skip navigation

More signal. Less noise.

Building in security? Easier said than done? (Not any more.)

Everyone says that we need to build security in, but when it comes to app development, security seems always to be at war with speed. Besides, app developers are always more concerned with function. You want them to care about functionality, so help them with security. It’s critical, and Code Dx can help you help them. Code Dx automates the tough parts of AppSec so your developers can use their mad skilz where they really pay off. Help them help you.

Daily briefing.

Out for the holidays

We'll be observing the Christmas and New Year holiday season next week, and so the CyberWire will take a break from publication. The Daily News Briefing won't publish next week, but we'll be back to our normal schedule on January 2nd. See you in 2020, and all our best wishes to you for Christmas, Chanukah, and New Year's Day. And, as always, thanks for reading.

The Guardian reports that Pegasus spyware, the intercept tool produced and sold by NSO Group, has been found in the phones of several senior officials in Pakistan’s defense and intelligence services. The infestation apparently took advantage of the same weaknesses in WhatsApp that enabled Pegasus to be installed in devices belonging to journalists and activists in India. The Indian cases appear to have been, potentially, instances of domestic surveillance, and their discovery prompted a public scandal and parliamentary inquiries in India. The Pakistani case seems, the Guardian says, to represent “state-on-state” espionage.

Deep Instinct's dissection of Legion Loader displays an impressive mix of bad things. ZDNet calls Legion Loader a "grab bag," including as it does "information-stealing trojans, a remote backdoor, a cryptojacker and a cryptocurrency stealer."

Britain's Financial Conduct Authority is investigating a possible case of eavesdropping on Bank of England press conferences. High-speed traders are thought to have hacked access to the press conferences slightly before they became publicly available, and this would have given them material information a few seconds early, which can be, as Law360 points out, a considerable advantage in trading.

The city of Frankfurt, a German and European financial hub, shut down its municipal networks after they were infected with Emotet, ZDNet reports. The city is in the process of recovery.

Bogus greetings purporting to be from climate activist Greta Thunberg, Proofpoint warns, are serving Emotet. ZDNet reports that Taylor Swift images deliver cryptojackers. PCMag says phony Rise of Skywalker files are carrying malware.


Today's issue includes events affecting China, Denmark, France, India, Italy, Pakistan, Russia, Switzerland, United States.

Bring your own context.

The "1-10-60 rule," what's up with that?

"This 1-10-60 rule really is defined, as we see it, as the ability to detect in a minute, investigate in 10 minutes or less and be able to remediate the attack in less than an hour. And why is this important? This is important because another metric that we measure, breakout time, is the amount of time it takes an attacker from their initial entry point into a customer's network or environment until the time that they're able to move to a target or move laterally in a customer's environment. And what we see in the metrics that we track is that well-funded, advanced nation-state and e-crime threat actors typically move quickly. On average, it's about an hour and 58 minutes, which is a really tight window for organizations to be able to detect, triage and remediate that issue from becoming a bigger issue. And that's the importance of 1-10-60. We've reported in our global threat report last year some of the metrics around advanced nation-state adversaries, like Russian nation-state actors, or Bears as we refer to them, can move in some cases in less than 20 minutes - 18 minutes and 49 seconds to be factual. Nation-states that we call Chollimas, they're the next fastest threat actor group that we're tracking. Their movements typically, from breakout time, is around two hours, 20 minutes and 13 seconds. So the ability to be able to detect, triage and understand what's going on with a threat that's in your environment and to be able to remediate it before the threat actor has the opportunity to move to parts of the environment, hide or deploy additional tools that provide access or exfiltration capabilities is really important for customers to understand and try to strive to meet that metric."

—Thomas Etheridge, VP of services at CrowdStrike, on the CyberWire Daily Podcast, 12.18.19.

We're just spitballing here, but to safe-side it, divide by two.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

In today's Daily Podcast, out later this afternoon, we talk with AllegisCyber Capital's Bob Ackerman about preventive cyber solutions.

And our regular Daily Podcast, as well as our weekly Caveat and Hacking Humans podcasts, will take a holiday break next week, returning as usual on January 2nd. Feel free to catch up on back episodes, or, for something new, give a listen to the special editions we'll be posting next week.

Information Security Institute Virtual Information Session (Online, January 23, 2020) Our graduate students in the Johns Hopkins University Information Security Institute work alongside our faculty who are world-renowned for their research in cryptography, privacy, medical information security, and network and system security. To learn more, register for the January 23rd one-hour session to get an overview of the Information Security Institute. Panelists will provide a program overview, areas of research, admissions requirements, and discuss life in Baltimore.

6th Annual Cyber Security Conference for Executives (Baltimore, Maryland, United States, March 25, 2020) The 6th Annual Cyber Security Conference for Executives, hosted this year by The Johns Hopkins University Information Security Institute and Ankura, will be held on Wednesday, March 25th, in Baltimore, Maryland. Learn about the do’s and don’ts of risk management with industry leaders and other cyber professionals. Check out the details at and click on 6th Annual Cybersecurity Conference for Executives.

Cyber Attacks, Threats, and Vulnerabilities

Israeli spyware allegedly used to target Pakistani officials' phones (the Guardian) WhatsApp hackers may have used NSO Group technology for ‘state-on-state’ espionage

Stalking Stalkerware: A Deep Dive Into FlexiSPY (Juniper Networks)   In October, the FTC announced it had reached a settlement effectively shutting down Retina-X Studios, maker of MobileSpy, PhoneSheriff and TeenShield. According to the FTC:   “Retina-X did not make sure purchasers were using the apps for legitimate purposes. In fact, to install the apps, purchaser...

Multiple-malware dropper ‘Legion Loader’ dissected (SC Media) The insidious nature of difficult-to-detect, multiple strains of malware working in tandem to unleash complete obliteration is on full display with the dropper Legion Loader.

This ‘grab-bag’ hacking attack drops six different types of malware in one go (ZDNet) 'Hornet's Nest' campaign delivers a variety of malware that could create a nightmare for organisations that fall victim to attacks, warn researchers.

FCA Probes Claims BoE News Conferences Were Hacked (Law360) The Financial Conduct Authority said Thursday it is investigating claims that high-speed traders eavesdropped on market-sensitive press conferences by Bank of England officials slightly ahead of their official video broadcast.

Frankfurt shuts down IT network following Emotet infection (ZDNet) Frankfurt city officials take down IT network to prevent Emotet to be used as a staging point to launch a ransomware attack.

Emotet Wishes You a Merry Christmas from Greta Thunberg (Proofpoint US) Recently, the Proofpoint Threat Insight team, among other researchers, observed a global malicious email campaign that leveraged a number of topical lures in a single message that attempts to deliver the well-known malware Emotet.

Malicious New Windows Malware Attack: Fake Greta Thunberg Emails Used To Lure Victims (Forbes) Windows users are warned of a new email campaign that may put you at serious risk.

Don't open that Christmas party email - it could be swarming with malware (TechRadar) Emotet botnet malware hidden within fake Christmas party invites

Scammers are using Play Store apps to serve ads that nobody can escape (CyberScoop) A sneaky network of more than 100 Android applications is allowing fraudsters to make money by pushing pervasive advertisements to users’ devices, according to new cybersecurity findings.

China-Based Cyber Espionage Group Targeting Orgs in 10 Countries (Dark Reading) Dozens of organizations across multiple sectors have become victims of APT20 in the past two years.

170m passwords stolen in Zynga hack, monitor says (the Guardian) Words With Friends company admitted hack in September but size only now revealed

Ambitious scam wants far more than just PayPal logins (WeLiveSecurity) ESET researchers spot fraudulent websites that impersonate PayPal and trick users into handing over far more than ‘only’ their logins to the payment service.

Dark-web peddlers sell popular RAT for US$20 (SC Magazine) Researchers at Proofpoint have found a widely-used remote access trojan being sold for below US$20 on underground forums

Cryptocurrency-mining botnet uses a Taylor Swift image to hide malware payloads (ZDNet) MyKingz (Smominru) botnet hides the malware it deploys on infected hosts inside a JPEG of Taylor Swift.

MyKings botnet conceals code in Taylor Swift image (SC Magazine) A cryptomining botnet is using code hidden in a Taylor Swift photo to infect computers around the world.

Phishers prey on fans of 'Star Wars: The Rise of Skywalker' film (TechRepublic) Some users have already been affected by 65 malicious files disguised as copies of the latest Star Wars film, according to Kaspersky. Here's how to avoid being a victim of such phishing attempts.

Here Come the 'Star Wars' Scams: Don't Fall for Them (PCMAG) Cybercriminals are using 'Star Wars: The Rise of Skywalker' as bait by creating fake websites that claim to offer free access to the film. But in reality, the websites try to trick you into handing over your credit card information.

Fake 'Star Wars: The Rise Of Skywalker' streams are stealing fans' credit card info (CNBC) If you Google "Star Wars: The Rise of Skywalker watch free," you may have compromised your credit card information, according to a press release from global cybersecurity firm Kaspersky.

Wawa announces massive data breach, 'potentially all' locations affected, CEO says (6abc Philadelphia) The CEO of Wawa says they are investigating a data breach that has potentially affected all of their locations.

More Ring account passwords found on the dark web (TechCrunch) More than 1,500 Ring account passwords exposed, but Ring denies a breach.

Online database exposes info on 267 million Facebook IDs (SC Magazine) A database holding more than 267 million user IDs, phone numbers and names of Facebook users was left exposed on the internet without requiring any form of authentication to access

Unsecure database exposes details of 26,000 Honda Motors customers (SC Magazine) Unsecure Elasticsearch cluster owned by the Honda Motor Company left 976 million records of about 26,000 customers open online

Exploit Kit Starts Pushing Malware Via Fake Adult Sites (BleepingComputer) Spelevo exploit kit's operators have recently added a new infection vector as part of their attacks, attempting to social engineer potential targets into downloading and executing addition malware payloads from decoy adult sites.

Get in line! 38,000 students and staff forced to queue for new passwords (Naked Security) It’s not a bread line, and it’s not a line to see Santa – it’s an analog response to a nasty cyber attack.

AVEVA Vijeo Citect and Citect SCADA (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit --------- Begin Update A Part 1 of 5 --------- Vendor: AVEVA and Schneider Electric Equipment: AVEVA’s Vijeo Citect and Citect SCADA; Schneider Electric’s Power SCADA Operation --------- End Update A Part 1 of 5 ---------

WECON PLC Editor (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: WECON Equipment: PLC Editor Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation could allow an attacker to execute code under the privileges of the application.

Moxa EDS Ethernet Switches (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Moxa Equipment: EDS-G508E, EDS-G512E, and EDS-G516E Series Ethernet Switches Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the target device to go out of service.

Philips Veradius Unity, Pulsera, and Endura Dual WAN Routers (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.3 Vendor: Philips Equipment: Veradius Unity, Pulsera, and Endura Dual WAN Router Vulnerability: Inadequate Encryption Strength 2. RISK EVALUATION Successful exploitation of this vulnerability could compromise the management interface of the front end router impacting the availability of data transfer via wireless communication.

Reliable Controls MACH-ProWebCom/Sys (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely Vendor: Reliable Controls Equipment: MACH-ProWebCom/Sys Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute commands on behalf of the affected user.

Omron CX-Supervisor (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Omron Equipment: CX-Supervisor Vulnerability: Use of Obsolete Function 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-19-318-04 Omron CX-Supervisor that was published November 14, 2019, on the ICS webpage on

Equinox Control Expert (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Equinox Equipment: Control Expert Vulnerability: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') 2. RISK EVALUATION Successful exploitation of this vulnerability may allow remote code execution.

LifeLabs cyberattack one of 'several wake-up calls' for e-health security and privacy (CBC) The data breach of the Canadian laboratory testing company LifeLabs is one of "several wake-up calls" for security and privacy challenges that come with the push for a medical system in which eHealth plays a significant role.

Macy’s breach is a game-changing Magecart attack (CSO Online) The attackers customized the Magecart code to the Macy's website to steal credit card information in the wallet and new registrations.

New Orleans' Mission: Clean 4,000 Computers in 48 Hours (BankInfo Security) New Orleans is setting an aggressive pace to restore services after a ransomware attack crippled the city’s IT systems: fixing more than 450 servers and 3,500

New Orleans Struggles To Fix Computer Systems After Cyber Attack (NPR) The city of New Orleans is struggling to fix computer systems after a widespread cyber attack. Police officers have needed to use personal computers and residents can't conduct routine city business.

City Council to make adjustments to final meeting of 2019 following cyber attack (Fox 8 Live) Thursday is set to be the last New Orleans City Council meeting of the year but it may come with complications after a recent cyber attack.

Henry County Pays US$650,000 to Get Back on Feet (CISO MAG) To restore parity from a malware attack and a corresponding data breach, Henry County ended-up paying more than US$650,000.

Two attacks on Maze ransomware list confirmed (SearchSecurity) The Maze ransomware group claimed responsibility for an attack on Busch's Fresh Food Markets, making this the second disclosed ransomware attack on the group's list after the company refused to pay up.

Ransomware: The number of victims paying up is on the rise, and that's bad news (ZDNet) Ransomware attacks have continued to rise - and more and more organisations are opting to pay cyber criminals in order to restore their networks.

Report: Ransomware Goons Had A Great 2019, With At Least 948 Reported Attacks (Gizmodo Australia) Ransomware operators are closing out a year of extorting local governments, hospitals, and schools across the country with a bang, with at least four more U.S. cities falling victim to sophisticated scams this month alone and a recent report tallying the total number of incidents at nearly a thousand....

Is Security of Crypto Exchanges Far From Being Infallible? (Cointelegraph) Cryptocurrency exchanges have improved their security, though they’re still prone to hacking attacks. How can exchange operators handle such threats?

What’s behind Putin’s old-school operating system? (Naked Security) Reports surfaced this week that the president of Russia is still using Windows XP as his primary operating system.

Security Patches, Mitigations, and Software Updates

Chrome 79 patched after Android WebView app chaos (Naked Security) Google has rushed out a fix for a bug in the Android version of Chrome that left some app users unable to access accounts or retrieve stored data.

Drupal Warns Web Admins to Update CMS Sites to Patch a Critical Flaw (The Hacker News) Drupal releases security patches critical vulnerabilities that could let remote hackers compromise web servers.

Facebook to stop using 2FA phone numbers for friend suggestions (Computing) The change is being introduced in five countries this week,Privacy ,Facebook,two-factor authentication,2FA,FTC,Michel Protti

Cyber Trends

Cyber Risk Index | Trend Micro (Trend Micro) We teamed up with the Ponemon Institute to investigate the level of cyber risk across organizations and create a Cyber Risk Index (CRI). Refreshed regularly, the CRI is a comprehensive measure of the gap between an organization's current security posture and its likelihood of being attacked. Our second survey shows an increase in the risk, particularly in terms of the attacks targeting organizations.

Cybersecurity Predictions for 2020 (Netskope) Just like every year, we’ve seen the cybersecurity industry shift and change quite a bit in 2019. Finding new threats, building new infrastructure, and uncovering new risks both in and out of the cloud. WIth 2020 looming on the horizon, there’s plenty to unpack and predict what’s next for the security industry as we kickoff …

Venafi Study: Critical Machine Identities Protected Less than Human Identities (Venafi) Venafi research reveals organizations aren’t protecting machine identities as effectively as human identities – and they may be more important to cybercriminals. Read more.

Spam over phone and email is changing consumer communication preferences (Help Net Security) Of today’s main communications mediums - text, phone calls and email - consumers continue to get the most spam over phone and email.


F5 Networks to acquire Shape Security for $1 billion (MarketWatch) F5 Networks Inc. said late Thursday it will acquire privately held cybersecurity company Shape Security in a deal with an enterprise value of $1 billion. In...

Kenes Rakishev and Moshe Hogeg decided to merge Sirin Labs with cyber security company from Israel (Talk Finance) Sirin Labs will overwinter the lack of interest to blockchain technology by joining forces with the yet unnamed Israeli cybersecurity startup. The plan, which is already confirmed by Kenes Rakishev and Mosche Hogeg, is on the final stages of implementing. We think, that we know what kind of security startup is about to merge with Sirin Labs, but we prefer …

Google Offers Financial Support to Open Source Projects for Cybersecurity (The Hacker News) As Part of its Patch Rewards Program, Google Offers Financial Support to Open Source Projects for Cybersecurity.

eSentire announces partnership with CrowdStrike (IT World Canada) Managed detection and response firm eSentire has announced a partnership with Crowdstrike to complement one another’s security solutions. The partnership, announced on

OnePlus announces new bug bounty program to strengthen its cybersecurity (Android Central) Aiming to strengthen the security of its systems, OnePlus has announced a new bug bounty program for security researchers around the world. It is also teaming up with HackerOne to defend its systems against threats.

Alexander Botting Joins Venable’s Cybersecurity Team as Senior Director of International Cybersecurity Services (Citybizlist) Venable LLP is pleased to announce that Alexander Botting has joined the firm as senior director of international

Products, Services, and Solutions

Medigate and Cerner to Advance Medical Device Security (BusinessWire) Medigate, a dedicated medical device security and asset management solution, today announced it’s joining forces with Cerner Corporation (Nasdaq: CERN

ImageWare Systems Partners with Laxton to Provide Law Enforcement Agencies with Modern in-the-field Biometric Devices (Financial Buzz) ImageWare® Systems, Inc. (OTCQB: IWSY), a leader in mobile and cloud-based identity proofing and biometric authentication solutions, announced today a partnership with Laxton Group, a global provider of election, identity, and self-service solutions, to supply Law Enforcement agencies worldwide with a complete in-the-field biometric identity solution.

Image Protect Expands Fotofy Platform Compatibility to Include Rapidly Growing Global Push Notification Marketplace (West) Image Protect Inc. (OTC: IMTL) ( (“Image Protect”, “IMTL”, or the “Company”), a global leader in the end-to-end copyright infringement sector, is excited to announce imminent steps and a pending partnership discussion that will expand the Fotofy Platform into the massive and rapidly growing Push Notification space.

TrueFort Expands Fortified Ecosystem with Infoblox and Others (BusinessWire) As vendors we need to ensure smooth integration and information sharing between toolsets, through initiatives like the TrueFort Fortified Ecosystem.

Praxis Elevates Focus on Data Privacy and Protection with Asia Pacific Economic Cooperation Cross Border Privacy Rules system (APEC CBPRs) Certification | BioSpace (BioSpace) Praxis Elevates Focus on Data Privacy and Protection with Asia Pacific Economic Cooperation Cross Border Privacy Rules system (APEC CBPRs) Certification - read this article along with other careers information, tips and advice on BioSpace

New Asigra Program Defends Public/Non-Profit Organizations Against Cyber Attacks Targeting Backup Data (Asigra) Asigra Inc., a leading cloud backup, recovery and restore software provider since 1986, today announced a new program focused on defending the backup repositories and data of Canadian public and non-profit organizations against cyber-attacks.

Elcomsoft Extracts Skype Histories From Microsoft Account (PR Newswire) ElcomSoft updates Elcomsoft Phone Breaker, the company's forensic extraction tool. Version 9.40 can remotely extract Skype conversation...

Sophos Launches Managed Threat Response Service (CIOL) Sophos announced the availability of Sophos Managed Threat Response (MTR), a fully managed threat hunting, detection and response service. The re-sellable service provides organizations with a dedicated 24/7 security team

Arctic Wolf Enhances Managed Detection and Response Service With Managed Containment (BusinessWire) Arctic Wolf Networks, a leading security operations center (SOC)-as-a-service company, today announced the addition of Managed Containment to the Arct

What's that? Encryption's OK now? UK politicos Brexit from Whatsapp to Signal (Register) Take a break from calling for the end of e2e, so they can switch encrypted chat apps

Technologies, Techniques, and Standards

Ship engine and auxiliary networks will be cyber secure (Riviera Maritime Media) Lloyds Register has awarded one of the first system-level cyber certification in the world to a major OEM

FIRST released ethics guidelines to deepen trust among incident response teams (FIRST — Forum of Incident Response and Security Teams) Calling for public consultation until end of January, 2020

Proposed standard would make warrant canaries machine-readable (Naked Security) For years, organisations have been using a common tactic called the warrant canary to warn people that the government has secretly demanded access to their private information. Now, a proposed stan…

7 signs your cybersecurity is doomed to fail in 2020 (Help Net Security) Cybercrime represents big money. Unfortunately, that will equate to operational and financial losses for unprepared businesses in 2020 and beyond.

Are you talking business risk intelligence to the C-Suite? - (Enterprise Times) Ian Schenkel talks about Business Risk Intelligence and why business management teams need to adopt personal brand protection

How to manage a departing employee’s access to IT (Cloud Pro) We talk to experts in access rights, data removal and human resources to navigate this most tricky of passages

How to Handle Brand Impersonation on Social Media (PhishLabs Blog) In a world where it only takes moments to create a profile on social media, there is a difference between parody and malicious attacks.

Challenges of using firewall tech to do segmentation (Help Net Security) Security segmentation limits the ability for attacks to move laterally by breaking data center and campus networks or clouds into smaller segments.

How to get rid of My Login Hub Browser Hijacker - virus removal guide (updated) (PC Risk) My Login Hub is an application that supposed to provide a quick access to various email accounts, users supposed to be able to access them directly from a newly opened tab. However, My Login Hub turns out to be a browser hijacker, a potentially unwanted application (PUA).

Design and Innovation

An aerospace company is using blockchain tech to combat counterfeit products in aviation industry (TheNews.Asia) An aerospace company is using blockchain tech to combat counterfeit products in aviation industry Honeywell, an aircraft part producer, is partnering with iTRACE and SecureMarking to reduce the pro…

Facebook is building an operating system so it can ditch Android (TechCrunch) Facebook doesn’t want its hardware like Oculus or its augmented reality glasses to be at the mercy of Google because they rely on its Android operating system. That’s why Facebook has tasked Mark Lucovsky, a co-author of Microsoft’s Windows NT, with building the social network an …

Facebook will bar posts, ads that spread disinformation about the U.S. census (Washington Post) Facebook will remove posts, photos and other content that mislead people about the U.S. census starting next year, seeking to prevent malicious actors from interfering in a critical, once-in-a-decade process that determines political representation.

Instagram hides ‘false’ content, unless it’s from a politician (Naked Security) Instagram’s expanding its fact-checking program but, like Facebook, says it won’t keep political speech away from “public debate and scrutiny.”

On Census, Facebook And Instagram To Ban Disinformation And False Ads (NPR) Under pressure to prepare for 2020 census interference, Facebook says content misrepresenting who can participate and the data the government collects will be banned from its social media platforms.

Why video games and board games aren’t a good measure of AI intelligence (The Verge) Reimagining what intelligence means for AI.

Legislation, Policy, and Regulation

U.S. Concerned Russia-Backed UN Resolution Will Hurt Online Freedom (RadioFreeEurope/RadioLiberty) The United States said a cybercrime resolution sponsored by Russia is an attempt to push state cyber controls and fears it will pass the United Nations General Assembly later this month.

Chinese government cuts US Democratic debate live feed (CNN) The live feed of the sixth Democratic presidential debate was cut without warning in China Thursday night during a discussion on allegations of human rights abuses in the country's western region of Xinjiang.

Greenland chooses Ericsson over Huawei for 5G rollout (Reuters) Greenland has picked Sweden's Ericsson over China's Huawei to supply e...

Italy security committee urges tougher government stance on Huawei, ZTE (Reuters) Italy should consider preventing Chinese telecoms firms Huawei and ZTE from taki...

Federal Council considers introduction of cyber incident reporting duty | Lexology (Lexology) While many countries have introduced far-reaching obligations to report cyber incidents, Switzerland has not yet followed this lead. However, the…

Homeland Security cyber ‘hunt’ teams are coming to help (Fifth Domain) A massive spending package included a provision that directs the Department of Homeland Security to maintain its cyber hunt and incident response teams.

Facebook’s location tracking policy still worries US Senators (Naked Security) Does Facebook continue to track the locations of its users even when they’ve told it not to? Yes!

The Pentagon has declared war on...*checks notes*... Tik Tok (Task & Purpose) The Dec. 16 cyber awareness message advises DoD employees that uninstalling Tik Tok, "Will not prevent already potentially compromised information from propagating, but it could keep additional information from being collected."

Trump Announces Picks to Replace Outgoing Leaders at NSF, CISA ( The administration plans to nominate a replacement for the National Science Foundation director and appoint a new assistant director for the Cybersecurity and Infrastructure Security Agency.

Federal deputy CIO Graves to move on to private sector (Federal News Network) Margie Graves, who has been the federal deputy CIO since 2016, plans to return to the private sector in 2020 after spending 18 years in federal services.

Litigation, Investigation, and Law Enforcement

Justice Department investigates Sci-Hub founder on suspicion of working for Russian intelligence (Washington Post) The investigation into Alexandra Elbakyan has criminal and intelligence-gathering elements, according to people familiar with the matter.

Email blackmail brouhaha tears UKIP apart as High Court refuses computer seizure attempt (Register) And you thought politics was winding down for Christmas

Jet2 hacker, a former contractor with axe to grind, jailed for 10 months (ZDNet) He lurked in the CEO’s inbox to check if the airline knew of his involvement.

Disgruntled IT Worker Jailed For Airline Cyberattack (Law360) An aggrieved former information technology worker at Jet2 has been jailed for 10 months for a cyberattack on the low-cost British airline that cost it £165,000 ($215,000), the National Crime Agency said Thursday.

US court jails scammer who fleeced Facebook and Google out of $120m in email fraud (Computing) Rimasauskas shook down Google and Facebook with fake emails purporting to be from a major Taiwan-based supplier

Google fined €150m by French authorities over anti-competitive abuse of search ads (Computing) Google hit with third-highest antitrust fine by French authorities

The Hacker Who Took Down a Country (Bloomberg) Daniel Kaye, also known as Spdrman, found regular jobs tough but corporate espionage easy. He’s about to get out of prison.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Meeting To Discuss Insider Threat Detection On Computer Systems & Networks (Laurel, Maryland, USA, February 11, 2020) The National Insider Threat Special Interest Group will hold a meeting to discuss the findings of a workshop that was held in 2019. The workshop was done in partnership with the University of Maryland’s...

Upcoming Events

CPX 360 Bangkok (Bangkok, Thailand, January 14 - 16, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable...

Cyber Security for Critical Assets, MENA 2020 (Dubai, United Arab Emirates, January 20 - 21, 2020) The 17th in a global series of Cyber Security for Critical Assets summits, #CS4CA MENA 2020 focuses on safeguarding the critical industries of the Middle East and Northern Africa from cyber threats. CS4CA...

CPX 360 New Orleans (New Orleans, Lousiana, USA, January 27 - 29, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable...

SINET: Global Cybersecurity Innovation Summit (London, England, UK, January 30, 2020) Advancing global collaboration and innovation, SINET convenes a summit of international cybersecurity leaders at the British Museum. The conference will bring together innovators, investors, researchers,...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.