skip navigation

More signal. Less noise.

How are companies actually using machine learning for threat intelligence?

Artificial intelligence, and in particular machine learning, has seen huge strides in recent years and is now impacting all aspects of society and business. Learn the four ways machine learning is powering smarter threat intelligence with Recorded Future's latest white paper. Download your copy now.

Daily briefing.

Twitter continues to notify users that they've been contacted by bots from the Internet Research Agency, the now-famous St. Petersburg troll farm. Russian bots appear to have shown a new flurry of activity over the weekend.

Tweeting toward Washington, the bots call for the release of a FISA memorandum prepared by House Intelligence Committee staff. The memo's said, by the bots and others, to be "explosive," and perhaps good government would be served by its release, but that's not what they're interested in around Moscow and St. Petersburg.

Social media trolling is also on the upswing in the Czech Republic as it conducts the presidential run-off between challenger Jiri Drahos and incumbent Milos Zeman. Radio Liberty says the trolls snapping mostly at Drahos.

A new Trojan, "Evrial," has been discovered. It has the unusual ability to snoop through not just browser cookies and stored credentials, but also through Windows Clipboard. That latter capability is paired with the ability to replace strings in the Clipboard. Criminals are using such replacement to redirect BitCoin payments to their own accounts. 

This month's wave of SamSam ransomware crests in the healthcare sector. Allscripts continues its recovery from the infestation disclosed last week.

Natalya Kaspersky, Eugene's ex and co-founder of their eponymous security company Kaspersky Lab, has said, reports Sputnik, that Satoshi Nakamoto is a crypto crew inside the US Intelligence Community. They created Bitcoin as "dollar 2.0" the better to advance the Five Eyes' interests, says she. (Others say Satoshi was a rogue AI.)


Today's issue includes events affecting Canada, China, Czech Republic, European Union, Israel, Japan, Republic of Korea, Lithuania, NATO/OTAN, Russia, United Kingdom, United States.

Is your security team equipped to make the very best tactical decisions?

Conducting business in another country and need to know more about international business laws? Want to know some of the biggest threats to the 2018 Winter Olympics or North Korea’s cyber capabilities? You need finished intelligence…from the experts. Join LookingGlass’ Sr. Director of Investigation and Analysis, Olga Polishchuk and Jonathan Tomek, Sr. Director of Research on February 20 @ 2PM ET, as they discuss what your security team needs to make more effective business decisions.

In today's podcast we hear from our partners at Accenture Labs, as  Malek Ben Salem talks about the challenges of deploying next-generation cryptography.

Cyber Security Summits: February 13 in Silicon Valley & Atlanta on February 28 (Silicon Valley, California, USA, February 13, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Darktrace, IBM and more. Register with promo code cyberwire50 for half off your admission (Regular price $350)

Cyber Attacks, Threats, and Vulnerabilities

Russian Bots Call for Release of FISA Memo (Infosecurity Magazine) Russian Bots Call for Release of FISA Memo. Republican lawmakers follow suit, despite voting to reauthorize surveillance law

Fake News Kicks Into High Gear In Czech Presidential Runoff (RadioFreeEurope/RadioLiberty) Attacks against the challenger to Czech President Milos Zeman step up as voters head toward a runoff vote.

Lithuania probes TV station cyber attack which published fake news story (Independent) A probe has been launched into a cyber attack against a Lithuanian TV station.

Bitcoin is a 'Project of US Intelligence,' Kaspersky Lab Co-Founder Claims (Sputnik News) Natalya Kaspersky claimed that Bitcoin was designed to provide financing for US and British intelligence activities around the world. The expert called the cryptocurrency "dollar 2.0."

Conspiracy Group Claims Bitcoin Created by Rogue AI (Bitcoinist) A new Bitcoin conspiracy theory has emerged online, claiming that the cryptocurrency was created by a rogue artificial intelligence.

Trisis nation-state authored malware leaked onto internet (SC Media UK) Schneider Electric accidentally puts malware online that could shut down power plants. Nation state authored malware has been mistakenly put online.

Cisco adds nine more products to Spectre, Meltdown probe (CRN Australia) In addition to dozens of systems already under investigation.

Evrial Trojan Switches Bitcoin Addresses Copied to Windows Clipboard (BleepingComputer) A new information stealing Trojan called Evrial is being actively distributed in the wild. Like most infostealing Trojans, Evrial can steal browser cookies and stored credentials, but this Trojan also has the ability to monitor the Windows clipboard for certain text replace it with text received from the attackers.

Researchers identify a new data-compromising Trojan that spies on Windows clipboard (Computing) Is someone spying on your Windows Clipboard?

Malicious Chrome extension is next to impossible to manually remove (Ars Technica) Extensions remain the Achilles heel for an otherwise highly secure browser.

2018 Olympics: Could computer hacks produce the wrong winners? (USA TODAY) Sporting events are only meaningful if we trust the results. But as digital devices proliferate, so will the risks of cybersecurity failures.

Android Malware in gaming apps on Play Store downloaded 4 million times (HackRead) Dr.Web researchers have found 27 gaming apps infected with Android malware and Google has not removed it from Play Store.

The Google Play “Super Antivirus” that’s not so super at all… [REPORT] (Naked Security) SophosLabs has published a technical report digging into the details of a not-so-super “Super Antivirus” charade on Google Play.

Misconfigured Jenkins Servers Leak Sensitive Data (Security Week) A researcher has conducted an analysis of Jenkins servers and found that many of them leak sensitive information, including ones belonging to high-profile companies.

Half of Norway’s Population May Have Been Breached (Infosecurity Magazine) Half of Norway’s Population May Have Been Breached. Healthcare provider hit by major intrusion

SamSam Ransomware Hits Hospitals, City Councils, ICS Firms (BleepingComputer) The SamSam ransomware group seems to have gotten to a "great" start in 2018, hitting several high-profile targets such as hospitals, a city council, and an ICS firm.

Allscripts recovering from ransomware attack that has kept key tools offline (CSO Online) Allscripts, the billion-dollar electronic health record (EHR) company headquartered in Chicago, IL said they were still working to recover from a ransomware attack that left several applications offline after data centers in Raleigh and Charlotte, NC were infected on Thursday.

Reel Talk: Phishing Attacks Not Water Under the Bridge Yet (Security Intelligence) Phishing attacks are still muddying the waters of network security despite an uptick in security awareness. How can companies avoid the hook?

Up to 40K Affected in Credit Card Breach at OnePlus (Dark Reading) The smartphone manufacturer has sent an email to anyone who may have been affected in the breach.

Hacker Infects Gas Pumps with Code to Cheat Customers (Threatpost) Russian authorities have broken up a crime ring involving a hacker and willing gas-station employees who have used malicious software to cheat customers of gas.

Struts and DotNetNuke Server Exploits Used For Cryptocurrency Mining (TrendLabs Security Intelligence Blog) Threat actors have turned to cryptocurrency mining as a reliable way to make a profit in recent months. Cryptocurrency miners use the computing power of end users to mine coins of various kinds, most commonly via malware or compromised websites. By compromising servers in order to run cryptocurrency miners, the threat actors would gain access to more computing power and increase their profits from illicit mining.

Forget viruses or spyware—your biggest cyberthreat is greedy currency miners (MIT Technology Review) Software that hijacks your computer to mine has become the most popular malware on the planet.

Understanding Motivations and Methods of Web Defacement (TrendLabs Security Intelligence Blog) Cybercrime takes on many forms, but one of the long-standing tactics attackers use is web defacement – the process of compromising and vandalizing a website. Typically, these attackers – known as web defacers – replace the original page with their own version, boldly stating a political or social message. This is not a new phenomenon, but it is an enduring one. The data we’ve analyzed goes back almost two decades, and we’ve seen how the process of web defacement is still being used nowadays.

6 ways hackers will use machine learning to launch attacks (CSO Online) Machine learning algorithms will improve security solutions, helping human analysts triage threats and close vulnerabilities quicker. But they are also going to help threat actors launch bigger, more complex attacks.

Security Patches, Mitigations, and Software Updates

Red Hat Will Revert Spectre Patches After Receiving Reports of Boot Issues (BleepingComputer) Red Hat is releasing updates that are reverting previous patches for the Spectre vulnerability (Variant 2, aka CVE-2017-5715) after customers complained that some systems were failing to boot.

Cyber Trends

Cyber attacks push corporate fraud to all-time high (Financial Times) Information theft overtakes the appropriation of physical assets for the first time on record

The Internet of Things: What Could Go Wrong (Barron's) The Internet of Things: What could go wrong—and which companies stand to gain.

UK 'Most Well-Prepared' European Nation for GDPR (Infosecurity Magazine) Study finds UK well ahead of other European nations, but legal experts err on side of caution


Huawei's latest attempt to enter U.S. worries lawmakers — but Canada doesn't share its concern (CBC News) Two of America's closest partners have embraced the Chinese phone maker, making national security claims hard to gauge.

CrowdStrike performs distribution U-turn (CRN) End-point security vendor now pursuing one-tier channel model in Europe

Products, Services, and Solutions

Security distributor Progress to launch SOC service for cash-strapped resellers (CRN) Many VARs can't afford the upfront investment to become MSSPs, according to Progress CEO John Quinn

Cryptomathic first to undergo new eIDAS Certification for Remote Qualified Electronic Signatures (Global Security Mag Online) Cryptomathic announces that it is a eSignature solution provider in Europe to receive a certification ticket for the new Common Criteria certification process for eIDAS compliant Qualified Signature Creation Devices (QSCDs).

An App That Encrypts Your Photos From Camera to Cloud (WIRED) Pixek, an end-to-end encrypted photo app, could point to the future of searchable cloud data storage.

PolySwarm | Cyber Threat Intelligence Enabled by the Blockchain (ChipIn) PolySwarm ICO Review: Utilizing blockchain to decentralize threat response in a cybersecurity warzone called the digital world

Want to Avoid the Scourge of Malware on your Android? Try the F-Droid App Store (WIRED) Opinion: Yale Privacy Lab researchers argue that the scourge of trackers in Android apps means users should find a new app store.

Technologies, Techniques, and Standards

Here’s how to make sure Hawaii’s missile warning fiasco isn’t repeated (Ars Technica) Hawaii Emergency Management Agency made changes, but a system redesign may be necessary.

Nations Seek the Elusive Cure for Cyberattacks (New York Times) Securing the world from these types of attacks will be on the agenda when many of the world’s top leaders gather at the World Economic Forum in Davos this week.

Hey American business, here's how to use blockch ... sorry - we've been shut down (Register) NIST delays advice and is very, very sorry about 2013 crypto SNAFU

Seoul eyes ban on digital signature certificates (Korea Herald) The South Korean government on Monday decided to push for the abolishment of the uniformly used digital signature certificates system and switch to other authentication methods to create a more user-friendly internet environment. The abolition of the digital signature certificates was included in the government’s plans to “push for hyperconnectivity of intelligence innovation” designed to improve capabilities of d...

GDPR: Whose problem is it anyway? (Help Net Security) Compounding matters, the scope and complexity of GDPR extends beyond cyber security, requiring equal involvement from legal and IT teams.

Escape future ransomware attacks by leveraging the right technology (Help Net Security) Devising a ransomware defense plan isn’t easy. If you’re wondering where and how to start, here’s a short cheat sheet on a few security mechanisms that are especially helpful.

90% of Gmail users could improve their security easily, but don’t (Naked Security) There’s something alarming about the world’s one billion regular Gmail users – barely any have turned on two-step verification.

How To Keep Yourself Safe During Online Gaming (HackRead) Are you into online gaming? Then below are the six key steps to help keep yourself safe when gaming online.

Unlocked: The hidden love note on the grave of America's first crypto power-couple (Register) BAAAB AABBB AAAAA BAAAA AABAA ABBAB ABBAA BAAAA AABAA AAABB AAABB ABAAA BAABA

Design and Innovation

Why Customer Security is an Essential Part of Customer Experience (Customer Think) For physical businesses, it is essential to keep your business premises in order and protect it from thieves and other unwanted intruders. This is not just to protect your business, but to help you serve your customers better without hassles or disruptions.

3 futuristic ways the Air Force could improve electronic warfare (C4ISRNET) A new request for information highlights three ways the Air Force is looking to bolster its electronic warfare capabilities for the long-term.


Educators and Industry Share Outlooks on Cyber (SIGNAL Magazine) Public-private partnerships will be key to the nation's success in cybersecurity.

Legislation, Policy, and Regulation

Army Boss Warns UK Falling Behind Russia on Cyber (Infosecurity Magazine) Army Boss Warns UK Falling Behind Russia on Cyber. More investment needed, says Nick Carter

Containing Russia, Again (Foreign Affairs) The United States cannot stand by when an adversary not only adopts an agenda of countering U.S. influence throughout the world but also strikes directly at the heart of American democracy.

National Defense Authorization Act – CyberSecurity planing required (CyberDB) In mid-December 2017, the White House signed the $700 billion National Defense Authorization Act bolstering established cyber programs

Japan turns to NATO for improving cyber-defense (Asia Times) Japan continues to deepen strategic cooperation with the North Atlantic Treaty Organization.

A government shutdown is unlikely to affect the nation's internet security (Mashable) The U.S. government may shutdown at midnight on Friday, but this will likely have little to no effect on the nation's all-important cybersecurity activities.

In speech, Mattis explains his cyber concerns (Fifth Domain) Secretary of Defense James Mattis discussed a reorganization within the department in a speech at Johns Hopkins University.

Microsoft sees need for regulation, laws for AI advances (Information Management) The firm is trying to get out in front of the challenges expected to arise, such as job losses and everyday citizens who may be hurt or disadvantaged by malfunctioning or biased algorithms.

Security fears spark crackdown on Chinese tech (TheHill) The federal government is taking steps to reduce the presence of some Chinese technology firms in American markets.

Netanyahu turns down meeting with Russian cybersecurity head linked to US hack (Times of Israel) Citing schedule restraints, Prime Minister's Office says premier 'must decline' Eugene Kaspersky's request for sit-down at Davos World Economic Forum this week

Opponents Vow to Continue the Fight after Trump Reauthorizes Domestic Spying Law (Threatpost) There is "a glimmer of light" despite the Senate's move to reauthorize Section 702 of the Foreign Intelligence Surveillance Act, says the ACLU.

Litigation, Investigation, and Law Enforcement

Twitter begins emailing the 677,775 Americans who took Russian election bait [Updated] (Ars Technica) Also raises official count of Russia-linked accounts, talks detection tools.

Twitter to tell 677,775 people they interacted with Kremlin-linked trolls (CNNMoney) Twitter will inform nearly 700,000 people in the U.S. that they either followed a Kremlin-linked troll account, or retweeted or liked a tweet sent by one of the accounts, the social media company said Friday.

‘Fake News’: Wide Reach but Little Impact, Study Suggests (New York Times) Before the 2016 election, those most likely to read “fake news” online were older and conservative, a new study finds. But even they relied most often on mainstream media.

Crackas with Attitude' hacker posed as CIA Chief to access secret data (HackRead) Remember the infamous Crackas with Attitude (CWA) hacking group? It turns out its founder Kane Gamble posed as CIA chief and stole secret documents.

British teenager hacked top ranking US officials using social engineering (Help Net Security) How did British teenager Kane Gamble, who at the time was only 15 years old, manage to break into email accounts of the CIA and DNI chiefs, as well as gain access to a number of sensitive databases and plans for intelligence operations in Afghanistan and Iran? The answer is social engineering.

British 15-year-old gained access to intelligence operations in Afghanistan and Iran by pretending to be head of CIA, court hears (Telegraph) A 15-year-old gained access to plans for intelligence operations in Afghanistan and Iran by pretending to be the head of the CIA to gain access to his computers, a court has heard.

The incredible things con artist did during US cyber attacks (Leicester Mercury) Kane Gamble targeted the FBI, CIA and the White House

Naval intelligence officer sold military secrets to Russia for $3,000 a month (The Globe and Mail) Sub-Lieutenant Jeffrey Deslisle pleads guilty to espionage which lasted for roughly five years

AMD, Apple Sued Over CPU Vulnerabilities (Security Week) Apple and Advanced Micro Devices (AMD) are also facing class action lawsuits following the disclosure of critical CPU vulnerabilities that affect billions of devices.

FBI did not save officials’ texts during key period in Trump probe, senator says (Washington Post) The five-month gap ended the same day Robert S. Mueller III was appointed special counsel over the Russia probe, according to a letter sent Sunday to FBI Director Christopher A. Wray.The five-month gap ended the same day Robert S. Mueller III was appointed special counsel over the Russia probe, according to a letter sent Sunday to FBI Director Christopher A. Wray.

NSA failed to preserve some data related to surveillance court case: report (TheHill) The National Security Agency (NSA) deleted data related to surveillance operations despite promises to preserve the data, according to a new report.

Man Admits to DDoS-ing Employers, Competitors (Security Week) A New Mexico man admitted in court this week to launching distributed denial of service (DDoS) attacks against the websites of former employers, business competitors, and public services.

“Give me a job or else!” approach fails to land IT job (Naked Security) Sending an application letter to your prospective employer is a good idea, an extortion letter, not so much

'Jeopardy!' champ hacked accounts of college president, vice president ( As a result, Jass had a document "that consisted of notes and comments and 'problems'" regarding faculty members, told the state police, according to the report, obtained this week through a Freedom of Information Act request.

Jail for man who launched DDoS attacks against Skype, Google, and... (HOTforSecurity) A British man has been sentenced to two years in jail after admitting to a series of computer crime offences, which included over 100 attempts to knock the likes of Google, Skype and Nintendo’s popular video game Pokemon Go offline. 21-year-old Alex Bessell pleaded...

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

DistribuTECH (San Antonio, Texas, USA, January 23 - 25, 2018) The 15-track conference brings industry thought leaders from all over the world opportunities to network, share knowledge and problem solve with worldwide utilities and product and service providers. Among...

CYBERTACOS (Arlington, Virginia, USA, January 24, 2018) CYBERTACOS is back and becoming one of the DC metro area’s biggest cybersecurity networking events! Register today and join us for networking, food and drinks. This event includes a 45-minute meet the...

ATARC Federal CISO Summit (Washington, DC, USA, January 25, 2018) This educational, one-day symposium will discuss the security challenges faced by Federal Chief Information Security Officers and examine the lessons learned and best practices used to secure the information...

Connected Medical Device and IoT Security Summit (Baltimore, Maryland, USA, January 25 - 26, 2018) We are at a critical juncture in Healthcare. As an industry, we must combat these threats in multiple dimensions and on many fronts. The Summit will bring together healthcare, medical device, and security...

CyberUSA (San Antonio, Texas, USA, January 29 - 30, 2018) The CyberUSA Conference will be held in San Antonio, TX at the Henry B. Gonzalez Convention Center on Tuesday, January 30, 2018. A welcome reception will be held on the evening of Monday, January 29, 2018.

Women in Data Protection, Securing Medical Devices and Health Records (Washington, DC, USA, February 9, 2018) Join some of the top cyber and privacy professionals as they talk about the landscape of the medical device and electronic health records market. They will also talk about the dangers to patients' health...

Security Titans (Scottsdale, Arizona, USA, February 23, 2018) Security Titans is a ground-breaking event, bringing the biggest names in Information Security together - all in one day, on a single stage to give the nation's cyber security industry access to the very...

European Cybersecurity Forum – CYBERSEC Brussels (Brussels, Belgium, February 27, 2018) CYBERSEC Forum is an unique opportunity to meet and discuss the current issues of cyber disruption and ever-changing landscape of cybersecurity related threats. Our mission is to foster the building of...

Insider Threat Program Management With Legal Guidance Training Course (Herndon, Virginia, USA, March 6 - 7, 2018) The course will cover current regulations like National Insider Threat Policy NITP and NISPOM Conforming Change 2, and more. The course will provide the ITP Manager and Facility Security Officer with the...

SINET ITSEF 2018 (Silicon Valley, California, USA, March 7 - 8, 2018) Bridging the gap between Silicon Valley and the Beltway. SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.