skip navigation

More signal. Less noise.

AT&T Cybersecurity Insights Report: Security at the Speed of 5G

AT&T Cybersecurity teamed up with 451 Research to survey organizations on their 5G security plans. Download today and see organizations’ 5G cybersecurity preparedness responses followed by gap analysis on what’s possibly being overlooked plus recommendations for strengthening 5G security efforts.

Daily briefing.

CyberWire Pro, coming in 2020.

We're pleased to announce our new subscription program, CyberWire Pro, launching early in 2020. For cyber security professionals and others who want to stay abreast of our rapidly evolving industry, CyberWire Pro is a premium news service that will save you time as it keeps you informed. Learn more and sign up to get launch updates here.

McAfee offers some updates on the Buran family of ransomware it first described in May. Buran (that is, “Blizzard”) is widely traded in Russophone criminal souks, where it’s flacked as a “stable offline cryptoclocker, with flexible functionality and support 24/7.” The Rig exploit kit is a common delivery mechanism.

Elsewhere in the criminal-to-criminal market, Proofpoint is following “Buer,” which it describes as a new loader. Buer has been distributed through malvertising that redirects to the Fallout exploit kit; it’s also being pushed by phishing, the payload carried in malicious Word document macros. The going price for Buer is $400.

China’s Great Cannon distributed denial-of-service tool is back in battery and firing against Hong Kong dissident organizers. AT&T’s Alien Labs says that the Great Cannon, which had been relatively quiet for some months, has now been turned against LIHKG, a service widely used by protestors. The tool injects malicious Javascript into webpages behind the Great Firewall; these in turn hijack users’ connection to make repeated requests of the targeted site. LIHKG thinks it has reason to believe “a national level power” is behind the attacks.

Russian trolls have been active against public opinion in Lithuania, with an uptick in activity noticeable since early September. The target is NATO; the messaging trades on Second World War fears of Germany and Cold War fears of the US, with the now-familiar memes portraying local authorities as untrustworthy. Lithuania’s government is working against the disinformation, but is tight-lipped about specifics on opsec grounds, Nextgov reports.

Notes.

Today's issue includes events affecting Australia, China, Denmark, Iran, Democratic Peoples Republic of Korea, Lithuania, NATO/OTAN, Russia, Saudi Arabia, United Arab Emirates, United Kingdom and the United States.

Bring your own context.

A perspective on election risk.

"I am becoming less and less concerned with the actual physical mechanism of voting because, as I mentioned earlier, I think the companies are doing a pretty good job on putting in access controls to those. What I actually am getting more concerned about is what I would consider left of the voting day, and that is the hacking of the voter database rolls, hacking at the DMV because that's connected to the election system. I'm worried about phishing. I'm worried about spoofing of websites on the day of the election, producing false information or misinformation, saying that a particular polling place is closed, or there's an email that looks like it's coming from the election official giving out false information. That's really kind of what I'm starting to become more concerned about than the actual physical day of voting."

—Earl Matthews, chief strategy officer at Verodin, a FireEye company, on the CyberWire Daily Podcast, 12.3.19.

Ward heelers for the 21st Century. Some of them won't be local. And some of their intelligence will be artificial.

A recommendation to our readers.

If you're interested in space and communications (technology, policy, business, and operations), take a look at Cosmic AES Signals & Space. It offers a monthly overview of news in this sector—take a look.

Without proper context, cyber threat intelligence is useless.

The appearance of new threats and security challenges requires effective tools for their timely identification and in-depth analysis. Without proper contextualization, intelligence is completely useless. Context™ – Cyber Threat Intelligence Platform for enterprises and government agencies delivers cyber threat intelligence harvested from millions of data points from the Deep and Dark Web, combined with data science for objective and actionable insights.

In today's Daily Podcast, out later this afternoon, we speak with our partners at Dragos, as Robert M. Lee discusses the evolution of safety and security in industrial control systems. Our guest, Sean O’Brien from @RISK Technologies, describes how states and cities might prepare for election-targeted cyber attacks.

Hacking Humans is also up. In this episode, "I really wanted that shed," Joe shares the story of a woman losing her life savings to a scammer claiming to be from the FBI. Dave describes the $139 shed scam. The catch of the day is another threat to reveal compromising photos. Carole Theriault speaks with Chris Bush from ObserveIT about security threats from employee burnout.

CyberMaryland Job Fair, December 5, Baltimore. Visit ClearedJobs.Net or CyberSecJobs.com for details. (Baltimore, Maryland, United States, December 5, 2019) Cleared and non-cleared cybersecurity pros make your next career move at the free CyberMaryland Job Fair, December 5 in Baltimore. Meet face-to-face with leading cyber employers. Visit our site for more details.

CS4CA MENA returns to Dubai on 20th – 21st January 2020. Visit mena.cs4ca.com for details. (Dubai, UAE, January 20 - 21, 2020) #CS4CA MENA returns to Dubai on 20th – 21st January 2020 for an intimate and exclusive platform promoting in-depth cybersecurity knowledge and collaboration among IT & OT leaders from MENA’s Oil & Gas, Utilities, Chemicals, Aviation, Transport, Manufacturing industries.

Cyber Attacks, Threats, and Vulnerabilities

Russian Trolls Are Hammering Away at NATO’s Presence in Lithuania (Nextgov.com) A broad disinformation campaign of fake news and other tricks aims to turn the Baltic nation’s public against the alliance.

China resurrects Great Cannon for DDoS attacks on Hong Kong forum (ZDNet) Two years after the last attacks, the Great Cannon is up and running again.

China Fires ‘Great Cannon’ Cyber-Weapon At The Hong Kong Pro-Democracy Movement (Forbes) Fired from behind the Great Firewall of China, a cyber-weapon known as the “Great Cannon” has taken aim at the Hong Kong pro-democracy movement.

The Great Cannon DDoS Tool Used Against Hong Kong Protestors’ Forum (BleepingComputer) The Great Cannon Distributed Denial of Service (DDoS) tool was deployed again to launch attacks against the LIHKG social media platform used by Hong Kong protesters to coordinate during this year's anti-extradition protests.

Buer, a new loader emerges in the underground marketplace (Proofpoint) New actively marketed downloader avoids CIS countries, evades detection

Buran Ransomware; the Evolution of VegaLocker (McAfee Blogs) McAfee’s Advanced Threat Research Team observed how a new ransomware family named ‘Buran’ appeared in May 2019. Buran works as a RaaS model like other

IBM sounds alarm about more data-wiping malware from Iran (CyberScoop) IBM’s security experts said Wednesday they have uncovered previously unknown malware developed by Iranian hackers that was used in a data-wiping attack against unnamed energy and industrial organizations the Middle East.

Shades of Shamoon: New Disk-Wiping Malware Targets Middle East Orgs (Dark Reading) 'ZeroCleare' shares some of the same features as its more notorious predecessor, IBM Security says.

Oil be damned: Iran-based crooks flinging malware at Middle Eastern energy plants again – research (Register) ZeroCleare wipes up where Shamoon left off

Payment card-skimming malware targeting 4 sites found on Heroku cloud platform (Ars Technica) Why host skimmers yourself when you can abuse a service to do it for free?

Increase in attacks using Outlook flaw (SC Magazine) Organisations warned of full intrusion with just flaw and one phish - due to flaw they should have fixed and is actively used by multiple threat actors.

Ransomware attack hits major US data center provider (ZDNet) CyrusOne data centers infected by REvil (Sodinokibi) ransomware.

Bitcoin-hungry hackers ‘target major US data center firm’ with ransomware (Hard Fork | The Next Web) A prominent data center provider in the US has reportedly been hit by the Sodinokibi ransomware, which several months ago earned a hacker $287,000 worth of Bitcoin in just three days. 

''Ransomware attacks to morph into 2-stage extortion campaigns'' (Outlook India) Ransomware attacks are set to morph into two-stage extortion campaigns and criminals will exploit their extortion victims even more in 2020, cyber security company McAfee said on Thursday.

Scammers dupe Chinese venture capitalists out of $1 million with the 'ultimate' BEC heist - CyberScoop (CyberScoop) Scammers fleeced a Chinese venture capital firm out of a $1 million payment meant for a startup by using malicious emails to steal the cash, according to new findings from Check Point Technologies.

Thousands of U.S. cell phone bills exposed by Sprint contractor (TechCrunch) Customer phone bills from AT&T, Verizon, and T-Mobile were found on an exposed storage server.

New Genetec research shows almost 4 in 10 security cameras can be at risk of cyber-attack due to outdated firmware (West) Genetec primary data also shows that almost 1 in 4 organizations rely on default passwords for their security cameras

HackerOne breach lets outside hacker read customers’ private bug reports (Ars Technica) Company security analyst sent session cookie allowing account take-over.

'Ultimate' MiTM Attack Steals $1M from Israeli Startup (Threatpost) Researchers uncovers “ultimate man-in-the-middle attack” that used an elaborate spoofing campaign to fool a Chinese VC firm and rip off an emerging business.

Microsoft Issues Advisory for Windows Hello for Business (Dark Reading) An issue exists in Windows Hello for Business when public keys persist after a device is removed from Active Directory, if the AD exists, Microsoft reports.

Quick Analysis of CVE-2011-0609 Adobe Flash Player (AlertLogic) The attack makes use of a SWF file embedded inside an Excel file, which is delivered as an email attachment. The vulnerability can allow an attacker to inject and execute malicious code on a target system.

Hackers Find Ways Around a Years-Old Microsoft Outlook Fix (Wired) Microsoft patched a vulnerability in Microsoft Outlook in 2017. It hasn't slowed hackers down.

Valimail research demonstrates that email remains a weak link in U.S. election infrastructure (Valimail) As we head into the 2020 election season in the United States, a key component of the U.S. election infrastructure remains vulnerable to attack.

Online Trust Audit for 2020 Presidential Campaigns Update (Internet Society) On 7 October 2019, the Internet Society’s Online Trust Alliance (OTA) released the Online Trust Audit for 2020 U.S. Presidential Campaigns. Overall, 30% of the campaigns made the Honor Roll, and 70% had a failure, mainly related to scores for their privacy statements. As part of this process, OTA reached out to the campaigns, offering …

It’s Time for Presidential Campaigns to Embrace Mobile Security (Nextgov.com) It's not just campaigns, voters could be targeted too.

Special Report: 2020 U.S. census plagued by hacking threats, cost overruns (Reuters) In 2016, the U.S. Census Bureau faced a pivotal choice in its plan to digitize t...

Tyrone SFC final live stream was subject to 'cyber attack' (The Irish News) Tyrone's ill-fated live streaming of the county's Senior Football Championship final was sabotaged by cyber attackers, it has emerged.

Schools Data Breach: Nearly 6,000 Students' Personal Info Stolen (Wheaton, MD Patch) A data breach has compromised the personal information of nearly 6,000 Montgomery County students, according to school officials.

For Whom the Whistleblower Blows (City Journal) Edward Snowden’s new book is a self-indulgent omission of facts.

Security Patches, Mitigations, and Software Updates

HackerOne awards $20,000 bug bounty for private data access vulnerability on its own platform (ZDNet) An analyst and a cut-and-paste job resulted in a critical security problem.

OpenBSD patches authentication bypass, privilege escalation vulnerabilities (ZDNet) The open source project took less than 40 hours to develop fixes for the bugs.

Cyber Trends

The biggest cyber attack of 2020 has ‘already happened’ (TechHQ) The biggest cyber attack of 2020 has “already happened”, according to the CEO of the Chartered Institute of Information Security (CIISec).  Words from

State of the Internet (Akamai) As 2019 comes to a close, we want to thank you, our readers, for continuing to support Akamai’s State of the Internet /Security (SOTI) report.

2019 Thales Data Threat Report Financial Services Edition (Thales) Data security, starting with encryption and access management, is an important part of the mix. As data migrates away from the enterprise premises and to the cloud, network security is no longer sufficient to protect data.

Predictions About IoT and Digital Transformation in 2020 (DigiCert) This time of year, three things are almost certain. You will be tempted by all flavors of festive treats. You will wish holiday greetings to friends, family, teammates, customers and partners so often you may go hoarse (worth it!). And you will contemplate what’s going to happen in 2020. You’ve likely even made some predictions …

Mobile Scams, Sophisticated Malspam, IoT Malware and Botnets are on 2020 Prediction List from Avast Threat Experts (PR Newswire) Avast (LSE: AVST), a global leader in online security products, today announced its cybersecurity predictions for 2020 in its annual Threat...

Kaspersky sees firms’ cybersecurity budgets increasing in 2020NEX 3: The next status symbol of power and luxurious technology (Business World) A study commissioned by Internet security firm Kaspersky said security budgets among businesses, as reported by 72% of survey respondents, including the ones in Asia and the Pacific region, will further increase in 2020.

The Copenhagen Post - Danish News in English (The Post) Elsewhere, SAS struggles, baggage strike hits CPH Airport and Shanghai to get a Legoland . Business Round-Up: Majority of Danish companies have endured a cyber attack

Marketplace

Coast Guard Intel Looking for Help on Cloud (MeriTalk) The U.S. Coast Guard (USCG) is looking to leverage the cloud for its intelligence unit as the demands of cyber combat and maritime activities are pushing the unit to embrace technology, according to a request for information released November 22. Responses are due by December 20.

Swimlane Launches Level-Up Initiative with Inaugural RSA Conference Raffle to Embolden Industry Analysts (BusinessWire) Swimlane Launches Level-Up Initiative with Inaugural RSA Conference Raffle to Embolden Industry Analysts

Cyberhaven Closes $13 Million Series A Round, Unveils Data Behavior Analytics Solution (PR Newswire) Cyberhaven today announced the close of a $13 million Series A funding round and the launch of the industry's first Data Behavior Analytics...

CyberProof Announces Acquisition of Necsia Cybersecurity Division (AiThority) CyberProof Inc., a UST Global company, announced the acquisition of Necsia Cybersecurity, a leading security provider in Spain and security

F-Secure has completed restructuring (West) F-Secure has completed restructuring of operations as planned. The restructuring was estimated to result in annual cost savings of more than EUR 5 million to be achieved by the end of 2020 as originally announced on 7 October 2019. Restructuring included personnel reduction negotiations that resulted in reduction of approximately 60 full-time equivalents globally out of which approximately 25 from Finland.

HP accused of 'rearranging the deck chairs on the titanic' as pressure to negotiate with Xerox intensifies (Channelweb) Carl Icahn pressures HP shareholders to push for a deal

Google co-founders' exit could mean end of its 'open culture' (CNET) Larry Page and Sergey Brin were the most direct link to the company's freewheeling past.

Sundar Pichai faces a dizzying list of challenges as Alphabet's new boss (The Telegraph) It’s been quite a ride.

Upstream announces Dimitris Maniatis as new CEO (RealWire) Former CEO Guy Krief will join the Board of Directors London, December 4th, 2019 - Leading mobile technology company, Upstream, announces former Head of Secure-D, Dimitris Maniatis, as its new CEO

Onapsis Appoints Anshuman Kanwar as General Manager of Products and Technology (BusinessWire) Onapsis today announced the appointment of Anshuman Kanwar as general manager of products and technology.

Kenna Security Names Terry Murphy as Chief Financial Officer (West) Cybersecurity veteran tapped to scale finance, legal, and business operations amid aggressive growth

Products, Services, and Solutions

XM Cyber Announces the World's First Breach and Attack Simulation (BAS) for Hybrid Cloud Environments (PR Newswire) XM Cyber, the multi-award-winning breach and attack simulation (BAS) leader, today announced that its HaXM platform is now the first BAS...

Introducing Password Cracking Manager: CrackQ (Trustwave) Today we are releasing CrackQ, a queuing system to manage password cracking that I've been working on for about a year. It is primarily for offensive security teams during red teaming and pentesting engagements. It's an intuitive interface for Hashcat served by a REST API and a JavaScript front-end web application for ease of use.

Protect private data this holiday season with Privacy Alert | Instart (Instart) Ever wonder who sees the information you enter on a website? Privacy Alert by Instart tells you exactly what information could be stolen by hackers.

MediaPRO Security Training Certified by Texas Department of Information Resources (BusinessWire) MediaPRO, a leading provider of security and privacy awareness training, announced today that it has been named a certified provider of cybersecurity

LastPass Goes Passwordless (LogMeIn) LastPass Identity solution now provides passwordless login experience for business customers

ShiftLeft and CircleCI Strengthen DevOps Security by Inserting Code Analysis as Far Left as Developer Pull Requests (DevOps.com) New Partnership and Product Integration Delivers the Industry’s Fastest and Most Accurate Vulnerability Scanning at One of the Earliest Stages in the

Netskope Security Cloud Now Available in AWS Marketplace (Netskope) Listing enhances delivery of Netskope’s data-centric, cloud-smart, and fast platform to AWS customers LAS VEGAS – AWS re:Invent 2019 – December 3, 2019 – Netskope, a leader in cloud security, today announced the availability of Netskope Security Cloud in AWS Marketplace. Amazon Web Services (AWS) customers now have greater access to a proven cloud security …

Visure Solutions Unveils New, Easy-to-Use Web Interface for Requirements Management ALM Solution (PR Newswire) As companies become increasingly aware of the importance of managing risk and improving their development process, Requirements Management (RM)...

Nozomi Networks Works with IBM to Secure Industrial Infrastructure (ARC Web) Nozomi Networks Inc. announced they are collaborating with IBM Security to answer growing demand for effective, integrated IT and OT cybersecurity services and solutions to Secure Industrial Infrastructure.

Austria Hilfswerk Niederösterreich chooses Fortinet for cost-effective WAN connectivity security solutions (Fortinet) Fortinet’s Security-Driven Networking Approach Provides Hilfswerk Niederösterreich With Cost-Effective, Secure and Reliable WAN Connectivity at Over 68 Locations

Cellebrite Introduces Breakthrough Platform That Revolutionizes Digital Intelligence Approach, Maximizes Data Collection, Extraction and Management (PR Newswire) Cellebrite, the global leader in digital intelligence solutions serving the law enforcement, government and enterprise communities, today...

Centrify Announces “Secure the Vote 2020” (BusinessWire) Centrify, a leading provider of cloud-ready Zero Trust Privilege to secure modern enterprises, today announced a new nationwide initiative to secure p

LogicMonitor Announces Innovative Enhancements to AIOps Solution (Yahoo) LogicMonitor today announced general availability of its AIOps early warning system, which marks the latest enhancement to its AIOps solution, LM Intelligence™. The new system is designed to provide actionable warning indicators for imminent issues. Combined with the single pane of glass view enabled

Amazon Detective, McAfee Hunt Down the Baddies (SDXCentral) Amazon Web Services (AWS) rolled out three new security tools at re:Invent this week.

Autotalks announces first FIPS-Compliant C-V2X/DSRC chipset for secure deployment in the US (Green Car Congress) Israel-based Autotalks announced that its second-generation chipsets are FIPS-certified for secure C-V2X or DSRC deployment in the US. The announcement comes after Autotalks’ V2X chipsets achieved Federal Information Processing Standard 140-2 (FIPS 140-2) security level 3 certification from the US National Institute of Standards and Technology (NIST). Autotalks’ CRATON2 and...

Technologies, Techniques, and Standards

Advancing Industrywide Compute Lifecycle Assurance (Intel Newsroom) The globalization of technology design, development, manufacturing and distribution has created an environment of complicated supply

Ransomware Survival Guide: What Every Organization Needs to Know Before, During, and After an Attack (Communal News) Ransomware is an old threat that has come roaring back with a new ferocity. This type of malware—which gets its name from the payment it demands after locking away victims’ files— has quickly become one of the top types of cyber attacks. More than half of companies surveyed in a recent Ponemon Institute poll said ...

YouTube CEO Wojcicki: We've Cut Amount Of Time Americans Watch "Controversial Content" By 70% (RealClearPolitics) CBS NEWS '60 MINUTES': YouTube's mission is to give everyone a voice, but the site's open platform has opened the door to hate. YouTube CEO Susan Wojcicki tells Lesley Stahl what the company's doing about it

Finding Long Connections With Zeek (Active Countermeasures) Hey folks. I’m Chris Brenton, and today I’m going to show you how to find the longest connections taking place on your network using Bro/Zeek’s conn.log.

Remove CStealer Trojan and Protect Your Passwords (SensorsTechForum.com) CStealer is a new password-stealing Trojan currently targeting Windows systems. The Trojan is designed to harvest passwords from the Google Chrome browser.

Passwords: Our First Line of Defense (Black Hills Information Security) Darin Roberts // “Why do you recommend a 15-character password policy when (name your favorite policy here) recommends only 8-character minimum passwords?” I have had this question posed to me a couple of times in the very recent past.   There were 2 separate policies that were shown to me when asking these questions. First was …

Webcast: Group Policies That Kill Kill Chains (Black Hills Information Security) On this webcast, we’ll guide you through an iterative process of building and deploying effective and practical Group Policy Objects (GPOs) that increase security posture. Download slides: https://www.activecountermeasures.com/presentations/ 0:45 Introducing what a kill chain is and general background you need for this webcast 15:53 Getting into group policies, best practices, group policies that we’re not covering …

Schools Spy on Kids to Prevent Shootings, But There's No Evidence It Works (Vice) Spyware like GoGuardian, Bark, and Gaggle are monitoring students’ internet habits, both on and off school grounds.

Design and Innovation

Can a $10M Pentagon project enhance AI cyber operations? (Fifth Domain) The Joint Artificial Intelligence Center is looking to a partnership between a civilian agency and the private sector.

The Air Force wants help with these technologies (C4ISRNET) A notice is asking for industry white papers on new and innovative cyber and signals intelligence research.

Instagram to collect ages in leap for youth safety, alcohol ads (Reuters) Facebook Inc's Instagram said it will require birthdates from all new users...

Legislation, Policy, and Regulation

The West failed to prepare for cyber attacks, Nato chief admits (The Telegraph) The West was slow to respond to the threat of cyber attacks, the chief of NATO’s Cooperative Cyber Defence Centre (CCDCOE) has admitted.

Perspective | We need to hold the Kremlin responsible for its 2018 cyberattack on the Olympics (Washington Post) Failure to respond will only invite future state-sponsored cyberattacks on civilian targets.

Op-ed: Stop the rise of autonomous weapons (Navy Times) Our ever-growing appetite for intelligent, autonomous machines poses a host of ethical challenges.

Kim Jong Un again rides horse up sacred peak as North Korea raps Trump (Military Times) North Korean leader Kim Jong Un rode a white horse up a sacred mountain in his second symbolic visit in less than two months, state media reported Wednesday, as his military chief lashed out at U.S. President Donald Trump for talking about a possible military option against the North.

Boris Johnson may block Huawei's role in building 5G networks (Computing) President Trump had pressed Mr Johnson on the issue on Tuesday, during a meeting in Downing Street.

On Huawei, PM Johnson says Britain cannot prejudice security or cooperation (The Mighty 790 KFGO) Britain's decision on whether to allow Huawei a role in building 5G telecoms networks will be based on ensuring the national security and ensuring cooperation with the U.S.-led Five Eyes intelligence alliance, Prime Minister Boris Johnson said on Wednesday.

Trump says Huawei is a security risk as NATO seeks secure 5G (The Mighty 790 KFGO) U.S. President Donald Trump said on Wednesday that Chinese telecommunication firm Huawei was a security risk after NATO said it needed secure next-generation 5G technology.

U.S. Government to Tap Federal Funds to Thwart Huawei, ZTE (Yahoo) The move is the latest in a string of concerted efforts by the U.S. government to dissuade other sovereign countries from using Huawei and ZTE gear to preempt alleged spying and siphoning of data.

Senators urge FERC to protect critical infrastructure from Huawei threats (TheHill) Six senators on Wednesday sent a letter to the Federal Energy Regulatory Commission (FERC) urging the body to combat threats posed by using technology from Chinese telecommunications giant Huawei.

U.S. Senate committee to consider bill to impose stiff new sanctions on Russia (Reuters) The U.S. Senate Foreign Relations Committee will vote as soon as next week on le...

Senators sound alarm on dangers of ransomware attacks after briefing (TheHill) Senators from both sides of the aisle sounded the alarm Wednesday on the dangers posed to small businesses and government entities by ransomware cyberattacks following a classified briefing from a key Department of Homeland Security (DHS

Here’s what senators learned about the ransomware threat (Fifth Domain) The director of the Department of Homeland Security’s cybersecurity agency held a classified briefing with senators, who shared some thoughts.

Ransomware devastated cities this year. Officials hope to prevent a repeat in 2020 (CNET) More than 70 state and local governments across the US suffered from ransomware attacks in 2019.

Senators inch forward on federal privacy bill (TheHill) Senators argued for their dueling proposals for a federal privacy law during a highly anticipated hearing on Wednesday, marking the first time key Republicans and Democrats have taken their disputes public after months of closed-doors negotiations.

Text - S.2961 - 116th Congress (2019-2020): A bill to establish duties for online service providers with respect to end user data that such providers collect and use. (US Congress) Text for S.2961 - 116th Congress (2019-2020): A bill to establish duties for online service providers with respect to end user data that such providers collect and use.

WSJ News Exclusive | Nancy Pelosi Pushes to Remove Legal Protections for Online Content in Trade Pact (Wall Street Journal) House Speaker Nancy Pelosi is pushing to strip out sweeping legal protections for online content in the new trade pact with Mexico and Canada, in what would be a blow for big technology companies.

House passes bipartisan anti-robocall bill (Fox Business) Top Republican is "sure" President Trump will sign it.

Facebook's Mark Zuckerberg says the social network should not be 'censoring politicians' (USA TODAY) Facebook CEO Mark Zuckerberg and wife Priscilla Chan told CBS This Morning's Gayle King that Facebook should not ban political ads.

Litigation, Investigation, and Law Enforcement

Australia to probe foreign interference through social media platforms (Reuters) Australia on Thursday established an investigation into potential foreign politi...

Huawei files appeal in U.S. court against FCC's rural carrier purchase ban (CNBC) The FCC last month voted unanimously to designate Huawei Technologies Co Ltd and peer ZTE Corp as national security risks, barring their U.S. rural carrier customers from tapping an $8.5 billion government fund to purchase Huawei or ZTE telecommunications equipment. Huawei filed a petition with the Fifth Circuit Court in New Orleans challenging the FCC...

Analysis | The Cybersecurity 202: Huawei doubles down on legal fight with U.S. (Washington Post) The Chinese telecom is challenging an FCC directive barring it from rural systems.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

CISO Leadership Forum (Austin, Texas, USA, December 4 - 5, 2019) Forget the typical conference, which may or may not focus on the latest industry buzz, vendor specific pitches or trendy new development. Our learning sessions are vendor agnostic only as we focus on peer-to-peer...

International Cyber Risk Management Conference (Bermuda, December 4 - 6, 2019) The International Cyber Risk Management Conference (ICRMC) provides delegates with an essential forum to learn from experts, network and share experiences with peers and colleagues, and get the answers...

St, Louis Cybersecurity Conference (St. Louis, Missouri, USA, December 5, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

CyberMaryland 2019 (Baltimore, Maryland, USA, December 5 - 6, 2019) The CyberMaryland Conference includes thought leaders from Maryland’s Cyber Security sector and also features nationally recognized speakers and panelists on cyber and technology innovations. Sessions...

Anaheim Cybesecurity Conference (Anaheim, California, USA, December 11, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.