skip navigation

More signal. Less noise.

1 million credentials fall into criminal hands every single day.

That's just one of the findings from the 2018 Credential Spill Report, which analyzed all of the usernames and passwords that were reported as compromised last year. The report also studied credential stuffing attack data across four major industries, finance, airlines, retail, and hotels, finding that retailers were by far the most targeted for account takeover. Read the report to learn about new ways attackers disguise credential stuffing and the total cost of attacks.

Daily briefing.

A new variant of Shamoon malware has been reported in the attack against Italian oil-field services company Saipem (Reuters). Shamoon first surfaced in 2012 attacks against Saudi Aramco, It's a wiper, and its earlier uses have generally been associated with Iran (Infosecurity Magazine). The attack on Saipem may have been staged through Chennai, India (Offshore Technology).

The US hasn't yet indicted Chinese nationals on hacking charges, nor have new sanctions been levied, but the anticipated public denunciation of Chinese activities in cyberspace has begun (Wall Street Journal). Senior counterintelligence officials delivered harsh remarks yesterday in testimony before the Senate Judiciary Committee. Representatives of the FBI, DHS, and Justice Department outlined a view of Chinese strategy designed to supplant US world technological and economic leadership. The playbook is "rob, replicate, and replace," as Assistant Attorney General Demers put it (Washington Post).

Indictments are still widely expected, as investigation of the Marriott breach increasingly looks toward Chinese intelligence services as likely culprits (WIRED). 

The Senate hearings were noteworthy for warnings about influence operations exercised in universities through Confucius Institutes. In the UK, MPs also warned of Chinese presence in universities, but the British problem is seen as excessive coziness with Huawei (Telegraph).

China has taken a second Canadian citizen into custody even as Huawei's CFO posts bail in Vancouver (CNN).

British Prime Minister May survived her party's confidence vote yesterday evening (BBC). France's President Macron, his concessions largely rejected by the Gilets Jaunes (France 24), now faces his own no-confidence challenge (Express).

Notes.

Today's edition of the CyberWire reports events affecting Azerbaijan, Australia, Columbia, Estonia, European Union, Finland, France, Germany, India, Iran, Israel, Kuwait, Mali, Netherlands, New Zealand, Norway, Russia, Saudi Arabia, Sierra Leone, Syria, Turkey, United Arab Emirates, United Kingdom, United States.

How Are You Responding to Threats? Find Out Now in the SANS 2018 Incident Response Survey

What new and continuing threats were uncovered in investigations and how are organizations dealing with those threats? In this SANS 2018 Incident Response Survey, learn how IR teams are coping with organizational structures, resources and IR implementation in an ever-changing threat environment. Find out how they have structured their incident response functions, what systems they’re conducting investigations on, the threats they’re uncovering and how they're uncovering them. Then apply these findings in your 2019 programs.

In today's podcast, up later this afternoon, we hear from our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin discusses how password policies align with the 5th amendment. Our guest is Liz Rice from Aqua Security, who explains what it means for security teams to “shift left.”

And, since it's Thursday, Hacking Humans is also up. In this episode, "A pesky problem that doesn't go away," Joe describes a Nigerian gang called "London Blue" that focuses on business email compromise. Dave shares surprising Cyber Monday phishing statistics. Our guest, Chris Bailey from Entrust Datacard, teaches us how to detect lookalike sites online and better protect ourselves from fraud.

DreamPort Event: The Red Hat OpenShift Container Platform Bootcamp (Columbia, Maryland, United States, January 3, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting the Red Hat OpenShift Container Platform Bootcamp. This is all about Containers, DevOps, & Agile Development. Attendees will learn, hands on, how to create, develop, use, deploy, and access containers as DevOps & Agile Development tools.

Rapid Prototyping Event: The Wolf in Sheep's Clothing (Columbia, Maryland, United States, January 29 - 31, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Protoyping Event which is interested in identifying UAM solutions that employ advanced real-time analysis of multiple data sources for detecting unauthorized activities.

Cyber Attacks, Threats, and Vulnerabilities

AP Exclusive: Iran hackers hunt nuclear workers, US targets (AP NEWS) As U.S. President Donald Trump re-imposed harsh economic sanctions on Iran last month, hackers scrambled to break into personal emails of American officials tasked with enforcing them, The Associated Press has found — another sign of how deeply cyberespionage is embedded into the fabric of US-Iranian relations.

Saipem says Shamoon variant crippled hundreds of computers (Reuters) A hack on Italian oil services firm Saipem that crippled more than 300 of the co...

Saipem Middle East servers hit by cyber attack out of India (Offshore Technology) Italian oil services firm Saipem’s servers in the Middle East have been affected following an alleged a cyber attack out of India.

New Variant of Shamoon Malware Uploaded to VirusTotal (SecurityWeek) A new variant of the destructive Shamoon malware was uploaded to the VirusTotal malware analysis service, which shows a close match to historic versions of the malware.

Middle East Servers Targeted in Saipem Cyber-Attack (Infosecurity Magazine) An attack on Saipem began in India and targeted servers in Saudi Arabia, the United Arab Emirates and Kuwait.

Cyber Attack Targets Oil and Gas Services Company (Rigzone) Saipem suffers a cyber attack on its servers.

Windows Zero-Day Exploited by New 'SandCat' Group (SecurityWeek) The Windows kernel zero-day patched by Microsoft this week has been exploited by several threat actors, including a new group tracked by Kaspersky as SandCat.

MPs warn on Huawei's 'disturbing' ties to UK universities amid security fears  (The Telegraph) MPs on the Foreign Affairs Select Committee have urged British universities to exercise "extreme caution" accepting money from Huawei, amid growing international concern about the security threat posed by the controversial Chinese telecom company.

FBI Says Chinese Espionage Poses ‘Most Severe’ Threat to American Security (Wall Street Journal) The disclosures, at a Senate Judiciary Committee hearing, came as the Trump administration is preparing to lay out an unprecedented amount of evidence in coming days about Chinese spying and hacking operations designed to steal secrets from U.S. companies.

Top FBI official warns of strategic threat from China through economic and other forms of espionage (Washington Post) Official says the “relentless theft of U.S. assets is positioning China to supplant” the United States as the world’s superpower.

FBI: China threatens 'the future of the world’ (Washington Examiner) Chinese spying threatens “not just the future of the United States, but the future of the world,” a senior FBI official told lawmakers Wednesday.

Is US military cloud safe from Russia? (BBC News) The BBC investigates a $10bn (£8bn) Pentagon contract to store sensitive data in a cyber-cloud.

Cryptocurrency Miner Spreads via Old Vulnerabilities on Elasticsearch (TrendLabs Security Intelligence Blog) We detected mining activity on our honeypot that involves the search engine Elasticsearch, which is a Java-developed search engine based on the Lucene library and released as open-source. The attack was deployed by taking advantage of known vulnerabilities CVE-2015-1427, a vulnerability in its Groovy scripting engine that allows remote attackers to execute arbitrary shell commands through a crafted script, and CVE-2014-3120, a vulnerability in the default configuration of Elasticsearch.

Apache Misconfig Leaks Data on 120 Million Brazilians (Infosecurity Magazine) Half the country has ID numbers exposed

An critical bug in Microsoft left 400M accounts exposed (HackRead) A bug bounty hunter from India, Sahad Nk who works forSafetyDetective, a cybersecurity firm, has received a reward from Microsoft for uncovering and reporting a series of critical vulnerabilities in Microsoft accounts.

Researchers find over 40,000 stolen logins for government portals (CSO Online) A phishing operation led to the theft of more than 40,000 login credentials for government services in 30 countries.

Phishing Attack Through Non-Delivery Notification (SANS Internet Storm Center) Here is a nice example of phishing attack that I found while reviewing data captured by my honeypots. We all know that phishing is a pain and attackers are always searching for new tactics to entice the potential victim to click on a link, disclose personal information or more…

Hackers fooled Save the Children into sending $1 million to a phony account (Boston Globe) Save the Children Federation said it was the victim of a $1 million cyberscam last year.

Security Patches, Mitigations, and Software Updates

Microsoft and Adobe Patch 100+ Bugs in December (Infosecurity Magazine) Several zero-day vulnerabilities should be prioritized by admins

Adobe Patches 87 Vulnerabilities in Acrobat Software (SecurityWeek) Adobe patches 87 vulnerabilities in its Acrobat and Reader software, but none of the flaws have been exploited in the wild.

Opera brings a flurry of crypto features to its Android mobile browser (TechCrunch) Crypto markets may be down down down, but that isn’t stopping Opera’s crypto features — first released in beta in July — from rolling out to all users of its core mobile browser today as the company bids to capture the ‘decentralized internet’ flag early on. Oper…

Cyber Trends

Cybersecurity Predictions for 2019 (Proofpoint) Proofpoint researchers predict trends that will shape the threat landscape in 2019.

Juniper Networks and IoT Institute Survey: As IoT Deployments Collide with Multicloud Ecosystems, Where Does Security Stand? (Juniper Networks) According to Gartner, “by 2020, 75% of organizations will have deployed a multicloud or hybrid cloud model for their IT needs.”1 While we’ve known for some time that the future is multicloud, ensuring cybersecurity across diverse and non-traditional environments has mostly been an afterthought. Desp...

Microsoft, PayPal and Google Top Brands Targeted by Phishing Campaigns, According to Comodo Cybersecurity Global Threat Report (GlobeNewswire News Room) Hacking democracy efforts continue with disturbing upticks in malware deployments leading up to major national elections

Microsoft, PayPal and Google Top the Brands Hit by Phishing (Infosecurity Magazine) Malicious attachments are the top method of phishing attack, with phishing URLs close behind.

Hacking democracy efforts continue with upticks in malware deployments (Help Net Security) The Comodo Global Threat Report 2018 Q3 reveals disturbing upticks in malware deployment leading up to major national elections.

NSA Cyber Chief Says Companies Are Losing Ground Against Adversaries (Wall Street Journal) Rob Joyce, a specialist at the National Security Agency, said companies’ readiness for cybersecurity threats is “getting worse.”

Marketplace

France plans to lure 'thousands' of UK fintech jobs, says minister  (The Telegraph) France is seeking to lure thousands of UK financial technology jobs to the country, doubling down on its charm offensive with a new host of benefits for companies willing to relocate to Paris.

Contractor support needed through Cyber Command's 'Green Monkey' initiative (Washington Technology) The U.S. Cyber Command released its 'Green Monkey' RFI as it explores how to get contractor support to sift through technical cybersecurity proposals.

4iQ Secures $18 Million in Series B Funding from C5 and ForgePoint; Adds Board Members (TheCourierExpress.com) 4iQ, a pioneer in identity attribution analysis and a leading provider of intelligence for the largest identity theft protection vendors, announced today that it closed

Venafi Launches $12.5M Machine Identity Protection Development Fund (BusinessWire) Jetstack, OpenCredo and Cygnacom funded at Machine Identity Protection Live

BlackBerry will turn things around "very shortly", John Chen says (Cantech Letter) BlackBerry investors can expect a turnabout in the near future, says CEO John Chen, who thinks shareholders should be pleased by its financial stability.

Apple plans major US expansion including a new $1 billion campus in Austin (TechCrunch) Apple has announced a major expansion that will see it open a new campus in North Austin and open new offices in Seattle, San Diego and Los Angeles as it bids to increase its workforce in the U.S. The firm said it intends also to significantly expand its presence in Pittsburgh, New York and Boulder…

eSentire Appoints Former Palo Alto Networks CEO Lane Bess to Board of Directors (BusinessWire) eSentire, Inc., the largest pure-play Managed Detection and Response (MDR) provider, today announced that Lane Bess has joined its Board of Directors.

DXC Technology turns to BT Security to nab its infosec bossman (Register) Waves bye to yet ANOTHER HPE exec, internal memo confirms

Virtru Strengthens Leadership Team with Nationally Recognized Data Privacy Advocate (BusinessWire) Enterprise data privacy innovator Virtru has added Dr. Andrea Limbago, formerly of Endgame, as its new chief social scientist.

Products, Services, and Solutions

Enveil Brings Data in Use Security to the Azure Marketplace (GlobeNewswire News Room) Data Security Startup Expands Access to its Secure Processing Capabilities for Cloud Customers

BitDam to Protect City of Las Vegas from Email-based Cyber Attacks (PRWeb) The City of Las Vegas has selected BitDam’s Advanced Threat Protection (ATP) solution to support its ongoing endeavors in protecting its o

DXC provides post cyber-attack services to APAC insurers (ComputerWorld) Australia's DXC Technology has won a contract to provide post-cyber-attack services to insurers in APAC markets including Hong Kong

Symantec, Fortinet Form Expansive Partnership Around Cloud Security (CRN) Fortinet's Next-Generation Firewall will be integrated into Symantec's cloud-delivered Web Security Service in the first half of 2019 to provide comprehensive threat prevention.

Google expands its cloud services with cybersecurity company Palo Alto Networks (The Financial Express) Google Cloud has announced to expand its partnership with global cybersecurity company Palo Alto Networks to simplify security and accelerate cloud adoption.

DigiCert conquers Google's distrust of Symantec certs (Security Brief) “This could have been an extremely disruptive event to online commerce,

Bitdefender Announces New Managed Threat Monitoring Service (Best Endpoint Security Protection Software and Vendors) Bitdefender announced their GravityZone Managed Endpoint Detection and Response (MEDR) service, a new managed threat monitoring service.

Trustworthy Network Segmentation for an Untrustworthy World (Security Boulevard) Denial is not a strategy. The reality is that networks, PCs and XenApp clients are susceptible to attacks, if they haven’t been breached already. Network segmentation is an imperative. Organizations need to isolate applications that contain sensitive data, but this approach can introduce the cost and hassle of issuing a second PC for authorized users. Establish true end-to-end protections around sensitive The post Trustworthy Network Segmentation for an Untrustworthy World appeared first on Bromium.

Technologies, Techniques, and Standards

Preparing for Cyber Conflict - Case Studies of Cyber Command (ICDS) This is the first publicly available comparative study of the military cyber organisations in five European countries: Estonia, Finland, Germany, the Netherlands, and Norway.

Scanning for Flaws, Scoring for Security (KrebsOnSecurity) Is it fair to judge an organization’s information security posture simply by looking at its Internet-facing assets for weaknesses commonly sought after and exploited by attackers, such as outdated software or accidentally exposed data and devices?

Deception technology: Authenticity and why it matters (Help Net Security) This article is the second in a five-part series being developed by Dr. Edward Amoroso in conjunction with the deception technology team from Attivo

Cloud Security Not Automatic (Wall Street Journal) Many firms neglect basic due diligence when it comes to cloud security, falsely believing cloud-service providers automatically handle all their security needs, says Roland Cloutier, chief security officer at Automatic Data Processing Inc.

Guidelines for assessing ISPs' security measures in the context of net neutrality (Help Net Security) ENISA's guideline helps NRAs assess whether security measures implemented by ISPs are justified, even when they go against net neutrality regulation.

Leveraging AI and automation for successful DevSecOps (Help Net Security) The article provides 10 ways in which organizations of any size can leverage the power of AI and automation for their DevSecOps pipeline.

Taylor Swift uses facial recognition on concert-goers to weed out stalkers (The Telegraph) Concert-goers at a Taylor Swift concert were unknowingly scanned to spot potentially dangerous mega-fans who have become obsessed with the star.

Design and Innovation

Emerging technologies could tip the scales for cyber defense (Fifth Domain) One top Department of Defense leader has an optimistic outlook on the future of network defense.

Researchers show how data science techniques can find Twitter 'amplification bots' (The Next Web) It's easier than you might think.

Google’s Own Email Filters Flag Google’s Party Invite as Malicious (Motherboard) A cybersecurity reporter says his own Google-provided email app flagged an email about a Google party because it included content “typically used to steal personal information.”

Research and Development

OPAQ Awarded Patent for Software-Defined Network Segmentation (AP NEWS) OPAQ , the network security cloud company, today announced that it has received a patent from the United States Patent & Trademark Office for its software-defined network segmentation technology that monitors connection requests on endpoint devices and transparently enforces security policies to prevent lateral attacks on corporate networks (Patent # 10,122,760).

Academia

Code-cracking puzzles are a gateway to higher math (Education Dive) Teaching the long history of ciphers, cryptography and code breaking expands students' ideas of how math fits into the real world.

Legislation, Policy, and Regulation

'The rules of engagement have broken' in cyberspace, says CEO of cybersecurity giant FireEye (CNBC) Jim Cramer sits down with FireEye CEO Kevin Mandia to discuss how the global rules of engagement in cyberspace have eroded in recent years.

Why Microsoft is fighting to stop a cyber world war (ZDNet) The tech industry is becoming more worried about a cyberwar arms race. But are the right people listening?

Japan to follow Aussie and Kiwi leads, Banned Huawei & ZTE Tech Equipment (Financial World) As the Huawei CFO had been arrested in Canada, being accused of cover up her company’s tie-up with Hong Kong based Skycorp, that tried to sell Hewlett Packard tech instruments to the Iranian officials despite US and EU banned

European split over Huawei ‘threat’ risks ruffling Western alliances (South China Morning Post) Unsupported claims Huawei products are packed with spyware have not convinced some US allies into shifting policies to shut out the Chinese tech giant

US has a 'concerted strategy' to push allies to reject Huawei's 5G equipment: Eurasia Group (CNBC) The United States is pushing its allies to shut out Chinese tech giant Huawei for 5G networks on national security worries, a Eurasia Group expert says.

Goldman's top cybersecurity official says he spends too much time talking to regulators (CNBC) Too many different local, state, national and international cybersecurity regulations are hampering corporations' ability to deal with cyberattacks, said Goldman Sachs' chief information security officer Tuesday. 

Finally, a meaningful congressional report on stemming cybersecurity attacks (CSO Online) The Cybersecurity Strategy Report offers solutions to six problem areas in an effort to improve IT's ability to cope with today's cyber threat landscape.

Analysis | The Cybersecurity 202: Election commission could give lawmakers new tools against hacking (Washington Post) Members of Congress could use leftover campaign funds to secure personal devices.

Senate Bill Targets Chinese Economic Espionage (Foreign Policy) New measure would give U.S. prosecutors power to indict hackers working abroad.

Bipartisan supply chain bill likely punted to next Congress, McCaskill says (TheHill) A bipartisan bill that would create a way to detect national security risks in the supply chain likely won’t be taken up this Congress, one of the legislation’s cosponsors said Wednesday.

How the Joint Staff’s cyber role has changed (Fifth Domain) The character of war is evolving, and so has the Joint Staff's part in integration efforts.

Facial recognition is becoming one of the 21st century’s biggest public space issues (Curbed) It’s about civil rights and the erosion of privacy in the public realm.

Navy appoints first W-1 officers in four decades. What’s next? (Navy Times) A trio of cyberwarriors will pin on the W-1 rank on Sept. 1, 2019, and the other three will join them a month later on the first day of the new federal fiscal year.

Four Steps to Fix the Security Clearance Backlog (Defense One) Clearance delays are hurting the aerospace industry — and national security.

Litigation, Investigation, and Law Enforcement

Second Canadian under investigation in China as diplomatic spat intensifies (CNN) A second Canadian is believed to have been detained in China in a potential act of retribution that threatens to escalate the diplomatic dispute between Washington, Beijing and Ottawa, following the arrest of a Chinese Huawei executive in Canada.

If China Hacked Marriott, 2014 Marked a Full-on Assault (WIRED) It increasingly appears that China was behind the Marriott hack, making 2014 a landmark year in cyberattacks against the US.

Marriott hotel cyber attack linked to Chinese spy agency (The Independent) Trump administration plans actions targetting China's trade, cyber and economic policies in coming days

Meng arrest and Huawei claims illustrate China’s high-tech dilemma (Asia Times) Trump weighs into the row after the Huawei senior executive is released on bail but Chinese companies are urged to follow international rules

Injured jihadist on the run after Strasbourg attack (Times) Hundreds of police across France and Germany were hunting last night for a 29-year-old man who killed at least two people while shouting Allahu akbar in the Christmas market in Strasbourg. Seven of...

Islamic State unleashes suicide bombers in Hajin, Syria (FDD's Long War Journal) In the past 24 hours, the Islamic State has conducted more than one suicide bombing against US-backed forces in Hajin, Syria. One Islamic State "martyr" blew himself up near the Hajin hospital, which became the scene of intense fighting earlier this week.

House Report Finds Equifax Picked Business Over Security (Decipher) The report from the House Oversight and Government Reform Committee on what happened at Equifax is case study in how a lot of small security and technology decisions can add up over time, with catastrophic results.

Equifax Breach Underscores Need for Accountability, Simpler Architectures (Dark Reading) A new congressional report says the credit reporting firm's September 2017 breach was 'entirely preventable.'

Analysis | The Cybersecurity 202: Republicans and Democrats are feuding over the Equifax breach (Washington Post) That doesn’t bode well for tougher security topics.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

National Cyber League Fall Season (Chevy Chase, Maryland, USA, December 15, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...

SINET Global Institute CISO Series (Scottsdale, Arizona, USA, January 15 - 16, 2019) By invitation only. These intimate CISO workshops address the challenges that Board of Directors are placing on security and risk executives, and how to successfully manage and communicate today’s enterprise...

CPX Asia 360 2019 (Bangkok, Thailand, January 21 - 23, 2019) CPX 360 - the industry’s premier cyber security summit and expo - brings together the world’s leading cyber security experts to one venue. Gain a deep understanding of current challenges cyber security...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.