skip navigation

More signal. Less noise.

Looking for an introduction to AI for security professionals?

Your wait is over. A new book is out from the Cylance data science team, covering artificial intelligence and machine learning techniques in practical situations to improve the security professional’s ability to thrive in a data driven world. Whether you are reviewing logs or analyzing malware, being able to derive meaningful results and improve productivity is key. Order your free copy today.

Daily briefing.

The US has publicly blamed North Korea for WannaCry, with White House Homeland Security Advisor Tom Bossert saying that "the attack was widespread and cost billions, and North Korea is directly responsible." The dots are being connected through the activities of the Lazarus Group. The US isn't alone; indeed, it's late to the party, as the UK and others have made this attribution as early as June. The British Foreign Office joined, again, in fingering Pyongyang for WannaCry. The strategy here seems to be to shame North Korea and stiffen international consensus against what Washington sees as an increasingly dangerous rogue regime.

The attribution comes on the heels of a US statement of strategic policy that identifies North Korea, Iran, China, and Russia as adversaries. North Korea and Iran get strong talk; China and Russia a more nuanced but still cold treatment (Chinese and Russian observers are quick to call the document a return to the Cold War). It's worth noting that the US hasn't, for all of its strong words, characterized WannaCry as an act of war.

GuardiCore has published the results of its look at an organized Chinese cyber gang. They're operating from a "coordinated infrastructure, and they're going after database-service servers. GuardiCore finds three attack variants, which they're calling "the Hex-Men": Hex, Hanako, and Taylor.

Netskope reports finding a RAT that uses Dropbox to host its payload and Telegram for command-and-control.

Security researchers and ISPs in Egypt and Latin America have successfully taken down the Satori botnet.


Today's issue includes events affecting China, European Union, France, Jordan, India, Iran, Israel, Democratic Peoples Republic of Korea, Republic of Korea, Russia, United Kingdom, United Nations, United States.

How are you handling your cloud monitoring and security?

Cloud providers offer many security measures, but you’re ultimately responsible for securing your own data. While 53% of organizations are training their staff to manage cloud security, 30% of organizations plan to partner with an MSP. In our white paper, we discuss the considerations you need to make before choosing a solution.

In today's podcast, we hear from our partners at the Johns Hopkins University's Information Security Institute, as Joe Carrigan talks about the holidays and the IoT devices busily spreading seasonal joy and, uh, other stuff. Our guest, Chris Webber from SafeBreach, takes us through the third edition of SafeBreach's  Hacker’s Playbook.

Recorded Future's Inside Threat Intelligence podcast, produced in cooperation with the CyberWire, is up. This week's issue aims to dispel cybersecurity myths.

Earn a master’s degree in cybersecurity from SANS (Online, December 21, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Thursday, December 21st, at 12:00pm noon ET. For complete information on master’s degree and graduate certificate programs, visit

Cyber Attacks, Threats, and Vulnerabilities

It’s Official: North Korea Is Behind WannaCry (Wall Street Journal) The massive cyberattack cost billions and put lives at risk. Pyongyang will be held accountable.

UK and US blame WannaCry cyber-attack on North Korea (the Guardian) Foreign Office and US homeland security adviser say Pyongyang was responsible for attack that infected 300,000 computers

U.S. blames North Korea for 'WannaCry' cyber attack (Reuters) The Trump administration has publicly blamed North Korea for unleashing the so-called WannaCry cyber attack that crippled hospitals, banks and other companies across the globe earlier this year.

Trump administration blames North Korea for global WannaCry cyberattack (POLITICO) The attribution represents a move to confront a digital menace and seek international unity around the need to combat destructive cyber activity.

U.S. declares North Korea carried out massive WannaCry cyberattack (Washington Post) The Trump administration will call on states to implement all U.N. sanctions.

US Blames North Korea For WannaCry -- But Are Trump's Cyber Sleuths Wrong? (Forbes) The Trump administration blamed North Korea for the massive WannaCry ransomware outbreak Monday night in an op-ed in the Wall Street Journal. The article was penned by Tom Bossert, key Trump cybersecurity adviser and assistant to the president for homeland security and counterterrorism.

Beware the Hex-Men (GuardiCore) In the last few months GuardiCore Labs has been investigating multiple attack campaigns conducted by an established Chinese crime group that operates worldwide.

Novel Excel Spreadsheet Attack Launches Password Stealing Malware Loki Bot (Lastline) Password Stealing Malware: Lastline has uncovered a new attack vector launched through Microsoft Excel spreadsheets, and just recently expanded into other Office applications. Read more.

Android Malware Will Destroy Your Phone. No Ifs and Buts About It (BleepingComputer) A malware strain known as Loapi will damage phones if users don't remove it from their devices. Left to its own means, this modular threat will download a Monero cryptocurrency miner that will overheat and overwork the phone's components, which will make the battery bulge, deform the phone's cover, or even worse.

Jack of all trades (Securelist) Among this array of threats we found a rather interesting sample – Trojan.AndroidOS.Loapi. This Trojan boasts a complicated modular architecture that means it can conduct a variety of malicious activities: mine cryptocurrencies, annoy users with constant ads, launch DDoS attacks from the affected device and much more.

Bitcoin exchange shuts down after being hacked twice in one year (HOTforSecurity) A South Korean Bitcoin exchange has collapsed after suffering its second hack in less than a year. As The Telegraph reports, YouBit has announced that it suffered a hack at 04:35am local time today, which saw criminals steal 17% of its total assets. As a... #bitcoin #bitcoinexchange #youbit

Collaborative Takedown Kills IoT Worm 'Satori' (eWEEK) A new version the Mirai IoT malware that used two exploits in popular routers to build a 700,000-node botnet in less than four days is shut down by security researchers and internet service providers.

Satori botnet about to cause a whole lot of trouble worldwide (Techgenix) Meet Satori, the newest variant of the destructive Mirai botnet, which seems to have a lot more power in its arsenal than previous incarnations.

Hackers using Google Adwords & Google Sites to spread malware (HackRead) Today, we at HackRead have discovered a sophisticated malware scam that tricks users into downloading fake Google Chrome browser installer but in reality,

Telegram RAT Escapes Detection via Cloud Apps (Dark Reading) Netskope discovers a new RAT using Dropbox for its payload host and Telegram Messenger for command and control.

Hackers steal security firm's domain name in 10-hour attack potentially compromising customer data (Computing) If security firms can't stay secure, what chance for anyone else?

Cyberespionage Campaign Sphinx Goes Mobile With AnubisSpy (TrendLabs Security Intelligence Blog) We came across malicious apps on Google Play with cyberespionage capabilities, targeting Arabic-speaking users or Middle Eastern countries—AnubisSpy.

Warning over anti-virus evading 'polymorphic' Emotet banking Trojan (Computing) Online bankers warned that Emotet can evade detection by three-quarters of anti-virus software packages,Security ,Security,malware,Trojan,security,bromium

Two critical and unpatched flaws identified in vBulletin (HackRead) According to the latest research from Italy based security company TRUELIT’s researcher and an independent security expert, the widely used internet forum

User ‘Gross Negligence’ Leaves Hundreds of Lexmark Printers Open to Attack (Threatpost) Researchers warn hundreds of Lexmark printers are vulnerable to a trivial hack thanks to user “gross negligence.”

DHS project catches 18 first-responder apps with ‘critical’ cyber flaws (TheHill) Pilot program evaluates popular Android, iOS apps used by first responders for security and privacy concerns.

Example of 'MouseOver' Link in a Powerpoint File (SANS Internet Storm Center) I really like Microsoft Office documents... They offer so many features that can be (ab)used to make them virtual bombs. Yesterday, I found a simple one but nicely prepared Powerpoint presentation: Payment_copy.ppsx (SHA256:7d6f3eb45c03a8c2fca4685e9f2d4e05c5fc564c3c81926a5305b6fa6808ac3f). It was still unknown on VT yesterday but it reached now a score of 1/61![1]. It was delivered to one of my catch-all mailboxes and contained just one slide.

The truth about RFID credit card fraud (CSO Online) Despite demonstrations to show it's possible, documented cases of RFID credit card fraud are unknown. And as security professionals know, there is a huge gulf between potential crime and actual crime.

Watch out – fake support scams are alive and well this Christmas (Naked Security) Fake support scams – where the crooks help you “remove” malware you don’t have – are still a real problem. Take care over the holidays!

The Market for Stolen Account Credentials (KrebsOnSecurity) Past stories here have explored the myriad criminal uses of a hacked computer, the various ways that your inbox can be spliced and diced to help cybercrooks ply their trade, and the value of a hacked company.

Iran Cybersecurity Profile (Anomali) Iran is one of the major powers in the Middle East, and currently seeks to gain influence in the global landscape.

Security Patches, Mitigations, and Software Updates

Firefox Prepares to Mark All HTTP Sites "Not Secure" After HTTPS Adoption Rises (BleepingComputer) The increased adoption of HTTPS among website operators will soon lead to browsers marking HTTP pages as "Not Secure" by default.

An easy update for December Patch Tuesday (Computerworld) The primary concern for this month are the updates to IE and Edge, but a handful of others warrant attention, too.

Microsoft Word slams the door on DDEAUTO malware attacks (Naked Security) Remember how Microsoft said that DDEAUTO was a “feature”, not a vulnerability? Well, it just changed its mind – for Word, at least.

Keeper Security Patches Password Protection Flaw Reported by Google (eSecurity Planet) Password managers are supposed to help keep users safe, so what can you do to help mitigate the risk?

Cyber Trends

Only 14 Percent of Companies Increased Security Budgets After WannaCry, NotPetya Attacks (eSecurity Planet) Still, 13 percent of IT professionals felt that they were blamed when their organization became a victim.

New Study: Many Consumers Lack Understanding of Basic Cyber Hygiene (Tenable™) Data breaches have been a headache for many years and for a long time there seemed to be a general apathy about them.

Perceived Data Value Varies Wildly Across Industries, Countries (Infosecurity Magazine) Shareholder data is most highly valued by IT professionals at more than $1,700 per record.

Data Breach Briefing: the Run-Down on 5 Cybersecurity Studies (Bricata) Information sharing is a critical aspect of cybersecurity. While studies and surveys can’t match the data in a solid threat intel report, they are useful for understanding the benchmarks and experiences of peer organizations.

7 cyber security predictions for 2018 (CSO Online) Let’s face it: 2017 was a terrible year for cyber security with more phishing scams, ransomware, state-sponsored attacks, and new attack vectors. Will 2018 be better?

Dispelling Cybersecurity Myths (Recorded Future) Chief Security Architect Gavin Reid discusses cybersecurity myths that need to be dispelled, including the notion that companies should “do more with less.”

Survey Shows Many Americans Are Cyber-Illiterate (Infosecurity Magazine) Despite being aware of breaches like Equifax, 43% have not changed their online habits, and most think they haven't been impacted.


Cybersecurity IPOs In 2018 Could Be Plentiful (Investor's Business Daily) Most cybersecurity stocks seem to be in a funk heading into 2018 but a pickup in initial public offerings — and, perhaps, mergers — next year might pique the interest of investors.

Asian Cybersecurity Futures (CLTC) This report explores diverse political, economic, and technological factors that will shape Asia’s future as the region becomes more connected.

Thales acquires chip giant Gemalto in $5.6B all-cash deal (Cyberscoop) The deal comes after Gemalto rejected an offer from rival French tech firm Atos.

Check Point CEO Wants Faster Growth (Forbes) Let's say you start a company in 1993, take it public in 1996, sell your product in 88 countries, and are still running it in December 2017. Why not take your billions and go yachting? Why are you still at the company's helm and eager to speed up its growth?

It’s a good time to be a federal IT nerd ( With more pieces coming into focus, industry and former federal executives say the Trump administration’s plans for IT modernization have matured.

This Activist Investor Is Right for Thinking Akamai May Be a Nice Acquisition (TheStreet) Akamai Technologies finds itself with a new activist shareholder in Elliott Management's Paul Singer.

Pentagon Hacked in New U.S. Air Force Bug Bounty Program (Security Week) The Hack the Air Force 2.0 bug bounty program kicked off earlier this month with researchers finding a critical vulnerability that could have been exploited to gain access to a network of the U.S. Department of Defense.

Why Israeli Cybersecurity Firms Are Moving From Tel Aviv To Boston (WBUR) Cybersecurity is booming business in Boston with multiple local companies having raised over $100 million. We explore how this came to be -- and the power of Israel in developing the industry.

Cylance Names Rahul Kashyap as Global Chief Technology Officer (Digital Journal) Cylance® Inc., the company that revolutionized the antivirus and endpoint protection industry with true AI-powered prevention that blocks malware, fileless attacks and today’s most advanced cyberthreats, today announced the promotion of Rahul Kashyap to Global Chief Technology Officer (CTO).

Products, Services, and Solutions

Janrain Delivers First Universal Integration of CIAM Event Data with SIEM Systems ( Janrain®, the company that pioneered the Customer Identity and Access Management (CIAM) category, today announced it is the first CIAM provider to deliver universal integration with major Security Information and Event Management (SIEM) systems such as IBM QRadar and others to provide Security Operations Center (SOC) analysts with early detection and response to a wider swath of suspicious activities and possible security threats.

Open Garden wants to give you tokens for sharing your internet connection (TechCrunch) Open Garden launched its mesh networking platform at TechCrunch Disrupt NY 2012. Since then, the company has gone through a few iterations and found..

UJET Completes SOC 2 Type 2 and HIPAA Examinations (PRNewswire) UJET Inc., an enterprise-grade platform that makes it simple for any...

Claroty Platform Officially Interoperates with RSA® NetWitness® Suite (GlobeNewswire News Room) Actionable Security Alerts and Insights from the Claroty Platform Now Married with Full Context to Aid Security Forensics and Incident Response Teams

Let no endpoint go dark (Help Net Security) Absolute's Persistence technology is embedded in more than a billion endpoints for self-healing endpoint visibility and control.

Specops Software launches Multi-Factor Authentication for Office 365 (Broadway World) Specops Software launches Multi-Factor Authentication for Office 365

New AWS Paris region makes it easier for customers to follow France’s data privacy rules (TechCrunch) Amazon Web Services launched a new region in Paris today to serve customers in the European Union. This is AWS’ fourth region in the EU after Germany,..

Technologies, Techniques, and Standards

Why incident response is the best cybersecurity ROI (CSO Online) Former White House CIO says unexpected breaches can wreak havoc on a company's bottom line. Proper incident response planning can mitigate damage costs.

Comprehensive Endpoint Protection Requires the Right Cyber Threat Intelligence (Dark Reading) CTI falls into three main categories -- tactical, operational, and strategic -- and answers questions related to the who, what, and why of a cyber attack.

Why cryptography is much harder than software engineers think (Help Net Security) If your security depends on vendor-supplied ‘black boxes’, be very careful. Security through obscurity is no security at all.

Advanced Deception: How It Works & Why Attackers Hate It (Dark Reading) While cyberattacks continue to grow, deception-based technology is providing accurate and scalable detection and response to in-network threats.

Will Secure Authentication Remove the Need for Credentials? (Infosecurity Magazine) What if users were to abandon the use of usernames/passwords all together for authentication and migrate to alternative forms of authentication?

Don't Get Caught Unprepared When It Comes To IoT Security (Forbes) IoT requires an end-to-end approach to security. Here are six steps you can take to better ensure the security of your IoT initiatives.

Army’s new cyber requirements will be based on battlefield needs (C4ISRNET) The Army will begin to start writing requirements with the intended operational effects in mind to get capabilities out to soldiers as opposed to the existing prolonged requirements/program of record construct.

'Starwars' Debuts on List of Worst Passwords of 2017 (Dark Reading) Many of the old standbys made this year's list of the 25 stolen - and weakest - passwords found dumped online.


SIA Announces RISE Scholarship Winners (Security Industry Association) Security Industry Association recognizes 2017 RISE scholarship winners; funds to support professional development of young security professionals.

Louisiana Tech gets $1.3M grant to enhance cybersecurity programs (Federal Times) The university, in a news release, says the grant was awarded by the National Science Foundation and will be used to support Tech’s proposed CyberCorps Scholarship for Service program to prepare cybersecurity professionals for entry into the government workforce.

Legislation, Policy, and Regulation

Cyber security a focus of UN Internet governance conference (IT World Canada) The increasing number of cyber attacks blamed on nation states is getting on the nerves of a lot of Internet experts.Some say

Trump Identifies 'New Era of Competition' in Unveiling National Security Strategy (US News and World Report) Laying out his vision of world threats, Trump says Russia and China have emerged as global competitors that must be offset by U.S. economic might.

Cyberguerre : les Etats-Unis désignent leurs adversaires (LeMagIT) La Corée du Nord est accusée d’être responsable de l’épisode WannaCry. L’Iran n’échappe pas à l’opprobre de l’exécutif américain. Chine et Russie apparaissent traités avec plus de modération.

Trump Delivers a Mixed Message on His National Security Approach (New York Times) The disconnect between the president’s speech and the administration’s blueprint suggests the broader challenge of developing an intellectual framework for his policies.

SitRep: Cold War Returns, Democracy Promotion Rejected, in New Security Strategy (Foreign Policy) Pentagon revamps innovation offices, Putin thanks Trump

What Trump’s National Security Strategy says on cyber (Fifth Domain) Here's what the Trump administration's National Security Strategy means for the nation's cybersecurity strategy.

Russia Calls U.S. Security Strategy 'Imperial,' China Denounces 'Cold War' Thinking (RadioFreeEurope/RadioLiberty) Russia and China have lambasted U.S. President Donald Trump's new national security strategy, which refers to them as rivals of Washington that are seeking to undermine U.S. power and interests.

What Putin Really Wants (Defense One) Russia's strongman president has many Americans convinced of his manipulative genius. He's really just a gambler who won big.

Russia ready to repel cyber attacks during presidential election (TASS) Russia’s forthcoming election is due on March 18, 2018

Connecting the Dots in the War on Cyber Terrorism (CTECH) Agreements between the U.S., Israel and India, can be turned into a three-way pact to promote shared security interests

Jordan can take the lead in cyber security (Jordan Times) The Great Wall of China was built thousands of years ago to prevent China’s enemies from entering. Well, they did as mentioned in historical references three or four times. The enemies bribed the guards to open a gate under darkness for the stealthy armoured enemy soldiers to sneak in.

How Europe's New Internet Laws Threaten Freedom of Expression (Foreign Affairs) At every level, Europeans are moving to impose restrictions on the expression that Internet companies can permit on their platforms.

Antiquated Policy Complicates Threat Intelligence Collection (Security Week) Before the world began sending over 500 million tweets and posting more than four million Facebook messages each day, the practice of Open Source Intelligence (OSINT) gathering, conducted by law enforcement and government agencies for the purpose of evaluating threats to national security, largely involved analyzing and subscribing to newspapers delivered from all over the world.

New York City moves to create accountability for algorithms (Ars Technica) City Council passes bill addressing algorithmic discrimination in city government.

“There will be a [Senate] vote” to reinstate net neutrality, Schumer says (Ars Technica) Congress could block net neutrality repeal, but Democrats face tough odds.

Donald Trump Jr. and Ted Cruz lambast Mark Hamill’s support of net neutrality (Ars Technica) “It was Vader who supported govt power over everything said & done on the Internet.”

Litigation, Investigation, and Law Enforcement

Kaspersky sues DHS over federal blacklist (Ars Technica) “It failed to satisfy even the minimum standards of due process.”

DOJ confirms Uber is under criminal investigation (Naked Security) The plot of the Waymo vs Uber fight over stolen self-driving technology is getting thicker and thicker

Former DC Metro police officer convicted of trying to aid ISIS (TheHill) A federal jury on Monday convicted a former Washington, D.C., Metro Transit Police officer for obstructing justice and trying to support the Islamic State in Iraq and Syria (ISIS).

Whistleblowers worry about fate of spy agency ombudsman (Federal Times) A decision to put the man who handles whistleblower complaints at U.S. spy agencies on administrative leave has raised worries on Capitol Hill that it’s part of a plan to hamstring the program that helps intelligence workers report waste, fraud and abuse.

The Supreme Court Should Heed Friendly Advice on Microsoft Ireland (Just Security) AU Law Prof examines the conflict of laws issue in Microsoft Ireland case should the government prevail.

France puts Facebook on notice over WhatsApp data transfers (TechCrunch) Facebook and WhatsApp have been issued with formal notices by France's data protection watchdog warning that data transfers being carried out for 'business..

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

International Conference on Cyber Security: Forging Global Alliances for Cyber Resilience (New York, New York, USA, January 8 - 11, 2018) The Federal Bureau of Investigation and Fordham University will host the Seventh International Conference on Cyber Security (ICCS 2018) on January 8-11, 2018, in New York City. ICCS is held every eighteen...

2018 Leadership Conference (Arlington, Virginia, USA, January 17 - 19, 2018) We invite you to join us for this unique opportunity to share information, participate in leadership training, collaborate on solutions to common problems, and network with peers from around the globe.

Connected Medical Device & IOT Security Summit (Baltimore, Maryland, USA, January 25 - 26, 2018) The Summit will offer practical solutions to many of the daunting security challenges facing medical device and connected health technology companies, healthcare providers, payers and patients. The program...

CyberUSA (San Antonio, Texas, USA, January 29 - 30, 2018) The CyberUSA Conference will be held in San Antonio, TX at the Henry B. Gonzalez Convention Center on Tuesday, January 30, 2018. A welcome reception will be held on the evening of Monday, January 29, 2018.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.