skip navigation

More signal. Less noise.

Looking for an introduction to AI for security professionals?

Your wait is over. A new book is out from the Cylance data science team, covering artificial intelligence and machine learning techniques in practical situations to improve the security professional’s ability to thrive in a data driven world. Whether you are reviewing logs or analyzing malware, being able to derive meaningful results and improve productivity is key. Order your free copy today.

Daily briefing.

Huawei has patched its products against herding into the Satori botnet. Satori source code has been released, increasing the risk to unpatched systems.

South Korea, home to many cryptocurrency early adopters, is preparing to enact regulations to govern alt-coins. The Justice Ministry is also considering whether it should shutter cryptocurrency exchanges to rein in speculative excess.

Content monitoring seems a stressful job, and so far an irreducibly human one, as AI blinks at intensionality.

The East and North Hertfordshire National Health Service Trust lost an estimated £700,000 in the May 12 WannaCry incident. Investigators blame failure to take reasonable precautions for the damage, which "could have been prevented by the NHS following basic IT security." According to the state's Audit Office's 2017 report, New South Wales struggles with security basics, including these familiar shortfalls: lack of clear policy, failure to monitor privileged accounts, and spotty inventories of IT assets. This isn't casting stones. The point of noticing these assessments of the authorities in two regional governments is not that subnational agencies are stumblebums, but rather that the easy, obvious security measures are surprisingly difficult to implement effectively.

2017 ends with two historical metaphors headlining in the theaters of Western (especially US) cyber imaginations. There's the enduring fear of a cyber Pearl Harbor (with Fancy Bear in the role of Kidō Butai), and there's the newer worry that the West faces an artificial-intelligence Sputnik moment (and China's Central Commission for Integrated Military and Civilian Development is cast as the Chief Designer).


Today's issue includes events affecting Australia, China, Iran, Japan, Democratic Peoples Republic of Korea, Republic of Korea, Russia, Saudi Arabia, Ukraine, United Kingdom, United States.

A note on our holiday calendar: We won't be publishing the Week that Was on New Year's Eve, and both the CyberWire Daily News Briefing and Daily Podcast will also take their regular US holiday break on New Year's Day. Our Daily Podcast will be out as usual later today, with a longform interview. Research Saturday will be available on on schedule tomorrow. All publication returns to normal on January 2nd. Best wishes from all of us on the New Year, and thank you for reading and listening throughout 2017. See you next year, next week.

How are companies actually using machine learning for threat intelligence?

Artificial intelligence, and in particular machine learning, has seen huge strides in recent years and is now impacting all aspects of society and business. Learn the four ways machine learning is powering smarter threat intelligence with Recorded Future's latest white paper. Download your copy now.

In today's podcast we talk at length with Gerald Hahn, CEO of Softshell AG, who shares his perspective on Germany's market for cybersecurity products.

In tomorrow's Research Saturday, we talk with Symantec's  Alan Neville about Sowbug, the new cyber espionage group they've discovered operating with dismaying effect around the world, and particularly in Latin America and Asia.

Cyber Attacks, Threats, and Vulnerabilities

Code Used in Zero Day Huawei Router Attack Made Public (Threatpost) Researchers warn of copycat type attacks as exploit code used in Mirai variant goes public.

Hacker Exploits Huawei Zero-Day Flaw to Build Mirai Botnet (GovInfo Security) Internet of things security alert: An attacker has been attempting to infect hundreds of thousands of Huawei home routers with a variant of the notorious Mirai

Magento Sites Hacked via Helpdesk Widget (BleepingComputer) Hackers are actively targeting Magento sites running a popular helpdesk extension, Dutch security researcher Willem de Groot has discovered.

Three More WordPress Plugins Found Hiding a Backdoor (BleepingComputer) The massive size of the WordPress plugins ecosystem is starting to show signs of rot, as yet another incident has been reported involving the sale of old abandoned plugins to new authors who immediately proceed to add a backdoor to the original code.

DHS: 18 of 33 First Responder Apps Affected by Security Flaws (BleepingComputer) A Department of Homeland Security (DHS) pilot program uncovered several privacy and security-related issues in Android and iOS applications used by first responders on the scene of natural disasters and other emergency situations.

Sound Waves can Help Hackers Disrupt Functions of Hard Disk Drives (HackRead) Now, hackers do not require physical access to destroy your system, researchers have discovered that sound waves can help attackers disrupt functions of hard disk drives.

EA servers down; Battlefield 1, Battlefront 2, Star Wars & FIFA 18 Affected (HackRead) You are not alone, EA servers are down for many.

Cryptojacking Has Gotten Out of Control (WIRED) The practice of using a website visitor's device to mine cryptocurrency has expanded—and evolved—at an alarming rate.

Triton: A malware that may very well be the new Stuxnet (Techgenix) Seven years after being hit by Stuxnet, parts of the Middle East are under attack from another piece of dangerous malware. Here’s what you need to know about Triton.

'Whoever controls cyberspace will control the world': Russian hackers waging cyber war on Ukraine 'training' for Western targets (The Telegraph) Ten minutes before the 2pm news broadcast on June 27, Vitaly Kovach, the editor of Ukraine's channel 24, stood up and told his staff to immediately unplug their network cables.

Russian Antivirus Tech Bad News for Everyone (Newsmax) Business and government should be proactive about selecting a solution against the ever-more sophisticated attacks. By staying current on cybersecurity trends and exploring the kind of military-grade encryption now available to the general public, we can avail ourselves of virtual bodyguards.

The KGB Playbook for Infiltrating the Middle East (The Daily Beast) In 1988, the Soviet intelligence service, the KGB, looked at its mistakes in the Middle East, where the CIA often had the upper hand. Putin has worked to change that.

Opinion | We have to understand: It’s Russia vs. everybody (Washington Post) I hope journalists across the nation and every member of Congress will read the Dec. 26 front-page article “Kremlin’s trolls beset Web as U.S. dithered” and Michael Morell and Mike Rogers’s Dec. 2...

WannaCry cyber attack lost the East and North Herts NHS Trust £700,000 (Welwyn Hatfield Times) The global cyber attack earlier this year which crippled the NHS cost the East and North Herts NHS Trust £700,000, with a national investigation concluding that the attack “could have been prevented by the NHS following basic IT security”.

NSW agencies struggle with security basics (ZDNet) Lack of privileged account monitoring, incomplete inventories of IT assets, and lack of a consistent cyber definitions leave NSW government agencies in the lurch.

Report on Internal Controls and Governance 2017 (New South Wales Auditor-General) Effective internal controls and governance systems help agencies to operate efficiently and effectively and comply with relevant laws, standards and policies. We assessed how well agencies are implementing these systems, and highlighted opportunities for improvement.

Russian space agency denies programming error bungled rocket launch (TechCrunch) A failed rocket launch from Russia's new spaceport at Vostochny last month was not in fact caused by an elementary programming error, as recent reports have..

How to stop hackers from rickrolling your smart speaker (Popular Science) Resolve to be smarter about network security in 2018.

4 Years After Target, the Little Guy is the Target (KrebsOnSecurity) Dec. 18 marked the fourth anniversary of this site breaking the news about a breach at Target involving some 40 million customer credit and debit cards. It has been fascinating in the years since that epic intrusion to see how organized cyber thieves have shifted from targeting big box retailers to hacking a broad swath of small to mid-sized merchants.

Cyber Trends

Autonomy Warfare - Inside Unmanned Systems (Inside Unmanned Systems) This new type of warfare is producing new types of superpowers. Just having nuclear weapons doesn’t get you into the new superpower club. ... - Inside Unmanned Systems News Magazine

Big Idea of 2017: The Internet Is Making Us Vulnerable (NOVA Next) From social media troubles to leaks and hacks, 2017 was a rough year for the internet.

Security trends 2018: biometric hacking, state-sponsored attacks, daring cyber heists (ComputerworldUK) What does 2018 have in store for cyber security, and could it possibly be worse than this year?

Security forecast: hot, with a possibility of severe storms (SiliconANGLE) It was another year of frustration for enterprise security organizations as attackers continued to penetrate high-profile organizations and steal massive amounts of personal information, headlined by the 143 million records pilfered in the Equifax Inc. breach.


2 Ways To Play The Cyber Security Theme (Seeking Alpha) As more and more industries (auto, financials, industrial) deploy cloud and IoT solutions in new products and services, the associated cyber risk also increases

These LA Startups Are What Stand Between Hackers and Your Medical Devices ( Some of the most important cybersecurity work is happening in nondescript offices across the nation.

The Brocade Sale Concludes a Year-Long Shopping Frenzy (SDxCentral) Broadcom announced in November 2016 it was purchasing Brocade, thus beginning a year-long process of divesting Brocade assets.

With Tech M&A Seen Rebounding, Here Are Companies, Sectors To Watch (Investor's Business Daily) Telecom companies dashed the hopes of investors betting on a frenzy of mergers and acquisitions last year, but Broadcom's pursuit of Qualcomm and Walt Disney's deal with 21st Century Fox have primed the pump for 2018 M&A in semiconductors and media. Wall Street analysts say 2018 is shaping up a bigger year for mergers and acquisitions, amid slower activity since the 2015 boom.

AWS showed no signs of slowing down in 2017 (TechCrunch) AWS had a successful year by any measure. The company continued to behave like a startup with the kind of energy and momentum to invest in new areas not..

Britain’s spy agency can’t stop losing cyber talent to major tech companies (TechCrunch) The NSA isn't the only secretive national intelligence agency having trouble keeping its tech-savvy recruits. In a new document from the Intelligence and..

Army charts 30-day acquisition process for new cyber capabilities ( Army plans to assemble a vendor consortium with the goal of conducting 6-24 cyber prototyping projects a year, each within 30 days.

Products, Services, and Solutions

IObit Addresses Ransomware Epidemic in Advanced SystemCare Ultimate 11 (eSecurity Planet) The company's endpoint protection and PC optimization software suite now protects users from ransomware.

Top 6 antivirus with data recovery for 2018 (Windows Report - Windows 10 and Microsoft News, How-to Tips) Data is one of the top priorities for any business in today’s digital age. When you lose your data either because of a hard drive …

Technologies, Techniques, and Standards

Campaign Planning with Cyber Operations (Georgetown Journal of International Affairs) The military not only plans for operations, it also plans to plan. Yet there is no current plan or process in place to integrate cyber initiatives into campaign planning. The US government must determine how to integrate offensive and defensive cybercapabilities into campaign planning in order to leverage these capabilities and pair them with the military’s broad array of tools.

Failed Incident Responses from 2017 Provide Important Case Studies (Infosecurity Magazine) How 2017 will provide instructors are armed with new, relevant material that can provide excellent case studies on how not to respond to an incident.

Forcepoint's Carl Leonard on IoT and its implementation in the business world (Business Chief) Carl Leonard, Principal Security Analyst at Forcepoint, talks about the Internet of Things and its implementation in the workplace.

Please Do Not Feed the Phish (ThreatConnect) How to avoid and detect phishing attacks early on

Opinion | Confessions of a Digital Nazi Hunter (New York Times) In the wake of Trump’s victory, I built a bot to expose bigots. Then Twitter suspended it — and kept the bigots.

The 'worst job' in Silicon Valley is also a low-paying one with little job security (Business Insider) Working for Facebook, Google, Microsoft can be a dream job. But it's the stuff of nightmares for the people paid to view violent and depraved images all day.

Is “Big Data” racist? Why policing by data isn’t necessarily objective (Ars Technica) "Concerns with predictive big data technologies appear in most big data policing models."

Making A Shift To Human-Centric Security (CXO) It is impossible to overstate the importance of information security, privacy and risk management in organizations.

The Most Important Part of Least Privilege Tactics (Infosecurity Magazine) If a cyber-criminal gets their hands on an employee’s limited login credentials, their ability to do any damage is greatly reduced.

Holiday Fun #2: Relove some old software… (Naked Security) Why look to the past when you can look to the future? Because, with a half-decent digital archive, you can!

Design and Innovation

Still living under the tyranny of the password in 2017 (TechCrunch) When I lost access to my Google account recently, it left a gaping hole in my digital life and showed me just how tenuous the link to our online world can be...

Microsoft Campaign to Make Passwords Obsolete Starts at Headquarters (eWEEK) The software giant is using biometrics and the FIDO Alliance's tough new authentication standards to wean the industry off troublesome passwords.

When AI goes rogue: Moral debates could kill the hype (SiliconANGLE) Venture capitalists lavished $10.8 billion on artificial intelligence and machine learning technology companies in 2017, according to PitchBook Data Inc.

Research and Development

China Unveils Cybersecurity Innovation Center (Defense World) China on Tuesday unveiled a Cybersecurity Innovation Center (CIC) to develop cyber defense systems ‘to help win future cyber wars.'

Japan Plans to Use Quantum Cryptography to Secure Private Communications (Interesting Engineering) The Japanese government have requested a budget to develop a space-based quantum cryptography system that they hope will be in operation by 2027.

Legislation, Policy, and Regulation

Crypto prices suffer as Korean government announces new regs, potential ban (TechCrunch) The South Korean government announced new legislation today that would put increasingly tough regulations on the country’s burgeoning cryptocurrency..

South Korea Considers Shuttering Bitcoin Exchanges (Wall Street Journal) Investor frenzy has worried the country’s authorities, who are concerned about growing speculation—and the risk investors could lose money from sharp price declines or from cyber attacks on digital currency exchanges.

Is The NCSC Doing Enough to Protect us from Today’s Cyber Threats? (Infosecurity Magazine) How successful has the NCSC been to date? What else can be done to safeguard the UK against a relentless cybersecurity onslaught?

Litigation, Investigation, and Law Enforcement

Russian hacker claims he can prove he hacked DNC (TheHill) Jailed hacker says Russian intelligence ordered him to hack into DNC networks in written interview.

Kaspersky Lab sues Trump administration over software ban: 4 things to know (Becker's Hospital Review) Kaspersky Lab, a Moscow-based cybersecurity company, filed a lawsuit against the Trump administration in the U.S. District Court for the District of Columbia Dec. 18 over the decision to ban Kaspersky Lab's software at government agencies, NPR reports.

FCC tries to make Miami pirate radio station walk the plank (Ars Technica) $144,000 fine for ignoring all requests to stop.

New Jersey State Police spent $850,000 on Harris Corp. stingray devices (SC Media US) Information obtained via right-to-know request revealed The New Jersey State Police spent at least $850,000 on stingray devices from Harris Corp.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Women in Data Protection, Securing Medical Devices and Health Records (Washington, DC, USA, February 9, 2018) Join some of the top cyber and privacy professionals as they talk about the landscape of the medical device and electronic health records market. They will also talk about the dangers to patients' health...

Upcoming Events

International Conference on Cyber Security: Forging Global Alliances for Cyber Resilience (New York, New York, USA, January 8 - 11, 2018) The Federal Bureau of Investigation and Fordham University will host the Seventh International Conference on Cyber Security (ICCS 2018) on January 8-11, 2018, in New York City. ICCS is held every eighteen...

2018 Leadership Conference (Arlington, Virginia, USA, January 17 - 19, 2018) We invite you to join us for this unique opportunity to share information, participate in leadership training, collaborate on solutions to common problems, and network with peers from around the globe.

CYBERTACOS (Arlington, Virginia, USA, January 24, 2018) CYBERTACOS is back and becoming one of the DC metro area’s biggest cybersecurity networking events! Register today and join us for networking, food and drinks. This event includes a 45-minute meet the...

Connected Medical Device & IOT Security Summit (Baltimore, Maryland, USA, January 25 - 26, 2018) The Summit will offer practical solutions to many of the daunting security challenges facing medical device and connected health technology companies, healthcare providers, payers and patients. The program...

CyberUSA (San Antonio, Texas, USA, January 29 - 30, 2018) The CyberUSA Conference will be held in San Antonio, TX at the Henry B. Gonzalez Convention Center on Tuesday, January 30, 2018. A welcome reception will be held on the evening of Monday, January 29, 2018.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.