Looking for an introduction to AI for security professionals?

Your wait is over. A new book is out from the Cylance data science team, covering artificial intelligence and machine learning techniques in practical situations to improve the security professional’s ability to thrive in a data driven world. Whether you are reviewing logs or analyzing malware, being able to derive meaningful results and improve productivity is key. Order your free copy today.

The daily briefing.

F-Secure researchers have demonstrated a way to exploit Intel's Active Management Technology that enables them to bypass BIOS and BitLocker passwords. Exploitation could let an attacker take control of a device quickly (in "under thirty seconds").

IOActive and Embedi have identified one-hundred-forty-seven vulnerabilities in thirty-four mobile applications that are widely used to interact with industrial control systems. 

AMD yesterday revised its estimate of how susceptible its chips are to Spectre. The company now believes they're severely affected by both Spectre vulnerabilities. AMD promises to make a patch available as soon as possible.

Intel, Microsoft, and other vendors continue to work on fixing Spectre and Meltdown. The performance penalty the patches will impose is now becoming clearer: troublesome, but less alarming than initially feared.

Security experts expect Fancy Bear to continue to make itself felt during the present Olympiad. Doxing in retaliation for drug disqualifications is thought unlikely to be the end of it.

Google ejects more malign apps from the Play Store. One, a phony Telegram app, is a spamming tool. The others—some sixty—are infected with "AdultSwine" malware that serves up indecent, graphic ads to, among others, children.  

Monero miners are being installed in unpatched Oracle WebLogic servers.

Responding to public and official concerns, Facebook and Google continue to experiment with content moderation.

The US Congress considers legislation that would bar Federal contractors from using Huawei equipment.

EU officials say companies could have been fined under GDPR for Spectre and Meltdown if they'd come to light this May.

[250]

Cylance is proud to be the CyberWire sustaining sponsor for 2018. Learn more about how Cylance prevents cyberattacks at cylance.com

A note to our readers: On Monday we'll be observing the annual holiday in honor of Dr. Martin Luther King, Jr., and neither the Daily Briefing nor the Daily Podcast will be published. Research Saturday will be up as usual tomorrow, as will the Week that Was on Sunday. We'll return to our normal publication schedule on Tuesday, January 16th.

Today's edition of the CyberWire reports events affecting Ecuador, Estonia, France, Germany, Japan, Montenegro, Russia, Turkey, Ukraine,  the United Kingdom, the United States, and Vietnam.

The board and cyber-risk oversight: Crown Jewels Risk Assessments.

Corporate directors want to review cybersecurity risk and assist security leaders in protecting critical assets. Learn how to identify what matters the most and how to collaboratively assess and treat cyber risk using Crown Jewels Risk Assessments.

On the Podcast

In today's podcast we speak with our partners at the SANS Institute's Internet Storm Center, as Johannes Ullrich tells us what to do about those IoT connected presents you probably received over the holidays. Our guest Philip Reitinger, CEO of the Global Cyber Alliance, describes approaches to eradicating systemic cybersecurity risks.

Don't forget tomorrow's Research Saturday podcast. This week's edition features a conversation with Group-IB's Dmitry Volkov and Nicholas Palmer, who tell us what they've discovered about the MoneyTaker banking Trojan that's been troubling banks in Russia and elsewhere.

Sponsored Events

Cyber Job Fair, January 23, San Antonio visit ClearedJobs.Net for details. (San Antonio, TX, USA, January 23, 2018) Cleared and non-cleared cybersecurity pros make your next career move at the Cyber Job Fair, January 23 in San Antonio. Meet leading cyber employers including Engility, IPSecure, Mission Essential and more. Visit ClearedJobs.Net for info.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Update on Pawn Storm: New Targets and Politically Motivated Campaigns (TrendLabs Security Intelligence Blog) The active espionage actor group Pawn Storm didn’t shy away from continuing their brazen attacks in the second half of 2017. Pawn Storm's attacks usually are not isolated incidents. We can often relate them to earlier attacks by carefully looking at the technical indicators and motives.

Intel AMT Security Issue Lets Attackers Bypass BIOS and BitLocker Passwords (BleepingComputer) An F-Secure security researcher has found a way to use Intel's Active Management Technology (AMT) to bypass BIOS passwords, BitLocker credentials, and TPM pins and gain access to previously-secured corporate computers.

Security flaws in Intel AMT enable attackers to take control of laptops in 30 seconds (Computing) Pwned in 30 seconds: Warning over new security flaws in Intel Active Management Technology

Researchers uncover major security vulnerabilities in ICS mobile applications (Help Net Security) IOActive and Embedi researchers found 147 cybersecurity vulnerabilities in 34 mobile applications used in tandem with SCADA systems.

Everything running smoothly at the plant? *Whips out mobile phone* Wait. Nooo... (Register) SCADA mobile app security is getting worse

Mobile SCADA application landscape less secure than in 2015 (SC Media UK) Within just two years, the security situation for SCADA has got worse to the tune of an average increase of 1.6 vulnerabilities per application tested.

AMD says chips are also exposed to Spectre security flaw (CRN Australia) Shares were up 20 percent after bug was revealed.

NSA Didn't Know of Meltdown, Spectre, Trump Cyber Czar Says (Tom's Guide) The NSA didn't know about the Meltdown and Spectre computer-security flaws, the agency's former top hacker said in New York today.

G DATA Sicherheitsexperte über seine Forschung zu "Spectre" und "Meltdown" (Pressebox) Anders Fogh von der G DATA Advanced Analytics gibt im Interview Einblick in seine Grundlagenarbeit, die zur Entdeckung der Schwachstellen geführt hat

Spyware targets North Korean dissidents via social links, says McAfee (ComputerWeekly.com) Researchers at security firm McAfee have confirmed that social networks are being used to target North Korean dissidents with spyware.

Russia-linked hackers apparently targeting 2018 Olympics (TheHill) Hackers calling themselves "Fancy Bears" release alleged confidential communications from International Olympic Committee officials.

Duping Doping Domains (ThreatConnect) Possible Fancy Bear domains spoofing anti-doping and Olympic organizations

Russians may be planning hack to cast shadow on Olympics: researchers (Reuters) A Virginia-based cybersecurity firm said on Thursday it had found early indications that Russia-based hackers may be planning attacks against anti-doping agencies in retaliation for Russia's exclusion from next month's Winter Olympic Games.

The Other Scary Foreign Hacking Threat Trump Is Ignoring (Fast Company) Russia didn’t just meddle in the U.S. election: it’s trying to hack our critical infrastructure–and Trump may be keeping Americans in the dark.

Apps Exposing Children to P[0]rn Ads Booted From Google Play (Threatpost) Researchers identified 60 apps on Google Play infected with AdultSwine malware that in some cases displayed graphic adult-themed ads on apps intended for children.

Malware infected fake Telegram Messenger app found in Play Store (HackRead) Another day another Android malware, this time a fake Telegram Messenger app on Play Store has been found infecting users with a malware that spams devices with ads.

Warning over unpatched Oracle WebLogic Servers being targeted with Monero-mining malware (Computing) Rule number one of IT security: Always. Patch. Promptly...

Hackers Make Whopping $226K Installing Monero Miners on Oracle WebLogic Servers (BleepingComputer) A group of hackers has made over a quarter-million dollars worth of Monero by breaking into Oracle WebLogic servers and installing a cryptocurrency miner.

Bitcoin Blackmail by Snail Mail Preys on Those with Guilty Conscience (KrebsOnSecurity) KrebsOnSecurity heard from a reader whose friend recently received a remarkably customized extortion letter via snail mail that threatened to tell the recipient’s wife about his supposed extramarital affairs unless he paid $3,600 in bitcoin. The friend said he had nothing to hide and suspects this is part of a random but well-crafted campaign to prey on men who may have a guilty conscience.

Coprocessor Attacks: the Hidden Threat (Infosecurity Magazine) Coprocessors typically run their own firmware which—like any other computer code—can be vulnerable to attack.

Can’t assess extent of damage from Android malware as hacker yet to use info: Sanjay Katkar, Quick Heal Tech (The Economic Times) “Our focus area has been adding more features on larger enterprises and data breach threats.”

Is This The End Of Bitcoin's Ransomware Monopoly? (Information Security Buzz) News broke overnight that , a new variant of the HC7 Ransomware is in the wild that encrypts a victim’s files and appends the .PLANETARY extension to the filename. What makes this particular ransomware variant unique is that it may be the first one that accepts the Ethereum cryptocurrency as a ransom payment. Andy Norton, Director of Threat Intelligence at Lastline commented …

Warbiking in Perth – how does Wi-Fi security stack up these days? (Naked Security) Perth, Western Australia. Christmas in summer. Warbiking in the sunshine! Here’s what we found…

Security Patches, Mitigations, and Software Updates

Dell EMC patches vulnerabilities in its data protection products (Network World) The vulnerabilities affect Dell EMC's Avamar Server, NetWorker Virtual Edition, and Integrated Data Protection Appliance. Users should apply patches now.

Here’s how, and why, the Spectre and Meltdown patches will hurt performance (Ars Technica) Now that microcode and patches are starting to ship, a clearer picture is emerging.

AMD confirms that its CPUs are exposed to all variants of Spectre - promises patches ASAP (Computing) No Meltdown at AMD, but company admits vulnerability to Spectre flaw

Intel Releases Linux CPU Microcodes To fix Meltdown & Spectre Bugs (BleepingComputer) On January 8th Intel released new Linux Processor microcode data files that can be used to mitigate the Spectre and and Meltdown vulnerabilities in Intel CPUs. Using microcodes, an operating system can fix known bugs in Intel CPU without having to perform a BIOS update on the computer.

Intel says patches can cause reboot problems in old chips (Reuters) Intel Corp on Thursday said that recently issued patches for flaws in its chips could cause computers using its older Broadwell and Haswell processors to reboot more often than normal and that Intel may need to issue updates to fix the buggy patches.

Microsoft rolling out Surface firmware updates with Meltdown, Spectre mitigations (Windows Central) Microsoft is rolling out a new round of firmware updates for Surface devices, bringing mitigations for Spectre and Meltdown in the process.

Intel and Microsoft sow confusion over security flaw (Financial Times) Chipmaker talks down impact on PC performance from fixing Meltdown and Spectre issues

Those pesky registry keys required by critical security patches (SANS Internet Storm Center) With the “storm” around Meldown and Spectre slowly winding down, I would like to remind everyone on registry changes that are required by the latest patches released by Microsoft.

Meltdown and Spectre fallout: patching problems persist (Malwarebytes Labs) In the days since Meltdown and Spectre have been made public, we’ve tracked which elements of the design flaw, known as speculative execution, are vulnerable and how different vendors are handling the patching process.

No need to rush network patching for Spectre and Meltdown (SearchNetworking) Security experts said Spectre and Meltdown pose a low risk to networking gear. Nevertheless, network patching should be done following extensive testing.

Microsoft details Windows 10 security, touts it as a 'worthy upgrade' (Neowin) Microsoft has touted the multi-layered defense strategy of Windows 10, saying that the increased security of its latest operating system against ransomware attacks make it a "worthy upgrade".

Microsoft adds end-to-end encryption to Skype for secure conversations (TechRepublic) Available to Skype Insiders, the Private Conversations feature is built on the Signal Protocol by Open Whisper Systems.

Cyber Trends

The 2018 Eye on Privacy Report (MediaPro) The 2018 Eye on Privacy Report is now available. Download it now for details on how the average U.S. employee responds to sensitive data in real world scenarios.

Median 'dwell' time for cyber intrusion highest in APAC at 172 days: FireEye (ZDNet) The time between an attacker compromising a secured network and the breach being detected is the highest in the APAC region, with the median 'dwell' time 73 days above the global median of 99 days.

Former Michigan CISO: Don't Ignore Security Predictions (BankInfo Security) It seems like every vendor in the data security industry makes predictions this time of year. Which ones should you pay attention to? All of them, says Dan

Marketplace

Endgame Endpoint Protection Platform Wins Contract with U.S. Navy to Protect Critical Assets (PRNewswire) Endgame wins competitive selection process against other endpoint security platforms

Context Labs Acquires IoT ImpactLABS (Business Insider) Context Labs (CXL) announced today that it has acquired IoT ImpactLABS. The acquisition will further accelerate CXL's blockchain-based Immutably™ platform in its movement upstream in the supply chain, enabling the "Supply Chain of Everything." The acquisition will accelerate integration with IoT-connected devices, sensors and systems.

Inpixon (NASDAQ:INPX) is Mingling Blockchain and Security (Finance Registrar) Inpixon (NASDAQ:INPX) is another company emerging that will get you that blockchain fix you need. INPX was up as much as +40%  early in the ...

VMware confirms job cuts (CRN) Vendors says it's cutting 'a small percentage' of its workforce

15 companies graduate from UMBC's bwtech, ready to grow on their own (Baltimore Business Journal) More than 110 companies have graduated since bwtech@UMBC began offering incubation services in 1989.

IBM Layoffs 2018: 10,000 Staff Cuts in Global Technology Services (GTS)? (ChannelE2E) IBM may lay off 10,000 employees from the Global Technology Services (GTS) team, according to a report about alleged IBM staff cut plans from The Register.

IBM just replaced its chief financial officer (Business Insider) The change comes hours after reported layoffs in IBM's computer service delivery business.

Artificial Intelligence Leader Beyond Limits to Drive Growth with New Chief Marketing Officer (Business Insider) Beyond Limits, a developer of advanced artificial intelligence (AI) and cognitive computing solutions, today announced it has appointed Dann Wilkens as its new Chief Marketing Officer.

New CSO, CISO appointments (CSO Online) Find up-to-date news of CSO, CISO and other senior security executive appointments.

Products, Services, and Solutions

New infosec products of the week​: January 12, 2018 (Help Net Security) Code42 enhances data security and recovery solution Code42 announced enhancements to its data security solution. The Security Center helps detect and mitig

2017's Top stories from Prey users who fought theft and won! (Pry Project) Our users, the Preyans, are a brave bunch! They continuously share their cool stories about how they kicked crime's butts and retrieved their stolen devices.

Protecting Security-Sensitive Software From Spectre (PRNewswire) GrammaTech, Inc., a leading developer of commercial embedded software...

Code42 Enhances Its Data Security and Recovery Solutions in a Market Defined by Global Cyberattacks (BusinessWire) Code42, the global leader in cloud-based endpoint data protection and recovery, today announced enhancements to its data security solution.

Express Logic’s X-Ware IoT Platform receives Thread product certification (Embedded Computing) The X-Ware IoT Platform provides industrial-grade implementations of IPv6 over 6LoWPAN, CoAP, and DTLS.

Technologies, Techniques, and Standards

Strong security simplifies compliance for French operators of vital industry (Help Net Security) In 2014, France’s National Agency for the Security of Information Systems, or ANSSI, issued two detailed cybersecurity guidance documents for Industrial Co

3 ways DHS is helping states with election security (FCW) A DHS official touted better relationships with state and local governments, increased information sharing and better tools as election security areas of focus before the upcoming midterm elections.

AI’s Biggest Impact in the Data Center is Cybersecurity (Data Center Knowledge) AI tools can handle more data than human security pros ever can and find anomalies that are invisible to humans.

Protecting Yourself From Ransomware (New York Times) Common sense and software can keep your system safer from security threats.

What Can We Learn from Counterterrorism and National Security Efforts? (Dark Reading) The best practices and technologies that originated in the intelligence realm can help businesses stay safer, too.

Design and Innovation

After Logan Paul incident, Google Preferred YouTube videos will face further vetting (Ars Technica) Videos with the top ads will be examined by human moderators and AI software.

Facebook plans major news feed changes (BBC News) CEO Mark Zuckerberg says he plans to make posts from businesses, brands and media less prominent.

Facebook feed change sacrifices time spent and news outlets for “well-being” (TechCrunch) CEO Mark Zuckerberg wrote on Facebook today, "I'm changing the goal I give our product teams from focusing on helping you find relevant content to helping you..

Facebook Is Deprioritizing Our Stories. Good. (Motherboard) A society that relies on a centralized portal to get its news may very well be doomed.

Research and Development

Power-Hog Bitcoin May Find Answers in Scientific Bounty Hunt (SWI swissinfo.ch) Methods used by computers programmed to run a 350-year-old equation may also offer answers to bitcoin’s out-sized demand for ...

Pulses of light to encrypt data and protect security of cryptocurrencies (EurekAlert!) Data travels through thousands of miles of fiber optic cables underneath the world's oceans--via pulses of light. And according to experts, the data in these cables is at great risk of being intercepted. However, a newly designed frequency comb--recently developed by researchers at the USC Viterbi School of Engineering might be an effective tool for data encryption.

Academia

5 Baltimore city high school students got top secret clearances, and are interning at the NSA (Technical.ly Baltimore) The Carver VoTech High School students are the first from the city to participate in the NSA's work study program. Delali Dzirasa of Fearless and Aisha DaCosta of I Am OKah talk about getting the program off the ground.

Good Will Hacking: How Brooklyn Is Training Cyber Sleuths (The Bridge) A new degree program at NYU Tandon is part of the city's effort to address a critical shortage of cybersecurity experts

Cyber Security Challenge UK Appoints New CEO (Infosecurity Magazine) Colin Lobley will take up the role following the death of Stephanie Daman

Legislation, Policy, and Regulation

Interview: Former British intelligence director calls for enforced rules in cyberspace (Xinhua) The Internet "cannot be a values-free area" and the government needs to closely collaborate with tech companies to counter online illegality and ensure cyber security, said Robert Hannigan, former director of Britain's Government Communications Headquarters (GCHQ).

Abe to seek Estonia's help in cyberdefense on European tour (Nikkei Asian Review) Baltic and Balkan visit will also focus on IT, politics and economy

What’s Behind Vietnam’s New Military Cyber Command? (The Diplomat) The institution is just the latest move by the government to respond to growing challenges in the cyber realm.

New bill bans US government agencies using contractors with Huawei or ZTE tech (TechCrunch) There's more misery ahead for Huawei, which just saw AT&T pull out of a deal to carry its first smartphone, and fellow Chinese tech firm ZTE. The duo..

Litigation, Investigation, and Law Enforcement

GDPR Meltdown: EU Regulator Sends Warning on Chip Flaws (Digital Guardian) Failing to patch the Meltdown and Spectre processor flaws could expose organizations to steep fines under the EU’s General Data Protection Regulation (GDPR) officials in the UK have warned.

Democratic report warns of Russian meddling in Europe, US (Federal Times) A new report by Senate Democrats warns of deepening Russian interference throughout Europe and concludes that even as some Western democracies have responded with aggressive countermeasures, President Donald Trump has offered no strategic plan to bolster their efforts.

Russia dismisses Democratic US Senate report as unfounded (Federal Times) The 200-page report is the first from Congress to detail alleged Russian efforts to undermine democracies since the 2016 U.S. presidential election. Putin’s spokesman, Dmitry Peskov, said “the accusations of alleged meddling leveled against our country are absolutely unfounded.”

Director Addresses Cyber Conference (Federal Bureau of Investigation) At the International Conference on Cyber Security in New York, FBI Director Christopher Wray discussed how the FBI is evolving to stay ahead of threats in the digital age.

Ten biggest fines dished out by the ICO (CRN) Following Carphone Warehouse's £400,000 penalty, we count down the 10 biggest fines handed down by the UK's data watchdog

Facebook settles after 14-year-old sues over n[*]de image reposting (Naked Security) The alleged extortionist, still facing charges, reposted the image to shame sites multiple times. Why didn’t Facebook use hashes to stop it?

Blue Coat granted non-infringement ruling in Finjan patent case (World Intellectual Property Review) Cyber security company Blue Coat Systems has been granted a judgment of non-infringement in a cyber security patent case.

Whiffyleaks: Julian Assange told to take shower (Times) Julian Assange’s poor hygiene has played a role in the latest agitations by Ecuador to extricate him from his five-year standoff in its embassy, a well-placed source has told The Times. Staff at...

Drunk droning could cost you jail time in New Jersey (Naked Security) The New Jersey law would make inebriated droning a disorderly person’s offense.

Cyber Events

For a complete running list of events, please visit the event tracker on the CyberWire website.

Cyber Job Fair, January 23, San Antonio visit ClearedJobs.Net for details.

Newly Noted Events

Security Titans (Scottsdale, Arizona, USA, February 23, 2018) Security Titans is a ground-breaking event, bringing the biggest names in Information Security together - all in one day, on a single stage to give the nation's cyber security industry access to the very best InfoSec thought leadership in one, focused event. Keynote speakers Kevin Mitnick, the first computer hacker to make the FBI’s Most Wanted list, and Frank Abagnale, a hacker turned security consultant whose life was the inspiration for the film Catch Me If You Can, will share secrets from their hacking days.

Upcoming Events

2018 Leadership Conference (Arlington, Virginia, USA, January 17 - 19, 2018) We invite you to join us for this unique opportunity to share information, participate in leadership training, collaborate on solutions to common problems, and network with peers from around the globe. Together, we can advance the mission of ASIS International and the security profession worldwide.

DistribuTECH (San Antonio, Texas, USA, January 23 - 25, 2018) The 15-track conference brings industry thought leaders from all over the world opportunities to network, share knowledge and problem solve with worldwide utilities and product and service providers. Among the tracks will be a Utility Cybersecurity Summit organized by GlobalSign.

CYBERTACOS (Arlington, Virginia, USA, January 24, 2018) CYBERTACOS is back and becoming one of the DC metro area’s biggest cybersecurity networking events! Register today and join us for networking, food and drinks. This event includes a 45-minute meet the press panel made up of local and national cybersecurity reporters who will discuss what they are covering and how to best work with them.

ATARC Federal CISO Summit (Washington, DC, USA, January 25, 2018) This educational, one-day symposium will discuss the security challenges faced by Federal Chief Information Security Officers and examine the lessons learned and best practices used to secure the information technology resources of government agencies.

Connected Medical Device & IOT Security Summit (Baltimore, Maryland, USA, January 25 - 26, 2018) The Summit will offer practical solutions to many of the daunting security challenges facing medical device and connected health technology companies, healthcare providers, payers and patients. The program brings together healthcare, medical device and security experts to offer a unique complete end-to-end perspective on the cybersecurity environment – from the economics and motivations of ransomware authors to the needs of the patient. Supporting organizations of the Summit include the American College of Clinical Engineering, INCOSE and The Society for Participatory Medicine. Keynote speakers include Ron Williams, IBM Security Systems and Matthew Green, PhD, Johns Hopkins University.

CyberUSA (San Antonio, Texas, USA, January 29 - 30, 2018) The CyberUSA Conference will be held in San Antonio, TX at the Henry B. Gonzalez Convention Center on Tuesday, January 30, 2018. A welcome reception will be held on the evening of Monday, January 29, 2018. This one day event will bring the cyber community together to collaborate on the mission purpose of establishing innovation, education, workforce development, enhanced cyber readiness, and resilience.

Women in Data Protection, Securing Medical Devices and Health Records (Washington, DC, USA, February 9, 2018) Join some of the top cyber and privacy professionals as they talk about the landscape of the medical device and electronic health records market. They will also talk about the dangers to patients' health and personal information, if or when their devices or EHR is breached by a hacker or inadvertently exposed by providers and staff.

THE CYBERWIRE
Compiled and published by the CyberWire editorial staff. Views and assertions in linked articles are those of the authors, not the CyberWire.
The CyberWire is published by Pratt Street Media and its community partners. We invite the support of other organizations with a shared commitment to keeping this informative service free and available to organizations and individuals across the globe.