skip navigation

More signal. Less noise.

2017 cyberattacks proved more numerous, sophisticated, and ruthless than in years past.

WannaCry, NotPetya, ransomware-as-a-service, and fileless attacks abounded. And, that’s not everything. The victims of cybercrime ranged from private businesses to the fundamental practices of democracy. Read The Cylance Threat Report: 2017 Year in Review Report and learn about the threat trends and malware families their customers faced in 2017.

Daily briefing.

The Czech BIS counterintelligence service yesterday attributed last year's cyberattacks on the Foreign Ministry to Russia's GRU (a.k.a. Fancy Bear) (Reuters). 

Quora, the widely used question-and-answer site, has been breached. The attackers made away with passwords, names, email addresses, and direct messages belonging to some 100 million users. Quora discovered the breach Friday; causes remain under investigation (Ars Technica).

Marriott is not drawing good reviews for its response to the breach it disclosed last week. The hospitality chain is, for example, using the domain "email-marriott.com" to send notifications to the half-billion or so affected customers. But that domain is easily spoofed by typosquatters, and several security firms, working gratis, have preemptively registered several of the more plausible typosquatting domains (TechCrunch). Observers see a string of breaches going back to 2015, mostly involving Starwood (PYMNTS) with many missed opportunities to prevent the recent problem. A lesson being drawn is that corporate mergers and acquisitions represent a cyber danger point (Enterprise Times).

Google researchers found a privilege escalation flaw in Kubernetes. It's now patched; users should upgrade (Infosecurity Magazine).

Two scam apps, “Fitness Balance app” and “Calories Tracker app,” have been booted from Apple's App Store. The apps displayed a message telling people to keep their finger on the iOS touch ID feature, meanwhile flashing a quick payment window (likely to be unnoticed) in which the victim's fingerprint authorized payments of roughly $100 (Ars Technica). 

Robin Sage, please meet Tatiana Horakova. You two should really talk about trolling for catphish (Foreign Policy). 

Notes.

Today's edition of the CyberWire reports events affecting Australia, China, Czech Republic, Germany, Japan, Russia, United Kingdom, United States.

The email version of yesterday's CyberWire Daily News Briefing misprinted the name of the MI6 director. He is Alex Younger, not Alex Young.

How to Budget for Insider Threat Management, Proactively

According to a Ponemon Institute study, 34% of cybersecurity professionals said a lack of budget was a major barrier to effective insider threat management. So, how do you ask for the budget you need to proactively detect and stop insider threats? The latest guide from ObserveIT gives you the in-depth information you need to ask for a dedicated insider threat line item in your cybersecurity budget. Download The Guide to Budgeting for Insider Threat Management today.

In today's podcast, up later this afternoon, we hear from our partners at the University of Maryland, as Jonathan Katz talks us through SSD drive encryption security woes. Our guest is Brian Egenrieder from SyncDog, who discusses the challenges of commingling work and personal mobile devices.

The latest Recorded Future podcast, produced in cooperation with the CyberWire, is also up. In this episode, "Controlling online access in Yemen's war zone," we have an opportunity to learn about the role the internet has played in Yemen’s civil war, as rival factions fight to gain control of information, access, and infrastructure.

And in our new CyberWireX podcast, we offer part two of a four-part series, “Ground Truth or Consequences: the challenges and opportunities of regulation in cyberspace.” Experts take a look at the impact GDPR has had since its implementation in May 2018. Joining us for "Settling in with GDPR" are Emily Mossburg from Deloitte, Caleb Barlow from IBM, and Steve Durbin from ISF. Later in the program we'll hear from Jason Hart, CTO for enterprise and cybersecurity at Gemalto, the program sponsor. 

Cyber Attacks, Threats, and Vulnerabilities

Czech security service says Russia behind cyber attacks on ministry (Reuters) Russia's intelligence services were behind cyber attacks targeting the Czec...

In rare speech, MI6 chief says cyber brings ‘potentially existential challenge’ (Fifth Domain) In his second public speech ever, the head of the British intelligence agency described in stark terms a growing digital divide between liberal countries and

Nato accused of massing troops on Russian border (Times) Russia has accused Nato of a massive build-up of troops and heavy weaponry along its borders as tensions rise over the crisis in Ukraine. Colonel-General Alexander Fomin, Russia’s deputy defence...

NATO exercises cyber defences as threat grows (Yahoo) The activity is taking place just 50 kilometres (30 miles) from the border with Russia, seen by the West as the biggest cyber threat after a string of attacks blamed on the Kremlin. Targets have included world sports bodies, the US Democratic Party and the world chemical weapons watchdog in the Netherlands

'Influence Agents' Used Twitter to Sway 2018 Midterms (Dark Reading) About 25% of political support in Arizona and Florida was generated by influence agents using Twitter as a platform, research shows.

'Watering hole' attacks: How China's hackers went after think tanks and universities (The Sydney Morning Herald) So called “watering hole” attacks are often a first step in a campaign to insert malicious software into the systems of government officials or business leaders visiting the website.

Hackers breach Quora.com and steal password data for 100 million users (Ars Technica) Other stolen personal data includes names, email addresses, and direct messages.

Quora says hackers took data on 100 million users (Cyberscoop) Popular question-and-answer site Quora has discovered that hackers broke into its system and took data on 100 million users.

Revealed: Marriott's 500 Million Hack Came After A String Of Security Breaches (Forbes) Security breaches have rained down on Starwood in recent years, according to cybersecurity researchers. They could've been a warning about the megabreach that was to come.

2015 Marriott Breach: Prelude To 2018 Attack? (PYMNTS.com) Marriott International, which announced last week it was the victim of a hack in which the bad guys accessed its reservation database for Starwood properties, could have stopped the breach years earlier. According to a report in the Wall Street Journal citing cyber security specialists, the breach in which the personal information of as many […]

Marriott’s Starwood Missed Chance to Detect Huge Data Breach Years Earlier, Cybersecurity Specialists Say (Wall Street Journal) Marriott says it responded quickly when it learned in recent weeks of a colossal theft of customer data, but cybersecurity specialists say the company missed a significant chance to halt the breach years earlier.

Marriott data breach shows cyber security risks of mergers - (Enterprise Times) Marriott International has admitted that hackers have stolen the details of up to 500 million customers in a major breach at Starwood hotels

Marriott’s breach response is so bad, security experts are filling in the gaps — at their own expense (TechCrunch) Last Friday, Marriott sent out millions of emails warning of a massive data breach — some 500 million guest reservations had been stolen from its Starwood database. One problem: the email sender’s domain didn’t look like it came from Marriott at all. Marriott sent its notification email…

Citrix security boss warns that cryptojackers are exploiting cloud ignorance (Cyberscoop) Don’t count on cloud security providers to keep hackers away.

Researchers Find Major Kubernetes Flaw (Infosecurity Magazine) Users urged to patch critical privilege escalation bug

Kubernetes Alert: Security Flaw Could Enable Remote Hacking (BankInfo Security) A severe vulnerability in Kubernetes, the popular, open-source software for managing Linux applications deployed within containers, could allow an attacker to

SSD Advisory – iOS/macOS Safari Sandbox Escape via QuartzCore Heap Overflow (Security Boulevard) Vulnerabilities Summary QuartzCore [...], also known as CoreAnimation, is a framework use by macOS and iOS to build an animatable scene graph.

How Email Scammers Are Using Marketeer Methods to Target CFOs (Fortune) FBI estimates that targeted email fraud relieved companies of $12.5 billion in 2018.

iOS apps used Touch ID feature to trick users into paying hefty fees (Ars Technica) Apple gives two scam apps the boot after they come to light.

Watch Out for a Clever Touch ID Scam Hitting the App Store (WIRED) Touch ID is seamless, which makes it great for unlocking your phone—and for App Store scammers.

Machine-to-Machine (M2M) Technology Design Issues and Implementation Vulnerabilities (TrendLabs Security Intelligence Blog) We delve into the protocol security issues that may crop up from a technology perspective. The scarce awareness that we’ve observed around the current state of MQTT and CoAP can enable attackers in achieving their goals, ranging from reconnaissance and lateral movement to remote control and targeted attacks.

Malspam pushing Lokibot malware (SANS Internet Storm Center) I've frequently seen malicious spam pushing Lokibot (also spelled "Loki-Bot") since 2017.

Nonprofits on Facebook Get Hacked—Then They Really Need Help (WIRED) Facebook is an enormous platform for charitable giving, but some nonprofit leaders say there aren’t enough resources when something goes wrong.

Cybersecurity still a major issue for non-profits (The Daily Swig | Web security digest) With GDPR now very much in effect, how are charities faring when it comes to securing their data?

Jared, Kay Jewelers Parent Fixes Data Leak (KrebsOnSecurity) The parent firm of bling retailers Jared and Kay Jewelers has fixed a bug in the Web sites of both companies that exposed the order information for all of their online customers.

How an Internet Impostor Exposed the Underbelly of the Czech Media (Foreign Policy) When politicians own the press, trolls have the last laugh.

Cyber Trends

Culture - the flaws in human nature - eats security budgets for breakfast (The Business Times) You can spend any amount of money on cybersecurity, but if the organisation lacks a strong security culture, your investments will never outpace the risks. Today, the biggest cyber risk influencer is still human conduct.

There is continual war in cyberspace (Tribune India News Service) On November 26, I uncovered the largest known foreign disinformation operation targeting the Indian users of social media. The word

Why hospitals are the next frontier of cybersecurity (Help Net Security) Hospital cybersecurity is a pressing problem with unique challenges and incalculable stakes. The healthcare industry’s accelerating adoption of

Small Businesses Lose $80K on Average to Cybercrime Annually, Better Business Bureau Says (Small Business Trends) The growth of cybercrime will cost the global economy more than $2 trillion by 2019, according to th

Marketplace

Why Security Firms Do Not Share The Cost Of Bad Reputation After A Cyberattack? (Forbes) A company after a cyber attack needs its cybersecurity partners' support more than when they signed the contract of partnership

U.S. Financial Firms to Further Increase Cybersecurity Spending (Bloomberg) Thales survey finds 84% are planning to boost their investment. Some big banks spend $1 billion annually on cybersecurity.

Finding a Workaround to the Defense Talent Shortage (ClearanceJobs) As the competition for cleared IT talent continues to heat up, many employers are looking to college students to combat the defense talent shortage.

The Hartford snaps up MGU Y-Risk; hires team (Intelligent Insurer) US-based The Hartford has purchased Y-Risk, a managing general underwriter (MGU) specialising in the sharing and on-demand economy, from Allstar Financial Group.

Ann Arbor startup Censys raises over $2 million (WDIV) Ann Arbor-based information security software company, Censys has found its future in GV and Greylock.  

Iran: 5th Cyber Defense exhibition opens in Tehran (Army Recognition) The three-day event is organized by Iran's Civil Defense Organization, aims at providing the grounds for domestic players in the field of cyber security, electronic banking, industrial control systems, electronic security, and electromagnetics to showcase their latest developments and achievements.

#NICEK12: San Antonio Aims to Become Cyber City, USA (Infosecurity Magazine) The mayor of San Antonio welcomes attendees to the 2018 NICE K12 Cybersecurity Education Conference.

Huawei opens a Vulnerability Reward Program with a max payout of ~$143,000 (XDA) Mobile security is important for a number of reasons, no less because most of our personal lives now reside on our smartphones.

The Truth About Facebook's Fake Quest to Connect the World (WIRED) Facebook exes assured employees that the cash-rich business of amassing users was a moral imperative. To survive, the company must revise its mission.

Kaspersky Lab to Stay in US Despite Rejection of Company's Lawsuit Against Gov't (Sputnik) Russian cybersecurity company Kaspersky Lab regrets a US court's decision to uphold the dismissal of the company's lawsuit against the government's ban on its antivirus programs, but will nonetheless remain on the US market, the company's press service told Sputnik.

Can BlackBerry (BB) Beat Market Woes on Inorganic Growth? (Nasdaq) On Dec 3, we issued an updated research report on wireless services provider, BlackBerry Limited.

Palo Alto Networks: The 2 Core Reasons I'm Staying Long (Seeking Alpha) PANW reported an upside surprise to sales and earnings Thursday after the close, and guided strongly.

5 Stocks That Will Double Their Yields In 7 Years (Forbes) If you want to figure out how long it will take to double your money in an investment, you use the “Rule of 72.” But income investors can put this rule to work, too, to figure out just how quickly their dividends will pile up.

AXIS launches unified global cyber and technology unit (Life Insurance International) AXIS Insurance, the insurance business of Bermuda-based AXIS Capital Holdings, has rolled out its combined global cyber and technology unit.

Microsoft, Mastercard alliance muscles in on digital identity (iTnews) We care a lot … (product not included).

Portnox Names Tomer Shemer-Buchbut Vice President of Products (BusinessWire) Former head of the cyber security product team for global data-mining and intelligence provider Verint joins leading network access control vendor.

RiskSense adds two Silicon Valley and cyber security insiders to its Board of Directors (Help Net Security) The addition of Skip Glass and Eric McAlpine to RiskSense's Board will help the company to navigate new operational and corporate development opportunities.

Cybersecurity firm Crypsis adds investigations expert Chris Salsberry (Consulting) McLean, VA-headquartered Crypsis Group has bolstered its cyber investigations team with the addition of Chris Salsberry, a cyber forensics expert with a background spanning consulting and law enforce

ManTech Appoints John McNiff as Senior Vice President, Business Development of Mission, Cyber & Intelligence Solutions Group (Nasdaq) ManTech (Nasdaq:MANT) today announced that it has named John McNiff as Senior Vice President, Business Development of the company's Mission, Cyber & Intelligence Solutions (MCIS) Group, reporting to MCIS President Rick Wagner.

New Head of Security Business Announced at BT (Infosecurity Magazine) Kevin Brown will replace Mark Hughes, who will leave BT at the end of the year

Products, Services, and Solutions

CyberSaint Closes the Communication Gap Between CISOs and Executive Management with Breakthrough Product Enhancements (BusinessWire) CyberSaint introduces fully automated, executive risk and compliance reports for CISOs; provides integrated risk management based on NIST standard.

Ingram Micro Chooses Nyotron's PARANOID for its Endpoint Security (PR Newswire) Nyotron, provider of the industry's first OS-Centric Positive Security solution to strengthen endpoint...

D3 Security Achieves Certified Integration with McAfee Enterprise Security Manager (ESM) through the McAfee Security Innovation Alliance (BusinessWire) D3 Security announced that it has achieved technical integration of the D3 SOAR Platform with the McAfee® Enterprise Security Manager (ESM).

Interset 5.7 Brings Analytics to the Cloud for Fast, Flexible and Economical Threat Detection (Interset) Interset behavioral analytics deployed in a cloud-native environment reduces compute costs by 5X and greatly reduces admin overhead.

Ping Identity announces new customer Identity-as-a-Service solution for application developers (Help Net Security) Ping Identity released for the public preview PingOne for Customers. The cloud-based Identity as a Service (IDaaS) offering is built for the developer

ZeroStack delivers AI-as-a-Service (Help Net Security) ZeroStack’s AI-as-a-service capability gives customers features to detect GPUs and make them available for users to run their AI applications.

ForgeRock and Socure partner to secure the customer identity lifecycle (Help Net Security) ForgeRock and Socure partner to automate onboarding and service delivery authentication for frictionless end user experiences.

Technologies, Techniques, and Standards

Leak site's launch shows dilemma of radical transparency (AP NEWS) A new leak website is wrestling with what to make available to the public, an illustration of the difficulty of balancing full transparency with respect for privacy in an age of mass disclosures. The site, dubbed Distributed Denial of Secrets, is aimed at capturing the cascade of leaked data coursing through the web, securing it for researchers and journalists before it disappears amid the digital churn of the internet.

Hardware is on its way out as the demand for SD-WAN climbs (Help Net Security) SD-WAN provides the flexibility to use any combination of transport connectivity, and logically bonds multiple links into virtual overlays.

Artificial Intelligence Is a Threat to Cybersecurity. It’s Also a Solution. (BCG) Companies are in an arms race. They need to protect their fledgling AI programs. AI also gives attackers a powerful new capability. The solution? AI.

Fight Evolving Cybersecurity Threats With a One-Two-Three Punch (Security Intelligence) Collaborative industry partnerships, a hardened attack surface and a well-practiced incident response plan are all critical in the fight against emerging cybersecurity threats.

Navy, Marine Corps Forced to Send Sensitive Info by Mail After Army's Popular Sharing System Shuttered (USNI News) An Army-run secure document transfer system is shuttered, so the Navy and Marine Corps are using registered mail to send encrypted discs.

Research and Development

Homeland Security Will Let Computers Predict Who Might Be a Terrorist on Your Plane — Just Don’t Ask How It Works (The Intercept) The software, developed under contract, will be given to foreign governments. It is already being tested.

Legislation, Policy, and Regulation

Dozens of signatories added to Paris cyber agreement (TheHill) Nearly 100 nations and groups have added their names to an international agreement on actions in cyberspace in the weeks since the document was unveiled.

Germany Develops Offensive Cyber Capabilities Without A Coherent Strategy of What to Do With Them (Defense One) Germany has traditionally prioritized defense over offense in cyberspace. That's now beginning to change.

Japan faces legal snags in building defense against cyber-attacks (Asahi Shimbun) Japan plans to significantly bolster its defense against cyber-attacks, but the nation’s legal frame

Analysis | The Cybersecurity 202: British intelligence officials propose way to access encrypted group chats (Washington Post) Just add law enforcement as a "silent" user, they say.

U.K.’s Intelligence Chief: Britain Faces Tough Decision on Huawei’s 5G Technology (Wall Street Journal) The head of Britain’s foreign intelligence agency said the U.K. had a tough decision to make on whether to allow Chinese telecommunications giant Huawei to supply a 5G mobile network in the country.

MI6 boss Alex Younger tells Britain: beware march of Chinese technology giants (Times) The head of MI6 has questioned whether a Chinese telecoms giant should be involved in Britain’s next-generation mobile network amid fears over spying. Alex Younger, 55, said that “some decisions”...

Litigation, Investigation, and Law Enforcement

U.S. Encourages Banks to Innovate in Anti-Money Laundering Compliance (Wall Street Journal) The pledge, in a statement from multiple U.S. regulatory agencies, comes as authorities encourage lenders to try out new technology and intelligence-gathering methods as they combat evolving illicit-finance threats.

Israeli firm rejects alleged connection to Khashoggi killing (AP NEWS) An Israeli company known for its sophisticated phone surveillance technology on Monday rejected accusations that its snooping software helped lead to the killing of Saudi journalist Jamal Khashoggi. The NSO Group has faced similar claims in the past that its products were used to stifle dissent in other countries. But the alleged connection to the Khashoggi killing is the most high-profile case to date, drawing new attention to the secretive company's business practices and the Israeli government's oversight of private defense contractors.

CIA Director Gina Haspel to brief key senators behind closed doors about Khashoggi killing (Washington Post) Lawmakers from both parties have been demanding to hear from Haspel, who was noticeably absent last week from a similar briefing on the slaying of the journalist in the Saudi Consulate in Istanbul.

Manafort Tried to Broker Deal With Ecuador to Hand Assange Over to U.S. (New York Times) There is no evidence that Paul Manafort was working with President Trump or other administration officials on the talks, which stemmed from 2017 discussions on Chinese investment.

Roger Stone: No Evidence I Ever Contacted WikiLeaks; "I Engaged In Politics" (Real Clear Politics) "I've never done anything in politics that was outside the norms of my colleagues and contemporaries," Stone said Sunday in an interview with ABC's George Stephanopoulos.

First Lawsuits Filed in Starwood Hotels' Breach (Dark Reading) Class-action suits have been filed on behalf of guests and shareholders, with more expected.

Google CEO’s appearance before Congress postponed (Axios) It was the same day as George H. W. Bush’s funeral.

Oath agrees to pay $5M to settle charges it violated children’s privacy (TechCrunch) TechCrunch’s Verizon-owned parent, Oath, an ad tech division made from the merging of AOL and Yahoo, has agreed to pay around $5 million to settle charges that it violated a federal children’s privacy law. The penalty is said to be the largest ever issued under COPPA. The New York Times…

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

2019 Securing New Ground (New York, New York, USA, October 29 - 30, 2019) The Security Industry Association (SIA) carefully curates topics and speakers for this two-day conference with the goal of inspiring our fellow leaders in the security about the potential of the global...

Upcoming Events

Securing Digital ID 2018 (Alexandria, Virginia, USA, December 4 - 5, 2018) As an increasing number of transactions move online and are mobile-enabled, the conference will explore today’s complex world of digital identities and how they are used for strong authentication and remote...

First Annual Maryland InfraGard Cybersecurity Conference (College Park, Maryland, USA, December 5, 2018) InfraGard is a partnership between the FBI and members of the private sector. The InfraGard program provides a vehicle for seamless public-private collaboration with government that expedites the timely...

International Cyber Risk Management Conference (Hamilton, Bermuda, December 6 - 7, 2018) Now in its fourth year in Canada, the International Cyber Risk Management Conference (ICRMC) has earned a reputation as one of the world’s most trusted cyber security forums. We are proud to bring ICRMC...

2018 Cloud Security Alliance Congress (Orlando, Florida, USA, December 10 - 12, 2018) Today, cloud represents the central IT system by which organizations will transform themselves over the coming years. As cloud represents the future of an agile enterprise, new technology trends, such...

Wall Street Journal Pro CyberSecurity Executive Forum (New York, New York, USA, December 11, 2018) The WSJ Pro Cybersecurity Executive Forum will bring together senior figures from industry and government to discuss how senior executives can best prepare for hacking threats, manage breaches, and work...

National Cyber League Fall Season (Chevy Chase, Maryland, USA, December 15, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...

SINET Global Institute CISO Series (Scottsdale, Arizona, USA, January 15 - 16, 2019) By invitation only. These intimate CISO workshops address the challenges that Board of Directors are placing on security and risk executives, and how to successfully manage and communicate today’s enterprise...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.