skip navigation

More signal. Less noise.

2017 cyberattacks proved more numerous, sophisticated, and ruthless than in years past.

WannaCry, NotPetya, ransomware-as-a-service, and fileless attacks abounded. And, that’s not everything. The victims of cybercrime ranged from private businesses to the fundamental practices of democracy. Read The Cylance Threat Report: 2017 Year in Review Report and learn about the threat trends and malware families their customers faced in 2017.

Daily briefing.

This morning the US Justice Department unsealed yesterday’s indictment of two Chinese hackers, Zhu Hua and Zhang Shilong, whom it connected with a long-running, extensive campaign by China’s Ministry of State Security to steal intellectual property from at least twelve countries. Initial reactions regard the indictment as containing damning accusations against Beijing, especially long-standing and systematic violation of that government’s undertakings to restrain itself with respect to industrial espionage (TechCrunch). 

The condemnation appears to be international: the US is expected to be joined by the UK, Australia, Canada, Japan and Germany, at least, in an announcement of unspecified joint action against Chinese cyber espionage (Washington Post).

China remains under suspicion of being responsible for the breach of EU diplomatic cables. Beijing denies responsibility (Computing).

Twitter observed a large volume of unusual traffic to its customer support site early this week. The social media company thinks it might be receiving some unwanted attention from potential attackers in either Saudi Arabia or China. Still, the incident remains unclear (but clear enough for investors to shy away from the company’s stock) (CNBC).

Late yesterday Microsoft issued an out-of-band patch for an Internet Explorer vulnerability being actively exploited. It’s a remote code execution issue in the scripting engine’s handling of objects in memory.

Facebook is suffering from its long-running accretion of bad news. The access the New York Times reported Facebook granted partners may have been less nefarious than it sounded (Ars Technica), but a lot of people aren’t listening to exculpations anymore (WIRED).


Today's issue includes events affecting China, European Union, India, Russia, Saudi Arabia, Syria, United Kingdom, United States.

A note to our readers: the CyberWire takes its annual holiday break next week, with Christmas and New Year's Day coming up. Our last issue of 2018 will be out Friday, December 21st. We'll resume regular publication on January 2nd, 2019. Our best holiday wishes to all of you.

How Are You Responding to Threats? Find Out Now in the SANS 2018 Incident Response Survey

What new and continuing threats were uncovered in investigations and how are organizations dealing with those threats? In this SANS 2018 Incident Response Survey, learn how IR teams are coping with organizational structures, resources and IR implementation in an ever-changing threat environment. Find out how they have structured their incident response functions, what systems they’re conducting investigations on, the threats they’re uncovering and how they're uncovering them. Then apply these findings in your 2019 programs.

In today's podcast, up later this afternoon, we speak with our partners at Palo Alto Networks, as Rick Howard offers some holiday reading suggestions. Our guest is Sarah Tennant from the Michigan Economic Development Corporation describing new cyber security initiatives at Michigan universities.

And Hacking Humans is also up. In this episode, "Truth emerges from the clash of ideas," we follow up on critical feedback of last week's show. Dave describes how online extortionists have pivoted from sex to explosives. We've got an auto-responding catch of the day from one of Joe's colleagues. Our guest is Sean Brooks, Director of the Citizen Clinic and a Research Fellow at the Center for Long-Term Cybersecurity at UC Berkeley. He shares their research into online attacks of politically vulnerable organizations.

Cyber Security Summits: 2019 (United States, January 1 - December 31, 2019) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from the FBI, Darktrace and more at the 2019 Cyber Security Summits. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350).

DreamPort Event: The Red Hat OpenShift Container Platform Bootcamp (Columbia, Maryland, United States, January 3, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting the Red Hat OpenShift Container Platform Bootcamp. This is all about Containers, DevOps, & Agile Development. Attendees will learn, hands on, how to create, develop, use, deploy, and access containers as DevOps & Agile Development tools.

Rapid Prototyping Event: The Wolf in Sheep's Clothing (Columbia, Maryland, United States, January 29 - 31, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Protoyping Event which is interested in identifying UAM solutions that employ advanced real-time analysis of multiple data sources for detecting unauthorized activities.

Cyber Attacks, Threats, and Vulnerabilities

China blamed for hack on EU diplomatic communications (Computing) China denies being behind cyber espionage which saw messages intercepted for three years

Phishing Diplomacy | Accountable Phishing Solution (Area 1 Security) Arguably a sovereign-state's most sensitive, and protected information. However, just as threat actors target businesses and organizations...

How the European Union was stymied by phishing (Fifth Domain) Chinese government hackers using basic phishing methods were able to infiltrate the European Union’s communication network, possibly for years, according to a Dec. 19 report by Area 1.

Chinese Hackers Stole Diplomatic Cables, Report Says. Here's How They Did It (Fortune) More stolen secrets.

Russian disinformation campaign targets Syria’s beleaguered rescue workers (Washington Post) Moscow has mounted a “brutal and unrelenting” drive against the White Helmets, an international research group says in a new report.

Facebook “partner” arrangements: Are they as bad as they look? (Ars Technica) New York Times report may have misinterpreted what “access” means.

Why Should Anyone Believe Facebook Anymore? (WIRED) Facebook has spent much of 2018 apologizing to people. A recent New York Times investigation calls all those apologies into question.

How Facebook sneakily uses IP data & more for targeted ads, even if users disable all location settings (9to5Mac) Facebook has a storied history of privacy concerns, especially as privacy relates to advertising. Today, Aleksandra Korolova, a University of Southern California computer science professor, has sha…

How Hackers Bypass Gmail 2FA at Scale (Motherboard) A new Amnesty International report goes into some of the technical details around how hackers can automatically phish two-factor authentication tokens sent to phones.

A Devious Phishing Scam Targets Apple Customers (WIRED) Be on the lookout for emails that claim to be from the App Store.

Twitter tumbles on concerns about hacking activity (CNBC) Twitter observed a large amount of traffic to the customer support site coming from individual internet IP addresses in China and Saudi Arabia.

Trend Micro flags malware contained in tweets, Twitter finds data security bug, suspicious content (Telecompaper) Trend Micro said it found malware in two tweets, sent out in October, featuring malicious memes.

Twitter Suspects China & Saudi Arabia Over Recent Hack - Latest Hacking News (Latest Hacking News) Twitter has recently reported a suspected State-sponsored attack through its contact form, possibly connected with Saudi Arabia and China. Although

With Mirai Comes Miori: IoT Botnet Delivered via ThinkPHP Remote Code Execution Exploit (TrendLabs Security Intelligence Blog) We analyzed another Mirai variant called “Miori,” which is being spread through a Remote Code Execution (RCE) vulnerability in the PHP framework, ThinkPHP. Aside from Miori, several known Mirai variants like IZ1H9 and APEP were also spotted using the same RCE exploit for their arrival method. The aforementioned variants all use factory default credentials via Telnet to brute force their way in and spread to other devices.

‘Brutally hacked’: Russia’s Embassy in London website targeted in cyberattack (RT International) The website of the Russian Embassy in the UK was targeted by hackers. The mission says there are grounds to believe that the attack originated from Britain.

Dozens of Municipalities Exposed in Click2Gov Software Compromise (Gemini Advisory) We noticed an out-of-pattern concentration of victims located in small-to-medium US cities. Further analysis of the card data linked to these locations revealed that records likely been stolen from…

Secret Experiment in Alabama Senate Race Imitated Russian Tactics (New York Times) A project to help the Democratic contender, Doug Jones, in his closely contested race against Roy Moore used deception on Facebook and Twitter.

Social media researcher admits to questionable tactics in 2017 Alabama Senate race ( Jonathon Morgan, chief executive of the research firm New Knowledge, said he created a Facebook page under false pretenses to test his ability to appeal to conservative voters.

IRS, Security Summit partners warn tax professionals of fake payroll direct deposit and wire transfer emails (Internal Revenue Service) The IRS and its Security Summit partners today warned tax professionals of an uptick in phishing emails targeting them that involve payroll direct deposit and wire transfer scams.

Trend Micro Flags Free Hola VPN as 'High-Risk' Over Security Holes (PCMAG) The antivirus provider is pointing to a whole host of dangers with the free edition of the VPN software, which other security experts have echoed over the years. But Hola and its partner Luminati say Trend Micro's research is sensational and irresponsible.

Pottery firm targeted in cyber attack (BBC News) Hackers encrypted the company's servers to cause "maximum disruption" to its payroll systems.

Cyber attack on Cosmos Bank: Cops hunt for those who cloned cards using stolen data (The Indian Express) In the first week of December, police filed a chargesheet against the nine accused arrested so far.

Security Patches, Mitigations, and Software Updates

Microsoft issues emergency patch for zero-day flaw in the IE browser (Computing) CVE-2018-8653 must be patched manually for now

CVE-2018-8653 | Scripting Engine Memory Corruption Vulnerability (Microsoft) A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer.

Microsoft Issues Emergency Fix for IE Zero Day (KrebsOnSecurity) Microsoft today released an emergency software patch to plug a critical security hole in its Internet Explorer (IE) Web browser that attackers are already using to break into Windows computers.

Microsoft Promises Sandboxed Apps With the Security of VMs (Tom's Hardware) Microsoft announced Windows Sandbox, a hybrid sandboxing technologies promising almost the same security guarantees as virtual machines, but with much better performance and lower power consumption on mainstream laptops.

Cyber Trends

IBM X-Force Security Predictions for the 2019 Cybercrime Threat Landscape (Security Intelligence) IBM X-Force's top security predictions for 2019 cover a range of potential attack schemes and consequences, from industry-specific prognostications to a rapid expansion of emerging criminal schemes.

See Forcepoint's Seven Cybersecurity Predictions for 2019 (Multi-Video) (American Security Today) In 2019, attackers will stop at nothing to steal our identities, evade detection through new techniques, and bring disruption to our doorsteps. The stakes are high, the world more connected than we could have ever imagined. Forcepoint , a 2018 ‘ASTORS’ Homeland Security Awards Winner for Best IT Data Management Solution, has unveiled the company’s 2019 Forcepoint Cybersecurity …

Cybersecurity 2019 — The Year in Preview: Security Threats to the Energy Grid (JD Supra) Editors’ Note: This is the first in our third annual end-of-year series examining important trends in data privacy and cybersecurity during the coming...

Norton™ LifeLock™ Research Identifies American Cyber Literacy Gap (BusinessWire) More than half of Americans (53 percent) don’t know that their data and personal information is not protected even if they enable privacy settings on


Blockchain Audit Startup CertiK Bolsters Executive Team with Two Key Hires (Fintech Finance) CertiK, the leading formal verification platform for smart contracts and blockchain audits, has formally announced the addition of two new executive hires: Daryl Hok, Executive Vice President and C…

Carbon Black Appoints Jill Ward to Board of Directors (GlobeNewswire News Room) Carbon Black (NASDAQ: CBLK), a leader in next-generation endpoint security delivered via the cloud, today announced that Jill Ward, a business leader and operating executive with experience scaling global technology companies, has joined Carbon Black’s board of directors.

Products, Services, and Solutions

Rohde & Schwarz Cybersecurity opens data center in Germany to serve German customers with the SaaS version of its Web Application Firewall (Rhode & Schwarz) Rohde & Schwarz Cybersecurity opens data center in Germany to serve German customers with the SaaS version of its Web Application Firewall

SecurityScorecard Hits 1 Million Companies Rated; Securing Position as Most Expansive and Accurate Platform on the Market Covering 175 Countries (SecurityScorecard) SecurityScorecard, the leader in security ratings, announced today the company’s achievement of reaching 1 million companies rated across 175 countries and 17 major industries.

Routier Joins Forces with Cybint to Protect User Data in the Hospitality Industry (Routier) Routier, an innovative digital solutions company for the hospitality industry, today announces its partnership with Cybint, a Cybersecurity Education company.

Cylance Introduces AI-Powered Virtual CISO (Tech) Cylance Inc. recently announced the availability of its virtual chief information security officer (vCISO) service. The Virtual CISO program is aimed at empowering organizations with crucial technology and security resources that support next-gen security architectures and also enable robust staff augmentation.Cylance vCISO allows customers at...

Akamai Hits New High for Peak Web Traffic Delivered (PR Newswire) Akamai (NASDAQ: AKAM), the intelligent edge platform for securing and delivering digital experiences, has set a ...

Zero Trust Security Protects Businesses while Enabling Growth (Security Boulevard) Many companies have their own applications, internal domains, and local area network (LAN). But when it comes to business applications, organizations are increasingly dependent on cloud-based resources. These may include email servers, customer relationship management (CRM) software, or other applications....

Hoplite Announces Launch of HopliteVPN Services (PR Newswire) Hoplite Industries, a leading cyber security company, today announced the addition of HopliteVPN to its list of...

Viasat Delivers the Fastest, Most Flexible Type 1 Cloud Communication Network Encryptor (PR Newswire) Viasat Inc. (NASDAQ: VSAT), a global communications company, is announcing upgrades to its KG-142 network...

Cylance’s GDPR Assessments Offer Sustainable Approach to Data Privacy (Security Boulevard) Cylance is pleased to announce that Cylance Consulting will now offer General Data Protection Regulation (GDPR) assessments as part of the company’s service offerings.

Technologies, Techniques, and Standards

Blockchain update: New standards group for private blockchains announced by ETSI (Computing) Intel, Vodafone and Telefonica in effort to specify an operational reference architecture for permissioned ledgers

Why are some vulnerabilities disclosed responsibly while others are not? (Help Net Security) ENISA has released a report on vulnerability disclosure economics - the incentives and motivations that influence the various vulnerability disclosure actors.

Control System Cybersecurity & What It Means to Buildings (RealComm Advisory Newsletters) Cyber threats to buildings/data centers include data issues: compromise, exfiltration and denial-of-service. Control system cyber threats to data centers have focused on the Internet-connected building control systems. However, there are other control system cyber threats to data centers that have not been addressed and have actually caused data center damage.

How to Engage Your Cyber Enemies (Dark Reading) Having the right mix of tools, automation, and intelligence is key to staying ahead of new threats and protecting your organization.

The benefits and limitations of AI in cybersecurity (Help Net Security) Today’s AI cannot replace humans in cybersecurity but shows promise for driving efficiency and addressing talent shortage.

Legislation, Policy, and Regulation

Most Voters Consider a Cyberattack an Act of War (Rasmussen) Hackers working on behalf of the Chinese government are suspected in a recent cyberattack on the Marriott hotel chain in which the personal information of millions of hotel guests was compromised. Nearly two-out-of-three voters think a cyberattack by another country is an act of war, and most think it poses a greater risk than a traditional military attack.

Russia testing new 'deep packet inspection' online filtering system ( Russia's Roskomnadzor telecom watchdog reportedly spending up to RUB20b (US$295m) to impose new deep-packet inspection system to filter unwanted content.

House Passes Bill to Create National Quantum Computing Program (Wall Street Journal) The House voted 348-11 for a bill speeding U.S. development of quantum computing, an emerging technology with potentially revolutionary uses. President Trump is expected to sign the measure.

State hires Andersen as Chief Information Security Officer (Vermont Business Magazine) Vermont Business Magazine Governor Phil Scott and the Vermont Agency of Digital Services (ADS) today announced the hiring of Nicholas Andersen as the Agency’s Chief Information Security Officer (CISO). Andersen brings 12 years of cybersecurity experience to this position. Since 2017, he served as a vice president at Invictus International Consulting, LLC and co-founder of Pueo Business Solutions, LLC.

Litigation, Investigation, and Law Enforcement

Justice Department accuses Chinese spies of hacking into dozens of US tech and industry giants (TechCrunch) The Justice Department has unsealed a damning indictment that links to spies working for the Chinese government an aggressive campaign to hack into U.S. tech and industry giants. The indictment, out Thursday, accuses China’s main intelligence agency — the Ministry of State Security — of hacki…

U.S. charges Chinese hackers in alleged theft of vast trove of confidential data in 12 countries (Washington Post) The indictments are part of a coordinated effort with U.S. allies to hold China accountable for persistent cyberespionage, officials said.

US and allies: New hacks mean China broke 2015 economic espionage pact (Ars Technica) China hacked more than 245 companies and agencies, including US Navy and NASA.

Treasury sanctions Russian spies over election interference in US and Europe (Washington Examiner) President Trump’s administration is blacklisting several Russian military intelligence operatives involved in election interference around the world, the Treasury Department announced Wednesday.

U.S. to Remove Russian Companies Tied to Oleg Deripaska From Sanctions List in 30 Days (Wall Street Journal) The companies—aluminum giant United Co. Rusal PLC, its parent EN+ Group PLC and JSC EuroSibEnergo, a Russian energy company—were put on the U.S. sanctions list in April because of their ownership or control by the Russian oligarch.

Washington DC sues Facebook for 'misleading and deceptive' privacy policies (The Telegraph) The city of Washington DC is suing Facebook for allowing other companies to access its users' personal data "without their knowledge or consent" after leaked documents revealed the scale of the social network's data sharing agreements.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

SINET Global Institute CISO Series (Scottsdale, Arizona, USA, January 15 - 16, 2019) By invitation only. These intimate CISO workshops address the challenges that Board of Directors are placing on security and risk executives, and how to successfully manage and communicate today’s enterprise...

CPX Asia 360 2019 (Bangkok, Thailand, January 21 - 23, 2019) CPX 360 - the industry’s premier cyber security summit and expo - brings together the world’s leading cyber security experts to one venue. Gain a deep understanding of current challenges cyber security...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.