Looking for an introduction to AI for security professionals?
Your wait is over. A new book is out from the Cylance data science team, covering artificial intelligence and machine learning techniques in practical situations to improve the security professional’s ability to thrive in a data driven world. Whether you are reviewing logs or analyzing malware, being able to derive meaningful results and improve productivity is key. Order your free copy today.
December 21, 2017.
By The CyberWire Staff
Attacks on cryptocurrencies continue, and another exchange, crypto-to-crypto EtherDelta, is taken offline after it's hacked in the course of a theft. Illicit mining also continues: WordPress sites have, since Monday, been periodically subjected to brute-force attacks installing Monero miners.
North Korea (which has gotten around to denying involvement in WannaCry, calling the attribution "absurd") is drawing more suspicion of involvement in the theft that bankrupted the Youbit exchange.
Some observers harumph that the US has provided no real evidence of North Korean involvement in cyberattacks, and that US attributions shouldn't be accepted at face value. But the other four Five Eyes appear to agree, and Facebook and Microsoft seem to be taking down DPRK operators in the Lazarus Group. There are concerns surfacing now that Pyongyang will seek to disrupt the upcoming Winter Olympics, scheduled to be held in South Korea this coming February.
Similar skepticism about the US ban on Kaspersky software is surfacing in litigation.
In the US, Section 702 of the Foreign Intelligence Surveillance Act (which authorizes collection of electronic communications by the National Security Agency) will sunset in ten days if it's not renewed. The Intelligence Community generally regards Section 702 as an essential authority for intelligence collection. Congressional efforts underway to reauthorize or at least extend the authority are controversial, facing skepticism from elements on both the left and right.
Recent alterations to the Wassenaar cyber arms control agreement continue to receive generally positive reviews, as protections for security researchers are incorporated into the framework.
Today's issue includes events affecting Australia, Canada, China, Democratic Peoples Republic of Korea, Republic of Korea, New Zealand, Russia, Singapore, Slovakia, United Kingdom, United States.
A note to our readers on our holiday calendar: We won't be publishing the Week that Was on either this Sunday or New Year's Eve, and the CyberWire Daily News Briefing will also take its regular US holiday breaks on Christmas (Gregorian calendar, December 25th) and New Year's Day. The Daily News Briefing will be out as usual next Tuesday through Friday, as will our Daily Podcast, the latter with some longform interviews. Research Saturday will be up as usual this weekend and next. All publication returns to normal on January 2nd. Best wishes from all of us during this holiday season. Thank you for reading and listening.
How are you handling your cloud monitoring and security?
Cloud providers offer many security measures, but you’re ultimately responsible for securing your own data. While 53% of organizations are training their staff to manage cloud security, 30% of organizations plan to partner with an MSP. In our white paper, we discuss the considerations you need to make before choosing a solution.
ON THE PODCAST
In today's podcast we hear from our partners at Webroot, as David DuFour covers the much-discussed topics of quantum computing and artificial intelligence. Our guest is Joseph Carson from Thycotic, who talks about how stolen passwords are traded on the black market.
Earn a master’s degree in cybersecurity from SANS(Online, December 21, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Thursday, December 21st, at 12:00pm noon ET. For complete information on master’s degree and graduate certificate programs, visit www.sans.edu.
Don’t Speak, Memory(Foreign Affairs) Russia has never truly reckoned with the horrors of Stalin’s regime. And now the Kremlin is keener than ever to avoid acknowledging past crimes; instead, it is promoting an authoritarian ideology dangerously reminiscent of Stalin’s own.
'Fake News' Fights Back(Foreign Policy) Russian disinformation. A government attacking the media. A populace deeply skeptical of it. These Slovak journalists had seen it all — and decided to do…
China’s Cover-Up(Foreign Affairs) Despite the vast suffering the Chinese Communist Party has caused, it has never admitted guilt, far less memorialized its victims. Nor is it likely to. Too much remembering would risk undermining the party’s legitimacy.
Japan cybersecurity survey finds 20,000 fake shopping sites(The Mainichi) A cybersecurity survey has found that around 20,000 fake shopping sites were in operation in the second half of this year, Japan's National Police Agency said Thursday, warning that the sites are designed to swindle money from unsuspecting shoppers.
12 top cloud security threats to consider for 2018(CSO Online) More data and applications are moving to the cloud, which creates unique infosecurity challenges. Here are the "Treacherous 12," the top security threats organizations face when using cloud services.
Cryptocurrencies have an everything problem(TechCrunch) A mom from Arkansas, a major donor to Republican causes with very little experience in technology, wants to invest $50,000 in bitcoin. A man from Switzerland..
The rise of the crypto accelerators(TechCrunch) As cryptocurrency fever grips the tech world, and blockchain technologies gradually become more viable, there is a new wave of accelerators and incubators..
Fireware 12.1 Now Available(WatchGuard Technologies) We are pleased to announce the new release of Fireware 12.1 and WSM 12.1! These significant new releases are now available for download from the software download center. The highlight of Fireware 12.1 is the Access Portal, a clientless application portal that is available for SSO integration for cloud assets and internal resources via RDP and SSH.
Comodo Partners Tros Technologies On Cyber Security Solutions(Eagle Online) Comodo, a global innovator, developer of cyber security solutions and the worldwide leader in digital certificates, has entered into a strategic partnership with Tros Technologies, a leading Nigerian Information Technology Solutions Company for the West African Region.
Creating a culture of security: Part 2(CSO Online) User behavior can sometimes cause CSOs and CISOs to have heart palpitations. In part two of a two-part series, we look at technologies that can safeguard users and enterprises, and how organizations can foster a culture of security.
Smarter weapons needed to fight savvy financial criminals(The New Paper) Money laundering has existed for as long as we have had money. Today, it is estimated that money laundering around the world reaches between US$1 trillion (S$1.35 trillion) to US$2 trillion, around 2 per cent to 5 per cent of global gross domestic product. While many are...
Section 702 Overview(Office of the Director of National Intelligence) Section 702 is a key provision of the FISA Amendments Act of 2008 that permits the government to conduct targeted surveillance of foreign persons located outside the United States, with the compelled assistance of electronic communication service providers, to acquire foreign intelligence information.
Aussie’s ban on Chinese technology a wrong decision(Global Times) Major Chinese telecommunication provider ZTE Corp said Wednesday it has always paid attention to protecting users' privacy in response to news that Australian parliamentarians will discontinue using one of the company's phone models in fear they "might be spying on its owners."
Kaspersky's legal challenge to software ban could impede DHS cyber operations(Inside Cybersecurity) Kaspersky Lab is challenging the constitutionality of the Department of Homeland Security's decision to ban federal use of its software products, in a lawsuit that -- if successful -- could limit the department's use of key statutes for managing cyber risks to government networks and setting regulatory policies.
McCabe draws blank on Democrats’ funding of Trump dossier, new subpoenas planned(Fox News) EXCLUSIVE: Congressional investigators tell Fox News that Tuesday’s seven-hour interrogation of Deputy FBI Director Andrew McCabe contained numerous conflicts with the testimony of previous witnesses, prompting the Republican majority staff of the House Intelligence Committee to decide to issue fresh subpoenas next week on Justice Department and FBI personnel.
2018 Leadership Conference(Arlington, Virginia, USA, January 17 - 19, 2018) We invite you to join us for this unique opportunity to share information, participate in leadership training, collaborate on solutions to common problems, and network with peers from around the globe.
CYBERTACOS(Arlington, Virginia, USA, January 24, 2018) CYBERTACOS is back and becoming one of the DC metro area’s biggest cybersecurity networking events! Register today and join us for networking, food and drinks. This event includes a 45-minute meet the...
Connected Medical Device & IOT Security Summit(Baltimore, Maryland, USA, January 25 - 26, 2018) The Summit will offer practical solutions to many of the daunting security challenges facing medical device and connected health technology companies, healthcare providers, payers and patients. The program...
CyberUSA(San Antonio, Texas, USA, January 29 - 30, 2018) The CyberUSA Conference will be held in San Antonio, TX at the Henry B. Gonzalez Convention Center on Tuesday, January 30, 2018. A welcome reception will be held on the evening of Monday, January 29, 2018.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.