Looking for an introduction to AI for security professionals?
Your wait is over. A new book is out from the Cylance data science team, covering artificial intelligence and machine learning techniques in practical situations to improve the security professional’s ability to thrive in a data driven world. Whether you are reviewing logs or analyzing malware, being able to derive meaningful results and improve productivity is key. Order your free copy today.
December 29, 2017.
By The CyberWire Staff
Huawei has patched its products against herding into the Satori botnet. Satori source code has been released, increasing the risk to unpatched systems.
South Korea, home to many cryptocurrency early adopters, is preparing to enact regulations to govern alt-coins. The Justice Ministry is also considering whether it should shutter cryptocurrency exchanges to rein in speculative excess.
Content monitoring seems a stressful job, and so far an irreducibly human one, as AI blinks at intensionality.
The East and North Hertfordshire National Health Service Trust lost an estimated £700,000 in the May 12 WannaCry incident. Investigators blame failure to take reasonable precautions for the damage, which "could have been prevented by the NHS following basic IT security." According to the state's Audit Office's 2017 report, New South Wales struggles with security basics, including these familiar shortfalls: lack of clear policy, failure to monitor privileged accounts, and spotty inventories of IT assets. This isn't casting stones. The point of noticing these assessments of the authorities in two regional governments is not that subnational agencies are stumblebums, but rather that the easy, obvious security measures are surprisingly difficult to implement effectively.
2017 ends with two historical metaphors headlining in the theaters of Western (especially US) cyber imaginations. There's the enduring fear of a cyber Pearl Harbor (with Fancy Bear in the role of Kidō Butai), and there's the newer worry that the West faces an artificial-intelligence Sputnik moment (and China's Central Commission for Integrated Military and Civilian Development is cast as the Chief Designer).
Today's issue includes events affecting Australia, China, Iran, Japan, Democratic Peoples Republic of Korea, Republic of Korea, Russia, Saudi Arabia, Ukraine, United Kingdom, United States.
A note on our holiday calendar: We won't be publishing the Week that Was on New Year's Eve, and both the CyberWire Daily News Briefing and Daily Podcast will also take their regular US holiday break on New Year's Day. Our Daily Podcast will be out as usual later today, with a longform interview. Research Saturday will be available on on schedule tomorrow. All publication returns to normal on January 2nd. Best wishes from all of us on the New Year, and thank you for reading and listening throughout 2017. See you next year, next week.
In today's podcast we talk at length with Gerald Hahn, CEO of Softshell AG, who shares his perspective on Germany's market for cybersecurity products.
In tomorrow's Research Saturday, we talk with Symantec's Alan Neville about Sowbug, the new cyber espionage group they've discovered operating with dismaying effect around the world, and particularly in Latin America and Asia.
Three More WordPress Plugins Found Hiding a Backdoor(BleepingComputer) The massive size of the WordPress plugins ecosystem is starting to show signs of rot, as yet another incident has been reported involving the sale of old abandoned plugins to new authors who immediately proceed to add a backdoor to the original code.
DHS: 18 of 33 First Responder Apps Affected by Security Flaws(BleepingComputer) A Department of Homeland Security (DHS) pilot program uncovered several privacy and security-related issues in Android and iOS applications used by first responders on the scene of natural disasters and other emergency situations.
Russian Antivirus Tech Bad News for Everyone(Newsmax) Business and government should be proactive about selecting a solution against the ever-more sophisticated attacks. By staying current on cybersecurity trends and exploring the kind of military-grade encryption now available to the general public, we can avail ourselves of virtual bodyguards.
NSW agencies struggle with security basics(ZDNet) Lack of privileged account monitoring, incomplete inventories of IT assets, and lack of a consistent cyber definitions leave NSW government agencies in the lurch.
Report on Internal Controls and Governance 2017(New South Wales Auditor-General) Effective internal controls and governance systems help agencies to operate efficiently and effectively and comply with relevant laws, standards and policies. We assessed how well agencies are implementing these systems, and highlighted opportunities for improvement.
4 Years After Target, the Little Guy is the Target(KrebsOnSecurity) Dec. 18 marked the fourth anniversary of this site breaking the news about a breach at Target involving some 40 million customer credit and debit cards. It has been fascinating in the years since that epic intrusion to see how organized cyber thieves have shifted from targeting big box retailers to hacking a broad swath of small to mid-sized merchants.
Autonomy Warfare - Inside Unmanned Systems(Inside Unmanned Systems) This new type of warfare is producing new types of superpowers. Just having nuclear weapons doesn’t get you into the new superpower club. ... - Inside Unmanned Systems News Magazine
Security forecast: hot, with a possibility of severe storms(SiliconANGLE) It was another year of frustration for enterprise security organizations as attackers continued to penetrate high-profile organizations and steal massive amounts of personal information, headlined by the 143 million records pilfered in the Equifax Inc. breach.
2 Ways To Play The Cyber Security Theme(Seeking Alpha) As more and more industries (auto, financials, industrial) deploy cloud and IoT solutions in new products and services, the associated cyber risk also increases
With Tech M&A Seen Rebounding, Here Are Companies, Sectors To Watch(Investor's Business Daily) Telecom companies dashed the hopes of investors betting on a frenzy of mergers and acquisitions last year, but Broadcom's pursuit of Qualcomm and Walt Disney's deal with 21st Century Fox have primed the pump for 2018 M&A in semiconductors and media. Wall Street analysts say 2018 is shaping up a bigger year for mergers and acquisitions, amid slower activity since the 2015 boom.
Top 6 antivirus with data recovery for 2018(Windows Report - Windows 10 and Microsoft News, How-to Tips) Data is one of the top priorities for any business in today’s digital age. When you lose your data either because of a hard drive …
Technologies, Techniques, and Standards
Campaign Planning with Cyber Operations(Georgetown Journal of International Affairs) The military not only plans for operations, it also plans to plan. Yet there is no current plan or process in place to integrate cyber initiatives into campaign planning. The US government must determine how to integrate offensive and defensive cybercapabilities into campaign planning in order to leverage these capabilities and pair them with the military’s broad array of tools.
South Korea Considers Shuttering Bitcoin Exchanges(Wall Street Journal) Investor frenzy has worried the country’s authorities, who are concerned about growing speculation—and the risk investors could lose money from sharp price declines or from cyber attacks on digital currency exchanges.
2018 Leadership Conference(Arlington, Virginia, USA, January 17 - 19, 2018) We invite you to join us for this unique opportunity to share information, participate in leadership training, collaborate on solutions to common problems, and network with peers from around the globe.
CYBERTACOS(Arlington, Virginia, USA, January 24, 2018) CYBERTACOS is back and becoming one of the DC metro area’s biggest cybersecurity networking events! Register today and join us for networking, food and drinks. This event includes a 45-minute meet the...
Connected Medical Device & IOT Security Summit(Baltimore, Maryland, USA, January 25 - 26, 2018) The Summit will offer practical solutions to many of the daunting security challenges facing medical device and connected health technology companies, healthcare providers, payers and patients. The program...
CyberUSA(San Antonio, Texas, USA, January 29 - 30, 2018) The CyberUSA Conference will be held in San Antonio, TX at the Henry B. Gonzalez Convention Center on Tuesday, January 30, 2018. A welcome reception will be held on the evening of Monday, January 29, 2018.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.