skip navigation

More signal. Less noise.

Daily briefing.

Ukrainian officials confirm that December's power outages were caused by a cyberattack.

The Ukrainian government, Politico also reports, is quietly trying to mend fences with the incoming US Administration after evidently having conducted some quiet, minor influence operations of its own on behalf of the President-elect's opponent. In any case, observers are busy telling as surprising many unsurprising stories of influence operations over the years. President-elect Trump has also said he now thinks the Russians hacked the DNC.

The strange arrest of two Italian citizens—a brother and sister—for hacking high-profile Italian figures (and at least one high-profile Cardinal in the Vatican) draws attention to EyePyramid malware. Trend Micro describes this as a data exfiltration package delivered as a malicious email attachment. In this case EyePyramid was used to siphon more than 87 gigabytes of data, "including usernames, passwords, browsing data, and filesystem content." The hackers' motives are unclear: they appear political, but Italian police think they were financial.

Hamas is using catphish as honeytraps to install spyware on Israeli soldiers' smartphones. The IDF thinks the damage minimal, but with the troops one never knows—one thing does lead to another, sir.

Criminals are turning to botnets for increasingly creative schemes.

The peace sign hack may be joining the Gummibear hack as a way stealing fingerprints for biometric registration, according to Japan's National Institute for Informatics. It's a lot quicker and a lot less sticky.

In industry news, Arxan buys Apperian; Infocyte wins $3.4 million in Series A funding.


Today's issue includes events affecting Brazil, China, European Union, France, Germany, Holy See, Israel, Italy, Philippines, Russia, South Africa, Thailand, Ukraine, United Arab Emirates, United Kingdom, United States.

A note to our readers: this coming Monday, January 16th, is observed in the US as Martin Luther King Jr. Day, and we'll be observing it here as well, taking a day off from publication. We'll be back as usual on Tuesday, January 17th.

In today's CyberWire podcast we hear from our partners at Ben-Gurion University of the Negev, as Yisroel Mirsky talks about databases of exploits and vulnerabilities.

If you've been enjoying the podcasts, please consider giving us an iTunes review.

A special edition of our Podcast is also available. It covers buying cyber security. Every day there seems to be a new security product on the market, with many of them claiming to provide something that you simply can’t live without. Companies appear and disappear, and businesses are faced with difficult, confusing, and often expensive choices. In this CyberWire special edition, we explore how businesses are navigating the process of choosing products and technologies in a crowded marketplace. We talk to some key stakeholders to find out what drives their purchasing decisions, and what they wished their vendors knew before they came knocking on their doors.

Cyber Security Lunch & Learn (Norfolk, VA, USA, February 2, 2017) Learn how to build a better security incident response program in 2017 from a SANS instructor and enterprise CISO! Earn CPE Credits.

Cyber Attacks, Threats, and Vulnerabilities

Ukraine power cut 'was cyber-attack' (BBC) A power cut that hit part of the Ukrainian capital, Kiev, in December has been judged a cyber-attack by researchers investigating the incident

Ukraine Power Outage Confirmed as Cyber Attack (Infosecurity Magazine) Ukrainian investigators have confirmed that last month’s power outage in the country was the result of a cyberattack by the same group that struck in December 2015, claiming they may be practising for major attacks elsewhere

Ukrainian efforts to sabotage Trump backfire (Politico) Kiev officials are scrambling to make amends with the president-elect after quietly working to boost Clinton

How Cyber Propaganda Influenced Politics in 2016 (TrendLabs Security Intelligence Blog) Throughout history, politically motivated threat actors have been interested in changing the public opinion to reach their goals. In recent years the popularity of the Internet gave these threat actors new tools. Not only do they make use of social media to spin the news, spread rumors and fake news, but they also actively hack into political organizations

Lighting the Path: the Evolution of the Islamic State Media Enterprise (2003-2016) (International Center for Counter-Terrorism) The media products of the revolutionary movement known as the Islamic State (also ISIL, ISIS, Daesh) have received a significant amount of attention from analysts and journalists alike

Russia, China -- and the US -- are biggest geopolitical cybersecurity threats (CSO) Russia and China have the more advanced cyber capabilities, but the US and its allies also pose global security concerns

This Is How Russian Spies Could 'Crack' Telegram (Motherboard) A 35-page leaked report on President-elect Donald Trump makes a series of explosive—and mostly unverified—claims, including the fact that the Russian government can blackmail the former reality TV-star with compromising and embarrassing information

ShadowBrokers Selling Windows Exploits, Attack Tools (Threatpost) The latest Shadowbrokers dump of alleged NSA tools—a cache of Windows exploits—surfaced over the weekend. And for the first time since these unannounced releases started last summer, analysts don’t have the luxury of a free set of files to dig in to

Hacker siblings arrested for targeting Italian elite – infecting 20k emails (HackRead) The duo also targeted former Italian Prime Minister Matteo Renzi

The Eye of the Storm: A Look at EyePyramid, the Malware Supposedly Used in High-Profile Hacks in Italy (TrendLabs Security Intelligence Blog) Two Italian citizens were arrested last Tuesday by Italian authorities (in cooperation with the FBI) for exfiltrating sensitive data from high-profile Italian targets. Private and public Italian citizens, including those holding key positions in the state, were the subject of a spear-phishing campaign that reportedly served a malware, codenamed EyePyramid, as a malicious attachment. This malware was used to successfully exfiltrate over 87 gigabytes worth of data including usernames, passwords, browsing data, and filesystem content

Honeytraps used to infect Israeli soldiers' smartphones with spyware (Graham Cluley) Attention!

Anonymous hacks Thai Gov’t job portal; leaks a trove of data (HackRead) The cyber attack is part of Operation OpSingleGateway

Brazilian Gov’t Twitter account mistakenly posts social media passwords (HackRead) These passwords were published in a Google Drive link along with a Tweet

Peace Sign Pics Could Give Hackers Your Fingerprints (Infosecurity Magazine) Researchers at Japan’s National Institute of Informatics have claimed they can accurately copy fingerprints from digital photographs, raising fears that the security of biometric authentication systems could be undermined

Alice: A Lightweight, Compact, No-Nonsense ATM Malware (TrendLabs Security Intelligence Blog) Trend Micro has discovered a new family of ATM malware called Alice, which is the most stripped down ATM malware family we have ever encountered. Unlike other ATM malware families, Alice cannot be controlled via the numeric pad of ATMs; neither does it have information stealing features. It is meant solely to empty the safe of ATMs. We detect this new malware family as BKDR_ALICE.A

Hack Exposes Reams of Private Jabber Chats (Motherboard) Often when a website or service is hacked, it's only usernames or passwords that are exposed. But in one case, hackers made off with months worth of private messages between users of an instant messaging service

Two Aggresive Campaigns Detected Pushing Google Ads to Unsuspecting Users (Bleeping Computer) Over the past weeks, security researchers from Sucuri and Malwarebytes have discovered two campaigns that abuse hacked and fake websites to push Google ads and trick users into clicking these advertisments, for the crooks profits

Professionally designed ransomware Spora might be the next big thing (CSO) The new ransomware program features strong offline decryption and a new payment scheme

South African bank tells its tale of battling ransom attacks (CSO) Since November 2015, the First National Bank of South Africa has fought off groups looking for money

Ransomware Rising On The Plant Floor (Dark Reading) Cybercriminals are successfully reaching ICS/SCADA networks with their ransomware, including energy firms and manufacturing plants

Beware phishing scams in Amazon listings (Naked Security) Be careful what you click: There’s a new phishing scam hitting Amazon listings that look like legitimate deals, offering great prices on “used – like new” electronics

Android Marcher now posing as Super Mario Run (Zscaler) Attackers seek to use the game's popularity to spread malware

Russian Cyber Crime Group Steals $5 Million Per Day via Bot (Read IT Quick) A Russian cyber criminal group has been stealing up to $5 million per day from US-based companies, since the past few months. The hack, revealed by a company called White Ops, is being carried out with a botnet, which siphons off advertisement earnings by posing as a fake publishing company. This is one of the largest hacks in today’s times, amounting to aggregate losses between $3 million to $ 5 million per day. The hack was first noticed by the company in September 2015

What If Deep Learning Was Given Command Of A Botnet? (Forbes) Not a day goes by without some fascinating new advance in deep learning, yet most of the conversation around deep learning in the cybersecurity realm has focused on its defensive capabilities, using AI algorithms to hunt through network and server logs to ferret out anomalous activity. This raises the fascinating question of what deep learning might be capable of as an offensive weapon of cyberwarfare

Free public Wi-Fi a bane for cybersecurity: security firm (ABS-CBN News) Among the biggest security risks for computer and mobile users is free Wi-Fi and people's lack of a cybersecurity solution, said a cybersecurity firm

The Dumb ‘Smart’ Gear That Someone’s Gonna Hack in 2017 (Wired) Another year, another menagerie of devices that inexplicably connect to the internet. And while you can debate the usefulness of putting Wi-Fi in every last appliance in your home, it undoubtedly gives hackers more easy targets

Security Patches, Mitigations, and Software Updates

Buggy Domain Validation Forces GoDaddy to Revoke Certs (Threatpost) GoDaddy has revoked, and begun the process of re-issuing, new SSL certificates for more than 6,000 customers after a bug was discovered in the registrar’s domain validation process

Adobe, Microsoft Push Critical Security Fixes (KrebsOnSecurity) Adobe and Microsoft on Tuesday each released security updates for software installed on hundreds of millions of devices. Adobe issued an update for Flash Player and for Acrobat/Reader. Microsoft released just four updates to plug some 15 security holes in Windows and related software

SAP Security Notes January 2017: Continued Security Focus on SAP for Defense (Onapsis) So, 2017 begins... and the first Patch Day has arrived. Today, SAP published its first Security Notes post of the year, making a total of 24 notes (21 published today) since the last Security Notes Tuesday in December. The amount of security corrections for each month starts consistent with last year (keeping the average of 25 SAP Security Notes per month). Today SAP published, for the second month in a row, SAP Security Notes for SAP ERP Defense Forces and Public Security. Along with our Research Labs analysis, SAP is working on several security improvements for these solutions that are used by many large organizations around the world

Second Try at Windows LSASS Patch Addresses Vulnerability (Threatpost) Microsoft’s second try at patching a vulnerability in a critical Windows process apparently is more successful than its first attempt

Microsoft fixes botched patch (Enterprise Times) Microsoft has brought forward a replacement patch for CVE-2016-7237. The details were released by Nicolas Economou from Core Security. The replacement patch was due for release on February 14. However, after Core Exploit issued an embargoed blog about the issue to press, Microsoft told them they would bring the patch release forward. It is now live as part of yesterday’s Patch Tuesday release

Cardiac Implant Flaw Patched, But Holes Remain (Dark Reading) A new chapter opens in the controversy surrounding security vulnerabilities disclosed in St. Jude Medical's cardiac implant devices

Cyber Trends

Threat researcher sees no end to ransomware’s growth (Silicon Angle) Intel Corp.’s McAfee Labs raised some eyebrows in the security community in November with its prediction that “the volume and effectiveness of ransomware attacks will go down in the second half of 2017.” The security firm based its prediction on improvements in preventive technology, better industry coordination, education and stepped-up law enforcement pressure for its optimism. But Allan Liska doesn’t agree

Businesses Bracing for Year of Uncertainty, According to Allianz Risk Barometer 2017 (BusinessWire) Businesses increasingly fear impact of non-physical damages, market uncertainties and political perils. Companies greatly fear the impact of rising protectionism and other potential shocks to markets. Business interruption continues to lead risk rankings as new non-physical damage triggers emerge. Cyber risk concerns rise to #2 in the US and Europe, globally top 3; driven by impact of indirect attacks, regulatory threats and technical and employee error in digitalized production environment

IT Decision Makers Reveal Two-Factor Authentication Dislike and Rise in Adaptive Authentication Adoption, Says SecureAuth Survey (Yahoo!) SecureAuth® Corporation, the leader in adaptive access control, today announced the results of a survey that reveals challenges associated with two-factor authentication (2FA). Commissioned in conjunction with Amplitude Research, the responses surveyed 300 IT decision makers and cybersecurity professionals on industry perspectives and concerns with 2FA

Cloud Report (Netskope) Half of all users of a sanctioned cloud storage service have a personal instance of the same service

Cyber Security Worries Driven by Naïve Staff, Says Report (Acumin) In spite of the view that hackers remain the biggest cyber threat to organisations, insiders, including naïve or careless staff, are now considered to pose just as great a threat, says a new study from firewall provider Preempt, conducted by Dimensional Research

Study: The Office of 2017 Will Use Biometrics - But Not Business Cards or Fax Machines (PRNewswire) Only 18% of adults have used business cards in the last three months; Experts say that biometrics will replace passwords to protect sensitive information in the workplace

74 Percent of Organizations Using Two-Factor Authentication Face User Complaints (eSecurity Planet) Nine percent of organizations using two-factor authentication say their users simply 'hate it,' a recent survey found


Trump's rift with intelligence community is spooking US spy agency contractors (CNBC) The changing political landscape in Washington and friction between President-elect Donald Trump and the U.S. intelligence community could have major implications not only for the spy agencies but for the shadow private contractors such as Booz Allen Hamilton that support them

Yahoo is no more, its Altaba after Verizon takeover (Inferse) The once familiar name, Yahoo will cease to exist anymore as Verizon begins the acquisition process of the company

Apperian Just Got Acquired — Say Hello to Its New Leader (BostInno) The startup's investors included Kleiner Perkins Caufield & Byers and Intel Capital

Infocyte Secures $3.4M Series A Funding To Make Threat Hunting A Standard Enterprise Practice (IS Buzz News) Innovative, automated threat hunting solution enables enterprise security and IT pros to easily detect hidden malware and threats

DarkMatter Becomes Associate Member of the Leading Mobile Operator Group, GSMA (PRNewswire) Membership will allow DarkMatter to interact with more than 800 telecom operators globally, as it develops end-to-end secure communications offerings

GlobalSign opens regional office in Dubai (Trade Arabia) GMO GlobalSign KK, a leading provider of trusted identity and security solutions and one of the longest established certificate authorities in the world, has announced the inauguration of its new office in Dubai

Products, Services, and Solutions

LightCyber Listed as a Representative Vendor in Two Recent Gartner Market Guide Reports (BusinessWire) Magna Platform uniquely integrates network, user and endpoint visibility to accurately detect active network attacks using novel machine learning techniques

Kaymera Launches Fully-secured Version of Google Pixel Phone (Yahoo! Finance) Kaymera Technologies Ltd, the leader in mobile security for enterprises and Government organizations, has today announced the launch of the Kaymera Secured Pixel, a unique fully-hardened and secured version of Google’s flagship smartphone

Versasec Unveils vSEC:CMS S-Series Version 4.7 (Versasec) Smart card management leader updates identity and access management solution with faster server-based searches, new templates, push notifications and more

Optiv Security Announces New Cyber Threat Intelligence-as-a-Service to Help Organizations Build Advanced “Beyond-the-Perimeter” Capability (BusinessWire) Technology-enabled service allows Optiv clients to develop proactive security models, better define cyber risk and rapidly mitigate threats

Ovum Reports Zentera Systems Uniquely Addresses Multicloud Security and Management Challenges (IT Business Net) Latest research reveals Zentera CoIP to drive company growth due to overlay network enabling secure movement of workloads across multiple clouds

Keeper Security Establishes European Secure Cloud Data Center (IT Business Net) Keeper's customers' passwords and digital assets securely hosted in the European Union

Cryptzone Transforms Network Security with New AppGate Release (IT Business Net) Cryptzone, the Software-Defined Perimeter company, today announced the newest version of AppGate, which enables organizations to easily deploy a Software-Defined Perimeter (SDP) for granular access control. The release of AppGate 3.0 furthers Cryptzone's vision for transformational network security where all network services adopt an identity-centric security model

How to protect your online conversations with Signal's end-to-end encryption (Macworld) In a world of snoopers, end-to-end encryption is the only sensible path to take

4 ways man and machine are teaming up to fight cyberthreats (The Next Web) With the use of data-centric business models and big data services on the rise, it is becoming increasingly harder to detect threats and data breaches

Huawei and AlgoSec to deliver integrated security policy management to drive network agility (Your Industry News) Huawei announced a partnership with AlgoSec, the market leader for business-driven security policy management. Through this partnership, Huawei security integrates its full range of firewall-related solutions with AlgoSec’s security policy management solution to enable joint customers to streamline and automate security management operations, enhance visibility and improve security, compliance and business agility

Technologies, Techniques, and Standards

GlobalPlatform enables the Web to access Advanced Security Services (Global Platform) Organization standardizes the interface between web applications and secure elements, enabling secure storage and processing for online services

CTO Insights: The General Data Protection Regulation (GDPR) Is Coming, What Now? (TrendLabs Security Intelligence Blog) Based on the incidents we saw in 2016, I recommend that organizations enter 2017 with caution. From the growth of Business Email Compromise (BEC) attacks to cybercriminals using more effective ways to exploit Internet of Things (IoT) devices, these security issues should serve as a reminder for businesses and individuals to be more vigilant

Advancing Infosecurity Standards Through Consensus (Infosecurity Magazine) More than 40 million Target shoppers were caught off guard when their credit card accounts were hacked in 2014, but it came as no surprise for many security researchers, who had been predicting an authentication attack for more than a decade. The incident prompted Americans to join the rest of the world and start the (sometimes rocky) transition to EMV chip cards

What Reaction To The Russian Hacking Report Teaches Us About Data Science (Forbes) From a data science standpoint, one of the most fascinating criticisms of the US Government report on Russian hacking of the US presidential election is that for all its hyperbolic claims, the actual hard detailed evidence presented in the report is relatively weak and the evidence it does present ends up hurting the report’s conclusions more than supporting them

Russian Hackers, Elections, and Data-Driven Analytics (Hackernoon) Two days before New Years, something interesting happened in the world of cyber security

The rewards of advanced agile and DevOps adoption (Help Net Security) In today’s fiercely competitive environment for customer satisfaction and brand loyalty, agile and DevOps are driving happier customers and employees. Results from a new CA Technologies global study reveal that advanced users of agile or DevOps realized significant increases of up to 52 percent in customer satisfaction and up to 50 percent in employee productivity

On the banality of attacks and on mindful engineering (Medium) Over the years of my experience assisting journalists and dissidents with matters of computer security, and researching the nature of the threats they face, I learned that those who don’t have access to security solutions and do not operate in a managed environment, are often not best served by the consumer technology they are normally provided with

Credit Freeze: The New Normal In Data Breach Protection? (Dark Reading) In era of rampant identity theft, consumers should be offered the protection of a credit freeze by default, instead of a nuisance fee each time a freeze is placed or removed

How to Encourage Employees to Not Only Practice, but Actually Promote Cybersecurity Awareness (Infosecurity Magazine) It’s a curious reality that, although employees are swiftly punished for violating information security policy, such an extreme lack of interest in providing those employees with adequate cybersecurity awareness training exists amongst organizations

Design and Innovation

Why the age of connected cars presents a 'very real threat' in cybersecurity (Tech Republic) At NAIAS 2017, experts in data management and cybersecurity discussed the risks that come with the 'internet of cars.' Here's what you should know

Marines study sci-fi to plan for future battlefield needs (C4ISRNET) The Marine Corps is turning to science fiction and short stories to help forecast future operating concepts in an increasingly complex world


Meet the man responsible for teaching some of the NSA’s best young hackers (CyberScoop) The National Security Agency is an enormous organization by nearly any corporate standard, with more than 35,000 employees. Former Deputy Director Chris Inglis once joked that the spy agency is “the biggest employer of introverts.” More frequently though, the NSA refers to itself as the largest employer of mathematicians. In recent years, while the U.S. has continuously confronted new threats in cyberspace, the agency has increasingly become a training ground for young, talented, highly educated computer security professionals

Legislation, Policy, and Regulation

Why State-Run Cures Against Hackers may be Worse than the Disease (South China Morning Post) Strong surveillance laws and plans for government-run clouds could provide some protection for businesses, but not without a price paid in lack of privacy

Understanding concerns about Trump's relationship with Putin, intelligence agencies (Duke Chronicle) President-elect Donald Trump is at odds with several intelligence agencies regarding the role of Russian interference in the 2016 election

Opinion: Trump’s internet opportunity (Christian Science Monitor Passcode) Instead of adding to hostilities toward internet freedom, Trump has a chance to help safeguard digital liberties. That means crafting a cybersecurity policy in his first 100 days to reinforce appropriate behavior in cyberspace

If Trump Wants a ‘Hacking Defense’ Strategy, He Should Just Use Obama’s (Wired) In his first press conference as president-elect, Donald Trump said Wednesday that the United States is too vulnerable to cybersecurity threats, and that he plans to work with defense and intelligence officials to release a “major report on hacking defense” within 90 days of taking office. To do so, he’ll need a much firmer grasp on “the cyber” than he’s demonstrated so far. As the Obama administration already showed with its own comprehensive cybersecurity plan, there’s no such thing as a quick fix

SIA Renews Support for Bipartisan DIGIT Act (Security Industry Association) Private sector input essential to guiding policy on the Internet of Things, says SIA

Making Elections Critical Infrastructure Sends Clear Message to Adversaries (Digital Guardian) The decision by the U.S. Department of Homeland Security to designate election infrastructure as critical infrastructure significantly extends federal protection of voting systems

DHS should have a cybersecurity unit, says panel chairman (CSO) Homeland Security could offer more help on state elections but needs 'focus and resources,' says Rep. Michael McCaul

DHS nominee Kelly mixes message on department’s cyber role (FedScoop) Kelly said reorganization and renaming of DHS’s National Protection and Programs Directorate to improve the department’s cyber capabilities would be a “top priority”

The Feds Need to Embrace Encryption (PC Magazine) Recent political headaches could have been avoided if people learned to encrypt a file once and a while

Litigation, Investigation, and Law Enforcement

Report on Russian hacking leaves many questions unanswered (CSO) Experts have been pouring over the JAR released two weeks ago, but there isn't enough detail in the document to help organizations defend themselves

Trump: It was probably Russia that hacked the DNC, Clinton campaign (CSO) The incoming president comes as close as he ever has to agreement with U.S. intelligence

Trump accepts Russia's role in political hack (Christian Science Monitor Passcode) For the first time, the president-elect said he believes Russia meddled in the election. In Washington, a growing cadre of Senators want a wider investigation to determine the extent of Moscow's interference

Democrats didn’t stand a chance against Russia’s elite hackers. They’re too good. (Kansas City Star) When Hillary Clinton’s former campaign chief received a bogus email that an elite Russian hacking unit allegedly sent, he clicked on its infected link, giving the hackers access to 58,000 or so emails

Russians deride American uproar over cyber attack accusations (Russia Beyond the Headlines) The U.S. intelligence community's assertions about purported Russian hacking during the U.S. presidential election is dismissed by both the Russian government and public

Trump denounces 'disgrace' of reports of Russian ties to him (Military Times) A defiant President-elect Donald Trump on Wednesday adamantly denied reports that Russia had compromising personal and financial information about him, calling it a "tremendous blot" on the record of the intelligence community if material with any such allegations had been released

How credible are reports that Russia has compromising information about Trump? (PBS Newshour) On Tuesday evening, CNN reported unsubstantiated claims that Russian intelligence compiled a dossier on the president-elect during his visits to Moscow; BuzzFeed later published 35 pages of content from the alleged dossier. But Mr. Trump dismissed the developments as “fake news.” Judy Woodruff speaks with former NSA lawyer Susan Hennessey and former CIA officer John Sipher for analysis

FBI, CIA, DNI, NSA all agreed: Tell Trump about explosive Russia claims (Washington Post via McClatchy DC) As the nation's top spies prepared to brief President Barack Obama and President-elect Donald Trump on Russian interference in the 2016 election, they faced an excruciatingly delicate question: Should they mention the salacious allegations that had been circulating in Washington for months that Moscow had compromising information on the incoming president?

The Deep State Goes to War with President-Elect, Using Unverified Claims, as Democrats Cheer (Intercept) In January, 1961, Dwight Eisenhower delivered his farewell address after serving two terms as U.S. president; the five-star general chose to warn Americans of this specific threat to democracy: “In the councils of government, we must guard against the acquisition of unwarranted influence, whether sought or unsought, by the military-industrial complex. The potential for the disastrous rise of misplaced power exists and will persist.” That warning was issued prior to the decadelong escalation of the Vietnam War, three more decades of Cold War mania, and the post-9/11 era, all of which radically expanded that unelected faction’s power even further

4chan Claims It Invented the Trump Golden Showers Story (Daily Beast) The forum alleged an anonymous user invented Tuesday’s bombshell about Donald Trump and Russian prostitutes—and then passed it onto a Republican operative. But there’s a weak stream of proof

UK Asks Journalists to Not Name Ex-Agent Allegedly Behind Trump Report (Motherboard) One name is suddenly on everyone's lips. On Wednesday, the Wall Street Journal revealed who is allegedly behind the salacious and unverified report of compromising material related to President-elect Donald Trump: Christopher Steele

UK fails to gag press over ID of ex-spy at center of Trump dossier claims (Ars Technica) Op-ed: Polite D-notice system is slowing ossifying; Web now dominates public discourse

China-Based Hacking Case Against U.S. M&A Firms Illustrates Cyber Security and Enforcement Issues (Forbes) In late December, the U.S. Attorney for the Southern District of New York announced the arrest of a Macau resident and unsealed an indictment against him and two others for hacking U.S. law firms for information related to pending U.S. mergers and acquisitions transactions and insider trading on that information. At the same time, the U.S. Securities and Exchange Commission filed a civil securities law complaint against those individuals, seeking injunctive relief and disgorgement of wrongful gains

CloudFlare Shares National Security Letter It Received in 2013 (Threatpost) Thanks to the lifting of a gag order, on Tuesday security firm Cloudflare was finally able to post a National Security Letter it received from the Federal Bureau of Investigation back in 2013

Popular tech blog sued by self-proclaimed “inventor of e-mail” hits back (Ars Technica) "This fight could be the end of Techdirt, even if we are completely right"

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Southern Virginia - Cyber Security Lunch & Learn (Norfolk, Virginia, USA, February 2, 2017) Cyber security experts discuss security incident response. Dealing with cyber security risk is an exercise in managing daily chaos. Organizations know they need to improve their posture but common roadblocks...

Workplace Violence & Response To Active Shooter Events Meeting (Laurel, Maryland, USA, February 9, 2017) The National Insider Threat Special Interest Group (NITSIG) will be hosting a meeting on February 9, 2017, at the Johns Hopkins University Applied Physics Laboratory, Laurel, MD. The meeting will be exclusively ...

Cybersecurity: The Leadership Imperative (New York, New York, USA, March 16 - 17, 2017) Cyber risk impacts every element of your organization – and even the most brilliant information security expertise must be supported by a cross-functional cybersecurity structure and culture to succeed.

Upcoming Events

SANS Security East 2017 (New Orleans, Louisiana, USA, January 9 - 14, 2017) Start the year off right by choosing from outstanding, cutting-edge courses presented by our top-rated instructors. SANS is looking forward to an exciting kickoff of 2017 with SANS Security East 2017 in...

S4X17 ICS Security Conference (Miami Beach, Florida, USA, January 10 - 12, 2017) Three Days of advanced ICS cybersecurity on three stages with the top 500 people in ICS security. Main Stage - The big names (Richard Clarke, Renee Tarun, ...) and forward looking topics (ICS certification,...

Suits and Spooks DC 2017 (Arlington, Virginia, USA, January 11 - 12, 2017) “What we are creating now is a monster whose influence is going to change history, provided there is any history left.” (John von Neumann) When John von Neumann said those words in 1952, he didn’t mean...

Global Institute CISO Series Accelerating the Rise & Evolution of the 21st Century CISO (Scottsdale, Arizona, USA, January 11 - 12, 2017) These intimate workshops address the challenges that Board of Directors are placing on security and risk executives, and how to successfully manage and communicate today’s enterprise and organizational...

Cybersecurity of Critical Infrastructure Summit 2017 (College Station, Texas, USA, January 11 - 13, 2017) An inaugural event to convene thought-leaders, experts, and strategic decision makers from government, industry, and academia to discuss the technology and policy implications of the ever-evolving cyber-threats...

ShmooCon 2017 (Washington, DC, USA, January 15 - 17, 2017) ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and...

SANS Las Vegas 2017 (Las Vegas, Nevada, USA, January 23 - 28, 2017) Attend SANS Las Vegas 2017, where SANS will provide outstanding courses in IT security, forensics, and security management presented by the best cybersecurity teachers in the country. At SANS events you...

BlueHat IL (Tel Aviv, Israel, January 24 - 25, 2017) Announcing BlueHat IL – a special edition of Microsoft's leading cyber security conference for top professionals, to be held for the very first time in Tel Aviv, Israel. Over the past 10 years, BlueHat conferences have drawn the brightest minds in security to discuss key industry challenges. And now, BlueHat IL is here to crank it up by exploring and creating new cyber security thoughts and boundaries. This exclusive, by invitation only, single track event will host top cyber security professionals from around the world, who will come together to tackle the present and peek into the future. It will feature brilliant speakers and focus on breakthrough research, key trends and emerging threats in the field. Registration closes December 28.

SANS Cyber Threat Intelligence Summit & Training 2017 (Arlington, Virginia, USA, January 25 - February 1, 2017) Join SANS at this innovative Summit as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities. Most organizations are familiar with threat intelligence, but...

Blockchain Protocol and Security Engineering (Stanford, California, USA, January 26 - 27, 2017) This conference will explore the use of formal methods, empirical analysis, and risk modeling to better understand security and systemic risk in blockchain protocols. The conference aims to foster multidisciplinary...

National Credit Union - Information Sharing & Analysis Organization - 2017 Tech Conference (Cape Canaveral, Florida, USA, January 31 - February 2, 2017) Join us for three days of Cyber Security topics that are pertinent to Credit Union cyber resilience, real-time security situational awareness information sharing, and coordinated response in the global...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.