skip navigation

More signal. Less noise.

Don’t slow down development for application security.

We know that application security testing is a bottleneck for software development—but it’s also crucial. You need a solution that can simplify and automate as much of that process as possible without grinding development to a halt. Code Dx automates the most time-consuming steps in AppSec testing, keeping your DevOps pipeline running as smoothly as possible.

Daily briefing.

Multiple reports say that Iran's government has indicated that it's succeeded in fending off another cyberattack. Tehran is again being tight-lipped about the incident, beyond saying that it successfully defended itself, and that the target was "electronic government systems." There's been some a priori speculation about the usual adversaries in the press, but as the BBC points out, Iran's Telecommunications Minister was more specific, saying that the attack used tools associated with APT27, a Chinese-speaking threat group. The Islamic Republic News Agency quotes the ministry as characterizing the attack as "foreign spying."

Around mid-day Friday more cyberattacks hit Louisiana. The City of New Orleans was most prominently affected by what BleepingComputer says has been tentatively identified as (again) Ryuk ransomware. CNN reports that the city declared a state of emergency and disconnected systems from the Internet as a precautionary measure. Emergency services are said to have been unaffected, and City Hall is open for business today, as New Orleans officials characterize the effects of the attack, WBRZ says, as "minimal." In addition to New Orleans, there are reports in WBRZ that sheriff's offices in three Louisiana parishes, Rapides, Washington, and Orleans, were also subjected to an attack at the end of last week. It's unclear whether these attacks are related.

Hackensack Meridian Health, New Jersey's largest hospital health network, was afflicted by ransomware for five days, forcing postponement of about a hundred elective surgeries, the Daily Beast reports. Hackensack Meridian got out from under the attack by paying the ransom.

Notes.

Today's issue includes events affecting Australia, China, European Union, Germany, India, Iran, New Zealand, Russia, United Kingdom, United States.

Bring your own context.

So here's a question: why are so many data buckets left exposed to the Internet?

"It could be a number of things. And I don't have the statistics, but I'd say one of the most common ones is just that nobody is just keeping track of it. It's a miscommunication between the people who are setting these up, who usually just care about, you know, achieving some form of task in their jobs, and security, who are unaware of the fact that somebody spun up all these storage options and they just don't know that it's happened. By default, usually the access becomes public, and then nobody's aware of the fact that there could be a lot of confidential information in there. And what usually ends up - is there are a lot of both hackers and just other bodies who scan, you know, the range of the S3 buckets and start looking for information that could be confidential or shouldn't be publicly accessible. And very quickly, they find these leaks, and breaches end up happening."

—Dean Sysman, CEO and co-founder of Axonius, on the CyberWire Daily Podcast, 12.12.19.

It's Delphic: know thyself. Or at least be aware that a big gap can open up between "I told them to take care of it" and "That's the first I've heard of it."

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

In today's Daily Podcast, out later this afternoon, we speak with our partners at the Johns Hopkins University's Information Security Institute, as Joe Carrigan discusses Twitter’s expressed intention of shifting to open standards.

And a CyberWire Special Edition Podcast is out: "Capturing the flag at NXTWORK 2019." Capture the Flag competitions are an increasingly popular and valuable way for both cyber security students and seasoned professionals to test their skills, stay sharp and maybe even put a bit swagger on display. We set out to capture the excitement of a capture the flag event. As luck would have it, our sponsors at Juniper Networks were hosting a capture the flag hackathon at their annual NXTWORK conference in Las Vegas, and they invited our CyberWire team to join them to experience it for ourselves.

Information Security Institute Virtual Information Session (Online, January 23, 2020) Our graduate students in the Johns Hopkins University Information Security Institute work alongside our faculty who are world-renowned for their research in cryptography, privacy, medical information security, and network and system security. To learn more, register for the January 23rd one-hour session to get an overview of the Information Security Institute. Panelists will provide a program overview, areas of research, admissions requirements, and discuss life in Baltimore.

6th Annual Cyber Security Conference for Executives (Baltimore, Maryland, United States, March 25, 2020) The 6th Annual Cyber Security Conference for Executives, hosted this year by The Johns Hopkins University Information Security Institute and Ankura, will be held on Wednesday, March 25th, in Baltimore, Maryland. Learn about the do’s and don’ts of risk management with industry leaders and other cyber professionals. Check out the details at http://isi.jhu.edu and click on 6th Annual Cybersecurity Conference for Executives.

Cyber Attacks, Threats, and Vulnerabilities

Iran 'foils second cyber-attack in a week' (BBC News) The hack targeted government computer systems, the country's telecommunications minister says.

Iran investigating third cyberattack in a week (The Jerusalem Post) The attack was repelled by the Islamic Republic's security shield, known as Dezhfa, as two other cyberattacks were reported last week.

Keyfactor Researchers Identify RSA Certificate Vulnerability, Successfully Break Nearly 250,000 Distinct RSA Keys (Yahoo) Keyfactor, the leader in securing digital identities, today announced research findings identifying a vulnerability across active RSA certificates. RSA certificates and the RSA algorithm are commonly used to securely transmit data to a remote source. Using minimal computing resources, researchers were

F-Secure Finds Major Vulnerabilities in Popular Wireless Presentation System (Yahoo) Consultants with cyber security provider F-Secure have discovered several exploitable vulnerabilities in a popular wireless presentation system. Attackers can use the flaws to intercept and manipulate information during presentations, steal passwords and other confidential information, and install backdoors

Ryuk Ransomware Likely Behind New Orleans Cyberattack (BleepingComputer) Based on files uploaded to the VirusTotal scanning service, the ransomware attack on the City of New Orleans was likely done by the Ryuk Ransomware threat actors.

NOLA officials label Friday's cyberattack as 'minimal' (WBRZ) Officials say no data was held for ransom and a recovery operation is getting underway in New Orleans after a Friday morning cyberattack prompted a shutdown of city government computers. 

New Orleans mayor declares state of emergency in wake of city cyberattack (CNN) Suspicious activity was detected at 5 a.m. and an investigation revealed it was a cyberattack at 11 a.m.

Security expert: city's quick response to cyber attack may have been 'perfect' (WWLTV) "The City of New Orleans is under a cyber attack. Please power off your computers and unplug them immediately."

City Hall set to open Monday following cyber attack (WDSU) New Orleans officials say City Hall will open on Monday, but courts will remain closed.

New Orleans shuts off computers after cyberattack, following two big incidents in Louisiana this year (CNBC) After a series of widespread cyberattacks in Louisiana, which led to two statewide emergency declarations this year, New Orleans was hit on Friday.

New Orleans hit by ransomware, city employees told to turn off computers | ZDNet (ZDNet) After Atlanta and Baltimore, another major US city grapples with a ransomware attack.

Three Louisiana sheriff's offices targeted in weekend cyberattack (WBRZ) Louisiana officials say three sheriff's offices in Rapides, Washington and Orleans parishes were targeted by hackers in a suspected weekend cyberattack. 

Largest hospital system in NJ forced to pay ransom in cyber attack (New Jersey 101.5) New Jersey’s largest hospital system said that a ransomware attack last week disrupted its computer network and that it paid a ransom to stop it.

Ransomware Took Out New Jersey Hospital Heath Network for Five Days (The Daily Beast) Hackensack Meridian Health would not say how much it paid the hackers to regain control of their system.

Inside ‘Evil Corp,’ a $100M Cybercrime Menace (KrebsOnSecurity) The U.S. Justice Department this month offered a $5 million bounty for information leading to the arrest and conviction of a Russian man indicted for allegedly orchestrating a vast, international cybercrime network that called itself “Evil Corp” and stole roughly $100 million from businesses and consumers.

Click Here to Kill (Harper's magazine) The dark world of online murder markets

Shaw informs customers of data breach six months after incident (Calgary Herald) Some Shaw customers received letters in the mail this week saying some of their customer information was breached six months ago, Postmedia has learned.The breach happened on June 22, 2019, when a …

Thief Stole Payroll Data for Thousands of Facebook Employees (Bloomberg) Some 29,000 current, former employees impacted by theft. Unencrypted hard drives were stolen from payroll worker’s car.

Microsoft and Intel: Replace your four-year-old PC or laptop (News | The CEO Magazine) Research by Techaisle for Microsoft and Intel claims that the cost of a PC four years or older is A$5,012 and the device is not equipped to withstand the cybersecurity issues now the norm in the business world

Security Patches, Mitigations, and Software Updates

Intel Fixes Dangerous Plundervolt Vulnerability (HOTforSecurity) Intel has quickly released a fix for the new and already infamous Plundervolt vulnerability found in Intel 6th, 7th, 8th, 9th, and 10th generation processors, alongside Xeon Processor E3 v5 and v6, and Xeon Processor E-2100 and E-2200. Security researchers... #ilnerability #intel #Plundervolt

Npm patches two serious bugs (Naked Security) JavaScript package users have been warned to update due to a bug that could enable an attacker to infect them with malicious applications.

Cyber Trends

The United States Made Information Free and Foreign Manipulation Possible (Foreign Affairs) How unrestricted broadcasting set the stage for a misinformation overload.

Bitglass 2019 Financial Breach Report: More than 60% of All Leaked Records in Past Year Exposed by Financial Services Firms (BusinessWire) Bitglass, the Next-Gen Cloud Security company, today released its 2019 Financial Breach Report: The Financial Matrix. Each Year, Bitglass analyzes the

2019 Fraud risk report (NuData Security) Billions of exposed user records are fueling mass-scale attacks daily, from the simplest automation-based to the most sophisticated fraud that emulates human behavior.

DDoS Threats Report 2019 Q3 (Nexusguard) While the ongoing implementation of DNSSEC continued to drive the growth of DNS Amplification attacks in the quarter, the sharp rise in TCP SYN Flood attacks is also worthy of considerable attention.

Marketplace

Imply Raises $30mm at a $350mm Valuation in Growth Round to Fuel Development of Its Cloud-native, Real-time Analytics Solution (BusinessWire) Imply, the real-time analytics company, announced today that it has raised $30 million in funding led by Andreessen Horowitz’s Late Stage Venture Fund

Accenture to Acquire Clarity Insights (Citybizlist) Accenture (NYSE: ACN) has announced that it has entered into an agreement to acquire Clarity Insights, a U.S.-based data consultancy

Apax to acquire Coalfire from Carlyle and Chertoff (PE Hub) Apax Partners has agreed to acquire Coalfire from The Carlyle Group and The Chertoff Group.

China's AI Unicorns Can Spot Faces. Now They Need New Tricks (Wired) Companies such as Megvii thrived on government contracts for facial recognition, but they face challenges from US sanctions to cheaper tech.

Huawei Loses Out As Trump And China Agree New ‘Phase One’ Trade Deal (Forbes) Huawei had been hoping a U.S. trade deal with China would provide a resolution to its ongoing blacklisting. But that hasn't happened—at least not yet.

Telenor says Huawei will still play role in 5G rollout (Reuters) Telenor reiterated on Sunday Huawei would be involved in building Norway's ...

Chinese tech firm Huawei's bullying attitude fails to win over hearts and minds (Hong Kong Free Press) A French academic, Valerie Niquet, a senior research fellow at the Foundation for Strategic Research, is being sued by Huawei France. The Chinese telecom giant has accused Niquet of libel, and, as @HuaweiFactsFR explained in a tweet on November 23 (in French): “In March 2019, #Huawei has filed three lawsuits for libel against a private individual. …

How Britain became dependent on Silicon Valley data mining company Palantir to help it fight terrorism (The Telegraph) You may not know a lot about Palantir, but you are one of its most valued customers.

NSA Vet Chris Kubic Joins Fidelis as Chief Information Security Officer (GovCon Wire) Chris Kubic, former chief information security officer of the National Security Agency, has been app

Rami Habal joins Abnormal Security as Chief Product Officer (Help Net Security) Abnormal Security, the platform that protects large enterprises from email attacks, announced the appointment of Rami Habal to Chief Product Officer.

WidePoint Appoints Kellie Kim as Chief Financial Officer (West) WidePoint Corporation (NYSE American: WYY), the leading provider of Trusted Mobility Management (TM2) specializing in Telecommunications Lifecycle Management, Identity Management and Digital Billing & Analytics solutions, has appointed Kellie Kim as the company’s new Chief Financial Officer (CFO).

Cipherloc Continues New Strategic Focus with Go-To-Market Leadership Hires (Yahoo) Ben Poernomo joins CipherLoc from Symantec Corporation's National Security Group, after a previous career in military, government and commercial cybersecurity roles. Ben will be based in the Washington, D.C. area and will lead the go-to-market strategy for CipherLoc's quantum-secure encryption

Products, Services, and Solutions

MyData Operator Network Enables Smooth Data Flow – User Consent Is the Key (News Powered by Cision) Cybersecurity company Nixu was involved in the implementation of the service pilot conducted in Finland by Vastuu Group and the Finnish Transport and Communications Agency Traficom.

Risk Management Practitioners Can Demonstrate Third Party Risk Management Program ROI with New Simplicity (BusinessWire) Risk Management Practitioners Can Demonstrate Third Party Risk Management Program ROI with New Simplicity

Censys Launches Universal Internet Data Set; Now Scanning The Most Ports In The Internet Security Industry (Censys) New Data Set Featuring Over 1000 New Ports Finds 35-50% More Hosts on Obscure Ports

ID.me Announces Secure Identity Verification Solution for California C (PRWeb) ID.me, the industry leader in secure online Identity verification, today announced an identity proofing and authentication solution for businesses required t

Factoring RSA Keys in the IoT Era (Keyfactor) Researchers Identify RSA Certificate Vulnerability, Keyfactor researchers successfully break nearly 250,000 distinct RSA keys. 1 in every 172 active RSA certificates are vulnerable to compromise or attack.

Telefonica’s cybersecurity unit adds CrowdStrike’s tech to its portfolio (Mobile Europe) Mobile Europe & European Communications is the leading B2B title for the telecoms industry, exploring operators'​ technology strategies and providing CTOs and their teams with news, analysis and opinion about the latest developments in the sector.

CyberX launches partner program in IoT security market (SearchITChannel) CyberX, a company that provides cybersecurity in the IoT and industrial control system sectors, has unveiled a channel program for managed service providers, consultants, integrators and technology providers. Learn more about the initiative.

Technologies, Techniques, and Standards

The importance of proactive patch management (Help Net Security) Proactive patch management is focused on protecting the systems and applications that are most important and reducing the overall attack surface.

Cyber security expert offers advice to keep hackers from breaking into home security cameras (WDRB) You also should never use the same username and password for multiple accounts and you should choose complicated and unique passwords for each account.

Design and Innovation

YouTube bans malicious insults, veiled threats, harassment (Naked Security) The new policy addresses how coordinated online abuse often happens in real life: poisonous drips spanning multiple videos/comments.

What facial recognition steals from us (Vox) A video explainer on the technology that’s changing the meaning of the human face.

Look How Easy It Is to Fool Facial Recognition—Even at the Airport (Fortune) An experiment by Kneron shows facial recognition is less secure than many think.

“Link In Bio” is a slow knife (Anil Dash) We don’t even notice it anymore — “link in bio”. It’s a pithy phrase, usually found on Instagram, which directs an audience to be aware that a pertinent web link can be found on that user’s profile. Its presence is so subtle, and so pervasive, that we barely

Research and Development

A Sobering Message About the Future at AI's Biggest Party (Wired) Leaders in artificial intelligence warn that progress is slowing, big challenges remain, and simply throwing more computers at a problem isn't sustainable.

Academia

How these Toronto sleuths are exposing the world’s digital spies while risking their own lives (The Star) Citizen Lab has found spyware being used to secretly infect mobile phones or computers of political dissidents, human rights activists, journalists and pro-democracy organizations.

Legislation, Policy, and Regulation

The Case for a Mostly Open Internet (ITIF) Policymakers should seek to maximize the benefits of Internet openness while maintaining carefully designed guardrails that reduce the Internet’s most clearly harmful uses.

The Application of International Law to Cyberspace: Sovereignty and Non-intervention (Just Security) A new Chatham House Report discusses how these principles apply to cyber operations below the threshold of use of force and recommends how governments can make progress in reaching agreement.

India shuts down internet once again, this time in Assam and Meghalaya (TechCrunch) India maintained a shutdown of the internet in the states of Assam and Meghalaya on Friday, now into 36 hours, to control protests over a controversial and far-reaching new citizen rule. The shutdown of the internet in Assam and Meghalaya, home to more than 32 million people, is the latest example …

Why the US should increase cyber pressure against North Korea (Fifth Domain) To get North Korea back to the denuclearization table, a new report argues, the United States should employ a more robust information operations and cyber campaign.

ATO lands AU$151 million in MYEFO for storage and cyber resilience (ZDNet) Canberra finds money for the Australian Taxation Office, DTA digital identity program, and Department of Home Affairs visa processing systems.

China Threatens Retaliation Should Germany Ban Huawei 5G (Yahoo) China’s ambassador to Germany threatened Berlin with retaliation if it excludes Huawei Technologies Co. as a supplier of 5G wireless equipment, citing the millions of vehicles German carmakers sell in China.“If Germany were to take a decision that leads to Huawei’s exclusion from the German

Trump Agrees to Limited Trade Deal With China (Wall Street Journal) President Trump has agreed to a limited trade agreement with Beijing that will roll back existing tariff rates on Chinese goods and cancel new levies set to take effect Sunday as part of a deal to boost Chinese purchases of U.S. farm goods and obtain other concessions, according to people familiar with the matter.

Huawei Finds Some Friends in the U.S. Senate (Bloomberg) The Trump administration’s global campaign against the Chinese telecom giant runs into a domestic roadblock.

Dems want tougher language on election security in defense bill (TheHill) Democrats are complaining that the annual National Defense Authorization Act (NDAA) set for a Senate vote this week doesn’t go far enough to protect election security.

CISA Launches First Annual President's Cup Cybersecurity Competition (Dark Reading) Cyber security's comprehensive news site is now an online community for security professionals, outlining cyber threats and the technologies for defending against them.

Litigation, Investigation, and Law Enforcement

European Court of Justice Privacy Shield legal opinion to be published on Thursday (Computing) ECJ advocate general also considering whether EU's standard contractual clauses provide sufficient protection for European consumers

Cisco Wins Legal Challenge in Battle Against Chinese Counterfeits (Wall Street Journal) Cisco Systems has won a legal battle against counterfeit versions of key networking equipment, securing an injunction that requires big online marketplaces to halt the sale of some knockoffs.

FBI secretly demands a ton of consumer data from credit agencies. Now lawmakers want answers (TechCrunch) Now lawmakers want answers from Equifax, Experian, and TransUnion.

Police get “unprecedented” data haul from Google with geofence warrants (Naked Security) Investigators are using geofence warrants to get anybody and everybody who’s near a crime at a given time.

Political parties accused of 'gaming the law' on social media adverts (The Telegraph) Britain's dangerously antiquated electoral rules require urgent reform to cope with a surge in abuse by political parties using the personal data of voters to target them online, according to a new report.

Facebook Is Suing To Send A Message To Scammers — And Regulators (BuzzFeed News) The social media giant is trying to prove it can be trusted to police itself.

Weak account checks earn company $10.5 million privacy fine (Naked Security) The telecomms company violates the EU’s GDPR by allegedly failing to fully authenticate people phoning up to access their accounts.

Ex-Trump campaign aide Carter Page notches victory after inspector general hammers FBI for surveillance missteps (Washington Post) Working mostly without a lawyer, Page was the only one of four initial suspects in the Russia investigation who was never charged or convicted.

In election fraud case involving Giuliani associates, defense pushes for intelligence intercepts (Washington Post) A lawyer in the case involving Lev Parnas and Igor Fruman told a federal judge that intelligence files may exist on them and two co-defendants.

NSA Statement on NSA Inspector General Special Study (STL.News) NSA Statement on NSA Inspector General Special Study • STL.News • Read national news at STL.News. Please share STL.News.

Leak Secrets to Media, You Are Sure to be Prosecuted (ClearanceJobs) ClearanceJobs is your best resource for news and information on security-cleared jobs and professionals. Learn more with our article, "Leak Secrets to Media, You Are Sure to be Prosecuted ".

Man guilty of keeping defense secrets at home (The Daily News of Newburyport) A Massachusetts man has pleaded guilty to keeping classified national defense documents at his home without proper authorization, federal prosecutors said Friday.

Todd Leasure Sentenced For Submitting False Claims For Hours Worked For NSA Projects (CBS) A 45-year-old Alabama man was sentenced Friday to six months of home detention as part of five years' probation for making false statements regarding the hours he worked on a contract for the National Security Agency.

The Lawfare Podcast: Countering Chinese Espionage (Lawfare) Recently, former CIA officer Jerry Lee was sentenced to 19 years in prison for conspiring to share classified information with the Chinese government. During the time in which Lee was in touch with Chinese intelligence agents, dozens of CIA sources in China were arrested or killed—a catastrophe for CIA operations in the country. What's the connection between this disaster and the Lee case? And what do both mean for Chinese counterintelligence work overall?

Ex-UBS FA Fined After Allegedly Conned by Hacker to Disburse Client Funds (Financial Advisor IQ) Finra has suspended and fined a former UBS financial advisor who was allegedly duped by a hacker into disbursing half a million dollars from a UBS client’s account, the industry’s self-regulator says.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

2020 Billington CyberSecurity Summit (Washington, DC, USA, September 8, 2020) Billington CyberSecurity produces world class educational forums and virtual seminars about the threats, challenges, and opportunities related to protecting our nation's critical cyber infrastructure.The...

Upcoming Events

CPX 360 Bangkok (Bangkok, Thailand, January 14 - 16, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable...

Cyber Security for Critical Assets, MENA 2020 (Dubai, United Arab Emirates, January 20 - 21, 2020) The 17th in a global series of Cyber Security for Critical Assets summits, #CS4CA MENA 2020 focuses on safeguarding the critical industries of the Middle East and Northern Africa from cyber threats. CS4CA...

CPX 360 New Orleans (New Orleans, Lousiana, USA, January 27 - 29, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable...

SINET: Global Cybersecurity Innovation Summit (London, England, UK, January 30, 2020) Advancing global collaboration and innovation, SINET convenes a summit of international cybersecurity leaders at the British Museum. The conference will bring together innovators, investors, researchers,...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.