skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

Iranian officials say they stopped “a very big” cyberattack, US News reports, but Tehran didn’t call out the nation responsible, or say what attack they were referring to. The New York Times independently reports that the breach and exposure of some fifteen-million Iranian bank debit cards followed last month's unrest in that country. The Times notes speculation that an unnamed nation-state adversary was behind the data theft.

Cybereason today outlined a new use for Trickbot: spreading Anchor malware against a select set of targets. SentinelLabs reported yesterday afternoon that the Trickbot (criminal) Enterprise is now supplying North Korea's Lazarus Group. Criminal groups have worked with state intelligence and security agencies before, but this transnational collaboration is relatively unusual. Trickbot has been adept at both code-injection and quiet harvesting of desktop credentials. Threatpost warns that banks especially should look to their defenses.

As the United Kingdom prepares for tomorrow’s election, Business Insider cites experts who see disinformation circulated via WhatsApp as a problem for voters.

The US Senate Judiciary Committee's hearings on encryption policy open today. Observers see the balance in the cryptowars tilting against end-to-end encryption. Facebook is hanging tough, but the Telegraph thinks the social network is now in a fight it will find it difficult to win.

The City of Pensacola confirmed yesterday that the cyberattack it sustained was indeed a ransomware incident, WEAR TV reports.

The Eastern Band of the Cherokee Nation also sustained a ransomware attack, according to the Charlotte Observer. One suspect is in custody.

Notes.

Today's issue includes events affecting Canada, China, European Union, Iran, Democratic Peoples Republic of Korea, Nigeria, Poland, Russia, United Kingdom, United States.

Bring your own context.

An attack on online gaming, that's no big deal, right? Who cares if Junior has trouble with whatever first-person shooter he's currently obsessed with? Actually, maybe an attack is more feature than bug...well, not so fast.

"As silly as that sounds, it can actually cause quite a few problems, in particular because the devices that they target – typically the only time an organization becomes aware that their routers have been compromised is when someone else lets them know. Say their provider or someone that's actually being attacked says we're getting all of this malicious traffic coming from your network space. So it can cause issues both for the brand – if they're, you know, the company where the routers got compromised, and they're being perceived as doing some sort of attack, which they actually aren't doing. That can cause problems. And also it can degrade network functionality as well. So it can cause a lot of problems for organizations where it will slow a network down to the point where it can be unusable. So these things sometimes seem more almost like a nuisance kind of attack more than anything else, but they can have real world important kind of consequences."

—Jen Miller-Osborn, Deputy Director of Threat Intelligence for Unit 42 at Palo Alto Networks, on the CyberWire's Research Saturday, 12.7.19.

So, home or business owner, you may not be interested in the games, but the games are interested in you. At least when they've been hacked.

Meet the team of leading experts dedicated to making the world a safer place.

If cybersecurity is important to your business (and of course it is), work with the team whose entire mission is to make the world a safer place for everyone. Based on years of law enforcement and military experience, our team pulls and analyzes the best data and delivers it in the most actionable format. Get human-curated, in-depth analysis, layered on top of the most comprehensive, exclusive sets of data from the Deep and Dark Web.

In today's Daily Podcast, out later this afternoon, we speak with our partners at Terbium Labs, as Emily Wilson shares timely warnings about connected gifts for children. Our guest is Kevin Lancaster from ID Agent, and he talks about monitoring people affected by the OPM breach.

And Caveat is up. In this episode, "Helping us understand HIPAA," Ben shares a story of student privacy in an age of surveillance. Dave describes efforts by the state of Georgia to put parts of their official legal code behind a paywall. The listener on the line wonders about speed cameras. Our guest is Donna Grindle, founder and CEO of Kardon and the co-host of the Help Me With HIPAA podcast.

CS4CA MENA returns to Dubai on 20th – 21st January 2020. Visit mena.cs4ca.com for details. (Dubai, UAE, January 20 - 21, 2020) #CS4CA MENA returns to Dubai on 20th – 21st January 2020 for an intimate and exclusive platform promoting in-depth cybersecurity knowledge and collaboration among IT & OT leaders from MENA’s Oil & Gas, Utilities, Chemicals, Aviation, Transport, Manufacturing industries.

Cyber Attacks, Threats, and Vulnerabilities

Iran Banks Burned, Then Customer Accounts Were Exposed Online (New York Times) The details of millions of Iranian bank cards were published online after antigovernment protests last month. Experts suspect a state-sponsored cyberattack.

Iran Says It Foiled 'Very Big' Foreign Cyber Attack (US News) Iran has foiled a major cyber attack on its infrastructure that was launched by a foreign government, the Iranian telecoms minister said on Wednesday, two months after reports of a U.S. cyber operation against the country.

North Korean hackers are working with Eastern European cybercriminals: report (Reuters) North Korean state-backed hackers appear to be cooperating with Eastern European...

TrickBot gang is now a malware supplier for North Korean hackers (ZDNet) North Korean state hackers spotted using Anchor, a new side-project developed by the infamous TrickBot malware gang.

Lazarus APT Collaborates with Trickbot's Anchor Project (Threatpost) An unprecedented connection between the North Korean APT and the crimeware giant spells trouble for global banks and other cybercrime targets.

Russia sporting ban could lead to a rise in "cyber assaults" (Verdict) The impact of the Russia sporting ban could extend beyond sport and could lead to a rise in "cyber assaults" against organisations.

The State-Sponsored Cyberthreat Landscape (Radware Blog) There is a global chess match between nation-states, businesses and the various digital assets contained within these organizations.

Who’s Spreading Disinformation in U.K. Election? You Might Be Surprised (New York Times) Foreign meddling was once the most feared source of online deception before critical elections. Now, some candidates themselves are turning to such manipulative tactics.

Cybersecurity experts warn disinformation on WhatsApp is the hidden threat to the UK general election (Business Insider) Cybersecurity experts warn Whatsapp misinformation campaigns are going unnoticed. They suggest opening up its data to the research community.

Hillary Clinton, Chris Steele Allege Boris Johnson Is A Russian Stooge (The Federalist) Given his track record, it’s stunning that Christopher Steele has again surfaced, just before the U.K. election, to claim that Johnson is a Russian asset.

Facebook’s ad tools subsidize partisanship, research shows. And campaigns may not even know it. (Washington Post) For the first time, researchers have demonstrated a skew in the delivery of political ads based on the content of those ads alone.

Hackers Can Mess With Voltages to Steal Intel Chips' Secrets (Wired) A new attack called Plundervolt gives attackers access to the sensitive data stored in a processor's secure enclave.

‘Plundervolt’ attack breaches chip security with a shock to the system (TechCrunch) Today's devices have been secured against innumerable software attacks, but a new exploit called Plundervolt uses distinctly physical means to compromise a chip's security. By fiddling with the actual amount of electricity being fed to the chip, an attacker can trick it into giving up its innermost…

University of Birmingham Finds Weakness in Intel's Processors (Security Magazine) Researchers at the University of Birmingham say that they have identified a weakness in Intel’s processors.

Intel's CPU Flaws Continue to Create Problems for the Tech Community (Dark Reading) We can't wait out this problem and hope that it goes away. We must be proactive.

Ad Injector Dulls Chrome's Luster (Netskope) Netskope Advanced Threat Protection recently detected ads being injected into web traffic of multiple users. The source of these ad injections is a Javascript ad injector commonly known as Lnkr. In this blog post, we will provide an overview of Lnkr, a list of all the URLs we have uncovered that are hosting the Lnkr …

Tenable Research Finds New Vulnerabilities in Popular Blink Smart Security Cameras (Tenable®) Threat actors could gain complete control of the Amazon-owned security cameras to obtain personal information and launch further attacks Tenable®, Inc., the Cyber Exposure company, today announced that its research team has discovered seven severe vulnerabilities in Amazon-owned Blink XT2 security camera systems. If exploited, the vulnerabilities could give attackers full control of an affected device, allowing them to remotely view camera footage, listen to audio output and hijack the device for use in a botnet to perform, for example, distributed denial of service (DDoS) attacks, steal data or send spam.

Blink XT2 Camera System Command Injection Flaws (Medium) Blink home security camera systems, owned and operated by Amazon, contain a number of security flaws that could allow attackers or other…

Smart lock’s security issues leave open doors for attackers (News Powered by Cision) Design flaw discovered in smart lock highlights ongoing struggle to produce devices that are both

460,000 Turkish card details put up for sale, web skimmers suspected (ZDNet) Biggest dump of Turkish payment card details recorded in recent years.

Batch of 460,000+ Payment Cards Sold on Black Market Forum (BleepingComputer) Researchers monitoring activity on underground markets found that more than 460,000 payment card records were offered for sale in two days on a popular forum where such data is being traded.

Cryptominers and fileless PowerShell techniques make for a dangerous combo (CSO Online) This new dual-payload cryptojacking malware can disable Windows Antimalware Scan Interface and inject itself directly into memory of legitimate processes.

Siemens SIMATIC CP 343-1/CP 443-1 Modules and SIMATIC S7-300/S7-400 CPUs Vulnerabilities (Update B) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable remotely; low skill level is needed to exploit. Vendor: Siemens Equipment: SIMATIC Vulnerabilities: Insufficient Verification of Data Authenticity, Sensitive Cookie in HTTPS Session Without 'Secure' Attribute 2.

Siemens SCALANCE Privilege Escalation Vulnerabilities (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely; low skill level to exploit Vendor: Siemens Equipment: SCALANCE X-200 switch family and SCALANCE X-200IRT switch family Vulnerabilities: Privilege Escalation, Improper Authentication 2.

Siemens SIPROTEC 5 and DIGSI 5 (Update B) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely; low skill level to exploit Vendor: Siemens Equipment: SIPROTEC 5 and DIGSI 5 Vulnerabilities: Improper Input Validation 2    UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-19-190-05 Siemens SIPROTEC 5 and DIGSI 5 (Update A) that was published August 13, 2019 on the ICS webpage on us-cert.gov.

Interpeak IPnet TCP/IP Stack (Update B) (CISA) CISA is aware of a public report detailing vulnerabilities found in the Interpeak IPnet TCP/IP stack.

Siemens SINAMICS (Update B) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SINAMICS Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update ICSA-19-227-04 Siemens SINAMICS (Update A) that was published November 12, 2019, on the ICS webpage on us-cert.gov.

Siemens Industrial Products (Update C) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Industrial Products Vulnerabilities: Integer Overflow or Wraparound, Uncontrolled Resource Consumption 2.

Siemens S7-1200 and S7-200 SMART CPUs (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Low skill level to exploit Vendor: Siemens --------- Begin Update A Part 1 of 2 --------- Equipment: S7-1200 CPU family (including SIPLUS variants); S7-200 SMART CPU family --------- End Update A Part 1 of 2 ---------

Siemens EN100 Ethernet Module (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: EN100 Ethernet Module Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Cross-site Scripting, Relative Path Traversal 2.

Siemens RUGGEDCOM ROS (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: RUGGEDCOM ROS Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Resource Management Errors 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a denial-of-service condition or arbitrary code execution.

Siemens SIMATIC S7-1200 and S7-1500 CPU Families (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC S7-1200 and S7-1500 CPU families Vulnerabilities: Use of a Broken or Risky Cryptographic Algorithm, Missing Support for Integrity Check 2.

Siemens SiNVR 3 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SiNVR 3 Vulnerabilities: Cleartext Storage of Sensitive Information in GUI, Improper Authentication, Relative Path Traversal, Missing Authentication for Critical Function, Weak Cryptography for Passwords, Exposed Dangerous Method or Function 2.

Siemens SCALANCE W700 and W1700 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: SCALANCE W700 and W1700 Vulnerability: Improper Enforcement of Message Integrity During Transmission in a Communication Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access confidential data.

Siemens XHQ Operations Intelligence (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: XHQ Operations Intelligence Vulnerabilities: Cross-site Request Forgery, Improper Neutralization of Script-Related HTML Tags in a Web Page, Improper Input Validation 2.

Siemens SIMATIC Products (CISA) 1. EXECUTIVE SUMMARY CVSS v3 3.7 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SIMATIC CP 1626; HMI Panel (incl. SIPLUS variants); NET PC software; STEP 7 (TIA Portal); WinCC (TIA Portal); WinCC OA; WinCC Runtime (Pro and Advanced); TIM 1531 IRC (incl. SIPLUS variant) Vulnerability: Exposed Dangerous Method or Function 2.

Cyberattack Downs Pensacola’s City Systems (Threatpost) The cyberattack comes days after a shooting at U.S. military base Naval Air Station Pensacola rocked the city.

Cyber attack shuts down NC Native American tribe’s network, one arrested, chief says (Charlotte Observer) Computer networks and websites for the Eastern Band of Cherokee Indians were still down Tuesday morning after a cyber attack targeted the North Carolina tribe’s systems over the weekend, according to tribal officials.

I ask the community to please be patient... - Principal Chief Richard Sneed (Facebook Watch) I ask the community to please be patient as we deal with this issue. Additional information will be shared when it is available.

Holidays bring phishing scam surge aimed at small business (BusinessMirror) The e-mail looked legitimate, so Danielle Radin clicked on the link it contained, expecting to have her products included in a holiday gift guide. “I instantly regretted it,” says Radin, owner of Mantra Magnets, a web site that sells wellness products. “It took me to some […]

HHS cybersecurity leader describes the active threats on agency's radar (Healthcare IT News) VPN vulnerabilities, variations of "the Blues" and PACS imaging servers are among the risks the Health Sector Cybersecurity Coordination Center, or HC3, is tracking.

Shops urged to take smart toys off shelves over security concerns (Sky News) Walkie talkies, karaoke machines, and robots are among the popular Christmas toys that had security flaws.

Security Patches, Mitigations, and Software Updates

Microsoft Office December Security Updates Fix Remote Execution Bugs (BleepingComputer) Microsoft released the December 2019 Office security updates, bundling a total of 16 security updates and five cumulative updates for five different products, three of them patching flaws allowing remote code execution.

Zero Day Initiative — The December 2019 Security Update Review (Zero Day Initiative) We’ve made it to the end of the year and the final scheduled security updates from Microsoft and Adobe for 2019. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month.

Windows 10 Mobile receives its last security patches (Naked Security) If you’re one of the tiny hardcore still using Windows 10 Mobile, 10 December 2019 is probably a day you’ve been dreading for nearly a year.

Amazon security: Patches fix multiple flaws exposing Blink cameras to hijacking (ZDNet) The vulnerabilities could be exploited by a friend or contractor who secretly wants to harm you.

Adobe patches 17 critical code execution bugs in Photoshop, Reader, Brackets (ZDNet) Other vulnerabilities resolved include privilege escalation and information leaks.

Chrome now warns you when your password has been stolen (The Verge) Chrome 79 arrives today with password security improvements and more.

Google expands Chrome's anti-phishing tools as hackers' obsession with credentials continues (CyberScoop) Google says it will now warn users when they are potentially visiting a phishing page in the Chrome browser, a plan that coincides with a wider company effort to alert people when they are being targeted by state-sponsored cyberattacks and other threats to their digital identity.

Cyber Trends

The Cybersecurity Doomsday Clock: What Time is it? (Infosecurity Magazine) There is no such thing as perfect security.

2020 Global IoT/ICS Risk Report (CyberX) A data-driven analysis of real-world vulnerabilities observed in more than 1,800 production IoT/ICS networks across all industrial sectors worldwide.

Year in Review: 18 Cybersecurity Statistics and Research Figures Summarizing 2019 (Bricata) This neatly curated list of cybersecurity statistics provides a year in review for 2019 including the top challenges, the average MTTR, investments and estimated costs.

PerimeterX Protects $5B+ Worldwide E-commerce Revenue during Thanksgiving, Black Friday and Cyber Monday (PerimeterX) PerimeterX Protects $5B+ Worldwide E-commerce Revenue from Automated Attacks during Thanksgiving, Black Friday and Cyber Monday

New Research: Equifax Breach Vulnerability Surfaces as Top Network Attack in Q3 2019 (West) WatchGuard’s latest Internet Security Report also reveals significant increases in malware and network attacks, as zero day malware accounts for 50% of all detections.

Fighting cyber-threats: Why AI, robotics, and human imagination will save us all (SC Magazine) Cyber city analyst; Cyber-calamity forecaster; Cyber-attack agent; & Juvenile Cyber-crime rehabilitation counsellor are among new cyber-security jobs that will be needed to cope with the growing cyber-threat

2019 Data Breaches: 4 Billion Records Breached So Far (Norton) A look at 2019 data breaches so far, arranged by business sector, plus actions you can take help protect against identity theft.

Most Breaches Are Financially Motivated, Verizon Study Finds (Business Insights | Bitdefender) Most breaches of companies in 2019 were financially motivated, and this remains the main reason organizations to protect against all types of intrusions, a Verizon study has found.

Five trends that will dominate the mobile security agenda in 2020 (Wandera) As we head into the new year, security professionals everywhere are piecing together clues from 2019 that might offer some insight into what 2020 will bring by way of threats and cyberattacks. As mobile becomes more powerful and more ingrained in business, the security risks stack up in step. Here a

Experts warn against rising cyberthreats in Africa (Punch Newspapers) Cybersecurity experts have warned of increasing incidence of Distributed Denial-of-Service attacks in Africa.

Cybersecurity predictions for 2020 and beyond (Commsmea) Morey Haber, CTO/CISO at BeyondTrust and Christopher Hills, Sr. Solutions Architect, Office of the CTO at BeyondTrust look at what cyberattack vectors will be the issue in 2020

Marketplace

CyberGRX Closes $40 Million Series D Investment Led by ICONIQ Capital (BusinessWire) CyberGRX announces that it has raised $40 million in Series D funding led by ICONIQ Capital and supported by existing investors.

Tines raises $11 million to automate repetitive cybersecurity tasks (VentureBeat) Tines, a cybersecurity startup that helps enterprise security teams automate repetitive workflows, has closed a $15.1 million series A round led by Accel.

Ordr raises $27.5 million to protect against network-level cybersecurity threats in real time (VentureBeat) Ordr, a Santa Clara, California-based startup developing a network-level security solution, has raised $27.5 million in venture capital.

Verint to separate into two independent companies (Intelligence Community News) On December 4, Melville, NY-based Verint Systems Inc. announced that its Board of Directors has unanimously approved proceeding with a plan to separate Verint into two independent companies: one of…

Help/Systems to acquire Clearswift (ITWeb) Clearswift is a UK-based content threat protection software company.

Report: McAfee, private equity firms circling NortonLifeLock as M&A target (Silicon Valley Business Journal) Santa Clara-based McAfee is considering a combination of its consumer business with NortonLifeLock, the part of Symantec that wasn't acquired by Broadcom last month.

McAfee Eyeing NortonLifeLock Acquisition, But ESET, Sophos Might Be Better Suitors (Channel Futures) According to the Wall Street Journal, NortonLifeLock, a $16 billion consumer-software company, has attracted deal interest from a number of companies including rival McAfee. McAfee is owned by Intel and private-equity firms TPG and Thoma Bravo.

NortonLifeLock Stock Rises on McAfee Buyout Rumors (Market Realist) NortonLifeLock (NLOK) stock reached a 52-week high of $26.63 on Tuesday on rumors of a buyout by cybersecurity company McAfee.

Zscaler Stock Might Be in Trouble, and Competition Is the Culprit (The Motley Fool) The war for cybersecurity market share appears to be taking its toll, with valuations for the tech upstart becoming too high.

DNA firm GEDmatch now operated by company with police ties, privacy worries surface (ZDNet) Opinion: Now operated by Verogen, will GEDmatch become a treasure trove of data for law enforcement?

Safe-T Signs Partner Agreement with a Fortune 500 Affiliate for the Resale of its SDP Solution (AP NEWS) Press release content from Globe Newswire. The AP news staff was not involved in its creation.

Arm China Will Make Chips With ‘State-Approved’ Cryptography (Tom's Hardware) That's sure to raise the espionage alarms in Washington once again.

Telefonica taps Huawei for 5G core, as DT freezes 5G deals amid uncertainty (FierceWireless) Telefonica will source 5G gear from multiple vendors, but has selected Huawei as one supplier for its 5G core network.

NordVPN launches promised bug bounty program (ZDNet) NordVPN was galvanized into action after an attacker compromised one of its servers.

Palantir grabbed Project Maven defense contract after Google left the program: sources (Business Insider) Palantir is working with the US Department of Defense to build artificial intelligence that can analyze drone footage.

In A BYOD World, Everybody Needs Cybersecurity Chops (Forbes) Threats may change, but one thing is consistent: untrained users who don’t understand their roles and responsibilities in preventing an attack.

What to Know About Careers With a Security Clearance, and How to Get There (ClearanceJobs) ClearanceJobs is your best resource for news and information on security-cleared jobs and professionals. Learn more with our article, "What to Know About Careers With a Security Clearance, and How to Get There ".

Making a Difference Fuels Retention in Space, Cyber Commands (U.S. DEPARTMENT OF DEFENSE) Making a difference and staying on mission are the keys to retention in the U.S. Space Command and the U.S. Cyber Command.

Welcome Chief Marketing Officer Chris Pick (Tanium) I’m thrilled to officially welcome Chris Pick as Tanium’s Chief Marketing Officer.

Alphabet Adds Nobel-Prize Winning Chemist Arnold to Board (Bloomberg) Caltech professor is the third woman on 11-member board. Arnold to serve on nominating, corporate governance committees.

Malwarebytes stalwart promoted to chief product officer (Security Brief) Akshay has been an incredible partner with product development, enabling our long-term product vision. His leadership has been instrumental to our continued growth and success.

Products, Services, and Solutions

PerimeterX Delivers Web Application Security through Google Cloud Platform Marketplace (West) PerimeterX Bot Defender gives customers on Google Cloud Platform the ability to protect applications from automated attacks

ForgeRock Unveils a New Offering to Create a Smarter Identity Management and Governance Solution (West) ForgeRock and Accenture collaborate to improve Identity Management and Governance using Artificial Intelligence and Machine Learning to help clients reduce risk and increase efficiency

Roke and Ricardo launch Digital Resilience Lab – and share key insights in white paper (Ricardo) New Digital Resilience Lab provides state-of-the-art vehicle testing facility for Ricardo and Roke customers - enables controlled testing via wired and wireless connections.

ForgeRock and Onfido Partner to Deliver Digital Access as a Service for the IAM / CIAM Ecosystem (Odessa American) Onfido, the global identity verification platform, and ForgeRock®, the leading provider in digital identity, today announced a partnership to integrate Onfido’s combined Digital Registration, Identity Verification and Authentication solutions to ForgeRock’s CIAM platform.

ForgeRock Unveils a New Offering to Create a Smarter Identity Management and Governance Solution (Yahoo) ForgeRock®, the leading provider in digital identity, today announced ForgeRock Autonomous Identity™, a new capability designed to create a smarter AI-driven identity management and governance solution. Powered by analytics, artificial intelligence and machine learning, the new solution is designed

KnowBe4 and SpyCloud Form Partnership to Enhance Capabilities to Check (PRWeb) KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced a new partnership with SpyCloud

Cato Networks blends SIEM insights into its platform (FierceTelecom) Cato Networks is the latest SD-WAN vendor to announce it has blended SIEM capabilities into its platform. But Cato is laying claim to being the first vendor to add SIEM, which stands for security information and event management, into a secure access service edge (SASE) platform at no additional cost.

SolarWinds Adds Encryption, More Automation To RMM Tool (CRN) SolarWinds MSP has launched an update to its RMM tool N-Central — giving users with deeper network monitoring, increased security, and more robust automation capabilities, which one partner called a “good addition” to the company’s product.

Booz Allen Hamilton announces support for AWS Outposts (Help Net Security) Booz Allen Hamilton has capabilities to support AWS Outposts, designed hardware that allow customers to run compute and storage on premises.

RNC and DNC Using Duo Security MFA Ahead of 2020 Election (Mobile ID World) Both of America's major political parties have been using Duo Security, which specializes in multi-factor authentication (MFA)

Cloud security boosted as Darktrace launches in AWS Marketplace (Cambridge Network) Darktrace, a leading cyber AI company, has announced the availability of its Enterprise Immune System and Antigena solutions in AWS Marketplace.

BeyondTrust Expands PAM Offering for DevOps Environments with the Launch of DevOps Secrets Safe (West) BeyondTrust’s centralized secrets administration solution strengthens credential protection in DevOps environments

Technologies, Techniques, and Standards

IT-ISAC seeing ‘a lot more engagement’ from federal government on cyber threat intelligence (Federal News Network) Scott Algeier of IT-ISAC said cyber threat intelligence is useful for agencies and industry leadership once they’re on the same page about what it entails.

10 Common Questions About Threat Hunting (Active Countermeasures) New to Threat Hunting? Have lots of questions and don’t know where to start? Chris Brenton answers 10 frequently asked questions related to …

Inside the mind of a hacker (IT PRO) Understanding why cyber criminals want to attack your business should be a key component of your security strategy

GNU Radio Primer (Black Hills Information Security) Ray Felch // Disclaimer: Be sure to use a faraday bag or cage before transmitting any data so you don’t accidentally break any laws by illegally transmitting on regulated frequencies. Additionally, intercepting and decrypting someone else’s data is illegal, so be careful when researching your traffic. Preface: Recently, I introduced myself to the world of …

What are the qualities of a good digital identity management program? (Help Net Security) Many organizations are struggling to define a digital identity management program both internally for the enterprise and externally for consumers.

Design and Innovation

Hidden Complexity is Biggest Threat to Compliance (FireMon) You can’t manage what you can’t see, and when it comes to security controls, complexity is the enemy of visibility. FireMon’s 2019 State of the Firewall report uncovered a great deal of complexity related to firewall deployments at organizations of various sizes. Almost 33 percent of survey respondents reported they have between 10 and 99 Read more...

Signal Working on New Private Group Feature (Decipher) Signal is developing an updated private group system that provides enhanced capabilities and security for group administrators.

IBM AI Innovations Sharpen Risk Detection in Identity Management (IBM News Room) More Individualized Approach Helps Optimize Both Security & User Experience

Quantum-Proof Cryptography: What Role Will It Play? (GovInfo Security) CISOs need to begin investigating the use of quantum-proof cryptography to ensure security is maintained when extremely powerful quantum computers that can crack

Theory of mind — Quartz Daily Obsession (Quartz) Theory of mind: A think piece

Research and Development

The race for quantum-proof cryptography (CSO Online) Lawmakers briefed on quantum computing’s threat to encryption and the urgent need for mathematical research.

BAE Systems to Develop New Cyber Tools for DARPA to Improve Security of Electronic Data Formats (BusinessWire) BAE Systems received a DARPA contract to develop new cyber tools to help prevent vulnerabilities in electronic files that can lead to cyberattacks.

Academia

Cyberskilling & awareness should start at school level: Check Point's Venugopal (Livemint) 'Many organizations today are still using technologies that are 10 years old,' says Venugopal N, Director - Security Engineering, Check Point Software Technologies.We can cope with these threats only by educating ourselves and utilising the product and solution that are well configured, he added

University of Akron launches cybersecurity 'testbed' (Crain's Cleveland Business) From Crain's Akron Business: Officials said the facility will allow students and others to work with viruses in a quarantined environment as part of the state's efforts to combat cybersecurity issues and the school's expansion into a new discipline.

Legislation, Policy, and Regulation

Iran's internet freedom is on life support (CNET) The country's president wants a state-controlled intranet to replace the internet.

Are We Sovereign? - Visegrad Insight (Visegrad Insight) Freedom without restrictions on the net threatens democracy. Despite this, few people in Poland are worried about online disinformation.

Conservatives ramp up calls for Huawei ban amid security questions (Global News) The Liberals delayed making a decision on whether to let the Chinese tech firm into the 5G spectrum.

Lord Browne: UK must ignore US and make its own decision on tech security (The Telegraph) Lord Browne of Madingley, the chairman of Huawei UK and former boss of BP, has urged the UK not to be influenced by the US on Chinese telecoms security threats.

EU releases its 5G conclusions (Naked Security) The Council of the European Union sent a memo summarizing its thoughts on the “need to mitigate security risks linked to 5G”.

Congress wants more answers on cyber operations and tools (Fifth Domain) The National Defense Authorization Act has many provisions demanding new reports and oversight mechanisms over DoD cyber operations and readiness of the cyber force.

Congress targets OTAs, cyber investments in defense policy bill (FCW) The 2020 National Defense Authorization Act conference report homes in on other transaction authorities, drones and cybersecurity investments.

Several election security provisions are in the massive defense bill (Fifth Domain) According to the National Defense Authorization Act, Congress is taking steps to learn more about future Russian cyberattacks and wants to ensure state officials have access to the top-level threat information.

Sen. King presses for cyberattack deterrence strategies (Homeland Preparedness News) Sen. Angus King (I-ME) pressed Department of Defense leaders for information on U.S. cyberattack deterrence and efforts against emerging threats during a recent Senate Armed Services Committee hearing. “Let me focus on a particular issue of deterrence that I’ve been …

Covert Military Information Operations and the New NDAA: The Law of the Gray Zone Evolves (Lawfare) Congress has been building a domestic legal framework for gray zone competition in the cyber domain. Now it is extending that effort to the broader context of information operations. This warrants close attention.

Ellen Lord: DoD Aims to Protect Defense Supply Chain Through New Cybersecurity Certification (GovCon Wire) Ellen Lord, undersecretary for acquisition and sustainment at the Defense Department and a 2019 Wash

CISA establishes small business, agency essentials for supply chain (Federal News Network) If a chain is only as strong as the weakest link, then small business in the federal or industrial supply chain needs to be forged a little tougher.

Encryption and Lawful Access: Evaluating Benefits and Risks to Public Safety and Privacy | United States Senate Committee on the Judiciary (US Senate Commission on the Judiciary) Full Committee hearing.

Written Testimony for the United States Senate Committee on the Judiciary on Smartphone Encryption and Public Safety (Manhattan District Attorney's Office) Good morning Chairman Graham, Ranking Member Feinstein, and members of the Senate Judiciary Committee. On behalf of my Office and our partners in state and local law enforcement, I thank the Committee for its work and attention to this vital issue of local, state, and national public safety.

Facebook Tells US Attorney General It’s Not Prepared To Get Rid Of Encryption On WhatsApp And Messenger (BuzzFeed News) “People’s private messages would be less secure and the real winners would be anyone seeking to take advantage of that weakened security,” the company wrote to leaders in the US, UK, and Australia.

Facebook rejects Priti Patel calls to open up encryption to help in fight against terrorists and child abusers (The Telegraph) Facebook has rejected calls by Home Secretary Priti Patel to open up its encrypted messaging platforms to allow law enforcement agencies to hunt down terrorists and paedophiles, a leaked letter has revealed.

By defying the spooks on encryption, Facebook is picking a fight it can win (The Telegraph) Why is Facebook picking yet another fight with Western governments?

A Framework for Regulating Competition on the Internet (Stratechery) Understanding the differences between platforms and Aggregators is critical when it comes to considering regulation.

Break Up Big Tech To Ensure Data Privacy And Cybersecurity? Slow Down (Forbes) But we should not allow data security to become a political football, with partisans of all stripes pandering to narrow constituencies in an effort to score cheap political points.

Litigation, Investigation, and Law Enforcement

Pensacola Shooter May Have Been Radicalized Years Ago, Says Saudi Report (The Daily Beast) The Saudi aviation student who killed three U.S. Navy airmen in Florida appears to have been radicalized in 2015.

Exclusive: A Facebook Contractor Accepted Bribes From A Scammer To Reactivate Banned Ad Accounts (BuzzFeed News) "This behavior is absolutely prohibited under our policies and the individual is no longer working with Facebook."

Apple has 'deep concerns' that ex-employees accused of theft will flee to China (Reuters) Apple Inc on Monday told a federal court it has "deep concerns" that t...

Apple sues iPhone CPU design ace after he quits to run data-center chip upstart Nuvia (Register) CEO accused of breaching contract with Cupertino, fires back in court

Impeachment live updates: House Democrats unveil two articles of impeachment against Trump; White House predicts ‘full exoneration’ in GOP-led Senate (Washington Post) The articles focus on abuse of power and obstructing Congress. The president called impeachment “Political Madness.”

Analysis | The articles of impeachment against President Trump, explained (Washington Post) Democrats unveiled the reasons they think Trump should be removed from office.

Carter Page: I have a 'team of attorneys' scouring Horowitz report for potential lawsuits (Fox News) Former Trump campaign aide Carter Page told "Hannity" on Monday that he has a team of attorneys looking over the Justice Department inspector general's report for subjects of potential lawsuits, claiming that his reputation was badly damaged by the Russia investigation.

Ivanka Trump was friends with former British spy Christopher Steele, according to person familiar with the situation (Washington Post) A report by the Justice Department’s inspector general alludes to the relationship.

Trump lashes out at FBI director in wake of Justice Department inspector general’s report (Washington Post) In a morning tweet, the president took issue with Christopher A. Wray’s response to the report examining the bureau’s investigation of Trump’s 2016 campaign and suggested he was not capable of fixing the FBI.

Analysis | Christopher Wray, basically: Don’t listen to Trump’s Ukraine conspiracy theories (Washington Post) Wray said Monday there was "no indication" that Ukraine interfered in the 2016 election, directly contradicting Trump. He also conspicuously urged people to be savvier consumers of information.

TikTok settles class action over child privacy one day after it’s filed (Naked Security) The $1.1m settlement is an “excellent result,” TikTok said, unsurprisingly: compared with its $5.7m FTC fine, it’s dirt cheap.

'Government Imposter' Scammers Pay $1.2 Million in FTC Settlement (BleepingComputer) A settlement with the Federal Trade Commission (FTC) requires the operators of a government imposter scheme to pay $1.2 million and also comes with a ban on sending any further unsolicited direct mail to businesses across the U.S.

DoJ arrests Ponzi operators planning to retire ‘RAF’ through cryptocurrency scam (ZDNet) It’s not that easy to retire “rich as f*ck” when the police become involved.

Feds Crack Down on Money Mules, Warn of BEC Scams (Threatpost) Authorities say they have halted over 600 domestic money mules – exceeding the 400 money mules stopped last year.

NSW Ambulance staff reach $275K settlement over data breach (CIO) The NSW Supreme Court has accepted a $275,000 settlement for the class action brought against NSW Ambulance over the access and sale of personal data of 130 staff in 2013.

DoItForState domain name thief gets 14 years for pistol-whipping plot (Naked Security) He hired his cousin to break in, hold the rightful domain holder at gunpoint, and force a transfer to his own GoDaddy account.

Fish farm hit by £2 million phishing scam (The Fish Site) A man from Leicester was part of a phishing scam which swindled over £2 million from Wester Ross Fisheries, a court heard.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Anaheim Cybesecurity Conference (Anaheim, California, USA, December 11, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Cincinnati Cybersecurity Conference (Cincinnati, Ohio, USA, December 12, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

CPX 360 Bangkok (Bangkok, Thailand, January 14 - 16, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable...

Cyber Security for Critical Assets, MENA 2020 (Dubai, United Arab Emirates, January 20 - 21, 2020) The 17th in a global series of Cyber Security for Critical Assets summits, #CS4CA MENA 2020 focuses on safeguarding the critical industries of the Middle East and Northern Africa from cyber threats. CS4CA...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.