skip navigation

More signal. Less noise.

What if your security solution could provide zero doubt?

A foundation of artificial intelligence delivers smart, simple, and secure solutions that change how organizations approach endpoint security. Cylance provides full-spectrum, predictive threat prevention and visibility across the enterprise to combat the everyday - as well as the most notorious and advanced - cyberattacks. Let Cylance help you understand how you can create real confidence in your organization’s security posture and zero in on what really matters.

Daily briefing.

FireEye is connecting a long-running DNS-hijacking campaign that’s affected enterprises worldwide, many of them private-sector infrastructure companies and Middle Eastern governments, to Iran, SecurityWeek reports. The attribution is tentative and, as usual, circumstantial, and FireEye notes that there may be more than one threat group at work, but their report concludes “with moderate confidence” that the operation is “conducted by persons based in Iran and that the activity aligns with Iranian government interests.”

Amazon’s Ring smart doorbell cum security system seems to involve more natural intelligence than users might have expected. The Intercept reports that video feeds from Ring’s home cameras are being watched, analyzed, and possibly shared by human watchstanders and company executives in mostly Ukrainian development shops. Ring told TechCrunch that this mischaracterizes what happened, and that Ring only used less-private neighborhood watch video for training purposes. However the story develops, it again suggests the backward-striking potential of networked security devices.

Polish authorities have made two arrests in an espionage case linked to Huawei. The Wall Street Journal reports that the suspects, who haven’t been publicly identified, are Huawei’s sales director for Poland (a Chinese national) and a former deputy head of IT security for Poland’s Internal Security Agency (a Polish citizen). Both have entered a plea of not guilty.

Those interested in the Russian media’s take on Kaspersky’s role in the Hal Martin case may consult RT and Sputnik. The executive summary? Schadenfreude: NSA’s security is sad, and Fort Meade owes Kaspersky thanks. Maybe even an apology.

Notes.

Today's edition of the CyberWire reports events affecting Canada, China, European Union, France, Iran, NATO/OTAN, Poland, Russia, Ukraine, United States.

Visualize Your Network Like the Most Infamous Hackers

Cyber threats are becoming more frequent and targeted. Bad actors are more adept at social engineering and investigating your network and infrastructure to understand your organization’s cyber strengths and weaknesses. This webinar delves into a robust threat model capable of repelling the world's most sophisticated hackers and nation-state actors. Join us for an introduction to ScoutThreat™, a threat management platform that helps analysts streamline threat analysis work and extract the maximum value from threat intelligence.

In today's podcast, out later this afternoon, we speak with our partners at Cisco Talos, as Craig Williams fills us in on the details of how Persian Stalker targets secure messaging apps. Our guest is Rajiv Dholakia from Nok Nok Labs, discussing the security pros and cons of biometrics.

Rapid Prototyping Event: The Wolf in Sheep's Clothing (Columbia, Maryland, United States, January 29 - 31, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Protoyping Event which is interested in identifying UAM solutions that employ advanced real-time analysis of multiple data sources for detecting unauthorized activities.

Cyber Attacks, Threats, and Vulnerabilities

Iran-Linked DNS Hijacking Attacks Target Organizations Worldwide (SecurityWeek) A DNS hijacking campaign targeting government, telecoms and commercial entities around the world has been linked to Iran.

For Owners of Amazon’s Ring Security Cameras, Strangers May Have Been Watching Too (The Intercept) Sources disclosed troubling privacy practices at a Ring office in Ukraine.

America’s Electric Grid Has a Vulnerable Back Door—and Russia Walked Through It (Wall Street Journal) A Wall Street Journal reconstruction of the worst known hack into the nation’s power system reveals attacks on hundreds of small contractors. The hackers then worked their way up the supply chain. Some experts believe two dozen or more utilities ultimately were breached.

NATO's Achilles' Heel: Power Grids (Atlantic Council) NATO leaders spent much of the last year trying to improve the mobility of Alliance forces across the European continent. While the elimination of logistical barriers between allies is an important first step, arguably too little attention was paid...

Task Force Update: With Three Months Until Ukraine’s Election Day, Foreign Interference Picks Up (Ukraine Elects) With less than three months to go before Ukrainians head to the polls to cast their votes for president, the election campaign is heating up. A number of political figures have registered their candidacies, and more are expected to follow suit. Accompanying ramped up election activity in Ukraine is

Google Search Results Spoofed to Create Fake News (Threatpost) The technique can be used to spread disinformation while leveraging the trust people have in Google's search results.

A DNS hijacking wave is targeting companies at an almost unprecedented scale (Ars Technica) Clever trick allows attackers to obtain valid TLS certificate for hijacked domains.

DNS Hijacking Campaign Targets Organizations Globally (Dark Reading) A group believed to be operating out of Iran has manipulated DNS records belonging to dozens of firms in an apparent cyber espionage campaign, FireEye says.

Global DNS Hijacking Blamed on Iranian Hackers (Infosecurity Magazine) Attacks seek to harvest log-ins from Middle East government users

Reports raise video privacy concerns for Amazon-owned Ring (TechCrunch) Amazon -owned smart doorbell maker Ring is facing claims that might give some smart home enthusiasts pause. Recent reports from The Intercept and The Information have accused the company of mishandling videos collected by its line of smart home devices, failing to inform users that their videos wou…

At Ring’s R&D Team, Security Gaps and Rookie Engineers (The Information) Jamie Siminoff had flown to frigid Kiev, Ukraine, to give a pep talk to the roughly 30 people who worked there for his fast-growing video doorbell startup, Ring. It was December 2016, and the Santa Monica, Calif., company had recently opened a satellite office in Ukraine to develop products that ...

High Toxicity SystemD Vulnerabilities in Most Linux Distros Identified (Computer Business Review) Major Linux distributions, from Red Hat to Debian, are exposed to three systemd vulnerabilities (the Linux initialisation system and service manager)

Secret Service: Theft Rings Turn to Fuze Cards (KrebsOnSecurity) Street thieves who specialize in cashing out stolen credit and debit cards increasingly are hedging their chances of getting caught carrying multiple counterfeit cards by relying on Fuze Cards, a smartcard technology that allows users to store dozens of cards on a single device, the U.S. Secret Service warns.

An unsecured database exposed the personal details of 202M job seekers in China (TechCrunch) The personal details belonging to more than 202 million job seekers in China, including information like phone numbers, email addresses, driver licenses and salary expectations, were freely available to anyone who knew where to look for as long as three years due to an insecure database. That’…

No more privacy: 202 Million private resumes exposed (HackenProof Blog) Bob Diachenko, Director of Cyber Risk Research at Hacken.io discovered resume data base breach which he responsibly reported, and now it is safe.

Your Old Tweets Give Away More Location Data Than You Think (WIRED) Researchers built a tool that can predict where you live and work, as well as other sensitive information, just by using geotagged tweets.

AT&T to Stop Selling Location Data to Third Parties After Motherboard Investigation (Motherboard) After Motherboard found that AT&T, T-Mobile, and Sprint are selling their customers' phone location data ultimately to bounty hunters, AT&T has decided to stop service for all location aggregators, an essential part of the data supply chain.

Carriers Swore They'd Stop Selling Location Data. Will They Ever? (WIRED) Months after Sprint, AT&T, T-Mobile, and Verizon promised to stop selling user location data, the practice continues.

System Down: A systemd-journald exploit (Qualys Security Advisory) We discovered three vulnerabilities in systemd-journald.

Z-WASP Vulnerability Used to Phish Office 365 and ATP (Avanan) The ZWASP phishing method was taking advantage of a vulnerability in Office 365 to bypass all of Microsoft's security. All Office 365 users were vulnerable, with or without ATP. Avanan worked with Microsoft to repair the vulnerability.

How Chinese hackers pulled off the Italian con job, a Rs 130-crore heist (The Economic Times) Fraudsters spoofed emails of group CEO, held fake conference calls to fool India head of Italian co.

Heartbreaking Emails: "Love You" Malspam (SANS Internet Storm Center) Malicious spam (malspam) using zipped JavaScript (.js) files as email attachments--this is a well-established tactic used by cyber criminals to distribute malware.

'WhatsApp Gold' hoax makes a comeback (Action Fraud) The 'WhatsApp Gold’ scam, which has being doing the rounds since 2016, has surfaced again in the form of a new message.

Victims report losing over £200,000, as fraudsters claim to be from TV Licensing (Action Fraud) Fraudsters are sending the public fake TV licensing emails to steal their personal and financial information.

Security Patches, Mitigations, and Software Updates

Cisco fixes serious DoS flaws in its email security appliances (Help Net Security) Cisco has plugged two vulnerabilities (one of which is critical) that open its email security appliances to denial of service attacks.

Cyber Trends

World War 3: Half US public fear major cyber attack while Russians boast 'we are ready' (Express.co.uk) Russians are confident their country is well prepared to deal with cyber warfare, more so than Britons or Americans according to a new poll by the Pew Research Centre.

Four cybersecurity trends every CIO should know (Help Net Security) Given the intricacy of today’s cyber security challenges, organisations will need to adopt a security approach that requires digital support.

Syncsort Survey Finds Disconnect Between Confidence in IT Security Programs and Data Breaches (BusinessWire) Despite an optimistic security outlook, 61 percent of organizations report they have either experienced a security breach or aren’t sure.

Is Security The Loser As Open Banking Takes Hold? (Infosecurity Magazine) What security challenges does PSD2 and open banking present?

Marketplace

The pre-seed diligence framework (TechCrunch) By now it’s clear that seed is the new Series A. Seed rounds have tripled in size and companies have been around for 2.4 years before they raise a seed round. A new stage has emerged to fill the gap.

The cybersecurity skills shortage is getting worse (CSO Online) More than half of organizations report a “problematic shortage” of cybersecurity skills, and there is no end in sight.

Cyren Announces Voluntary Delisting from the Tel Aviv Stock Exchange (PR Newswire) Cyren (NASDAQ: CYRN), a leader in cloud security, today announced that it is voluntarily delisting the company's...

Federal Bureau of Investigation Awards Salient CRGT $40.1M Prime Contract for Cybersecurity and Information Assurance Services (PR Newswire) Salient CRGT has been awarded a $40.1 million prime contract to provide critical cybersecurity services enabling...

Kaspersky Targets Enterprise Cybersecurity (PYMNTS) Russian cybersecurity company Kaspersky Lab announced plans to grow its enterprise cybersecurity position in Asia through a partnership with MSI-ECS Philippines, according to BusinessWorld reports this week. In its announcement, Kaspersky pointed to the Philippines’ “young and highly active online population,” making it a key market for the company. Its collaboration with MSI-ECS will focus […]

Sectigo Revamps Partner Program Post Comodo Rebrand (Channel Partners) Partners can work toward four tiered levels, each providing incremental benefits, support, and pricing discounts, such as new revenue streams to capitalize on sales of Sectigo S/MIME, Certificate Manager, or IoT Manager, as well as CodeGuard backup and recovery solutions.

Forcepoint Names Matt Preschern as Chief Marketing Officer (PR Newswire) Global cybersecurity leader Forcepoint today announced that veteran technology marketing executive Matt Preschern...

Products, Services, and Solutions

Infosec products of the week: January 11, 2019 (Help Net Security) The most interesting information security releses of the week include the following vendors: Avnet, Continuum Security, Ledger, FireEye, Neurotechnology, Regulus Cyber.

Elcomsoft forensic tools can now extract Apple Health data from iCloud (iLounge) Elcomsoft has announced that its Phone Breaker 9.0 forensic extraction tool now has the ability to remotely access Apple Health data stored in iCloud, making it the first forensic tool to gain access to this information, and adding it to the list of other data such as call logs, photo libraries, passwords, messages, and more that can already be extracted by Elcomsoft’s forensic tools.…

Trustwave unveils new advanced Secure Email Gateway for blended threats (Help Net Security) Trustwave Secure Email Gateway 8.2 addresses phishing campaigns, policy control and supports Microsoft Azure Rights Management.

Threat modelling joins DevSecOps processes through automation (Help Net Security) IriusRisk 2.0 enables threat modelling at scale and provides follow-up throughout the development process via integration with DevSecOps.

Trend Micro IoT Security 2.0 enhances end user protection and device makers’ reputation (Help Net Security) Trend Micro IoT Security 2.0 helps customers improve the security of products and the wider IoT ecosystem, while enabling them to drive differentiation.

Technologies, Techniques, and Standards

Why do video games use stronger security than some Canadian banks? (The Globe and Mail) I’ll be blunt: Securely authenticating users’ digital identities – without trips to the bank – is a solved problem

Get a Password Manager. No More Excuses (WIRED) How important are password managers? Even their flaws double as reminders why you need one.

What is a software-defined perimeter, and do I need it? (SearchNetworking) A software-defined perimeter improves enterprise security by making users and devices invisible to outside attacks. Discover the basics of SDP and learn how it can alleviate common security challenges.

Phishing: The future is zero tolerance (GCN) After years of data, the numbers are in: You're letting me hack you every time.

Design and Innovation

Lithuanian 'Elves' Fight Russian Trolls Online (Fifth Domain) Your news and information resource bringing the civilian, defense, industry, private sector and critical infrastructure cyber conversations together in one place.

Facebook brings fact-checking service to the UK to take down disinformation (The Telegraph) Facebook has launched its fact-checking service in the UK to deal with pages of disinformation that have become commonplace on the social network.

A Blueprint for Content Governance and Enforcement (Facebook) My focus in 2018 has been addressing the most important issues facing Facebook. As the year wraps up, I'm writing a series of notes about these challenges

At CES, Focus is On ‘Cool Factor’ Not IoT Security (Threatpost) When it comes to IoT, the priority at CES is the "wow factor" – but not so much a focus on security.

Research and Development

DARPA probes tech to solve supply chain uncertainty (FCW) DARPA and private companies are looking to improve supply chain security through the use of tiny chips and diamonds that can authenticate IT parts used by the government.

Researchers Retract Study That Said Fake News Is Just as Likely to Go Viral as the Truth (Motherboard) A paper that claimed the quality of information doesn't factor into how viral it becomes under conditions of "information overload" has been retracted.

People older than 65 share the most fake news, a new study finds (The Verge) And the finding holds true across party lines

Research finds heavy Facebook users make impaired decisions like drug addicts (TechCrunch) Researchers at Michigan State University are exploring the idea that there’s more to “social media addiction” than casual joking about being too online might suggest. Their paper, titled “Excessive social media users demonstrate impaired decision making in the Iowa Gambling …

Academia

Analysis | The Cybersecurity 202: High schoolers must start training for security jobs to fill the talent gap, professors say (Washington Post) There's a national shortage of workers in a critical field.

Legislation, Policy, and Regulation

Software patents poised to make a comeback under new patent office rules (Ars Technica) New rule narrows landmark 2014 Supreme Court decision limiting software patents.

Reps. McNerney and Latta Reach Across the Aisle to Introduce Grid Security Legislation (Congressman Jerry McNerney) To combat the increasing threat of cyberattacks and strengthen critical national infrastructure, Congressmen Jerry McNerney (CA-09) and Bob Latta (OH-05) introduced two bipartisan pieces of legislation to improve our nation’s grid security and resilience. H.R. 359, the Enhancing Grid Security through Public-Private Partnerships Act, and H.R. 360, the Cyber Sense Act, aim to bolster America’s electric infrastructure by encouraging coordination between the Department of Energy (DOE) and electric utilities.

DoD ramps up development of a ‘cyber factory’ (Fifth Domain) The Department of Defense is rapidly working to provide cyberwarriors capabilities under the Unified Platform.

We Could Easily Stop Location Data Scandals, But We Cower to Lobbyists Instead (Motherboard) Your daily habits are collected, sold, and abused by a universe of shady middlemen—and government couldn’t care less.

Katie Arrington has a new job at the Department of Defense (The State) Former SC candidate for Congress Katie Arrington has a new job. On her Facebook page, Arrington says she is working in the Defense Department after she lost her 1st District race to Democrat Joe Cunningham.

Litigation, Investigation, and Law Enforcement

Chinese Huawei Executive Is Charged With Espionage in Poland (Wall Street Journal) Polish authorities detained and charged the sales director of Huawei’s local office, a Chinese national, for conducting high-level espionage, amid widening global scrutiny of the technology giant.

Google Nears Win in Europe Over ‘Right to Be Forgotten’ (Wall Street Journal) Alphabet’s Google and other search engines shouldn’t be forced to apply the European Union’s “right to be forgotten” beyond the bloc’s borders, an adviser to the EU’s top court argued.

Hackerangriff auf Politiker: 20-Jähriger gesteht Datendiebstahl (netzwelt) Die persönlichen Daten von mehreren Politikern, Prominenten und Journalisten sind an die Öffentlichkeit geraten. Das Bundeskriminalamt (BKA) handelte schnell und der mutmaßliche Täter wurde vier...

Wie wehren "wir" uns am Besten? Hier Ratschläge von G-Data aktuell zum Thema: Was Nutzer aus dem „Hackerangriff“ lernen sollten (Lokalkompass) Quelle Doxing: Was Nutzer aus dem „Hackerangriff“ lernen sollten Die Veröffentlichung privater Daten von Politikern, Satirikern und anderen Prominenten sorgt derzeit für viel Aufregung.

Kaspersky Spotted Leak NSA Missed as Spy Agency Lacks ‘Good Handle’ on Security (Sputnik) On Wednesday, Politico reported that Moscow-based Kaspersky Labs, which is banned on US government computers over spying fears, helped uncover in 2016 perhaps the single largest theft of US intelligence in history. Sputnik spoke with Kim Zetter, the author who broke the ironic story, about what happened.

Russian cyber firm hounded in US helped NSA bust 50TB data breach – report (RT International) Kaspersky Lab may be portrayed by the US media as an extension of the Russian government using its antivirus software to snoop on gullible Americans, but in 2016 it helped the NSA to bust a massive security breach.

Supreme Court refuses to hear Fiat Chrysler appeal in Jeep hacking case (Naked Security) The court’s action means that one of the first legal cases involving cyber security risks in cars will go to trial in October.

Zurich Refuses to Pay Out For NotPetya ‘Act of War’ (Infosecurity Magazine) Confectionary maker Mondelez is claiming $100m

Mondelez sues Zurich in test for cyber hack insurance (Financial Times) Insurance group had refused to pay for NotPetya attack, invoking a war exclusion

Cooking Utensil Firm OXO Files Data Breach in California (Infosecurity Magazine) Hackers are believed to have accessed names, addresses and credit card information.

El Chapo Trial: How a Colombian I.T. Guy Helped U.S. Authorities Take Down the Kingpin (New York Times) Cristian Rodriguez was hired by the Sinaloa drug cartel to create a secure encrypted communications network. Then he helped the F.B.I. break into it.

IT Guy’s Help Snares Mexican Drugs Baron (Infosecurity Magazine) Consultant helped Feds listen in on ‘secret’ chats

'El Chapo' computer whiz tells court of 'nervous breakdown' after... (Reuters) Self-described computer whiz Christian Rodriguez told jurors on Thursday how he ...

Massachusetts man gets 10 years in prison for hospital cyberattack (Reuters) A Massachusetts man was sentenced on Thursday to more than 10 years in prison fo...

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

QuBit Conference Belgrade 2019 (Belgrade, Romania, February 7, 2019) QuBit is a Cybersecurity Community Event connecting the East and West. We create a unique way to meet the best and the brightest minds in the information security fields across multiple industries, and...

PCI Security Standards Council 2019 India Forum (New Delhi, India, March 13, 2019) You’re invited to a day of networking opportunities and educational sessions as the PCI Security Standards Council holds its first ever India Forum in New Delhi, India. You won’t want to miss our engaging...

InfoSec World 2019 (Lake Buena Vista, Florida, USA, April 1 - 3, 2019) Cybersecurity has come a long way in 25 years, and InfoSec World has been there through it all. That's right, InfoSec World 2019 Conference & Expo is returning to Disney's Contemporary Resort on April...

Upcoming Events

SINET Global Institute CISO Series (Scottsdale, Arizona, USA, January 15 - 16, 2019) By invitation only. These intimate CISO workshops address the challenges that Board of Directors are placing on security and risk executives, and how to successfully manage and communicate today’s enterprise...

CPX Asia 360 2019 (Bangkok, Thailand, January 21 - 23, 2019) CPX 360 - the industry’s premier cyber security summit and expo - brings together the world’s leading cyber security experts to one venue. Gain a deep understanding of current challenges cyber security...

CPX Americas 360 2019 (Las Vegas, Nevada, USA, February 4 - 6, 2019) CPX 360 promises to be the premier cyber security summit. CPX 360 is where you’ll receive up-to-the-minute intelligence about global threats and other vital topics from the world’s leading cyber security...

QuBit Conference Belgrade 2019 (Belgrade, Romania, February 7, 2019) QuBit is a Cybersecurity Community Event connecting the East and West. We create a unique way to meet the best and the brightest minds in the information security fields across multiple industries, and...

NITSIG Meeting: Insider Threat Detection & Mitigation Using External Data Sources (Laurel, Maryland, USA, February 12, 2019) Gathering and analyzing Internal data sources is very important for Insider Threat Detection. Equally important is knowing what External data sources are also available to create the "Big Picture" of potential...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.