skip navigation

More signal. Less noise.

Open Source Network Security Tools for Beginners

With so many open source tools available to help with network security, it can be hard to know where to begin, especially if you are an IT generalist who has been tasked with security. Check out this helpful guide to learn more.

Daily briefing.

Over the weekend print operations at several major US newspapers were disrupted by a cyberattack. Saturday editions of the San Diego Union Tribune, the Baltimore Sun, the Chicago Tribune, the New York Times, the Wall Street Journal, the Los Angeles Times and other papers saw their editions delayed as the attacks on print plants affected production (New York Times). The attack, which is believed to have involved a variant of Ryuk ransomware, targeted Tribune Publishing, but not all of the affected papers were Tribune properties. A number of them, including the New York Times, and Wall Street Journal, contract to use Tribune printing services. Production resumed through reversion to various workarounds.

Attribution remains murky, but the Los Angeles Times reports that the attack is believed to have originated outside the United States. Neither Tribune Publishing nor the affected papers have reported receiving ransom demands, but the incident seems consistent with a ransomware attack. KnowBe4 and Check Point have pointed out circumstantial similarities between this attack and operations of the North Korean government (Ryuk being a descendant of Hermes, which has been attributed to the Lazarus Group). CrowdStrike thinks Eastern European criminals the probable culprits, and that those gangs may have used Trickbot in their attack (PC Magazine). 

Rapid7 reports finding hard-coded credentials in Guardzilla home-surveillance video systems.

Alleged NSA leaker Hal Martin succeeded in having incriminating statements he made during a 2016 FBI raid on his house suppressed: he wasn't Mirandized. But physical evidence the Bureau collected is still admissible.

Notes.

Today's edition of the CyberWire reports events affecting China, India, Democratic Peoples Republic of Korea, Russia, Saudi Arabia, Singapore, United Kingdom, United States.

Visualize Your Network Like the Most Infamous Hackers

Cyber threats are becoming more frequent and targeted. Bad actors are more adept at social engineering and investigating your network and infrastructure to understand your organization’s cyber strengths and weaknesses. This webinar delves into a robust threat model capable of repelling the world's most sophisticated hackers and nation-state actors. Join us for an introduction to ScoutThreat™, a threat management platform that helps analysts streamline threat analysis work and extract the maximum value from threat intelligence.

We're back from our holiday break, and we've also resumed our usual podcasting schedule. In today's podcast, out later this afternoon, we hear from our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin discusses whether remotely wiping a mobile device could be considered destruction of evidence. Guest is Steve Durbin from the ISF on using a human-centered approach to building security teams.

And Recorded Future has also resumed its podcasts, which are produced in cooperation with the CyberWire. In the current episode, "Pioneering proactive approaches to power protection," Andrew Kling, senior director of cybersecurity at Schneider Electric, shares his professional journey and stresses the importance of threat intelligence.

Cyber Security Summits: 2019 (United States, January 1 - December 31, 2019) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from the FBI, Darktrace and more at the 2019 Cyber Security Summits. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350).

Rapid Prototyping Event: The Wolf in Sheep's Clothing (Columbia, Maryland, United States, January 29 - 31, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Protoyping Event which is interested in identifying UAM solutions that employ advanced real-time analysis of multiple data sources for detecting unauthorized activities.

Cyber Attacks, Threats, and Vulnerabilities

Cyberattack Disrupts Printing of Major Newspapers (New York Times) Malware was focused on networks used by Tribune Publishing, former owner of The Los Angeles Times. It was the first known attack on newspaper printing operations.

Cyber attack causes distribution delays at prominent US newspapers: report (TheHill) A cyberattack Saturday targeting a major newspaper publishing company reportedly affected distribution at prominent newspapers across the United States.

Los Angeles Times, Tribune newspapers cyber attack probed by Homeland Security (The Washington Times) The origins of a suspected computer attack that disrupted the Los Angeles Times and Tribune Publishing newspapers remained unclear Sunday after causing delivery delays and being brought to the attention of federal investigators.

Letter from the publisher: Delivery of Union-Tribune affected by computer virus (San Diego Union Tribune) Most Union-Tribune subscribers were without a newspaper this morning as a malware attack on the company’s business systems hobbled the ability to publish.

Tribune Publishing Fights Cyberattack, Resumes On-Time Deliveries (Wall Street Journal) Newspapers printed by Tribune Publishing were delivered on time across the U.S. on Sunday, a day after a cyberattack against the publisher hobbled the distribution of some of the nation’s biggest titles.

'Workaround systems' help print U.S. newspapers hit by cyber... (Reuters) Tribune Publishing Co used "workaround systems" to help print major U....

Origin Of Newspaper Cyber-Attack Still Unclear (CBS Sacramento) The origins of a suspected computer attack that disrupted the Los Angeles Times and Tribune Publishing newspapers remained unclear Sunday after causing delivery delays and being brought to the attention of federal investigators.

Ransomware vs. printing press? US newspapers face "foreign cyberattack" (WeLiveSecurity) ESET's Stephen Cobb looks at a reported malware attack that stalled the printing and delivery of several major US newspapers over the weekend.

Stop the Presses: Don't Rush Tribune Ransomware Attribution (BankInfo Security) Don't rush to blame the printing outage at newspapers owned by Tribune Publishing on anything more than an organization failing to block a malware outbreak. And even if it does prove to be a Ryuk ransomware attack, there's no proof yet that any particular nation state is behind the campaign, experts warn.

Ryuk Ransomware Involved in Cyberattack Stopping Newspaper Distribution (BleepingComputer) A cyberattack reportedly bearing the signature of Ryuk ransomware caused disruption over the weekend in printing and delivery of major newspapers in the US from Tribune Publishing and Los Angeles Times.

[Heads-up] North Korean Ransomware Attack Disrupts Major U.S. News Media (KnowBe4) It was all over the news. A server outage at a major newspaper publishing company on Saturday that prevented the distribution of many leading U.S. newspapers, including the Wall Street Journal, New York Times, Los Angeles Times, Chicago Tribune and Baltimore Sun.

Cyberattack Reminds Us About America’s Achilles’ Heel (the Trumpet) Computer malware attacks threaten U.S. infrastructure, personal data and military security.

Hackers steal data of N Korean defectors (BBC News) A personal computer at a resettlement centre in South Korea was found to have been infected.

Research reveals the battle to control Yemen's internet (Techworld) Recorded Future research demonstrates the importance of internet control in modern warfare

R7-2018-52: Guardzilla IoT Video Camera Hard-Coded Credential (Rapid7 Blog) Most HaXmas posts are full of fun and frivolity, but this one is a routine vulnerability disclosure in a piece of IoT gear that you should know about.

Windows Zero-Day Bug Allows Overwriting Files with Arbitrary Data (BleepingComputer) A security researcher has disclosed exploit code for a fourth zero-day vulnerability in Windows operating system in just as many months. The bug enables overwriting a target file with arbitrary data.

Hackers Threaten to Dump Insurance Files Related to 9/11 Attacks (Motherboard) The Dark Overlord appears to be trying to capitalize on conspiracy theories about the September 11 attacks.

Cryptocurrency Wallet Hacks Spark Dustup (Threatpost) Cryptocurrency wallets Trezor and Ledger are vulnerable to a number of different type attacks, researchers say.

Hackers steal Bitcoin worth $750,000 by hacking Electrum wallets (HackRead) This year we have seen an unprecedented rise in malware attacks against cryptocurrency wallets whereas cryptomining incidents have increased by 4,000%, reports McAfee.

How Hackers Stole $1B From Cryptocurrency Exchanges In 2018 (Forbes) The cryptocurrency year has been one of ups and downs, especially where exchange rates are concerned. Sadly, one area that has remained buoyant is crypto theft. So, who were the hackers that stole $1 billion and how did they do it?

New Ransomware possibly criakl version (My Online Security) It looks like we have a new Ransomware spreading as a nice Christmas Present. This is being identified as Criakl by Anyrun , but if it is criakl, then it is a new version . Criakl was around in 2014…

Hackers steal credit card data of 14,579 BevMo customers (HackRead) A warning has been issued by the Concord, California-based alcoholic beverages retailer BevMo informing its customers about a data breach that its online store experienced between 2 August and 26 September.

Underminer exploit kit improves in its latest iteration (Malwarebytes Labs) We take a look at some recent changes with the elusive Underminer exploit kit.

Is Spectre making a comeback? Processors in the spotlight (Panda Security Mediacenter) We began 2018 with a real scare: Meltdown and Spectre, two serious vulnerabilities. And it seems we’re going to finish the year with the same sensation.

Hackers use a fake wax hand to fool vein authentication security (The Verge) It was done using modified consumer tech

American Express Phishing using encoded html attachment (My Online Security) We see lots of phishing attempts for email, bank, PayPal, Credit card and other financial credentials. This one is slightly different than many others and much more involved and complicated…

Netflix phishing scam: Don’t take the bait (Consumer Information) Phishing is when someone uses fake emails or texts to get you to share valuable personal information – like account numbers, Social Security numbers, or your login IDs and passwords.

Security Patches, Mitigations, and Software Updates

Microsoft Monday: Upcoming Windows 10 Antivirus Feature, Launcher App, Xbox Game Pass Teaser (Forbes) This week, “Microsoft Monday” includes details about an upcoming Windows 10 antivirus feature, a Launcher update for Android and an Xbox Game Pass teaser.

Critical Bug Patched in Schneider Electric Vehicle Charging Station (Threatpost) Vulnerability in electric car charging stations could allow attackers to compromise devices.

Cyber Trends

2019: Cyber War - Part 1 (Forbes) Cyber war is on its way? Will it be a Happy New Year?

2019: Cyber War - Part 2 (Forbes) Cyber war is on its way? Will it be a Happy New Year?

Four big questions for cybersecurity in 2019 (Fifth Domain) History may remember 2018 as a big year for federal cybersecurity. So what comes next?

2019 Malware Trends to Watch (Threatpost) Here are 10 top malware trends to watch for in the New Year.

New actors will join state-sponsored hackers in global cyber-crime, report warns (Times of Israel) Russia's Kaspersky Lab says in its Targeted Threat Predictions for 2019 that barriers to new players entering the fray have 'never been so low'

Threatlist: Dark Web Markets See an Evolution in Q3 (Threatpost) Vulnerabilities, stolen credentials and an evolution of marketplaces mark the Dark Web in Q3.

The 21 scariest data breaches of 2018 (Business Insider) Millions of people had their personal information compromised this year in data breaches. See which companies were hit the hardest.

Why have we become desensitised to cyber attacks? (Real Business) Nowadays, not a day goes by without news of another cyber hack in the news. But according to Sungard's Mike Smith, human beings unfortunately learn to get used to things.

Two top execs’ predictions for cybersecurity in 2019 (Security Brief) One Identity and Secureworks executives Alex Tilley and Serkan Cetin have released what they see coming for cybersecurity in 2019.

2019 could be a tough year for Indian firms as cybercriminals turn to emerging technologies (Livemint) A report by Seqrite claims that Indian companies faced more than 26 million threats in Q3 of 2018 alone

Marketplace

Campaign against Huawei faces embarrassing reality (Asia Times) US has no 5G competitor, while European, South Korean players lag far behind

Tech stocks’ slide could prove tipping point for cybersecurity buying spree in 2019 (MarketWatch) There are too many cybersecurity companies offering too many solutions to too many problems, with too few qualified workers seeking to help. After years of hoping for a change, it’s possible that the fourth-quarter market correction could help 2019 be the year that change finally happens.

Thoma Bravo Completes Acquisition of Veracode Software (PR Newswire) Thoma Bravo, LLC, a leading private equity investment firm, today announced that it has...

Products, Services, and Solutions

Tor Is Easier Than Ever. Time to Give It a Try (WIRED) Been curious about Tor but worried it's too complicated to use? Good news: The anonymity service is more accessible than ever.

Technologies, Techniques, and Standards

The Air Force targeted its own personnel to see if they could 'recognize and thwart' cyberattacks (Business Insider) In an effort to test their awareness, the Air Force went after its own personnel with a hard-to-detect technique that can compromise networks.

Why it’s Time to Switch from Facebook Login to a Password Manager - (Trend Micro Simply Security) Social media sites are increasingly the focus of our digital lives. Not only do we share, interact and post on platforms like Facebook —we also use these sites to quickly log into our favorite apps and websites. But what happens when these social media gatekeepers are hacked? Awhile back, Facebook suffered a major attack when...

Air Force begins to roll out special cyber defense teams (Fifth Domain) Major commands will begin staffing new mission defense teams that focus on preventing cyberattacks.

Language, Regional Expertise and Culture Mobile App Refreshed, Encompasses 59 Countries (US Navy) CIWT's Language, Regional Expertise and Culture (LREC) directorate released a new version of its Navy Global Deployer app, Dec. 18.

Design and Innovation

Why the Pentagon’s cyber innovation could fall behind (Fifth Domain) A new paper argues that cyber innovation will struggle amid growing conflict with China and Russia.

What the future of artificial intelligence means for cybersecurity (Fifth Domain) Two new papers give an insight into how artificial technology will be used for cybersecurity in the future.

Leaked Documents Show How Instagram Polices Stories (Motherboard) Motherboard has obtained internal documents that show how Instagram moderators grapple to police the service's popular Stories feature.

Research and Development

This clever AI hid data from its creators to cheat at its appointed task (TechCrunch) Depending on how paranoid you are, this research from Stanford and Google will be either terrifying or fascinating. A machine learning agent intended to transform aerial images into street maps and back was found to be cheating by hiding information it would need later in "a nearly imperceptible, h…

US Spies Want to Know How to Spot Compromised AI (Defense One) What if you were training an AI, and an adversary slipped a few altered images into its study set?

Legislation, Policy, and Regulation

Trump to declare emergency ban on Beijing ‘spy firms’ (Times) President Trump is preparing to declare a national emergency and outlaw two of China’s biggest telecoms companies over claims that they are being used to spy on America. An executive order is said...

FCC will suspend most operations on Thursday if the shutdown continues (TechCrunch) The Federal Communications Commission said on Monday that it will need to suspend most of its operations by the middle of Thursday if the partial government shutdown continues. The FCC will continue “work required for the protection of life and property,” as well as work related to spectrum auction…

How the new acting Pentagon chief views cybersecurity (Fifth Domain) Comments from Patrick Shanahan, who will take over as acting secretary of defense Jan. 1, give insight into his cybersecurity priorities amid growing national security challenges.

America, Meet Your (Acting) Secretary of Defense (The Atlantic) With no military experience and just a year and a half in government, the former Boeing executive Patrick Shanahan has yet to develop a foreign-policy vision of his own.

Dana White Out as Pentagon's Chief Spokeswoman (Military.com) The new Pentagon chief spokesman, Charlie Summers, is a former Maine politician and Navy reserve captain.

New chief for military spy agency (C4ISRNET) NGA will get a new director in February to replace Robert Cardillo.

Litigation, Investigation, and Law Enforcement

Russia arrests 'US spy' in Moscow (BBC News) The FSB security agency says a US man named Paul Whelan has been charged with spying.

Detained US citizen Paul Whelan was in Moscow for a wedding, his brother says (CNN) A US citizen and corporate security director detained in Russia on accusations of spying is a retired Marine who was in Moscow for a wedding, his twin brother said Tuesday.

UNITED STATES Plaintiff, v. HAROLD T. MARTIN, III, Defendant. (US District Court for the District of Maryland (via Politico)) On February 8, 2017, the Grand Jury returned an Indictment against Harold T. Martin, III, charging him with twenty counts of Willful Retention of National Defense Information in violation of 18 U.S.c. ~ 793(e).

FBI Botched Interrogation of Former NSA Contractor Accused of Stealing Secrets (Gizmodo) In the case of a former National Security Agency (NSA) contractor accused of stealing a huge cache of classified documents, a federal judge this month agreed to toss out statements made by the contractor, Harold “Hal” Martin, on the basis that FBI agents failed to Mirandize him properly during four-hour interrogation, even though the suspect was not under arrest at the time.

Suspect’s Twitter messages played role in NSA hacking-tools leak probe (POLITICO) Judge reveals that just before Shadow Brokers advertised a major breach, contractor sent suspicious message: “Shelf life, three weeks”

Thomas Rid on Twitter (Twitter) “CORRECTION: my post from earlier today erroneously linked Hal Martin to the Shadwobrokers. The redacted sections refer to another entity. H/t to an unnamed source and @emptywheel Caution also with this story: https://t.co/JMYeM0kpjk”

LinkedIn billionaire Reid Hoffman paid election ‘fixers’ (Times) One of the billionaire founders of the social network LinkedIn has apologised for unwittingly funding a disinformation campaign on Facebook and Twitter that allegedly sought to pervert the course...

Top-secret report on SingHealth attack submitted to Minister-in-charge of Cyber Security (The Straits Times) The full report on the attack, which is believed to be state-sponsored and the act of sophisticated hackers, is not being published for national security reasons.. Read more at straitstimes.com.

Netflix pulls 'Patriot Act' episode in Saudi Arabia after it criticized official account of Khashoggi killing (CNN) Netflix has blocked an episode of a comedy show that tackles the killing of journalist Jamal Khashoggi from streaming in Saudi Arabia after officials from the Kingdom complained.

US Petroleum Employee Charged with Stealing Trade Secrets for Chinese Firm (Dark Reading) Longtime US resident allegedly stole information for petroleum firm in China that had offered him a position.

CenturyLink outage that hit 911 service spurs FCC investigation (CNET) The disruption affected 911 emergency services nationwide. FCC Chairman Ajit Pai called the problem "particularly troubling" in its "breadth and duration."

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

SINET Global Institute CISO Series (Scottsdale, Arizona, USA, January 15 - 16, 2019) By invitation only. These intimate CISO workshops address the challenges that Board of Directors are placing on security and risk executives, and how to successfully manage and communicate today’s enterprise...

CPX Asia 360 2019 (Bangkok, Thailand, January 21 - 23, 2019) CPX 360 - the industry’s premier cyber security summit and expo - brings together the world’s leading cyber security experts to one venue. Gain a deep understanding of current challenges cyber security...

CPX Americas 360 2019 (Las Vegas, Nevada, USA, February 4 - 6, 2019) CPX 360 promises to be the premier cyber security summit. CPX 360 is where you’ll receive up-to-the-minute intelligence about global threats and other vital topics from the world’s leading cyber security...

QuBit Conference Belgrade 2019 (Belgrade, Romania, February 7, 2019) QuBit is a Cybersecurity Community Event connecting the East and West. We create a unique way to meet the best and the brightest minds in the information security fields across multiple industries, and...

NITSIG Meeting: Insider Threat Detection & Mitigation Using External Data Sources (Laurel, Maryland, USA, February 12, 2019) Gathering and analyzing Internal data sources is very important for Insider Threat Detection. Equally important is knowing what External data sources are also available to create the "Big Picture" of potential...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.