Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
November 26, 2018.
A CyberWire Daily News Briefing redesign is coming.
We'll soon be rolling out a new format for our email. We've redesigned it the better to avoid falling into spam traps or becoming enmeshed in the array of anti-phishing measures enterprises increasingly deploy. You've seen some of these changes already with our addition of inline links to our summary.
When the redesign is complete, you'll see fewer links to suggested reading in the email itself. That selected reading will remain present in its entirety on our website, posted as always with the appropriate Daily News Briefing. We hope you'll find the new format more user-friendly. We'll announce the date of the rollout as it approaches. And, as always, thanks for subscribing and reading.
By The CyberWire Staff
The US Trade Representative has taken official notice of higher rates of Chinese hacking as trade tensions intensify (Fifth Domain). Such hacking is widely regarded as placing China in breach of the Obama-Xi agreement to cut back industrial espionage (National Law Review).
The US is urging its allies, on security grounds, to steer clear of Huawei (Wall Street Journal).
Emotet ramped up phishing attacks last week. Black Friday spam delivered malicious XML files with .doc extension (WeLiveSecurity).
Microsoft has fixed the Outlook 10 patches that were causing system crashes (ZDNet).
In the UK, Parliament is increasing pressure on Facebook (Washington Post).
The city of Beijing plans to bring each of its 22-million citizens under a "social credit" system, aggregating and scoring each individual's actions and reputation. If you've been good and are well-thought-of, life will be easier. If not, you'll be "unable to move a step." The capital city's program is the forerunner of one envisioned for the country as a whole, a kind of mark of the Beast as reconceptualized for Big Data (Bloomberg).
General Igor Korobov, director of Russia's GRU since 2016, has died at the age of 62 after what the Defense Ministry called "a long and serious illness." His deputy, Vice-Admiral Igor Kostyukov, who’s commanded Russian forces in Syria and filled in for General Korobov during his illness, will serve as interim director (BBC).
The US Army, drawing lessons from participation in JTF Ares, works to push tailored cyber capabilities down to brigade level (Fifth Domain).
Today's issue includes events affecting China, European Union, Germany Iran, Israel, Japan, Republic of Korea, Lebanon, NATO/OTAN, Russia, Saudi Arabia, Syria, United Arab Emirates, United Kingdom, United States.
How to Budget for Insider Threat Management, Proactively
According to a Ponemon Institute study, 34% of cybersecurity professionals said a lack of budget was a major barrier to effective insider threat management. So, how do you ask for the budget you need to proactively detect and stop insider threats? The latest guide from ObserveIT gives you the in-depth information you need to ask for a dedicated insider threat line item in your cybersecurity budget. Download The Guide to Budgeting for Insider Threat Management today.
Cyber Security Summit: November 29 in Los Angeles(Los Angeles, California, United States, November 29, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The CIA, The City of Los Angeles, Verizon, CenturyLink and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com
Rapid Prototyping Event: The Turing Test(Columbia, Maryland, United States, December 11 - 13, 2018) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Prototyping Event in which participants implement an automated process to interact with a Microsoft Windows machine just as a human user may do with the goal being to fool a human judge who is monitoring target computers via Remote Desktop Protocol (RDP) or Virtual Network Computing (VNC) into thinking a normal user is interacting with that machine and not an automated program or process.
Britain is wide open to cyber-attack(Times) About three years ago an employee at the Prykarpattyaoblenergo control centre in Ukraine was going through some papers at his desk when he noticed that his computer was running through the steps to...
CEE countries particularly at risk from cyber attack(Emerging Europe) A new report from the international law firm CMS has revealed that despite well over 100 separate cyber incidents being recorded across 18 CEE countries last year, less than a quarter of these have resulted in government or regulatory action. The Cybersecurity Challenge in Central and Eastern Europe published by CMS together with Legal Week Intelligence, examines how …
Russian hacker resurgence after midterms(TheHill) Russian hackers are back in the spotlight after the U.S. midterm elections, carrying out a widespread campaign that targeted the federal government, media outlets and think tanks.
Five Year Old Bug Spawns Router Botnet Monster(Hackaday) In the news has been yet another router botnet. [Hui Wang] and [RootKiter] of 360Netlab announced their discovery of what they call the “BCMUPnP_Hunter” rootkit. They estimate this botn…
The US Postal Service exposed data of 60 million users(TechCrunch) A broken U.S. Postal Service API exposed more than 60 million users and allowed a researcher to pull millions of rows of data by sending wildcard requests to the server. The resulting security hole has been patched after repeated requests to the USPS. The USPS service, called InformedDelivery, allo…
Half of all Phishing Sites Now Have the Padlock(KrebsOnSecurity) Maybe you were once advised to “look for the padlock” as a means of telling legitimate e-commerce sites from phishing or malware traps. Unfortunately, this has never been more useless advice
I knew about Soros smear firm, says Facebook chief(Times) Sheryl Sandberg has changed her account of how much she knew about a PR firm that Facebook recruited to conduct smear campaigns against opponents. The chief operating officer of the social media...
Tech giants offer empty apologies because users can’t quit(TechCrunch) A true apology consists of a sincere acknowledgement of wrong-doing, a show of empathic remorse for why you wronged and the harm it caused and a promise of restitution by improving ones actions to make things right. Without the follow-through, saying sorry isn’t an apology, it’s a hollow ploy for f…
European privacy search engines aim to challenge Google(AP NEWS) In the battle for online privacy, Google is a U.S. Goliath facing a handful of European Davids. The backlash over Big Tech's collection of personal data offers new hope to a number of little-known search engines that promise to protect user privacy. Sites like Britain's Mojeek, France's Qwant, Unbubble in Germany and Swisscows don't track user data, filter results or show "behavioral" ads.
Are we chasing the wrong zero days?(Help Net Security) Zero days became part of mainstream security after the world found out that Stuxnet was used to inflict physical damage on an Iranian nuclear facility.
China In Breach Of Cyber-Security Pact(The National Law Review) It has been a fairly turbulent week in the cyber-espionage space following accusations that China’s Ministry of Security Services is behind the surge of intellectual property theft from Australi
NATO’s Cyber Operations Center – Will Russia Feel Threatened?(CyberDB) According to recent reporting, the North Atlantic Treaty Organization (NATO) announced that its Cyber Operations Center (COC) is expected to be fully staffed and functional by 2023. The new COC marks NATO’s understanding of the importance that cyberspace plays in conflict, particularly in times of political tensions that has resulted in cyber malfeasance that has …
Get Out Of My Face, Get Out of My Home: The Authoritarian Tipping Point(Forbes) We have all the necessary technology to go beyond Orwell's dystopian authoritarian predictions in his novel 1984: surveillance cameras, face recognition, digital assistants and AI analytics. We just need is a tipping point to create a powerful authoritarian regime that could control our every move.
Washington Asks Allies to Drop Huawei (Wall Street Journal) The U.S. government has launched an outreach campaign to foreign allies to persuade wireless and internet providers to shun telecom equipment from China’s Huawei.
US ‘reveals how Tehran funds Hezbollah’s terror’(Times) Iran funnelled “hundreds of millions” of US dollars through Russia and Syria to Middle East terrorists in a scheme masterminded by the director of a company that was registered in Britain...
The Cyber Security Summit: Los Angeles(Los Angeles, California, USA, November 29, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.
IEEE WIE Forum USA East(White Plains, New York, United States, November 29 - December 1, 2018) IEEE WIE Forum USA East 2018 focuses on developing and improving leadership skills for individuals at all stages of their careers. Attendees will have the opportunity to hear inspirational and empowering...
Securing Digital ID 2018(Alexandria, Virginia, USA, December 4 - 5, 2018) As an increasing number of transactions move online and are mobile-enabled, the conference will explore today’s complex world of digital identities and how they are used for strong authentication and remote...
First Annual Maryland InfraGard Cybersecurity Conference(College Park, Maryland, USA, December 5, 2018) InfraGard is a partnership between the FBI and members of the private sector. The InfraGard program provides a vehicle for seamless public-private collaboration with government that expedites the timely...
International Cyber Risk Management Conference(Hamilton, Bermuda, December 6 - 7, 2018) Now in its fourth year in Canada, the International Cyber Risk Management Conference (ICRMC) has earned a reputation as one of the world’s most trusted cyber security forums. We are proud to bring ICRMC...
2018 Cloud Security Alliance Congress(Orlando, Florida, USA, December 10 - 12, 2018) Today, cloud represents the central IT system by which organizations will transform themselves over the coming years. As cloud represents the future of an agile enterprise, new technology trends, such...
Wall Street Journal Pro CyberSecurity Executive Forum(New York, New York, USA, December 11, 2018) The WSJ Pro Cybersecurity Executive Forum will bring together senior figures from industry and government to discuss how senior executives can best prepare for hacking threats, manage breaches, and work...
National Cyber League Fall Season(Chevy Chase, Maryland, USA, December 15, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.