skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

Google security researchers revealed that the Russian threat actor Sandworm uploaded malicious apps to the Google Play Store in an attempt to infect Android devices with malware, WIRED says. Google tracked the campaign back from Russian attempts at false-flag operations against the 2018 Winter Olympics.

State-style information operations can find their way into click-bait commercial marketing, as a Nisos inquiry into a US news start-up and its employment of writers based in Macedonia suggests. Far left or far right, as long as concocted, inflammatory news stories drive traffic, it seems to be a win, the New York Times reports.

LinkedIn's first Moderation Report, issued yesterday, says that the business-focused social network booted some twenty-one-million fake accounts last year, and the Telegraph wonders if the sock puppets were the work of spies. (If many of them weren't, then the world's intelligence services are asleep at the switch.)

Le Monde reports that the Rouen University Hospital-Charles Nicolle was attacked with ransomware on November 18th and is still working toward recovery. The BBC says the hospital has reverted to manual backups and refused to pay the ransom.

In India, the Parliamentary Standing Committee on Information Technology has opened an inquiry into the affair of the Pegasus infestation found in WhatsApp, the Business Standard reports,

Decipher points out that Internet sovereignty will do little to suppress cybercrime, but of course suppressing crime isn't really the point. To see a sovereign Internet in action, read WIRED's account of how sovereignty is being realized in Iran.


Today's issue includes events affecting Australia, Brazil, Canada, China, France, India, Iran, Democratic Peoples Republic of Korea, Macedonia, Qatar, Romania, Russia, Saudi Arabi, Ukraine, United Arab Emirates, United Kingdom, United States, and Vietnam.

Bring your own context.

Older software, after it's passed its end-of-life, can move on to a kind of afterlife, where its shade often exists in industrial control systems. Windows 7 crossed the River Styx some time ago, but you can still find it in those virtual Elysian Fields. What should be done about this?

"A lot of times, people just kind of put their head in the sand. OK, so you've got a Windows machine; it's running Windows 7. There's potential for exploits, but you've got a business decision because you've got to run your business that you're going to let that potential sit there. Well, maybe you need to invest in some tools that monitor that machine at a higher level to make sure it's not being exploited. So there's things you can do, but the No. 1 thing is evaluate your situation."

—David Dufour, vice president of engineering and cybersecurity at Webroot, on the CyberWire Daily Podcast, 11.20.19.

Persephone's probably running XP on her laptop.

Work with the world’s experts in Dark Web analysis.

Based on years of law enforcement and military experience plus current work with international agencies, ReSecurity’s Hunter Unit pulls and analyzes the best data and delivers it in the most actionable format. We provide human-curated, in-depth analysis layered on top of the most comprehensive, exclusive sets of data from the Deep and Dark Web. 

In today's Daily Podcast, out later this afternoon, we speak with our partners at Cisco Talos, as Craig Williams tells us about the Panda cryptominer. Our guest is Keenan Skelly from Circadence, on getting the younger generation excited about cyber. (Kids today....)

Cyber Security Summits: November 21 in Houston and December 5 in Los Angeles (Houston, Texas, United States, November 21, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The US Department of Homeland Security, The FBI, US Department of Justice, Verizon, Center for Internet Security and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Your full day’s attendance will earn you 6 CPEs / CEUs. Passes are limited, secure yours today:

CyberMaryland Job Fair, December 5, Baltimore. Visit ClearedJobs.Net or for details. (Baltimore, Maryland, United States, December 5, 2019) Cleared and non-cleared cybersecurity pros make your next career move at the free CyberMaryland Job Fair, December 5 in Baltimore. Meet face-to-face with leading cyber employers. Visit our site for more details.

Cyber Attacks, Threats, and Vulnerabilities

Cyber Threat Assessment: Rise of the Rest (The Aspen Institute) One of the most pronounced trends in recent years is the democratization and spread of cyber capabilities—the rise and maturation of high-level threats from the developing world and …

US Cyber Command Calling Out North Korean Hackers (CPO Magazine) U.S. Cyber Command uploaded a total of 7 new malware samples used by North Korean hackers to draw attention to tactics used to steal state secrets, conduct corporate espionage and find backdoors into the nation’s critical infrastructure.

Registers as “Default Print Monitor”, but is a malicious downloader. Meet DePriMon (WeLiveSecurity) ESET researchers have discovered DePriMon, a new downloader with a novel, not previously seen in the wild installation technique

Popular Apps on Google Play Store Remain Unpatched (Threatpost) Check Point researchers found that hundreds of marquee Android mobile apps still contain vulnerabilities that allow remote code-execution even if users update.

Emergent Android banking Trojan shows app overlay attacks are still effective (CSO Online) By taking code from another Android Trojan, Anubis, the Ginp malware has enhanced itself and has begun targeting banks.

Gnip Banking Trojan Shows Ongoing, Aggressive Development (Threatpost) The mobile malware, which incorporates Anubis source code, could evolve into a fully fledged spyware in the future.

New Android Threat: Facebook, WeChat Apps Have Failed To Patch Known Security Risks (Forbes) A "shock" new report claims security failures have led to billions of unpatched installs of famous apps from Google Play Store, putting Android users at risk.

Linux Webmin Servers Under Attack by Roboto P2P Botnet (Threatpost) A newly-discovered peer-to-peer (P2P) botnet has been found targeting a remote code execution vulnerability in Webmin Linux servers.

1.2 Billion Records Found Exposed Online in a Single Server (Wired) Here's the next jumbo data leak, complete with Facebook, Twitter, and LinkedIn profiles.

Targeted cyber attacks on Aus legal sector in Q3 likely launched by organised criminal groups (Australasian Lawyer) Cyber security firm detected three targeted attacks in July and September

The new Phoenix Keylogger tries to stop more than 80 security products to avoid detection (Mash Viral) Advertisement Screenshot of the Phoenix Keylogger logo, as it appears in an online ad. Image via HackForums A new keylogger called Phoenix that began selling in piracy forums during the summer has now been linked to more than 10,000 infections, Cybereason researchers said in a report today. Advertisement Released in July at HackForums, Phoenix Keylogger …

‘More than a keylogger’ – Phoenix wows small-time cybercrooks and raises security concerns (The Daily Swig) Off-the-shelf malware targeted nearly 10,000 victims over four-month period

New SectopRAT Trojan creates hidden second desktop to control browser sessions (ZDNet) The Trojan makes sure the second desktop is hidden from sight.

A Former Fox News Executive Divides Americans Using Russian Tactics (New York Times) An investigation found that several sites owned by Ken LaCorte push inflammatory items — stories, petitions and the occasional conspiracy theory — to the public.

A Fake News Case Study (Nisos) The tools are inexpensive, anyone with a laptop and a social media account can be successful. The incentives are great, in both financial terms and as measured by outcomes.

Are LinkedIn's 21m fake accounts the work of spies? (The Telegraph) LinkedIn said that it removed more than 21m fake accounts in the first half of 2019, amid mounting evidence that the business-focused social network has become a battleground for duelling spies.

Russia's ‘Sandworm’ Hackers Also Targeted Android Phones (Wired) The Kremlin's uniquely dangerous hacker group has been trying new tricks.

Hackers use fake software updates in two recent malware schemes (ConsumerAffairs) Tech security company Zscaler has discovered two hacking campaigns designed to trick users into downloading malware. The two malware campaigns “deliver

This fake software update tries to download malware onto your PC even when you click 'later' (ZDNet) Cyber crooks are using hacked websites to fool visitors into downloading trojan malware that can take over their PCs.

Flashpoint - Mail Services an Emerging Vector for Financial Fraud (Flashpoint) Flashpoint analysts have identified numerous discussions on closed and invite-only online communities where threat actors advertise methods and paid services that are earmarked for fraud.

Voice messages and ZIP files could be your biggest security worries (TechRadar) Mimecast analyzed 207bn emails to compile its latest Threat Intelligence Report

Millions of Sites Exposed by Flaw in Jetpack WordPress Plugin (BleepingComputer) Admins and owners of WordPress websites are urged to immediately apply the Jetpack 7.9.1 critical security update to prevent potential attacks that could abuse a vulnerability present since Jetpack 5.1.

Lenovo System Interface Foundation - DLL Preloading and Potential Abuses (CVE-2019-6189) (SafeBreach) Lenovo System Interface Foundation - DLL Preloading and Potential Abuses (CVE-2019-6189) November 21st, 2019 Peleg Hadar Security Researcher, SafeBreach Labs Introduction SafeBreach Labs disco…

RiskIQ Releases 2019 Black Friday E-commerce Blacklist Threat Report (West) Critical Threat and Consumer Intel for This Year’s Black Friday and Cyber Monday

RiskIQ 2019 Black Friday e-Commerce Blacklist (RiskIQ) Critical Threat and Consumer Intel for This Year’s Black Friday and Cyber Monday

Holiday Shopping Exposes Web Security Risks (TALA Security) Modern website architecture creates opportunities for attackers. We have reviewed the top 1,000 websites and provide in our report our revealing insights, observations and data including how...

Scammers try a new way to steal online shoppers’ payment-card data (Ars Technica) Skimmers host fraudulent third-party processor that looks just like the real thing.

Official Monero site delivers malicious cash-grabbing wallet (Naked Security) If you downloaded the Monero command line wallet recently, check it before using it.

Louisiana was hit by Ryuk, triggering another cyber-emergency (Ars Technica) From Nunavut to Campeche, ransomware rolls along.

Bank of Hawaii warns customers of phishing scam (Honolulu Star-Advertiser) Bank of Hawaii issued a warning today of fraudulent telephone calls being made to customers and nonbank customers. The scammers are spoofing the bank’s real Bank of Hawaii Call Center number (1-888-643-3888), which appears on recipients’ Caller ID.

Security lapse exposes personal data of 6,500 Singapore accountants (ZDNet) Singapore Accountancy Commission sent email messages to multiple parties attached with a folder containing personal data of 6,541 accountants, in a security lapse that was uncovered months later when it conducted a review as recommended by the government.

French hospital hit by ransomware attack (BBC News) The University Hospital Centre in Rouen says it will not pay the ransom and has taken steps to contain the attack.

Infection Hits French Hospital Like It’s 2017 As Ransomware Cripples 6,000 Computers (Forbes) The Rouen University Hospital-Charles Nicolle in the north of France has fallen victim to a ransomware attack with consequences reminiscent of the WannaCry attack that hit U. K. National Health Service (NHS) hospitals in 2017.

Frappé par une cyberattaque massive, le CHU de Rouen forcé de tourner sans ordinateurs (Le Monde) Le centre hospitalier, qui compte près de 2 500 lits d’accueil, se remet progressivement de la paralysie informatique provoquée par un virus de type rançongiciel.

Bon sang! French hospital contracts 6,000 PC-locking ransomware infection (Register) Good news? They're not paying the ransom

French Hospital had 6000 Computers Locked Down by Ransomware (TechNadu) A hospital in Northern France is trying to disinfect 6000 of their computers from a ransomware worm, and they will need at least another week to do so.

Robocall Scams Exist Because They Work—One Woman’s Story Shows How (Wall Street Journal) A caller impersonating an FBI agent persuaded Nina Belis to drain close to $340,000 from her bank accounts. He made use of new technology, psychological tricks and a knowledge of the banking system, and experts say the threats are proliferating.

VENAFI MEDIA ALERT: Four Mistakes That Can Plague PKI Administrators (BusinessWire) Very small teams of PKI experts manage thousands of TLS keys and certificates and small mistakes can have disastrous results.

Check if you have been affected by the Macy's data breach (Newsweek) Personal information such as names, addresses, and payment card information has potentially been accessed by hackers.

Security Patches, Mitigations, and Software Updates

Magento Urges Users to Apply Security Update for RCE Bug (BleepingComputer) Magento's security team urged users to install the latest released security update to protect their stores from exploitation attempts trying to abuse a recently reported remote code execution (RCE) vulnerability.

Lenovo System Interface Foundation Vulnerabilities - US (Lenovo) Lenovo System Interface Foundation Vulnerabilities

uBlock Origin Now Blocks Sneaky First-Party Trackers in Firefox (BleepingComputer) uBlock Origin on Firefox can now block first-party tracking scripts that attempt to bypass filters and rules by utilizing DNS CNAME records to load scripts from a third-party domain.

Twitter will finally let users disable SMS as default 2FA method (ZDNet) And it only took Twitter's CEO getting hacked to happen.

WhatsApp users urged to update their app immediately over spying fears (The Independent) India’s Computer Emergency Response Team warns of 'high' severity of spyware threat

Iranian Americans Struggle to Reach Family Amid Internet Blackout (Wired) As Iran's countrywide internet shutdown approaches a full week, Iranian Americans are increasingly desperate to connect with friends and relatives.

Cyber Trends

WhiteHat Security Research Reveals that 75% of Developers Worry about the Security of their Applications, Yet Half Their Teams Lack a Dedicated Security Expert (BusinessWire) WhiteHat Security today released the results of its

Payment Card Fraud Losses Reach $27.85 Billion (PR Newswire) Fraud losses worldwide reached $27.85 billion in 2018 and are projected to rise to $35.67 billion in five years and $40.63 billion in 10 years...

Do third-party users follow security best practices and policies? (Help Net Security) Many organizations fall short of effectively managing access for third-party users, exposing them to vulnerabilities, breaches and other security risks.

Driving collaboration between security and IT ops teams is a major challenge (Help Net Security) Disconnect between security and IT ops teams leave businesses vulnerable to disruption, even with increased spending on IT security and management tools.

Cyber risk increases at all layers of the corporate network (Help Net Security) Cyber risk increases at an alarming pace. The popularity of cloud and DevOps will continue to drive agility while endangering organizations.

Inadequate data sanitization puts enterprises at risk of breaches and compliance failures (Help Net Security) Inadequate data sanitization knowledge and policies mean global enterprises are putting their organizations at risk of security and compliance breakdowns.

Finance and insurance firms invest the most on cyber security (Mortgage Introducer) David Smith said that Uinsure is one of the firms that has invested in this area.

Here are the safest gadgets for privacy according to Mozilla (WXYZ) Mozilla has released its annual holiday ranking of the best gadgets with privacy and security features.

Five Things To Know About Smart Speakers For The Holidays (Avast) Millions will receive Alexa, Google Home, and Apple smart speakers this holiday season. Use our tips to help them get launched safely.


Influencer marketing comes to cybersecurity (Axios) A Lenovo product got paid promotion on social media, in a move that roiled the cybersecurity world.

How Old-School Hackers Are Enabling the Next Generation of Offensive Security Professionals (Security Intelligence) Despite hackers' successes, we're still being mistaken for criminals in hoodies — a misconception that has helped keep the skills gap, especially when it comes to offensive security, as wide as ever.

Hillhouse Capital Co-leads $14M Series C Round In Chinese Cyber Security Start-up ThreatBook (China Money Network) Beijing-based security threat intelligence company ThreatBook has raised about RMB100 million (US$14 million) in a series C round of financing led by Hillhouse Capital and Xinglu Investment.

Optiv confirms 'temporary' UK closure and turns attention to M&A (CRN) Security giant says it is still committed to European expansion

Microsoft granted license to export 'mass-market' software to Huawei (CNBC) Microsoft said on Thursday it had been granted a license from the U.S. government to export software to Huawei Technologies Co Ltd.

Xerox fires back at HP with threat of hostile takeover (CRN) Vendor said it is 'confused' by HP's rejection of its opening bid last week

Google will pay $1.5 million for the most severe Android exploits (Ars Technica) Big bump coincides with investments Google has poured into securing its Pixel phone.

Report: Cisco to restructure several businesses, name new CTO in latest shakeup (Silicon Valley Business Journal) Amid fierce competition from companies like Arista Networks, Dell and Hewlett Packard Enterprise, Cisco is set to merge its enterprise and data center networking units and expand its cloud business to offer server products.

Juniper Networks' chief marketing officer uses data to focus the company's marketing efforts (Silicon Valley Business Journal) CMO Mike Marcellin is building data-driven marketing tools to level up business growth, combining a broad perspective with deep insights.

Lockheed to Help DoD Establish National Cyber Range Under $93M Contract (GovCon Wire) Lockheed Martin (NYSE: LMT) has secured a two-year, $93M contract to create a national cyber range t

Jacobs' ATN Unit Wins DOD's Cyber Training Academy Contract (Yahoo) Jacobs Engineering Group (JEC) is set to support the Department of Defense's critical mission through leadership and innovation.

These Maryland cyber startups got $1M contracts at an Air Force pitch day ( Baltimore) Enveil and ReFirm Labs will each work to adapt cybersecurity technology to use cases for the armed forces branch.

Melbourne's Cyber Risk brings BlackBerry Cylance to Reece Group (CRN Australia) Brought in cloud-based solution to replace expiring Symantec antivirus.

Why BlackBerry Should Make A Bid On MobileIron (Seeking Alpha) BlackBerry’s ESS business needs a boost. Cylance integration and Spark will probably serve the company well. MobileIron could fast track the process and provide BlackBerry with thousands of new clients, positive free cash flow and valuable IP. The recent drop in MobileIron’s stock price could be the right opportunity. The company is now fairly valued.

US cybersecurity firm posts £1m loss for Belfast operation after surge in wage bill (The Irish News) THE Northern Ireland division of US cybersecurity firm Proofpoint lost £1million last year on the back of a significant increase in salary costs, a new report produced by the company has shown.

Automox Appoints Christopher Hass As Director of Information Security and Research (Yahoo) Automox, the cloud-native cyber hygiene platform provider, today announced the appointment of Christopher Hass as director of information security and research. In this role, Hass will lead the development of security policies and procedures to strengthen business application protection, act as the

Cybersecurity Association of Maryland, Inc. Elects 2020 Board of Directors (Cybersecurity Association of Maryland) The Cybersecurity Association of Maryland Inc (CAMI) has elected its 2020 Executive Committee and Board of Directors with Gregg Smith, President & CEO of Attila Security, serving a one-year term as Board Chairman effective January 1, 2020...

Secureworks Welcomes Maureen Perrelli as Chief Channel Officer (BusinessWire) Maureen Perrelli joins Secureworks as Chief Channel Officer

Darktrace triples Chicago footprint with 10,290-SF lease (RE Journals) CBRE recently represented Darktrace, a leading cyber AI defense firm, in a 10,293-square-foot lease at 333 N. Michigan Avenue in Chicago. The move marks a significant expansion for the company, which opened its Chicago office in 2018 with just 2,858 square feet the building. Darktrace will now occupy a full floor at the property beginning in the second quarter of next year.

Products, Services, and Solutions

HITRUST CSF® Brings Clarity to Security Requirements as Countdown to California's New Privacy Protection Act Looms (EIN) Support for California Consumer Privacy Act (CCPA) standards in HITRUST CSF to help businesses better identify and remediate gaps in CCPA-specific security and privacy controls

STEALTHbits Technologies Offers a Practical Approach to Managing Privileged Access with STEALTHbits Privileged Activity Manager (SbPAM) Version 1.3 (STEALTHbits) STEALTHbits Technologies, Inc., a cybersecurity software company focused on protecting an organization’s sensitive data and the credentials attackers use to steal that data, today announced the release of STEALTHbits Privileged Activity Manager (SbPAM) 1.3, th...

Optiv and Veracode to Bolster Application Security at Development Stage with Software Assurance as-a-Service (Northwest Georgia News) Optiv Security, a security solutions integrator delivering end-to-end cybersecurity solutions, today announced it has partnered with Veracode to improve application security at the development level.

Juniper Mist Ties Together AI, Big Data To Proactively Fix Wireless Networks (CRN) 'We believe that AI can be expanded to help IT across the network, and that's why being part of Juniper was so important,' says Tom Wilburn, vice president of Mist sales at Juniper, who joined the company with the acqusition.

ICTSI implements BlackBerry Cylance solution for cybersecurity (Ship Technology) Philippines-based port operator International Container Terminal Services (ICTSI) has deployed BlackBerry Cylance technology to increase cybersecurity across its global network.

Indiana Secretary of State Connie Lawson and FireEye Partner in Preparation for 2020 U.S. Election (Yahoo) FireEye, Inc. (FEYE), the intelligence-led security company, today announced its participation within the State of Indiana’s election security initiative to establish voter confidence in 2020 and beyond. Through this partnership, FireEye will provide Indiana counties with internet traffic monitoring

Morphisec Protects You from the New PureLocker Ransomware (Morphisec) Morphisec blocks the new PureLocker ransomware that is attacking servers.

ReversingLabs Enhances Splunk Integration to Improve SOC Automation and Decision Making (West) Enhancements Enable Security Operations Teams to Accelerate SIEM Triage, Automate SOAR Playbooks, and Hunt Threats Continuously

Verisk Launches New Home Inspection Customer Collaboration Tool, OneXperience (Yahoo) Verisk (VRSK), a leading data analytics provider, announced today the launch of OneXperienceä, a new InsurTech solution that enables digital engagement between policyholders and their insurers during a critical underwriting step—the home inspection. Traditional home inspections, conducted after coverage

Unisys Launches CloudForte® for ServiceNow, a Solution to Help Clients Securely Modernize, Operate and Manage Critical Mission and Business Functions (PR Newswire) Unisys Corporation (NYSE: UIS) today announced at the Now at Work conference in Washington, D.C. the availability of Unisys CloudForte® for...

IBM Launches Open-Source Cyber Threat Response Platform (MSSP Alert) IBM launches Cloud Pak for Security, a cyber threat detection & response platform for managed security services providers (MSSPs) & other organizations.

Technologies, Techniques, and Standards

Emsisoft releases a new decryptor for Hakbit ransomware (Emsisoft | Security Blog) We just released a decryptor for the Hakbit ransomware strain.

Report: Defending against business email compromise attacks (Journey Notes) This recent report from Barracuda focuses on business email compromise attacks and the tactics cybercriminals use to make them so convincing.

CISA Invests in Cutting-Edge Election Security Auditing Tool Ahead of 2020 Elections (CISA) The Cybersecurity and Infrastructure Security Agency (CISA), is teaming up with election officials and their private sector partners to develop and pilot an open source post-election auditing tool ahead of the 2020 elections. The tool is being created by VotingWorks, a non-partisan, non-profit organization dedicated to building secure election technology.

From Thousands of Security Alerts to a Handful of Insights (Imperva) Understanding an attacker’s workflow and how Attack Analytics hunts them down

Forget combating cyber attacks, SMEs spending more time just to evaluate threats due to this reason (The Financial Express) Technology for MSMEs: The percentage of SMBs witnessing data breaches this year have also increased to 48 per cent from 46 per cent in 2018.

‘User education’ can prevent ransomware, Louisiana National Guard official says (StateScoop) “There’s always that one user who gets the email and wants to click on it,” said Maj. Alan Dunn. “That’s 85 to 90 percent of your battle.”

DOD Board Lays Out Ethical Principles for AI (FedTech) The Defense Innovation Board has offered guidance for how the Pentagon should use and govern artificial intelligence systems.

Design and Innovation

WSJ News Exclusive | Facebook Weighs Steps to Curb Narrowly-Targeted Political Ads (Wall Street Journal) Facebook is considering making changes to its political-advertising policy that could include preventing campaigns from targeting only very small groups of people, in an effort to spurn the spread of misinformation.

Tories launch spoof website claiming to show Labour manifesto (The Telegraph) A website claiming to reveal the Labour Party’s manifesto has been created by the Conservatives, with paid-for-ads of the page appearing at the top of Google search results for the opposition.

Google Policy Change Upends Online Plans for 2020 Campaigns (New York Times) The company said political ads would not be directed specifically to audiences based on their public voter records or political affiliations.

Google’s Updated Political Ads Policy Steps Up Pressure on Facebook (Infosecurity Magazine) Google’s Updated Political Ads Policy Steps Up Pressure on Facebook. Web giant limits targeting and bans deep fakes and political lying

YouTube is working to bring advertising to edgier content as demonetization woes grow (The Verge) YouTube CEO Susan Wojcicki says that more monetization opportunities are coming to creators who make edgy content.


SC State named a National Center of Academic Excellence in Cyber Defense Education (The Charleston Chronicle) South Carolina State University has been designated a National Center of Academic Excellence in Cyber Defense Education (CAE CDE) by the National Security Agency and the U.S. Department of Homeland Security.

Legislation, Policy, and Regulation

What is ‘sovereignty’ in cyberspace? Depends who you ask (Fifth Domain) Nations still don't fully agree on where lines in cyberspace are, potentially posing challenges for cooperation.

A Sovereign Internet Will Not Combat Cybercrime (Decipher) The United Nations General Assembly will vote on a Russia- and China-backed resolution that claims to give governments tools to fight cybercrime. What it will actually do if it becomes a treaty, is allow governments to establish a sovereign Internet where they have full control of their country’s Internet and monitor all activities.

Cyber strategy bolsters allies, partners ahead of 2020 election (US Army) Cyber warfare is a team effort, said the U.S. Cyber Command executive director, as American and Montenegrin forces partnered to stop malicious cyber threats on Montenegrin networks this month.

Canada, U.S. must work together to fight cyber threats, conference told (IT World Canada) The public and private sectors in Canada and the U.S. have to work together to effectively fight cyber attacks,

In Cooperation on Cyber, the Children Must Lead (SIGNAL Magazine) Government, industry and academia must push for early education in cybersecurity.

U.S. approves first licenses for tech sales to Huawei (Washington Post) The Trump administration has begun issuing licenses to some companies allowing them to restart U.S. tech sales to Chinese telecom giant Huawei, according to people familiar with the matter.

Wary of China, Congress sets stage for 5G development without Huawei and ZTE (Pittsburgh Post-Gazette) A House panel led by Rep. Mike Doyle rolled out a package of bills that ban Chinese components without hurting rural telecom providers.

Senators ask Trump to suspend licensing for tech sales to Huawei (Washington Post) A bipartisan group of senators wants President Trump's administration to suspend its approval of U.S. technology sales to China’s Huawei, saying it poses risks to national security.

Opinion: Huawei and ZTE can't be trusted. It's up to the FCC to keep them in check (CNN) The conflict between the Trump administration and China will soon move to an unlikely arena: the Federal Communications Commission.

November 21, 2019, “Banking on Your Data: The Role of Big Data in Financial Services” (US House of Representatives, Committee on Financial Services) The Task Force on Financial Technology will hold a hearing entitled, “Banking on Your Data: The Role of Big Data in Financial Services,” on November 21, 2019 at 9:30 a.m. in Room 2128 of the Rayburn House Office Building.

FDX Managing Director Don Cardinal Testifies Before Congress on Big Data in Banking and Financial Data Security (PR Newswire) Today, Financial Data Exchange Managing Director Don Cardinal testified before the U.S. House Committee on Financial Services Task Force on...

What to Expect from Congress’ Cyber Strategy Brain Trust  ( The Cyberspace Solarium Commission aims to have policy recommendations ready to plug into the next defense authorization bill, Co-Chairman Rep. Mike Gallagher said.

DHS cyber official Jeanette Manfra to leave government (TechCrunch) After a decade in senior cybersecurity positions, Manfra is to depart for the private sector.

Virginia Approves 2020 Election Cybersecurity Standards (Government Technology) This year, the General Assembly passed HB 2178, calling for new, modern cybersecurity standards that must be met throughout the state before systems are allowed to access Virginia's election database.

Litigation, Investigation, and Law Enforcement

Tharoor-led Parliamentary panel decides to take up WhatsApp 'spying' issue (Business Standard) Headed by Shashi Tharoor, committee meet got off to a stormy start; the matter was put to vote

MPs ask government about spyware Pegasus, but get no clear answer (Telegraph India) Home and IT ministries state procedure, skirt specifics on spyware query

Pegasus attack: Israeli spyware firm NSO tracked down in Paris | World Exclusive (India Today) Israel-based cyber tech firm NSO Group, which was found missing from Israel has now been tracked down by India Today TV, in France.

Analysis | The Cybersecurity 202: Fiona Hill warns Republicans that claims of Ukraine interference could help Russia in 2020 (Washington Post) "Any alternative story that hasn’t been vetted by serious organizations just muddies the waters," one security expert says.

Court says police can’t force suspects to turn over passwords (TechCrunch) ACLU said it was "fundamental" that suspects have the right to "to avoid self-incrimination."

Amazon tells senators it isn't to blame for Capital One breach (CNET) Sens. Elizabeth Warren and Ron Wyden have called for an investigation of Amazon, which hosted a cloud server used by the banking giant.

Anonymous hacker gets a whopping six years in prison for some lame DDoS attacks (ZDNet) Many may call the six-year prison sentence too harsh while the operator of eight DDoS-for-hire services got only 13 months.

Terbium Labs: Mobile Payments Users Plan to Blame the Bank for Any Compromised Data | Payment Week (Payment Week) A potentially standoffish holiday season may be poised to come with new report.

Five-member gang of cyber fraudsters held in Hyderabad (The New Indian Express) The group cheated an eminent woman doctor from Hyderabad of over Rs 5 lakh after sending a message with a link to her mobile phone in October.

St. Petersburg councilman files defamation charges after media tied to ‘Putin’s chef’ accuse him of sexually harassing his students (Meduza) Boris Vishnevsky, a deputy in St. Petersburg’s Legislative Assembly and perhaps the city’s most prominent oppositionist, is suing Evgeny Prigozhin’s “Patriot” media group over a series of publications accusing him of sexually harassing his students.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

InfoSec Connect 2020 (San Diego, California, USA, March 15 - 17, 2020) InfoSec Connect is a high profile, interactive meeting of senior-level cybersecurity leaders from top credit unions, US banks, insurances, and financial services companies. It’s a forum built to share...

Upcoming Events

ENISA Maritime Cybersecurity Workshop (Lisbon, Portugal, November 26, 2019) The ENISA Maritime Cybersecurity Workshop will be a full-day event and will take place at EMSA's Headquarters in Lisbon, Portugal. The workshop will include presentations and discussions around the topic...

WSJ Pro Cybersecurity Executive Forum (New York, New York, USA, December 3, 2019) Cybersecurity risks are rapidly changing, so this year’s forum and masterclasses have been redesigned to focus on timely topics including: lessons from the most recent major hacks, what and how to report...

International Security Expo 2019 (London, England, UK, December 3 - 4, 2019) International Security Expo, formerly UK Security Expo showcases over 1,000 of the latest innovative security products to help you improve your security. Featured over the 2 days are 13 free to attend,...

Insider Threat Program Development & Management Training (College Park, Maryland, USA, December 3 - 4, 2019) The Insider Threat Defense Group will hold its highly sought after and very affordable Insider Threat Program (ITP) Development & Management Course, at the University of Maryland College Park Campus.

Dallas Cybersecurity Conference (Dallas, Texas, USA, December 4, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.