Looking for an introduction to AI for security professionals?
Your wait is over. A new book is out from the Cylance data science team, covering artificial intelligence and machine learning techniques in practical situations to improve the security professional’s ability to thrive in a data driven world. Whether you are reviewing logs or analyzing malware, being able to derive meaningful results and improve productivity is key. Order your free copy today.
December 27, 2017.
By The CyberWire Staff
North Korea's ambassador to the United Nations renews calls for the US to lay out the evidence that WannaCry was a DPRK campaign.
In the US, the FBI's fingerprint analysis software was supplied by a then-subsidiary of France's Safran Group in 2011 (so far so good). But ex-Safran whistleblowers allege the company purchased some of the code it used from Russia's Papillon Systems, a security company boasting FSB ties (which seems less good). The FBI says it checks all its software for problems, suggesting it found none here.
Vietnam has announced formation of a 10,000-strong cyber operations unit. A senior general's remarks about the unit indicate that it will be heavily involved in information operations (combatting "wrong views").
Russian information operations continue to exercise US policy mavens. A joint op-ed by former senior CIA official Michael Morell and former Representative Mike Rogers, ex-Chair of the House Intelligence Committee, says US diplomatic efforts during the last Administration did little to restrain Moscow's influence operations, and they call for development of a credible deterrent.
Recent law enforcement operations again suggest that controlling objectionable content is difficult. Ukrainian police are taking down a disturbingly large number of social media accounts devoted to encouraging the troubled and lonely to commit suicide. Journalists in the UK, notably at the Times, report the use of YouTube videos of child abuse as a gateway to trading such material. Other reports from the UK complain of unrestrained depravity in the comments added to videos underage YouTubers themselves post.
Janus Android App Signature Bypass Allows Attackers to Modify Legitimate Apps(TrendLabs Security Intelligence Blog) Android’s regular security update for December 2017 included a fix for a serious vulnerability that could allow attackers to modify installed apps without affecting their signature. This would allow an attacker to gain access to the affected device (indirectly). First found by researchers in July, this vulnerability (designated as CVE-2017-13156, and also called the Janus vulnerability) affects versions of Android from 5.1.1 to 8.0; approximately 74% of all Android devices have these versions installed.
Kerala Bank Hit By Ransomware Cyber Attack(NDTV.com) The main server and a computer of the Mercantile Cooperative bank in Thiruvananthapuram was today affected in a 'ransomware' cyber attack, suspected to have originated from outside the country, the police said.
TasRail reveals it was the subject of a cyber attack(Mercury) The state’s peak IT body is warning Tasmanian businesses not to be complacent about cyber security following TasRail’s admission that it was the subject of an ransomware attack that breached its defences.
Skyrocketing Bitcoin Fees Hit Carders in Wallet(KrebsOnSecurity) Critics of unregulated virtual currencies like Bitcoin have long argued that the core utility of these payment systems lies in facilitating illicit commerce, such as buying drugs or stolen credit cards and identities. But recent spikes in the price of Bitcoin — and the fees associated with moving funds into and out of it — have conspired to make Bitcoin a less useful and desirable payment method for many crooks engaged in these activities.
The Need for Better Built-in Security in IoT Devices(TrendLabs Security Intelligence Blog) As manufacturers develop Internet of Things (IoT) devices that integrate with widely popular internet-based applications, more and more users see the value in purchasing such devices.
The healthcare sector is one of the most vulnerable to cyberattacks(Tech Wire Asia) Healthcare isn't necessarily a sector that you might closely associate with hacking and malware, but as more hospitals, medical practitioners and administrators begin adopting digital technology into their systems it's becoming more crucial than ever that this industry adopts robust security measures.
As efficiency falters, AI a tool in cyberwar(Bangkok Post) Software inefficiencies play a major role in slowing an organisation's ability to detect and respond to cyberthreats, says security intelligence company LogRhythm.
Weaponization of the cyberspace: Imperatives for national digital defence(Vanguard News) With focus on the forth industrial revolution, Chris Uwaje, the Director General DSIHUB Africa, Chair IEEE-IoT Summit, Past-President Institute of Software Practitioners of Nigeria (ISPON) and Country Convener IPv6 Council Nigeria, at the 4th Nigeria Mobile Economic Summit & EXPO 2017 with the theme: The Mobile Economy Impact in Nigeria, Policy Innovation and Investment Benefits and Content, explored the Nigerian ICT landscape and examined the digital security challenges in cyberspace.
NAIC Adopts Model Law on Cybersecurity: Will States Adopt It?(The Legal Intelligencer) On Oct. 24 the National Association of Insurance Commissioners (NAIC) formally approved the Insurance Data Security Model Law (model law). The NAIC is a standard setting and regulatory support organization consisting of the top insurance regulators from the 50 states District of Columbia and five U.S. territories. T
Morrison Cohen, Stepping in for PlexCoin, Takes Swipe at SEC(New York Law Journal) Lawyers at Morrison Cohen have stepped in to defend the alleged fraudsters behind the PlexCoin initial coin offering and argue in a letter to a Brooklyn federal judge that the SEC has vastly overstepped its authority.
2018 Leadership Conference(Arlington, Virginia, USA, January 17 - 19, 2018) We invite you to join us for this unique opportunity to share information, participate in leadership training, collaborate on solutions to common problems, and network with peers from around the globe.
CYBERTACOS(Arlington, Virginia, USA, January 24, 2018) CYBERTACOS is back and becoming one of the DC metro area’s biggest cybersecurity networking events! Register today and join us for networking, food and drinks. This event includes a 45-minute meet the...
Connected Medical Device & IOT Security Summit(Baltimore, Maryland, USA, January 25 - 26, 2018) The Summit will offer practical solutions to many of the daunting security challenges facing medical device and connected health technology companies, healthcare providers, payers and patients. The program...
CyberUSA(San Antonio, Texas, USA, January 29 - 30, 2018) The CyberUSA Conference will be held in San Antonio, TX at the Henry B. Gonzalez Convention Center on Tuesday, January 30, 2018. A welcome reception will be held on the evening of Monday, January 29, 2018.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.