middle East; CyberX says it's in Saudi Arabia.

FireEye suggests there's evidence the attackers were working on behalf of a nation-state. It thinks the attack may have been reconnaissance gone awry. The hackers appear to have inadvertently tripped safety systems into fail-safe mode, thereby shutting down plant operations. It's good the systems failed safe as opposed to failing deadly, but the possible implications of the reconnaissance are disturbing, since it seems to have been aimed at learning how to disenable safety systems during an attack.

TVs are found vulnerable. First, TripWire researchers have determined that many Android set-top boxes run old and insecure versions of Android, opening them to exploitation. Second, Trend Micro has disclosed that the Linksys WVBR0-25, the wireless video bridge DirecTV's parent AT&T provides customers, is susceptible to remote code execution. Trend Micro disclosed the issue to Linksys six months ago. They're going public with it because, they say, Linksys has both failed to fix the problem and ceased talking with the researchers who found it.

Anonymous, unhappy with the US decision to move its embassy in Israel to Jerusalem, has called for worldwide unremitting attacks on Israeli and US government sites. (Nothing so far.)


Today's issue includes events affecting France, Germany, Iran, Israel, Republic of Korea, NATO/OTAN, Russia, Saudi Arabia, United States, United Kingdom.

A note to our readers, and especially to our Patrons: Patreon has decided not to roll out the increased fees they'd announced recently for their service. We're happy to say Patrons will no longer be charged a large processing fee for their pledges. And we'd like to take this opportunity to again thank all of you who've signed up as Patrons. You help us keep the CyberWire up and running.

When 95% of breaches are human error, why is it on the last line of our security budget?

Probably because until now, you haven’t found a solution that works. NINJIO produces 3-4-minute-long animated Episodes that teach your end-users how not to get hacked. This is done through Hollywood story telling. A new Episode is produced every 30 days on the most current breaches. Your end-users emotionally connect with the first scene of every Episode, so they’re engaged throughout the Episode. NINJIO tells stories, not lectures and has a 98.5% renewal rate. NINJIO works. See a free in person demo.

In today's podcast we hear from our partners at CenturyLink, as  Dale Drew casts a skeptical eye on measuring security against standards and certs. Our guest is Torsten Mayer from FICO, who describes how artificial intelligence can be used to help protect not-for-profits online.

Earn a master’s degree in cybersecurity from SANS (Online, December 21, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Thursday, December 21st, at 12:00pm noon ET. For complete information on master’s degree and graduate certificate programs, visit

Cyber Attacks, Threats, and Vulnerabilities

Hackers halt plant operations in watershed cyber attack (Reuters) Hackers likely working for a nation-state recently invaded the safety system of a critical infrastructure facility in a watershed attack that halted plant operations, according to cyber investigators and the firm whose software was targeted.

#OpIsrael: Anonymous hackers threaten to hack US and Israeli websites after Trump's Jerusalem move (International Business Times UK) Security experts expect Anonymous' onslaught to continue throughout December, as US begins the move to relocate its embassy to Jerusalem.

“Suspicious” event routes traffic for big-name sites through Russia (Ars Technica) Google, Facebook, Apple, and Microsoft all affected by “intentional” BGP mishap.

Bitcoin hacks rocket as 4th biggest breach investigation begins (High-Tech Bridge) Hackers have field day as BTC prices spike, recent attack grabs 4th biggest slot...

Bitfinex restored after DDoS attack (ComputerWeekly) Bitcoin exchange Bitfinex says its systems have been restored after the company was hit by a second denial of service attack in just over a week.

Bitcoin fever exposes crypto-market frailties (Reuters) As bitcoin raced to another record high on Tuesday, one of the biggest providers of digital currency wallets, Coinbase, went down under the weight of traffic, leaving many of its more than 10 million customers unable to access their funds.

Slow browsing? Hackers could be mining bitcoin (The Straits Times) If you feel your Internet connection has been slower in the past few months, do not blame your service provider just yet - you may be a victim of a new form of malware...

1.4 Billion User Credentials in Database on Dark Web (Cylance) A cybersecurity firm that researches the Dark Web said they recently discovered that one interactive and easily searchable database of about 1.4 billion user credentials is being distributed. With a number that big, it’s quite possible that one or more of those sets of credentials belong to you.

WatchGuard Uncovers Surge in Script-based Attacks Amid Spike in Overall Malware Volume (RealWire) Quarterly Internet Security Report shows unrelenting growth of new attack techniques and malware 13 December 2017 – WatchGuard’s latest quarterly Internet Security Report, which explores the computer and network security threats affecting small to midsize businesses (SMBs) and distributed enterprises, has revealed massive increases in scripting attacks and overall malware attempts against midsize companies throughout Q3 2017

5 ransomware as a service (RaaS) kits – SophosLabs investigates (Naked Security) A look at five RaaS kits and how each is marketed and priced

ESET: A breakdown of 2017’s ransomware epidemic - and what to expect next (Security Brief) ​Given the digital plague around the world in 2017, it would be unseemly not to give ransomware its own dedicated piece.

BlackEnergy: Exploring the darkness (Computer Business Review) Over the last 10 years, the BlackEnergy malware family has grown to include three variants that has been used to target the energy and industrial sectors.

Quant Loader Is Now Bundled with Other Crappy Malware (BleepingComputer) Despite not being the most advanced or stealthy malware downloader on the market right now, the Quant Loader malware dropper is seeing increased activity in recent months.

Minerva Labs Releases Evasive Malware 2017 Year in Review (PRNewswire) Minerva Labs, a leading provider of anti-evasion technology for...

Phishing Attacks on Retail Industry Ramp Up as the Holiday Shopping Season Approaches (Netskope) The end-of-year holidays are a lucrative time for phishing attackers and spammers as they try to leverage the festive season to victimize online consumers. This season also puts pressure on the retail industry to build up their inventory to meet the seasonal demand. Netskope Threat Research Labs has been tracking multiple campaigns where phishing emails...

Last Christmas, I Gave You… An Insecure Connected Device (The State of Security) Earlier this year, VERT purchased and tested 10 different Android-based TV set top boxes. Here is what they found out!

Most Android-Based TV Set-Top Boxes Run Old and Insecure OS Versions (BleepingComputer) Android-based TV set-top boxes sold online are most likely running outdated operating systems that have not received security updates for at least a year, according to research published today by US cyber-security firm Tripwire.

FREE zero-day for every reader: AT&T's DirecTV kit has a root hole – and no one wants to patch it (Register) echo "Bot herders will love"; cat /etc/passwd #

Researchers find zero-day exploit discovered on DirecTV hardware (Cyberscoop) Researchers publicly disclosed a zero-day exploit in a piece of television hardware on Wednesday after trying to get the device maker to fix the flaw over the past few months. The device, Linksys WVBR0-25, is a wireless video bridge that DirecTV parent company AT&T gives to new customers for the satellite television service.

Gifts That Snoop? The Internet of Things Is Wrapped in Privacy Concerns (Consumer Reports) Experts warn that before people buy and set up internet of things devices, such as smart toys, they should learn about the potential privacy and security risks, and how to stay safe.

Netflix sparks privacy row after making fun of users of Twitter (Naked Security) “To the 53 people who’ve watched A Christmas Prince every day for the past 18 days: Who hurt you?”

People Who Saw 'Christmas Prince' 18 Days In A Row Craft A Statement (The Federalist) Watching a good, clean holiday romance like 'Christmas Prince' every single day of the Christmas season is just good, clean fun.

Security Patches, Mitigations, and Software Updates

Apple plugs IoT HomeKit hole (Naked Security) Apple just can’t seem to get away from the theme of security flaws right now.

Intel to slap hardware lock on Management Engine code to thwart downgrade attacks (Register) From version 12 onward, ME-equipped chips will defend against patch rollbacks

Verizon Galaxy S7 and S7 Edge Pick-Up December Security Patch (Droid Life) Just when it seemed as if Samsung was fully slipping on keeping its phones up-to-date, they team up with Verizon to push the December security patch to the Galaxy S7 and Galaxy S7 Edge. I say that not only because of the slow update rollout to their unlocked Galaxy S8 phones, but because their monthly …

Cyber Trends

Netsparker Cybersecurity Survey: 80 Percent of Americans at Risk (BusinessWire) Netsparker Ltd., a leading player in the web applications security industry, has today released the results of its 2017 Cybersecurity Survey. The surv

Why quantum computing is a board level security risk (CSO Online) The quantum threat is a board-level issue. Boards need to begin considering the quantum threat within their cybersecurity strategy and planning for it now.

cybersecurity Aviation – Are We there yet? ( Civil aviation is prone to cyber threats, yet despite efforts, little has been done to advanced common cybersecurity aviation standards

Reliability, security and QoS are critical when evaluating networking solutions providers (Help Net Security) Reliability, security and quality of service all rank above cost when evaluating networking solutions providers, according to Spiceworks.

Cyber attack surface grows immensely, raises security concerns (CSO Online) We're seeing a massive expansion of internet-connected people, places and things — and securing all of them is a problem.

IoT data exchange: Building trust and value (Help Net Security) Cisco's IoT Value/Trust Paradox report looks at building trust and value in the data exchange between people, things and providers.


Cyber Insurance - Is it Enough? (SentinelOne) Cyber Insurance - Is it Enough? - SentinelOne

Gemalto rejects €4.3bn takeover bid from Atos (Computing) Smartcard specialist Gemalto gives the thumbs down to Atos' acquisition proposal

ShieldX Secures $25 Million ( Security startup ShieldX closed $25 million in Series B financing. FireEye, Symantec, Bain Capital Ventures, Aspect Ventures, and Dimension Data participat

Intertek Acquisition of Acumen Broadens Cyber Security Offering (BusinessWire) Intertek has acquired Acumen Security, which will complement and enhance Intertek’s cyber security and IoT solutions.

Deutsche Boerse weighs offering bitcoin future (Reuters) German stock exchange operator Deutsche Boerse is considering the launch of a bitcoin future on its Eurex derivative exchange, a spokesman said on Wednesday.

Germany monitoring bitcoin market impact: FinMin (Reuters) Germany is carefully monitoring the impact of cryptocurrencies on markets, a finance ministry spokesman said on Wednesday, as bitcoin surged and the futures of the best known cryptocurrency made their world debut on a U.S. stock exchange.

Here's What You Should Know About Bitcoin's Third Largest Market: South Korea (Fortune) As investors begin looking to altcoins

Gemalto research reveals hardware technology companies see 11% increase in earnings following shift to software-based revenue models (GlobeNewswire News Room) Gemalto research reveals hardware technology companies see 11% increase in earnings following shift to software-based revenue models

By 2020, artificial intelligence will create more jobs than it eliminates (Help Net Security) Will artificial intelligence create jobs in the near future? Gartner analysts believe AI will become a positive job motivator.

Better Buy: FireEye vs. Symantec (The Motley Fool) There is a clear winner in the showdown between these two cybersecurity specialists.

Is IBM a Buy? (The Motley Fool) Value-oriented investors looking for large dividends may want to give Big Blue a closer look.

A Bullish Sell-Side Welcome For SailPoint (NYSE:SAIL) After November IPO (Benzinga) Identity management software provider Sailpoint Technologies Holdings Inc (NYSE: SAIL)'s IPO quiet period expired Tuesday, and the sell side initiated coverage of the stock...

Partners: U.S. Government Ban Will Deliver Huge Blow To Kaspersky Lab (CRN) "For the longest time, I stood by Kaspersky and supported them. To this date, I think it is a good product," said one Kaspersky Lab partner. "But I don't know what more they can do."

Lockheed Martin Secures $77.7-Million Cyber Security Contract ( Lockheed Martin Corp . ( LMT ) recently secured a contract for providing cyber security support services to sustain the analysis, design, development, test, integration, deployment and operation of information technology systems and services for the cyber security workforce.

Threat Sketch Awarded DHS Contract (PRNewswire) Threat Sketch was recently awarded one of 10 contracts given in...

NetCentrics awarded DISA Encore III Contract Vehicle (Business Insider) NetCentrics Corporation, a leading provider of infrastructure, cloud, mission applications and cybersecurity for the U.S. government, has won a position on the Defense Information Systems Agency (DISA) Encore III contract vehicle for IT services across the Department of Defense (DoD). NetCentrics is one of 20 companies awarded the indefinite-delivery/indefinite-quantity (IDIQ) contract worth $17.5 billion over 10-years.

IntSights Cyber Intelligence Continues Rapid Growth With Launch of International Office, Appointment of Three VPs (PRNewswire) IntSights Cyber Intelligence, a leading provider of surface, deep and...

Products, Services, and Solutions

Kenna Security and ReversingLabs Partner to Identify and Prevent Malware Threats (The Daily Telescope) “We are excited to partner with ReversingLabs. Malware is an important and dangerous attack vector that threatens all of our customers,” said Ed Bellis, co-founder and CTO at Kenna Security. “Rever…

CyberX Adds Secure Remote Access Integration for Critical Industrial Networks (GlobeNewswire News Room) New privileged account security integration reduces risk of unauthorized access to control networks

Leidos Partners with Claroty for Passive Monitoring of Cyber Threats to Industrial Control Systems Networks (GlobeNewswire News Room) Claroty’s Passive, Continuous Threat Monitoring, Detection and Response, and Secure Remote Access Solutions Now Available to Leidos Customers around the Globe  Earns PCI Level 1 Certification, Confirming Highest Level of Commitment to Enterprise Security (GlobeNewswire News Room) Increases Enterprise Appeal with Highest Possible Level of PCI Compliance

InfoArmor PrivacyArmor Identity Protection and Restoration Adopted by Baird Corp. as an Employer-Sponsored Benefit (GlobeNewswire News Room) Baird Joins Leading and Forward-Looking Employers In Offering “Best-In-Class” Employee Benefit, Proactively Protecting Employees in Wake of Recent 3rd Party Mega-Breaches

Decentralised Grocery Market Partnership to Protect User Identities (Chain Finance) INS, a decentralized ecosystem for the grocery market, has announced a partnership with identity management service Civic, to securely verify user identities on the INS platform. Aiming to disrupt the

ForeScout Integrates with IBM Security Solutions to Fortify Endpoint Defenses and Enforce Compliance ( Technology integration allows organizations to improve endpoint security hygiene and reduce attack surface

NSS Labs Announces Industry’s First Breach Prevention System Group Test Results (GlobeNewswire News Room) Four products Receive Recommended rating; One Receives Caution Rating

Masergy Integrates Managed Cloud Workload Protection Into MDR Platform (GlobeNewswire News Room) Enables scalable and secure enterprise cloud services

CyFlare and Phantom Ink Partnership Agreement to Bring Security Automation & Orchestration to Partners & Clients of All Sizes (AB Newswire) CyFlare has announced a strategic partnership with Phantom a leading Security Automation & Orchestration platform in which CyFlare will bring it’s partners new capabilities of completely automating security event response within their customers.

How Microsoft uses secure enclaves to improve cloud security (SearchCloudSecurity) Microsoft's use of secure enclaves in the Azure confidential computing update is meant to bolster cloud storage security for enterprises, but does it?

enSilo Helps Security Community Detect Far-reaching (Business Insider) enSilo, the company that provides unified endpoint security with NGAV and automated EDR for real-time pre- and post-infection protection, today announced a free audit that will help enterprises determine whether their deployed security products can defeat "Process Doppelgänging" evasions taking advantage of Microsoft Windows features to slip malicious ransomware and other threats past updated, market-leading AV and NGAV security products.

Avast makes 'RetDec' machine-code decompiler open source on GitHub (BetaNews) Open source is the future of computing. Don't believe me? Three of the most important technology companies -- Microsoft, Apple, and Google -- not only license open source software, but they contribute to open source projects too. While closed source will likely never go away, it is becoming less important.

Balabit launches new privileged access management solution (BiometricUpdate) Balabit has announced the launch of its new Privileged Access Management (PAM) solution, which integrates its Privileged Session Management (PSM) technology and its Privileged Account Analytics (PA…

Gemalto launches new platform to connect Mastercard, Visa tokenisation services (Cards International) Dutch digital security company Gemalto has launched Trusted Service Hub (TSH), a new cloud-based solution designed to connect issuers to the tokenisation services of Mastercard …

Technologies, Techniques, and Standards

Is Tor Browser Safe, Signal App Private? Snowden Says FBI Should Use Them (International Business Times) Edward Snowden recommended using the Tor Browser and Signal app to keep online activity private. How safe are those tools?

FedRAMP Does Not Guarantee Data Security (SIGNAL Magazine) FedRAMP only means the provider has been vetted and has the capability to protect the data as mandated.

3 lessons agencies can learn from OPM’s cyber challenges (Fifth Domain) The OPM OIG report could easily be applied to many agencies and is a piercing commentary on the state of cybersecurity in many federal agencies today.

How can a local file inclusion attack be stopped? (SearchSecurity) A local file inclusion attack targeted IBM X-Force customers. Here's a look at how the attack works and what enterprises can do to stop it from happening again.

Army Reorganizes, Accelerates EW: Synergy Or Hostile Takeover? (Breaking Defense) Outgunned in the airwaves by Russian jammers, the US Army has a new plan for electronic warfare.

5 Tips to keep your Christmas gadgets safe and merry all year long. (Prey Software) Christmas brings a lot more than eggnog! It's the right time to upgrade your phones and laptops, so here are five steps you can take to secure them on day one.

Design and Innovation

How Machine Learning Can Help Identify Cyber Vulnerabilities (Harvard Business Review) Putting the burden on employees isn’t the answer.

Legislation, Policy, and Regulation

In its biggest shift in decades, NATO may target Russia with cyber weapons (Newsweek) With the establishment of a new Cyber Operations Center, NATO has launched a new, historic campaign of electronic warfare.

NATO made one of its biggest policy shift in decades to send a message to Russia (Business Insider) NATO will begin using cyberweapons in its military operations, a notable shift in its policy, which has traditionally only used such weapons defensively.

FRANCE : President Macron sets about rethinking French cyber-strategy (Intelligence Online) The Elysee Palace has sounded out the French intelligence services on a new cyberwarfare doctrine that is about to see the light of day.

US passes legislation to create Cybersecurity Security Agency (SC Media UK) The U.S. House of Representatives on Monday unanimously passed a legislation that would redesignate part of Homeland Security.

Trump signs bill to modernize government IT and cybersecurity (TechRepublic) But, the president said the bill could hold his communications 'hostage.'

Here's what the newly signed NDAA means for cybersecurity - Cyberscoop (Cyberscoop) President Donald Trump signed the $700 billion National Defense Authorization Act (NDAA) on Tuesday, a law that sets policies and budget guidelines for the U.S. military for fiscal 2018, including its various cybersecurity-focused initiatives.

Senator presses White House to improve election cyber protections (FCW) Sen. Ron Wyden (D-Ore.) asked White House National Security Advisor H.R. McMaster to name an election security czar, grade states on their election infrastructure and designate political campaigns as critical infrastructure.

U.S. government's embattled email surveillance program proves resilient (Los Angeles Times) Congress is out of time to "fix" the massive surveillance program that Edward Snowden exposed. Demands that intelligence agencies scale back warrantless scraping of email have been intense across party lines. Yet lawmakers can't agree on program changes.

Security clearance investigations fall behind despite reforms (Federal Times) Executive agencies are getting worse at processing background investigations in a timely manner, despite reform efforts, according to a recent Government Accountability Office report.

Net neutrality keeps the web from running like an airport security line (Houston Chronicle) Let's talk about the end of net neutrality in terms of a hellscape everyone knows: airport security lines.

Litigation, Investigation, and Law Enforcement

Men plead guilty to creating botnet used to crash the web (Fifth Domain) Three men pleaded guilty to creating a botnet known as Mirai that was used to paralyze chunks of the internet in 2016.

Two men 'fingered' by Brian Krebs over Mirai malware and IoT botnet plead guilty in US court (Computing) Paras Jha and Josiah White also pleaded guilty to running an internet advertising click-fraud scheme

Three plead guilty to causing massive US cyber attack (Financial Times) Three men on Wednesday pleaded guilty to causing a massive cyber attack that harnessed the power of ‘internet of things’ devices to bring down websites including Twitter, Spotify and the New York Times.

Rutgers Student Admits School Cyber Attack, Unprecedented Worldwide Breach (Englewood Daily Voice) A Rutgers University computer science student pleaded guilty in federal court Wednesday to launching a cyber attack on the school's computer network, following his admission last week that he participated in one of the Internet's biggest...

Security firm threatened with legal action for report highlighting adware (Computing) Cybereason and its lead researcher Amit Serper targeted with legal threats by group behind OSX.Pirrit adware

Adware Maker Tries to Intimidate Security Firm with Cease and Desist Letters (BleepingComputer) Cyber-security firm Cybereason says it received multiple cease and desist letters from an Israeli company they suspect of being behind the OSX/Pirrit adware strain.

Half of companies fail to tell customers about data breaches, claims study (Computing) Come the GDPR, failing to inform the authorities and customers of data breaches will be illegal - and subject to massive fines

Massive Uber data scraping and secret servers exposed in Waymo suit (Naked Security) It’s old news that Uber has legal troubles on its plate – but the plot has thickened considerably in recent weeks.

Court document points to Kaspersky Lab’s cooperation with Russian security service (Washington Post) An FSB officer worked inside the offices of the cybersecurity firm to bring down criminal.

Russian hacker Konstantin Kozlovsky says spymasters told him to raid Clinton emails (Times) A Russian hacker has told a court in Moscow that he was ordered by Kremlin spymasters to steal emails linked to Hillary Clinton. Konstantin Kozlovsky is on trial accused of being part of Lurk, a...

Rosenstein defends Mueller, sees no cause for firing (Maryland Daily Record) Deputy Attorney General Rod Rosenstein, facing congressional questions about anti-Donald Trump text messages exchanged between two FBI officials assigned to the Russia probe, defended …

Opinion | Mueller needs to make a change (Washington Post) To avoid even the appearance of bias, the special counsel should remove the lawyer who praised Sally Yates from his team.

Fusion GPS Paid Top DOJ Official's Wife To Dig Up Dirt On Trump (The Federalist) The research firm that put together a dossier filled with unsubstantiated claims about Donald Trump hired a top DOJ official's wife to dig up dirt on Trump. 

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

NJEdgeCon2018 (Whippany, New Jersey, USA, January 11 - 12, 2017) Featuring internationally-recognized digital economy leader, Amber Mac, as our Keynote Speaker Thursday evening, please join us for a two-day conference to participate in discussions and demonstrations...

Upcoming Events

International Conference on Cyber Security: Forging Global Alliances for Cyber Resilience (New York, New York, USA, January 8 - 11, 2018) The Federal Bureau of Investigation and Fordham University will host the Seventh International Conference on Cyber Security (ICCS 2018) on January 8-11, 2018, in New York City. ICCS is held every eighteen...

2018 Leadership Conference (Arlington, Virginia, USA, January 17 - 19, 2018) We invite you to join us for this unique opportunity to share information, participate in leadership training, collaborate on solutions to common problems, and network with peers from around the globe.

Connected Medical Device & IOT Security Summit (Baltimore, Maryland, USA, January 25 - 26, 2018) The Summit will offer practical solutions to many of the daunting security challenges facing medical device and connected health technology companies, healthcare providers, payers and patients. The program...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.