skip navigation

More signal. Less noise.

What if your security solution could provide zero doubt?

A foundation of artificial intelligence delivers smart, simple, and secure solutions that change how organizations approach endpoint security. Cylance provides full-spectrum, predictive threat prevention and visibility across the enterprise to combat the everyday - as well as the most notorious and advanced - cyberattacks. Let Cylance help you understand how you can create real confidence in your organization’s security posture and zero in on what really matters.

Daily briefing.

The US Department of Homeland Security thinks China’s APT10 has been quieter since two of its (alleged) operators were indicted late last year, reports FCW,  but DHS is pretty confident APT10 hasn’t gone away, and will be heard from again.  

Among APT10’s activities last year, according to Recorded Future and Rapid7, was a campaign against a Norwegian managed service provider. Microsoft Security thinks otherwise, and that the threat actor in this case was APT31, also known as Zirconium. 

Akamai reports a phishing campaign that uses Google Translate to obtain Facebook and Google credentials. The victim receives an email purporting to be a notification from Google that a device has logged into the victim’s account. The victim is invited to verify that the login is legitimate. When they follow the link provided, the malicious domain of a credential-harvesting page is loaded via Google Translate. The victim is then forwarded to a phony Facebook login page. Akamai says the fraud looks pretty good on a mobile device, but it’s much less convincing on a laptop or desktop. 

A researcher finds a macOS Keychain zero-day but won’t share it with Apple until Cupertino sets up a proper bug bounty program, reports BleepingComputer

Symantec has found a variant of the familiar tech support scam in the wild. It mimics a Norton system scan while it installs potentially unwanted programs. 

According to the South China Morning Post, Canada's 5G infrastructure will probably exclude Huawei. ZTE is also receiving hostile US scrutiny, reports Sunshine State News

Notes.

Today's edition of the CyberWire reports events affecting Australia, Canada, China, European Union, Germany, Iran, Poland, United Kingdom, United States.

The Round the Clock Third Party Advantage

Vendors, suppliers, and independent subsidiaries are gaining more access to your network and sensitive data because today’s business models include outsourcing of non-mission critical programs and tasks, which brings a new world of risk to your organization. In this webinar, LookingGlass Product Manager, Brandon Dobrec and Security Ledger Editor-in-Chief, Paul Roberts will discuss what you need to assess vendors in the modern cyber environment, providing you with the right map to assess your external risk.

In today's podcast, up later this afternoon, we talk to our partners at the University of Bristol, as Awais Rashid offers some thoughts on the challenges of securing smart phones. And Carole Theriault explores recent concerns over popular video app VLC Player security issues with Paul Ducklin of Sophos.

And Hacking Humans is up. In this episode, "Make it seem like the real answer is impossible to know," Dave shares a bank spoofing scam with a reminder to mind those links, especially on mobile devices. Joe describes a case of someone turning the tables on a Twitter scammer. Our catch of the day involves a clumsy claim of physical harm. Dave interviews author Dave Levitan about his book Not a Scientist: How politicians mistake, misrepresent and utterly mangle science.

Cyber Job Fair, Feb 13, San Antonio (San Antonio, Texas, United States, February 13, 2019) Cleared and non-cleared cybersecurity pros make your next career move at the Cyber Job Fair, February 13 in San Antonio. Meet leading cyber employers including AF Civilian Service, CNF Tech, Lockheed Martin, and more. Visit ClearedJobs.Net or CyberSecJobs.com for details.

Cyber Security Summits: February 13th in Atlanta and on April 2nd in Denver (Atlanta, Georgia, United States, February 13 - April 2, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, U.S. Secret Service, Darktrace and more. Passes are limited, secure yours today: www.CyberSummitUSA.com

Rapid Prototyping Event: The Needles in the Haystack (Columbia, Maryland, United States, February 26 - 28, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Protoyping Event in which we hope to find a solution that can not only 'map' the network in the traditional sense but provide inferences as to the most important servers, workstations or hardware devices. Once these assets are identified they could be isolated, replicated or studied closely via live forensics.

Global Cyber Innovation Summit (Baltimore, Maryland, United States, May 1 - 2, 2019) This unique, invitation-only forum brings together a preeminent group of leading Global 2000 CISO executives, cyber technology innovators, policy thought leaders, and members of the cyber investment community to catalyze the industry into creating more effective cyber defenses. Request an invitation today.

Cyber Attacks, Threats, and Vulnerabilities

China-linked hacker group has gone quiet, but DHS expects resurgence (FCW) A hacking group behind a widespread cyber espionage campaign against IT service providers has gone quiet since two of its members were indicted but remains an active threat to American businesses.

China hacked Norway's Visma cloud software provider (ZDNet) APT10 hacker group breaches Visma cloud provider, a US law firm, and an international apparel company, a report published today says.

Attribution of cyber campaign to APT10 questioned (iTWire) A security researcher has questioned the attribution of a cyber-espionage campaign to the group known as APT10, which has long been suspected to be op...

Report: State-Sponsored Hackers Are Getting Better at Hiding Their Identities (Nextgov.com) Security researchers also warn Iran might be gearing up to target U.S. companies with information warfare.

Lifesize Team, Room, Passport & Networker Remote OS Command Injection (Trustwave) While working on various vulnerability research projects, I encountered multiple Authenticated Remote OS Command Injection vulnerabilities in four Lifesize products:

Power Company Has Security Breach Due to Downloaded Game (BleepingComputer) South African energy supplier Eskom Group has been hit with a double security breach consisting of an unsecured database containing customer information and a corporate computer infected with the Azorult information-stealing Trojan.

How Hackers and Scammers Break into iCloud-Locked iPhones (Motherboard) In a novel melding of physical and cybercrime, hackers, thieves, and even independent repair companies are finding ways to "unlock iCloud" from iPhones.

IcedID Operators Using ATSEngine Injection Panel to Hit E-Commerce Sites (Security Intelligence) The X-Force research team investigated the IcedID Trojan's two-step injection attack that enables it to steal access credentials and payment card data from e-commerce customers in North America.

Phishing Attacks Against Facebook / Google via Google Translate (Akamai) When it comes to phishing, criminals put a lot of effort into making their attacks look legitimate, while putting pressure on their victims to take action. In today's post, we're going to examine a recent phishing attempt against me personally....

Clever Phishing Attack Enlists Google Translate to Spoof Facebook Login Page (Threatpost) A tricky two-stage phishing scam is targeting Facebook and Google credentials using a landing page that hides behind Google's translate feature.

Weaponized emails are top APTs infection vector in today malware landscape (Difesa e Sicurezza) Yoroi-Cybaze cyber security experts: cybercrime and state-sponsored hackers use simple social engineering tricks to lure users to enable the malicious Macros.

Microsoft Confirms Serious ‘PrivExchange’ Vulnerability (Threatpost) The elevated privilege flaw exists in Microsoft Exchange and would allow a remote attacker to impersonate an administrator.

Researcher Declines to Share Zero-Day macOS Keychain Exploit with Apple (BleepingComputer) Security researcher Linus Henze demoed a zero-day macOS exploit impacting the Keychain password management system which can store passwords for applications, servers, and websites, as well as sensitive information related to banking accounts.

MacOS Zero-Day Exposes Apple Keychain Passwords (Threatpost) A researcher who discovered a flaw letting him steal passwords in MacOS is not sharing his findings with Apple without a macOS bug bounty program.

Exclusive: Scammers Hit Thousands With Sophisticated Fake Norton Scans (Forbes) In recent years tech support scammers stalked their victims through the phone lines. Now they're turning back the clock and tricking people into paying good money for bad apps.

Some Airline Flight Online Check-in Links Expose Passenger Data (Dark Reading) Several airlines send unencrypted links to passengers for flight check-in that could be intercepted by attackers to view passenger and other data, researchers found.

Big Telecom Sold Highly Sensitive Customer GPS Data Typically Used for 911 Calls (Motherboard) A Motherboard investigation has found that around 250 bounty hunters and related businesses had access to AT&T, T-Mobile, and Sprint customer location data.

Jack’d dating app is showing users’ intimate pics to strangers (Naked Security) A clear and present danger: Anyone with a web browser who knows where to look can access Jack’d users’ photos, be they private or public.

Attacks on Automotive Systems Feared Likely (Dark Reading) Yet few engineers feel empowered to do anything about them, a survey shows.

A Grim Gap: Cybersecurity of Level 1 Field Devices (POWER Magazine) Industrial control system cybersecurity is today largely focused on securing networks, and efforts largely ignore process control equipment that is crucial for plant safety and reliability, leaving it woefully Industrial control system cybersecurity is today largely focused on securing networks, and efforts largely ignore process control equipment that is crucial for plant safety and reliability, leaving it woefully vulnerable, an expert warns.

Many popular iPhone apps secretly record your screen without asking (TechCrunch) Many major companies, like Air Canada, Hollister and Expedia, are recording every tap and swipe you make on their iPhone apps. In most cases you won’t even realize it. And they don’t need to ask for permission. You can assume that most apps are collecting data on you. Some even monetize…

Just two hacker groups are behind 60% of stolen cryptocurrency (Naked Security) Chainalysis found that two groups, which it calls Alpha and Beta, are responsible for stealing around $1 billion in funds from exchanges.

Digital signs left wide open with default password (Naked Security) One thing the world doesn’t need: hackers who can broadcast to billboards of any size, be they PC monitor- or Godzilla-sized.

Massive Data Leak (The Poly Post) Human error caused a massive leak of personal information of all active students in the College of Science. On Jan. ...

Nest issues cryptic warning — spoiler alert, it’s about strangers peeking your cameras (The Verge) It’s a lose-lose situation for Google’s Nest

Man hacks Texas couple's security camera, asks Alexa to play 'Despacito' (Springfield News Sun) A Texas couple lying in bed last month was startled to hear a stranger’s voice in their apartm...

Security Patches, Mitigations, and Software Updates

Google Tackles Gmail Spam with Tensorflow (Dark Reading) Tensorflow, Google's open-source machine learning framework, has been used to block 100 million spam messages.

Safari Removing Do Not Track Support (Decipher) Apple is eliminating the Do Not Track feature from its Safari browser in version 12.1 and making several other security and privacy changes, as well.

Upcoming Firefox version to offer fingerprinting & cryptomining protection (HackRead) There is very good news for Mozilla Firefox users. After improving the user experience with tracking protection function offering content blocking features and other changes in Firefox 63, Mozilla is aiming for another significant update in the upcoming version of the browser.

Cyber Trends

The hidden truth about cyber crime: insider threats (Information Age) John Andrews, VP, Centrify, explores cyber crime in the UK and the rising tide of privilege access management attacks

Cybersecurity: Billions Pour In, Basics Languish (Infosecurity Magazine) 2018’s headlines only underscored the need for robust data security with over 2 billion records stolen.

The impact of cyber-enabled economic warfare escalation (Help Net Security) The Chertoff Group and the FDD unveiled the results of a recently conducted tabletop exercise on cyber-enabled economic warfare with physical implications.

Teens Don't Use Facebook, but They Can't Escape It, Either (WIRED) Gen Z appears mostly indifferent to Facebook, but they can't escape the social network; it’s their parents who are doing most of the posting.

Customers Blame Companies not Hackers for Data Breaches (Security Boulevard) RSA Security latest search reveals over half (57%) of consumers blame companies ahead of hackers if their data is stolen.

Add cybersecurity to Doomsday Clock concerns, says Bulletin of Atomic Scientists (CSO Online) The Doomsday Clock, once a ritual feature of the Cold War, warns that cybersecurity issues like IoT and cyber-enabled information warfare endanger humanity.

Which countries have the worst (and best) cybersecurity? (Comparitech) With so much of our information (including incredibly personal data) being found online, cybersecurity is of the utmost importance. So just where in the world are you cyber safe – if anywhere? Our study looked at 60 countries and found huge variances in a number of categories, from malware rates to cybersecurity-related legislation. In fact, …

Marketplace

Huawei offers to build cyber security centre in Poland (CRN Australia) Following arrests of Huawei employee and former Polish security official.

New eSecurityPlanet.com Survey Shows Majority of Businesses Plan to Accelerate IT Security Spending and Hiring (GlobeNewswire News Room) Highly publicized data breaches, increasing vulnerabilities, and new privacy regulations globally are pushing companies to increase spending on trusted IT security tools, staff, and hiring

VMware acquires remote device management vendor AetherPal (CRN Australia) Boosting capabilities of VMware's Workspace ONE platform.

HelpSystems Buys Core Security Assets to Grow Infosec Portfolio (Dark Reading) Acquisition will enable it to provide threat detection, pen testing, and other security tools to customers.

Twitter’s Push for Healthier Discourse Pays Off With Revenue Jump (Wall Street Journal) Twitter reported record quarterly revenue and its first full year of profitability, signs that its efforts to promote healthy interactions on the social-media platform appear to working.

Is it Time to Buy This Transforming Tech Stock? (The Motley Fool Canada) BlackBerry Ltd. (TSX:BB)(NYSE:BB) continues to transform rapidly. Is it the type of investment for you?

TWOSENSE.AI Awarded DoD $2.42M Security Contract for Behavioral Biometrics (AP NEWS) Today TWOSENSE.AI announces it has been awarded a $2.42M contract through Other Transaction Agreement (OTA) by the Army Contracting Command (ACC) to deploy deep neural networks for continuous multifactor authentication.

Why Augusta deserves to be home to a cyber army (Fifth Domain) The U.S. Army, the city of Augusta and the state of Georgia are well on the way to validating the decision to make Augusta a cyber hub.

Facebook’s Top PR Exec Is Leaving the Toughest Job in Tech (WIRED) Caryn Marooney is the latest in a series of high-profile departures from Facebook's communications department at a time when the company is perpetually under siege.

Daniel Stenberg, founder and Chief Architect of cURL, joins wolfSSL (Help Net Security) wolfSSL announces integration with cURL. As part of the integration, Daniel Stenberg, founder and Chief Architect of cURL, will join the wolfSSL team.

SentinelOne Elevates Nicholas Warner to COO, Daniel Bernard to CMO, and Efraim Harari to CCO as SentinelOne Continues to be the Industry’s Fastest Growing Cybersecurity Company (BusinessWire) SentinelOne, the autonomous endpoint protection company, today announced that Nicholas Warner, the company’s Chief Revenue Officer, has been promoted

Former Cyber Command Deputy Joins E3/Sentinel Board of Directors (Washington Examiner) Retired Lt. Gen. J. Kevin McLaughlin, former deputy commander of U.S. Cyber Command, has joined E3/Sentinel‘s board of the directors, the company announced.

SAIC Names Nathan Rogers as New Chief Information Officer (AP NEWS) Feb 6, 2019--Science Applications International Corp. (NYSE: SAIC) announced today that Nathan G. Rogers will assume the role of chief information officer effective Feb. 2, reporting to SAIC CEO Tony Moraco. Rogers succeeds Bob Fecteau who retires from the company in April. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20190206005042/en/ Nathan Rogers, former Engility CIO, named new CIO for SAIC. (Photo: Business Wire)

Zendesk President of Products Adrian McDermott Joins FireEye Board of Directors (AP NEWS) FireEye, Inc. (NASDAQ: FEYE), the intelligence-led security company, today announced that Adrian McDermott has been appointed to the FireEye board of directors. McDermott is currently President of Products at Zendesk, a global company that builds software for customer service and engagement. McDermott brings 25 years of business experience across a number of technology markets. McDermott has led the product management and engineering teams for Zendesk since 2010. In his role, McDermott is responsible for defining and leading global product strategy and product development for the publicly-traded, web-based customer service software leader.

Products, Services, and Solutions

SecurityScorecard Launches Project Escher to Support Non-Profit Organizations in Fight to Understand Third Party Risk (PR Newswire) SecurityScorecard, the leader in security ratings, announced today the launch of Project Escher, which provides...

Veriato to Offer Cerebral - A Complete Insider Threat Intelligence Platform to Combat Insider Data Breaches (PR Newswire) Veriato, an innovator in actionable User and Entity Behavior Analytics (UEBA) and a global leader in...

Fortinet Introduces Intent-Based Next-Gen Firewalls - SDxCentral (SDxCentral) Fortinet today released a family of next-generation firewalls that feature intent-based segmentation to provide a granular level of security.

Facebook will reveal who uploaded your contact info for ad targeting (TechCrunch) Facebook’s crack down on non-consensual ad targeting last year will finally produce results. In March, TechCrunch discovered Facebook planned to require advertisers to pledge that they had permission to upload someone’s phone number or email address for ad targeting. That tool debuted i…

Remote wipe SAN and EFI computers with BCWipe Total WipeOut by Jetico (Help Net Security) Jetico, leading developer of approved DoD wipe software, announced the release of version 4 of BCWipe Total WipeOut to erase hard drive data.

Zettaset releases XCrypt Archive for Pivotal Cloud Foundry to automate encryption (Help Net Security) Zettaset announced that Zettaset XCrypt Archive for Pivotal Cloud Foundry (PCF) is now available on the Pivotal Services Marketplace.

Retarus adds WF-500 appliance of Palo Alto Networks to email security portfolio (Telecompaper) German information logistics provider Retarus said it is partnering with Palo Alto Networks to add the WF-500 appliance to its e-mail security portfolio.

NTT DATA chooses Exabeam to consolidate security solutions - (Enterprise Times) NTT DATA chooses long term cybersecurity partner Exabeam to help consolidate all of the SIEM solutions spread across the business

Technologies, Techniques, and Standards

NIST Round 2 and Post-Quantum Cryptography (part 1) (Private Internet Access Blog) NIST has announced the projects that have advanced through the 2nd round of the search for a new quantum resistant cryptography standard.

Making the Case for Cybersecurity Investment (Infosecurity Magazine) Business leaders are yet to fully embrace the value of cybersecurity.

There's No Good Reason to Trust Blockchain Technology (WIRED) Opinion: Cryptocurrencies are useless. Blockchain solutions are frequently much worse than the systems they replace. Here's why.

Lookalike domains: Artificial intelligence may come to the rescue (Help Net Security) In the world of network security, hackers often use lookalike domains to trick users to unintended and unwanted web sites, to deliver malicious software

Japan targets complacency with cyber attack on citizens (The Straits Times) Last November, when Japan's 68-year-old minister for cyber security admitted he had never used a computer and was "not very familiar" with cyber security issues, it was, of course, hilarious.. Read more at straitstimes.com.

Inside NATO's cyber defence centre (Sky News) Inside NATO's cyber defence centre

CNO Wants More Cyber, IW in Navy’s Wargames (Breaking Defense) The Navy needs to increase both the number and complexity of its wargames, the service’s top admiral said Wednesday, citing rapid advances being made by competitors in cyber and information warfare tactics that will muddy and confuse future battlefields.

Citizen surveillance: What does the US Government know about you? (Privacy.net) How much information does the US government have about you, an average US citizen? I attempt to cover all the ways that the feds can track you down.

Design and Innovation

Fabula AI is using social spread to spot ‘fake news’ (TechCrunch) UK startup Fabula AI reckons it’s devised a way for artificial intelligence to help user generated content platforms get on top of the disinformation crisis that keeps rocking the world of social media with antisocial scandals. Even Facebook’s Mark Zuckerberg has sounded a cautious note…

Can learning ham radio make for better engineers and software developers? (C4ISRNET) Employees from the Naval Air Warfare Center Weapons Division took a week-long class in amateur radio as a way to better understand radio frequency (RF) propagation that can be essential to engineering and software development.

Research and Development

Attacking Artificial Intelligence: How To Trick The Enemy (Breaking Defense) “Autonomy may look like an Achilles’ heel, and in a lot of ways it is” – but for both sides, DTRA's Nick Wager said. “I think that’s as much opportunity as that is vulnerability. We are good at this… and we can be better than the threat.”

AI could think for itself by 2050, cybersecurity expert predicts at Colorado Springs seminar (Colorado Springs Gazette) The first artificial intelligence capable of thinking for itself could be a reality as soon as 2050, according to a speaker in a panel discussion Wednesday at the Rocky Mountain

Legislation, Policy, and Regulation

How Australia and Germany tamed the tech giants and what Britain can learn from them  (The Telegraph) When Ian Russell accused Instagram of ‘helping to kill’ his 14-year-old daughter it provoked an outpouring of public anger, the reverberations of which have been felt from Westminster to Silicon Valley.

Regulators Are Figuring Out How to Make Google and Facebook Sweat (Medium) The Wild West era may be drawing to a close for tech corporations like Facebook and Google. New scrutiny from regulators abroad — and some closer to home — is resulting in fines that portend more…

Exclusive: Huawei needs 3-5 years to resolve British security fears... (Reuters) A $2 billion effort by China's Huawei to address security issues raised in ...

Huawei likely faces 5G ban in Canada, security experts say (South China Morning Post) Analysts and former diplomats doubt Huawei will be allowed a role in Canada’s next-generation networks, but China’s ambassador warns of repercussions if the firm is banned

Analysis | The Cybersecurity 202: Huawei's access to 5G could expand China's surveillance state, cyber diplomat warns (Washington Post) Chinese telecom companies should be banned from next-generation networks, Rob Strayer says.

Using Huawei technology is a matter of faith (Deutsche Welle) What role can Chinese network supplier Huawei play in building Germany's 5G network? It's a question of faith, but not only — so Berlin is taking its time to give a definitive answer.

Turkcell defends Huawei against 'uncorroborated' security allegations (Totaltelecom) Turkcell has joined a growing number of European telcos who are calling for authorities to find a way to work with Huawei on 5G network security

Marco Rubio Continues to Swing Away at ZTE (Sunshine State News) This week, U.S. Sen. Marco Rubio, R-Fla., who sits on the U.S. Senate Foreign Relations Committee, brought back a proposal taking aim at ZTE, a telecommunications company run by the Chinese government. 

Huawei, ZTE Parts Weaken Rural Networks, Sens. Told (Law360) Chinese telecom equipment makers Huawei and ZTE continue to be threats to the security of U.S. networks, but some small and rural broadband providers are still pressured to buy the foreign-made components because they're the least expensive, the full Senate Commerce Committee heard Wednesday.

Former Cyber Command leader details security threat from China's tech expansion, calls for private-sector regulation (Inside Cybersecurity) The former number-two official at the military’s Cyber Command buttressed the cybersecurity case against the global commercial expansion of Chinese information and communication technology, and suggested a need for requirements on the private sector in defending against the threat associated with Beijing.

Valuable, messy and contentious: How big data became 'new oil' (Federal News Network) While agency IT officials recognize the Foundations for Evidence-Based Policymaking Act and OPEN Government Data Act present opportunities to get more value out of their data, they also see challenges in preparing the workforce to manage all that data.

Cisco Calls for US Federal Privacy Legislation—Leveling the Privacy Playing Field (blogs@Cisco - Cisco Blogs) Irony alert: Even as every day we become more dependent on the internet and its wealth of information to simplify our lives, we ask ourselves more and more: can we trust the way our own personal information is handled?

DHS prioritizes restart of election security programs post-shutdown (CNN) Since the shutdown ended, the Department of Homeland Security has prioritized the resumption of its election security programs, some of which were forced to go on hiatus during the lapse in government funding, according to Cybersecurity and Infrastructure Security Agency Director Chris Krebs.

SOCOM needs to step up its propaganda game, Pentagon deputy says (Military Times) The Pentagon is pushing it’s special operations forces to move beyond the traditional leaflets-and-loudspeakers approach to information warfare, a senior Pentagon official said this week.

What is the California Consumer Privacy Act? (OTRS) Last year, the EU implemented the GDPR, countries around the world began implementing their own data protection laws, as did the United States with the CCPA.

Litigation, Investigation, and Law Enforcement

Australia prohibits billionaire Chinese ‘spy’ Huang Xiangmo from returning (Times) A Chinese billionaire who has been resident in Australia for eight years and who has donated generously to political parties has been denied the right to return to the country amid concerns about...

House Intelligence Committee says it will expand inquiry beyond Russian meddling (San Diego Union Tribune) The House Intelligence Committee voted Wednesday to send special counsel Robert Mueller transcripts from closed-door interviews in the Russia investigation.

What Robert Mueller Knows—and Isn't Telling Us (WIRED) The special counsel's indictments have so far stopped short of tying Trump and his associates to a broader conspiracy, blanks that will eventually get filled in.

More Alleged SIM Swappers Face Justice (KrebsOnSecurity) Prosecutors in Northern California have charged two men with using unauthorized SIM swaps to steal and extort money from victims. One of the individuals charged allegedly used a hacker nickname belonging to a key figure in the underground who’s built a solid reputation hijacking mobile phone numbers for profit.

Court Finds Cybersecurity-Related Claims Sufficient in Securities Class Action (The National Law Review) In the aftermath of Equifax’s data breach, a federal court recently found that allegations of poor cybersecurity coupled with misleading statements supported a proper cause of action. In it

Over 59,000 Breaches Have Been Reported to GDPR Regulators (Infosecurity Magazine) DLA Piper warns fines could reach into the hundreds of millions this year

Some banks still adrift from GDPR compliance, warn regulatory experts (IBS Intelligence) Some banks still adrift from GDPR compliance, warn regulatory experts

The plot to revive Mt. Gox and repay victims’ Bitcoin (TechCrunch) It was the Lehman Brothers of blockchain. 850,000 Bitcoin disappeared when cryptocurrency exchange Mt. Gox imploded in 2014 after a series of hacks. The incident cemented the industry’s reputation as frighteningly insecure. Now a controversial crypto celebrity named Brock Pierce is trying to …

A Crypto Exchange CEO Dies—With the Only Key to $137 Million (WIRED) Customers of QuadrigaCX are out as much as $190 million after CEO Gerry Cotten died; Cotten reportedly was the only one with the key to retrieve the money.

Bank IT Manager Gets 10 Years for ATM Exploit (Infosecurity Magazine) Huaxia Bank employee stole $1m from cashpoints

Court upholds conviction of girl who urged suicide with texts and calls (Ars Technica) "You're just making it harder on yourself by pushing it off," one message said.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Border Security: Physical Wall vs. Virtual Wall (Arlington, Virginia, USA, February 18, 2019) Marymount University ISACA Student Group (MUISG) has its CyberNight at MU scheduled for 9 March 2019 from 6-8pm. Panelists will discuss Border Security: Physical vs Virtual Wall. This is an educational...

Insider Threat Program Development-Management Training Course (Herndon, Virginia, USA, February 18 - 19, 2019) Insider Threat Defense announced it will hold its highly sought after 2 day Insider Threat Program Development-Management Training Course, in Herndon, VA, on February 19-208, 2019. This 2 day training...

Upcoming Events

QuBit Conference Belgrade 2019 (Belgrade, Romania, February 7, 2019) QuBit is a Cybersecurity Community Event connecting the East and West. We create a unique way to meet the best and the brightest minds in the information security fields across multiple industries, and...

NITSIG Meeting: Insider Threat Detection & Mitigation Using External Data Sources (Laurel, Maryland, USA, February 12, 2019) Gathering and analyzing Internal data sources is very important for Insider Threat Detection. Equally important is knowing what External data sources are also available to create the "Big Picture" of potential...

National Security Technology Forum and Exposition (NSTFX) (San Diego, California, USA, February 12, 2019) AFCEA International and the University of California, San Diego are proud to host a new and innovative event entitled “The National Security Technology Forum and Exposition (NSTFX)”. NSTFX will bring...

3rd Next Generation Cyber Security for Utilities (Denver, Colorado, USA, February 13 - 14, 2019) With the value of damages caused by cyber-attacks growing rapidly every year, adopting a new and comprehensive approach to cyber security for utilities is more important than ever. Among essential facilities...

BSides Huntsville (Huntsville, Alabama, USA, February 15 - 16, 2019) The fun and cheap way to earn CEU's. Instead of paying way too much to listen to some guy in a suit try and sell you something, you can pay just a few bucks to hear actual programmers and hackers talk...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.