skip navigation

More signal. Less noise.

2017 cyberattacks proved more numerous, sophisticated, and ruthless than in years past.

WannaCry, NotPetya, ransomware-as-a-service, and fileless attacks abounded. And, that’s not everything. The victims of cybercrime ranged from private businesses to the fundamental practices of democracy. Read The Cylance Threat Report: 2017 Year in Review Report and learn about the threat trends and malware families their customers faced in 2017.

Daily briefing.

A report on Russian information operations commissioned by the US Senate Intelligence Committee was released this morning (Washington Post). The study focuses on the Internet Research Agency’s output, and confirms the St. Petersburg troll farm’s opportunism and cultural fluency. WIRED says the study is also bad news for both Facebook and Google, since it suggests the two companies “dissembled” in their responses to Congressional inquiries.

Huawei's position in Europe continues to erode, as both BT and Deutsche Telekom shy away from the Chinese hardware manufacturer on security grounds (Bloomberg). Huawei has said it’s determined to do whatever it takes to allay security concerns (Financial Times). It’s smaller rival ZTE is in a similar position: the company has retained former Senator Lieberman to conduct "an independent security assessment" of its products (POLITICO).

The Five Eyes are said to have agreed this summer to "contain" the threat from Huawei (Gizmodo). Fifth Domain sees parallels between 2014’s Sino-American cyber tension sand those of today.

The boomstortion scammers who made false bomb threats across much of the English-speaking world last week haven’t really scored—the “cockwombles” behind the caper (as Graham Cluley calls them) have so far pulled in nothing but chickenfeed. They’re also turning to a new bogus threat: acid attacks (Infosecurity Magazine).

Followers of YouTube star PewDiePie are back, and again hijacking printers. This time, however, they express a more high-minded purpose than, for example, encouraging people to eat Tide Pods: they say they’re hacking printers to raise security awareness (Infosecurity Magazine).

Notes.

Today's edition of the CyberWire reports events affecting Australia, Canada, China, Germany, India, New Zealand, Russia, Saudi Arabia, United Kingdom, United States.

How Are You Responding to Threats? Find Out Now in the SANS 2018 Incident Response Survey

What new and continuing threats were uncovered in investigations and how are organizations dealing with those threats? In this SANS 2018 Incident Response Survey, learn how IR teams are coping with organizational structures, resources and IR implementation in an ever-changing threat environment. Find out how they have structured their incident response functions, what systems they’re conducting investigations on, the threats they’re uncovering and how they're uncovering them. Then apply these findings in your 2019 programs.

In today's podcast, up later this afternoon, we speak with our partners at Accenture, as Justin Harvey discusses M&A targets and resilience.

Attribution is the topic of this week's Research Saturday: "The Sony hack and the perils of attribution." Risk Based Security took a detailed look back at the 2014 Sony hack, comparing analysis that came out while the facts were still unfolding with what we know today. There are interesting lessons about attribution to be learned. Brian Martin, V.P. of vulnerability intelligence at Risk Based Security, talks us through what they found.

Cyber Security Summits: 2019 (United States, January 1 - December 31, 2019) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from the FBI, Darktrace and more at the 2019 Cyber Security Summits. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350).

DreamPort Event: The Red Hat OpenShift Container Platform Bootcamp (Columbia, Maryland, United States, January 3, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting the Red Hat OpenShift Container Platform Bootcamp. This is all about Containers, DevOps, & Agile Development. Attendees will learn, hands on, how to create, develop, use, deploy, and access containers as DevOps & Agile Development tools.

Rapid Prototyping Event: The Wolf in Sheep's Clothing (Columbia, Maryland, United States, January 29 - 31, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Protoyping Event which is interested in identifying UAM solutions that employ advanced real-time analysis of multiple data sources for detecting unauthorized activities.

Cyber Attacks, Threats, and Vulnerabilities

How Russian Trolls Used Meme Warfare to Divide America (WIRED) A new report for the Senate exposes how the IRA used every major social media platform to target voters before and after the 2016 election.

The NSA and China feuded in cyberspace in 2014. Will they again? (Fifth Domain) Events that occurred in 2014 which may provide key clues to the Chinese and American cyber relationship of today.

China is now the biggest threat to your privacy, and other commentary (New York Post) Foreign desk: China’s Now Biggest US Privacy Threat Americans have long believed that the biggest threats to their privacy come from the US government: the FBI, the National Security Agency, etc. B…

German cyber watchdog says no evidence that Huawei spies (RT International) Germany’s cyber security authority says claims that Huawei is spying on customers are not backed up by evidence and has urged caution before boycotting the Chinese telecommunications giant.

Facebook Exposed 6.8 Million Users' Photos to Cap Off a Terrible 2018 (WIRED) In the latest in its long string of incidents this year, Facebook let developers access the private photos of 6.8 million users.

Photos of 6.8 Million Facebook Users Exposed by API Bug (SecurityWeek) Facebook discovered a vulnerability in the Photo API that could have allowed third-party apps to access all of a user’s photos. Up to 6.8 million users and 1,500 apps are impacted.

How one hacked laptop led to an entire network being compromised (ZDNet) One worker clicking on the wrong link at the wrong time resulted in a major security breach.

YouTube is reading text in users’ videos (Naked Security) Google keeps tabs on much of your activity. Now, it turns out that its YouTube service is also reading what’s in your videos too.

Microsoft Security Essentials repeatedly detects Nemucod in recreated tmp.edb (Microsoft) Today, I got a popup saying that I would be logged off in 1 minute. Sure enough, it happened. I updated the malware definitions of MSE, Malwarebytes Free, and Spybot S&D free, then ran full scans in

Hide 'N Seek Botnet Continues to Grow by Infecting IoT Devices Using Default Credentials (Security Intelligence) Avast security analysts reported that the Hide 'N Seek botnet continues to grow by infecting vulnerable Internet of Things (IoT) devices still using their default passwords.

Vulnerabilities in high-performance computer chips could lead to failures in modern electronics (Help Net Security) Researchers have uncovered previously unknown vulnerabilities in high-performance computer chips that could lead to failures in modern electronics.

Thousands of Jenkins servers will let anonymous users become admins (ZDNet) Two vulnerabilities discovered and patched over the summer expose Jenkins servers to mass exploitation.

PewDiePie Hackers Hijack Printers Again (Infosecurity Magazine) Global attack intended to raise security awareness

Quiz Phishing: One Scam, 78 Variations (Akamai) Over the past year, Akamai Enterprise Threat Research team monitored the usage of one particular phishing toolkit in the wild. We previously wrote about this phishing toolkit as

Logitech Keystroke Injection Flaw Went Unaddressed for Months (Threatpost) The flaw allows a remote attacker to gain full access over a machine.

Magecart Attacks: The Card Skimming Epidemic (Infosecurity Magazine) Looking at the common tactics contributing to recent Magecart attack success and explores how to defend against them.

When clouded judgment puts data at risk (Raconteur) Failings in cloud security hinder digital transformation and could even lead to business leaders losing their jobs

Marriott Breach Highlights Need for Better Identity Practices to Protect Against Account Takeover and Identity Impersonation (GlobeNewswire News Room) Secure Technology Alliance recommends strengthened identity proofing, hardware-backed strong authentication

Satan ransomware is now exploiting 10 new server flaws (CyberByte Blog) Be aware! Windows and Linux systems are now vulnerable to self-propagating 'Lucky' malware.This is a new version of a ransomware that was first spotted two yea

Fake Xmas Bonus Payslip delivers Ursnif – Gozi (My Online Security) We are still seeing a fairly large Ursnif /Gozi /ISFB campaign hitting the UK again this week. Today we are seeing an Xmas Payslip theme The subjects vary slightly but include Wages December…

Connecticut utilities tight-lipped about potential for cyber-attacks (New Haven Register) Given how we have come to take the reliable delivery of electricity for granted, the results of a recent survey of power- and utility-executives about the potential for a cyber-attack disrupting service could be seen as shocking. Nearly half of the chief executive officers of power- and utility-companies who responded to a KMPG survey released in November said they believed a cyber-attack on their businesses is a matter of "when", not "if." And only 58 percent of the respondents felt their companies were prepared in their ability to identify new cyber-threats.

$3 billion in scams: Home-buyers in Maryland, U.S. are more vulnerable than ever due to fraudulent emails (Baltimore Sun) Maryland consumers are more vulnerable to losses via email scams during the home-buying process than ever before.

International email bomb hoax proves to be a spectacular failure (Graham Cluley) Authorities in the United States, Canada, Australia, and New Zealand are said to be investigating a wave of bogus bomb threats that have been sent to a variety of organisations late on Thursday. But if the hoaxer thought they were going to make a lot of money through the scam, they’re going to be disappointed.

Last Week’s Bomb Hoaxer Is Serial Online Extortionist (Infosecurity Magazine) Cisco Talos claims scammer is now threatening victims with acid attack

Save the Children Hit by $1m BEC Scam (Infosecurity Magazine) US charity on the receiving end of sophisticated email fraud

Save the Children Charity Org Scammed for Almost $1 Million (BleepingComputer) If certain crooks have some sort of moral compass that keeps them away from certain victims, others ditch such boundaries for the right amount of money. A perpetrator from the latter category was able to fool the charitable organization Save the Children into misdirecting close to $1million.

Topeka online utilities pay system safe after cyber-attack (News-Press NOW) Topeka officials say the city's online utilities payment system is safe after a cyber-attack in November.

Computer cyber attack prompts volunteer's resignation in Rockaway Township (New Jersey Hills) Two weeks ago, a cyber attack locked township police out of the department’s computer system, and this week, there are still no answers as to why and

Hacker Banner Ads Are Totally Wild (Motherboard) While the advertising industry generally moved away from banner adverts, they’re still very much alive, well, and kicking on cybercrime forums.

Security Patches, Mitigations, and Software Updates

Siemens Patches Several Critical Flaws in SINUMERIK Controllers (SecurityWeek) Siemens SINUMERIK controllers are affected by DoS, privilege escalation and code execution vulnerabilities, including several flaws rated critical.

Update now! WordPress 5.0.1 release fixes seven flaws (Naked Security) Don’t delay, update your Wordpress website today.

Twitter Fixes Bug That Gives Unauthorized Access to Direct Messages (BleepingComputer) A bug affecting the permissions dialog when authorizing certain apps to Twitter leaves direct messages exposed to the third-party without the user ever knowing about it.

Cyber Trends

Cybercrime Is World's Biggest Criminal Growth Industry (Dark Reading) The toll from cybercrime is expected to pass $6 trillion in the next three years, according to a new report.

Deloitte Puts the Spotlight on the Cost of Cyber-Crime Operations in New Threat Study (PR Newswire) In an effort to expose and clarify the cost challenge of cyber criminals, Deloitte's cyber risk services practice...

Cybercrime gangs continue to innovate to hide their crimes (Help Net Security) The new APWG Phishing Activity Trends Report shows phishers are using new techniques to carry out their attacks and obfuscate their origins.

Trend Micro says, Sophisticated cyber attacks on cloud will dominate in 2019 (TechGraph) A Japan-based cybersecurity firm, Trend Micro on Friday released its cybersecurity reports, in which it said that “In 2019, the hackers will use more sophisticated tools for hacking, especially in new technologies like Cloud The trend in its report said “The vulnerabilities will be found more in Cloud infrastructure, such as containers and weak cloud …

The year ahead: More breaches, bolstered regulation and the rise of AI (Help Net Security) This time of the year is always exciting for us, as we get to take a step back, analyze how we did throughout the year, and look ahead at what the coming

SA is losing around R2.2bn to cyber attacks (IOL Business Report) More South Africans prefer to do their festive shopping online, but this spike in online shopping marks ideal hunting ground for cybercriminals.

Marketplace

Huawei Hemorrhages Allies in Europe on Growing Security Concerns (Bloomberg) BT and Deutsche Telekom among companies distancing themselves

Huawei vows to do ‘anything’ to soothe security concerns (Financial Times) Chinese group prepared to make wholesale changes, says western Europe chief

Don’t Worry About a U.S. Component Ban on Huawei (Bloomberg) History suggests a deal will be made, with Trump already indicating his willingness to use the case as a bargaining chip in trade talks.

China's ZTE taps Joe Lieberman for D.C. damage control (POLITICO) Lieberman is the third former U.S. lawmaker working on ZTE’s behalf in Washington.

'They threw us under the bus at every opportunity': Facebook fact-checkers say its mission to weed out fake news was a PR stunt (Business Insider) Some fact-checkers expressed dismay at the news that Facebook hired the Republican-linked PR firm Definers to smear prominent critic George Soros

In the winds of crypto winter (TechCrunch) Well, it was surreal while it lasted, by which I mean the 2017-18 cryptocurrency bubble. For a while there, Coinbase was #1 in the App Store, Bitcoin was above $10K, and there were more notional crypto zillionaires out there than you could shake a Merkle tree at. Those were the crazy days. Now, tho…

The Future of American Broadband Is a Comcast Monopoly (Motherboard) The FCC insists a new report proves that broadband competition is raging and prices have dropped. The reality is notably different.

Saudi Aramco and US firm establish cybersecurity joint venture (MEED) Reports say a cyber attack on Saipem servers is latest variant of Shamoon virus that had previously targeted Saudi Aramco

Thales-Gemalto Merger Gets NZ Approval - Mobile ID World (Mobile ID World) Thales and Gemalto have attained another clearance for their proposed merger, this time from the New Zealand Commerce Commission.

Thoma Bravo In Talks To Buy All Of McAfee From TPG, Intel: Report (CRN) The deal would value McAfee at significantly above its 2016 valuation of $4.2 billion, CNBC said, and put the kibosh on any talks Thoma Bravo is having around acquiring top competitor Symantec.

Acquisition sees formation of UK's broadest cyber training provider (BCW) QA, the UK’s largest tech training provider, today announced that it has acquired information security training company InfoSec Skills, which will sit under the wing of QA’s Learning division. This acquisition gives QA the broadest range of cyber security accreditations (including popular CREST qualifications) compared to any other provider across an inclusive set of cyber security domains. As the UK’s leading cyber security education provider, QA currently delivers over 100 cyber security solu...

Will BlackBerry Ltd. (TSX:BB) Stock Get Back on Track in 2019? (The Motley Fool Canada) BlackBerry Ltd. (TSX:BB)(NYSE:BB) stock has plummeted to a 52-week low in December, but the company is well positioned for a bounce back going forward.

Accenture opens tech hub in Midtown Atlanta (Atlanta Journal Constitution) Accenture on Wednesday unveiled its 11th North American innovation center at Midtown Atlanta’s Technology Square.

Former NSA Deputy CIO Kim Skvorak Named Deep Water Point Principal for Intell Community Sector - GovCon Wire (GovCon Wire) Kim Skvorak, former deputy chief information officer at the National Security Agency, has joined Dee

Products, Services, and Solutions

Cylance Narrows the Cybersecurity Skills Gap with Virtual CISO (BusinessWire) CISO-in-a-Box Offering Helps Security Executives Meet Industry Standards, Deploy Proven Frameworks, and Adhere to Compliance Regulations

Recorded Future Added to the Department of Homeland Security's Continuous Diagnostics and Mitigation Program's Approved Products List (PR Newswire) Recorded Future, the leading threat intelligence company, today announced that it has been approved to deliver critical...

Drawbridge Partners Teams with CrowdStrike to Provide Industry-leading Incident Response Services to Alternative Investment Vertical (BusinessWire) Drawbridge Partners Teams with CrowdStrike to Provide Industry-leading Incident Response Services to Alternative Investment Vertical

The fastest, most secure browser? Microsoft Edge apparently (Register) Well, in one respect anyway

Technologies, Techniques, and Standards

The 2018 NIAC Report does not address its own recommendations (Control Global) The 2018 President’s National Infrastructure Advisory Council (NIAC) report “Surviving a Catastrophic Power Outage – How to Strengthen the Capabilities of the Nation”, was issued December 2018. How can we respond and recover from catastrophic power outages when we continue to ignore the devices that can prevent “respond and recover”? How can we improve our understanding of how cascading failures across critical infrastructure will affect “restoration and survival” when we don’t know we have a problem?

How to end a romance scam (CSO Online) Use this two-part test to convince romance scam victims that their “true love” is a fraud.

Shared knowledge vital to tackling cyber-crime in financial sector (Asset Finance International) Cyber attacks on financial institutions are becoming increasingly frequent, so organisations must invest in continuous development of protection against threats,...

What is Cloud Workload Security? (Security Boulevard) A cloud workload is a distinct capacity or work function that we put on a cloud instance.

3 Ways to Make Employees Your Best Cybercrime Fighters (StamfordAdvocate) The biggest data breaches are highly publicized, but what one often doesn't see is the behind-the-scenes work that led to discovery and eventual remediation of the damage.

Design and Innovation

Fake face fools fones (Naked Security) Forbes has added to the ever-growing pantheon of ways to trick biometrics by printing a 3D head and using it to break into Android phones.

Who Are You, Really? A Peek at the Future of Identity (Dark Reading) Experts dive into the trends and challenges defining the identity space and predict how online identities will change in years to come.

Can We Please Drive Passwords Into Extinction Now? (Forbes) Passwords, "strong" or weak, remain a major factor in a majority of data breaches. It is long past time to retire them.

Research and Development

​Data61 leads new 'ethical' artificial intelligence institute (ZDNet) The non-profit will investigate how to fix the ingrained bias problem that AI systems display.

Academia

Cyber school’s Wilkes-Barre location celebrates grand opening (Times Leader) If you wanted transparency in public education, the new Wilkes-Barre office for Pennsylvania Cyber Charter has a great deal of it, literally.The office sits in a corner space…

Legislation, Policy, and Regulation

'Five Eyes' Spy Chiefs Agreed to Contain Huawei's Global Reach at Meeting in July: Report (Gizmodo) At a meeting in Canada in July 2018, espionage chiefs from Australia, Canada, New Zealand, the U.K. and the U.S.—all signatories to a treaty on signals intelligence, and often referred to as the “Five Eyes”—agreed to do their best to contain the global growth of Chinese telecom Huawei, the Wall Street Journal reported on Friday, citing a prior report from the Australian Financial Review.

Opinion | It’s not a trade war with China. It’s a tech war. (Washington Post) The United States and China are fighting for an edge on the technology.

Russian lawmakers seek tighter internet control to counter... (Reuters) A group of three Russian lawmakers close to the Kremlin has proposed a tightenin...

Don’t swallow Labour’s claims of ‘black ops’ (Times) The deep state’s machinations have been exposed. The government is secretly funnelling taxpayers’ money to a “black ops” propaganda unit that meddles in friendly countries’ affairs and spreads...

Bill Shorten slammed over encryption busting bill (CRN Australia) Labor voted through bill without amendments it previously said were necessary.

ASD Director-General hits out at encryption Bill fake news (ZDNet) Claims that the new laws will drive tech companies offshore are flawed, according to ASD Director-General Mike Burgess.

Australia is a battleground for encrypted apps (Quartz) Signal, the messaging app, indicated it won't comply with government requirements.

Stopping Data Breaches Will Require Help from Governments (Harvard Business Review) Companies should be prepared, but can’t thwart every attack.

Navy to helm centre on maritime security (The Hindu) The Information Fusion Centre will serve countries that have White Shipping Information Exchange agreements with India

Plan for Commonwealth Cyber Initiative Approved / Moving Forward (Roanoke Star) A major Virginia cybersecurity initiative is moving from planning to implementation stages.

Litigation, Investigation, and Law Enforcement

China Has Confirmed the Detention of Two Canadians for 'Endangering National Security' (Yahoo News - Latest News & Headlines) China has confirmed it has detained two Canadian men, saying they were being detained on suspicion of “endangering national security.”

Here's what's going on with the Marriott hack, Huawei and the DOJ — and it's all related to China and trade (CNBC) Three seemingly unrelated news stories are getting lumped together under Trump's ongoing trade negotiations with China. What happens next with any of them could have significant implications for that deal, markets or both. 

MPs call on Parliament to investigate dangers Huawei poses to the UK's national infrastructure (The Telegraph) Cross-party MPs have called for an independent investigation into Huawei’s involvement in the UK's national infrastructure amid concerns that the Chinese company may pose a security risk.

New report on Russian disinformation, prepared for the Senate, shows the operation’s scale and sweep (Washington Post) The report, a draft of which was obtained by The Washington Post, is the first to study the millions of posts provided by major technology firms to the Senate Intelligence Committee.

U.S. Tech Giant Cloudflare Provides Cybersecurity For At Least 7 Terror Groups (HuffPost) Among its customers are the Taliban, al-Shabab and Hamas.

Analysis | The Cybersecurity 202: The Supreme Court could decide how bad a hack must be for victims to sue (Washington Post) The bar could be set much higher for consumers.

NYS A.G. Underwood Announces Settlements With Five Companies Whose Mobile Apps Failed To Secure User Information Transmitted Over The Internet (Data Breaches) Related Posts:Fandango, Credit Karma Settle FTC Charges that They…FTC Settlement Requires Fandango and Credit Karma to…Your Mobile Device and...

Equifax: A study in accountability but not authority responsibility (Help Net Security) Does giving development teams 48 hours to patch a framework on legacy systems with code from as early as the 1970s seem reasonable?

How Brian Kemp turned warning of election system vulnerability against Democrats  (Atlanta Journal Constitution) An AJC investigation looked into allegations that Georgia Democrats had hacked the state's election system.

U.S. Ballistic Missile Defense Systems Fail Cybersecurity Audit (BleepingComputer) A U.S. Department of Defense Inspector General report released this week outlines the inadequate cybersecurity practices being used to protect the United States' ballistic missile defense systems (BMDS ).

Former rave kingpin back in jail for bizarre bank heist (Naked Security) A former acid house rave kingpin has been sentenced to 20 months for using a bizarre home-built machine to pilfer £500,000 from banking customers.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

BSides Columbus 2019 (Columbus, Ohio, USA, March 1, 2019) BSides Columbus is a volunteer-run conference that gives local (and not-so-local) information-security enthusiasts a platform to share their discoveries and breakthroughs with the Central Ohio infosec...

Upcoming Events

SINET Global Institute CISO Series (Scottsdale, Arizona, USA, January 15 - 16, 2019) By invitation only. These intimate CISO workshops address the challenges that Board of Directors are placing on security and risk executives, and how to successfully manage and communicate today’s enterprise...

CPX Asia 360 2019 (Bangkok, Thailand, January 21 - 23, 2019) CPX 360 - the industry’s premier cyber security summit and expo - brings together the world’s leading cyber security experts to one venue. Gain a deep understanding of current challenges cyber security...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.