skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

Yesterday Troy Hunt announced, to considerable éclat, the discovery of a large trove of credentials for sale in a dark web souk. He calls it "Collection #1." The hood offering the material for sale goes by the nom-de-hack of "Sanixer." KrebsOnSecurity contacted Sanixer and concluded that the material is relatively old, gleaned from various sources, and possibly worth every cent of the $45 Sanixer is charging (which is to say, not so much). 773 million unique email addresses and 21 million unique passwords are lots of credentials, to be sure, but Motherboard is probably right to point out that it's not the devastating blow to Internet users that's been giving some media outlets the yips. Good job by Mr. Hunt and HaveIBeenPwned in finding Collection #1. It should serve as a nudge toward better digital hygiene. 

Palo Alto Networks warns that Rocke coinjacking malware is able to disable five Tencent Cloud and Alibaba Cloud security products that would otherwise prevent Rocke from operating in infected systems.

Facebook made another sweep of "coordinated inauthentic sites," pulling down three-hundred-sixty-four Russian pages yesterday. The pages targeted were judged to be not only inauthentic, but also have engaged in information operations. The accounts were linked, Facebook says, to the Russian news agency Sputnik.

Underground Tradecraft links to a proposal that exhibits the convergence of marketing and influence operations, considered as activities, not sectors.

Winner winner chicken dinner: GameDaily reports that Epic Games has patched the Fortnite flaw that exposed some 200 million gamers' data.


Today's issue includes events affecting Armenia, Australia, Azerbaijan, Canada, China, Estonia, Georgia, Germany, India, Iran, Israel, Kazakhstan, Kyrgyzstan, Latvia, Lithuania, Moldova, Romania, Russia, Saudi Arabia, Tajikistan, United Kingdom, United States, Uzbekistan, and Zimbabwe.

Monday is Dr. Martin Luther King, Jr. Day here in the US, and we'll mark the Federal holiday by taking a day away from publishing. Both the CyberWire's Daily News Briefing and our Daily Podcast will return, as usual, on Tuesday. 

Tomorrow marks, officially the third anniversary of the CyberWire Daily Podcast's public launch. You can check out that episode here, for a walk down memory lane. Thanks to all of you for reading and listening.

Bridge the Gap Between Policy & Technology at Georgetown

The Georgetown University Master's in Cybersecurity Risk Management prepares you to navigate today’s increasingly complex cyber threats. Ideal for working professionals, our program offers flexible options to take classes online, on campus, or through a combination of both—so you don’t have to interrupt your career to earn your degree. Join us for a webinar on Tuesday, January 29, at noon ET to explore our program.

In today's podcast, out later this afternoon, we hear from our partners at Accenture Labs: Malek Ben Salem discusses the power grid's vulnerabilities to botnets. Our guest is former U.S. Secretary of Homeland Security Michael Chertoff discussing his book, Exploding Data. (Mr. Chertoff appears as part of our media partnership with the Global Cyber Innovation Summit.)

Proactive Cybersecurity: Modeling Adversarial Behavior (Online, January 23, 2019) Join LookingGlass Product Manager, Dan Martin, and Security Ledger Editor-in-Chief, Paul Roberts for an introduction to ScoutThreat™, a threat management platform that helps security analysts streamline threat analysis work and extract the maximum value from threat intelligence.

5th Annual Cyber Security Conference for Executives (Baltimore, Maryland, United States, March 13, 2019) The 5th Annual Cyber Security Conference for Executives, hosted this year by The Johns Hopkins University Information Security Institute and Ankura, will be held on Wednesday, March 13th, in Baltimore, Maryland. This year’s theme is cybersecurity compliance and regulatory trends, and the conference will feature discussions with thought leaders across a variety of sectors. Join the discussion and learn about current and emerging cyber security threats to organizations, and how executives can better protect their enterprises. Register today!

Cyber Attacks, Threats, and Vulnerabilities

Tapping Telegram Bots (Forcepoint) At Forcepoint Security Labs we are always looking at the methods threat actors use to circumvent existing protections. One such investigation saw us looking into the usage of the Telegram encrypted messaging service as a Command and Control (C2) infrastructure for malware. Malware that uses Telegram as a C2 channel typically uses the Telegram Bot API for communications. In the course of an investigation into one piece of malware, we discovered a significant flaw in the way Telegram handles messages sent through its Bot API.

Facebook Shuts Hundreds of Russia-Linked Pages, Accounts for Disinformation (Dark Reading) Facebook says the accounts and pages were part of two unrelated disinformation operations aimed at targets outside the US.

Massive breach leaks 773 million email addresses, 21 million passwords (CNET) The best time to stop reusing old passwords was 10 years ago. The second best time is now.

The Collection #1 data breach - what you need to do about it (Graham Cluley) A huge collection of email addresses and passwords, which can be used in attempts to break into online accounts, has been discovered. If you are one of the affected users, what should you do about it?

The 773 Million Record "Collection #1" Data Breach (Troy Hunt) Many people will land on this page after learning that their email address has appeared in a data breach I've called "Collection #1". Most of them won't have a tech background or be familiar with the concept of credential stuffing so I'm going to write this post for the masses

The ‘Biggest EVER’ Collection of Hacked Passwords Is Not That Bad (Motherboard) Someone put together a massive list of 773 million unique email addresses and 21 million unique passwords. But there’s really no reason to panic.

773M Password ‘Megabreach’ is Years Old (KrebsOnSecurity) My inbox and Twitter messages positively lit up today with people forwarding stories from Wired and other publications about a supposedly new trove of nearly 773 million unique email addresses and 21 million unique passwords that were posted to a hacking forum.

Malware Used by “Rocke” Group Evolves to Evade Detection by Cloud Security Products (Unit42) Palo Alto Networks Unit 42 recently captured and investigated new samples of the Linux coin mining malware used by the Rocke group.

Removing Coordinated Inauthentic Behavior from Russia (Facebook Newsroom) Today we removed multiple Pages, groups and accounts that engaged in coordinated inauthentic behavior on Facebook and Instagram.

Hacked Instagram Influencers Rely on White-Hat Hackers to Get Their Accounts Back (Motherboard) Leaked internal documents and stories from influencers show that Instagram has an influencer-hacking problem.

Underground Tradecraft (Underground Tradecraft) A proposal outlining , at a high level, an influence campaign and an intelligence collection operation. The content is extremely interesting reading. Moreso when you realize you’re reading a proposal...

IoT insecurity is opening the door for deadly-accurate AI-powered swarmbot attacks (CSO) Cybercriminals’ increasing use of artificial intelligence (AI) will create autonomous, self-changing botnets that will be able to tweak and re-deploy attacks in seconds, a security strategist has warned.

Throwback Thursday: Whatever happened to Stuxnet? (Security Boulevard) Whatever happened to Stuxnet? Since it destroyed hundreds of centrifuges at a nuclear enrichment facility in Iran in 2010, the worm’s been quiet—but not idle. Compared to many of its malware colleagues, the Stuxnet worm has had a lot more than the proverbial 15 minutes of fame. With good reason. It was precedent-setting. It was The post Throwback Thursday: Whatever happened to Stuxnet? appeared first on Software Integrity Blog.

These are all the federal HTTPS websites that’ll expire soon because of the US government shutdown (TechCrunch) We like to think of ourselves as nerds here at TechCrunch, which is why we’re bringing you this. During the government shutdown, security experts noticed several federal websites were throwing back browser errors because the TLS certificate, which lights up your browser with “HTTPS” or flashe… and White House security suffer under U.S. shutdown (Netcraft) Dozens more U.S. government websites have become inaccessible since last week, when Netcraft highlighted the impact of security certificates expiring during the

Emotet infections and follow-up malware (SANS Internet Storm Center) Three major campaigns using malicious spam (malspam) to distribute malware stopped sending malspam before Christmas--sometime during the week ending on Sunday 2018-12-23.

Bitcoin rival Ethereum saved from CYBER-ATTACK threat by THIS accidental discovery (Express) BITCOIN rival Ethereum was saved by an accidental discovery during a training exercise.

Email crooks swindle woman out of $150K from home sale (Naked Security) She sent her bank account details three times, she said. Unfortunately, they wound up in crooks’ hands, and her money wound up in their pockets.

Most Facebook users aren't aware that Facebook tracks their interests (Help Net Security) Many Facebook users don't know that the company uses their info and their online actions to create a list of their interests for ad targeting purposes.

NSFOCUS Identifies IP Chain-Gangs in New Cybersecurity Insights Report (BusinessWire) NSFOCUS, a leader in holistic hybrid security solutions, today released its Behavior Analysis of IP Chain-Gangs report, a follow up to their H1 Cybers

As States Lag on Cyber Training, Agencies Are Fertile Phishing Grounds (Governing) A 2018 survey by NASCIO and consulting firm Deloitte & Touche LLP found that only 45 percent of states require that all executive branch employees complete cyber training.

SAH among northeastern Ontario hospitals plagued by zero day virus (Sault Star) The privacy of patients has not been breached despite the presence of a so-called a zero day virus in its computer systems, Health Sciences North said Thursday.Since Wednesday at 8 a.m., all 24 nor…

Security Patches, Mitigations, and Software Updates

Windows Zero-Day Bug that Overwrites Files Gets Interim Fix (BleepingComputer) A micropatch has been released today for a vulnerability in Windows that allows overwriting files, even system one, with arbitrary data.

Cyber Trends

Risk managers see cybersecurity as the biggest threat to business (Help Net Security) Sword GRC canvassed amost 150 risk managers from highly risk-aware organizations worldwide for their opinions. Overall, cybersecurity was seen as the


The next development in cyber insurance that brokers need to watch for in 2019 (Insurance Business) A comparison between earthquakes and hacks helps show why insurers are still nervous about this space

Venture capital funding of cybersecurity firms hit record high in... (Reuters) Venture capital investments in cybersecurity firms hit a record high last year a...

2019 cybersecurity workforce: Recruiting vs. re-skilling (Help Net Security) The cybersecurity talent gap is not just an IT industry crisis. It’s one with global ramifications. As the inevitable march towards digitalizing the world

Onapsis signs agreement to acquire ERP cybersecurity company Virtual Forge (Help Net Security) The combination of Onapsis and Virtual Forge will empower customers to have visibility, incident response, management and compliance for applications.

Harris Technology enters blockchain world with $2.45 million acquisition (CRN Australia) Plans to acquire blockchain solution provider Lincd.

WISeKey Completes Sale of QuoVadis SSL/TLS, PKI Businesses to DigiCert for $45 Million (AP NEWS) WISeKey International Holding Ltd (SIX: WIHN), a leading Swiss cybersecurity and IoT company, announced today that is has completed the sale of QuoVadis TLS/SSL, PKI businesses to DigiCert, the leading global provider of TLS/SSL, IoT and other PKI solutions, for US$45 million cash.

What Capital-Efficient Startup Should Okta Acquire Next? (Seeking Alpha) Okta has grown through product upgrades and acquisitions. Earlier this year, it announced the acquisition of zero trust security firm ScaleFT. The stock is curr

IBM to lead Juniper Networks’ US$325 million digital transformation (CRN Australia) Using IBM Watson to enhance IT infrastructure and drive cloud adoption.

SA cybersecurity company expands to Port San Antonio (San Antonio Business Journal) The new research and development center is an investment to meet demand for new cybersecurity contracts with the U.S. Air Force.

Immuta expands GRC expertise to help enterprises build data science programs (Help Net Security) Richard Geering joins Immuta as VP of governance, risk, and compliance to help regulated enterprises transform GRC into an innovation accelerant.

Exclusive: Offensive Security Names New CEO; Former No. 2 at HackerOne, Lynda (Fortune) Ning Wang is on a mission to train the next generation of hacking talent.

FireEye's President Travis Reese Joins Board of Israeli Cybersecurity Company Waterfall (CTECH) Founded in 2007, Waterfall provides a firewall-alternative for industrial networks and critical infrastructure

Lastline Announces Sales Veteran, Gregory Enriquez, as New Chief Revenue Officer (PR Newswire) Lastline®, the leader in AI-powered network security, is continuing to build a world-class organization...

Products, Services, and Solutions

New infosec products of the week: January 18, 2019 (Help Net Security) XebiaLabs launches new DevOps risk and compliance capability for software releases The XebiaLabs DevOps Platform provides a single pane of glass for

Barracuda boosts Total Email Protection with Forensics and Incident Response (Barracuda Networks) Barracuda Networks is the worldwide leader in Security, Application Delivery and Data Protection Solutions.

Amazon Web Services announces AWS Backup (Help Net Security) The AWS Backup service helps customers to automate backups of their data across AWS services and on-premises, and meet business and regulatory requirements.

Advanced Fraud Solutions partners with Q6 Cyber to fight card fraud (Help Net Security) Advanced Fraud Solutions and Q6 Cyber have partnered to integrate Q6 data feeds directly into the TrueCards fraud prevention software platform.

Microsoft's Outlook app is now secure enough for US government use (TheINQUIRER) The app now meets the DoD's compliance standards, apparently,Security ,outlook,Pentagon,office,contract,mobile security,department of defence

Dagobert Levy, Tanium : Avant d’imaginer toute cyberdéfense, il est indispensable de maitriser l’ensemble de ses actifs informatique (Global Security Mag Online) Pour sa première participation au FIC, Tanium, un nouveau venu sur le marché français, présentera sa plateforme Tanium Reveal qui permet d’identifier rapidement les données sensibles stockées sur les endpoints : serveur, poste de travail. Dagobert Levy, responsable Europe du sud de Tanium estime qu’avant d’imaginer toute cyberdéfense, il est indispensable de maitriser l’ensemble de ses actifs informatique.

Watch out: hackers are upping their game (The Royal Gazette) Hackers are upping their game and many organisations are not even aware of serious holes in their own network defences.That is the warning from Hari

Emsisoft Browser Security Protects You from Malicious Sites (BleepingComputer) For those looking for extra protection while browsing the web, Emsisoft has a released a browser extension that will block you from interacting with known phishing, malware, or scam sites.

EY to establish Security Operations Centres across India in collaboration with IBM (Consultancy) In keeping with its strategy of expanding its digital services segment in India, global professional services firm EY has announced a strategic partnership with IT giant IBM to launch a Security Oper

Cybersecurity Startup Rivetz to Integrate Sentinel Protocol Threat Intelligence Platform (Coinjournal) Cybersecurity startup Rivetz has partnered with Sentinel Protocol, a crowdsourced threat intelligence platform built on blockchain technology, to implement the Sentinel Protocol threat intelligence platform as an oracle for the Rivetz Network.

Technologies, Techniques, and Standards

What to Make of the U.K.’s New Code of Practice on Internet-of-Things Security (Lawfare) The document offers one of the clearest policy positions articulated yet by any national government.

New requirements for the secure design and development of modern payment software (Help Net Security) New PCI Software Security Standards provide a way for developers to demonstrate their software protects payment data for applications.

Protecting privileged access in DevOps and cloud environments (Help Net Security) While security strategies should address privileged access and the risk of unsecured secrets and credentials, they should also align with DevOps culture.

Cyber risk management and return on deception investment (Help Net Security) This article is fifth in a five-part series being developed by Dr. Edward Amoroso in conjunction with the deception technology team from Attivo Networks.

Encryption is key to protecting information as it travels outside the network (Help Net Security) The State of Enterprise Encryption report reveals stark numbers behind the mounting toll of data breaches triggered by cybercrime and accidents.

Transforming Law Firm Culture to Ensure Information Security (Legaltech News) Changing the culture of law firms when it comes to information security has less to do with age and generational differences and more to do with acknowledging and accepting the current environment.

8 Tips for Monitoring Cloud Security (Dark Reading) Cloud security experts weigh in with the practices and tools they prefer to monitor and measure security metrics in the cloud.

Research and Development

WPI Computer Scientist Developing New Technology to “Contain” Hackers’ Attacks (WPI) A computer scientist at Worcester Polytechnic Institute (WPI) is developing a new technology designed to protect companies—and computer users—from damaging and expensive malware attacks. Known as single-use services, the technology is being developed by Craig Shue, associate professor of computer science at WPI, with a three-year, $265,631 grant from the National Science Foundation. It is designed to prevent an attack on a commercial website from compromising other servers, data, and users.

IBM Lattice Cryptography Is Needed Now To Defend Against Quantum Computing Future (Forbes) When it comes to securing data, it is not too early to start anticipating the future threat of quantum computing. You need to plan today for the Quantum future. I talked to IBM - a company that understands both side of this problem.


Oxford University suspends research grants from Huawei over security concerns  (The Telegraph) Oxford University has cuts ties with Huawei amid security concerns.

Former FTC chief technologist named director of CMU's CyLab (Pittsburgh Post-Gazette) Lorrie Faith Cranor, also a co-founder of Wombat Security in the Strip District, replaces CyLab’s interim director, Douglas Sicker.

Legislation, Policy, and Regulation

Japan, US vow to cooperate in space, cyber domains, over North Korea (Nikkei Asian Review) Japanese Defense Minister Takeshi Iwaya and U.S. Acting Defense Secretary Patrick Shanahan agreed Wednesday to cooperate in new domains of warfare like outer space and cyberspace in a veiled response to China's quest for military supremacy in such areas.

Social Media In Zimbabwe Now Inaccesible To Those With VPNs As Well (Techzim) Internet access has been restored but it seems the lockdown on social media is still going strong and though earlier you could access the social media sites along with YouTube and WhatsApp if you had a VPN installed it seems that government has taken things further by blocking most VPNs as well which means most …

UPDATE 1-Germany considers barring Huawei from 5G networks (CNBC) *Discussion continues, no decisions yet- Interior Ministry.

U.K. Doubles-Down on Criticism of Huawei's Flawed Systems (Bloomberg) U.S., Canadian lawmakers tell U.K. of Huawei safety ‘concern.’ U.K. sees dialog, oversight as future of Huawei relationship.

Bipartisan Bill introduced to ban sale of US tech to Huawei and ZTE (ZDNet) US lawmakers introduce bipartisan Bill that, if passed, would ban the export of US chips and other components to the two Chinese tech companies.

The Promise of 5G Is the Problem With Huawei in Eyes of Critics (Bloomberg) Billions of connected devices offer more ways to attack. Huawei rejects notion it might serve the Chinese government.

It's Time for Action on Privacy, Says Apple's CEO Tim Cook (Time) We all deserve control over our digital lives

Cooley’s Michael Rhodes Joins 41 California Privacy Experts Urging Major Changes to the California Consumer Privacy Act (cyber/data/privacy insights) Michael Rhodes, chair of Cooley’s cyber/data/privacy practice, joins 41 California privacy lawyers, professionals and professors urging major changes to the California Consumer Privacy Act (CCPA). …

How U.S. surveillance technology is propping up authoritarian regimes (Washington Post) NSO Group, an Israeli cyberintelligence firm, makes spyware that it sells to a variety of government clients around the world.

Litigation, Investigation, and Law Enforcement

China hits back at DoJ's Huawei investigation (IT PRO) Chinese authorities say the US wants to block its tech companies

Judge won’t dismiss libel suit against Fusion GPS over dossier (POLITICO) The judge turned down Fusion’s motion to dismiss the suit on the grounds that the Russians are public figures.

Microsoft font gives away forgery in bankruptcy case (Naked Security) In a case that could be straight out of a legal TV drama, a computing font has cost a couple two houses in a Canadian bankruptcy case.

Did Iran shut down Adelson hackers for online gambling ties? (Calvin Ayre) An Iranian hacker forum was reportedly shut down by the government after forum members were linked to online gambling operations.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

CPX Asia 360 2019 (Bangkok, Thailand, January 21 - 23, 2019) CPX 360 - the industry’s premier cyber security summit and expo - brings together the world’s leading cyber security experts to one venue. Gain a deep understanding of current challenges cyber security...

CPX Americas 360 2019 (Las Vegas, Nevada, USA, February 4 - 6, 2019) CPX 360 promises to be the premier cyber security summit. CPX 360 is where you’ll receive up-to-the-minute intelligence about global threats and other vital topics from the world’s leading cyber security...

QuBit Conference Belgrade 2019 (Belgrade, Romania, February 7, 2019) QuBit is a Cybersecurity Community Event connecting the East and West. We create a unique way to meet the best and the brightest minds in the information security fields across multiple industries, and...

NITSIG Meeting: Insider Threat Detection & Mitigation Using External Data Sources (Laurel, Maryland, USA, February 12, 2019) Gathering and analyzing Internal data sources is very important for Insider Threat Detection. Equally important is knowing what External data sources are also available to create the "Big Picture" of potential...

National Security Technology Forum and Exposition (NSTFX) (San Diego, California, USA, February 12, 2019) AFCEA International and the University of California, San Diego are proud to host a new and innovative event entitled “The National Security Technology Forum and Exposition (NSTFX)”. NSTFX will bring...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.