skip navigation

More signal. Less noise.

What if your security solution could provide zero doubt?

A foundation of artificial intelligence delivers smart, simple, and secure solutions that change how organizations approach endpoint security. Cylance provides full-spectrum, predictive threat prevention and visibility across the enterprise to combat the everyday - as well as the most notorious and advanced - cyberattacks. Let Cylance help you understand how you can create real confidence in your organization’s security posture and zero in on what really matters.

Daily briefing.

The cyber incident Airbus disclosed on January 30th is now believed, anonymous sources close to the investigation tell Challenges, to have been the work of Chinese operators. Signs seem to point to APT10, also known as Stone Panda or MenuPass. APT10 is generally associated with the Tianjin Bureau of the Ministry State Security.  Airbus made its disclosure within GDPR's prescribed seventy-two hours, since the hackers accessed employee data, "mostly professional contact and IT identification details."

APT10 has been busy elsewhere, too. A report by Recorded Future and Rapid7 concludes, in a cautionary account of third-party risk, that the espionage group has been active against managed service provider Visma, a US law firm with a wide-ranging intellectual property practice, and other companies. 

Chinese industrial policy and espionage figured in US President Trump's State of the Union address.

The US Departments of Homeland Security and Justice have issued their Congressionally mandated report on whether there was foreign meddling in the 2018 mid-term elections. The Departments found no evidence of any foreign activity that had any "material impact" on the elections or the infrastructure surrounding them.

Vilnius thinks, according to Reuters, that Russia is preparing information operations to interfere with Lithuanian elections. Russia says the fears are nonsense, because they'd never do that.

The US House Committee on Energy and Commerce wants Apple to explain why it took so long to patch FaceTime.

Worried about speculative execution attacks, like Spectre, Meltdown, and Foreshadow? Take it from NSA: keep your patching up to date.

Notes.

Today's edition of the CyberWire reports events affecting Australia, China, Czech Republic, European Union, Norway, Poland, Russia, United Kingdom, United States.

The Round the Clock Third Party Advantage

Vendors, suppliers, and independent subsidiaries are gaining more access to your network and sensitive data because today’s business models include outsourcing of non-mission critical programs and tasks, which brings a new world of risk to your organization. In this webinar, LookingGlass Product Manager, Brandon Dobrec and Security Ledger Editor-in-Chief, Paul Roberts will discuss what you need to assess vendors in the modern cyber environment, providing you with the right map to assess your external risk.

In today's podcast, up later this afternoon, we speak with Emily Wilson from our partners at Terbium Labs. She describes how biometrics can appear for sale on the dark web. Our guest, Katie Nickels from MITRE, takes us through the ATT&CK knowledge base.

Cyber Job Fair, Feb 13, San Antonio (San Antonio, Texas, United States, February 13, 2019) Cleared and non-cleared cybersecurity pros make your next career move at the Cyber Job Fair, February 13 in San Antonio. Meet leading cyber employers including AF Civilian Service, CNF Tech, Lockheed Martin, and more. Visit ClearedJobs.Net or CyberSecJobs.com for details.

Cyber Security Summits: February 13th in Atlanta and on April 2nd in Denver (Atlanta, Georgia, United States, February 13 - April 2, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, U.S. Secret Service, Darktrace and more. Passes are limited, secure yours today: www.CyberSummitUSA.com

Rapid Prototyping Event: The Needles in the Haystack (Columbia, Maryland, United States, February 26 - 28, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Protoyping Event in which we hope to find a solution that can not only 'map' the network in the traditional sense but provide inferences as to the most important servers, workstations or hardware devices. Once these assets are identified they could be isolated, replicated or studied closely via live forensics.

Global Cyber Innovation Summit (Baltimore, Maryland, United States, May 1 - 2, 2019) This unique, invitation-only forum brings together a preeminent group of leading Global 2000 CISO executives, cyber technology innovators, policy thought leaders, and members of the cyber investment community to catalyze the industry into creating more effective cyber defenses. Request an invitation today.

Cyber Attacks, Threats, and Vulnerabilities

Lithuania fears Russia will attempt to sway its elections (Reuters) Lithuania's intelligence agencies fear Russia will interfere in its forthco...

Cyberattaque contre Airbus: la piste chinoise avancée (Challenges) Selon des sources concordantes, étatiques et proches du constructeur aéronautique, la cyberattaque dont Airbus a annoncé, le 30 janvier, avoir été victime, a été menée via un mode opératoire utilisé par un groupe de hackers qui opère depuis la Chine et ciblait des documents techniques relatifs à la certification des avions du géant européen.

Chinese hackers behind cyber attack on aircraft manufacturer Airbus (Talk Finance) A group of hackers from China would be responsible for a cyber attack on the European aircraft manufacturer Airbus, reports the French business magazine Challenges on the basis of anonymous initiates. Airbus announced on 30 January that it had become a victim of a cyber attack in which data was stolen. Exactly what the damage is, was still being investigated …

APT10 Targeted Norwegian MSP and US Companies in Sustained Campaign (Recorded Future) In this report, Insikt Group shares insight into a sustained cyberespionage campaign assessed to be conducted by Chinese state-sponsored threat actor APT10.

RDP Servers Can Hack Client Devices: Researchers (SecurityWeek) Researchers discover over two dozen RDP vulnerabilities, including ones that allow a malicious RDP server to hack a device running the client RDP software.

Reverse RDP Attack: Code Execution on RDP Clients (Check Point Research) Used by thousands of IT professionals and security researchers worldwide, the Remote Desktop Protocol (RDP) is usually considered a safe and trustworthy application to connect to remote computers. Whether it is used to help those working remotely or to work in a safe VM environment, RDP clients are an invaluable...

BEC Actors Exploit Gmail “Dot Accounts” to Scale Activity (Agari) Cybercriminals are taking advantage of a Gmail feature to scale fradulent activity, including filing fake tax returns, credit card applications, and more.

Remote Code Execution in InduSoft Web Studio (Tenable®) Enterprises running InduSoft Web Studio should update their software and ensure these critical systems are not exposed to the internet.

Orcus RAT hidden in Coca-Cola video - (Enterprise Times) Orcus RAT is using a Ramadan-themed-Coca-Cola video to infect users machines in order to steal user passwords and launch server stress tests

Code Execution Flaw Found in LibreOffice, OpenOffice (SecurityWeek) Researcher finds serious remote code execution vulnerability affecting LibreOffice and OpenOffice, but a patch has only been released for the former.

Half of IoT devices let down by vulnerable apps (Naked Security) Half of the apps used to control a range of Internet of Things devices are insecure in a variety of ways, researchers found.

Beware of the App! On the Vulnerability Surface of Smart Devices through their Companion Apps (Arxiv) Internet of Things (IoT) devices are becoming increasingly important. These devices are often resource-limited, hindering rigorous enforcement of security policies. Assessing the vulnerability of IoT devices is an important problem, but analyzing their firmware is difficult for a variety of reasons, including requiring the purchase of devices. This paper finds that analyzing companion apps to these devices for clues to security vulnerabilities can be an effective strategy.

Kids’ GPS watches are still a security ‘train wreck’ (Naked Security) Anyone could have accessed the entire database, including a child’s location, on Gator watches and other models that share its back end.

Why Fighting Card-Not-Present Fraud Remains an Ongoing Challenge (SecurityWeek) The abundance of compromised card data and other assets available online continues to hinder the fight against card-not-present (CNP) fraud.

Metro customers hit by text-targetting attack (Finextra Research) Metro Bank has fallen victim to a new type of cyber fraud that targets the codes sent via text messages used to verify transactions.

Mat-Su Borough eying $1.3 million balance after insurance payout for 2018 cyber attack (KTUU) The Mat-Su Borough Assembly is looking to appropriate $1 million of cyber insurance to begin reimbursing the borough for costs associated with a 2018 cyber security attack that took their network offline.

Scam of Oregon home buyer offers cautionary tale on the perils of wiring closing funds without verifying email (Washington Post) If you plan to wire funds, it’s best to call the title company or lender to verify transfer instructions.

Security Patches, Mitigations, and Software Updates

Google Patches Critical .PNG Image Bug (Threatpost) Eleven critical bugs will be patched as part of the February Android Security Bulletin.

Cyber Trends

Ponemon Institute Releases 2019 Study on Managing Safety, Security and Privacy in the Interconnected World of IT, OT and IIoT (GlobeNewswire News Room) Privacy and information security research firm, Ponemon Institute, announces the release of “2019 Safety, Security & Privacy in the Interconnected World of IT, OT and IIoT study” in partnership with TUV Rheinland OpenSky.

SecurityFirst and Ponemon Study Find Security Gap in Cloud Migration (PR Newswire) SecurityFirst™, provider of data-centric security, and the Ponemon Institute today released the...

When Real-Time Payments Go Wrong (Rambus) Since the 1980s, momentum behind real-time payments (RTP) – also known as faster or instant payments – has grown at an accelerated pace, because of its benefit to both consumers and businesses. Estimates currently suggest approximately 35 countries, including Switzerland, Taiwan, India, China and the UK, have implemented or …

Safety, Security & Privacy in the Interconnected World of IT, OT & IIOT (Open Sky) Insights to better manage risk and opportunities for convergence

Mobile Endgeräte als tickende Zeitbomben (IT-Zoom) „Wir sehen bereits heute, dass die Schadcode-Zahlen insbesondere für Android im Jahresvergleich um 40 Prozent gestiegen sind“, warnt Hendrik Flierman, Global Sales Director bei der G Data Software AG.

Marketplace

Early stage funding for UK startups drops 15pc to four year low (The Telegraph) Early stage investment in UK startups has hit a four year low as Brexit uncertainty prompted a drop in funding activity, according to new research.

US businesses turning to consulting firms amid cybersecurity fears (Consulting) With the rise of digitization comes an increased risk of cyberattacks, which in turn raises cybersecurity to the top of many American companies’ to-do lists.

Microsoft warns investors that its artificial-intelligence tech could go awry and hurt its reputation (Business Insider) Microsoft is spending big to build out its AI tech. But it's already had a few high-profile snafus and can't promise it won't have more in the future.

vArmour Raises $44M Amid Rising Popularity for Solutions Securing Cloud Computing, Hybrid Deployments and Other Transformative Computing Models (vArmour) vArmour is the industry’s first distributed security system that provides application-aware microsegmentation. vArmour microsegments each application by wrapping protection around every workload - increasing visibility, security, and operational efficiency.

Signal Sciences Raises $35M to Accelerate Wide-Scale Market Expansion and Technology Innovation (BusinessWire) Signal Sciences, the fastest growing web application security company in the world, today announced that it has raised $35 million in Series C funding

CrowdStrike Moves to Create Cybersecurity Ecosystem (Security Boulevard) CrowdStrike announced it is opening its Falcon cloud-based platform for providing endpoint security to developers of complementary third-party applications.

This Government Contractor Is Betting Big on Electronic Warfare (The Motley Fool) As consolidation surges among IT services providers, CACI International is hoping specialization will help it compete.

Avast sells Managed Workplace product to Barracuda Networks (Telecompaper) Avast announced that it has sold its Managed Workplace product, a remote monitoring and management product for managed service providers, to Barracuda Networks. The company said the business is not core to its SMB strategy, which focuses on securing the workplace.

Industrial Cybersecurity Concerns Translate into Record Growth for PAS Global (PR Newswire) PAS Global, LLC, the leading solution provider of industrial control system (ICS) cybersecurity, process safety, and...

I won't bother hunting and reporting more Sony zero-days, because all I'd get is a lousy t-shirt (Register) It's 2019. Should billion-dollar corps do better than offer swag for vulns?

Arlo CIO Tejas Shah Joins Bugcrowd Advisory Board (Bugcrowd) Bugcrowd, the #1 crowdsourced security company, today announced the addition of Tejas Shah, the chief information officer of Arlo, to its advisory board.

Garrison Hires Security Veteran, Colin McKinty, PhD, to Lead US Operations (Finger Lakes Times) Garrison, the specialist provider of ultra-secure web browsing technology, today announced the hiring of cybersecurity veteran Colin McKinty, PhD as General Manager of North America.

Foresite Announces New Senior Vice President of Sales (PRWeb) Mr. Koehnecke is responsible for the strategic oversight of the company’s domestic and international market expansion and orchestration of the sales

Cybersecurity Startup CyberInt Appoints New CEO (CTECH) Itai Margalit, previously CEO of Switzerland-based network optimization company Starhome Mach, will serve as the CyberInt’s new CEO, the company announced Monday

Industry Veteran Alan Cohen Joins Silverfort As Strategic Advisor (Global Banking & Finance Review) Silverfort, the provider of next-generation authentication solutions, today announced that Alan Cohen has joined as a strategic advisor. A former senior ex

Products, Services, and Solutions

Mocana Introduces Device Security Solutions to Protect the Electric Grid (Mocana) Mocana announced the availability of solutions to protect and manage the security of legacy devices and industrial equipment. Mocana provides strong device-based authentication and encryption solutions for protecting legacy brownfield devices.

Bank streamlines discovery of sensitive data and rebuilds its Active Directory in three weeks instead of six months (Netwrix) With Netwrix Auditor, First National Bank Minnesota enabled discovery and classification of sensitive data and improved its security posture.

Enveil Partners with Thales to Expand Protections for Sensitive Data (GlobeNewswire News Room) Technology Integration Ensures Security for Critical Assets Without Disrupting Existing Security Infrastructure

Ivanti Patch for Windows Achieves U.S. Army Certificate of Networthiness (CoN) | Ivanti (Ivanti) Army CoN Certification Validates that Ivanti Patch for Windows Meets Strict U.S. Army and Department of Defense (DoD) Standards for Security, Compatibility and Sustainability

Launching the CrowdStrike Store to Bring Trusted Third-Party Apps to the Falcon Platform (CrowdStrike) The CrowdStrike Store offers trusted third-party applications and add-ons that enhance and extend the industry-leading Falcon platform — CrowdStrike customers can discover, try and buy new security tools without having to deploy additional agents, on-premises servers or use new cloud platforms.

Google Password Checkup Checks For Already Compromised Passwords (Decipher) Google’s Password Checkup Chrome extension tackles the big problem of password reuse by checking what passwords users are using against a database of compromised credentials.

Filling Cybersecurity Blind Spots with Unsupervised Learning (Datanami) What you don't know can hurt you. And when you're processing millions of transactions per day, what you don't know probably is hurting you. That's why

Technologies, Techniques, and Standards

NSA Offers Guide on Speculative Execution Side-Channel Attacks (Redmondmag) The U.S. National Security Agency issued updated guidance late last month on the various speculative execution side-channel flaws that open up all systems using modern processors to potential attacks.

Why 5G is a big deal for militaries throughout the world (C4ISRNET) New 5G technology will mean battlefield devices will have the power to take advantage of artificial intelligence, quantum computing and cryptography and facial recognition.

3 ways the Pentagon could improve cyber intelligence (Fifth Domain) Intelligence officials and academics say the United States needs to expand its cyber surveillance authorities and capabilities to meet the Trump administration’s vision to be more aggressive in cyberspace.

Five things you can do right now to stay safer online (Google) According to new research from Harris Poll and Google, most people think they’re secure online. But are they doing everything they can?

How to Submit a Bug Report to Apple, Google, Facebook, Twitter, Microsoft, and More (Lifehacker) Leaky security, hardware exploits, crashes, broken features—every piece of hardware or software is prone to bugs and vulnerabilities, and it’s likely you’ve had the misfortune of dealing with them at some point in your tech life. While most people grin, bear it, and wait for the problem to fix itself, you can also take a more active approach to bugs and other security disasters by reporting your findings.

CVE-2018–8414: A Case Study in Responsible Disclosure by Matt Nelson (Hakin9 - IT Security Magazine) The process of vulnerability disclosure can be riddled with frustrations, concerns about ethics, and communication failure. I have had tons of bugs go well. I have had tons of bugs go poorly.

5 reasons why asset management is a hot topic in 2019 (Help Net Security) Understanding asset management enables companies to embrace digital transformation and validate whether assets, users, and devices should be granted access.

Navy Cyber Defenders Participate in Boss of the Security Operations Center Competition (DVIDS) Navy Cyber Defense Operations Command (NCDOC) and Naval Network Warfare Command (NETWARCOM) participated in Boss of the Security Operations Center competition (BOTS), hosted by Splunk Inc., January 24.

When Delete’s Not Good Enough: Navy to Burn 2 Tons of Digital Storage (Defense One) Researchers at the Naval Surface Warfare Center have a lot of classified information stored on digital devices and issued a solicitation to literally watch it all burn.

How the Air Force made a dent in its 79,000 security clearance backlog (Federal News Network) The Air Force is using multiple programs to push back its security clearance backlog.

Design and Innovation

RSA Conference Announces Finalists for Innovation Sandbox Contest 2019 (BusinessWire) RSA® Conference, the world’s leading information security conferences and expositions, today announces the 10 finalists for its annual RSAC Innovation

Bots are cheap and effective. One startup trolls them into going away (TechCrunch) Bots are ruining the internet. When they’re not pummeling a website with usernames and passwords from a long list of stolen credentials, they’re scraping the price of hotels or train tickets and odds from betting sites to get the best data. Or, they’re just trying to knock a websi…

How Facebook Has Changed Computing (WIRED) To handle its massive amount of data, Facebook built new hardware and software tools, and shared them through open source.

‘The Social Network’ Was More Right Than Anyone Realized (WIRED) Director David Fincher's movie is not necessarily historically accurate, but its lessons about privacy and power still ring true nearly 10 years later.

Research and Development

Quantum Repeater Trial Ignites Hopes for Long-Distance Quantum Cryptography and Computation (IEEE Spectrum) New technology teases simple, photon-only alternative to existing high-maintenance quantum repeater technologies

Academia

Palo Alto Networks to launch cyber security academy for BC high school students (IT Business) Today is Safer Internet Day around the world, and to honour the occasion Santa Clara-based cybersecurity company Palo Alto Networks has announced

Legislation, Policy, and Regulation

Czech cyber chief expects Huawei, ZTE to be excluded from more tenders (ABS-CBN News) Huawei and ZTE will be left out of more state tenders after the tax authority excluded them, the head of the Czech cyber watchdog, which issued a recent security warning about the Chinese technology firms, said on Tuesday.

Is an Iron Curtain Falling Across Tech? (Foreign Policy) The conflict around Huawei may be the first shots in a new cold war.

Analysis | The Cybersecurity 202: What Trump didn't say about the state of the union's cybersecurity (Washington Post) There wasn't a single mention of threats to elections or critical infrastructure.

U.S. warns European allies not to use Chinese gear for 5G networks (Reuters) The United States sees the European Union as its top priority in a global effort...

US tells European allies: don’t buy ‘untrusted’ Chinese gear for 5G networks (South China Morning Post) The US has launched a lobbying campaign in European capitals, branding Huawei’s equipment a security risk

Hill Bill Backstopping ZTE Deal Reintroduced (Multichannel) Would reimpose ban on U.S. tech exports if Commerce can't certify compliance with conditions

US Hacker Squads Constantly On the Attack in New Cyberwar Strategy (RealClearLife) All day every day American hackers are breaking into foreign networks to slug it out with adversaries on their own turf courtesy of U.S. Cyber Command.

Report urges government, private firms collaborate to prevent fallout from major cyberattack (TheHill) A report published by a think tank Tuesday is urging priva

Tabletop exercise of cyber-enabled economic warfare reinforces need for more preparation by U.S. Government, private sector, new report from FDD and the Chertoff Group finds (Chertoff Group) The results of a tabletop exercise on cyber-enabled economic warfare find that when a large-scale destructive cyberattack occurs, the United States and the private sector must already have in place the resources and methods to share information in order to mitigate the attack and recover from it quickly, according to a joint report issued today by the Foundation for Defense of Democracies (FDD) and The Chertoff Group.

Former Official: Throwing More Bodies Into Cybersecurity Won’t Help (Nextgov) In fact, the focus on the cybersecurity workforce gap is leading to more insecurity and the need for more workforce, says a former FBI and intelligence official.

Australian government clamping down on security research, academic says (Computerworld) Prominent cyber security researcher Dr Vanessa Teague says that Australian cryptography research is under threat from a decision by the Defence Export Controls office to alter an agreement with the University of Melbourne.

Poland unveils details of plan for new cyber defence force (Polskie Radio dla Zagranicy) Poland’s defence minister on Tuesday divulged details of a plan to create a new cyber defence force for the country to counter hi-tech security threats.

Social media giants put profits before child safety (Times) Social media executives could be arrested and held personally liable if content that is harmful to children or vulnerable people is not taken down from their sites, a minister has suggested. Jackie...

Senate gives initial OK to anti-cyberbullying expansion (Daily Record) Senate gives preliminary approval to a bill that would expand Maryland’s law against cyberbullying of youngsters.

Litigation, Investigation, and Law Enforcement

Feds: No Evidence Foreign Meddling Impacted Midterms (US News & World Report) Foreign governments did not breach voting systems used in the 2018 congressional elections, federal officials say.

Report finds no significant interference in midterm elections (Fifth Domain) The new report is significant because security of the midterm elections was one metric that could be used to judge the success of the Trump administration’s plan to become more aggressive in cyberspace,

NSA Surveillance Program Challenge Dismissed Again (2) (Bloomberg Law) A Pittsburgh-area lawyer’s challenge to the National Security Agency’s bulk surveillance program has again been tossed out of federal court.

Home DNA kit company says it’s working with the FBI (Naked Security) FamilyTreeDNA has disclosed that it’s opened up more than 1m DNA profiles to the FBI to help find suspects of violent crime.

Google now pays more money in EU fines than it pays in taxes (Computing) Google files 2018 revenues revealing that it pays $900m more in fines than it pays in taxes

South African electricity utility Eskom accused of ignoring customer credit card compromise (Computing) Names, addresses, energy usage and even full credit card data exposed online by South Africa's monopoly electricity company

Crypto exchange in limbo after founder dies with password (Naked Security) The only person who knew the password is dead, leaving customers unable to access around $190million in fiat and virtual currency.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Border Security: Physical Wall vs. Virtual Wall (Arlington, Virginia, USA, February 18, 2019) Marymount University ISACA Student Group (MUISG) has its CyberNight at MU scheduled for 9 March 2019 from 6-8pm. Panelists will discuss Border Security: Physical vs Virtual Wall. This is an educational...

Upcoming Events

CPX Americas 360 2019 (Las Vegas, Nevada, USA, February 4 - 6, 2019) CPX 360 promises to be the premier cyber security summit. CPX 360 is where you’ll receive up-to-the-minute intelligence about global threats and other vital topics from the world’s leading cyber security...

QuBit Conference Belgrade 2019 (Belgrade, Romania, February 7, 2019) QuBit is a Cybersecurity Community Event connecting the East and West. We create a unique way to meet the best and the brightest minds in the information security fields across multiple industries, and...

NITSIG Meeting: Insider Threat Detection & Mitigation Using External Data Sources (Laurel, Maryland, USA, February 12, 2019) Gathering and analyzing Internal data sources is very important for Insider Threat Detection. Equally important is knowing what External data sources are also available to create the "Big Picture" of potential...

National Security Technology Forum and Exposition (NSTFX) (San Diego, California, USA, February 12, 2019) AFCEA International and the University of California, San Diego are proud to host a new and innovative event entitled “The National Security Technology Forum and Exposition (NSTFX)”. NSTFX will bring...

3rd Next Generation Cyber Security for Utilities (Denver, Colorado, USA, February 13 - 14, 2019) With the value of damages caused by cyber-attacks growing rapidly every year, adopting a new and comprehensive approach to cyber security for utilities is more important than ever. Among essential facilities...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.