North Korea continues to see Bitcoin theft as an attractive way to redress financial shortfalls sanctions are imposing. Both Bitcoin and competitor Ethereum crashed hard at the beginning of this week as increasingly stringent regulation, particularly in Russia and China, spook speculators.
The US CIA has concluded that Ukraine was right: NotPetya attacks on the former Soviet Republic indeed were the work of Russian intelligence services. The US Senate believes it's seeing signs of Russian influence operations directed against mid-term Congressional elections: there are reports of phishing expeditions against political targets. Canadian authorities are also bracing for an expected wave of election influence operations.
There may also be an approaching consensus that two mysteries are converging: sources close to the US Intelligence Community are saying it looks as if the Shadow Brokers obtained the material they leaked via scans conducted by Kaspersky security software. (Kaspersky Lab has consistently denied any involvement in espionage or improper collusion with Russian intelligence services.)
Researchers at ICEBERG have identified a large number of malicious Chrome extensions.
A Mirai variant, "Mirai Okiru," is active in the wild. The DDoS botnet is said to be capable of targeting widely used ARC-based Internet-of-Things devices. Its signatures diverge significantly from earlier Mirai strains, which will impede detection and blocking.
The response to Meltdown and Spectre proceeds, with performance penalties that, while smaller than initially feared, remain real concerns. Enterprises receive divided counsel on whether to apply patches or adopt other approaches to defense. Mobile devices seem particularly affected.
Today's issue includes events affecting Australia, Canada, China, France, Iran, Ireland, Israel, Democratic Peoples Republic of Korea, Republic of Korea, Malaysia, Poland, Russia, Taiwan, Ukraine, United Kingdom, United States.
Not all vendor risk is created equal – match your solution to your risk.
Vendor risk exists across a continuum. The vulnerabilities brought to your organization by one vendor will not always equate to those from another vendor. How do you determine, prioritize, and manage that risk? Download our ebook, “One Solution Does Not Fit All: Matching Your Solution to Third Party Risk” to learn how you can successfully reduce third party risk, so you’re not the liable for a vendor’s breach.
Kim Digs for Cybercrime Coin Sanctions Can't Snatch(The Cipher Brief) Through direct engagement globally in illicit activity, the regime of Kim Jong Un is seeking to circumvent international sanctions and sustain its continued despotic rule over the people of North Korea.
IoT malware targeting zero-day vulnerabilities(Help Net Security) Once it became evident that IoT devices can be relatively easily enslaved in botnets and that even their limited power can be used for a variety of nefarious purposes, it was open season for malicious actors.
New multi-featured mobile Trojan Loapi discovered(IT News Africa) Kaspersky Lab researchers have identified a new malware with multiple modules, which allows for an almost endless number of malicious features – from crypto currency mining to DDos attacks.
More SCADA app vulnerabilities found(Naked Security) A big motivation for pulling software apart to find security flaws is the idealistic hope that developers will get the message and do a better job next time. But what happens if they don’t?
Infected USB sticks handed out at data security event(Taipei Times) The Criminal Investigation Bureau has admitted that it handed out 54 malware-infested thumb drives to the public at a data security expo hosted by the Presidential Office from Dec. 11 to Dec. 15 last year.
Update On The Spectre And Meltdown Patches For Power(IT Jungle) When it comes to the Spectre and Meltdown speculative execution security vulnerabilities that hit as the new year was getting going, the important word to ponder is “mitigated.” Everyone is talking about mitigating the issue, but no one is using the word “fixed.” As we discussed last week, one of the two types of Spectre
Arxan Vs. Invisible Hacks Of Invisible Payments(PYMNTS.com) Invisible payments are convenient…until they’re not. From paying for groceries through Apple Pay to paying for a ride on Lyft, many popular services today require nothing but a phone – no need to pull out a credit card or sign a receipt. It’s almost like not spending money at all. Yet just because these payments […]
The state of Israel’s cybersecurity market(TechCrunch) The Equifax breach, WannaCry, NotPetya, the NSA leak, and many more cyber incidents - 2017 was certainly a busy year for hackers, illustrating yet again just..
2018 Levchin Prize recipients announced(Financial News) Internet entrepreneur Max Levchin´s annual prize, the Levchin Prize for Real-World Cryptography honors significant contributions by entrepreneurs dedicated to solving global, real-world cryptography issues, the company said.
PM launches 2nd edition of much-awaited Malaysia Cyber Games(Yahoo! News) The government will continue to champion the development of e-sports in the country, Prime Minister Datuk Seri Najib Razak assured the nation’s youth after launching the second edition of the Malaysia Cyber Games at the Putra World Trade Centre (PWTC) here on Sunday. Najib said that to
Ex-President Lee at center of multiple probes(Korea Herald) Former President Lee Myung-bak is involved in several ongoing investigations by the prosecution, but it remains to be seen whether prosecutors will be able to hold Lee accountable as they get to the bottom of a bribery scandal and alleged political maneuvers by the state spy agency and the Defense Ministry during his presidency, as well as a slush fund case.
Canadian Police Charge Man Behind LeakedSource Portal(BleepingComputer) The Royal Canadian Mounted Police (RCMP) announced today they've charged a 27-year-old man named Jordan Evan Bloom for running LeakedSource.com, a website that compiled public data breaches, including cleartext passwords, and sold access to this information for a few dollars.
How ex-congresswoman helped squelch reports of secret government surveillance(San Francisco Chronicle) When two New York Times reporters learned in 2004 that the George W. Bush administration was secretly wiretapping Americans, and collecting their phone and email records, the reporters’ attempt to publish their findings were thwarted by the administration’s intense and successful lobbying of their editors.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
4th Middle East Cyber Security Summit(Riyadh, Saudi Arabia, April 4 - 5, 2018) The summit will feature state of the art presentations, hackathons and technology showcasing from regional and international experts and leading technology providers. One of the focus areas of the summit...
2018 Leadership Conference(Arlington, Virginia, USA, January 17 - 19, 2018) We invite you to join us for this unique opportunity to share information, participate in leadership training, collaborate on solutions to common problems, and network with peers from around the globe.
DistribuTECH(San Antonio, Texas, USA, January 23 - 25, 2018) The 15-track conference brings industry thought leaders from all over the world opportunities to network, share knowledge and problem solve with worldwide utilities and product and service providers. Among...
CYBERTACOS(Arlington, Virginia, USA, January 24, 2018) CYBERTACOS is back and becoming one of the DC metro area’s biggest cybersecurity networking events! Register today and join us for networking, food and drinks. This event includes a 45-minute meet the...
ATARC Federal CISO Summit(Washington, DC, USA, January 25, 2018) This educational, one-day symposium will discuss the security challenges faced by Federal Chief Information Security Officers and examine the lessons learned and best practices used to secure the information...
Connected Medical Device & IOT Security Summit(Baltimore, Maryland, USA, January 25 - 26, 2018) The Summit will offer practical solutions to many of the daunting security challenges facing medical device and connected health technology companies, healthcare providers, payers and patients. The program...
CyberUSA(San Antonio, Texas, USA, January 29 - 30, 2018) The CyberUSA Conference will be held in San Antonio, TX at the Henry B. Gonzalez Convention Center on Tuesday, January 30, 2018. A welcome reception will be held on the evening of Monday, January 29, 2018.
Security Titans(Scottsdale, Arizona, USA, February 23, 2018) Security Titans is a ground-breaking event, bringing the biggest names in Information Security together - all in one day, on a single stage to give the nation's cyber security industry access to the very...
European Cybersecurity Forum – CYBERSEC Brussels(Brussels, Belgium, February 27, 2018) CYBERSEC Forum is an unique opportunity to meet and discuss the current issues of cyber disruption and ever-changing landscape of cybersecurity related threats. Our mission is to foster the building of...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.