skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

A CyberWire Daily News Briefing redesign is coming.

By the end of next week we'll have completed a new design for our email, the better to avoid falling into spam traps or becoming enmeshed in the array of anti-phishing measures enterprises increasingly deploy. You've seen some of the changes already with our addition of inline links to our summary.

When the redesign is complete, you'll see fewer links to suggested reading in the email itself. That selected reading will remain present in its entirety on our website, posted as always with the appropriate Daily News Briefing. We hope you'll find the new format more user-friendly. We'll announce the date of the rollout as it approaches. And, as always, thanks for subscribing and reading.

Hotel-chain Marriott disclosed this morning that data belonging to about 500 million guests over the last four years have been illicitly accessed. Attackers have been in the company’s Starwood guest reservation database since 2014. The brands affected included more than just “Marriott:” W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton and Design Hotels were all hit.

Starwood, acquired by Marriott in 2015, disclosed a smaller breach shortly after the acquisition closed. (KrebsOnSecurity).

Most of the affected guests, around 375 million of them, lost data that included contact information (name, address, phone number, email address) passport number, Starwood Preferred Guest account information, date-of-birth, and gender. An undisclosed number of guests also lost paycard information (ZDNet).

Another breach in the hospitality industry hit Dunkin’ Donuts, which sustained a credential-stuffing attack that yielded details of customers’ DD Perks loyalty accounts (HackRead). The hackers didn’t compromise Dunkin Donuts’ own systems, but merely tried credentials they’d gained in other, unrelated attacks on various third-parties. Dunkin’ Donuts discovered the issue at the end of October and strongly urge that its customers reset their passwords (and not reuse them across different accounts). There’s a brisk black market trade in all varieties of loyalty points on the dark web, and DD Perks points have been a staple in the souks for some time (Motherboard).

Fancy Bear is making another run at Germany's government: Bundestag, Bundeswehr, and embassies (Spiegel).


Today's issue includes events affecting Brazil, China, European Union, France, Germany, Democratic Peoples Republic of Korea, Lebanon, Russia, Turkey, Ukraine, United Arab Emirates, United Kingdom, United States.

How to Budget for Insider Threat Management, Proactively

According to a Ponemon Institute study, 34% of cybersecurity professionals said a lack of budget was a major barrier to effective insider threat management. So, how do you ask for the budget you need to proactively detect and stop insider threats? The latest guide from ObserveIT gives you the in-depth information you need to ask for a dedicated insider threat line item in your cybersecurity budget. Download The Guide to Budgeting for Insider Threat Management today.

In today's podcast, out later this afternoon, we speak with our partners at Dragos, as Robert M. Lee discusses the very notion of IoT hot water heaters taking down the power grid. Our guest is Michele Guel from Cisco, who offers her perspective as a pioneering woman in the industry.

Rapid Prototyping Event: The Turing Test (Columbia, Maryland, United States, December 11 - 13, 2018) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Prototyping Event in which participants implement an automated process to interact with a Microsoft Windows machine just as a human user may do with the goal being to fool a human judge who is monitoring target computers via Remote Desktop Protocol (RDP) or Virtual Network Computing (VNC) into thinking a normal user is interacting with that machine and not an automated program or process.

Cyber Attacks, Threats, and Vulnerabilities

Kampagne "Snake": Neue Hackerattacke auf Politiker, Bundeswehr und Botschaften (SPIEGEL ONLINE) Die Sicherheitsbehörden haben nach SPIEGEL-Informationen einen neuen Hackerangriff auf Abgeordnete, Botschaften und die Bundeswehr entdeckt. Die Spur führt erneut nach Russland.

Germany detects new cyber attack by Russian hacker group -Spiegel (Reuters) Germany detects new cyber attack by Russian hacker group -Spiegel

Accenture: Russian hackers using Brexit talks to disguise phishing lures (Cyberscoop) A notorious Russian hacking group tried to exploit the latest flurry of Brexit-related news to spread malware to unsuspecting victims, according to a report from Accenture released Thursday. APT28, which Accenture refers to as SNAKEMACKEREL, used a malware-laced Microsoft Word document that appeared to be about the United Kingdom’s planned separation from the European Union to try breaching a wide variety of targets’ systems, researchers said.

New PowerShell-based Backdoor Found in Turkey, Strikingly Similar to MuddyWater Tools (TrendLabs Security Intelligence Blog) We analyze delivery documents and malicious backdoors seen in Turkey, which are similar to known tools from cybercriminal group MuddyWater.

Water and Energy Sectors Through the Lens of the Cybercriminal Underground (TrendLabs Security Intelligence Blog) In our research Exposed and Vulnerable Critical Infrastructure: Water and Energy Industries, we found exposed HMIs and how these systems were at risk.

US, allies face cyber threats from Iran (Gulf News) Hackers could re-emerge again to gain infrastructure access into organisations

Cyber attack group targets UAE and Lebanese government officials (The National) Experts warn of need for tighter security to deal with growing threat as suspects try to access police and telecoms regulator systems

Brazilian Financial Malware Spreads Beyond National Boundaries (SecurityWeek) A detailed analysis from security researchers shows how Brazilian financial malware is spreading beyond national boundaries to attack banks in Spanish-speaking countries through South and Latin America, and Portugal and Spain in Europe.

57m Americans’ details leaked online by another misconfigured server (Naked Security) Misconfigured Elasticsearch servers spilled personal details on 57 million Americans, said reports this week.

Zoom Conferencing App Exposes Enterprises to Attacks (SecurityWeek) Potentially serious vulnerability affecting the Zoom conferencing application can allow an attacker to hijack screen controls, spoof chat messages, and kick attendees off a session

Sennheiser discloses monumental blunder that cripples HTTPS on PCs and Macs (Ars Technica) Poorly secured certificate lets hackers impersonate any website on the Internet.

Marriott says 500 million Starwood guest records stolen in massive data breach (TechCrunch) Starwood Hotels has confirmed its hotel guest database of about 500 million customers has been stolen in a data breach. The hotel and resorts giant said in a statement filed with U.S. regulators that the “unauthorized access” to its guest database was detected on or before September 10 …

Marriott: Data on 500 Million Guests Stolen in 4-Year Breach (KrebsOnSecurity) Hospitality giant Marriott today disclosed a massive data breach exposing the personal and financial information on as many as a half billion customers who made reservations at any of its Starwood properties over the past four years.

Marriott Hit by Massive Data Breach: 500 Million Starwood Customers Impacted (SecurityWeek) Marriott International warned that data on roughly 500 million customers staying at Starwood hotel properties had been compromised in a cyberattack that gave unknown attackers access to the Starwood network since 2014.

Marriott Says Up to 500 Million Affected by Starwood Breach (Wall Street Journal) Marriott, the world’s largest hotel company, said it identified a data breach in its Starwood reservation system that may have exposed personal information of up to 500 million guests.

500 million customers affected in massive Marriott hack (Computing) The records of 500 million customers of Marriott Hotel Group have been leaked in a huge data breach, with payment details included

Industry reactions to the enormous Marriott data breach (Help Net Security) Here are reactions from industry leaders about the 500 million guests who made a reservation at a Starwood property are affected by Marriott data breach.

Starwood Reservation Database Security Incident (Kroll) Marriott has taken measures to investigate and address a data security incident involving the Starwood guest reservation database. This site has information concerning the incident, answers to guests’ questions and steps you can take.

Urban Massage exposed a huge customer database, including sensitive comments on its creepy clients (TechCrunch) Urban Massage, a popular massage startup that bills itself as providing “wellness that comes to you,” has leaked its entire customer database. The London, U.K.-based startup — now known as just Urban — left its Google-hosted ElasticSearch database online without a password, allowing any…

Massage app exposes users (Naked Security) Popular massage-booking app Urban left its database wide open.

Your Dunkin’ Donuts account may have been hacked ( The New England coffee chain said hackers obtained usernames and passwords from security breaches at other companies and used them to log into their app, DD Perks.

Dunkin Donuts Perks loyalty data breach: Change your password (HackRead) Dunkin Donuts says it has suffered a data breach in which customer data of its DD Perks loyalty program may have been stolen – The DD Perk is a reward program for the company’s regular customers.

Dunkin’ Donuts Loyalty Points Accounts Are Dirt Cheap on the Dark Web (Motherboard) This week Dunkin’ Donuts announced hackers had broken into customers’ loyalty accounts. So what happens to them once hackers have a wad of loyalty points?

Kaspersky Warns Malware Is Being Reinvented With A Crypto Focus ( Malware is increasingly crypto-oriented and easy to produce, says a new report from Kaspersky Lab. What’s worse, cryptojacking programs are going undetected on home and company PCs.

Driver loses his car to hackers. TWICE. (Naked Security) He slapped a tracker on the new one and installed CCTV… which did a fine job of recording the thieves’ 90-second-long relay attack.

Security Patches, Mitigations, and Software Updates

Cisco Patches SQL Injection Flaw in Prime License Manager (SecurityWeek) Cisco has fixed a vulnerability in the web framework code of Cisco Prime License Manager that could allow an attacker to execute arbitrary SQL queries.

Hackers can exploit this bug in surveillance cameras to tamper with footage (ZDNet) Researchers have uncovered a vulnerability which can be used to completely compromise surveillance cameras and feeds.

Cyber Trends

Protecting People: A Quarterly Analysis of Highly Targeted Cyber Attacks (Proofpoint) Discover the Q3 2018 cybersecurity threat report. Proofpoint examined which employees receive the most threats, how they are being attacked, then outlined steps to build a defense.

Information Security Forum Forecasts 2019 Global Security Threat Outlook (PR Newswire) The Information Security Forum (ISF), the trusted source that senior security professionals and board members turn to...

McAfee Labs 2019 Threats Predictions Report (McAfee Blogs) Our predictions for 2019 move away from simply providing an assessment on the rise or fall of a particular threat, and instead focus on current rumblings we see in the cybercriminal underground that we expect to grow into trends and subsequently threats in the wild.

Security firm predicts hackers will increasingly use AI to help evade detection in 2019 (TheHill) Hackers will increasingly turn to artificial intelligence to help them evade detection as they carry out their online criminal activities, according to a cybersecurity firm's 2019 forecast.

The Internet Is Going To End Up Like Greece (Foreign Policy) When the big players get away with open fraud, trust disintegrates.


Google Shut Out Privacy and Security Teams From Secret China Project (The Intercept) Google executives ignored internal warnings about their censored China search plan and theatened employees would be fired if they spoke out.

Where Are the Corporate Patriots? (FDD) The U.S. military needed a small vessel that could transport troops and equipment from large oceangoing ships onto the beach. It was the late 1930s and Andrew Jackson Higgins, a small-boat builder in...

Ensuring the UK Cybersecurity Profession Retains a Hotbed of Talent (Infosecurity Magazine) We need to hire efficiently, create champions in the workplace and look at how cybersecurity qualifications are designed

Would you hire a former hacker? (Computing) A panel of experts at Computing's recent Enterprise Security & Risk Management conference argue whether it's a good idea to hire a former black hat for an enterprise security role

Veterans Find New Roles in Enterprise Cybersecurity (Dark Reading) Facebook and Synack create programs to educate vets and grow employment opportunities while shrinking the cybersecurity talent gap.

Venafi Lands $100M Of Funding To Boost Machine Identity Protection (CRN) Some $12.5 million of the proceeds will be made available to third-party developers as part of a new fund focused on build integrations that deliver more visibility, intelligence and automation for Venafi customers

Cyber Favorites: Lockheed and Raytheon (Cyber Favorites: Lockheed and Raytheon) Once the market plunge runs its course I think the most successful cyber security stocks will recover and resume their advances, suggests J

McCain’s staff director to lead strategy for Silicon Valley tech firm, Anduril (Defense News) Former Senate Armed Services Committee staff director Christian Brose will become the head of strategy for Anduril Industries.

Suzanne Spaulding, Former DHS Under Secretary, Joins Nozomi Networks (GlobeNewswire News Room) Former DHS cyber security leader becomes advisor to help drive education, innovation, and adoption of solutions that can protect critical infrastructure and industrial organizations from cyber threats.

Products, Services, and Solutions

Exabeam Announces Smart Timelines and a Single User Interface to End ‘Swivel Chair’ Incident Response (Exabeam) Allows security teams to detect, investigate and respond to critical threats faster and more effectively   SAN MATEO,[...]

STANLEY Security Achieves SOC 2 Certification for Sixth Consecutive Year (STANLEY Convergent Security Solutions, Inc) STANLEY Security was named a winner of the Innovative Product Awards at the 2018 Global Security Exchange (GSX) in Las Vegas for STANLEY IntelAssure™.

IBM QRadar Advisor with Watson expands knowledge of cybercriminal techniques (Help Net Security) IBM QRadar Advisor with Watson can help arm analysts of all levels with the knowledge needed to better respond to the threats they're facing.

Gemalto unveils cloud access management enhanced for smart card users (Help Net Security) SafeNet Trusted Access supports smart card credentials access for cloud apps and brings PKI technology to cloud and digital transformation initiatives.

HID Global releases Crescendo Mobile smart card (Help Net Security) HID Global's Crescendo Mobile smart card utilizes digital certificates on users’ mobile devices for client authentication.

MITRE Changes the Game in Security Product Testing (Dark Reading) Nonprofit has published its first-ever evaluation of popular endpoint security tools - measured against its ATT&CK model.

Cisco Offers Cyber Training to UK Police Officers (Infosecurity Magazine) Cisco Offers Cyber Training to UK Police Officers. Over 100,000 officers will gain access to Cisco Network Academy

Technologies, Techniques, and Standards

CrowdStrike CEO on political infosec lessons learned (Q&A) (The Parallax) CrowdStrike CEO George Kurtz shares his perspectives on political-hacking topics ranging from chatbot-seeking AI to security-inept campaign volunteers.

Here's how the private sector wants to fight botnets (Cyberscoop) In an effort protect internet denizens from coordinated, automated cyberattacks, an industry group released an "International Anti-Botnet Guide."

How to beat back botnets (POLITICO) 2019 cyber predictions galore — House approves bill to study IoT

Threat Hunting: Improving Bot Detection in Enterprise SD-WANs (Dark Reading) How security researchers tracked down Kuai and Bujoi malware through multiple vectors including client type, traffic frequency, and destination.

What will forces need in complex EW environment? (C4ISRNET) Top U.S. military officials outlined what is needed to defeat sophisticated adversaries on future battlefields.

Enemy air defenses make electronic warfare a higher priority (C4ISRNET) The United States will need systems to counter advanced enemy air defense systems.

The fundamentals of network security and cybersecurity hygiene (Help Net Security) Getting document permissions and user authentication right goes a long way to ensuring proper organizational security and safeguard data.

How We Detected a Real Empire Exploit Attack During a POC (Security Boulevard) The post describes an attack that was carried out during a POC at a customer site and handled by the SentinelOne Agent and Vigilance service

Blind spots and how to see them: Observability in a serverless environment (Help Net Security) Relinquishing infrastructure control to a provider creates a new set of risks for both development and security teams, including several major blind spots.

A Little Chaos Now and Then is the Best Test for Resilience (Infosecurity Magazine) How Chaos engineering and testing can work for you.

Legislation, Policy, and Regulation

Information security crucial for safeguarding interests of individual and state (Belarus News) Information security is becoming crucial for the realization of balanced interests of individuals, society and the state, Vladimir Archakov, Deputy State Secretary of the Security Council of Belarus, said at the conference.

Trump cancels Putin talks over Ukraine (BBC News) The US president scraps a meeting with his Russian counterpart following a rise in tensions off Crimea.

A decade after Russia hacked the Pentagon, Trump unshackles Cyber Command (POLITICO) Architects of the newest U.S. military command offer rare insights into its origins and mission.

Exclusive: Fearing espionage, U.S. weighs tighter rules on Chinese... (U.S.) The Trump administration is considering new background checks and other restrict...

GCHQ’s not-so-smart idea to spy on encrypted messaging apps is branded ‘absolute madness’ (TechCrunch) Nobody wants to be a third wheel. Unless you’re a British spy. Two of the most senior officials at British eavesdropping agency GCHQ say one way that law enforcement could access encrypted messages is to simply add themselves to your conversations. “It’s relatively easy for a serv…

Analysis | The Cybersecurity 202: Rosenstein to tech companies: Police yourselves or face regulation (Washington Post) The deputy attorney general also called for "responsible encryption."

When does ‘responsible encryption’ equal surveillance? (Fifth Domain) Speaking at Georgetown University Nov. 29, Deputy Assistant Attorney General Rod Rosenstein urged private firms to undertake “responsible encryption” in devices.

House passes SMART IoT Act (FCW) The bill would require the Commerce Department to study the state of internet of things and any existing regulations in the area.

House Democrats Just Sent A Third Letter To Amazon Asking About The Company’s Facial Recognition Software (BuzzFeed News) After a BuzzFeed News report about Amazon’s facial recognition pilot in Florida, seven House Democrats are asking questions about the technology’s accuracy.

Lawmakers say Amazon’s facial recognition software may be racially biased and harm free expression (TechCrunch) Amazon has “failed to provide sufficient answers” about its controversial facial recognition software, Rekognition — and lawmakers won’t take the company’s usual silent treatment for an answer. The letter, signed by eight lawmakers — including Sen. Edward Markey and Reps. Jo…

Litigation, Investigation, and Law Enforcement

U.S. Files Suit to Seize Assets Tied to Alleged North Korean Money Laundering (Wall Street Journal) Companies based in Singapore, Hong Kong and China helped launder more than $3 million on behalf of blacklisted North Korean banks, U.S. authorities have said in a civil lawsuit they filed, seeking to seize the funds.

French official on N Korea spying charges (BBC News) Senate administrator Benoît Quennedey is suspected of "supplying information to a foreign power".

Google’s “deceitful” location tracking is against the law, say 7 EU groups (Naked Security) Seven European consumer organizations are planning to submit a complaint about Google’s location tracking activities to their data protection authorities.

‘Individual 1’: Trump emerges as a central subject of Mueller probe (Washington Post) Investigators have evidence that Trump was in close contact with his lieutenants as they reached out to Moscow and WikiLeaks — and that they attempted to conceal their activities.

Police spend second day searching Deutsche Bank headquarters (Reuters) Police searched Deutsche Bank's headquarters in Frankfurt for a second day ...

Sheryl Sandberg Is Said to Have Asked Facebook Staff to Research George Soros (New York Times) Facebook’s second in command wanted an examination of the billionaire’s financial ties after he delivered a blistering speech about tech companies, said people with knowledge of her request.

Facebook's Bikini App Lawsuit Is Getting Really Ugly (WIRED) It’s an international he said, he said showdown where somehow every party looks bad.

Federal team finds no intrusion on Maryland election systems (AP NEWS) A U.S. Department of Homeland Security team has found no evidence of intrusion on Maryland's election system. A report on the analysis by Hunt and Incident Response Team from the National Cybersecurity and Communications Integration Center was made public Thursday at a Maryland State Board of Elections meeting. Maryland officials had asked for an evaluation after learning in July about a transaction between a venture fund with Russian ties and a company involved in the state's election infrastructure.

DoJ charges Autonomy founder with fraud over $11BN sale to HP (TechCrunch) U.K. entrepreneur turned billionaire investor Mike Lynch has been charged with fraud in the U.S. over the 2011 sale of his enterprise software company. Lynch sold Autonomy, the big data company he founded back in 1996, to computer giant HP for around $11 billion some seven years ago. But within a y…

Judge Refutes SEC’s Claim on Blockvest ICO Token Being a Security, Will Go to Trial (BitcoinExchangeGuide) The crypto world received a surprising win from the U.S. justice system today. Earlier this week, a California judge slapped down an SEC attempt to classify an ICO token as a security. U.S. Distric…

Gang sentenced for installing card skimmers on gas pumps & stealing data (HackRead) On Wednesday, a group of ten individuals including the head of the group received a total of 30 years sentence. The group was involved in installation of card skimmers on gas pumps across five states in the US including main cities of Northeast Ohio.

39 Arrested in Tech Support Scam Crackdown: Microsoft (Dark Reading) Law enforcement officials in India raided 16 call center locations that conned primarily American and Canadian victims.

Victims enrolled in OPM's identity protection service are covered through June, agency says (Federal News Network) Individuals enrolled in the Office of Personnel Management's free identity protection service don't need to take action while recompetes its existing contract over the next six months. OPM's existing contract was supposed to expire on Dec. 31, 2018.

Floyd Mayweather fined $600,000 for undisclosed cryptocurrency plugs (Ars Technica) The boxing champ endorsed Centra, whose founders now face federal fraud charges.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Mid-Atlantic Collegiate Cyber Defense Competition (Laurel, Maryland, USA, March 28 - 30, 2019) The Mid-Atlantic Collegiate Cyber Defense Competition (MACCDC)—presented by the National CyberWatch Center—is a unique experience for college and university students to test their knowledge and skills...

Digital Utilities Europe 2019 (London, England, UK, May 8 - 9, 2019) Following three successful editions of ACI’s Digital Utilities Europe Summit, the 4th edition will be taking place in London, United Kingdom on 8th-9th May 2019. The conference will bring together key...

Transport Security Congress (Washington, DC, USA, May 14 - 15, 2019) The Transport Security Congress brings together business and security leaders from all sectors of passenger and goods transportation to discuss solutions to the evolving security and safety risk landscape.

GovSummit (Washington, DC, USA, June 26 - 27, 2019) GovSummit -- the government security conference hosted annually by the Security Industry Association -- brings together government security leaders with private industry technologists for top-quality information...

Upcoming Events

IEEE WIE Forum USA East (White Plains, New York, United States, November 29 - December 1, 2018) IEEE WIE Forum USA East 2018 focuses on developing and improving leadership skills for individuals at all stages of their careers. Attendees will have the opportunity to hear inspirational and empowering...

Securing Digital ID 2018 (Alexandria, Virginia, USA, December 4 - 5, 2018) As an increasing number of transactions move online and are mobile-enabled, the conference will explore today’s complex world of digital identities and how they are used for strong authentication and remote...

First Annual Maryland InfraGard Cybersecurity Conference (College Park, Maryland, USA, December 5, 2018) InfraGard is a partnership between the FBI and members of the private sector. The InfraGard program provides a vehicle for seamless public-private collaboration with government that expedites the timely...

International Cyber Risk Management Conference (Hamilton, Bermuda, December 6 - 7, 2018) Now in its fourth year in Canada, the International Cyber Risk Management Conference (ICRMC) has earned a reputation as one of the world’s most trusted cyber security forums. We are proud to bring ICRMC...

2018 Cloud Security Alliance Congress (Orlando, Florida, USA, December 10 - 12, 2018) Today, cloud represents the central IT system by which organizations will transform themselves over the coming years. As cloud represents the future of an agile enterprise, new technology trends, such...

Wall Street Journal Pro CyberSecurity Executive Forum (New York, New York, USA, December 11, 2018) The WSJ Pro Cybersecurity Executive Forum will bring together senior figures from industry and government to discuss how senior executives can best prepare for hacking threats, manage breaches, and work...

National Cyber League Fall Season (Chevy Chase, Maryland, USA, December 15, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.