skip navigation

More signal. Less noise.

Do you know the best practices for applying threat intelligence?

Threat intelligence is one of the most talked about areas of information security today, but how do you actually use it? Learn best practices for applying threat intelligence with Recorded Future's latest white paper. Download your free copy now.

Daily briefing.

"Hidden Cobra," better known as the North Korean threat actor Lazarus Group, has been discovered distributing a remote administration tool to targets in the aerospace, finance, and telecommunications sectors. The US Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) in their warning yesterday called the RAT "FALLCHILL." It appears to be an espionage tool.

DHS and FBI also issued in a separate warning of a different North Korean bit of malware. This one, a Trojan called "Volgmer," is being distributed by spearphishing.

Someone—apparently a hacktivist, but it's difficult to be sure—is also hacking around North Korean radio. They got into the feed of a DPRK short-wave station (regarded as a "numbers station") and played Europe's 1986 hit "The Final Countdown." 

Two Internet-of-things vulnerabilities have been disclosed. Cisco researchers report critical vulnerabilities in Foscam C1 Indoor HD Cameras. The vulnerable application firmware version is 2.52.2.43. And SEC Consult reports finding exploitable issues in older Siemens SICAM remote terminal unit modules. They're at the end of their life, and Siemens advises updating to newer versions. 

OnePlus 5, 3 and 3T smartphones appear to have shipped with backdoors.

The UK reports Russian trolling during the run-up to the Brexit vote.

Both Microsoft and Adobe issued a large number of patches yesterday. Microsoft's fifty-plus fixes included some twenty that addressed Explorer and Edge critical browser issues. Adobe issued eighty patches affecting Flash Player, Photoshop, Connect, Acrobat and Reader, DNG Converter, InDesign, Digital Editions, Shockwave Player, and Experience Manager.

Notes.

Today's issue includes events affecting Australia, Canada, China, European Union, Philippines, Russia, Sudan, Syria, Turkey, Ukraine, United Kingdom, United States.

Not all intelligence is created equal.

A well-informed cybersecurity strategy is essential to keeping your organization protected, but gathering global intelligence from various sources and locations is difficult. Your organization needs a partner with deep roots in cyber threat intelligence. The LookingGlass digital library (STRATISS) of strategic intelligence reports expands your understanding of the threat landscape and delivers the intelligence your decision makers want to their fingertips. Check out our intelligence here.

In today's podcast, we hear from our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin talks us through the implications of the possible expiration of FISA's section 702 surveillance authorities. Our guest is Orion Hindawi, CEO of Tanium, who shares insights from their annual Converge conference.

Earn a master’s degree in cybersecurity from SANS (Online, November 21, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Tuesday, November 21st, at 1:00pm ET. For complete information on master’s degree and graduate certificate programs, visit www.sans.edu.

Cyber Security Summit: Los Angeles (Los Angeles, California, USA, November 29, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security on November 29 in Los Angeles. Register with promo code cyberwire50 for half off your admission (Regular price $350).

Cyber Attacks, Threats, and Vulnerabilities

Someone hacked N. Korean Radio Station to Play "The Final Countdown" (HackRead) It's just another day with just another radio station transmission getting hijacked. This time, unknown intruders compromised the transmission of a short-wave...

U.S. Government Shares Details of FALLCHILL Malware Used by North Korea (Security Week) FALLCHILL malware used by North Korean government hackers is a fully functional RAT, DHS says

Russian Ministry of Defense posts video game screenshot as evidence of US collusion with ISIS (Military Times) The Russian MOD claims the U.S. military helped provide cover to an ISIS convoy fleeing the Syrian town of Abu Kamal on Nov. 9.

Suspect Russian accounts tweeted about Brexit in run-up to vote (Times) The Russian town of Gelendzhik, on the banks of the Black Sea, has a population of 55,000. According to Twitter, one of its inhabitants is Svetlana Lukyanchenko, a voracious user of the social...

How Russian bots appear in your timeline (BBC News) A number of high-profile social media accounts have been exposed as Russian "bots".

How A Russian Troll Fooled America (Medium) Reconstructing the life of a covert Kremlin influence account

Bot-driven web traffic and its application security impact (Help Net Security) Research focused on highly targeted industries exposes the proliferation of bot-driven web traffic and its impact on organizations’ application security.

Governments manipulate social media, threaten global Internet freedom (Help Net Security) Governments around the world are dramatically increasing their efforts to manipulate information on social media, threatening global Internet freedom.

Government-controlled 'keyboard' armies now a global phenomenon, new report says (Los Angeles Times) Russia and China pioneered the use of online commentary and political bots to manipulate information on social media. That trend has gone global, a new Freedom House report on global internet freedom says.

The Troll Smearing Roy Moore’s Accuser Stole a Dead Navy SEAL’s Identity (The Daily Beast) And that’s just one of a host of lies from ‘@Umpire43,’ whose attempts to discredit Roy Moore’s accusers went instantly viral in the Trumposphere.

Critical flaws open Foscam C1 IP cameras to compromise (Help Net Security) Cisco Talos researcher Claudio Bozzato has unearthed a dozen of critical vulnerabilities affecting the Foscam C1 series of indoor HD cameras.

Flaw in Siemens RTU Allows Remote Code Execution (Security Week) Potentially serious vulnerabilities have been found in some Siemens SICAM remote terminal unit (RTU) modules, but patches will not be released as the product has been discontinued.

Google researcher finds 79 Linux USB vulnerabilities (Naked Security) Kernel USB drivers have turned out to be a rich hunting ground for Google researcher Andrey Konovalov

Eavesdropper Flaw, Marcher Malware Threaten Mobile Devices (eSecurity Planet) The vulnerability and phishing attack should both be easy to resolve -- but they're thriving.

There is a Pre-Installed Backdoor in OnePlus 5, 3 and 3T Devices (HackRead) If you are using OnePlus 5, 3 or its 3T model, an IT security researcher Elliot Alderson (whose real name is Robert Baptiste) has bad news for you. The res

Weaponizing 3-D printers: Cyberattacks could turn battlefield tech into threats (Fifth Domain) Now that military branches have created and tested 3-D printed weapons, Navy submarine-like vessels and even MREs, the conversation around additive manufacturing in the military has turned to securing those assets from cyberattacks.

Is the US military prepared for cyberattacks on satellites? (Fifth Domain) Keeping the U.S. defensive resources safe from cyberattacks means protecting systems in the remote locations throughout the world — and off-world.

The Ukrainian electric grid cyber attacks were not “success stories” (Control Global) The Ukrainian cyber attacks were not “half full” success stories but a message to the Ukraine and the US as to what the attackers could do to our grids. This is particularly important to the US as the BlackEnergy malware has been in our electric grids since at least October 2014.

Google study reveals how criminals break into Gmail accounts (Naked Security) The researchers’ conclusion? Password-based authentication is dead in the water

How hackers crack passwords and why you can't stop them (CSO Online) Password crackers have access to more stolen passwords and better password hacking software and tools than ever before.

Mobile devices present a significant risk for GDPR noncompliance (Help Net Security) Accessing data from mobile devices presents a significant risk for GDPR noncompliance, according to research for Lookout.

Unsecure Server Exposed Private Data of Popular Ride-Hailing Service (HackRead) Ride-hailing apps are currently in vogue now, there are countless small to large startups that are providing apps such as Uber and Lyft that are able to ac

Forbes '30 Under 30' Conference Website Exposed Attendees' Personal Information (Motherboard) A former honoree discovered a security flaw in Forbes’ system that revealed phone numbers, emails, and date of birth.

Flashpoint - Pricing of Goods and Services on the Deep & Dark Web (Flashpoint) The forums and marketplaces where illicit goods and services are exchanged play an influential role in today’s cyber and physical threat landscape.

This year's most hackable holiday gifts (Help Net Security) McAfee announced its third annual Most Hackable Holiday Gifts list to help consumers identify potential security risks associated with popular gifts this h

New McAfee Survey Reveals 20 Percent of Consumers Would Knowingly Buy a Connected Device Vulnerable to Hacking (BusinessWire) Today McAfee announced its third annual Most Hackable Holiday Gifts list to help consumers identify potential security risks associated with popular g

10-year-old kid succeeds in unlocking his mum’s iPhone X, with just a glance (HOTforSecurity) If you have a spare thousand dollars burning a hole in your pocket you might be tempted to purchase Apple’s latest smartphone, the iPhone X. The new device comes with a bigger screen than the previous regular incarnation of the iPhone and an improved camera... #biometrics #faceidsecurity #iphonex

Security Patches, Mitigations, and Software Updates

Microsoft Patches 20 Critical Browser Vulnerabilities (Security Week) Microsoft’s Patch Tuesday updates for November address more than 50 vulnerabilities, including 20 critical flaws affecting the company’s web browsers.

Adobe Patches 80 Flaws Across Nine Products (Security Week) Adobe on Tuesday announced the availability of patches for a total of 80 vulnerabilities across the company’s Flash Player, Photoshop, Connect, Acrobat and Reader, DNG Converter, InDesign, Digital Editions, Shockwave Player, and Experience Manager products.

November’s Patch Tuesday Includes Defense in Depth Update for Attacks Abusing Dynamic Data Exchange (TrendLabs Security Intelligence Blog) Microsoft's Patch Tuesday for November fixes over 50 security issues and provided mitigations against attacks abusing Dynamic Data Exchange.

Adobe, Microsoft Patch Critical Cracks (KrebsOnSecurity) It’s Nov. 14 — the second Tuesday of the month (a.k.a. “Patch Tuesday) — and Adobe and Microsoft have issued gobs of security updates for their software.

Microsoft Word Vuln Went Unnoticed for 17 Years: Report (Dark Reading) Researchers claim Microsoft Word vulnerability, patched today, has existed for 17 years.

Cyber Trends

What is a cyber attack? Recent examples show disturbing trends (CSO Online) From virtual bank heists to semi-open attacks from nation-states, this year has been rough on IT security. Here are some of the major cyber attacks of 2017 and what we can learn from them.

Comodo Detects Malware in Every Country | Threat Report Q3 2017 (Comodo News and Internet Security Information) Comodo Threat Research Labs detects nearly 400 million malware incidents worldwide in Q3 2017.

2017 Has Broken the Record for Security Vulnerabilities (Dark Reading) Some 40% of disclosed vulns as of Q3 are rated as severe, new Risk Based Security data shows.

The cybersecurity skills shortage is an existential threat (CSO Online) ESG research with ISSA shows that organizations don’t have the right levels of cybersecurity personnel, skills and ongoing training to keep up with cyber risk.

Federal Cyber Artificial Intelligence IQ Test Shows 90 Percent of Feds View AI as Cyber Fix, but 48 Percent Afraid of AI Risks (Meritalk) Low AI anxiety – only 24 percent of Feds fear AI will eliminate their jobs

ThreatConnect Provides a Report on Healthcare and Medical Industry Threats (ThreatConnect) Learn about the threats and how to protect your healthcare organization

Is the healthcare industry prepared to combat evolving cyber threats? (Help Net Security) One in four UK healthcare IT professionals aren't confident in their organisation's ability to respond to cyberattacks, according to Infoblox.

Most UK law firms aren't ready for GDPR, claims report (Graham Cluley) Remember – this isn’t just an issue for businesses based in Europe.

Enterprise Physical Security Drives IoT Adoption (Dark Reading) The vast majority of respondents to a new survey are deploying IoT technologies for building safety in the form of security cameras.

Marketplace

Deloitte acquires big data team out of Asia-Pacific competitor to bolster Sydney, Melbourne and Singapore offices (CRN Australia) CBIG Consulting's APAC team joins Deloitte's Sydney, Melbourne offices.

Two compliance companies merge to build a $100M firm (TechCrunch) Once upon a time there were two compliance companies. Smarsh was owned by Los Angeles-based private equity firm, K1 Investment Management. It worked with..

Announcing $23 Million Series C Funding to Drive the Future of Log Analytics (Logz.io) We are excited to announce our $23 million series C funding! Learn more about our vision, our technology, and upcoming releases here.

Survey of bug bounty hunters shows who pans for pwns (Ars Technica) Bug hunters are educated, young, looking for challenge—and cash to feed security habit.

LookingGlass Appoints Michael Taxay and Jeremy Haas to Executive Leadership Team (BusinessWire) Cybersecurity professionals Michael Taxay and Jeremy Haas have joined LookingGlass Cyber Solution's executive leadership team.

Scott Collins Joins Vectra as Director of North America Channels (PRNewswire) Vectra, the leader in automating the hunt for in-progress...

Lacework Names Dan Hubbard Chief Security Architect (PRNewswire) Lacework™, the industry's first solution to bring automation,...

Terbium Labs Welcomes Munish Walther-Puri to its Executive Leadership Team as Chief Research Officer and Head of Intelligence Analytics (GlobeNewswire News Room) Terbium Labs, the premier dark web intelligence company, today announced the appointment of Munish Walther-Puri to Chief Research Officer and Head of Intelligence Analytics.

Products, Services, and Solutions

High-Tech Bridge announces free application discovery and inventory service (High-Tech Bridge) ImmuniWeb® Discovery provides continuous discovery, inventory and visibility of web and mobile applications and their APIs.

RedSeal Enhances Digital Resilience Platform, Dramatically Reducing Network Analysis Time and Boosting Security Team Productivity (Marketwired) Expanded coverage of hybrid datacenters creates more complete and accurate network models; New integration apps accelerate incident investigations and bring live traffic into RedSeal platform

Bay Dynamics Risk Fabric puts vulnerabilities in context (CSO Online) Many vulnerability management programs will direct IT teams to the critical threat on the non-critical asset, and place a midlevel threat on a critical asset thousands of places down on the priority scale. It’s not the program’s fault. It just doesn’t know context. That is one of the major problems in the vulnerability management space that the Bay Dynamics Risk Fabric program is designed to solve.

LockPath and SecurityScorecard Partner to Increase Efficiency in Vendor Risk Management (LockPath.com) This integration with SecurityScorecard will provide our customers with an even more advanced solution for managing risk from third parties of all types.

Barracuda Announces New Cloud Generation Firewall Capabilities (null) Barracuda Networks, Inc. (NYSE: CUDA), a leading provider of cloud-enabled security and data protection solutions, today announced expanded public cloud functionality for the Barracuda Web Application Firewall and Barracuda NextGen Firewall.

SecurityFirst™ Launches Channel Partner Program (IT Briefing) SecurityFirst™, a provider of data-centric cyber solutions, today announced the SecurityFirst Partner Program designed to help resellers and service providers make more money selling critical data protection to clients.

Graphus Launches Office in India to Drive Customer Growth and Expand Reseller Partner Network (BusinessWire) Graphus Inc., a leading cloud applications cybersecurity company, announced today they have incorporated a subsidiary company and opened a new office

New cryptocurrency exchange promises to bring virtual currencies to everyday purchases (Computing) The LBX Dragoncard will be accepted anywhere that takes Visa (so, everywhere)

Securonix Shrinks Cyber Incident Response Time With Phantom Integration - ForexTV (ForexTV) Securonix, the market leader in big data security analytics and user and entity behavior analytics, today announced integration of its Next Gen SIEM platform with Phantom, the clear leader in Security Automation and Orchestration (SA&O) market. This partnership enables security operations center (SOC) analysts to dramatically improve ...

Technologies, Techniques, and Standards

These Campaigns Explain Why AV Detection for New Malware Remains Low (Heimdal Security Blog) How long it takes for antivirus to detect new malware? These campaigns show why antivirus detection rates are slow. Protection guide included

Building a Threat Intelligence Framework to Defend Against Cyberattacks (Recorded Future) By building a threat intelligence framework, you can gain the ability to act quickly (before attacks occur) and to put threats into context.

Thwarting the Tactics of the Equifax Attackers (Cloudflare Blog) We are now 3 months on from one of the biggest, most significant data breaches in history, but has it redefined people's awareness on security? The answer to that is absolutely yes, awareness is at an all-time high. Awareness, however, does not always result in positive action. The fallacy which

Quantum Dawn War Games Test Cyber Resiliency in Finance Sector (Security Week) Quantum Dawn IV, a large-scale exercise to test the cyber resiliency of the U.S. finance sector, was held on Tuesday and Wednesday this week. The excercise had more than 900 participants from over 50 financial institutions, government agencies and regulators.

Today You’re Being Hacked – How To Choose Secure Settings (Heimdal Security) What can happen with your IoT devices in 24 hours and how to secure settings so you’re safe

Lock Down Your Facebook Privacy With These Simple Settings (WIRED) Friends, friends of friends, advertisers; keeping track of Facebook's privacy settings can get confusing. Here's how to get yours just right.

Design and Innovation

Microsoft Uses Neural Networks to Make Fuzz Tests Smarter (Dark Reading) Neural fuzzing can help uncover bugs in software better than traditional tools, company says.

Legislation, Policy, and Regulation

#ISSE17: Connected Devices Legal Framework Proposed by EC (Infosecurity Magazine) A new European Commission proposal will see certifications issued for devices

How the Government of Canada Plans To Set CyberSecurity Policy (eSecurity Planet) At SecTor security conference, the Director General for National Cyber Security in the Government of Canada details her government's policies for keeping Canadians safe online.

Canadians Are Worried About NSA Spying But Don’t Understand How It Happens (Motherboard) Canucks need to know the risks.

Cyber Experts Sound the Alarm (SIGNAL Magazine) The United States must continue to make inroads in the cyber domain, or it "will lose the war."

4 priorities for DoD’s cyber defense arm (Fifth Domain) A look at JFHQ-DoDIN's cyber priorities for the coming year.

Army Cyber Institute: “The Secret War Against the United States” (Cybersecurity Advisors) BLACKOPS Partners Corporation's urgent call to action is published in the U.S. Army Cyber Defense Review.

Statement from Telos CEO John B. Wood on Modernizing Government Technology Act (null) Telos Corporation CEO and chairman John B. Wood issues the following statement following passage of the Modernizing Government Technology (MGT) Act

A Dare To Congress: Go Ahead, Vote A Golden Key Encryption Law! (Monday Note) With great regularity, politicians rattle their sabers at unbreakable encryption. They claim that they need a Golden Key, a backdoor that will let them fight The Bad People. But would Congress dare enact such a law? I don’t think so.

Amid feds’ Kaspersky concerns, no easy scapegoat - but some action (Fifth Domain) Most federal agencies are complying with orders to identify and remove Kaspersky Labs anti-virus software.

Litigation, Investigation, and Law Enforcement

Secret Finding: 60 Russian Payments "To Finance Election Campaign Of 2016” (BuzzFeed) The FBI is scrutinizing more than 60 money transfers sent by the Russian foreign ministry to its embassies across the globe, most of them bearing a note that said the money was to be used “to finance

Feds fight BuzzFeed demand for Trump dossier probe details (POLITICO) In February, BuzzFeed was hit with a libel suit from Russian internet entrepreneur Aleksej Gubarev.

Trump Jr.'s WikiLeaks exchange adds intrigue to Russia probe (Military Times) President Donald Trump’s oldest son released a series of private Twitter exchanges between himself and WikiLeaks during and after the 2016 election, including pleas from the website to publicize its leaks.

The tools criminals use to prepare a stolen iPhone for resale (Help Net Security) Fraudsters use a number of tools to unlock stolen Apple devices: AppleKit and MagicApp, as well as a cybercriminal version of the Find My iPhone API.

Physical Theft Meets Cybercrime: The Illicit Business of Selling Stolen Apple Devices (TrendLabs Security Intelligence Blog) Our research delved into the crossover of online scams and physical crimes, given the sizeable global market for stolen mobile phones and iCloud fraud.

Why Google should be afraid of a Missouri Republican’s Google probe (Ars Technica) Missouri Attorney General Josh Hawley is probing Google's business practices.

To better fight crime and terror in the digital era, the FBI seeks top STEM graduates (Fifth Domain) The field of opportunity for science, technology, engineering, and mathematics (STEM) graduates continues to grow thanks to the FBI’s increased recruitment efforts.

Texas National Guard secretly installed spying devices on surveillance aircrafts (HackRead) The Texas National Guard bought two DRT 1301C cell-site simulator devices for more than $373,000. The purpose of buying these devices was to intercept call

ID theft puppet master convicted of huge tax refund scam (Naked Security) His gang exploited teenagers, prison inmates and serving US soldiers amongst others

You Can Now Mine Cryptocurrency to Bail People Out of Jail (Motherboard) “The people for whom bail is set haven’t been convicted of anything.”

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Cyber Security Opportunities in Mexico Webinar (Washington, DC, USA, November 15, 2017) Learn about the cyber security opportunities in Mexico. Mexico is ranked 28th out of 164 countries in the ITU's 2017 Global Cyber Security Index. Companies spend approximately 3.5% of their IT budgets...

The 3rd Annual Billington INTERNATIONAL Cybersecurity Summit (Washington, DC, USA, November 21, 2017) The 3rd Annual Billington International Cybersecurity Summit on March 21 in Washington, D.C. at the National Press Club, will attract over 400 attendees at the leading forum on global cybersecurity in...

Aviation Cyber Security (London, England, UK, November 21 - 22, 2017) Join us on November 21/22 in London, England for the Cyber Senate Aviation Cyber Security Summit. We will address key issues such as the importance of information sharing and collaboration, supply chain...

Global Conference on Cyberspace (GCCS) (New Dehli, India, November 23 - 24, 2017) The Global Conference on Cyberspace (GCCS) aims to deliberate on the issues related to promotion of cooperation in cyberspace, norms for responsible behaviors in cyberspace and to enhance cyber capacity...

AutoMobility LA (Los Angeles, California, USA, November 27 - 30, 2017) The Los Angeles Auto Show Press & Trade Days and Connected Car Expo have MERGED to form AutoMobility LA, the new auto industry’s first true trade show. Register to join us in Los Angeles this November.

INsecurity (National Harbor, Maryland, USA, November 29 - 30, 2017) Organized by Dark Reading, the web’s most trusted online community for the exchange of information about cybersecurity issues. INsecurity focuses on the everyday practices of the IT security department,...

INsecurity (National Harbor, Maryland, USA, November 29 - 30, 2017) INsecurity is for the defenders of enterprise security—those defending corporate networks—and offers real-world case studies, peer sharing and practical, actionable content for IT professionals grappling...

Cyber Security, Oil, Gas & Power 2017 (London, England, UK, November 29 - 30, 2017) ACI’s Cyber Security - Oil, Gas, Power Conference will bring together key stakeholders from energy majors and technology industries, to discuss the challenges and opportunities found in the current systems.

Cyber Security Summit Los Angeles (Los Angeles, California, USA, November 30, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Los Angeles. Receive...

cyberSecure (New York, New York, USA, December 4 - 5, 2017) cyberSecure is a unique cross-industry conference that moves beyond the technology of cyber risk management, data security and privacy. Unlike other cybersecurity events, cyberSecure brings together corporate...

National Insider Threat Special Interest Group Meeting (Virginia Chapter) (Herndon, Virginia, USA, December 5, 2017) The National Insider Threat Special Interest Group (NITSIG) is excited to announce it has established a Virginia Chapter. NITSIG Members and others may attend meetings at no charge. Attendees will receive...

Cyber Security Indonesia 2017: Shaping National Capacity for Cyber Security (Jakarta, Indonesia, December 6 - 7, 2017) Cyber Security Indonesia 2017 exhibition and conference, brought to you by the organisers of the Indonesia Infrastructure Week, will bring cyber security solutions providers together with key government...

Third International Conference on Information Security and Digital Forensics (ISDF 2017) (Thessaloniki, Greece, December 8 - 10, 2017) A 3 day event, with presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.