skip navigation

More signal. Less noise.

Looking for an introduction to AI for security professionals?

Your wait is over. A new book is out from the Cylance data science team, covering artificial intelligence and machine learning techniques in practical situations to improve the security professional’s ability to thrive in a data driven world. Whether you are reviewing logs or analyzing malware, being able to derive meaningful results and improve productivity is key. Order your free copy today.

Daily briefing.

Current, growing unrest in Iran seems driven significantly by Instagram and (especially) the secure messaging app Telegram. Authorities in the Islamic Republic are cracking down on Internet use generally even as the nation's leadership shows signs of hesitancy, acknowledging that some allegations of corruption may have at least a partial point. (Those who recall the "Green" protests after the disputed 2009 elections will remember the role Twitter played in sustaining dissent, a false dawn of hope for both Iranian reform and positive grassroots social media interactions.) Iran's Passive Defense Organization's head spoke about the country's cyber defenses as a guarantor of "security and independence" against US aggression, but Iran's capabilities seem likelier to be used domestically.

ISIS, now effectively without a territory to call a Caliphate, returns to its roots and claims responsibility online for the December 27th St. Petersburg bombing. Russian President Putin has promised a quick and ruthless response to future acts of terror. Policymakers in the UK mull approaches to defending against ISIS cyber attacks; the model from which they're starting is the British response to IRA terror in the late 20th Century.

Ukrainian security service SBU lays out the results of its investigation into Russian cyber operations against Ukraine.

A Wichita man was killed by police in a swatting that arose from an unusually pointless (even by the feckless standards of online gaming) dispute among Call of Duty players. He was not only innocent, but completely uninvolved. The alleged swatter has been arrested in Los Angeles.

Notes.

Today's issue includes events affecting Australia, China, Egypt, France, Iran, Iraq, Israel, Japan, Democratic Peoples Republic of Korea, Nigeria, Russia, Slovenia, Syria, Ukraine, United Kingdom, United States, and Vietnam.

Your cyber security posture is right of boom.

Whether you're focused on IT or national security, exploits and data loss incidents put your mission at risk. Your current tools assess and analyze content after it's breached your network - they all work right of boom. It's only a matter of time until boom happens to you. Don't let it. getleftofboom.com

Today's podcast features an introductory conversation with a new expert from our partners at Ben-Gurion University of the Negev, as we chat with Dr. Yossi Oren.

Cyber Attacks, Threats, and Vulnerabilities

Protests in Iran fanned by exiled journalist, messaging app (Citizen Tribune) As protests over Iran's faltering economy rapidly spread across the country, a channel on a mobile messaging app run by an exiled journalist helped

Iran Is Blocking the Internet to Shut Down Protests (Motherboard) Reports say mobile services like Telegram have been shut down as protests continue across the country.

Telegram and Instagram being restricted in Iran (TechCrunch) Messaging app Telegram and Facebook-owned social sharing platform Instagram appear to be being blocked in Iran.

Death toll rises in Iran unrest as Rouhani acknowledges protesters' 'rightful demands' (Los Angeles Times) At least 13 people have been killed in the ongoing protests in Iran, and armed protesters have tried to take over police stations and military bases, state TV reported Monday.

SBU exposes Russian origin of recent hacker attacks on governmental, infrastructural information systems (Unian) The SBU officers prevented systematic attempts to inflict information systems on a number of state institutions and agencies, regional bodies of local government, state enterprises of critical infrastructure, according to the SBU's press center.

How Antivirus Software Can Be Turned Into a Tool for Spying (New York Times) Government officials warn that software from Kaspersky Lab could be subverted by Russian intelligence. A security researcher shows how it could be done.

Islamic State claims its men planted bomb at St. Petersburg supermarket (FDD's Long War Journal) The Islamic State has claimed responsibility for the Dec. 27 bombing at a supermarket in St. Petersburg, Russia. The city has been targeted by jihadists several times this year. The US claimed earlier this month that another major plot inside St. Petersburg had been thwarted.

ISIS 'Cyber Caliphate' could target Britain’s 'critical national infrastructure' (Express.co.uk) A packed commuter train is suddenly switched to the wrong track and placed on an unstoppable collision course.

ISIS Could Rise Again (Foreign Affairs) The victory over ISIS is incomplete: the group could resurrect its caliphate where it was born, in Iraq and Syria.

Beware whale phishing and corporate espionage (Insurance Business) Worrying trend likely to “really emerge” in 2018, says cyber expert

Bitcoin hype pushes hackers to lesser-known cryptocurrencies (Cyberscoop) While mainstream interest in bitcoin grows, cryptocurrencies like Monero, Dash and ZCash are all the rage in the criminal underground.

Your smartphone can be easily hacked using its own sensors! (NewsBytes) For hackers, smartphones are a treasure trove of data, including emails, contacts, photos, passwords, valuable banking information, etc. Security experts have long warned that smartphones are due for

Forever 21: Hackers breached payment system for 7 months (CSO Online) Forever 21 confirmed hackers breached its payment system for seven months and admitted encryption was turned off on some point-of-sale (POS) devices.

Reddit user leaks alleged Game of Thrones Season 8 script pages (HackRead) Game of Thrones season 8 will be back in late 2018 or early 2019 but a small portion of its alleged script has already been leaked online by a Reddit user.

You are not alone, WhatsApp is down for many (HackRead) The Facebook-owned messaging app WhatsApp is down for millions of users around the world on new year eve.

Security Patches, Mitigations, and Software Updates

Browser data leakage bug – Mozilla to delete info just in case (Naked Security) An ironic bug – when Firefox hit a bug and crashed, it could then hit another bug and upload crash report data even if you’d told it not to.

So you don’t like surprises like Windows Fall Creator update? Defer future updates in Windows 10 (The Denver Post) Sometimes a software update is not quite ready for public use, so Microsoft has added a feature: Defer upgrades.

Cyber Trends

Cyberattacks Take Further Advantage of Supply Chain Vulnerabilities (iHLS) What were the major trends in the global cyberspace during 2017? According to a report by Clear Sky Cyber Security, the main attacks were perpetrated by organized crime groups and state actors, Russia being the main state assailant.

'Zero Trust' Security Will Make A Comeback in 2018 (Infosecurity Magazine) A re-emergence of the 'zero trust' security model will disrupt cybersecurity in 2018.

10 Security Predictions For 2018 (CRN) Solution providers will have to contend with an array of security-related challenges in 2018 ranging from GDPR compliance and ransomware to an expanding perimeter and securing sensor-enabled devices. Here's how we think they'll do it.

Cybersecurity in 2018: Three predictions and one hope (Help Net Security) Zane Lackey, CSO at Signal Sciences offers his take on what we can expect this year. Read more about his cybersecurity predictions and get prepared.

Malicious malware: Lessons learned and what to expect from cyber crime in 2018 (TASS) Experts believe that this is only the beginning, because in 2018, ransomware attacks will mount.

Fraudulent scams expected to rocket in 2018 (The Independent) 2017 felt like the year of the scam. Around 2 million online fraud incidents were reported in 2017, according to new data from the Public Accounts Committee. And with only 20 per cent of crimes actually reported, even this stark figure is just the tip of the iceberg. It’s not just online fraud that’s growing. In 2017 Action Fraud, the national fraud and cybercrime reporting centre, issued warnings about cold calls from fake bailiffs, timeshare fraud, and even scams by post.

The Worst Hacks of 2017 (WIRED) From Equifax to Crash Override, it was a banner year for cybersecurity fails.

WannaCry, Petya, NotPetya: how ransomware hit the big time in 2017 (the Guardian) Most first encountered ransomware after an outbreak shut down hospital computers and diverted ambulances this year. Is it here to stay?

The Top Leaks, Hacks, And Exposed Secrets Of 2017 (Fast Company) CIA strategies, #TrumpRussia revelations, the Equifax hack, and the #MeToo miovement. In 2017, no secret was safe.

2017 Was The Year Of Hacks. 2018 Probably Won't Be Better. (HuffPost) Remembering Equifax, Uber and all the other data breaches of the last year.

If 2017 was 'cyber-geddon', what will 2018 bring? (BBC News) Experts fear we will see even more aggressive and widespread cyber-attacks in 2018.

If You Thought 2017 Was Bad, 2018 Could Pose More Cyber Threats (The Quint) Here’s what the three big technology worries for businesses in 2018 look like.

DDoS Attacks Increasingly Blended Multiple Attack Vectors in Q3 2017 (eSecurity Planet) The overall number of attacks rose by 15.6 percent over the previous quarter.

2017 Was a Terrible Year for Internet Freedom (WIRED) Trolls, bots, and fake news posed a serious threat to internet freedom this year—and there's no easy answer in sight.

The Worst Healthcare Cybersecurity Breaches of 2017 (Healthcare Analytic News) In 2017, a spate of high-profile attacks brought the healthcare industry’s need to strengthen its cybersecurity into sharp focus.

Government, financial services most hit by mobile malware —Report (Punch) The financial services and the government are the most hit by mobile malware attacks globally, a report by Check Point Software Technology Limited has indicated.

Security pros waste 10 hours a week due to inefficient systems (Help Net Security) Security pros waste time every single day, but research from LogRhythm reveals artificial intelligence has the potential to change this problem.

Vietnamese users lose $540 million from viruses: Bkav (Vietnam Net) Vietnam’s leading internet security firm, Bach Khoa Internetwork Security Centre (BKAV), announced that Vietnamese users lost some VND12.3 trillion (US$540 million) in 2017 due to viruses.

Marketplace

Cyber liability insurance market: Equal parts promise and peril (Property Casualty 360) The cyber liability insurance market presents opportunities as well as potential hazards for insurers.

This is what it takes to be an ethical hacker (Techworld) Former ethical hacker and CTO, Data Protection at Gemalto Jason Hart lets us in on the secrets of ethical hacking

Smart lock maker Otto suspends operations (TechCrunch) Otto showed the world its digital lock in August. Four months later, the company has suspended operations. Hardware is hard. It’s a cliche for a reason...

Where Will Fortinet, Inc. Be in 5 Years? (The Motley Fool) The data security upstart is on a roll that, for several reasons, will continue in the years ahead.

Maryland firm that recycles equipment expands globally (Concord Monitor) A Maryland-based company that goes by the name Data Killers and uses a fleet of shredder trucks to chop up discarded computer equipment has embarked on a national expansion that more than doubles its U.S. employee count and creates a new partnership with interests as far away as Thailand.

6 AI Cybersecurity Startups to Watch in 2018 (Nanalyze) No computer systems appears safe these days. It's no wonder that cybersecurity is booming, with innovation coming from AI cybersecurity startups.

NiceHash CEO Steps Down After $63 Million in Bitcoin Stolen in Cyber Attack (Bitcoinist.com) Marko Kobal stepped down from his role as NiceHash CEO just weeks after the company lost over $60 million in bitcoin to a cyber attack.

NuCypher raises $4.3m in presale to bring private data to public blockchains (CoinReport) San Francisco, California-based NuCypher, a privacy layer for the public blockchain and decentralized applications, has announced the close of a $4.3 million presale from leading cryptofunds and ve…

Products, Services, and Solutions

How 3 innovative products approach network security (CSO Online) The network security category is constantly evolving with the emergence of new threats and attack techniques. Here's how 3 network security products tackle the problem.

WhiteSpace Alliance Expands Testing Format for Wi-FAR Certification (PRWeb) Enhanced specification supports coexistence of data and TV broadcasts

IBM Making Progress in Quantum Computing With Q Systems (Brinkwire) IBM is showing progress in its quantum computing development efforts with the announcement of a 20-qubit processor and the introduction of the first customers that will have early access to the system.

Technologies, Techniques, and Standards

17 steps to being completely anonymous online (CSO Online) The default state of internet privacy is a travesty. But if you're willing to work hard, you can experience the next best thing to absolute internet anonymity.

Protecting Your Data From The Hacker Threat, Part One (Infosecurity Magazine) These approaches can be implemented in every data center, and will go a long way in minimizing susceptibility to attack.

Make 2018 your year of taking password security more seriously (Help Net Security) The popularity of passwords as a means of authentication is still not waning, so advice on how to opt for passwords that are hard to guess and crack is always timely.

Why you’ll hear about a ‘cyber carrier’ in 2018 (Fifth Domain) As Cyber Command looks to 2018, they will look beyond manning teams and instead focus on how to equip them.

Joint Force Looks For a Leg Up In Cyberspace (SIGNAL Magazine) Cyberthreats constantly grow in volume, velocity and sophistication, and the force needs a warfighting platform that will allow it to get ahead of attackers.

In Army Cyber, Policy Meets Reality (SIGNAL Magazine) Field reports are having greater and faster influence on the issuance of directives, and intelligence is now a major player in determining cyber policy.

New in 2018: Army cyber expands training, gains EW soldiers (Army Times) The Army’s growing cyber career field will gain the service’s electronic warfare soldiers in 2018.

New in 2018: Army to field new fires targeting system (Army Times) The Joint Effects Targeting System or JETS is scheduled for fielding to forward observers in late 2018. The system increases accuracy and speed in day, night and inclement weather conditions.

How DHS' automated information sharing program continues to evolve, grow (FederalNewsRadio.com) DHS’ Automated Information Sharing program now has more than 200 entities signed up to receive the information DHS shares to help prevent cyber attacks.

This Team Is a Lean, Mean Cyber Crime-Fighting Machine (SIGNAL Magazine) Modern information and networking technologies increase independence and save time.

The latest 2018 election-hacking threat: 9-month wait for government help (POLITICO) Some states might not get an intensive DHS review until weeks before the midterm elections.

Hacker Lexicon: What Is Sinkholing? (WIRED) What's one good way to bring down a botnet? Send that traffic to a sinkhole.

Can New ARM Protocols Thwart IoT Security Breaches? (Infosecurity Magazine) Less attention has been paid to the risks that IoT has created, in particular the vulnerability to cybercrime.

How to Checkmate IoT Attacks (SIGNAL Magazine) The Internet of Things emerges as a highly sought-after technology advantage, and the federal government has stepped up as an innovator.

Avoiding Micro-Segmentation Pitfalls: A Phased Approach to Implementation (Dark Reading) Micro-segmentation is very achievable. While it can feel daunting, you can succeed by proactively being aware of and avoiding these roadblocks.

The problem with next-gen firewall protection (Sophos News) You expected a symphony orchestra, not a one-man-band.

To Mitigate Phishing Risk, Let Employees “Fail Forward” (Infosecurity Magazine) Learning from mistakes is vital to a strong anti-phishing program.

Holiday Fun #3: It’s (never) too late to learn long multiplication! (Naked Security) Don’t worry, you can keep your calculator – but understanding how to speed up multiplication can make you safer online.

Design and Innovation

Diving into the Definition and Workings of Cryptoeconomics (Coinsquare Discover) Cryptoeconomics studies the design and protocols behind any system that uses economic incentives and cryptography. Cryptography proves properties of information that have occurred in the past while economic incentives, encourage people to contribute to the network. By combining cryptography and economics, cryptoeconomics allows economic interactions to occur in adversarial environments. An example of a system […]

Egypt’s Dar al-Iftaa deems Bitcoin currency as forbidden in Islam (Egypt Independent) Republican mufti Councellor Magdy Ashour issued a Fatwa (Islamic ruling) that deems the Bitcoin virtual currency as forbidden by Islam, accusing Bitcoin of being used to fund terrorism. The mufti based his fatwa on the fact that there is no guarantee on where the money is going because it is not covered by the … Continued

20 Security Tips for Safe Trading on Cryptocurrency Exchanges (InCyberDefense) While cryptocurrency is a useful way to move money from one place to another, web wallets, cryptocurrency processing systems and exchange services are all susceptible to compromise by bad actors. So crypto-traders should examine the security features of an online service before adopting a cryptocurrency exchange service. Also, it is just as important to adopt user-end security practices.

Building AI systems that work is still hard (TechCrunch) Even with the support of AI frameworks like TensorFlow or OpenAI, artificial intelligence still requires deep knowledge and understanding compared to a..

A conversation with Dean Kamen on the myth of “Eureka!” (TechCrunch) "I think invention is maybe like love," says Dean Kamen. "Everybody wants to have it. Nobody knows what it is."

Research and Development

The Guardian view on quantum computing: the new space race | Editorial (the Guardian) Editorial: The main use of quantum technology might not be to hack existing systems but to create unhackable communication networks of the future

How do we decode the brain? (Futurism) Since common human movements like walking or reaching for an object use predictable patterns of brain activity, a cryptography-inspired strategy for neural decoding could make BCIs possible.

Scientists have found a way to translate brain activity into movement (The Inquisitr) Scientists are borrowing from cryptography and decoding the human brain, just like codebreakers decipher code.

Chess grandmaster Garry Kasparov on what happens when machines 'reach the level that is impossible for humans to compete' (Business Insider) He first lost a match to the IBM chess machine Deep Blue in 1997, 20 years ago.

Legislation, Policy, and Regulation

Cyber defense guarantee for security, independence in Iran (Mehr News Agency) Head of Iran’s Passive Defense Organization Brig. Gen. Gholamreza Jalali stated that cyber defense can serve as a guarantee for security and independence in Iran.

3 Takeaways From Kim Jong-un's 2018 New Year's Address (The Diplomat) What's on Kim Jong-un's mind? Nuclear buttons, an Olympics overture, and a call to arms for self-reliance as sanctions bear down.

Japan, France arranging ministerial security talks in Tokyo (Japan Today) Japan and France are planning to hold security talks between their foreign and defense ministers in Tokyo this month, a Japanese government source said. The "two-plus-two" talks are likely to cover ways to increase pressure on North Korea over its nuclear and missile programs and the acceleration of negotiations toward…

Facebook, Google and WhatsApp among tech titans told to join fight against terror or face tax blitz (Times) Internet giants face a multimillion-pound tax raid unless they agree to help combat the terrorist threat to ­Britain, which is at its worst “for 100 years”, the security minister revealed last night.

New bill could finally get rid of paperless voting machines (Ars Technica) The bill reads like a computer security expert’s wish list.

Pressure builds to improve election cybersecurity (TheHill) Congressional efforts to secure election systems from cyberattacks are picking up steam with lawmakers under pressure to prevent hacks in the 2018 midterms.

FERC proposes rule to expand cyber incident reporting (Fifth Domain) The Federal Energy Regulatory Commission wants to expand cyber incident reporting requirements to include any time an adversary attempts to break into an energy company’s networks, rather than only those that compromise the company’s critical operations.

4 Cyber Command storylines to watch for in 2018 (Fifth Domain) After nearly eight years of existence, the organization is beginning to mature and develop in ways military leaders have long envisioned.

After year-long vacancy, NSA gets new IG (C4ISRNET) Robert Storch replaces George Ellard, who was removed from NSA for retaliating against a whistleblower.

Prime minister appoints new cybersecurity chief (Times of Israel) Yigal Unna will head the National Cyber Directorate, which will incorporate two newly merged entities that protect Israel's cyberspace

Litigation, Investigation, and Law Enforcement

China Shuts Down 13,000 Websites for Breaking Internet Laws (Dark Reading) The government says its rules are to protect security and stability, but some say they are repressive.

ICO Slaps Enforcement Notice on Justice Ministry. (Infosecurity Magazine) ICO Slaps Enforcement Notice on Justice Ministry. Another government department falls foul of the Data Protection Act

How cybercriminals became ‘The New Mafia’ (Tech Wire Asia) Ransomware is emerging as the latest tool of choice for cybercriminals amid a rising trend of cybercrime attacks in recent years, data from the cybersecurity solutions provider Malwarebytes revealed recently.

Microsoft, DOJ set to go head to head at Supreme Court in 2018 (Ars Technica) Meanwhile, NSA spy suspect, KickassTorrents cases didn't advance very much in 2017.

How the hacking furore has unfolded (Daily Telegraph) Former foreign minister Alexander Downer has found himself at the centre of the FBI’s Russia hacking probe after it was sensationally ­revealed he passed on a tip about Kremlin plans to discredit Hillary Clinton.

Donald Trump says lengthy Mueller probe is ‘bad for the country’ (The Washington Times) Special counsel Robert Mueller’s investigation is “bad for the country,” and the only collusion with Russia during the presidential campaign was by Democrats, President Trump said in an interview published Friday.

We now know the tipping point that prompted the FBI to launch its Trump-Russia investigation (Business Insider) George Papadopoulos reportedly told a top Australian diplomat that Russia had compromising information on Hillary Clinton, sparking the FBI's Russia probe.

Huma’s Cousin, Who Partnered With ‘Russian Donald Trump,’ Convicted of Fraud, Tampered With Case By Deleting Emails (The Daily Caller) A cousin of Huma Abedin who did a half-billion dollar deal with a man known as the "Russian Donald Trump" was convicted of fraud Tuesday, and the judge ordered him jailed immediately, saying he had de

“They call it swatting,” says grieving Wichita mother after son killed by police (Ars Technica) The man wasn't a gamer, but he apparently became the victim of a deadly "prank."

Kansas Man Killed In ‘SWATting’ Attack (KrebsOnSecurity) A 28-year-old Kansas man was shot and killed by police officers on the evening of Dec. 28 after someone fraudulently reported a hostage situation ongoing at his home.

After “swatting” death in Kansas, 25-year-old arrested in Los Angeles (Ars Technica) Arrest made after man dies in Kansas “swatting.”

YouTube star Logan Paul apologies for video of apparent suicide victim (TechCrunch) January is less than two days old and already we have a reminder of the bad side of YouTube after it emerged that Logan Paul, a brash 22-year-old with over 15..

Parvathy continues to be under cyber attack, her film My Story making video receives record dislikes (The Indian Express) Parvathy is constantly being harassed on social media and even received threats of rape and death for commenting on Mammootty 's Kasaba.

Child porn law goes nuts: 14-year-old girl charged for nude selfie (Ars Technica) The ACLU of Minnesota calls the charges absurd and unconstitutional.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

International Conference on Cyber Security: Forging Global Alliances for Cyber Resilience (New York, New York, USA, January 8 - 11, 2018) The Federal Bureau of Investigation and Fordham University will host the Seventh International Conference on Cyber Security (ICCS 2018) on January 8-11, 2018, in New York City. ICCS is held every eighteen...

2018 Leadership Conference (Arlington, Virginia, USA, January 17 - 19, 2018) We invite you to join us for this unique opportunity to share information, participate in leadership training, collaborate on solutions to common problems, and network with peers from around the globe.

CYBERTACOS (Arlington, Virginia, USA, January 24, 2018) CYBERTACOS is back and becoming one of the DC metro area’s biggest cybersecurity networking events! Register today and join us for networking, food and drinks. This event includes a 45-minute meet the...

Connected Medical Device & IOT Security Summit (Baltimore, Maryland, USA, January 25 - 26, 2018) The Summit will offer practical solutions to many of the daunting security challenges facing medical device and connected health technology companies, healthcare providers, payers and patients. The program...

CyberUSA (San Antonio, Texas, USA, January 29 - 30, 2018) The CyberUSA Conference will be held in San Antonio, TX at the Henry B. Gonzalez Convention Center on Tuesday, January 30, 2018. A welcome reception will be held on the evening of Monday, January 29, 2018.

Women in Data Protection, Securing Medical Devices and Health Records (Washington, DC, USA, February 9, 2018) Join some of the top cyber and privacy professionals as they talk about the landscape of the medical device and electronic health records market. They will also talk about the dangers to patients' health...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.