A ZingBox report exposes a possible connection between the Mirai botnet and the notorious (and for the most part now incarcerated) skids at Lizard Squad, well-known for their attacks on gaming systems and for their LizardStressor distributed denial-of-service (DDoS) service. (One connection is their common use of Ukrainian hosting service Blazingfast.)
A serious DDoS attack against the Dutch revenue service and several of the country's major banks began over the weekend and continued into yesterday. Investigators have linked Russian servers to the campaign.
Users of IOTA cryptocurrency were successfully robbed of some $4 million by an unusually patient criminal who set up a malicious seed site that assigned users predictable seeds-an eighty-one-character seed necessary to create a wallet. Once this was done, the criminal ("Norbertvdberg") phished to land users in his site. On January 19 Norbertvdberg used the logs he'd accumulated over six months of operation to empty the users' IOTA wallets. His site is now closed, and he is on the lam. It's worth noting that a DDoS attack on IOTA network nodes occurred at the time Norbertvdberg was looting the wallets. The attack seems to have been misdirection, a common use of DDoS.
In a setback for HM Government, the High Court in London ruled the Snooper's Charter unlawful. The surveillance law had been challenged by a Labour MP.
The Coincheck hack is thought likely to spur more regulation of cryptocurrency exchanges.
The US House Intelligence Committee voted to release its classified staff memo on alleged surveillance abuses.
Today's issue includes events affecting China, France, Israel, Japan, Netherlands, Philippines, Russia, Ukraine, United Kingdom, United States.
A note to our readers: All of you who talk to Alexa at home can now add the CyberWire to your Flash Briefing. Move it to the top of your news using the Settings in your Alexa App. Then you can just say "Alexa, what's my Flash Briefing?" to hear your CyberWire Daily summary. Enjoy.
Implement these seven cybersecurity best practices for 2018.
Is your organization prepared for the threat landscape of 2018? In this article, ObserveIT takes a look at seven cybersecurity best practices—ranging from preparing for GDPR to testing backup systems to leveling up user training—that will better prepare you for everything from spearphishing to insider threats. Rather than dwell on the past, take stock of where your organization stands today and put these best practices in place, and you’ll be well-prepared for the coming year.
Researchers Connect Lizard Squad to Mirai Botnet(SecurityWeek) Lizard Squad and Mirai, which are responsible for a series of notorious distributed denial of service (DDoS) attacks, are connected to one another, a recent ZingBox report reveals.
Kaseya Virtual System Administrator(eSentire Managed Detection and Response) eSentire has observed an unknown threat actor attempting to deploy a Monero cryptocurrency miner to multiple eSentire customers. We assess with high confid...
Seasons Greetings? Not When That’s Malware In Your e-Card(Security Boulevard) Over Christmas, one of our customers was hit by a Trojan and they asked us to take a look at the threat. Sixteen of their users were fooled into opening a Word document. Fortunately, they had Bromium, so it safely ran inside a micro-VM and was unable to affect their host or their intranet. Seasons The post Seasons Greetings? Not When That’s Malware In Your e-Card appeared first on Bromium.
Wireless Working, Part II: Why cyber criminals love free WiFi(Canadian Underwriter) Free WiFi offered at coffee shops, hotels and airports should pique the interest of brokers – and not just because brokers and their clients can work remotely in these locations for free. The technology does not come risk-free. WiFi technology…
Digital Extortion: A Forward-looking View(TrendLabs Security Intelligence Blog) In 2017, we saw digital extortion increasingly become cybercriminals’ first and foremost money-making modus operandi. It’s mostly due to ransomware — cybercriminals’ currently most popular weapon of choice, helping them in extorting cash from users all over the world and in hitting big businesses and organizations.
Data breaches exposed 179 million records in 2017(San Diego Union Tribune) Data breaches reached a new high of 1,579 and exposed almost 179 million records in 2017 according to a report last week by the Identity Theft Resource Center and CyberScout.
Six Hot Cybersecurity Certifications for 2018(GoCertify) Skilled cybersecurity professionals will continue to be in high demand in 2018. Certification can give you an edge. These six credentials will help you sharpen your skills and be ready to compete for top jobs.
Threat Intelligence: Putting It All Together(Recorded Future) Today we launch Recorded Future Fusion — a new product providing centralization, collaboration, and customization of threat intelligence to create the only complete solution on the market.
Check Point debuts Infinity Total Protection(IT-Online) Check Point Software Technologies has announced Infinity Total Protection: a revolutionary security consumption model that enables enterprises to prevent Gen V cyberattacks.
No Silver Bullet for GDPR Compliance (Infosecurity Magazine) The challenge for many of us is that we may not easily be able to afford the range of skills we need for a GDPR compliance team.
What is a security data lake?(Help Net Security) A security data lake is a specialized data lake. A security analyst could certainly pull from a generic data lake built for multiple applications, but several things would prove more difficult.
Coincheck Hack May Spur Regulation, P2P Trading(PYMNTS.com) Following the theft of $530 million in NEM tokens from Coincheck last week, governments will likely call for more cryptocurrency regulation and investors may turn to peer-to-peer (P2P) methods of trading instead of centralized exchanges, Bloomberg reported. “The latest theft will have two immediate effects: more regulation by authorities over exchanges and more recognition of ...
Getting Intelligence Reform Right This Time: New Threats Bring New Opportunities(Just Security) The United States’ belated realization that foreign powers can wreak havoc on the American political process is already prompting discussions of how to thwart future interference directed at subverting democracy. Invariably the Intelligence Community (IC) and the broader U.S. national security enterprise will become
Trump security team sees building U.S. 5G network as option(Reuters) President Donald Trump's national security team is looking at options to counter the threat of China spying on U.S. phone calls that include the government building a super-fast 5G wireless network, a senior administration official said on Sunday.
House Intel votes to make Nunes memo public(TheHill) The House Intelligence Committee on Monday evening voted to make public a GOP-crafted memo alleging what some Republicans say are “shocking” surveillance abuses at the Department of Justice (DOJ).
MY TAKE: What ace-in-the-hole does Devon Nunes have that McCarthy would have loved?(Security Boulevard) When Russian botnet controllers deployed their bots on yet another social media blitz last week, they participated in a campaign that took a page from Sen. Joseph McCarthy’s play book, On Feb. 9, 1950, at the height of the Cold War, McCarthy infamously brandished a list of what he claimed were 57 subversive communists who
Chinese Company Sinovel Wind Group Convicted of Theft of Trade Secrets(US Department of Justice) A manufacturer and exporter of wind turbines based in the People’s Republic of China was convicted today of stealing trade secrets from AMSC, a U.S.-based company formerly known as American Superconductor Inc., announced Acting Assistant Attorney General John P. Cronan of the Justice Department’s Criminal Division and U.S. Attorney Scott C. Blader for the Western District of Wisconsin.
Social media firms told to crack down on grooming(Times) Ministers have been urged to force social media companies to crack down on online grooming after police revealed that they have investigated more than 1,300 allegations of children being targeted...
Cowardice allows Muslim extremism to thrive(Times) The scale of Britain’s problem with Islamic extremism has been graphically illustrated by what happens to Muslims who fight it. St Stephen’s is a secular state primary school in a largely Pakistani...
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Legal CIO(New York, New York, USA, January 31 - February 1, 2018) LegalCIO: Formerly the Law Firm Chief Information and Technology Officers Forum, combines cutting-edge updates on legal technologies with the chance to exchange practical guidance and discuss daily challenges...
Cyber Security Summit: Silicon Valley(San Jose, California, USA, February 13, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts.
Security Titans(Scottsdale, Arizona, USA, February 23, 2018) Security Titans is a ground-breaking event, bringing the biggest names in Information Security together - all in one day, on a single stage to give the nation's cyber security industry access to the very...
European Cybersecurity Forum – CYBERSEC Brussels(Brussels, Belgium, February 27, 2018) CYBERSEC Forum is an unique opportunity to meet and discuss the current issues of cyber disruption and ever-changing landscape of cybersecurity related threats. Our mission is to foster the building of...
SINET ITSEF 2018(Silicon Valley, California, USA, March 7 - 8, 2018) Bridging the gap between Silicon Valley and the Beltway. SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment...
PCI Security Standards Council Middle East and Africa Forum(Cape Town, South Africa, March 14 - 15, 2018) Don’t miss the data security event of the year for the payment card industry. Join us for: networking opportunities, updates on industry trends, insights and strategies on best practices, engaging keynotes...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.