skip navigation

More signal. Less noise.

Don’t slow down development for application security.

We know that application security testing is a bottleneck for software development—but it’s also crucial. You need a solution that can simplify and automate as much of that process as possible without grinding development to a halt. Code Dx automates the most time-consuming steps in AppSec testing, keeping your DevOps pipeline running as smoothly as possible.

Daily briefing.

CyberWire Pro, coming in 2020.

We're pleased to offer another reminder that our new subscription program, CyberWire Pro, will launch early in 2020. For cyber security professionals and others who want to stay abreast of this rapidly evolving industry, CyberWire Pro is a premium news service that will save you time as it keeps you informed. Learn more and sign up to get launch updates here.

CyberX researchers have described a cyber espionage campaign that's evidently designed to steal sensitive data, especially design information, from manufacturers. CyberX calls it "Gangnam Industrial Style," in recognition that South Korean manufacturers have been most heavily hit, with some sixty percent of the victims located in the Republic of Korea. Other countries affected include (in rough order of the attention they received from the APT) Thailand, China, Japan, Indonesia, Turkey, Ecuador, Germany, and the United Kingdom. The attack begins with spearphishing emails carrying plausible bait representing itself as, for example, RFQs or inquiries from buyers. The most common payload is Separ malware, which both harvests credentials and searches for files of interest. The attackers may be after trade secrets in a conventional industrial espionage effort, or they may be looking for industrial system vulnerabilities that could be targeted in subsequent attacks.

Palo Alto Networks' Unit 42 has released a follow-up to its earlier reports on "Rancor," a Chinese cyber espionage unit that pays particular attention to targets in Cambodia. Unit 42 tells CyberScoop that there's an irony beneath the apparent persistence: none of the efforts to penetrate Cambodian networks have been fully successful.

The US Foreign Intelligence Surveillance Court has starchily ordered the FBI to give an account of what it was doing when it requested FISA surveillance authority over Trump advisor Carter Page. The New York Times calls the Justice Inspector General's report on Crossfire Hurricane "damning." A broader IG investigation is in the offing, the Washington Post reports.

Notes.

Today's issue includes events affecting Cambodia, Canada, China, Czech Republic, Ecuador, Finland, Germany, Indonesia, Japan, Republic of Korea, Russia, Thailand, Turkey, United Kingdom, United States.

Bring your own context.

Information may want to be free, as they used to say, but that's not to say that sovereign Internets will tear down the walls they're busily building. What's the effect of this trend?

"Certainly not a positive one, at least among those countries. For those of us that are interested in a free and open internet, we don't want to see something like this. You know, the other challenge as well is that these efforts ultimately reduce internet resilience as a whole. So the internet is an interconnected network of networks. It only works successfully when everybody is sort of behaving themselves and cooperating. When these things start occurring, it ultimately lowers the resiliency of the global internet. That's a bug, not a feature. Russia may be looking at as a feature, but for everybody else, it's really a problem."

—David Belson, senior director of internet research and analysis at the Internet Society, on the CyberWire Daily Podcast, 12.13.19.

Attention tends to focus on Russian policies, but Russia's not the only country aspiring to Internet sovereignty.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

In today's Daily Podcast, out later this afternoon, we speak with our partners at CrowdStrike, as Tom Etheridge discusses incident response speed and the 1-10-60 concept. Our guest is Eli Sugarman from the Hewlett Foundation, sharing the results of their CyberVisuals contest.

Information Security Institute Virtual Information Session (Online, January 23, 2020) Our graduate students in the Johns Hopkins University Information Security Institute work alongside our faculty who are world-renowned for their research in cryptography, privacy, medical information security, and network and system security. To learn more, register for the January 23rd one-hour session to get an overview of the Information Security Institute. Panelists will provide a program overview, areas of research, admissions requirements, and discuss life in Baltimore.

6th Annual Cyber Security Conference for Executives (Baltimore, Maryland, United States, March 25, 2020) The 6th Annual Cyber Security Conference for Executives, hosted this year by The Johns Hopkins University Information Security Institute and Ankura, will be held on Wednesday, March 25th, in Baltimore, Maryland. Learn about the do’s and don’ts of risk management with industry leaders and other cyber professionals. Check out the details at http://isi.jhu.edu and click on 6th Annual Cybersecurity Conference for Executives.

Cyber Attacks, Threats, and Vulnerabilities

South Korean industrial giants slammed in active info-stealing APT campaign (ZDNet) Over 200 companies are reported as victims of the covert cyberespionage effort.

Industrial Cyber-Espionage Campaign Targets Hundreds of Companies (BleepingComputer) Hundreds of industrial companies are currently the targets of cyber-espionage activity from an advanced threat actor. The adversary uses a new version of an older info-stealer to extract sensitive data and files.

'Gangnam Industrial Style' campaign targets industrial firms with phishing emails and Separ malware (Computing) New North Korea-linked campaign has already compromised at least 200 systems belonging to industrial companies across the world

Gangnam Industrial Style: APT Campaign Targets Korean Industrial Companies (CyberX) Section 52, CyberX’s threat intelligence team, has uncovered an ongoing industrial cyberespionage campaign targeting hundreds of manufacturing and other industrial firms primarily located in South Korea. The campaign steals passwords and documents which could be used in a number of ways, including stealing trade secrets and intellectual property, performing cyber reconnaissance for future attacks, and …

This China-linked espionage group keeps trying to hack the Cambodian government (CyberScoop) Rancor has tried to break into the network of an unnamed Cambodian government organization and deploy their custom malware, according to Palo Alto Networks.

ScreenConnect MSP Software Used to Install Zeppelin Ransomware (BleepingComputer) Threat actors are utilizing the ScreenConnect (now called ConnectWise Control) MSP remote management software to compromise a network, steal data, and install the Zeppelin Ransomware on compromised computers.

Sneaker Bots: a Deep Dive (PerimeterX) Explore how sneaker bots work, what methods they use, what a real attack looks like, the damage they cause and how to protect your e-commerce website from them.

Vulnerability Found in TP-Link’s Archer Routers, Now Fixed (CISO MAG) TP-Link’s Archer Router series which is capable of handling high-speed online traffic had a vulnerability that if exploited, could allow hackers to bypass the admin passwords and remotely take control of the devices over the LAN.

LifeLabs Data Breach Exposes Personal Info of 15 Million Customers (BleepingComputer) Canadian clinical laboratory services provider LifeLabs has announced a data breach that exposed the personal information for up to 15 million Canadians after an unauthorized user gained access to their systems.

Canadian lab test provider pays ransom to secure hacked data (Washington Post) The Canadian lab test provider LifeLabs says it paid a ransom to secure data for customers that was stolen in a data breach in late October

What cyberattacks on companies like LifeLabs can mean for you (British Columbia) It’s like an accident out of a blue. Through no fault of your own, you suddenly find you owe thousands of dollars – if not more.

Consulting Firm Accidentally Doxxed Thousands of Employees at America’s Top Defense Contractor (The Daily Beast) “If it’s available on the internet, the safe money is on the bad guys finding it,” said Andrew Grotto, a former senior cybersecurity official in the Obama White House.

RSA Keys Found in IoT Medical Devices, Implants Prone to Attack (HealthITSecurity) Keyfactor discovered a vulnerability in the RSA keys and certificates that puts the devices at risk of cyberattack or malfunctioning: one out of every 172 active certificate could be compromised.

FBI Warns of Risks Behind Using Free WiFi While Traveling (BleepingComputer) The U.S. Federal Bureau of Investigation recommends travelers to avoid connecting their phone, tablet, or computer to free wireless hotspots while traveling during the holiday season.

Hackers Could Use Smart Displays to Spy on Meetings (Wired) By exploiting flaws in popular video conferencing hardware from DTEN, attackers can monitor audio, capture slides—and take full control of devices.

Process Hollowing: Hacker's New Technique for Monero Mining (CISO MAG | Cyber Security Magazine) Since early November hackers have started using Process Hollowing, a new technique for Monero mining whose malicious intent goes undetected until triggered.

Cobots too easy a target for ransomware, alerts Alias Robotics (eeNews Europe) Urging industrial robots manufacturers to implement efficient cybersecurity measures, security researchers from Spanish startup Alias Robotics have demonstrated a Proof of Concept attack consisting in ransomware specifically aimed at industrial collaborative robots.

Industrial robot ransomware: Akerbeltz (eeNews Europe) Cybersecurity lessons have not been learnt from the dawn of other technological industries. In robotics, the existing insecurity landscape needs to be addressed immediately. Several manufacturers profiting from the lack of general awareness are systematically ignoring their responsibilities by claiming their insecure (open) systems facilitate system integration, disregarding the safety, privacy and ethical consequences that their (lack of) actions have. In an attempt to raise awareness and illustrate the ”insecurity by design in robotics” we have created Akerbeltz, the first known instance of industrial robot ransomware. Our malware is demonstrated using a leading brand for industrial collaborative robots, Universal Robots.

Siemens SPPA-T3000 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SPPA-T3000 Vulnerabilities: Improper Authentication, Cleartext Transmission of Sensitive Information, Unrestricted Upload of File with Dangerous Type, Heap-based Buffer Overflow, Integer Overflow or Wraparound, Out-of-bounds Read, Improper Access Control, Stack-based Buffer Overflow, SFP Secondary Cluster: Missing Authentication, Deserialization of Untrusted Data, Information Exposure, Cleartext Transmission of Sensitive Information

GE S2020/S2020G Fast Switch 61850 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 4.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GE Equipment: GE S2020/S2020G Fast Switch 61850 Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to inject arbitrary code and allow disclosure of sensitive data.

We Tested Ring’s Security. It’s Awful (Vice) Ring lacks basic security features, making it easy for hackers to turn the company's cameras against its customers.

Consumer groups issue product warning for Amazon Ring after latest video hack (Vox) This is only the latest controversy for the video doorbell company.

Alexa, Google Home Eavesdropping Hack Still Exists (Threatpost) Researchers say that Amazon and Google need to focus on weeding out malicious skills from the getgo, rather than after they are already live.

Ransomware Hit Over 1,000 U.S. Schools in 2019 (BleepingComputer) Since January, 1,039 schools across the U.S. have been potentially hit by a ransomware attack after 72 school districts and/or educational institutions have publicly reported being a ransomware victim according to a report from security solutions provider Armor.

Cybercriminals Found a Scary New Way of Making Hacked Companies Pay Ransom (Vice) Ransomware is spreading like wildfire in the U.S., and one gang is threatening infected companies with mass data exposure if they don't pay up.

Name and claim: data exposure website used as threat tactic by ransomware gang (SC Magazine) Data ransomers have created a public website to expose data and named recent victim companies that chose to rebuild their operations instead of paying up

Four U.S. cities attacked by ransomware this month (CBS News) Florida, New Orleans and California faced cyberattacks that crippled some city government systems in December.

St. Lucie County Sheriff's Office hit by cyber attack (WPEC) The FBI is now working with the St. Lucie County Sheriff's Office to get its computer network back online. The sheriff's office said much of it has been disconnected due to a cyber attack that was discovered early Tuesday morning. 911, emergency services, and dispatch are still online and deputies are carrying out their duties, according to Sheriff Ken Mascara. But the sheriff's office is using paper for recording keeping and day-to-day business.

Cyber-sleuths: Ransomware used in New Orleans attack likely tied to organized crime (NOLA.com) While New Orleans officials remain tight-lipped about a cyber-attack that has hobbled city government since Friday, cyber-sleuths have homed in on the likely weapon: Ryuk, a menacing breed of “ransomware”

New Orleans cyberattack: Recovery process will last week or more, FBI aiding investigation (NOLA.com) New Orleans officials said Monday they are ready to begin scrubbing thousands of city computers as they continue probing whether confidential information was breached in a cyberattack Friday that forced

Update on New Orleans City Hall cyber-attack (WGNO) Update on New Orleans City Hall cyber-attack

Hackers hit Galt with ransomware attack, downing city employee phones and email, police say (Sacramento Bee) The city of Galt says it was hit by a “ransomware” cyberattack Monday morning, with hackers demanding an unknown ransom amount.

5 things you need to know about the cyberattack on the city of Galt (KCRA) A Sacramento County community is the victim of a cyberattack after hackers got into Galt's computer system, shutting down its network and phone lines.

Cool Ideas hit by big DDoS attack (My Broadband) Cool Ideas is currently experiencing another major DDoS attack which is affecting the connectivity of its customers across South Africa.

'Shocking': Parents and MSP angry at 'humiliating' pupil data breach (The National) PARENTS and their MSP have condemned the exposure of the sensitive personal details of more than 50 pupils to more than 200 others.

Problems continue for Tidelands Health after ‘malware incident’ (WBTW) Some patients who use Tidelands Health services are still experiencing issues following last week’s network virus. Tidelands Health posted an update on social me…

Within two hours someone (or something) tried to make a purchase on stolen credit card data (SC Magazine) Security researcher finds that financial data doesn't get left alone too long on the darkweb. Hackers test out credit card data found on the dark web in a little over two hours, according to a security researcher.

The hacker behind your company's data breach may be sitting right in the next cubicle (CNBC) Companies hacked in the last 18 months say half these incidents were an inside job, according to the 2019 Global Data Exposure Report. Despite this alarming trend, even tech companies are ill-prepared, reveals the Q4 CNBC Technology Executive Council Survey released Tuesday.

Venmo Glitch Opens Window on War Between Banks, Fintech Firms (Wall Street Journal) Fintech companies say they need access to customer account information held by banks and other traditional financial companies. To protect their own turf, banks and brokerage firms have resisted.

Deepfake Bot Submissions to Federal Public Comment Websites Cannot Be Distinguished from Human Submissions (Technology Science) Federal public comment websites currently are unable to detect Deepfake Text once submitted. I created a computer program (a bot) that generated and submitted 1,001 deepfake comments regarding a Medicaid reform waiver to a federal public comment website, stopping submission when these comments comprised more than half of all submitted comments. I then formally withdrew the bot comments.

Hackers Are Breaking Into People's Websites And Injecting Garbage Links To Juice Search Results (BuzzFeed News) Google made the link a valuable commodity, so hackers are compromising sites and then getting paid to inject links.

Putin’s ‘Vulnerable’ Computer: Does The Russian President Really Use Windows XP? (Forbes) Vlad The Updater? Photographs released by Putin's press office suggest that he's still using a Windows XP computer, but military intelligence experts aren't convinced.

Security Patches, Mitigations, and Software Updates

This WhatsApp bug could allow hackers to crash the app and delete group chats forever (ZDNet) Researchers detail security flaw that allowed hackers to crash WhatsApp and permanently delete contents of group chats - and urge users to update the app to protect against attacks.

Google to Restrict App Access to G Suite Accounts (Decipher) Google will limit the ability of LSA to access G Suite accounts starting in June, to protect users from account hijacking attempts. The change is to encourage using apps that rely on OAuth 2.0.

Google removes Avast and AVG extensions from Chrome web store over 'unnecessary' data collection (Computing) Google follows Opera and Firefox in removing Avast and AVG security extensions used by up to 400 million users

Cyber Trends

Kaspersky founder says cyberspace is "not at peace" (ITProPortal) Cyberspace is a mess, and only by joining forces, can we ensure a better future for everyone, Eugene Kaspersky says.

SANS 2019 Threat Hunting Survey: The Differing Needs of New and Experienced Hunters (SANS Institute) The 2019 SANS Threat Hunting Survey gathered current industry data from 575 respondents predominantly from small/medium to medium/large organizations that are working in the field of threat hunting or working alongside threat hunters.

Synack: DevSecOps Being Accelerated by Cultural Shifts (DevOps.com) A recent Synack report shows that some of the world's largest organizations are encountering a significant cultural shift within their development teams.

NetMotion 2020 Predictions (NetMotion Software) With the new year quickly approaching, NetMotion experts outline 2020 predictions within mobility, computing and modern working.

Meet the Mad Scientist Who Wrote the Book on How to Hunt Hackers (Wired) Thirty years ago, Cliff Stoll published The Cuckoo's Egg, a book about his cat-and-mouse game with a KGB-sponsored hacker. Today, the internet is a far darker place—and Stoll has become a cybersecurity icon.

Marketplace

2020 Cybersecurity Survey Salary Results (Cynet) Salary Cybersecurity 2020 the of results the summarizes document following the Survey Salary Cybersecurity conducted on December 2019.

Log us out: Private equity snaffles Lastpass owner LogMeIn (Register) World+dog hunts for new password manager

The Air Force invites the cyber industry to speed date (Fifth Domain) The Air Force wants to hear from small companies about what cyber solutions they might be able to bring to protect data.

Honeywell Buys Rebellion, Boosts Gas Monitoring Portfolio (Nasdaq) In a bid to strengthen its foothold in safety and environmental monitoring solutions, Honeywell International Inc. HON recently announced the buyout of Rebellion Photonics. The terms of the deal were kept under wraps.

Good Cyber Companies Make Money, Says FireGlass Founder (CTECH) Dan Amiga, the co-founder and chief technology officer of cybersecurity startup Fireglass and Yair Cassuto, partner at Pitango Venture Capital spoke Monday at Calcalist’s Cyber 2020 conference

Venafi Adds Three Developers to Machine Identity Protection Development Fund (BusinessWire) Device Authority, The Information Lab & Jamf latest developers to receive fund sponsorship from Venafi's Machine Identity Protection Development Fund

WSJ News Exclusive | Peter Thiel at Center of Facebook’s Internal Divisions on Politics (Wall Street Journal) Facebook’s senior leadership is increasingly divided over how to address criticism of the company’s effect on U.S. politics, with board member and billionaire investor Peter Thiel serving as an influential voice advising CEO Mark Zuckerberg not to bow to public pressure.

IronNet Continues Growth with the Announcement of a Team in Asia/Pacific and Japan (Herald-Mail Media) IronNet Cybersecurity, a leader in collective defense and network traffic analysis, today announced that it has appointed Gaurav Chhiber as Vice President of

Elaine Beitler Joins the ProcessUnity Board of Directors (West) New Appointment Amplifies Vendor Risk Management Momentum

BAE Systems, Inc. Names Tom Arseneault to Become President & CEO (BusinessWire) BAE Systems, Inc. today announced that Tom Arseneault will become president and chief executive officer of BAE Systems, Inc., effective April 1, 2020.

Balbix Appoints Ramki Ramakrishnan as Vice President of Operations to Globalize Distribution and Customer Support (BusinessWire) Balbix appoints Ramki Ramakrishnan as vice president of operations to globalize distribution and customer support.

PeerStream, Inc. Announces Leadership Transition with Appointment of Jason Katz as Chief Executive Officer (West) Alex Harrington, Outgoing CEO, Separates from PeerStream and Steps Down from Board Director Role

Tenable hires former Homeland Security official to push cyber growth (Baltimore Business Journal) Tenable is looking to get a leg up on the competition in a key part of the cybersecurity market.

Defense Industry Executive Boyd Brown Joins TrapX Security as DSO (EnterpriseTalk) TrapX Security, the global leader in cyber deception technology, announced that Defense Industry Executive Boyd Brown has joined as its Deception Strategy Officer

Products, Services, and Solutions

Checkmarx Recognized as AWS Provider of Application Security Testing Solutions for Public Sector (BusinessWire) Checkmarx, a global leader in software security solutions for DevOps, today announced that it has been accepted into the Amazon Web Services (AWS) Pub

IGEL and Ericom Software Expand Partnership to Modernize the Endpoint in Terminal Emulation for Legacy Applications (PR Newswire) IGEL, provider of the next-gen edge OS for cloud workspaces, and Ericom Software, a leader in secure web and application access solutions,...

Remediant’s SecureONE Now Allows Secure Just-In-Time Privileged Access to Offline Systems and Enhanced Protection of Administrative Account Access (West) The company continues to evolve Privileged Access Management with new SecureONE headline features

Netography Introduces OpsChannel a New Collaborative Command Line Interface Technology for Collaboration Software (BusinessWire) Netography introduces Netography® OpsChannel, a Collaborative Command Line Interface and new patent-pending technology.

FileCloud Unveils Complete California Consumer Privacy Act Compliance Support for Organizations (BusinessWire) FileCloud, a cloud-agnostic enterprise file sync and sharing platform, today announced complete California Consumer Privacy Act (CCPA) compliance supp

The Ministry of Education and Culture and the SisuID pilot − Improving International Student Application Process with Digital Identities (Cision) The Ministry of Education and Culture in Finland participated in the SisuID pilot in order to improve the application and immigration processes of international students. With the SisuID, international students can use a strong authentication before they even arrive in Finland.

Google unveils BeyondProd framework for implementing cloud-native security (SiliconANGLE) Following the success of its BeyondCorp framework for network access, Google LLC is pitching another model its adopted for securing its cloud-native information technology architecture.

Newest Release of Thycotic Secret Server Addresses Scalability and Performance Needs of Large Enterprises (PR Newswire) Thycotic, provider of privileged access management (PAM) solutions to more than 10,000 organizations, including 25 of the Fortune 100, today...

Deloitte's Resilient Podcast Introduces Cyber Series (PR Newswire) Since its launch in 2016, Deloitte's "Resilient" podcast series sets out to tell real stories about challenges, triumphs and resilience of...

Cyware Labs Achieves ISO 27001 Certification for Information Security Management Controls (BusinessWire) Cyware Labs today announced that it has achieved International Standards Organization (ISO) 27001 certification upon their first attempt.

OpenText and Lastline Enhance Analysis of Advanced Malware. (PR Newswire) Lastline®, the leader in AI-powered network detection and response, today announced a Technology Alliance Partnership with OpenText™, a global...

Telenet Selects Infradata and BroadForward to Enable Converged Signaling Firewall Solution (PR Newswire) Infradata and BroadForward are proud to announce to have been selected by Telenet to implement a converged signaling firewall solution. The...

Technologies, Techniques, and Standards

Incident Response lessons from recent Maze ransomware attacks (Talos Blog) This year, we have been flooded with reports of targeted ransomware attacks. Whether it's a city, hospital, large- or medium-sized enterprise — they are all being targeted.

Where is Your Threat Perimeter? (Silicon UK) As de-perimeterisation continues apace, CIOs, CTOs and CISOs must all radically alter how they approach their threat perimeter security.

Cybersecurity: Chernobyl and its Cyber Lessons (Security Boulevard) Looking at cybersecurity through the lens of a nuclear disaster can help your organization be more prepared when emergencies arise.

OTRS Group gives six tips for safe on-line purchasing (OTRS Group) As is well known, online shops are booming at Christmastime. Instead of waiting in long queues forever, gifts are quickly bought online with a click of the mouse.

The Evolution of “Next-Generation” Manufacturing and the Need for Network Security (MixMode) The new MixMode & RAVENii whitepaper, “The Evolution of ‘Next-Generation’ Manufacturing and the Need for Network Security,” is a comprehensive look at how third-wave AI is improving modern network security across connected manufacturing networks and beyond.

Battalion helping shape Army tactical capabilities in the information environment (DVIDS) The U.S. Army activated the 915th Cyberspace Warfare Battalion (CWB) in May 2019 to help meet the Army’s current and projected tactical Cyberspace Electromagnetic Activities (CEMA) requirements.

IDF holds surprise cyber defense drill simulating critical systems shutdown (Times of Israel) Wednesday's exercise is the third unannounced inspection of the military's readiness under army chief Aviv Kohavi

Design and Innovation

Exclusive: Facebook adding part-time fact-checkers to root out misinformation (Axios) Facebook will hire the "community reviewers" through a third-party contractor called Appen.

Exclusive: Facebook funding Reuters deepfakes course for newsrooms (Axios) Facebook is spending six figures to fund a course on manipulated media and deepfakes for newsrooms,

Academia

AF Academy cadet wins big at cyber competition (United States Air Force Academy) Cadet Sears Schulz says academic foundation at AF Academy helped him grab top prize

Legislation, Policy, and Regulation

Trump administration puts final touches to rules limiting sensitive tech exports to rivals (Computing) First batch of rules expected to touch involve just a few technologies, such as quantum computing and AI

US introduces further rules to damage Huawei reputation (Telecoms.com) The US Energy and Commerce Committee has almost introduced rules to reinforce the ban on Huawei contributing components, products or services to communications infrastructure.

With or without Huawei? German coalition delays decision on 5G rollout (Reuters) Chancellor Angela Merkel's conservatives and their Social Democrat partners...

Analysis | Can Germany Really Afford to Ban Huawei? (Washington Post) Even without the threat of retaliation, the country’s 5G roll-out depends intimately on the Chinese company’s technology.

Czech cybersecurity chief fired amid Huawei security dispute (South China Morning Post) Sacking of Dusan Navratil adds to European controversies over Chinese technology giant.

Czech security chief's sacking had nothing to do with Huawei (Axios) The Czech cybersecurity agency likely to stay hawkish on China tech

Analysis | The Cybersecurity 202: Congress peels back secrecy to review Trump hacking policy (Washington Post) Lawmakers battled to see the policy for over nine months.

The DHS cyber agency gets massive funding boost (Fifth Domain) Take a look at what Congress wants the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency to do as it looks to consolidate its clout as the federal cybersecurity leader.

Bipartisan Portman-Hassan Legislation to Strengthen Public and Private Sector Cybersecurity Efforts Included in Government Funding Agreement (Office of Senator Rob Portman) Bipartisan legislation introduced by U.S. Senators Rob Portman (R-OH) and Maggie Hassan (D-NH) to bolster cybersecurity in the public and private sector is expected to be signed into law as part of the final bipartisan budget agreement to fund the government for the next fiscal year.

Bill Spells Outs Steps to Help Schools With Cybersecurity (BankInfo Security) Following a series of high-profile ransomware attacks and other cyber incidents over the last year, two U.S. senators have introduced a bill designed to help

DHS Was Finally Getting Serious About Cybersecurity. Then Came Trump. (POLITICO) Secretary Kirstjen Nielsen came in with the potential to be the most effective cyber leader in agency history—only to be sideswiped by the president’s fixation on the Mexican border.

Give DoD a little credit for its cyber certification program | Federal News Network (Federal News Network) The Cybersecurity Maturity Model Certification program is moving fast but in a transparent manner.

Lawmakers skeptical of Army’s plan for tactical servers (C4ISRNET) A final bill from both houses of Congress only cuts $10 million to Army server technologies after an earlier draft cut nearly $46 million.

NYC Mayor’s Aides Communicate in Encrypted Messages (Wall Street Journal) Aides to New York City Mayor Bill de Blasio have exchanged messages via Signal, an encrypted-messaging app. Good-government advocates warn such apps can be used to hide records and communications from the public.

Litigation, Investigation, and Law Enforcement

In Re Accuracy Concerns Regarding FBI Matters Submitted to the FISC (US Foreign Intelligence Surveillance Court) This order responds to reports that personnel of the Federal Bureau of Investigation(FBI) provided false information to the National Security Division (NSD) of the Department of Justice, and withheld material information from NSD which was detrimental to the FBI' s case, in connection with four applications to the Foreign Intelligence Surveillance Court (FISC) for authority to conduct electronic surveillance of a U. S. citizen named Carter W. Page. When FBI personnel mislead NSD in the ways described above, they equally mislead the FISC.

Court Orders F.B.I. to Fix National Security Wiretaps After Damning Report (New York Times) In a rare public order, the secretive Foreign Intelligence Surveillance Court responded to problems with the eavesdropping on a former Trump campaign aide uncovered by an inspector general.

Surveillance court demands answers from FBI for errors, omissions in Trump campaign investigation (Washington Post) The court says the FBI conduct is ‘antithetical’ to how the foreign intelligence surveillance program is supposed to work.

FISA Court Issues Rare Public Order Condemning FBI for Russia Probe Abuses and Demanding Reforms (National Review) The Foreign Intelligence Surveillance Court condemned the FBI for the errors and omissions in its application to surveil Trump-campaign adviser Carter Page.

Judge Rules in Favor of US Effort to Take Snowden Book Money (New York Times) Former National Security Agency contractor Edward Snowden violated secrecy agreements with the U.S. government that allow it to claim proceeds from a memoir he published earlier this year, a judge ruled Tuesday.

Judge grants government proceeds from Edward Snowden’s book (Washington Post) Snowden, who leaked details of government surveillance programs, is charged with espionage but has remained exiled in Russia since 2013.

Google accused of firing another worker in union-busting drive (Engadget) Google's war against its employees continues.

FTC settles with Unroll.me over allegedly duping users over email data collection, sale (ZDNet) The agency claimed that users were falsely told Unroll.me would not “touch” personal information contained in emails.

U.S. SEC charges former Palo Alto Networks IT administrator, others with insider trading (Reuters) U.S. authorities on Tuesday said they have charged a former IT administrator and...

A tweet gave a journalist a seizure. His case brings new meaning to the idea of ‘online assault.’ (Washington Post) The Epilepsy Foundation announced that it filed criminal complaints against a legion of copycats who targeted people with epilepsy and sent them an onslaught of strobe GIFs.

The Story of a Teenage Hacker Who Made More Than Your Annual Salary Every Month (Vice) Maxime took an interest in hacking when he was six. At 16, he'd raked in nearly £1 million via credit card fraud.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

ISSA Central MD Information Security Conference (Columbia, Maryland, USA, February 28, 2020) Information System Security Assocition's Central Maryland Chapter is hosting a day long cybersecurity conference spanning two tracks that'll include topics covering: Leadership in cybersecurity - why it...

2020 Cipher Brief Threat Conference (Sea Island, Georgia, USA, March 22 - 24, 2020) The Cipher Brief Threat Conference brings together the expertise of one of the most trusted and relevant news sources for national security professionals around the globe. Attendees will engage with some...

QuBit Belgrade 2020 (Belgrade, Serbia, October 1, 2020) Practical workshops, excellent speakers, educational session, news & networking. QuBit consists of one day full of educational presentations, keynotes, case studies and interactive panel discussions in...

Upcoming Events

CPX 360 Bangkok (Bangkok, Thailand, January 14 - 16, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable...

Cyber Security for Critical Assets, MENA 2020 (Dubai, United Arab Emirates, January 20 - 21, 2020) The 17th in a global series of Cyber Security for Critical Assets summits, #CS4CA MENA 2020 focuses on safeguarding the critical industries of the Middle East and Northern Africa from cyber threats. CS4CA...

CPX 360 New Orleans (New Orleans, Lousiana, USA, January 27 - 29, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable...

SINET: Global Cybersecurity Innovation Summit (London, England, UK, January 30, 2020) Advancing global collaboration and innovation, SINET convenes a summit of international cybersecurity leaders at the British Museum. The conference will bring together innovators, investors, researchers,...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.