skip navigation

More signal. Less noise.

Don’t slow down development for application security.

We know that application security testing is a bottleneck for software development—but it’s also crucial. You need a solution that can simplify and automate as much of that process as possible without grinding development to a halt. Code Dx automates the most time-consuming steps in AppSec testing, keeping your DevOps pipeline running as smoothly as possible.

Daily briefing.

Spain’s state-owned broadcaster TVE says that a portal they’d inadvertently left open was exploited last week by parties unknown to air an RT-produced interview with self-exiled Catalan separatist leader Carles Puigdemont. Reuters asked, and RT says they didn’t do it.

Fox-IT has been looking at an operation they call "Wocao," a China-based collection effort that’s prospecting energy, technology, and healthcare targets in at least ten countries. They’ve concluded “with medium confidence” that the group behind Wocao is APT20, a Beijing-controlled hacking crew that had been relatively quiet for the last few years.

Blackberry Cylance researchers announced the discovery of Russia-connected Zeppelin ransomware last week. Yesterday Morphisec offered some fresh insight into how Zeppelin is propagated: by leveraging the ConnectWise remote desktop application.

Germany's BSI security agency has issued a warning that criminals misrepresenting themselves as BSI operators are distributing Emotet malware in a spam campaign.

The US Congress is in a stern mood with respect to China and Russia. The Washington Post reports widespread skepticism on Capitol Hill that Beijing can be trusted to live up to the explicit security guarantees (still less the implicit ones) in any trade accords so far negotiated. And Reuters notes that an unusually stiff sanctions bill directed against Russia cleared the Senate Foreign Relations Committee yesterday.

Nathan Wyatt, a British subject accused of being part of the Dark Overlord gang, was extradited to the US and arraigned yesterday in a St. Louis Federal court on hacking-related charges. He entered a plea of not guilty.

Notes.

Today's issue includes events affecting Austria, Canada, China, Estonia, European Union, France, Georgia, India, Netherlands, Russia, Ukraine, United States.

Bring your own context.

Let's pause and review why people in government and industry are as concerned as they are about 5G, especially when Huawei and ZTE come up as 5G equipment vendors.

"5G has a tremendous amount of potential, and it is going to be the enabler for the true expansion of what people call the internet of things. That's where, you know, your refrigerator, your baby camera, your car - everything is wirelessly connected. But that puts an even greater premium on security because if you're in an autonomous or semi-autonomous vehicle and, all of a sudden, the 5G connection is shut off, you get into an auto accident. If you're running your critical infrastructure on 5G and it gets shut off, all of a sudden, that goes dark. So more than ever, given the number of devices that are going to be part of this network, we need to build security by design when we architect the hardware and software. And that's been the subject of a good deal of discussion because right now, Chinese companies like Huawei and ZTE are ahead of most Western companies in terms of their ability to build and install hardware and software for 5G at the scale you would need for it to be really operational. And that raises questions about whether giving Chinese companies that kind of commanding position in the infrastructure of the technology would not only create the opportunity to engage in theft of data, but could also allow the Chinese, in some circumstances, to actually dial back or turn down the effectiveness of the networks."

—Michael Chertoff, former U.S. secretary of Homeland Security and current head of the Chertoff Group, on the CyberWire Daily Podcast, 12.17.19.

Pervasive connectivity among devices that run without a great deal of human intervention, and a vastly expanded attack surface.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

In today's Daily Podcast, up later this afternoon, we speak with our partners at Webroot, as David Dufour reviews their 2019 mid-year threat report. Our guest is James Ritchey from GitLab, with lessons learned on the one-year anniversary of their bug bounty program.

Hacking Humans is up. In this week's episode, "Managing access and insider threats," we hear that Joe's wife has been getting suspicious shipping notices. Dave describes a phone scam where crooks intercept phone calls. The catch of the day turns the tables on a would-be scammer. Carole Theriault speaks with Peter Draper from Gurucul about their 2020 Insider Threat Report.

And in case you missed it, Caveat is up, too. On this week’s show, "The cyber resiliency of White House operations," Ben unpacks a recent Capitol Hill hearing on the crypto wars, Dave describes a ruling that addresses biometrics and self incrimination. Our guest is Christopher Whyte, an assistant professor of homeland security and emergency preparedness at Virginia Commonwealth University. We’ll be discussing the notion that cyber security in the White House is in disarray.

Information Security Institute Virtual Information Session (Online, January 23, 2020) Our graduate students in the Johns Hopkins University Information Security Institute work alongside our faculty who are world-renowned for their research in cryptography, privacy, medical information security, and network and system security. To learn more, register for the January 23rd one-hour session to get an overview of the Information Security Institute. Panelists will provide a program overview, areas of research, admissions requirements, and discuss life in Baltimore.

6th Annual Cyber Security Conference for Executives (Baltimore, Maryland, United States, March 25, 2020) The 6th Annual Cyber Security Conference for Executives, hosted this year by The Johns Hopkins University Information Security Institute and Ankura, will be held on Wednesday, March 25th, in Baltimore, Maryland. Learn about the do’s and don’ts of risk management with industry leaders and other cyber professionals. Check out the details at http://isi.jhu.edu and click on 6th Annual Cybersecurity Conference for Executives.

Cyber Attacks, Threats, and Vulnerabilities

Spanish TVE says unidentified group aired Russia Today show on its website (Reuters) Spanish state-owned broadcaster TVE said on Wednesday that unidentified people s...

Chinese Hacking Group, Quiet for Years, Resumes Global Attacks (Financial Post) A Chinese government-linked hacking group that was thought to be dormant has been quietly targeting companies and government agencies for the last two years, harvesting data aft…

Attackers Posing as German Authorities Distribute Emotet Malware (BleepingComputer) An active malspam campaign is distributing Emotet banking Trojan payloads via emails camouflaged to look like messages delivered by several German federal authorities warns the BSI, Germany's federal cybersecurity agency.

ConnectWise Control Abused Again to Deliver Zeppelin Ransomware (Morphisec) Threat actors have used Connect Wise Control to deliver the Zeppelin ransomware -- the latest VegaLocker variant.

MyKings: The slow but steady growth of a relentless botnet (Sophos) The botnet known as MyKings wields a wide range of automated methods to break into servers – all just to install cryptocurrency miners

Untangling Legion Loader’s Hornet Nest of Malware (Deep Instinct) Deep Instinct discovered a version of Legion loader which was remarkable in terms of the sheer volume and variability of malware and droppers it delivers

Malware Spotlight: What is BabaYaga? (Infosec Resources) Introduction In traditional Slavic cultures, Baba Yaga is an entity that haunts the dreams of children and a common threat that parents use when their

LifeLabs data breach: Hackers could still hold health records of 15M Canadians (The Conversation) Government privacy commissioners are investigating a data breach at one of Canada's largest medical services companies, after hackers gained access to the personal information of 15 million customers.

LifeLabs hack raises questions about health data security (Toronto Sun) Ontario’s health ministry is looking at beefing-up its cyber attack awareness and end-user education in the wake of Tuesday’s LifeLabs data theft.Despite having strong emergency managem…

Cybersecurity threat analyst says LifeLabs made "absolutely terrible decision" by paying ransom (The Georgia Straight) "LifeLabs is working on nothing more than a pinky promise that the data won't be used," says Brett Callow.

Extortion attacks are ‘worst-case scenario:’ expert (Toronto Sun) Cyber attacks like the one inflicted upon LifeLabs are among the most concerning, says a Vancouver-based cybersecurity expert.“Attacks like these are the worst-case scenario for any security …

Ransomware Gangs Outing Victims – and That Makes It a Data Breach (Ride The Lightning) For a long time, it was safe to say that ransomware attacks were only rarely data breaches – mostly they were cyber incidents. That generally meant that you didn't need to report them under state data breach laws or in...

A Troubling (and Costly) Trend for Private Equity (Radware Blog) In the face of rising ransomware attacks, private equity companies need expertise and a clear set of cybersecurity best practices.

Don’t fall for this porn scam – even if your password’s in the subject! (Naked Security) This “I am well aware” email is just another sextortion scam where crooks try to blackmail you with a video they don’t actually have.

I created my own deepfake—it took two weeks and cost $552 (Ars Technica) I learned a lot from creating my own deepfake video.

Nearly Two-Thirds Of Holiday E-Commerce Traffic Was Bad Bots (Radware Blog) All large e-commerce platforms have sophisticated bot activity on their website, mobile apps, and APIs that can expose them to attacks.

Cloud flaws expose millions of child-tracking smartwatches (TechCrunch) Exclusive: Researchers say a common cloud platform used by internet-connected devices are exposing the locations of child tracker watches.

Cyber attack shuts down 12-year-old Dublin business (Columbus Business Journal) A massive cyber attack so damaged the servers running a company that it had to close its doors and seek new homes for hundreds of products and businesses. "It’s devastating," the company's CEO said.

Opinion | Twelve Million Phones, One Dataset, Zero Privacy (New York Times) What we learned from the spy in your pocket.

Security Patches, Mitigations, and Software Updates

Microsoft releases an out-of-band security update to address information-disclosure vulnerability in SharePoint Server (Computing) To exploit the SharePoint flaw, an attacker would need to send a specially crafted request to a vulnerable SharePoint Server instance

Cyber Trends

Analysis | The Cybersecurity 202: 2019’s top cybersecurity story is still what Russia did in 2016 (Washington Post) The year also underscored a cyber arms race with China the U.S. risks losing.

BioCatch Warns About Threat of Deepfakes with 2020 Security Predictions (FindBiometrics) BioCatch Chief Cyber Officer Uri Rivner is looking to the future with a new blog post that offers a slew of cybersecurity predictions for 2020

Integris Software 2020 Financial Services Data Privacy Maturity Study (Integris Software) Integris Software recently surveyed an exclusive community of 258 top business executives and IT decision-makers across financial services, retail, government, and healthcare organizations to compile a series of reports to determine privacy practices, challenges, data complexities, and preparedness to comply with privacy regulations. 

Illumio Report Reveals Few Companies Protect Against Breaches with Segmentation (West) Findings also suggested firewalls are misused for segmentation

MS Office Represents 73% Of The Most Commonly Exploited Applications Worldwide (PreciseSecurity.com) According to the recent research, the most commonly exploited applications worldwide as of the third quarter of this year were related to MS Office.

Holiday Threat Report (DEVCON | Cybersecurity for the Web) The DEVCON 2019 Holiday Threat Report details ad threat activity during the critical online shopping period between Thanksgiving and Cyber Monday, and describes how attacks are evolving into broader, more sophisticated risks for companies and their customers.

2020 Cybersecurity Forecasts: 5 trends and predictions for the new year (Digital Shadows) In this blog, we discuss several significant trends and events that have helped shape the cyber threat landscape, all of which will almost certainly continue through 2020.

2019 State of the API (Postman) Postman's 2019 “State of the API” report is based on an exclusive survey of more than 10,000 API developers, users, testers, and executives.

IBM X-Force Security Predictions for 2020 (Security Intelligence) Experts from IBM X-Force reflect on the past year and also share security predictions for 2020, including evolutions in ransomware, AI adoption and targets for cybercriminals.

Automated hacking, deepfakes are going to be major cybersecurity threats in 2020 (CNBC) Wider adoption of 5G would also allow cybercriminals to transfer large volumes of data from one server to another online at faster speeds.

Dashlane Lists 2019's Most Egregious Password Blunders (Mobile ID World) Dashlane is once again calling attention to bad password practices with the release of its fourth annual “Worst Password Offenders” list

Study: 3 in 4 Users Required a Reset of a Forgotten Password in the Last 90 Days (Security Intelligence) A new study found that most users required a password reset in the last 90 days due to a forgotten password.

Survey Shows Decreasing Concern Of Data Theft Amidst Increasing Data Breach Environment (PR Newswire) Generali Global Assistance, a developer of a proprietary and innovative identity and digital protection platform, has announced the findings of...

Proofpoint’s 2020 Predictions: Downloaders and botnets abound while supply chains and account compromises will drive phishing (Proofpoint US) The supply chain will be key to cybersecurity in 2020 while defenders should work to harden cloud infrastructure and email defenses.

Marketplace

WSJ News Exclusive | Broadcom Looks to Sell Unit That Could Fetch $10 Billion (Wall Street Journal) Broadcom is looking to sell one of its wireless-chip units, a move that would accelerate the company’s shift away from its roots as a semiconductor maker.

Huawei boss Liang Hua: 'Our top priority is to ensure survival' (Taiwan News) In an exclusive interview with DW's editor-in-chief, Ines Pohl, Huawei Chairman Liang Hua spoke about how the tech giant is grappling with its current challenges. US President Trump says Huawei is "very dangerous."

Analysis | How Huawei Landed at the Center of Global Tech Tussle (Washington Post) This was supposed to be the year that Huawei Technologies Co., China’s biggest tech firm, rose to global prominence as the leader in 5G, the much ballyhooed, next-generation wireless technology. Instead, it’s landed in the crossfire of a brutal trade war between the U.S. and China, with the Trump administration pushing allies to ban Huawei equipment from their telecom networks over security concerns. The dispute is threatening to divide German Chancellor Angela Merkel’s ruling coalition, after C

BAE Systems wins prime position on DIA SIA 3 contract (Army Technology) BAE Systems has secured a prime contractor position on a Defense Intelligence Agency (DIA) contract to help deliver worldwide military intelligence.

Global Cyber Alliance Launches Craig Newmark Trustworthy Internet and Democracy and Craig Newmark Scholars Programs (PR Newswire) The Global Cyber Alliance (GCA) announces the launch of the Craig Newmark Trustworthy Internet and Democracy Program. In preparation for the...

Rich Armour, Former General Motors CISO, Joins Nozomi Networks (MarketWatch) Nozomi Networks Inc., the leader in OT and IoT security today announced that Rich Armour has...

Products, Services, and Solutions

The Hartford Enhances Cyber Service Offerings With The Addition Of Two New Partnerships (The Hartford) Customers now have access to protection from dark web exposures and malicious cyber attacks

Exabeam Signs Multi-Year Agreement to Run SaaS Cloud Offering on Google Cloud (Exabeam) Exabeam, the Smarter SIEM™ company, has announced a multi-year agreement to[...]

Portshift Syncs Kubernetes Policies to Container Vulnerabilities in CI (PRWeb) Portshift, a leader in identity-based workload protection for cloud-native applications, today announced a new capability that delivers runtime policies

6.2 Billion GlobalPlatform-Compliant Secure Elements Deployed in 2018 (GlobalPlatform) The standard for secure digital services and devices

Keysight and Nozomi Networks deliver real-time visibility to secure ICS, IIoT and IT networks (Help Net Security) Keysight collaborates with Nozomi Networks to deliver a joint solution that enables utilities, oil and gas facilities to defend against cyberattacks.

Tide partner with CryptoHopper to enable keyless algo-trading on crypto-exchanges (Tide Foundation) Collaboration enables unprecedented advanced cryptocurrency trading capabilities without compromising security.

Nozomi Networks Delivers OT and IoT Cybersecurity to Cisco ISE (West) Latest Cisco-certified integration extends network access controls to OT and IoT networks – adds to a growing arsenal of Cisco with Nozomi Networks technology integrations

Technologies, Techniques, and Standards

Preparing for Cyberattacks and Technical Failures: A Guide for Election Officials (Brennan Center for Justice) How to prevent and recover from Election Day cyberattacks and technical failures.

Ransomware can hold cities hostage. Will cyber insurance help? (The Christian Science Monitor) Cyber insurance offers municipalities peace of mind in the event of a cyberattack. But does it embolden hackers?

Ground-up cybersecurity (Control Global) Just as users must be sure their contractors and clients are protected—and not just themselves—they must also extend cybersecurity beyond—and below—their usual networks, especially to sensors, instruments and other plant-floor devices.

Apple, Google and Amazon are cooperating to make your home gadgets talk to each other (CNBC) The Project Connected Home over IP group will create standards that work across all major smart home platforms.

Anyone Can Check for Magecart with Just the Browser (Trustwave) In the past, there have been plenty of articles and blog posts recommending the use of Content Security Policy (CSP) and Sub Resource Integrity (SRI) to prevent the insidious skimming malware from taking hold of a website. However, what can a small business owner do if resources are limited and implementing these countermeasures is just not feasible?

Moving beyond security 'blocking and tackling' (Healthcare IT News) Darren Lacey, CISO at Johns Hopkins University and Johns Hopkins Medicine, says vulnerability management looks at a more balanced security world that protects not only data, but also transactions and systems integrity.

Saying no to vendors' forced march to the cloud (Computing) You need to weigh up several criteria before you jump wholesale to the big vendors' SaaS propositions

Design and Innovation

Data storage military aerospace applications (Military & Aerospace Electronics) It’s not just about shielding data drives from shock and vibration; designers also are looking for the latest in speed and capacity, and want encryption to protect data at rest, and security to foil tampering.

Who’ll Fix EW? Task Force Gropes For Answers (Breaking Defense) Russian and Chinese jammers could cripple US radio, radar, and GPS. The Pentagon's still wrestling with who should fix that, let alone how.

Academia

EC-Council co-hosts the Hackathon Event at the Cardiff Met 2019 in Wales (EC-Council Official Blog) EC-Council and Cardiff School of Technologies unite to host Hackathon on December 11, 2019, at Cardiff School.

Legislation, Policy, and Regulation

Russia Is Waging Asymmetric Warfare Against the US — And We’re Letting Them Win (Defense One) We must do more to harden against these attacks on our economy, institutions, and the public.

The Drums of Cyberwar (terrorism Watch) In mid-October, a cybersecurity researcher in the Netherlands demonstrated, online, as a warning, *  the easy availability of the Internet...

How India Dealt With Cyberattacks In 2019 (Analytics India Magazine) Cyberattacks are rife in India, only the US and China are placed higher on this list. Bangalore, Mumbai, Delhi are among states which receives the highest traff

Facebook fails to convince lawmakers it needs to track your location at all times (CNBC) Facebook told two senators why it tracks users' locations even when their tracking services are turned off.

Opinion | Congress on China: Don’t trust, and verify (Washington Post) Trump says he's neutralizing the Chinese challenge. Congress doesn't buy it.

Poland may vary security demands for different parts of 5G: minister (Reuters) Poland might impose stricter security demands for core elements of its future 5G...

French telco boss says Huawei fears are 'complete nonsense' (iTnews) As concerns threaten 5G rollout.

House Okays $1 Billion Huawei/ZTE ‘Rip and Replace’ for Comms Providers (MeriTalk) The House voted Dec. 16 to approve legislation that would provide $1 billion to smaller-sized private sector communications service providers to remove from their networks equipment purchased from China-based equipment makers Huawei and ZTE, and replace that gear with equipment that does not pose a threat to U.S. national security.

Here are the civilian cyber highlights in the must-pass spending bills (Fifth Domain) Congress plans to shell out billions for cyber-related projects across the government.

Senate panel advances Russia sanctions bill 'from hell' (Reuters) The U.S. Senate Foreign Relations Committee approved legislation on Wednesday th...

Senate advances bill to punish Russia for election interference (WCBI TV) On the same day that the House is expected to impeach President Trump for soliciting a foreign country’s help in the 2020 election, the Senate advanced a bill to punish Russia for meddling in America’s 2016 election. The Defending American Security from Kremlin Aggression Act (DASKA) passed the Senate Foreign Relations Committee on …

Senate Passes Portman, Peters Bipartisan Bill to Save Taxpayer Dollars on Federal Vehicles (Office of Senator Rob Portman) U.S. Senators Rob Portman (R-OH) and Gary Peters (D-MI) applauded the Senate passage of their bipartisan bill to help save taxpayer dollars by updating policies to help federal agencies adopt electric vehicles, which are more fuel efficient than traditional gas-powered vehicles.

Senators' K-12 Cybersecurity Act would mandate national study of school practices (Education Dive) If passed, the legislation would require the Department of Homeland Security to conduct a review of K-12 cybersecurity programs and develop guidelines and resources to strengthen them.

Does the Defense Department’s New Approach to Industrial Base Cybersecurity Create More Problems Than It Solves? (CSIS) Malicious cyber actors increasingly target the defense industrial base for both economic and security gains. For example, in 2018, the Chinese government hacked a U.S. defense contractor and stole 614 gigabytes of sensitive material from the Navy’s Sea Dragon program.

CISA’s ICT Supply Chain Risk Management Task Force Approves New Working Group for Second Phase (CISA) The Cybersecurity and Infrastructure Security Agency’s (CISA) Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force met today to discuss the next phase of its work.

Hacking back: The dangers of offensive cyber security (Open Access Government) Morey Haber, Chief Technology Officer, Chief Information Security Officer, BeyondTrust highlights the dangers of hacking back against cyber criminals

Trump nominates DHS senior cyber director (TheHill) President Trump on Wednesday formally submitted the nomination for a new assistant director of cybersecurity at the Department of Homeland Security (DHS), one of the top-ranking cyber officials at the agency.

CNO Gilday Wants Every New Sailor Tested For Cyber Skills Aptitude (USNI News) The Navy needs cyber experts and CNO Adm. Mike Gilday wants the service to test every incoming sailor to ensure no potential digital realm talent is missed.

Litigation, Investigation, and Law Enforcement

Warrant not always needed for 'inadvertent' NSA surveillance of Americans: U.S. court (The Mighty 790 KFGO) The U.S. government may collect information about U.S. citizens without obtaining a warrant if the information is gathered inadvertently while legally carrying out surveillance of non-nationals abroad, a U.S. appeals court ruled on Wednesday.

In a first, appeals court raises privacy questions over government searches for Americans’ emails (Washington Post) The warrantless surveillance program is lawful, court says in case involving man convicted of supporting terrorist group.

Security researchers seek clarity on legal protections in CISA bug bounty draft (FCW) Some notable names in the security research community have already weighed in on a draft order directing federal agencies to set up their own vulnerability disclosure programs.

European Court of Justice opinion backs Facebook in privacy case brought by Max Schrems (Computing) ECJ advocate general Henrik Saugmandsgaard Øe backs standard contract clauses, but warns that they require ongoing scrutiny

A Surveillance Net Blankets China’s Cities, Giving Police Vast Powers (New York Times) The authorities can scan your phones, track your face and find out when you leave your home. One of the world’s biggest spying networks is aimed at regular people, and nobody can stop it.

Inspector general: FBI should have reassessed whether to continue investigating former Trump campaign adviser Carter Page (Washington Post) Michael Horowitz testified before the Senate Homeland Security Committee about his assessment of the FBI’s 2016 investigation into the Trump campaign.

Accused 'Dark Overlord' hacker extradited from Britain, appears in U.S. court (Reuters) A British man who prosecutors say was a member of the hacking collective known a...

Siemens Contract Employee Gets Jail Time for Intentionally Damaging Computers (U.S. Attorney’s Office for the Western District of Pennsylvania) A contract employee for Siemens Corporation at the Monroeville, PA location has been sentenced in federal court to a six-month term of imprisonment to be followed by a two-year term of supervised release, and a fine of $7,500 on his conviction of intentional damage to a protected computer, United States Attorney Scott W. Brady announced today.

Siemens Contractor Jailed for Sabotage With Logic Bombs (BleepingComputer) Former Siemens contract employee David Tinley was sentenced to six months in prison for sabotaging his employer over a span of roughly two years using logic bombs planted in company spreadsheets.

Huawei’s Battle Against FCC’s Subsidy Ban Faces Long Odds (Bloomberg Law) Huawei Technologies Co.'s Fifth Circuit challenge to a Federal Communications Commission ban against carriers using federal subsidies to buy its equipment is unlikely to succeed, attorneys and academics watching the case say.

BlackBerry tells UK High Court that security outfit SentinelOne is its direct rival (Register) Non-compete legal brouhaha reveals how once-mighty handset biz now sees itself

Employees of Cyber Deception Company Cymmetria File for Liquidation (CTECH) In September, Cymmetria was acquired by private equity firm Stage Fund; months later, Stage Fund shut down the operation

Companies Can Ban Use of Work Email in Union Organizing (1) (Bloomberg Law) Businesses can ban workers from using company email for union and other organizing purposes, the National Labor Relations Board decided in a Dec. 17 decision.

NSA contractor sentenced to 5 years probation for lying about $250,000 in hours worked (Baltimore Sun) Leasure turned in timesheets claiming to work 1,533 hours more than he actually worked. Leasure included 33 days where he worked 6.9 hours on average — earning $250,000 — when he never worked at all on those days, charging documents state.

Alleged bank vault robber posed with cash on Instagram, Facebook (Naked Security) He allegedly stole over $88,000 from Wells Fargo’s vault, then posed with cash and “his” Mercedes-Benz in posts and an Instagram rap.

U.S. State Department worker in Seoul accused of using embassy computer to sell counterfeit Vera Bradley bags with Oregon accomplice (Oregon Live) Gene Leroy Thompson Jr., 53, and his wife Guojiao “Becky” Zhang, 39, were arrested Thursday, accused of working with an alleged accomplice who stored and shipped the goods from a home in Nyssa, Oregon, according to an indictment.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Meeting To Discuss Insider Threat Detection On Computer Systems & Networks (Laurel, Maryland, USA, February 11, 2020) The National Insider Threat Special Interest Group will hold a meeting to discuss the findings of a workshop that was held in 2019. The workshop was done in partnership with the University of Maryland’s...

ISSA Central MD Information Security Conference (Columbia, Maryland, USA, February 28, 2020) Information System Security Assocition's Central Maryland Chapter is hosting a day long cybersecurity conference spanning two tracks that'll include topics covering: Leadership in cybersecurity - why it...

2020 Cipher Brief Threat Conference (Sea Island, Georgia, USA, March 22 - 24, 2020) The Cipher Brief Threat Conference brings together the expertise of one of the most trusted and relevant news sources for national security professionals around the globe. Attendees will engage with some...

Upcoming Events

CPX 360 Bangkok (Bangkok, Thailand, January 14 - 16, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable...

Cyber Security for Critical Assets, MENA 2020 (Dubai, United Arab Emirates, January 20 - 21, 2020) The 17th in a global series of Cyber Security for Critical Assets summits, #CS4CA MENA 2020 focuses on safeguarding the critical industries of the Middle East and Northern Africa from cyber threats. CS4CA...

CPX 360 New Orleans (New Orleans, Lousiana, USA, January 27 - 29, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable...

SINET: Global Cybersecurity Innovation Summit (London, England, UK, January 30, 2020) Advancing global collaboration and innovation, SINET convenes a summit of international cybersecurity leaders at the British Museum. The conference will bring together innovators, investors, researchers,...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.