skip navigation

More signal. Less noise.

Looking for an introduction to AI for security professionals?

Your wait is over. A new book is out from the Cylance data science team, covering artificial intelligence and machine learning techniques in practical situations to improve the security professional’s ability to thrive in a data driven world. Whether you are reviewing logs or analyzing malware, being able to derive meaningful results and improve productivity is key. Order your free copy today.

Daily briefing.

Where Twitter was the enabling technology of Iran's failed Green Revolution of 2009, current dissenters are turning to Canadian-made Psiphon, a firewall-evasion app that's seen up to 700,000 downloads a day in the new year, most of them in Iran. Psiphon, developed by the University of Toronto's Citizen Lab, isn't the only tool being used to circumvent Iran's "filternet," but observers are tending to keep quiet about other tools, lest they blow the gaff to the regime. (That regime appears to be showing some internal ambivalence towards its own response to dissent.)

The large task of mitigating the speculative-execution processor vulnerabilities Spectre and Meltdown continues. Apple has addressed Spectre with a fix for iOS and macOS devices. On the whole the cooperation vendors are showing in addressing the vulnerabilities seems commendable (at least Intel thinks so) but problems applying the fixes offered are widely reported, as one would expect. Microsoft has pulled its Spectre and Meltdown fixes for AMD-based devices: that patch is reported to have bricked machines where it was applied.

Concerns continue over phishing attempts during the run-up to the Winter Olympics.

Criminals show sustained interest in cryptocurrency mining and hardware wallet pilferage as the alt-coins very high valuations persist. Chinese authorities appear to be preparing a crackdown on illicit currency mining. Miners are said have appeared in BlackBerry mobile sites.

A surge in pop-up redirect ads is troubling mobile device users. The tactic isn't new, but it's recently become very widespread, and has begun infesting top-tier websites.

Notes.

Today's issue includes events affecting China, European Union, India, Iran, Democratic Peoples Republic of Korea, Republic of Korea, Pakistan, Russia, United Kingdom, United States, Venezuela, and Vietnam.

The board and cyber-risk oversight: Crown Jewels Risk Assessments.

Corporate directors want to review cybersecurity risk and assist security leaders in protecting critical assets. Learn how to identify what matters the most and how to collaboratively assess and treat cyber risk using Crown Jewels Risk Assessments.

In today's podcast, we hear from our partners at the University of Maryland, as Jonathan Katz (Director of the Maryland Cybersecurity Center) talks about how Bitcoin mining uses power. Our guest is Udi Yavo from Ensilo, who discusses process Doppelganging.

You'll also want to check out Recorded Future's Inside Threat Intelligence podcast, produced in cooperation with the CyberWire. This edition covers the questions you should be asking security operations center analysts.

Cyber Job Fair, January 23, San Antonio visit ClearedJobs.Net for details. (San Antonio, TX, USA, January 23, 2018) Cleared and non-cleared cybersecurity pros make your next career move at the Cyber Job Fair, January 23 in San Antonio. Meet leading cyber employers including Engility, IPSecure, Mission Essential and more. Visit ClearedJobs.Net for info.

Cyber Attacks, Threats, and Vulnerabilities

This App Is Helping Iranians Beat Tehran’s Internet Censorship (Motherboard) Psiphon, a Toronto-born app, has seen a 1,650% increase in downloads.

Cyber Attack Hits Firms Connected With Winter Olympics (MediaPost) Groups supporting the Winter Olympics have been targeted for an email cyber attack from an IP address in Singapore.

Attackers Target Winter Olympics with Fileless Malware (Infosecurity Magazine) Attackers Target Winter Olympics with Fileless Malware. New steganography tool used to obfuscate attack

Highly-targeted cyberattacks surround upcoming Winter Olympics (Security Brief) McAfee released a report that revealed cybercriminals have targeted organisations involved in fast approaching Winter Olympics held in South Korea.

New North Korea Hack: Hijacking Computers to Power Cryptocurrency Mining (Wall Street Journal) Malware that mines a cryptocurrency known as Monero and routes the bounty to a North Korean university shows how hackers are targeting new assets as sanctions force Pyongyang to pursue alternative income streams.

Meltdown, Spectre Likely Just Scratch the Surface of Microprocessor Vulnerabilities (Dark Reading) There's a lot at stake when it comes to patching the hardware flaws.

Don’t Melt Down Over Vulnerable Computer Chips (Wall Street Journal) Discovering and addressing such problems is a normal part of the technology life cycle.

Spectre of doom - channel reacts to security meltdown (CRN) How the channel views the Meltdown and Spectre security flaws, which affect almost every modern computer

Hackers find new ways to print digital money for free (Ars Technica) As valuations soar, attackers find evermore powerful CPUs to covertly conscript.

Monero Crypto-Mining Invades BlackBerry Mobile Site (Infosecurity Magazine) Coinhive weighed in on the Reddit thread saying that the site appears to have been surreptitiously infected.

How to make public Wi-Fi users mine cryptocurrency for you (Help Net Security) A software developer has published PoC code that injects cryptocurrency mining code in pages served to users of free, public WI-Fi networks.

Pop-Up Mobile Ads Surge as Sites Scramble to Stop Them (WIRED) The plague of redirect ads hijacking your phone will only go away when sites take ad networks to task.

Hundreds of Android Gaming Apps are Tracking Your TV Viewing Habits (HackRead) More than 250 Android gaming apps are currently listening to what you watch on TV including shows, ads, and movies.

Electrum Bitcoin Wallets Were Vulnerable to Hackers for Two Years (Motherboard) Developers left the vulnerability unpatched for months after being alerted.

Hardware wallet security is no match for scammers' ingenuity (Help Net Security) An unfortunate user of the popular Ledger wallet discovered how a simple scam can lead to a complete bypass of all security measures put in place by the manufacturer.

First Kotlin-Developed Malicious App Signs Users Up for Premium SMS Services (TrendLabs Security Intelligence Blog) We spotted a malicious app (detected by Trend Micro as ANDROIDOS_BKOTKLIND.HRX) that appears to be the first developed using Kotlin—an open-source programming language for modern multiplatform applications.

Study: Phishing kit developers commonly betray their cybercriminal customers (SC Media US) An analysis of roughly 1,000 do-it-yourself phishing kits found that roughly a quarter of them double-cross the cybercriminals who implement them by secretly transmitting phished information to the kits' original developers or other third parties.

Security Patches, Mitigations, and Software Updates

Intel Chief Says Chip Flaw Damage Contained by Industry (The Bull) Intel chief Brian Krzanich said Monday the impact of a recently discovered vulnerability in computer chips has been limited due to "remarkable" collaboration by the tech industry.

Intel CEO Comments Indicate Chip Issue May Cause Bigger Slowdown (Bloomberg.com) Intel Corp. Chief Executive Officer Brian Krzanich prefaced his annual celebration of the future of technology with a warning.

Bad docs and blue screens make Microsoft suspend Spectre patch for AMD machines (Ars Technica) Blue screen crashes on decade old AMD chips seem to be widespread.

Microsoft's 'Meltdown' updates are reportedly bricking AMD PCs (Engadget) More chip security woes as Microsoft halts Spectre and Meltdown updates to AMD machines.

More stuff broken amid Microsoft's efforts to fix Meltdown/Spectre vulns (Register) This is going to take a while

Apple Releases Three Security Updates Today for macOS High Sierra, EL Capitan and iOS (Patently Apple) Apple released three security updates today as noted in report's chart.

Apple releases update to fix Spectre vulnerability (CRN Australia) Protection for macOS.

Meltdown and Spectre patches: Where to start and what to expect (CSO Online) You need to apply Meltdown and Spectre patches to pretty much everything in your enterprise. And you need to start now. We help you prioritize.

Meltdown, Spectre updates aplenty, but the fix is more complicated (SC Media UK) A pair of flaws dubbed Meltdown and Spectre make the memory of virtually all computers and devices accessible to hackers.

Preventing a Meltdown: Recommendations for the Meltdown / Spectre Vulnerabilities (Revolutionary Security) Meltdown and Spectre are kernel vulnerabilities that can result in the loss of system confidentiality through access to unauthorized memory locations on the local system.

Western Digital takes six months to patch easily exploitable NAS backdoor (CRN Australia) My Cloud firmware contained hardcoded backdoor account.

Cyber Trends

Opinion | Cybersecurity Today Is Treated Like Accounting Before Enron (New York Times) Our digital assets are too important for this. We need defensive policies and more uniform corporate governance.

CISOs' Cyber War: How Did We Get Here? (Dark Reading) We're fighting the good fight -- but, ultimately, losing the war.

Cloud Workloads at Risk from Security, Management & Compliance Failures (Infosecurity Magazine) Security top concern on future cloud adoption for IT decision makers

The continuing lack of adequate cyber security consideration in process safety (Control Global) I will be giving the keynote January 25th at the Texas A&M Instrumentation and Automation Symposium where I hope to publicize this issue to the control and safety engineers that attend the Symposium. I am also hoping the new Texas A&M brochure will be modified to better address ICS cyber security.

Marketplace

“Political pressure” reportedly kills Huawei-AT&T smartphone deal (Ars Technica) Spying concerns from members of congress means AT&T won't be selling Huawei phones.

Techies to net ‘great deal of work’ from chip security crisis (Contractor UK) Meltdown and Spectre may be 2018’s most ‘clear and present’ earnings opportunity.

Intel CEO spent 2 minutes talking about security flaws, after giving 17 minutes to a digital band (CNET) Intel kept its remarks on Spectre and Meltdown short. Just a little under two minutes.

Chip Vulnerability Takes Toll On Intel Stock (PYMNTS.com) Intel shares fell nearly 2 percent last Thursday (Jan. 4) after it was revealed that security flaws might allow hackers to steal sensitive information from devices. According to Reuters, the disclosure has caused investors to worry not only about the potential financial liability, but also the toll it will take on the largest chipmaker’s reputation.

UK Companies Set to Splurge on Cyber Risk Mitigation (Infosecurity Magazine) UK Companies Set to Splurge on Cyber Risk Mitigation. ICSA report claims cyber remains top risk for boardrooms in 2018

Cyber Security can no longer be ignored as part of the maritime industry's future (Lexology) At the start of 2017 we had an article published on cybersecurity and the present cyber-threats to the marine industry. Now, at the end of the year…

Using Bitcoin as Money Just Got a Lot Harder In Europe (Motherboard) Bitcoin debit cards stopped working after a decision from the payment processor.

Remember Dogecoin? The joke currency soared to $2 billion this weekend (Ars Technica) "There's no active development anymore," Dogecoin's co-founder said last year.

20 Cybersecurity Vendors Getting Venture Capital Love (Dark Reading) VCs splashed a record $4B in funding in the cybersecurity pool - here are some highlights among the early- to middle-stage startups who snagged big deals last year.

Telegram plans multi-billion dollar ICO for chat cryptocurrency (TechCrunch) Encrypted messaging startup Telegram plans to launch its own blockchain platform and native cryptocurrency, powering payments on its chat app and beyond...

Zuul Raises $300,000 in Seed Funding and Secures First Customer (BusinessWire) Zuul, an Industrial IoT secure device management platform, has raised $300,000 in seed funding and secured their first customer.

Alkami raises $70 million for mobile banking software (TechCrunch) There's a startup in Texas that's been quietly building the technology that powers mobile banking apps. Plano-based Alkami has developed a white label..

Fair cop: NEC acquires Northgate Public Services for security presence (CRN) Vendor snares Hemel Hempstead-based software and services firm for its close ties to the British police

The Secret to Avast’s Capturing 85M Users and Becoming a Market Leader in LATAM - PaymentsJournal (PaymentsJournal) Avast, headquartered in the Czech Republic, first launched the free version of its security software in 2001 in LATAM. It spread to millions of users in a matter of months. The problem was that users who wanted to upgrade their device protection, couldn’t purchase a subscription without an international credit card.

Facebook needs fixing, says Mark Zuckerberg (Naked Security) Mark Zuckerberg has set himself a doozy of a personal challenge for 2018

Digital Defense Named Recipient of Frost & Sullivan Customer Value Leadership Award (GlobeNewswire News Room) Digital Defense, Inc, a security technology and services provider, is awarded Frost & Sullivan’s 2017 North America Customer Value Leadership Award for the security risk solutions market.

Veritas taps new CEO, saying two-year turnaround is complete (SiliconANGLE) Veritas Technologies LLC, which has gone through a 12-year roller coaster ride as a public company, subsidiary of Symantec Corp., a spinoff and now a private company again, is changing its top leadership.

Products, Services, and Solutions

BAE Debuts Cloud-Based Supply Chain Cybersecurity Service (ExecutiveBiz) BAE Systems has launched a cloud-based service offering designed to help organizations protect supply chains against cybersecurity threats, IFSEC Global reported Friday. The company’s Supply Chain Assurance service includes guidance on how to identify risks and measures to avoid a supply chain breach...

SecurityMetrics Partners with Travelport to Offer PCI DSS Certification Wizard Tool to Agencies (PRNewswire) As data theft, cyber hacking, and fraud continue to increase in frequency in...

McAfee Undercuts LifeLock with New ID Protection Service (Tom's Guide) At CES 2018, McAfee unveiled its own identity-protection service as well as a partnership with D-Link to protect a smart home.

Netgear Armor is a $70 router update that protects your home network with Bitdefender (PCWorld) Armor, Netgear's new subscription-based security service for your home network, will cost $70 a year and is powered by Bitdefender.

D-Link's McAfee-powered AC2600 router aims for network-wide protection (PCWorld) D-Link's DIR-2680 comes with McAfee's embedded security platform to secure your home devices at the network level.

NETGEAR debuts new Arlo Baby monitor features, cyber security features at CES 2018 (CSO) Now you can easily watch and listen to live video stream with 2-way audio from Arlo Baby camera through the Apple Home app

Working from the ‘silicon root’ to prevent data breaches (SiliconANGLE) Cybersecurity issues have been of increasing concern for enterprises in light of a number of devastating ransomware attacks that hit companies this year.

Technologies, Techniques, and Standards

WPA3 to feature much needed security enhancements (Help Net Security) The Wi-Fi Alliance, a non-profit organization that tests and slaps the "Wi-Fi Certified" logo on products that meet certain standards of interoperability, has announced WPA3 security enhancements.

The botnet solution everybody already knows about (Fifth Domain) The tools and best practices for preventing botnet attacks already exist, governments and industries worldwide just need to take advantage of them, according to a recent National Telecommunications and Information Administration draft report to the president.

US Gov Outlines Steps to Fight Botnets, Automated Threats (Dark Reading) The US Departments of Commerce and Homeland Security identify the challenges of, and potential actions against, automated cyberattacks.

The new DHS breach illustrates what's wrong with today's cybersecurity practices (TheHill) Organizations should focus less on how a breach occurred and more on building up and preserving customer trust in their products and services.

The 5 Most Relevant Questions for a SOC Analyst (Recorded Future) This episode looks at some of the most relevant questions for a SOC analyst, including collecting and prioritizing indicators of compromise, handling news feeds, and performing trend analysis.

Continuous security: What's in a name? (Help Net Security) Continuous security is the engineering philosophy of automating security concerns throughout an organization. It nicely parallels continuous delivery.

Star Wars: The Last Jedi – the security review (Naked Security) We take an objective look at the security angles in Star Wars: The Last Jedi.

Reacting to a big breach (Help Net Security) You can use the security incident to re-examine your security posture and honestly ask yourself, could it have happened to us?

Design and Innovation

Ex-NSA hacker builds AI tool to hunt hate groups’ symbols online (Naked Security) She’s teaching NEMESIS to find white nationalists’ so-called dog whistles – the Black Sun and Pepe the frog memes – with object recognition.

Why Did Twitter Censor This Innocuous Icicle Growing in My Window? (Motherboard) An investigation into "sensitive material."

Academia

Governor Mead announces Cyber Challenge for Wyoming students (KGWN) Governor Mead announces a new Cyber Challenge for Wyoming students. The competition is open to Wyoming high school junior or senior girls who are at least 16 years old. Contestants will learn cybersecurity skills and test their aptitude through a no-cost online game of discovery called CyberStart.

Legislation, Policy, and Regulation

Why Iran's Protesters Are So Angry With Rouhani (Foreign Affairs) Rouhani's record in office since winning reelection has been an enormous disappointment to Iranian voters.

Inter-Korean Talks Are More Than Just a "Good Thing" (Foreign Affairs) For the first time since South Korean leader Moon Jae-in took office last May, North Korean leader Kim Jong Un has made a credible offer to open up the relationship with Seoul.

Mike Pompeo: North Koreans 'trying to come up for air' as they're being 'strangled' by Trump (Washington Examiner) CIA Director Mike Pompeo says the North Koreans have reached out to South Korea to begin talks because they’re being “strangled” by Presiden...

Japan, US, South Korea face test on unity over North Korea (Nikkei Asian Review) Planned inter-Korean talks could drive a wedge in trilateral pressure campaign

The war against Islamic State will be won — or lost — on the cyber battlefield (Los Angeles Times) To beat back Islamic State’s virtual caliphate, the U.S. and its allies must develop two separate but interlinked strategies.

Cyber Vigilantes & Hacktivists: Double-Edged Sword Against ISIS (The Cipher Brief) Bottom Line: Cyber vigilantes and “hacktivists” increasingly fill the void left by governments in combating terrorist activity online. While such politically motivated non-state hackers are relatively effective at removing the presence of terrorist content, their continued operations could damage overall counterterrorism efforts by undermining intelligence operations –  say by taking down a website that the …

New Report Warns IS Increasing 'Footprint' in Pakistan (VOA) The report said Tehreek-e-Taliban Pakistan (TTP), which is commonly known as the Pakistani Taliban, and its splinter factions were 'still the most potent threat' and were behind 58 percent of the attacks

Pakistan and the Myth of “Too Dangerous to Fail” (Foreign Affairs) The Trump administration is now on the verge of cutting off military aid to Pakistan. Islamabad should be worried.

Cyber Command asked to safeguard national sovereignty in cyberspace (Nhân Dân) Prime Minister Nguyen Xuan Phuc has asked the freshly-established Cyber Command to become a loyal, disciplinary, intelligent, and clear-headed force which is strong enough to protect the national sovereignty in cyberspace.

Russia And Venezuela Plan Cryptocurrencies (NPR.org) Venezuela and Russia announced plans to launch their own cryptocurrencies. NPR's Scott Simon speaks to Monica de Bolle of the Peterson Institute for International Economics about why.

Concerns raised over new ethics regime for UK public sector data processing (TechCrunch) Health data privacy advocacy group MedConfidential believes ministers are trying to sneak in a data protection law carveout, in order to hand politicians the..

Intelligence Committee prepares election security plan to thwart Russian hacking (USA TODAY) Sen. Mark Warner, the senior Democrat on the Senate Intelligence Committee, said the recommendations could be issued as early as this month.

Conservative group calls on lawmakers to defeat new spy bill (Washington Examiner) House GOP leaders released the bill on Friday that would reauthorize for six years Section 702 of the Foreign Intelligence Surveillance Act....

In the Wake of the FCC’s Net Neutrality Repeal, California Eyes Its Own Net Neutrality Law (Motherboard) But these efforts face a steep uphill climb.

Nebraska Becomes the First Red State to Introduce A State-Level Net Neutrality Bill (Motherboard) The Cornhusker State joins New York, California, Washington, and Massachusetts in considering net neutrality rules to replace the scrapped federal legislation.

Litigation, Investigation, and Law Enforcement

UIDAI under fire for FIR against scribe (The Hindu) Reporter exposed breach in Aadhaar database; no gag on media: Authority

PM asks top police officials to deal with cyber crime on priority (The Economic Times) Modi said cyber security issues should be dealt with immediately and should receive highest priority, according to an official release.

Europe keeps up the pressure on social media over illegal content takedowns (TechCrunch) The European Union's executive body is continuing to pressure social media firms to get better at removing illegal content from their platforms before it has..

SEC's burgeoning cyber unit taking securities fraud by storm (FederalNewsRadio.com) The SEC's Rob Johnson talks about the positive return on investment his new cyber unit has been in fighting securities fraud in cyberspace.

China is reportedly moving to clamp down on bitcoin miners (TechCrunch) China banned bitcoin, ICOs and now it appears to be clamping down on Chinese miners, an important group estimated to produce some three-quarters of the..

Border Guards Looked Through Nearly 60 Percent More Electronic Devices in 2017 than in 2016 (Motherboard) Customs and Border Protection released a new directive Friday with more detailed guidelines for searching phones and computers.

Supreme Court lets stand Maryland convictions based on cellphone search (Maryland Daily Record) The Supreme Court on Monday let stand without comment a Maryland man’s robbery, assault and theft convictions based on evidence from his cellphone, which police had seized with a controversial sear…

SCOTUS Should Mirror NJ in Cell-Tracking Warrant Standard (New Jersey Law Journal) The United States Supreme Court should follow the lead of New Jersey, hold that a subpoena is required, and review the scope of the third-party rule.

New Rules Announced for Border Inspection of Electronic Devices (Threatpost | The first stop for security news) The U.S. Customs and Border Patrol announced new restrictions on when agents can copy data from digital devices at border crossing points.

FBI agents' text messages spur congressional probe into possible news leaks (TheHill) Republican-led House and Senate committees are investigating whether leaders of the Russia counterintelligence investigation had contacts with the news media that resulted in improper leaks, prompted in part by text messages amongst senior FBI off

VTech to Pay $650K to Settle Kids’ Privacy Case (Infosecurity Magazine) VTech to Pay $650K to Settle Kids’ Privacy Case. Firm was also accused by FTC of failing to properly secure children’s data

Google fired James Damore for a controversial gender memo—now he’s suing (Ars Technica) James Damore was fired over a memo questioning women's aptitude for programming.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

DistribuTECH (San Antonio, Texas, USA, January 23 - 25, 2018) The 15-track conference brings industry thought leaders from all over the world opportunities to network, share knowledge and problem solve with worldwide utilities and product and service providers. Among...

ATARC Federal CISO Summit (Washington, DC, USA, January 25, 2018) This educational, one-day symposium will discuss the security challenges faced by Federal Chief Information Security Officers and examine the lessons learned and best practices used to secure the information...

Upcoming Events

2018 Leadership Conference (Arlington, Virginia, USA, January 17 - 19, 2018) We invite you to join us for this unique opportunity to share information, participate in leadership training, collaborate on solutions to common problems, and network with peers from around the globe.

CYBERTACOS (Arlington, Virginia, USA, January 24, 2018) CYBERTACOS is back and becoming one of the DC metro area’s biggest cybersecurity networking events! Register today and join us for networking, food and drinks. This event includes a 45-minute meet the...

Connected Medical Device & IOT Security Summit (Baltimore, Maryland, USA, January 25 - 26, 2018) The Summit will offer practical solutions to many of the daunting security challenges facing medical device and connected health technology companies, healthcare providers, payers and patients. The program...

CyberUSA (San Antonio, Texas, USA, January 29 - 30, 2018) The CyberUSA Conference will be held in San Antonio, TX at the Henry B. Gonzalez Convention Center on Tuesday, January 30, 2018. A welcome reception will be held on the evening of Monday, January 29, 2018.

Women in Data Protection, Securing Medical Devices and Health Records (Washington, DC, USA, February 9, 2018) Join some of the top cyber and privacy professionals as they talk about the landscape of the medical device and electronic health records market. They will also talk about the dangers to patients' health...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.