skip navigation

More signal. Less noise.

Looking for an introduction to AI for security professionals?

Your wait is over. A new book is out from the Cylance data science team, covering artificial intelligence and machine learning techniques in practical situations to improve the security professional’s ability to thrive in a data driven world. Whether you are reviewing logs or analyzing malware, being able to derive meaningful results and improve productivity is key. Order your free copy today.

Daily briefing.

All Five of the Eyes are glaring like basilisks toward Pyongyang, which they agree was responsible for WannaCry. Some conclude that collective defense works (albeit abetted in this case by someone lucking into the kill-switch) because the outbreak could have been far worse. (US networks proved generally resistant to the campaign.) The White House drew particular attention to Facebook account takedowns and Microsoft fixes as providing valuable and ongoing defense against North Korean cyberattacks.

Two questions at least remain. First, if you wished to deter similar attacks, how might you retaliate? You can hack until the ones and zeros jump, but it's not clear doing so will seriously affect North Korea's regime absent identification of something the regime values that one could hold at risk. Blame, shame, and further isolation may be the best anyone can do, some suggest. And second, how did the alleged NSA exploits used in WannaCry get loose into the hands of the ShadowBrokers in the first place?

Pyongyang hasn't had much to say about the latest round of accusations, but it has denounced earlier attributions as slander and provocation. 

The DPRK's current interests appear to lie in cryptocurrency, with the Lazarus Group paying a great deal of attention to hacking wallets and catphishing people with access to alt-currencies.

Another cyber espionage campaign has been spotted in the Middle East. Nyotron security researchers call it "Copperfield." It's an evolution of the H-Worm (also called "Houdini") that emerged from Algeria four years ago. No firm attribution yet.


Today's issue includes events affecting Australia, Canada, European Union, Democratic Peoples Republic of Korea, Republic of Korea, Netherlands, New Zealand, Norway, Romania, Russia, United Kingdom, United States.

How are you handling your cloud monitoring and security?

Cloud providers offer many security measures, but you’re ultimately responsible for securing your own data. While 53% of organizations are training their staff to manage cloud security, 30% of organizations plan to partner with an MSP. In our white paper, we discuss the considerations you need to make before choosing a solution.

In today's podcast, we hear from our partners at Accenture, as Justin Harvey offers some thoughts on choosing threat intelligence. Our guest is Stan Engelbrecht from D3 Security, who describes some of the vulnerabilities to be found in public transportation.  

Earn a master’s degree in cybersecurity from SANS (Online, December 21, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Thursday, December 21st, at 12:00pm noon ET. For complete information on master’s degree and graduate certificate programs, visit

Cyber Attacks, Threats, and Vulnerabilities

Australian government points finger at North Korea over WannaCry (Computerworld) The Australian government has joined the White House in condemning North Korea over the WannaCry ransomware wave.

Canada helped confirm North Korea behind Wannacry ransomware, says U.S. (IT World Canada) Canada is among the governments that helped the United States conclude last spring's WannaCry global ransomware attack was created by North Korea, a

GCSB concerned at North Korean cyber activity (New Zealand Reseller News) ​The director-general of the GCSB, Andrew Hampton, says he is concerned at international reports which link North Korea to WannaCry.

White House Blames North Korea for Global Ransomware Outbreak (Foreign Policy) The announcement comes amid heightening tensions on the Korean Peninsula.

America blames North Korea for WannaCry ransomware outbreak (Computing) The Central Committee Bureau 39 of the Workers' Party of Korea strikes again

Feds officially pin WannaCry ransomware attack on North Korea (Fifth Domain) Homeland Security Adviser Tom Bossert announced Tuesday that the U.S. is officially attributing the cyberattack to the North Korean government.

North Korea was behind the WannaCry cyberattacks, says the White House (Quartz) WannaCry infected computers across the world earlier this year in a ransomware attack, and even took down the National Health Service in the UK.

Hold North Korea Accountable for WannaCry—And the NSA, Too (WIRED) As the US government points the finger at North Korea for the WannaCry ransomware epidemic, it also needs to acknowledge the role of its leaked hacking tools.

What North Korea's WannaCry attack shows us (CNN) DHS official Christopher Krebs says protective measures prevented significant damage to the United States -- our networks withstood the onslaught, and our response efforts prevented an unchecked ransomware attack.

US short of options to punish North Korea for serious cyberattack (Military Times) The Trump administration vowed Tuesday that North Korea would be held accountable for a May cyberattack that affected 150 countries, but it didn’t say how, highlighting the difficulty of punishing a pariah nation already sanctioned to the hilt for its nuclear weapons program.

U.S. says Facebook and Microsoft disabled North Korean cyber threats (Reuters via VentureBeat) Facebook Inc and Microsoft Corp disabled a number of North Korean cyber threats last week, a White House official said on Tuesday, as the United States publicly blamed Pyongyang for a May cyber attack that crippled hospitals, banks and other companies.

Facebook and Microsoft disabled slew of North Korean cyber threats (Engadget) The White House says that Facebook and Microsoft disabled a slew of North Korean online threats in the past week.

Facebook Is Disrupting North Korean Hacking Operations (Motherboard) The company's announcements came on the heels of the US government’s public accusation blaming the North Korean government for WannaCry.

North Korea's new front: Cyberheists (The Straits Times) The messages are alluring, the pictures are attractive. But the women seeking to beguile South Korean Bitcoin executives could actually be hackers from Pyongyang in disguise, experts warn.. Read more at

North Korean hacking group Lazarus targeting bitcoin and point-of-sale infrastructure in dash for cash (Computing) North Korea's Lazarus Group following the money, warns Proofpoint

More evidence emerges of North Korea targeting cryptocurrency industry (SC Media UK) State-sanctioned North Korean hackers allegedly continue to target cryptocurrency companies and exchanges as a means of enriching the nation.

CEO: 'Absolutely' reason to believe North Korea is amassing bitcoin, likely to fund cyberattacks (CNBC) Crowdstrike CEO George Kurtz said there's "absolutely" reason to believe North Korea has an appreciating pile of bitcoin to fund attacks.

North Korea poses an existential threat to bitcoin (Newsweek) The bankruptcy of a bitcoin exchange has been blamed on North Korean hackers.

Symantec: A Cryptocurrency Mining Malware 'Arms Race' Is Looming (Motherboard) The scheme is ramping up as cryptocurrencies become more valuable.

Web-based cryptominers are malware (Sophos News) Cryptominers running in a browser without an organization’s consent are parasitic and should be considered malware

New Database Botnet Leveraged for Bitcoin Mining (Dark Reading) Attackers are quietly building an attack infrastructure using very sensitive machines.

Coinbase is investigating claims of insider trading from its Bitcoin Cash launch (TechCrunch) Coinbase is investigating whether its employees took advantage of inside knowledge to profit on the launch of bitcoin cash (BCH) when it was added the popular..

Another Cyberattack Spotted Targeting Mideast Critical Infrastructure Organizations (Dark Reading) Operation Copperfield appears focused on data theft and reconnaissance, Nyotron says.

China’s Flagship TV Network Hasn’t Registered as a Foreign Agent (Foreign Policy) Based in Washington, CCTV America broadcasts Beijing-controlled news to English-speaking households across the United States.

Popular Wordpress Plugin compromised with malicious code (Computing) Wordpress removes popular plug-in over security fears

120 Million American Households Exposed In 'Massive' ConsumerView Database Leak (Forbes) Information on more than 120 million American households was sitting in a massive database found left exposed on the web earlier this month, Forbes has been told.

CVE-2017-11882 Exploited to Deliver a Cracked Version of the Loki Infostealer (TrendLabs Security Intelligence Blog) A recent spam campaign is exploiting CVE-2017-11882 to deliver a “cracked” version of the information-stealing Loki.

Microsoft Office Docs New Vessel for Loki Malware (Dark Reading) Loki malware, built to steal credentials, is distributed via Microsoft Excel and other Office applications rigged with malicious 'scriptlets' to evade detection.

Project Zero Chains Bugs for ‘aPAColypse Now’ Attack on Windows 10 (Threatpost) Google’s Project Zero team dubs a new WPAD-related attack as an “aPAColypse Now” that allows a local attacker to compromise a targeted and fully patched Windows 10 PC.

Buyers Beware of Tampered Gift Cards (KrebsOnSecurity) Prepaid gift cards make popular presents and no-brainer stocking stuffers, but before you purchase one be on the lookout for signs that someone may have tampered with it.

Credential Stuffing Threats Facing the eCommerce Industry This Holiday Season (Security Boulevard) Forecasts call for double digit growth in eCommerce holiday spending. Much like the Dr. Seuss novel, there is a Grinch lurking this holiday season, trying to ruin this joyous time of year.

Hacky Holidays? Increased Cybersecurity Breaches Blast Winter Break (Security Intelligence) Winter holidays mean more cybersecurity breaches for enterprises. How can security leaders train staff members to better manage digital assets during this time?

Why ransomware? Let's ask the bad guys (Help Net Security) One of the questions we often ask is what do they criminals plan to do with the money they make? Raj Samani from McAfee asks them.

GPS is off so you can’t be tracked, right? Wrong (Naked Security) It’s not just your GPS that gives away your location, researchers have discovered

So it wasn't Anderson Cooper who called Donald Trump a pathetic loser on Twitter after all... (Graham Cluley) CNN anchor Anderson Cooper found himself making headlines last week when his Twitter account appeared to have said something apparently designed to bruise the US president's ego.

Security Patches, Mitigations, and Software Updates

Keeper Security Patches Password Protection Flaw Reported by Google (eSecurity Planet) Password managers are supposed to help keep users safe, so what can you do to help mitigate the risk?

Microsoft quietly updated Windows 10 to fix 'Hello' facial recognition flaw (Computing) Just a simple photo was all it took to get round Microsoft's 'Hello' facial recognition in Windows 10, say SySS researchers

Cyber Trends

Cybersecurity past to predict the future (CSO Online) Organizations will continue to embrace the NIST cybersecurity framework, bolster training, and increase budgets.

With GDPR approaching, more and more businesses are buying cyber insurance policies (Teiss) With the GDPR only months away from being implemented, more and more small and medium enterprises are adopting cyber insurance to protect their data in the event of cyber-attacks or breaches.

Equifax and beyond: How data breaches shaped 2017 (MarTech Today) Could this be a turning point in the way we handle PII data in the future?

CEOs slow to come around with cybersecurity practices (Fierce CEO) CEOs are overseeing companies that, by and large, still have a lot to do to tighten their cybersecurity practices and do not appear to be acting with particular urgency.


Who's who in the cybersecurity market? The inside scoop for 2018 (CSO Online) Big tech will go big on cybersecurity in 2018. Expect Amazon, Google, Microsoft and others to get tough on cyber crime.

Network Security Group Purchases Waytek Software; Adds Avast Business Solutions to Distribution Offering (PRWeb) Boutique distribution business now offers even more value and curated products for channel partners seeking a high-end distribution partner

Bitcoin rival Bitcoin Cash soars as Coinbase adds support (Ars Technica) Coinbase users will be able to buy and sell Bitcoin Cash.

Litecoin founder Charlie Lee has sold all of his LTC (TechCrunch) Charlie Lee, the former director of engineering at Coinbase, is selling almost all of his holdings in Litecoin (LTC), the cryptocurrency that he founded in..

The next focus for the Army’s Rapid Capabilities Office (C4ISRNET) The Army's Rapid Capabilities Office is beginning to take on new efforts such as counter UAS and examining technologies under longer timelines.

Oxygen Forensics Enjoys Double-Digit Growth in 2017 (Oxygen Forensics) Growth causes office space at world headquarters in Alexandria, VA to triple in size

Tim Matthews Joins Exabeam as Chief Marketing Officer (EconoTimes) SAN MATEO, Calif., Dec. 19, 2017 -- Exabeam, the leader in Security Intelligence Solutions, today announced that Tim Matthews has joined the company as chief marketing officer. In this role, he will drive global brand...

Products, Services, and Solutions

Bugcrowd Delivers Unmatched Visibility, Coverage and Control of Vulnerability Testing (Bugcrowd) Included on the Crowdcontrol™platform, Traffic Control leverages a VPN for access control on high-trust targets for unprecedented coverage assurance

Technologies, Techniques, and Standards

How to set up a smartphone for kids: 9 things parents need to do first (Cool Mom Tech) Before you hand over that new smartphone to your kids, go through this smart checklist of 9 tasks to ensure that it's safe for them to use.

Security platform or best of breed? There’s only one answer (CSO Online) How limited resources and the software as a service (SaaS) sales culture force security professionals into a best of breed strategy for infrastructure.

The GDPR: a catalyst for improving data quality (Computing) Compliance is a challenge, but the new regulation presents an opportunity to re-shape customer engagement and customer data management strategies

Who (or What) Can You Trust? (CIO) delivers the latest tech news, analysis, how-to, blogs, and video for IT professionals. Covers apps, careers, cloud computing, data center, mobile, outsourcing, security, social media, hardware and software.

Why Cisco, McAfee Say Security Vendors Must Share Threat Intel to Beat the Baddies (SDxCentral) The Cyber Threat Alliance, a group of 14 top security vendors including Cisco and McAfee, share threat information daily.

Five mental shifts we must make to achieve security beyond perimeters (Help Net Security) To help you get your mind out of the data center, beyond the perimeter, and into the cloud, we suggest you consider the five mental shifts outlined here.

Why Phishing Alone is Not Enough Awareness Training (Infosecurity Magazine) Phishing simulations have become synonymous with security awareness training, they’re not.

Design and Innovation

Why Cybersecurity is Ripe for AI Innovation (CSO Online) How to secure your digital transformation initiatives with innovative technology

AI Should Not Replace Tried-and-True Security Practices (SIGNAL Magazine) AI alleviates many challenges, but humans remain critical to cybersecurity.

In China, a Three-Digit Score Could Dictate Your Place in Society (WIRED) China is taking the idea of a credit score to the extreme, using big data to track and rank what you do—your purchases, your pastimes, your mistakes.

Bitcoin May Not Be the Future, but the Technology Behind It Might Well Be (NDTV A lot has been written about Bitcoin lately, as the value of the cryptocurrency keeps surging at breakneck pace, which has made many people consider it as an investment option.

Geekbench and Reddit think they’ve cracked why iPhones get slower over time (Ars Technica) Testing suggests that iOS 10.2.1 added this functionality to prevent shutdowns.

Research and Development

Electromagnetic emissions from smartphones analyzed for security vulnerability (EurekAlert!) Researchers at Universidad Carlos III de Madrid (UC3M) and the Consejo Superior de Investigaciones Científicas-CSIC (Spanish National Research Council) are developing a tool that enables cell phones to be analyzed in order to determine if they could undergo a cyber-attack to obtain encryption keys through their electromagnetic emanations.


Inside a Cyber Patriot practice where kids learn to beat hackers (WJBF-TV) We are continuing to learn more about a growing after school program called Cyber Patriots. Students learn to protect computers from criminals.

Legislation, Policy, and Regulation

US national security strategy puts cyberspace defense alongside land, air, maritime concerns (CIO Dive) The changing attitude toward technology does not just stem from calls for efficiency. Instead, the U.S. government is prioritizing modernization as a way to improve its cybersecurity and boost national defense.

Trump's National Security Strategy Is Shockingly Normal (Bloomberg) The White House's "four pillars" could have emerged from a Hillary Clinton administration.

Rand Paul, Mike Lee will vote against spending bill with permanent FISA authorization (Washington Examiner) 'I would vote against any spending bill that has permanent reauthorization,' Paul said Tuesday.

Urgent: We Only Have Hours Left to Stop the NSA Expansion Bill (Electronic Frontier Foundation) According to reports published Tuesday evening by Politico, a group of surveillance hawks in the House of Representatives is trying to ram through a bill that would extend mass surveillance by the National Security Agency. We expect a vote to happen on the House floor as early as tomorrow,...

GOP net neutrality bill would allow paid fast lanes and preempt state laws (Ars Technica) FCC would be permanently barred from using Title II authority over broadband.

Obama didn’t force FCC to impose net neutrality, investigation found (Ars Technica) Ajit Pai still thinks Obama's call for net neutrality rules amounted to an order.

The Attack on Net Neutrality Is Just One Small Part of a Much Bigger, Dumber Plan (Motherboard) The end goal is blind deregulation of federal and state oversight of big telecom.

Comcast Is Pushing For a Flimsy Net Neutrality Law it Knows Telecom Lobbyists Will Write (Motherboard) Giant ISPs are now pushing for a 'legislative solution' to enshrine net neutrality. Don't trust them.

UK government preparing "radical" self-driving car rules (Computing) Government to introduce new rules governing self-driving vehicles

Litigation, Investigation, and Law Enforcement

Spy chiefs triggered police raids as Christmas ‘bomb plot’ fears grew (Times) Armed police have arrested four men on suspicion of planning an Isis-inspired Christmas bombing. A bomb-disposal team was dispatched and armed officers carried out dawn raids across Sheffield and...

Five arrested for spreading ransomware throughout Europe and US (Europol) During the last week, Romanian authorities have arrested three individuals who are suspected of infecting computer systems by spreading the CTB-Locker (Curve-Tor-Bitcoin Locker) malware - a form of file-encrypting ransomware. Two other suspects from the same criminal group were arrested in Bucharest in a parallel ransomware investigation linked to the US.

Internationaal politieonderzoek leidt tot aanhoudingen van Roemeense Ransomware verdachten (Politie) Vorige week zijn er door de Roemeense autoriteiten in Roemenie woningen doorzocht van personen die verdacht worden van het infecteren van computersystemen door de verspreiding van CTB-Locker Ransom...

Russia arrests Norwegian national on allegations of espionage (Deutsche Welle) Russia's FSB security services have detained a Norwegian citizen for allegedly obtaining confidential military documents. Norway's Foreign Ministry has confirmed it is providing "consular services" to the accused.

Facebook Government Data Requests Hit All-Time-High (Infosecurity Magazine) Facebook Government Data Requests Hit All-Time-High. US government led the way with over 32,000 requests for account data

Rep. Dana Rohrabacher says he's an 'open book' on Russia after meeting with Senate Intelligence (Washington Examiner) 'It was really a very open, nice meeting,' said Rohrabacher, who has come under scrutiny for his close ties to Russia. 'I've got no worries...

Cybersecurity Co. Brings Defamation Suit Against Condé Nast (Law 360) Chicago-based cybersecurity company Keeper Security Inc. sued Condé Nast and its technology magazine Ars Technica along with the magazine’s security editor in Illinois federal court on Tuesday, claiming an article run on Ars Technica’s website last week defamed the company by including “misleading" information about the company, thereby harming it.

For 8 days Windows bundled a password manager with a critical plugin flaw (Ars Technica) Plugin for Win 10 version of Keeper had bug allowing sites to steal passwords.

LinkedIn accused of chilling access to information online (Naked Security) It’s an epic legal battle for the future of the internet, and it’s not net neutrality.

School Shooter Posted Racist Rantings to Steam for Years (Motherboard) Steam has long allowed hateful content on its platform.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

CYBERTACOS (Arlington, Virginia, USA, January 24, 2018) CYBERTACOS is back and becoming one of the DC metro area’s biggest cybersecurity networking events! Register today and join us for networking, food and drinks. This event includes a 45-minute meet the...

Upcoming Events

International Conference on Cyber Security: Forging Global Alliances for Cyber Resilience (New York, New York, USA, January 8 - 11, 2018) The Federal Bureau of Investigation and Fordham University will host the Seventh International Conference on Cyber Security (ICCS 2018) on January 8-11, 2018, in New York City. ICCS is held every eighteen...

2018 Leadership Conference (Arlington, Virginia, USA, January 17 - 19, 2018) We invite you to join us for this unique opportunity to share information, participate in leadership training, collaborate on solutions to common problems, and network with peers from around the globe.

Connected Medical Device & IOT Security Summit (Baltimore, Maryland, USA, January 25 - 26, 2018) The Summit will offer practical solutions to many of the daunting security challenges facing medical device and connected health technology companies, healthcare providers, payers and patients. The program...

CyberUSA (San Antonio, Texas, USA, January 29 - 30, 2018) The CyberUSA Conference will be held in San Antonio, TX at the Henry B. Gonzalez Convention Center on Tuesday, January 30, 2018. A welcome reception will be held on the evening of Monday, January 29, 2018.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.