skip navigation

More signal. Less noise.

Looking for an introduction to AI for security professionals?

Your wait is over. A new book is out from the Cylance data science team, covering artificial intelligence and machine learning techniques in practical situations to improve the security professional’s ability to thrive in a data driven world. Whether you are reviewing logs or analyzing malware, being able to derive meaningful results and improve productivity is key. Order your free copy today.

Daily briefing.

Iran's Internet crackdown continues. It's not just the blocking and censorship of the filternet, but online control extends to active surveillance and offensive cyber operations against Iranian citizens.

Turla, which has never really gone away, is back with more sophisticated and elusive exploits against consular and ambassadorial targets. The cyber espionage group, one of the organs of Russian intelligence, is active for the most part against the Near Abroad: former Soviet Republics. It has appeared, however, in operations against more far-flung targets. Turla has been recently observed using a Flash installer to infect targets. The downloads appear to come from legitimate sites.

The US has accused Russia of undertaking a large information campaign aimed at influencing Mexico's 2018 national elections.

The still-unattributed cyber offensive targeting South Korean companies during the run-up to the Pyeongchang Winter Olympics appears to depend upon effective timing and compelling phishbait, that is, on good social engineering as opposed to technically sweet hacking.

A new mobile banking Trojan, FakeBank, has appeared in Russia. The criminals behind it are afflicting customers of Sberbank, Letobank, and VTB24. FakeBank is distinguished by its sophisticated use of multiple layers of obfuscation.

Patch Tuesday saw Microsoft fix fifty-six security issues. Redmond addressed not only Spectre and Meltdown, but also a zero-day in the Office Equation Editor.

If you're thinking of downloading a flashlight app for your Android phone, don't. Too many of them are malicious, and it's not worth the risk. Get a cheap LED light for your (physical) keychain instead.


Today's issue includes events affecting India, Iran, Democratic Peoples Republic of Korea, Republic of Korea, Mexico, Russia, Singapore, United Kingdom, United States.

The board and cyber-risk oversight: Crown Jewels Risk Assessments.

Corporate directors want to review cybersecurity risk and assist security leaders in protecting critical assets. Learn how to identify what matters the most and how to collaboratively assess and treat cyber risk using Crown Jewels Risk Assessments.

In today's podcast, we hear from our partners at Ben Gurion University, as  Yossi Oren alerts us to vulnerabilities in mobile device replacement touchscreens.

Cyber Job Fair, January 23, San Antonio visit ClearedJobs.Net for details. (San Antonio, TX, USA, January 23, 2018) Cleared and non-cleared cybersecurity pros make your next career move at the Cyber Job Fair, January 23 in San Antonio. Meet leading cyber employers including Engility, IPSecure, Mission Essential and more. Visit ClearedJobs.Net for info.

Cyber Attacks, Threats, and Vulnerabilities

New Report Shows How Iran Limits Internet Freedoms to Control Dissent (Motherboard) The Iranian government has also launched cyberattacks and phishing schemes on its own citizens.

Russia meddling in Mexican election: White House aide McMaster (Reuters) The Russian government has launched a sophisticated campaign to influence Mexico's 2018 presidential election and stir up division, a senior White House official said in a video clip published by Mexican newspaper Reforma.

Russian Cyber-Spies Are Carrying Out Some Pretty Clever Hacks These Days (BleepingComputer) Some cyber-espionage outfits are so advanced that it takes months of sleuthing and digging through malware code to discover the ways they've carried out some of their hacks.

Turla's ability to target embassies and consulates has a new weapon (WeLiveSecurity) Embassies and consulates in post-Soviet states have been targeted by Turla's cyberespionage activities aimed at gaining access to sensitive information.

Turla Cyberespionage Gang Employs Adobe Flash Installer (Dark Reading) In recent data theft campaigns, the APT group has been downloading malware from what appears to be legitimate Adobe URLs and IP addresses, ESET says.

Pyeongchang Olympics Hack: Attackers Evolve Beyond Zero Days (Forbes) A campaign targeting the Pyeongchang Olympics began at the end of December 2017.

Aadhaar breaches fuelled by rogue admin accounts (Naked Security) Not long ago trumpeted as the world’s largest biometric database, India’s Aadhaar system covering 1.2bn citizens is rapidly acquiring a less impressive reputation as the easiest to breach.

Aadhaar is surveillance technology masquerading as secure authentication technology (Daily O) The results are not going to be pretty.

Monero Miner Sends Cryptocurrency to North Korean University (Security Week) An application compiled just weeks ago was found to be an installer for a Monero miner designed to send the mined currency to a North Korean university, AlienVault reports.

Please wait while we use your browser to mine bitcoin (Secbi) SecBI detected a novel kind of attack draining organizational resources and aiding cybercrime while going undetected by security systems

Oracle WebLogic Exploit Used in Cryptocurrency Mining Campaign (Dark Reading) PeopleSoft and WebLogic app servers, as well as cloud systems using WebLogic, hacked and used to net some $226K in digital currency.

Reddit Users Lose Bitcoin Tips After Third-Party Breach (Infosecurity Magazine) Reddit has confirmed that one of its email providers, Mailgun, has been breached.

New Mobile Malware Uses Layered Obfuscation and Targets Russian Banks (TrendLabs Security Intelligence Blog) Last year, we saw the Fanta SDK malware target Russian bank Sberbank users and employ unique defensive measures. Now, another bank malware family has appeared, targeting even more Russian banks while using new and evolved obfuscation techniques. This family is named FakeBank, and so far the related samples we have collected number in the thousands. These samples show that the malware targets not only Sberbank, but also other Russian banks like Letobank and the VTB24 bank.

This video is yours? Facebook messages rigged with malware resurface in Singapore (Channel News Asia) This video is yours? Facebook messages rigged with malware resurface in Singapore

‘LightsOut’: Malicious Flashlights Apps On Google Play - Information Security Buzz (Information Security Buzz) If you’re thinking of downloading a handy flashlight app for your phone, beware:   Check Point researchers have detected a new type of adware roaming Google Play, the official app store of Google, hidden in 22 different flashlight and utility apps. Dubbed ‘LightsOut’, the adware code reached a spread of between 1.5 million and 7.5 million …

The Number of IoT Botnet C&C Servers Doubled in 2017 (BleepingComputer) In 2017, the number of command and control (C&C) servers used for managing IoT botnets has more than doubled, going from 393 in 2016 to 943 in 2017.

Tories left Red-Faced After HTTPS Gaffe (Infosecurity Magazine) Tories left Red-Faced After HTTPS Gaffe.UK Conservative Party lets secure certs expire

Man claims he can unlock wife's iPhone X with his own face (International Business Times UK) According to Apple, the chances of bypassing facial recognition technology are one in a million.

In Retrospect, I Shouldn't Have Given This App the Keys to My House (Motherboard) A dog walking app inadvertently exposed customers' addresses and codes to lockboxes where they kept keys to their homes.

Security Patches, Mitigations, and Software Updates

Microsoft’s Jan. 2018 Patch Tuesday Lowdown (KrebsOnSecurity) Microsoft on Tuesday released 14 security updates, including fixes for the Spectre and Meltdown flaws detailed last week, as well as a zero-day vulnerability in Microsoft Office that is being exploited in the wild. Separately, Adobe pushed a security update to its Flash Player software.

Microsoft January Patch Tuesday Fixes 56 Security Issues, Including a Zero-Day (BleepingComputer) Earlier today, Microsoft published the January 2018 Patch Tuesday security updates, containing fixes for 56 vulnerabilities and three special security advisories with fixes for Adobe Flash, the Meltdown & Spectre flaws, and a defense-in-depth update for Office applications.

January’s Patch Tuesday Fixes 56 Security Issues, Including Meltdown and Spectre (TrendLabs Security Intelligence Blog) This year’s first Patch Tuesday is a busy one. Microsoft released 56 updates that include patches for the Meltdown and Spectre vulnerabilities.

Microsoft Patches Exploited Office Bug (Dark Reading) An Office memory corruption vulnerability is the only CVE reported as under active attack for this month's Patch Tuesday.

IBM’s complete Meltdown fix won’t land until mid-February (Register) POWER CPU patches available now or next week, AIX and i OS fixes are more than a month off

Microsoft Says No More Windows Security Updates Unless AVs Set a Registry Key (BleepingComputer) Microsoft has added a new and very important detail on the help page describing incompatibilities between antivirus (AV) products and the recent Windows Meltdown and Spectre patches.

Patching for Meltdown/Spectre: Make sure your AV supplier has the key (IT World Canada) The question of how fast to apply Microsoft's January 3 patches for the Meltdown/Spectre processor vulnerability -- and ones that may be

Troubles with Meltdown and Spectre security patches (Help Net Security) During his CES keynote on Monday, Intel CEO Brian Krzanich said that updates for Meltdown and Spectre for more than 90 percent of the company's processors

Intel’s Brian Krzanich defends response to chip security flaw (Financial Times) Chief hails effort to fix industry problem but stops short of data theft assurance

After Meltdown, Spectre patches, Microsoft says older Windows versions to suffer the most (ZDNet) Windows 7 and Windows 8 users will notice the greatest decrease in system performance after the processor patches are applied.

NetApp, IBM, HPE, Lenovo, Dell EMC weigh in on Spectre, Meltdown (CRN Australia) Vendor partners working away at patches.

Apple Adds Spectre Protections to Safari, WebKit (Security Week) Updates released by Apple on Monday for iOS, macOS and Safari should mitigate the effects of the vulnerabilities exploited by the recently disclosed attack method named Spectre.

Critical Flaw in Electrum Bitcoin Wallets allowed hackers to steal funds (HackRead) An old yet critical vulnerability in Electrum Bitcoin wallets allowed hackers to steal Bitcoin but now a patch has been issued to address the issue.

Cyber Trends

Microsoft: How the Threat Landscape Will Shift This Year (Dark Reading) Exclusive interview with Windows Security lead on how 2017 was a return to retro security threats and 2018 will bring increasingly targeted, advanced, and dangerous cyberattacks.

Tinder and Instagram Make the Blacklisted Apps List in Appthority Q4 Enterprise Mobile Security Pulse Report (BusinessWire) Appthority released its Enterprise Mobile Security Pulse Report for Q4 2017, which details the apps most frequently blacklisted by enterprise teams.

Apps most frequently blacklisted by enterprise security teams (Help Net Security) Appthority released its Enterprise Mobile Security Pulse Report for Q4 2017, which details the apps most frequently blacklisted by enterprise mobility and security teams.

Gemalto‘s Xavier Larduinat on the future of borders and digital identities (Secure Document World) Debate around digital identity often focuses on the likelihood that it could “replace” the physical document solutions developed with much care, cost and passion by so many vendors over the past 100 years.

Cybersecurity Predictions for 2018 - Part Two (Infosecurity Magazine) An evaluation of the final five points from the top 11 most common trends seen in 2018 predictions


5 of the hottest cybersecurity startups to watch in 2018 (Computer Business Review) Startups undoubtedly have a part to play in taking on the deadly threat landscape the world is faced by in 2018, innovative solutions will be essential.

Threatcare Ropes in $1.4 Million in Seed Funding (ReadITQuik) Craig Cummings of funding leaders Moonshots Capital joins Threatcare board of directors

Bugsnag snares $9 million Series B, now gives you a software stability score (TechCrunch) Bugsnag, the cloud service that helps developers find bugs inside their software, announced a $9 million Series B today. They also released a new version of..

UST Global Acquired Israel-Based Cybersecurity Startup Bisec (CTECH) As part of the deal, Bisec’s technology will be offered by UST Global subsidiary CyberProof

TD Bank acquires Toronto artificial intelligence startup Layer 6 (BNN) Canada's largest bank by assets has been looking to build up its capabilities in AI for some time, said Michael Rhodes, group head of innovation, technology and shared services.

Air Force Eyes Software Task Order Award to Raytheon-Led Cyber Venture (ExecutiveBiz) The U.S. Air Force has announced its plan to award a task order to Forcepoint to provide a software platform for the service’s warrior preparation center. Raytheon operates Forcepoint as a cybersecurity joint venture with investment firm Vista Equity Partners. A FedBizOpps notice posted Monday says the Air Force Europe’s WPC will use the Trusted Thin Client software offering to enable exercise...

AT&T Drops Huawei’s New Smartphone Amid Security Worries (New York Times) The telecommunications giant canceled a deal to sell the Mate 10 after U.S. lawmakers expressed misgivings about what they said were Huawei’s ties to the Chinese government.

Huawei’s Richard Yu is really pissed at US carriers (TechCrunch) It was the 800-lb. gorilla for the duration of today’s Huawei CES keynote — will he, or won’t he? Richard Yu managed to keep his cool for the majority..

Kodak launches cryptocurrency, stock pops 125% (CNNMoney) Forget Kodachrome. Kodak thinks its future may be KODAKCoin.

Bugcrowd: The next frontier of cybersecurity (Bugcrowd) Bugcrowd welcomes Michael Chung as Head of Government Solutions.

Deloitte Adds Former FBI Executive James Turgal to Growing Cybersecurity Incident Response Practice (PRNewswire) James Turgal, former executive assistant director for the Federal Bureau of...

(ISC)² Names Infrastructure and Security Director (Infosecurity Magazine) Bruce Beam will lead all aspects of (ISC)²’s global IT/ICT and cybersecurity operations.

Products, Services, and Solutions

5 of the best antivirus with free VPN (Windows Report) Are you interested in an Antivirus with free VPN? Or maybe you prefer security combined with anonymousity while surfing the web. Look no further, this …

Best Encrypted Email Services for 2018 (HackRead) Here are some of the best encrypted email services If you are looking for a platform that can secure your privacy and online communication.

VirusTotal Launches Visualization Tool (Security Week) VirusTotal this week announced the availability of a visualization tool designed to help with malware investigations.

Security startup Smokescreen uses deception technology to track and defeat hackers ( Using traditional military deception techniques, Smokescreen’s flagship product IllusionBLACK deceives hackers by showing them a virtual world of fake servers, workstations, passwords.At a glanceStart...

Risk management is all about the data; security should be, too (CSO Online) Bay Dynamics takes a data-driven approach to helping companies identify and address the real security threats based on asset value.

Biometric EMV Card for Contactless Payments Hits Market (Credit Union Times) EMV cards take a leap in biometric technology with the launch of a fingerprint-activated card.

Bitglass Announces Zero-Day Shadow IT Discovery (GlobeNewswire News Room) Breakthrough Technology Automatically Classifies Known and Unknown Cloud Apps

ThreatModeler Software Addresses Meltdown & SpectreNew Platform Update Provides Intelligence to make ThreatModeler’s Customers More Secure (Business Insider) ThreatModeler Software, Inc., provider of the industry’s #1 automated threat modeling platform, today announced that it is providing threat intelligence updates for its customers in the wake of the Meltdown and Spectre vulnerabilities.

ThreatModeler Software Addresses Meltdown & SpectreNew Platform Update Provides Intelligence to make ThreatModeler’s Customers More Secure (Business Insider) ThreatModeler Software, Inc., provider of the industry’s #1 automated threat modeling platform, today announced that it is providing threat intelligence updates for its customers in the wake of the Meltdown and Spectre vulnerabilities.

ThreatModeler Software Addresses Meltdown & SpectreNew Platform Update Provides Intelligence to make ThreatModeler’s Customers More Secure (Business Insider) ThreatModeler Software, Inc., provider of the industry’s #1 automated threat modeling platform, today announced that it is providing threat intelligence updates for its customers in the wake of the Meltdown and Spectre vulnerabilities.

ThreatModeler Software Addresses Meltdown & SpectreNew Platform Update Provides Intelligence to make ThreatModeler’s Customers More Secure (Business Insider) ThreatModeler Software, Inc., provider of the industry’s #1 automated threat modeling platform, today announced that it is providing threat intelligence updates for its customers in the wake of the Meltdown and Spectre vulnerabilities.

Interset 5.5 Radically Accelerates Data Breach Detection with AI Security Analytics (GlobeNewswire News Room) Interset increases ARR 450% year over year as demand grows for faster and more effective threat detection in Zero Trust networks

Technologies, Techniques, and Standards

NIST botnet security report recommendations open for comments (SearchSecurity) Public comments are now open on a draft botnet security report from DHS and the Secretary of Commerce and are bound for the president's desk.

Electronic Warfare: The Part Of The F-35 Fighter Story You Haven't Heard (Forbes) Modern warfare is waged largely on the electromagnetic spectrum.

Why more agencies aren’t starting bug bounty programs (Fifth Domain) A leader from the Hack the Pentagon bug bounty program describes the challenges associated with bringing bug bounties to the rest of the federal government.

What 'have a safe trip' means in the digital age (Conference & Incentive Travel Magazine) Digital security expert Alastair Paterson explains how to make sure your devices don't get hacked when you travel.

Lost Cryptocurrency? How to Prevent Your Digital Cash From Disappearing (Northrop Grumman) Don't let your bitcoins disappear. Here are some essential tips to prevent lost cryptocurrency.

Design and Innovation

Cisco ETA solves one of the biggest cybersecurity problems (CSO Online) Cisco Encrypted Traffic Analysis (ETA), now generally available, addresses one of the biggest pain points in the cybersecurity industry — finding malware in encrypted traffic.

What the Haven app shows us about the value of Open Source (CSO) Christmas may have come a few days early this past December for security advocates with the introduction of the Haven app, bringing with it a fair amount of excitement, criticism, and an excellent opportunity to explore some of the less often discussed aspects of working with open source.

AI-Powered Search Engine Ella Searches Security Footage with Keywords (HackRead) New AI-Powered Search Engine Ella lets users search their security and surveillance footages with keywords and find exactly what they are looking for.

Legislation, Policy, and Regulation

Is Estonia’s Approach to Cyber Defense Feasible in the United States? (War on the Rocks) White House cyber-security coordinator Rob Joyce warned in August that the United States is lacking 300,000 cyber-security experts needed to defend the country...

GDPR Questions Answered: Our Web App Could Store Data (Infosecurity Magazine) To help solve your GDPR queries, data privacy offer and expert Steve Wright is joining us to answer your questions.

DoD quietly reorganizes Cyber Command (Fifth Domain) U.S. Cyber Command has created a second deputy commander position to help the command move through elevation of unified combatant command.

House Passes Bill Mandating DHS Cybersecurity Oversight (Pacific Standard) The legislation adds requirements for the Department of Homeland Security to report to Congress on its process and policies throughout the evaluation of vulnerable information.

House poised to vote this week on renewal of major surveillance program (Washington Post) Privacy advocates are pushing for stronger curbs in Section 702 of the Foreign Intelligence Surveillance Act.

NSA Surveillance Bill Would Legalize Loophole That Lets FBI Spy on Americans Without a Warrant (The Intercept) The bill would limit how the FBI can use NSA data, but critics say it may do more harm than good by explicitly writing the loophole into law.

Pelosi — lead fight to block government spying on Americans (San Francisco Chronicle) The U.S. House of Representatives could soon vote to do something truly historic and deeply dangerous: authorize the warrantless surveillance of Americans. That’s unless Democratic leaders — starting with House Minority Leader Nancy Pelosi — speak out.

FBI chief calls unbreakable encryption 'urgent public safety issue' (Reuters) The inability of law enforcement authorities to access data from electronic devices due to powerful encryption is an "urgent public safety issue," FBI Director Christopher Wray said on Tuesday as he sought to renew a contentious debate over privacy and security.

FBI Director Christopher Wray's Remarks on Encryption to the International Conference on Cyber Security (Lawfare) FBI Director Christopher Wray's remarks on encryption as delivered to the International Conference on Cyber Security on Jan. 9.

FBI Boss: We Don’t Want Backdoors, but We Do Want Access to Encrypted Devices (Infosecurity Magazine) FBI Boss: We Don’t Want Backdoors, but We Do Want Access to Encrypted Devices. Wray claims Feds have nearly 7800 devices they can’t access

GOP senator says she’ll vote to restore net neutrality rules (Ars Technica) One more Republican vote needed to get net neutrality bill through Senate.

Litigation, Investigation, and Law Enforcement

The Legal Side of Cybersecurity and GDPR | Inside Counsel | Corporate Counsel (Inside Counsel | Corporate Counsel) As we begin 2018 there are two key issues that are top of mind for legal professionals right now--cybersecurity and the General Data Protection Regulation…

UK’s Carphone Warehouse fined nearly $540k for 2015 hack (TechCrunch) The UK's data watchdog has handed mobile phone retailer Carphone Warehouse a £400,000 fine -- just shy of the £500k maximum the regulator can currently..

VTech Announces Settlement with the US Federal Trade Commission on Cyber Attack Incident (AsiaOne) VTech Holdings Limited (VTech, HKSE: 303) announced that its wholly owned subsidiaries, VTech Electronics Limited and VTech Electronics North America, L.L.C., have reached a settlement with the US Federal Trade Commission (FTC) to resolve an investigation of a cyber attack in 2015 and certain technical issues involving notice and consent under the Children's Online Privacy Protection Act (COPPA). Although VTech has agreed to this settlement to address these long-resolved issues, VTech does not admit any violations of law or liability.

Spyware user tracked boyfriend to have him killed by hitman (Naked Security) The plan was going well, until the ‘hitman’ turned out to be working for the FBI.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

2018 Leadership Conference (Arlington, Virginia, USA, January 17 - 19, 2018) We invite you to join us for this unique opportunity to share information, participate in leadership training, collaborate on solutions to common problems, and network with peers from around the globe.

DistribuTECH (San Antonio, Texas, USA, January 23 - 25, 2018) The 15-track conference brings industry thought leaders from all over the world opportunities to network, share knowledge and problem solve with worldwide utilities and product and service providers. Among...

CYBERTACOS (Arlington, Virginia, USA, January 24, 2018) CYBERTACOS is back and becoming one of the DC metro area’s biggest cybersecurity networking events! Register today and join us for networking, food and drinks. This event includes a 45-minute meet the...

ATARC Federal CISO Summit (Washington, DC, USA, January 25, 2018) This educational, one-day symposium will discuss the security challenges faced by Federal Chief Information Security Officers and examine the lessons learned and best practices used to secure the information...

Connected Medical Device & IOT Security Summit (Baltimore, Maryland, USA, January 25 - 26, 2018) The Summit will offer practical solutions to many of the daunting security challenges facing medical device and connected health technology companies, healthcare providers, payers and patients. The program...

CyberUSA (San Antonio, Texas, USA, January 29 - 30, 2018) The CyberUSA Conference will be held in San Antonio, TX at the Henry B. Gonzalez Convention Center on Tuesday, January 30, 2018. A welcome reception will be held on the evening of Monday, January 29, 2018.

Women in Data Protection, Securing Medical Devices and Health Records (Washington, DC, USA, February 9, 2018) Join some of the top cyber and privacy professionals as they talk about the landscape of the medical device and electronic health records market. They will also talk about the dangers to patients' health...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.