skip navigation

More signal. Less noise.

Looking for an introduction to AI for security professionals?

Your wait is over. A new book is out from the Cylance data science team, covering artificial intelligence and machine learning techniques in practical situations to improve the security professional’s ability to thrive in a data driven world. Whether you are reviewing logs or analyzing malware, being able to derive meaningful results and improve productivity is key. Order your free copy today.

Daily briefing.

The company affected by the attack on industrial control systems, said to have been in the Middle East, had been unnamed. But it's now said, according to Foreign Policy, to be Saudi Aramco. Foreign Policy sources their story to a report they say they've obtained that was prepared by Area 1 Security. Circumstantial and preliminary attribution continues to point toward Iran.

North Korean denials of responsibility for WannaCry have moved into familiar rhetorical terrain: "The U.S., a source of all social evils and a state of global cyber-crimes, is unreasonably accusing the DPRK without any forensic evidence. This cannot be construed otherwise than an expression of its inveterate repugnance towards the DPRK." While they can't be troubled to reply to every American "grave political provocation," this one can't be tolerated, because it's aimed a "tarnishing the image of [a] dignified country."

Online magazine Salon more-or-less agrees with the Supreme Leader, seeing the Five Eyes' attribution of WannaCry to Pyongyang as resembling other bogus war-scare "ruses," but most observers think the attribution, inevitably circumstantial to some degree, probably holds up.

WannaCry still remains in circulation, hitting the unprepared and unpatched.

South Korean police see North Korea as the prime suspect in the Youbit hack. 

Bitcoin and other cryptocurrencies crashed hard this morning, losing up to a third of their valuation. It's probably not the end of the speculative bubble, but it's at least a sharp correction.

More bad news for Kaspersky Lab: Lithuania has banned the company's products from Lithuanian infrastructure.


Today's issue includes events affecting Argentina, Azerbaijan, Brazil, China, Colombia, European Union, India, Iran, Democratic Peoples Republic of Korea, Republic of Korea, Lithuania, Mexico, Peru, Philippines, Portugal, Russia, Saudi Arabia, Spain, Thailand, Ukraine, United Arab Emirates, United Kingdom, United States, Venezuela, and Vietnam.

A note to our readers on our holiday calendar: We won't be publishing the Week that Was on either this Sunday or New Year's Eve, and the CyberWire Daily News Briefing will also take its regular US holiday breaks on Christmas (Gregorian calendar, because that's how we roll here in Maryland, so Monday, December 25th) and New Year's Day. The Daily News Briefing will be out as usual next Tuesday through Friday, as will our Daily Podcast, the latter with some longform interviews. Research Saturday will be up as usual this weekend and next. All publication returns to normal on January 2nd. Best wishes from all of us during this holiday season, and thank you for reading and listening.

How are you handling your cloud monitoring and security?

Cloud providers offer many security measures, but you’re ultimately responsible for securing your own data. While 53% of organizations are training their staff to manage cloud security, 30% of organizations plan to partner with an MSP. In our white paper, we discuss the considerations you need to make before choosing a solution.

In today's podcast we speak with our partners at Booz Allen Hamilton, as Chris Poulin talks about how the transition to self driving cars might be made, and about the problem with selling fear and uncertainty. Speaking of selling, and the fear, uncertainty, and doubt that so often frames it, we also chat with Gigamon's  Kim DeCarlis about marketing cyber security. 

Tomorrow, Research Saturday will feature a talk with PWC's Bart Parys on their study of KeyBoy malware.

Cyber Attacks, Threats, and Vulnerabilities

Cyberattack Targets Safety System at Saudi Aramco (Foreign Policy) One report points to Iran, but the evidence is far from conclusive.

Chinese hackers go after think tanks in wave of more surgical strikes (Ars Technica) When one NGO blocked intrusion, frustrated hackers tried to knock its website offline.

China's Economic Espionage via the Non-Attributable Hand (Security Boulevard) China's not backing off their targeting of companies for economic espionage as evidenced by use of state controlled actors as their proxies

Beijing Builds Its Influence in the American Media (Foreign Policy) How one of America's biggest Chinese-language newspapers amplifies China’s message.

Russia's Fancy Bear APT Group Gets More Dangerous (Dark Reading) Encryption and code refreshes to group's main attack tool have made it stealthier and harder to stop, ESET says.

Fancy Bear continue to operate through phishing emails and much more (WeLiveSecurity) The Sednit group, also known as Fancy Bear, continue to use phishing emails as their flagship backdoor main entry with a great deal of success.

"Give it a go and see what happens" - Russian secret services' approach to foreign cyber attacks (Computing) UK Intelligence and Security Committee report claims Russia is ostentatiously flexing its muscles online

Commentary: Making sense of North Korea’s hacking strategy (Reuters) Pyongyang is ramping up its cyber warfare. Just this week, a White House official blamed North Korea for the WannaCry attack that took down hospitals, banks and businesses in May and noted that Facebook and Microsoft recently took action against the infamous North Korean Lazarus hacker group. And that’s just the tip of the iceberg.

DPRK rejects U.S. accusation of being responsible for WannaCry cyber attack (Xinhua) The Democratic People's Republic of Korea (DPRK) Thursday rejected the U.S. accusation that it was responsible for the Wannacry ransomware attack upon global cyber space in May.

Security researchers not convinced North Korea behind ransomware attack (Salon) Trump officials say unequivocally that North Korea started this. Is this a WMD-esque ruse to start a war?

There have been almost 1 billion WannaCry infections, and they're still growing (Computing) If it hadn't been neutralised, the malware would have cost tens of billions of dollars, says Kryptos Logic

Report: Investigators Eye North Koreans for Exchange Hack (BankInfo Security) South Korean police investigating the hack of a cryptocurrency exchange are eyeing North Korean hackers as the likely culprits. North Korea has also been tied to

North Korea Accused of Hacking South Korean Bitcoin Exchange Youbit (Cointelegraph) Earlier this week, a major South Korean Bitcoin exchange Youbit suffered a large-scale security breach during which one-fifth of user funds were stolen.

VenusLocker Ransomware Gang Switches to Monero Mining (Bleeping Computer) The criminal group behind previous campaigns that have spread the VenusLocker ransomware have now switched their focus to delivering a Monero cryptocurrency miner instead

Crooks Switch from Ransomware to Cryptocurrency Mining (Threatpost) The group behind the VenusLocker ransomware have switched to cryptocurrency mining Monero.

Digmine Malware Spreading via Facebook Messenger (BleepingComputer) Users across several countries are being targeted in a campaign that delivers a new strain of malware named Digmine that installs a Monero cryptocurrency miner and a malicious Chrome extension which helps it propagate to new victims.

Digmine Cryptocurrency Miner Spreading via Facebook Messenger (TrendLabs Security Intelligence Blog) We found a new cryptocurrency-mining bot spreading through Facebook Messenger—Digmine, which we first observed spreading in South Korea.

New virus attacks Vietnamese facebookers (Vietnamnet) Facebook Messenger is reported to be under attack in recent days by a new virus.

I'm All Up in Your Blockchain, Pilfering Your Wallets (SANS Internet Storm Center) With the latest “gold rush” in cryptocurrency, many people are investing (or speculating, depending on your perspective) in Bitcoin and various other currencies.

Windows 10’s face authentication defeated with a picture (The Verge) Attack isn’t as easy as it sounds

Singapore Airlines Warns of New Phishing/Vishing Campaign (Infosecurity Magazine) Singapore Airlines Warns of New Phishing/Vishing Campaign. Fraudsters are even spoofing official airline phone numbers

Nissan Canada Data Breach: 1.1 Million Customers Notified (Infosecurity Magazine) Nissan Canada Data Breach: 1.1 Million Customers Notified. Carmaker’s finance arm is hit by unauthorized access

Threat Spotlight: Clever Cybercriminals Spoof Scanners by the Millions (Barracuda) Aside from the coffee maker and maybe the office water cooler, few devices receive the magnitude of use that the corporate printer is subjected to on a daily basis.

Google Removes Three Fake Bitcoin Wallet Apps From Google Play (eWEEK) Security firm Lookout discovers that three fake cryptocurrency wallets got into the Google Play store and were able to steal Bitcoin from users. How can users avoid the fraud and keep their Bitcoin where it belongs?

Experts Rail Against Internet Password Organizers (Infosecurity Magazine) Experts Rail Against Internet Password Organizers. Consumers urged to invest in online password managers rather than buy offline data stores

Security Patches, Mitigations, and Software Updates

Microsoft confirms stalled downloads, bogus errors in Win10 FCU update KB 4054517 (Computerworld) Microsoft just confirmed two major bugs in this month’s cumulative update for Win10 Fall Creators Update, KB 4054517 — which we described earlier this week. We also have confirmation of bugs in the November Excel 2016 patch and in this month’s Exchange Server patch.

Google fights fragmentation: New Android features to be forced on apps in 2018 (Ars Technica) New Play Store rules give developers one year to adopt any new Android changes.

Opera 50 to introduce anti-cryptojacking features with Opera 50 (Computing) Opera's anti-cryptojacking feature will be added to its ad-blocking technology

Facebook fights imposter accounts with facial recognition (Naked Security) Its facial recognition now finds photos even if you haven’t been tagged in them.

Cyber Trends

New Year’s resolutions for CISOs (CSO Online) Security leaders must move closer to the business, improve staff productivity and modernize security technology infrastructure.

CISO Holiday Miracle Wish List (Dark Reading) If CISOs could make a wish to solve a problem, these would be among the top choices.

The seven most colossal data breaches of 2017 (Security Boulevard) This year saw a handful of spectacularly bad security fails that resulted in massive sets of compromised data. Here are the most colossal data breaches of 2017. Categories: Cybercrime Hacking Tags: data breachesdata breaches of 2017EdmodoEquifaxUberVerizon (Read more...) The post The seven most colossal data breaches of 2017 appeared first on Malwarebytes Labs.

SafeBreach Examines Malware Success Rates ( A new report studying the success rates of malware attacks on enterprise suggests a failure among corporations to adequately protect their systems. New research from SafeBreach, released in its Hacker’s Playbook Findings Report, analyzed 3,400 data breach strategies and 11.5 million conducted simulations. According to the report, malware attacks successfully infiltrated enterprises’ systems most of […]

2018 Predictions: ICS Cybersecurity Goes Mainstream (Nozomi Networks) After a year that began with the fall-out from another Ukraine electric grid attack, saw the discovery of the first toolset since Stuxnet to target physical systems (CrashOverride/ Industroyer) and included significant harm from ransomware attacks (WannaCry, Petya/NotPetya), what’s in store for 2018?

Are Your Medical Records Safe? NO. - Security Boulevard (Security Boulevard) Radware’s Web Application Security Report finds security flaws in the healthcare industry What do healthcare institutions, insurance companies, hospitals, pharmaceuticals and manufacturers of medical equipment all have in common? If you guessed room for improvement when it comes to protecting applications, you’re correct. The data records these organizations keep are highly sensitive as they affect The post Are Your Medical Records Safe? NO. appeared first on Radware Blog.


Bitcoin and almost every other cryptocurrency crashed hard today (TechCrunch) Bitcoin has been on a tear this past with the value of the cryptocurrency jumping from $8,000 to nearly $20,000. Well that run hit an abrupt end today as the..

Bitcoin’s price plunges amid broad cryptocurrency sell-off (Ars Technica) Every major cryptocurrency suffered double-digit losses in the last 24 hours.

Thank Kim Jong Un for your crypto gains (TechCrunch) Because of heavy sanctions placed on the country for its nuclear weapons testing, North Korea has long run a series of “side businesses” like drug..

Businesses Go on Pre-Holiday Cloud Acquisition Spree (Dark Reading) VMware, McAfee, and Trend Micro announce a series of acquisitions that indicate a strong focus on cloud security.

Verint buys Next IT: An Early AI Acquisition (Forbes) Much is said about artificial intelligence (AI), but it is still in the early stages.

Are You Ready for DOD's New Mandate? (SIGNAL Magazine) A DOD mandate requires private sector companies to follow a set of cybersecurity best practices.

Corero's joy at record quarterly intake tempered by implementation delays at some customers (Proactiveinvestors UK) Corero Network Security PLC (LON:CNS) - The DDoS mitigation market fundamentals remain strong with a leading technology analyst forecasting double-digit growth and the market to grow to US$1.4bn in 2021

Tea company's shares rocket after adding the word "blockchain" to its name (Computing) Moribund tea maker sees shares leap almost 300 per cent purely by adding blockchain to its name

Eric Schmidt stepping down as Alphabet’s executive chairman to become a ‘technical advisor’ (TechCrunch) A little late in the day news dump for you, ahead of the upcoming holiday. Longtime Google executive Eric Schmidt announced today that he’ll be stepping..

Carbon Black Expands Marketing Leadership with New Senior Vice President (BusinessWire) Carbon Black, the leader in next-generation endpoint security, has named Cate Lochead Senior Vice President of Marketing as the company continues to b

Products, Services, and Solutions

NSS Labs Announces Industry’s First Data Center Security Gateway Group Test Results (GlobeNewswire News Room) Five Products Receive Recommended Rating for IPv4; Four Products Receive Recommended Rating for IPv6

Data Center Security Gateway (DCSG) – Convergence of DCFW and DCIPS (NSS Labs) The digital world has transformed modern business.

Cyber and Physical Security Come Together for First Time with Partnership between AppGuard and UFC Fighter and Green Beret Tim Kennedy’s Sheepdog Response (AppGuard) Through Partnership, Sheepdog will Offer its Physical Security Customers with Access to AppGuard Autonomous Endpoint Security, and AppGuard will provide its Customers with Access to Sheepdog’s Training

AristotleInsight® Announces Vulnerability Gateway GRC in Version 7.9 (PRNewswire) AristotleInsight® has introduced Vulnerability Gateway (VG) GRC in its...

Swimlane Augments Its Automated Security Platform With RSA Archer® Suite Interoperability (Business Insider) Swimlane, a leader in security automation and orchestration (SAO), announced today interoperability with the RSA Archer® Suite.

Radware Wins Another New Top Tier U.S. Carrier For Attack Mitigation (GlobeNewswire News Room) Radware® (NASDAQ:RDWR), a leading provider of cyber security and application delivery solutions, announced an over one million dollar deal with a top U.S. service provider.

VMware-Carbon Black Partnership Expected to Close Data Center Security Gaps (Data Center Knowledge) Short on security professionals, enterprises scream for more automation as attacks increase in number and scope.

Snowden's New App Turns Your Phone Into a Home Security System (WIRED) The NSA leaker's latest project aims to secure your computer—and you—from not just digital but physical attacks.

Technologies, Techniques, and Standards

Incident Response: Your Last Line of Cybersecurity Defence (Information Security Buzz) In 2018, no executive that reads the papers can be unaware of the cybersecurity risks facing their organisation. With the size and frequency of data breaches increasing, companies should be prepared to handle one when it happens. The best way to cope with a security incident is to hit the ground running. A well-structured, efficient …

Get the best botnet protection with the right array of tools (SearchSecurity) The best botnet protection comes from assembling the right array of security tools. Learn how to fight the botnet threat with a layered approach to IT security.

Brazil Organizes First Ibero-American Cyber Defense Exercise (Dialogo Americas) Service members from seven nations improve their electronic warfare techniques.

Design and Innovation

Five blockchain use cases (RCR Wireless News) The potential use cases of blockchain go beyond powering digital currency like bitcoin, including securing patient medical records and...

Blockchain and Quantum Computing (The National Law Review) 2018 promises great inroads in the realm of "quantum computing." While conventional computers use binary data or bits (i.e., 0s and 1s) to store and process information...

Encryption perspectives in a world of quantum computers (eeNews Europe) Potentially, in the connected world, all kind of devices that encrypt data to be sent, received and stored, could be affected by the decoding power of quantum computers. Although realistic threats against today’s encryption algorithms may be 10 to 15 years away, new encryption mechanisms should already be considered for devices with long lifecycles that are installed nowadays.

Siri can’t talk to me: The challenge of teaching language to voice assistants (Ars Technica) Getting voice assistants to speak Slovakian first means getting better AI learning.


Another Success in the U.S. for the Cyberbit Range: Elbit Systems of America and Metropolitan State University Announce New Cyber Training and Simulation Center (PRNewswire) Elbit Systems of America, LLC, announced that it will partner...

Legislation, Policy, and Regulation

Lithuania bans Kaspersky Lab software on sensitive computers (Reuters) Software from Moscow-based company Kaspersky Lab is a threat to Lithuanian national security and its products will be banned on sensitive computers, Lithuania's government said on Thursday. It is the latest setback for the software maker.

Minister for digital is confident about maintaining smooth UK-EU data transfers in a post-Brexit world (Computing) Matt Hancock urged MPs to support the Data Protection Bill

The Meaning of Sharp Power (Foreign Affairs) China's and Russia's attempts at influence are not examples of soft power—they represent "sharp power."

Why Russia's Leaders Still Honor the Soviet Secret Police (Op-ed) (Moscow Times) As a Russian criminal proverb has it, “confession is fit only for the priest and the fool”

The Facebook Team Helping Regimes That Fight Their Opposition (Bloomberg) Some of the unit’s clients stifle opposition and stoke extremism.

New US Security Strategy Is a Clear Bureaucratic Victory for the ‘Russia Skeptics.’ Has the President Read It? (Russia Matters) The new U.S. National Security Strategy, or NSS, unveiled by President Donald Trump on Dec. 18, seems to reject any possibility for rapprochement between Moscow and Washington. Given the positive statements made by Trump both as a candidate and then as chief executive about the possibility for finding common ground with Russia, the Kremlin was taken aback at the negative tone.

Trump first president to protect electric grid from EMP, cyberattacks (Washington Examiner) President Trump became the first national leader to call for protecting the U.S electric and communications grid against an electromagnetic...

US lawmakers seek temporary extension to internet spying program (CNBC) Republican leaders in the House are working to build support to temporarily extend the National Security Agency's expiring internet surveillance program.

Spotlight: South Korea witnesses 1st presidential by-election after Park's impeachment over scandal (Xinhua) South Korea held its first presidential by-election in May after President Park Geun-hye was impeached for the first time in the country's modern history over an influence-peddling scandal involving her long-time confidante.

Senators Introduce Bipartisan Bill to Secure Election Systems (Gizmodo) A long-awaited election security bill is finally rolling out today with bipartisan support.

Germany Blocks its Largest Telecom Company From Violating Net Neutrality (Motherboard) Regulators are protecting net neutrality after Telekom—which owns T-Mobile—began prioritizing content.

There’s no magic bullet for reversing the FCC’s net neutrality decision (TechCrunch) Huge numbers of people are upset at the FCC's decision to undo its own highly popular net neutrality rules. But the grand plans to undo this mischief being..

Apple's iPhone Throttling Will Reinvigorate the Push for Right to Repair Laws (Motherboard) More states are considering right to repair legislation that will make it easier to fix your electronics.

Litigation, Investigation, and Law Enforcement

‘Russian spy’ Stanislav Yezhov infiltrated Downing Street (times) A suspected Russian spy acted as interpreter between Theresa May and the Ukrainian prime minister when the two leaders discussed security issues in Downing Street this summer, it emerged yesterday.

Deep Pockets, Deep Cover: The UAE Is Paying Ex-CIA Officers to Build a Spy Empire in the Gulf (Foreign Policy) They hired Americans to professionalize their intelligence service. But how far can former U.S. spies go?

Ars Technica's Dan Goodin is being sued by Keeper Security over an article about a defect in its password manager (Boing Boing) Ars Technica's Dan Goodin is being sued by Keeper Security over an article about a defect in its password manager

Keeper CEO Offers Clarity (Keeper Blog) We have great admiration and respect for the InfoSec community, the press that covers this industry, and of course place the protection and security of our customers’ information as the top priority. We want to offer clarity regarding our recent lawsuit directed to the contents of the Ars Technica article, which has undergone revisions since …

Neil Lewis, officer behind Damian Green porn leaks, ‘liked’ anti‑Tory posts (Times) The retired police officer who leaked details about the pornography on Damian Green’s computer had “liked” anti-Tory posts on Facebook, The Times can reveal. Neil Lewis, 48, who assessed Mr Green’s...

FCC Fines Sinclair Broadcast Group $13.4 Million for Running Sponsored Content as News (Variety) The FCC is slapping Sinclair Broadcast Group with a $13.4 million fine for running news stories on a cancer foundation but failing to disclose that the foundation was paying for them to air.

FBI’s top lawyer said to be reassigned (Washington Post) James Baker had been caught up in a leak inquiry, but it is not expected to result in any charges.

Did President Obama Read the ‘Steele Dossier’ in the White House Last August? (Tablet Magazine) News of the News: Why the timeline of the scandalous report that fuels Russiagate matters

Hackers Used DC Police Surveillance System to Distribute Cerber Ransomware (BleepingComputer) A Romanian man and woman are accused of hacking into the outdoor surveillance system deployed by Washington DC police, which they used to distribute ransomware.

5 Romanian ransomware distributors arrested after police raid (Naked Security) Five suspects; two ransomware strains; victims identified in both Europe and the US – cops swoop!

Teen DDoS mastermind walks away from prison sentence (Computing) Stockport teenager who ran what was once the world's biggest DDoS network escapes jail,Security ,Cyber Crime,malware,DDoS,Jack William Chappell,vDOS

U.K. Man Avoids Jail Time in vDOS Case (KrebsOnSecurity) A U.K. man who pleaded guilty to launching more than 2,000 cyberattacks against some of the world’s largest companies has avoided jail time for his role in the attacks. The judge in the case reportedly was moved by pleas for leniency that cited the man’s youth at the time of the attacks and a diagnosis of autism.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

International Conference on Cyber Security: Forging Global Alliances for Cyber Resilience (New York, New York, USA, January 8 - 11, 2018) The Federal Bureau of Investigation and Fordham University will host the Seventh International Conference on Cyber Security (ICCS 2018) on January 8-11, 2018, in New York City. ICCS is held every eighteen...

2018 Leadership Conference (Arlington, Virginia, USA, January 17 - 19, 2018) We invite you to join us for this unique opportunity to share information, participate in leadership training, collaborate on solutions to common problems, and network with peers from around the globe.

CYBERTACOS (Arlington, Virginia, USA, January 24, 2018) CYBERTACOS is back and becoming one of the DC metro area’s biggest cybersecurity networking events! Register today and join us for networking, food and drinks. This event includes a 45-minute meet the...

Connected Medical Device & IOT Security Summit (Baltimore, Maryland, USA, January 25 - 26, 2018) The Summit will offer practical solutions to many of the daunting security challenges facing medical device and connected health technology companies, healthcare providers, payers and patients. The program...

CyberUSA (San Antonio, Texas, USA, January 29 - 30, 2018) The CyberUSA Conference will be held in San Antonio, TX at the Henry B. Gonzalez Convention Center on Tuesday, January 30, 2018. A welcome reception will be held on the evening of Monday, January 29, 2018.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.