skip navigation

More signal. Less noise.

Looking for an introduction to AI for security professionals?

Your wait is over. A new book is out from the Cylance data science team, covering artificial intelligence and machine learning techniques in practical situations to improve the security professional’s ability to thrive in a data driven world. Whether you are reviewing logs or analyzing malware, being able to derive meaningful results and improve productivity is key. Order your free copy today.

Daily briefing.

UpGuard has found another set of unsecured Amazon Web Services S3 buckets, these with data collected, UpGuard says, on behalf of US Central Command and US Pacific Command. The data represent the scrapings of some 1.8 billion social media posts by VendorX, a now-defunct company that provided services to Central Command. The information isn't sensitive, the US Department of Defense says, nor was it processed for intelligence purposes. It wasn't obtained by exotic or surreptitious means, but using software freely available to anyone. The Defense Department characterizes the collection as part of its "public information gathering, measurement and engagement activities." UpGuard (which seems to be running neck-and-neck with Kromtech in the race to find and report exposed S3 buckets) suggests that collection of posts by US citizens is troubling.

Speaking of Kromtech, more details emerge on the exposed Australian Broadcasting Corporation data the company described last week. They found the database (about two years' worth of backups) in a scan on November 14th; ABC secured it "within minutes" of disclosure.

The latest case of apparent Russian influence campaigning comes from Scotland, where a lot of traffic favoring Scottish independence ("nae British slave," etc.) appears to emanate from Russian troll farms.

In Germany, Chancellor Merkel yesterday told President Frank-Walter Steinmeier that talks to form a coalition government have stalled. It appears there will either be a minority government or new elections.

Famous ur-hacker John Draper, a.k.a. Captain Crunch, has been banned from Defcon over allegations of inappropriate behavior with young men.


Today's issue includes events affecting Anguilla, Australia, Brazil, Germany, Ireland, Russia, Thailand, United Kingdom, United States.

Your cyber security posture is right of boom.

Whether you're focused on IT or national security, exploits and data loss incidents put your mission at risk. Your current tools assess and analyze content after it's breached your network - they all work right of boom. It's only a matter of time until boom happens to you. Don't let it.

Our podcasts this Thanksgiving week feature something a bit different: extended interviews with cybersecurity thought-leaders. Today we speak with PwC's Jocelyn Aqua about consumer trust in cyber security. Other extended discussions will follow tomorrow and Wednesday.

Earn a master’s degree in cybersecurity from SANS (Online, November 21, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Tuesday, November 21st, at 1:00pm ET. For complete information on master’s degree and graduate certificate programs, visit

Cyber Security Summit: Los Angeles (Los Angeles, California, USA, November 29, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security on November 29 in Los Angeles. Register with promo code cyberwire50 for half off your admission (Regular price $350).

Cyber Attacks, Threats, and Vulnerabilities

Pentagon Accidentally Exposes Web-Monitoring Operation (PCMAG) Anyone with a free AWS account could have accessed the data, which was stored on three cloud-based storage servers.

Massive US military social media spying archive left wide open in AWS S3 buckets (Register) Dozens of terabytes exposed, your tax dollars at work

Pentagon contractor spied on social media, had unsecured data in cloud (CSO Online) Researcher discovered three unsecured AWS storage buckets containing at least 1.8 billion scraped social media posts collected as part of military web monitoring program.

Pentagon contractor leaves social media spy archive wide open on Amazon (Ars Technica) Trove included more than 1.8 billion posts spanning eight years, many from US people.

Australian broadcaster hit by data breach (ComputerWeekly) The Australian Broadcasting Corporation is the latest organisation to fall prey to misconfigured Amazon S3 storage buckets, exposing database backups and sensitive data such as login credentials

Aussie Broadcaster Left Two Years of Back-ups Exposed (Infosecurity Magazine) Aussie Broadcaster Left Two Years of Back-ups Exposed. ABC is latest firm to misconfigure Amazon S3 buckets

Barrage of tweets on independence linked to Russia (Times) Almost 400,000 Twitter messages about Scottish independence were posted by fake accounts, most believed to be Russian. Researchers say that hundreds of automated accounts — so-called Twitter bots —...

Embattled Russian IT security company blames Microsoft for NSA hack (Public Radio International) Kaspersky has come under fire, accused of providing back-door access to the Russian government. But the company is firing back.

Pentagon warned of Kaspersky products 13 years before government-wide ban: Report (The Washington Times) The Pentagon’s intelligence agency flagged Russian software company Kaspersky Lab as a potential threat as far back as 2004, thirteen years before the Department of Homeland Security banned the government from using its products, The Wall Street Journal reported Friday.

U.S. Flagged Russian Firm Kaspersky as Potential Threat as Early as 2004 (Wall Street Journal) A Russian cybersecurity firm whose products current and former U.S. officials suspect Moscow has used as a tool for spying was flagged by U.S. military intelligence as a potential security threat as early as 2004.

Russian link to GCHQ alerts (Times) A British intelligence agency has based warnings about hacking threats on research by a controversial Russian cybersecurity company. The National Cyber Security Centre (NCSC), part of GCHQ, has...

British spies citing controversial security company run by a former KGB-trained intelligence expert (The Telegraph) British spies have been citing a controversial security company, which is run by a former KGB-trained intelligence expert, to help warn the public about cyber and hacking attacks.

A second variant of the new Cryptomix Ransomware released in a few days (Security Affairs) Malware researchers at MalwareHunterTeam discovered a new variant of the CryptoMix ransomware, the second one in just a few days.

Beware Catphishing attacks targeting the hearts of security pros (SC Media UK) Malwarebytes researchers are warning IT workers seeking love online to beware

Cybercriminal Abuse of Rewards Points (Flashpoint) Flashpoint has observed cybercriminal chatter about the exploitation of rewards points programs, especially those associated with travel.

Number of DDoS Attacks Have Doubled in Six Months As Criminals Leverage Unsecured IoT Devices (BusinessWire) The number of DDoS attacks has doubled in six months as criminals leverage unsecured IoT devices.

Attack of the cyber-bees: self-learning hivenets to replace botnets in 2018 (SC Media UK) Highly destructive, self-learning 'swarmbots' driven by hivenets will be the threat trend for next year said Fortinet global security strategist, Derek Manky.

Cybersecurity firm warns of advances in cybercrime (Manila Bulletin Business) Cybersecurity company Fortinet issued new warnings in the cybercrime world with threats ranging from the more advanced hivenets and swarmbots built on machine learning and artificial intelligence (AI) technologies which will hit mobile and cloud usage, among other things.

Ransomware Targets SMBs via RDP Attacks (Security Week) A series of ransomware attacks against small-to-medium companies are leveraging Remote Desktop Protocol (RDP) access to infect systems, Sophos reports.

EMOTET Trojan Variant Evades Malware Analysis (Security Week) A recently observed variant of the EMOTET banking Trojan features new routines that allow it to evade sandbox and malware analysis, Trend Micro security researchers say.

One month later, Magniber ransomware is still out there (SANS Internet Storm Center) Last month in October 2017, several sources reported a new ransomware family distributed by Magnitude exploit kit (EK) [1, 2, 3]. Security researchers dubbed the new ransomware "Magniber" because it appears to have replaced Cerber ransomware as distributed through Magnitude EK. Cerber seems to have disappeared since then, but as November 2017 progresses, we're still seeing Magniber.

Cobalt Strikes Again: Spam Runs Use Macros and CVE-2017-8759 Exploit Against Russian Banks (TrendLabs Security Intelligence Blog) The latest spam runs of the Cobalt group use malicious macro and exploit for CVE-2017-8759 to target Russian-speaking financial institutions.

Multiple Vulnerabilities in LibXL Library Open Door to RCE Attacks (Threatpost) Hackers using a specially crafted XLS files can trigger several remote code execution vulnerabilities in the LibXL library.

Bug that deleted $300m could have been fixed months ago (Naked Security) The flaw was reported in August 2017 and mistaken for a “convenience enhancement”

How a Wi-Fi Pineapple Can Steal Your Data (And How to Protect Yourself From It) (Motherboard) The Wi-Fi Pineapple enables anyone to steal data on public Wi-Fi networks. Here’s how it facilitates two sophisticated network attacks and how to protect yourself against them.

What you need to know about the cybergang behind Pornhub attack (Somerset Live) Millions of adult site users could have been affected

Hackers could take control of cars and kill millions, ministers warned (Times) Modern cars are an “open door” to hackers, inviting hostile states to use Britain’s roads as a weapon against citizens, ministers have been warned. Deaths are inevitable within five years if...

Child abuse on YouTube (Times) Google has made millions of pounds in advertising revenue from videos that exploit young children and appeal to paedophiles, experts say. Iceland, O2 and Which? are among companies to have...

McAfee Network Mistakenly Sent Malware To Customers Using Anti-Hacking Service (International Business Times) The Emotet banking malware was loaded into a Word file sent to users of the McAfee ClickProtect email protection service.

Skip Black Friday for a Safer Shopping Day: Gray Saturday (Infosecurity Magazine) The number of such attacks can decrease by as much as 33% on the day after Black Friday.

Security Patches, Mitigations, and Software Updates

Patch alert: Microsoft acknowledges printer bug; forced 1709 upgrades continue (Computerworld) Patch Tuesday problems roll out, with a new acknowledgment from Microsoft about a dot matrix printer bug, continued reports of Win10 1703-to-1709 upgrades, one unconfirmed report of a forced 1607-to-1709 upgrade, and a memory violation error with CDPUserSvc. Welcome to the jungle.

How to fix a program without the source code? Patch the binary directly (Ars Technica) Microsoft abandons typical Patch Tuesday playbook to fix Equation Editor flaw.

Microsoft Appears to Have Lost the Source Code of an Office Component (BleepingComputer) The way Microsoft patched a recent security bug has made several security and software experts believe the company might have lost the source code to one of its Office components.

Verizon rolls out Krack fix for its BlackBerry PRIV with September 2017 patch (The Android Soul) News about Android update and devices

GitHub Warns Developers When Using Vulnerable Libraries (Security Week) Code hosting service GitHub now warns developers if certain software libraries used by their projects contain any known vulnerabilities and provides advice on how to address the issue.

Cyber Trends

Ransomware damage costs predicted to hit $11.5B by 2019 (CSO Online) The rising ransomware costs are driven by an uptick in the frequency of attacks, which is expected to rise to an attack every 14 seconds.

2018 Security Predictions, by Forcepoint Security Labs (Forcepoint) A myriad of complex challenges will surface in 2018, threatening your ability to protect your users, data and networks in new ways. In the Forcepoint 2018 Security Predictions Report, our thought leaders assert that cybersecurity needs a forward-thinking, holistic approach to protect data in real-time, one that can transform a vulnerable employee to a defender of data.

Cyberstrategy for 2018: Time to Prepare for the Worst? (Comodo) Are you ready for 2018?

2017 Q3 Quarterly Threat Report (eSentire) The 2017 Q3 Quarterly Threat Report provides a quarterly snapshot of threat events investigated by the eSentire Security Operations Center (SOC).

Security Current Releases CISO-Authored Research Report on Endpoint Security (PRNewswire) Security Current today announced the release of its CISO-authored...

Sad state of enterprise cloud infrastructure governance (Help Net Security) A new survey of more than 300 IT professionals revealed that the state of enterprise cloud infrastructure governance is extremely poor.

Cyber attacks on country's top 20 'magic circle' law firms surge 60pc (Independent) Cyber attacks on the country's top 20 or so called 'magic circle' law firms have surged by 60pc in less than a year, with more than six out of 10 firms reporting attacks.

Kaspersky warns cybersecurity needs attention (The Nation) Thailand may be an example of the classic case of having a huge population of Internet users but also low cybersecurity awareness. Perhaps that makes it fertile ground for Kaspersky, a large cybersecurity firm that is often in the news.


Do you have the AI solutions the intelligence community needs? (C4ISRNET) ODNI puts up a $75,000 prize for AI solutions that can evaluate intelligence products before they're disseminated to troops and decision-makers.

The greatest risk with AI is not moving fast enough to deploy it: Microsoft (ZDNet) If there are only a handful of companies running AI, then it's unlikely that it will be applied broadly enough, according to Microsoft's strategic policy advisor Dave Heiner.

Marvell Technology to buy chipmaker Cavium for about $6 billion (Ars Technica) Two more chipmakers come together to try to compete with Intel, Broadcom.

Chipmakers bet on the ‘big bang’ of artificial intelligence (Financial Times) Broadcom’s $130bn bid for Qualcomm reflects semiconductor companies’ desire to depend less on smartphones and vie for a foothold in AI

What is an IPO pop and why do VCs hate it so much? (TechCrunch) Over the weekend, several VCs tweeted that my headline recapping Stitch Fix's first day of trading was too harsh. The headline read, "Stitch Fix up just 1%..

Equifax results a ‘stern warning’ to industry over cyber-security (Asset Finance International) Finance companies have been urged to consider the costs of cyber-security failures after details emerged of the financial impact of a security breach at Equifax earlier this year

At-Bay Launches from Stealth to Provide Cyber Insurance for the Digital Age (BusinessWire) At-Bay announces today that they are launching from stealth to provide cyber insurance for the digital age.

3 Ways to Retain Security Operations Staff (Dark Reading) Finding skilled security analysts is hard enough. Once you do, you'll need to fight to keep them working for you. These tips can help.

2 Signs Palo Alto Networks Inc Needs New Management (The Motley Fool) An unfulfilled promise and ongoing losses mean it’s time the data security provider consider some tough choices.

Kaspersky Laboratory opens R&D unit in Vladivostok (Telecompaper) Kaspersky Laboratory has launched its new R&D centre in the city of Vladivostok, reports The company owns four R&D units across the country.

Iconic hacker booted from conferences after sexual misconduct claims surface (Ars Technica) Professor, reporter say meetings with Draper years ago turned inappropriate.

Products, Services, and Solutions

Zentera's CoIP Enclave™ Solution Addresses Security Across Hybrid Environments at AWS re:Invent 2017 (PRNewswire) Zentera Systems, Inc., a leader in software-defined perimeters for...

How NSS Labs' CAWS finds and fixes network threats (CSO Online) The public instance of the CAWS Continuous Security Validation Platform from NSS Labs is a valuable tool for alerting IT teams about real threats with the ability to breach their defenses. But for networks with high security needs, the product's private instance is worth the high price tag.

Technologies, Techniques, and Standards

Ransomware recovery methods: What does the NIST suggest? (SearchSecurity) Ransomware recovery methods need to be considered by more and more enterprises as these types of attacks spread. Here's a look at what the NIST recommends.

Why Linus is right (as usual) (Errata Security) People are debating this email from Linus Torvalds (maintainer of the Linux kernel). It has strong language, like: Some security people ...

Cyber security collaboration is key to dark web deterrent (Financial Times) Vigilance remains high as cyber intelligence experts anticipate the next big ransomware threat

Risk Assessment in Information Security - An Alternative Approach (Infosecurity Magazine) An alternative approach to information security risk assessment is to use a Value-at-risk analysis.

3 Rules for Communicating Post-Crisis, Cyber Attack 101  (MarTechSeries) Listen up… a cyber-attack is likely to happen to your organization. The majority of attacks to date have focused on

How to talk about cryptocurrency at the holiday dinner table (TechCrunch) You’re sitting down to a nice meal and your aunt, always one step ahead, mentions she wants to start investing in Bitcoin. You freeze, a drip of gravy..

New Guide for Political Campaign Cybersecurity Debuts (Dark Reading) The Cybersecurity Campaign Playbook created by bipartisan Defending Digital Democracy Project (D3P) group provides political campaigns with tips for securing data, accounts.

Design and Innovation

Twitter says it will judge verified users’ offline behavior (The Verge) What losing a badge really means

Twitter gets tough on white supremacists with new policy (Naked Security) Verified user badges are not an endorsement and and you can’t be sure they’ll always be there

Google Chief Says Google News Will 'Engineer' Russian Propaganda Out of the Feed (Motherboard) “It’s basically RT and Sputnik,” he said on Saturday.

YouTube terminated its own channel "Citizentube" for multiple or severe violations (HackRead) In April 2007, YouTube launched its official channel on the site called Citizentube. The details of it were elaborated on YouTube's Google Blog according t

Social media threat: People learned to survive disease, we can handle Twitter (USA TODAY) We don’t know much about what would constitute the equivalent of intellectual indoor plumbing. But civics and skepticism would be a good start.

Research and Development

AFRL, firm to research ways to protect weapons from cyber attack (Dayton Daily) The Air Force Research Laboratory has awarded a $47.


NSA Grants Bolster Moraine Valley's Cybersecurity Programs (Palos, IL Patch) Moraine Valley received $1.5 million in grants to expand cybersecurity initiatives, the fastest growing speciality in IT industry.

Legislation, Policy, and Regulation

Collapse of German coalition talks deals Merkel blow, raises prospect of new elections (Washington Post) The surprise pullout of the Free Democrats leaves the chancellor with few options for a government.

Germany bans kids smartwatches, asks parents to destroy them (HackRead) Garmany's Telecoms regulator the Federal Network Agency (The Bundesnetzagentur) which oversees the country’s telecommunications has banned smartwatches for

US and Japan Take A Step In Cyber Information Sharing (LookingGlass Cyber Solutions Inc.) The Government of Japan and the U.S. Department of Homeland Security (DHS) took a step to strengthen the cyber relationship between the two nations.

This Island Nation Wants To Become The First Regulatory Body Of ICOs (FXStreet) Anguilla is moving to become the first regulatory authority on initial coin offerings and utility token offerings.

Senators propose limit on FISA files (The Denver Post) A pair of senators on Friday released their bipartisan proposal to renew a powerful surveillance authority for collecting foreign intelligence on U.S. soil, but with a new brake on the government…

Former State Department official talks cyber diplomacy in Bartels lecture (Cornell Chronicle) Returning to Cornell to give the annual Bartels World Affairs Fellowship Lecture Nov. 15, Christopher Painter ’80, former coordinator for cyber issues at the U.S. Department of State, discussed the power – and the limitations – of cyber diplomacy in a public lecture in Kennedy Hall’s Call Auditorium.

Florida May Counter 'Growing Threat' to Election Security (US News & World Report) Calling it a "growing threat" to Florida's election systems, Gov. Rick Scott and state election officials want to spend more than $2 million in the coming year on cybersecurity.

Litigation, Investigation, and Law Enforcement

Skype faces fine after refusing to allow eavesdropping (Naked Security) The trouble began when authorities came knocking, wanting to listen in on organised crime

Everyone has been hacked, say police (Times) Virtually everyone in the country is likely to have had their personal data hacked and placed for sale on the dark web, police have said. Peter Goodman, the National Police Chiefs’ Council lead for...

In Brazil, cybercriminals operate in plain view (The Brazilian Report) Brazil received the fourth-highest number of attacks carried out by cybercriminals in the world during 2016, resulting in losses of $103 billion.

Feds charge man they say worked for 'darknet' marketplace (Washington Post) An Illinois man who federal prosecutors say worked as a spokesman for a “darknet” marketplace for illicit internet commerce has been charged in Atlanta.

Fund Targets Victims Scammed Via Western Union (KrebsOnSecurity) If you, a friend or loved one lost money in a scam involving Western Union, some or all of those funds may be recoverable thanks to a more than half-billion dollar program set up by the U.S. Federal Trade Commission.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

CyberCon 2017: Beyond Cybersecurity (Pentagon City, Virginia, USA, November 28, 2017) The cyber front is about more than just security. Defending in cyberspace takes a holistic approach, encompassing technology, policy and people. That’s why we’re bringing together military, intelligence...

Cyber 9-12 (Washington, DC, USA, March 16 - 17, 2018) Now entering its fifth year, the Cyber 9/12 Student Challenge is a one-of-a-kind competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges...

9th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 6, 2018) An opportunity to hear, meet, and interact with cybersecurity leaders from Government and industry.

Upcoming Events

The 3rd Annual Billington INTERNATIONAL Cybersecurity Summit (Washington, DC, USA, November 21, 2017) The 3rd Annual Billington International Cybersecurity Summit on March 21 in Washington, D.C. at the National Press Club, will attract over 400 attendees at the leading forum on global cybersecurity in...

Aviation Cyber Security (London, England, UK, November 21 - 22, 2017) Join us on November 21/22 in London, England for the Cyber Senate Aviation Cyber Security Summit. We will address key issues such as the importance of information sharing and collaboration, supply chain...

Global Conference on Cyberspace (GCCS) (New Dehli, India, November 23 - 24, 2017) The Global Conference on Cyberspace (GCCS) aims to deliberate on the issues related to promotion of cooperation in cyberspace, norms for responsible behaviors in cyberspace and to enhance cyber capacity...

AutoMobility LA (Los Angeles, California, USA, November 27 - 30, 2017) The Los Angeles Auto Show Press & Trade Days and Connected Car Expo have MERGED to form AutoMobility LA, the new auto industry’s first true trade show. Register to join us in Los Angeles this November.

INsecurity (National Harbor, Maryland, USA, November 29 - 30, 2017) Organized by Dark Reading, the web’s most trusted online community for the exchange of information about cybersecurity issues. INsecurity focuses on the everyday practices of the IT security department,...

INsecurity (National Harbor, Maryland, USA, November 29 - 30, 2017) INsecurity is for the defenders of enterprise security—those defending corporate networks—and offers real-world case studies, peer sharing and practical, actionable content for IT professionals grappling...

Cyber Security, Oil, Gas & Power 2017 (London, England, UK, November 29 - 30, 2017) ACI’s Cyber Security - Oil, Gas, Power Conference will bring together key stakeholders from energy majors and technology industries, to discuss the challenges and opportunities found in the current systems.

Cyber Security Summit Los Angeles (Los Angeles, California, USA, November 30, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Los Angeles. Receive...

cyberSecure (New York, New York, USA, December 4 - 5, 2017) cyberSecure is a unique cross-industry conference that moves beyond the technology of cyber risk management, data security and privacy. It brings together corporate leaders from multiple function areas...

cyberSecure (New York, New York, USA, December 4 - 5, 2017) cyberSecure is a unique cross-industry conference that moves beyond the technology of cyber risk management, data security and privacy. Unlike other cybersecurity events, cyberSecure brings together corporate...

National Insider Threat Special Interest Group Meeting (Virginia Chapter) (Herndon, Virginia, USA, December 5, 2017) The National Insider Threat Special Interest Group (NITSIG) is excited to announce it has established a Virginia Chapter. NITSIG Members and others may attend meetings at no charge. Attendees will receive...

Cyber Security Indonesia 2017: Shaping National Capacity for Cyber Security (Jakarta, Indonesia, December 6 - 7, 2017) Cyber Security Indonesia 2017 exhibition and conference, brought to you by the organisers of the Indonesia Infrastructure Week, will bring cyber security solutions providers together with key government...

Third International Conference on Information Security and Digital Forensics (ISDF 2017) (Thessaloniki, Greece, December 8 - 10, 2017) A 3 day event, with presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.