skip navigation

More signal. Less noise.

How are companies actually using machine learning for threat intelligence?

Artificial intelligence, and in particular machine learning, has seen huge strides in recent years and is now impacting all aspects of society and business. Learn the four ways machine learning is powering smarter threat intelligence with Recorded Future's latest white paper. Download your copy now.

Daily briefing.

Bitdefender describes a new Internet-of-things (IoT) botnet, "Hide 'N' Seek" (or simply HNS). HNS is marked by its rapid spread, growing from twenty-seven-hundred to more than twenty-four-thousand devices over the last two days. Its infection mechanism is the same as Reaper's, but researchers discern no other connection between the two botnets.

HNS's rapid spread is enabled by a decentralized peer-to-peer mechanism that will complicate any takedowns. Other botnets have used P2P communications, but they've relied upon an existing BitTorrent protocol. HNS uses a custom system. Once installed, HNS's capabilities include code execution, data exfiltration, and interference with device operation. Effectively every infected device serves as a command-and-control server, a file server, and a jumping-off point for further infection. Bitdefender thinks HNS has the hallmarks of an attack prepared by an unusually sophisticated threat actor.

Initial coin offerings (ICOs) appear to be losing about ten percent of their value to hacking and fraud.

Bell Canada disclosed a data breach affecting about one-hundred-thousand customers.

Observers would like to see evidence from Ontario transit outfit Metrolinx that it was hit by North Korean hackers.

At Davos, British Prime Minister May doubles down on her crypto-skeptic position in the cryptowars.

Olympic-related hacking didn't end with the first doxing wave earlier this month. Fancy Bear has released documents stolen from the International Luge Federation. The hackers claim the documents reveal doping violations. Fancy Bear, generally identified with Russia's GRU military intelligence organization, has been upset over the International Olympic Committee's sanctioning of the Russian team.


Today's issue includes events affecting Canada, China, Democratic Peoples Republic of Korea, Latvia, Russia, Singapore, United Kingdom, United States.

Is your security team equipped to make the very best tactical decisions?

Conducting business in another country and need to know more about international business laws? Want to know some of the biggest threats to the 2018 Winter Olympics or North Korea’s cyber capabilities? You need finished intelligence…from the experts. Join LookingGlass’ Sr. Director of Investigation and Analysis, Olga Polishchuk and Jonathan Tomek, Sr. Director of Research on February 20 @ 2PM ET, as they discuss what your security team needs to make more effective business decisions.

In today's podcast, we talk with our partners at WebRoot, as David DuFour from WebRoot offers his outlook on where ransomware is going this coming year. Our guest,  Malcolm Harkins from Cylance, has some interesting reflections on India's very large Aadhaar data breach.

Cyber Security Summits: February 13 in Silicon Valley & Atlanta on February 28 (Silicon Valley, California, USA, February 13, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Darktrace, IBM and more. Register with promo code cyberwire50 for half off your admission (Regular price $350)

Cyber Attacks, Threats, and Vulnerabilities

Russia-linked hacker group claims release of documents from International Luge Federation (TheHill) New evidence of Fancy Bear targeting 2018 Olympics.

This unusual new IoT botnet is spreading rapidly via peer-to-peer communication (ZDNet) Hide 'N Seek botnet has gone from 12 devices to 24,000 devices in just days.

New HNS IoT Botnet Has Already Amassed 14K Bots (BleepingComputer) A new botnet is growing around the world, feeding off unsecured IoT devices, mainly IP cameras, and getting ready to do some harm.

DDoS Attacks Evolve, Remain a Potent Threat (Security Boulevard) Reports from multiple security vendors show that DDoS attacks grew in number in 2017. HTTP attacks and SYN DDoS attacks in particular increased.

Twitter Accounts of US Media Under Attack by Large Campaign (McAfee Blogs) A campaign purportedly carried out by hacker group “Ayyildiz Tim” targeting high-profile, verified Twitter accounts appears to have escalated

Skype, Slack and Other Popular Windows Apps Vulnerable to Critical Framework Bug (Threatpost) The team behind the popular open-source framework Electron warns a remote code execution flaw could compromise user privacy.

ICO funded projects hit by 100 cyber attacks a month: report (Reuters) Projects which raise funds through "initial coin offerings" (ICOs) are attacked by cyber criminals 100 times a month on average, a report said, underscoring the risks of investing in cryptocurrency ventures online.

Crypto ICOs Lose 10% of Funds to Hackers (Infosecurity Magazine) Crypto ICOs Lose 10% of Funds to Hackers. Ernst & Young report warns phishing is number one risk

ICO protection: Key threats, attack tools and safeguards (Help Net Security) ICO protection is becoming paramount. Group-IB has analyzed the basic information security risks for the cryptoindustry and compiled a rating of key threats to an ICO.

Ransomware as a Service (SANS Internet Storm Center) Hunting on the dark web is interesting to find new malicious activities running in the background. Besides the classic sites where you can order drugs and all kind of counterfeited material, I discovered an interesting website which offers a service to create your own ransomware!

More than 600 blacklisted Bitcoin Apps found across official app stores, RiskIQ investigation reveals (RealWire) The world’s top app stores are hosting 661 blacklisted Bitcoin apps which leave users open to hackers, a new investigation by digital threat management leader RiskIQ today reveals

Ransomware Actors Cut Loose on Health Care Organizations (Dark Reading) An attack on Allscripts last week that knocked out EHR services to 1,500 clients is the third reported incident just this month.

Security flaw in Moto G5 Plus allows anyone to bypass lockscreen (HackRead) A critical security flaw or bug in Motorola Moto G5 Plus lets anyone easily bypass the lockscreen without going through the authentication process.

Flaws found in popular personal panic buttons could render them useless (ZDNet) And yet there's been nothing but silence from the companies.

Serious ‘category one’ cyberattack not far off – warns security chief (Naked Security) Britain’s National Cyber Security Centre’s Ciaran Martin has warned it’s only a matter of time before the UK suffers a category one (C1) cyberattack.

Bell Canada Suffers Customer Data Breach (Infosecurity Magazine) Names and email addresses of up to 100,000 customers accessed

Expect More Cybersecurity 'Meltdowns' (BankInfo Security) Technology giants are still struggling to identify what's at risk from the Spectre and Meltdown flaws in modern CPUs, never mind getting working security updates into users' hands. In the meantime, expect a rush by researchers to find more flaws in microprocessor code.

Dark web Dream Market drives cyber fraud industry ( An international operation shut down the AlphaBay and Hansa marketplaces in July 2017, but new ones have sprung up on the dark web, with one in particular helping to drive cyber fraud.

Major GTA Transit Company Targeted in North Korea Cyber Attack (Insauga) In news you definitely don’t hear every day, it appears that massive Ontario transit company Metrolinx successfully thwarted a cyber attack carried out by North Korean hackers.A recent CTV news article reports that a team of counter (or “ethical”) hackers at the provincial transit agency detected and addressed malware before any damage was done.

Metrolinx briefly considered halting transit service after North Korean cyberattack (CTV Toronto) Upon learning of an attempted cyberattack from North Korea, a source tells CTV News Toronto that Metrolinx’s CEO briefly considered shutting down transit service while they tackled the threat.

Blaming North Korea for a cyberattack? Show your work (CBC News) Attribution is hard, which is why security experts want to see evidence to back up the claim by an Ontario transit agency that it was hit by a North Korean cyberattack.

An Anonymous YouTube Video Has Started a Battle in the Secretive Secure Phone Industry (Motherboard) "Secure phone" companies are fighting with each other after someone posted a video claiming to hack one of the devices.

Security Patches, Mitigations, and Software Updates

Multiple Vulnerabilities in Mozilla Firefox Could Allow for Arbitrary Code Execution (MS-ISAC) Multiple vulnerabilities have been discovered in Mozilla Firefox and Firefox Extended Support Release (ESR), the most severe of which could allow for arbitrary code execution.

Apple Backports Meltdown Patch to Older macOS Versions (BleepingComputer) On January 23, 2018, Apple released a third set of updates for macOS that backported previous Meltdown patches to older versions of the macOS operating system.

Reddit rolls out 2-factor authentication for users (Help Net Security) The 234 million or so unique Reddit users are finally getting the option of setting up 2-factor authentication for their account(s).

​Spectre flaw: Dell and HP pull Intel's buggy patch, new BIOS updates coming (ZDNet) Dell and HP have pulled Intel's firmware patches for the Spectre attack.

Cyber Trends

Wake-Up Call: The Time to Secure the IoT is Now – Safe and Savvy Blog by F-SecureF-SecureBurgerYouTubeFacebookTwiiterF-Secure (Safe and Savvy Blog by F-Secure) For the first time in the thirteen year history of the World Economic Forum’s Global Risk Report, cyber security has made the top five of the survey of likely global risks -- and it shows up twice.

Pinning Down the IoT: Cyber Security Research Institute report into the Internet of Things (F-Secure) In its current form the Internet of Things (IoT) represents a considerable threat to consumers, due to inadequate regulations regarding its security and use.

Ted Koppel warns power grid cyber attack more likely than nuclear threat (The Beach Reporter) Legendary news anchor Ted Koppel told a packed house at the Redondo Beach Performing Arts Center Monday night that the United States should be much more concerned about the “monumental

The next cyber arms race is in artificial intelligence (Fifth Domain) The Army’s drone operations got its AI upgrade after the military contracted with Stryke Industries and their sub-contractor Scorpion Computer Services, the Army announced this month.

Apple’s Tim Cook doesn’t want his nephew on social media (Naked Security) Apple’s CEO is the latest of a string of high-tech bigwigs to confess to holding social media at arm’s length.

Security technologies have not kept pace with changing business systems, says Thales (Computing) Data breaches are increasing as businesses embrace IoT and the cloud without understanding how to protect themselves

Unintended consequences: How decentralisation can help cybersecurity reinvent itself (International Business Times UK) Steve Bassi of Polyswarm explains how the network can quickly build micro-engines to tackle emerging threats, and be rewarded in cryptocurrency.

Shark Tank's Robert Herjavec On AI, Ambient Computing, Cybersecurity, And Edward Snowden (Forbes) In his day job, entrepreneur and investor Robert Herjavec works hard to prevent security breaches. At least when he's not investing in ugly sweaters, hand-held breathometers, or books that turn into lights on ABC's hit entrepreneurship and investment show, Shark Tank.

Charity and Business GDPR Awareness Remains Low (Infosecurity Magazine) 80% of large businesses have heard of GDPR, and 27% have made changes to how they operate in response


Over-regulation, terrorism, cyber threats keep global CEOs up at night (Newburgh Gazette) Nearly nine in 10 United Kingdom bosses are optimistic about their organisation's growth prospects in 2018, in line with their global counterparts, with nearly all expecting revenue to increase.

Team8 Portfolio Company Hysolate Launches out of Stealth and Raises $8 Million to Re-invent the Endpoint (Yahoo! Finance) Team8 portfolio company Hysolate, inventor of a disruptive hybrid endpoint architecture, announced today its launch out of stealth along with the public launch of its first product and the raising of $8 million, led by cybersecurity foundry Team8 and Eric Schmidt's Innovation Endeavors.

Alphabet unveils business unit devoted to cyber security (Reuters) Alphabet Inc launched a new business unit on Wednesday that will sell cyber security software to Fortune 500 companies, the latest move by the parent of Google to become a big player in corporate computing.

Chronicle: A Meteor Aimed At Planet Threat Intel? (KrebsOnSecurity) Alphabet Inc., the parent company of Google, said today it is in the process of rolling out a new service designed to help companies more quickly make sense of and act on the mountains of threat data produced each day by cybersecurity tools.

BRIEF-Thales forms joint venture in field of cybersecurity for cars (Reuters) Thales, through its German company Sysgo, and Vector, the Stuttgart-based specialist for automotive embedded electronics, form joint venture

Lockheed Martin's Orlando unit scoops up $34M cybersecurity contract (Orlando Business Journal) With nearly every major device, vehicle and weapon having a type of computer or online capability, cybersecurity continues to be a major concern for the U.S. military. But a local defense firm is working to ward off malicious activity.

Microsoft secures mammoth security deal with the NHS (CRN) Agreement will see Microsoft secure over 1.5 million NHS machines

Cylance’s Dayton: ‘We Want Partners to Be The Heroes’ (Channel Partners) Channel Partners recently sat down with Didi Dayton, VP of worldwide channels and alliances at Cylance. The endpoint security provider sells exclusively through the channel and posted impressive 283 percent revenue growth over the past year on $11.1 million in sales. It was ranked No. 10 on Deloitte’s 2017 Technology Fast 500 list, and its technology is deployed on more than 10 million endpoints.

Singtel creates Global Cyber Security portfolio, appoints Arthur Wong as CEO (Digital News Asia) Communications technology company has identified cyber-security as a key emerging growth driver.

IntSights Cyber Intelligence Appoints Itay Kozuch as Director of Threat Research (PR Newswire) IntSights Cyber Intelligence, a leading provider of surface, deep and...

Facebook replaces artificial intelligence head; buys ID verification startup (VCCircle) Social media giant Facebook has replaced its artificial intelligence division head Yann LeCun with IBM veteran and former CEO of AI startup BenevolentAI Jerome Pesenti. Pesenti will take over the c…

IntSights Cyber Intelligence Appoints Itay Kozuch as Director of Threat Research (PR Newswire) IntSights Cyber Intelligence, a leading provider of surface, deep and...

Products, Services, and Solutions

Comodo protects five universities from new malware that steals data (Comodo News and Internet Security Information) Comodo protects five universities from new malware that steals data. Know about malware is detected by Comodo products and more.

Expanded contract for Sectra Tiger secure crypto telephones from Dutch ministries (Sectra) The Dutch Ministry of the Interior has renewed and expanded its contract for secure communications with Sectra (STO: SECT B).

FoxGuard Solutions Provides Patch and Update Solution for Energy Delivery Systems (PR Newswire) FoxGuard Solutions is excited to be presenting our collaborative...

Top five cloud security applications for infosec pros (SearchCloudSecurity) There are numerous cloud security applications that security professionals find helpful. Here is a look at the top uses for the cloud from a security perspective.

Bromium Now Provides Application Isolation for Citrix XenServer 7.3 (Security Boulevard) Bromium now supports Citrix XenServer 7.3 nested virtualization with superior performance. Use application isolation to stop common attack vectors that layered defenses miss. Real-time, high-fidelity alerts trigger the Bromium Sensor Network to provide extended protection. XenServer is an open source platform for cost-effective application, desktop, cloud, and server virtual infrastructures. When Bromium is used for The post Bromium Now Provides Application Isolation for Citrix XenServer 7.3 appeared first on Bromium.

Technologies, Techniques, and Standards

WEF launches Global Centre for Cybersecurity (GulfNews) The centre will become operational from March

The importance of encryption in complying with Australia’s Privacy Amendment Act (Security Boulevard) November 2017 saw one of Australia’s biggest ever data breaches, in which sensitive personal information regarding almost 50,000 consumers and...

Compliance in a World of Dissolving Network Boundaries (CSO Online) As network boundaries dissolve, staying compliant requires focusing on the intersection of people and data.

Third Party Risks To Enterprise In A Post Equifax World (Information Security Buzz) Subhead: When everyone’s data has been breached, how do you confirm employees are who they say they are? In the aftermath of the Equifax breach in which millions of people’s Personally Identifiable Information (PII) was stolen, everyone from press to the Senate has been focused on the customers. From a consumer perspective, many still don’t …

How to Set Up and Implement DMARC Email Security (eSecurity Planet) Curious about DMARC? Learn how to set up a basic DMARC email security policy, including SPF and DKIM, in this eSecurity Planet tutorial.

PCI DSS Adds Standard for Software-based PIN Entry (Dark Reading) Software-Based PIN Entry on COTS (SPoC) standard supports EMV contact and contactless transactions with PIN entry on merchant mobile devices.

Avoiding the Epidemic of Hospital Hacks (Dark Reading) Lessons learned about cyber hygiene from inside one of America's highest ranked medical institutions.

DISA announces new tools to manage system risk (Defense Systems) The service product packages are designed to ease compliance with the Risk Management Framework.

Cyber vigil needs to be part of company culture; here is why (The Financial Express) As the Fourth Industrial Revolution opens up unprecedented business opportunities, it also increases the inevitability of a cyber attack, and businesses need to be prepared.

Hawaii Gov. couldn’t flag false missile alert on Twitter – didn’t know password (Naked Security) Two words, governor: password manager.

The Activist Developer Who Helps Journalists Protect Data and Sources (Motherboard) Harlo Holmes helps journalists learn how to use the anonymous whistleblower platform SecureDrop and how to stay safe online.

Research and Development

Professor receives $3.6 million grant to support cybersecurity retrofitting | Penn State University (Pennsylvania State University) Across all sectors and industry, including the government and military, legacy software remains critically important, but increasingly difficult, to maintain. A new grant to support reverse engineering software has been received by faculty in the College of Information Sciences and Technology.


VU Course Aims to Boost Cyber Security (Inside Indiana Business) Vincennes University says new curriculum being offered this fall to high school students enrolled in its dual credit programs will help enhance cyber security in Indiana. The Certified Secure Compu...

Legislation, Policy, and Regulation

Telegram and social media giants spanked in UK PM’s Davos speech (TechCrunch) Social media giants have once again been singled out for a high profile public spanking over social responsibility and illegal online content in Europe.

Darktrace comments on the World Economic Forum cyber security report (Cambridge Network) Cyber security is on the agenda for the World Economic Forum (WEF) in Davos, Switzerland, today. Emily Orton, Co-Founder and CMO at Darktrace, comments on the WEF cyber security report.

How the World Swung - and Missed - in Attempting to Reach Consensus in Cyberspace | LookingGlass (LookingGlass Cyber Solutions Inc.) On a global level, cyberspace has grown increasingly complex. Specifically, nations remain at an impasse in attempting to develop a set of standards to det, January 24, 2018

U.S. Sanctions Weapon is Under Threat — But Not From Bitcoin (Foreign Policy) Forget cryptocurrencies. The real threat to American sanctions power is rapid technological innovation in finance.

Antivirus firm Kaspersky Lab ‘ruled by Russian spies’ (Times) Kaspersky Lab, which makes software used by hundreds of thousands of Britons, is controlled by Russian intelligence and has accessed the confidential files of at least one UK company, according to...

The Huawei smartphone hysteria (AEI) As readers of this blog know, I have called for a harder line against growing Chinese mercantilist protection.

Financier Is Top Choice to Advise President on Intelligence Matters (Foreign Policy) Trump has finally picked members for a key intelligence advisory board, and billionaire Stephen Feinberg is slated to head it.

Pompeo: 'Reckless' to keep CIA saddled with too much bureaucracy ( One year into his role, CIA Director Mike Pompeo says about 40 percent of the decisions previously made at the director level are no longer made by him.

Navy’s top intel officer to retire (C4ISRNET) Vice Adm. Jan Tighe, the Navy’s director of intelligence, has submitted her retirement paperwork, a spokesman for the service told C4ISRNET.

NY Governor Signs Order Requiring Net Neutrality From State ISPs (New York Law Journal) New York Gov. Andrew Cuomo has signed an executive order requiring the state to do business only with internet service providers who adhere to net neutrality principles. Travis LeBlanc the former FCC enforcement bureau chief who is now a partner at Boies Schiller Flexner said states will likely decide the future of net neutrality.

NSA Deletes “Honesty” and “Openness” From Core Values (The Intercept) The spy agency has quietly altered the mission statement on its website, removing a series of commitments.

Mission & Values (National Security Agency) Read about NSA's mission and values.

AT&T’s Push For A Fake Net Neutrality Law Begins In Earnest (Motherboard) AT&T wants an "internet bill of rights" that will enshrine a world without net neutrality.

Litigation, Investigation, and Law Enforcement

House Democrats call on FBI, DOJ to investigate potentially fake comments submitted to four federal agencies (Washington Examiner) “The practice of manipulating agency actions by flooding rulemaking dockets with fake comments is far more widespread than it appeared when...

Chuck Grassley concerned DOJ, FBI lost ability 'to do their jobs free from partisan political bias' (Washington Examiner) Speaking from the Senate floor, the Iowa Republican said he is concerned about “the loss of faith in the ability” of the DOJ and FBI “to do...

Biden: Russian election meddling issue 'tricky as hell' (CNN) Joe Biden defended the Obama administration's response to intelligence indicating Russian interference in the 2016 US elections, calling the matter "tricky as hell" during a discussion at the Council on Foreign Relations Tuesday afternoon.


'A grave threat': Lawmaker sounds alarm over security clearance process (ABC News) Cummings complained that the White House has refused to share information about the security clearances it has granted to executive employees.

Judge Urges Action to Curb 'Overbroad' Digital Search Warrants (New York Law Journal) Overbroad search warrants for digital evidence are “all too common” in New York are often green-lighted by busy judges who are focused on processing motions and are the product of a system based on outdated statutes a Manhattan judge said in a ruling to suppress warrants for evidence in a murder case.

Triumph for Twitch over the viewbots (Graham Cluley) A US court has ruled in the favour of videogame-streaming service Twitch against two bot-makers who sold a service to artificially inflate Twitch channels' number of viewers and fans.

Three Armed Men Attempted to Rob a Bitcoin Exchange In Canada (Motherboard) One suspect was arrested, two remain on the lam.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

ATARC Federal CISO Summit (Washington, DC, USA, January 25, 2018) This educational, one-day symposium will discuss the security challenges faced by Federal Chief Information Security Officers and examine the lessons learned and best practices used to secure the information...

Connected Medical Device and IoT Security Summit (Baltimore, Maryland, USA, January 25 - 26, 2018) We are at a critical juncture in Healthcare. As an industry, we must combat these threats in multiple dimensions and on many fronts. The Summit will bring together healthcare, medical device, and security...

CyberUSA (San Antonio, Texas, USA, January 29 - 30, 2018) The CyberUSA Conference will be held in San Antonio, TX at the Henry B. Gonzalez Convention Center on Tuesday, January 30, 2018. A welcome reception will be held on the evening of Monday, January 29, 2018.

Legal CIO (New York, New York, USA, January 31 - February 1, 2018) LegalCIO: Formerly the Law Firm Chief Information and Technology Officers Forum, combines cutting-edge updates on legal technologies with the chance to exchange practical guidance and discuss daily challenges...

Women in Data Protection, Securing Medical Devices and Health Records (Washington, DC, USA, February 9, 2018) Join some of the top cyber and privacy professionals as they talk about the landscape of the medical device and electronic health records market. They will also talk about the dangers to patients' health...

Security Titans (Scottsdale, Arizona, USA, February 23, 2018) Security Titans is a ground-breaking event, bringing the biggest names in Information Security together - all in one day, on a single stage to give the nation's cyber security industry access to the very...

European Cybersecurity Forum – CYBERSEC Brussels (Brussels, Belgium, February 27, 2018) CYBERSEC Forum is an unique opportunity to meet and discuss the current issues of cyber disruption and ever-changing landscape of cybersecurity related threats. Our mission is to foster the building of...

Insider Threat Program Management With Legal Guidance Training Course (Herndon, Virginia, USA, March 6 - 7, 2018) The course will cover current regulations like National Insider Threat Policy NITP and NISPOM Conforming Change 2, and more. The course will provide the ITP Manager and Facility Security Officer with the...

SINET ITSEF 2018 (Silicon Valley, California, USA, March 7 - 8, 2018) Bridging the gap between Silicon Valley and the Beltway. SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.