skip navigation

More signal. Less noise.

Reduce fraud, minimize the attack surface and save millions of dollars.

Let Resecurity collaborate across your vulnerability and risk, threat intelligence, penetration testing and broader security teams to quickly reduce fraud, minimize the attack surface and shut down ongoing attacks, ultimately saving your company millions of dollars. We constantly research the latest techniques and tradecrafts of cybercriminals and nation-state actors, and analyze massive amounts of data in order to stay ahead of the bad actors. 

Daily briefing.

A leak (obtained by the ICIJ) and a defection (reported by the Times and others) appear respectively to shed light on China's repression of its Uighur minority and on the country's espionage operations.

Qihoo 360 says it's detected a major cyber surveillance campaign against targets in Kazakhstan. Qihoo calls the group "Golden Falcon;" Kaspersky tells ZDNet that they think this is the APT previously tracked as DustSquad. Neither company offers any attribution beyond that, but they say the group appears to be Russian speaking. In itself that means little: there's no shortage of Russian speakers in Kazakhstan.

Very large data leaks from exposed servers have compromised a total of about 1.2 billion records, some four terabytes of personal data. Data Viper suggests that People Data Labs and OxyData, two data aggregation and enrichment shops, were the source of the exposure. The data include home and cellphone numbers, email addresses, social media profiles (Facebook, Twitter, LinkedIn, and GitHub), work histories (apparently from LinkedIn). About fifty-million unique phone numbers and six-hundred-twenty-two-million unique email addresses were exposed, but no passwords, Social Security Numbers, or paycard information.

Citing national security concerns surrounding 5G networks, the US Federal Communications Commission has prohibited using Universal Service Funds to purchase Huawei or ZTE equipment.

Russia's Duma has banned devices that don't come with certain preloaded Russian software, Computing reports.

Louisiana's recovery from the Ryuk ransomware that afflicted state government systems is proving more protracted than officials had hoped: Governor Edwards on Friday declared a state of emergency.

Notes.

Today's issue includes events affecting Australia, Canada, China, Estonia, France, Ghana, Iran, Kazakhstan, New Zealand, Nigeria, Spain, Russia, South Africa, Ukraine, United Kingdom, United States, and Venezuela.

Bring your own context.

Cryptomining is probably not going to make you rich enough to retire to Chappaqua, or Mar-a-Lago, or even a nice yacht somewhere in the Black Sea, and yet cryptojacking persists. Why is this?

"The reason malware authors turn towards cryptomining is because, unlike ransomware or other profitable means, it's relatively easy to get away with, right? Most people are never going to know if a cryptominer has been installed in their network. And because there's no damages, law enforcement is not going to put it anywhere near the top of their priority list. I mean, if you think about it - right? - what's the actual damage caused to most networks from cryptomining? Well, it's going to be processor usage, some - I guess you could argue power consumption. That's really hard to assign a number to. And without that number, law enforcement [agencies] are really going to turn a blind eye to it. So from an adversary's perspective, cryptomining - basically significantly less risk, no damages, so not really furious victims coming after you, and it's going to be a slow, steady and consistent payout. And because no one knows that they're infected, well, it's going to keep paying out for the foreseeable future."

—Craig Williams, head of Talos Outreach at Cisco, on the CyberWire Daily Podcast, 11.22.19.

Like a stable dividend-paying stock in your 401k, only, like, also illegal.

Executives are the backdoor into your organization. Who’s patching that?

Every day, companies are under cyberattack and the personal lives of executives are a weak spot. For too long corporate teams have been unable to protect the executives in their personal lives due to privacy laws/implications and SEC impacts. BlackCloak provides a Concierge Cybersecurity™ solution for these evolving threats and offers a customized cloak of protection to protect corporate executives in their personal lives. Enlist BlackCloak for your executive cyber protection.

In today's Daily Podcast, out later this afternoon, we speak with our partners at CynergisTek, as Caleb Barlow offers some insights gained from a scammer’s call.

Cyber Security Summits: November 21 in Houston and December 5 in Los Angeles (Houston, Texas, United States, November 21, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The US Department of Homeland Security, The FBI, US Department of Justice, Verizon, Center for Internet Security and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Your full day’s attendance will earn you 6 CPEs / CEUs. Passes are limited, secure yours today: www.CyberSummitUSA.com

NXTWORK 2019 EMEA (London, United Kingdom, December 3 - 4, 2019) Join us at NXTWORK 2019 in London to learn, share, and collaborate with GameChangers from companies across the networking industry. This year’s event features keynotes from Juniper executives, breakout sessions, as well as various opportunities for certification testing and training.

CyberMaryland Job Fair, December 5, Baltimore. Visit ClearedJobs.Net or CyberSecJobs.com for details. (Baltimore, Maryland, United States, December 5, 2019) Cleared and non-cleared cybersecurity pros make your next career move at the free CyberMaryland Job Fair, December 5 in Baltimore. Meet face-to-face with leading cyber employers. Visit our site for more details.

CS4CA MENA returns to Dubai on 20th – 21st January 2020. Visit mena.cs4ca.com for details. (, January 20 - 21, 2020) #CS4CA MENA returns to Dubai on 20th – 21st January 2020 for an intimate and exclusive platform promoting in-depth cybersecurity knowledge and collaboration among IT & OT leaders from MENA’s Oil & Gas, Utilities, Chemicals, Aviation, Transport, Manufacturing industries.

Cyber Attacks, Threats, and Vulnerabilities

As Venezuela’s economy struggles, some of its citizens turn to a lucrative gig: Cybercrime (NBC News) Hacking efforts are particularly lucrative for Venezuelans as they are sold for cryptocurrency, a welcome alternative to the country’s own currency, which has endured rapid inflation.

Extensive hacking operation discovered in Kazakhstan (ZDNet) Researchers say an advanced hacking group has been using custom-developed hacking tools, expensive surveillance kits, mobile malware, and radio communications interception hardware to spy on Kazakhstan targets.

Iran’s APT33 sharpens focus on industrial control systems (Naked Security) Iran’s elite hacking group is upping its game, according to new evidence delivered at a cybersecurity conference this week.

A notorious Iranian hacking crew is targeting industrial control systems (Ars Technica) Iran’s APT33 may be exploring cyberattacks on critical infrastructure.

Russia’s Sandworm Attacks Thousands of Android Phones (KoDDoS Blog) Google has discovered that Sandworm, Russia’s state-sponsored hackers, are launching some of the most dangerous cyberattacks in history.

A new era of cyber warfare: Russia’s Sandworm shows “we are all Ukraine” on the internet (CSO Online) In-depth research on Russia's Sandworm hacking group shows broad capabilities and scope to disrupt anything from critical infrastructure to political campaigns in any part of the world.

RDP loves company: Kaspersky finds 37 security holes in VNC remote desktop software (Register) BlueKeep isn't the only bug in town, plenty to go round

Lights That Warn Planes of Obstacles Were Exposed to Open Internet (Vice) The panel "provides controls to change the intensity of the light fixtures, turn them on, and turn them off."

iPhone users warned to be on alert for phishing attacks (Stuff) Netsafe says phishing scam that appears to target iPhone users is taking 'scatter-gun' approach.

Forensic Acquisition of Apple TV with checkra1n Jailbreak (ElcomSoft blog) Are you excited about the new checkm8 exploit? If you haven't heard of this major development in the world of iOS jailbreaks, I would recommend to read the Technical analysis of the checkm8 exploit aricle, as well as Developer of Checkm8 explains why iDevice jailbreak exploit is a game changer. The

1.2 Billion Records Found Exposed Online in a Single Server (Wired) Here's the next jumbo data leak, complete with Facebook, Twitter, and LinkedIn profiles.

1.2B Records Exposed in Massive Server Leak (Dark Reading) A single server leaked 4 terabytes of personal data, including social media profiles, work histories, and home and mobile phone numbers.

1.2 billion people exposed in data leak includes personal info, LinkedIN, Facebook (Data Viper) Data discovered on an open elasticsearch database containes personal information on 1.2 billion people including Facebook, Twitter, LinkedIN profiles.

BlueKeep Threat Situation Overview: Low Levels of Attacks, Maintain Watchfulness (Proofpoint US) In May 2019, Microsoft released security updates for CVE-2019–0708, an unauthenticated, SYSTEM-level, network-based remote code execution (RCE) vulnerability. This vulnerability has been widely dubbed “BlueKeep”. This blog provides background on the vulnerability and an update on the threat landscape based on analysis by the Proofpoint Threat Insight Team.

Password grabber: Updated Trickbot malware steals OpenSSH and OpenVPN keys (SC Magazine) Security researchers have discovered an updated form of the Trickbot malware that has been changed to steal OpenSSH private keys and OpenVPN passwords and config data.

Apache Solr RCEs with public PoCs could soon be exploited (Help Net Security) Two remote code execution (RCE) vulnerabilities in Apache Solr could be exploited by attackers to compromise the underlying server.

Nominet Suspends 29,000 .UK Domains (Infosecurity Magazine) Nominet Suspends 29,000 .UK Domains. Clean-up continues with close collaboration with police

Allied Universal Breached by Maze Ransomware, Stolen Data Leaked (BleepingComputer) After a deadline was missed for receiving a ransom payment, the group behind Maze Ransomware has published almost 700 MB worth of data and files stolen from security staffing firm Allied Universal. We are told this is only 10% of the total files stolen and the rest will be released if a payment is not made.

Ransomware Attackers Leak Stolen Data (BankInfo Security) Ransomware attacks have taken an unwelcome turn: The Maze gang reportedly has begun leaking a victim's files to create pressure to pay a ransom. Security experts

Clop Ransomware Tries to Disable Windows Defender, Malwarebytes (BleepingComputer) In order to successfully encrypt a victim's data, the Clop CryptoMix Ransomware is now attempting to disable Windows Defender as well as remove the Microsoft Security Essentials and Malwarebytes' standalone Anti-Ransomware programs.

Advisory: Squid Multiple High-risk Vulnerability (NSFOCUS, Inc.) Vulnerability Description On November 5, local time, Squid officially released a security bulletin to fix multiple vulnerabilities, including a high-risk buffer overflow vulnerability that could lead to code execution (CVE-2019-12526), ​​an information disclosure vulnerability (CVE-2019-18679) And HTTP request splitting problem (CVE-2019-18678). Squid is a popular open source Internet proxy and web caching application. It can …

Raccoon Stealer Malware Scurries Past Microsoft Messaging Gateways (Threatpost) Financial institutions are in the crosshairs of hackers leveraging the malware to steal sensitive data.

#cybersecurity | Pegasus like spyware could be snooping on you right now! (National Cyber Security) World Largest Source Of Security News.

Anatomy of a BEC Scam (Dark Reading) A look at the characteristics of real-world business email compromise attacks - and what makes them tick.

Why cryptocoin scams work, and how to avoid them (Naked Security) What are ICOs, why are they so popular and why do crooks love them so much?

Hackers hold Milwaukee-based tech company's data for ransom; nursing homes affected (Milwaukee Journal Sentinel) Virtual Care Provider Inc. is scrambling to restore its systems after it was unable to pay the $14 million in Bitcoin demanded in a ransomware attack.

How the NYPD’s fingerprint database got shut down by a computer virus (New York Post) The NYPD’s high-tech fingerprint database was temporarily brought down by a bumbling contractor with a virus-infected mini computer, The Post has learned. A contractor was setting up a digital disp…

Gov. Edwards declares State of Emergency following cyber attack (KATC) Gov. John Bel Edwards on Friday declared a State of Emergency following a cybersecurity incident that affected state servers this week, allowing several agencies to take actions, including waiving fees and fines, to assist members of the public.

Louisiana OMV won't reopen until Monday after cyberattack (WWL) The governor announced Thursday that the Office of Motor Vehicles would remain closed until Nov. 25, one week after an attempted ransomware attack.

Child welfare agency says it’s victim of sophisticated cyber attack (CTV News Winnipeg) A child welfare agency called the Southern First Nations Network of Care said it has been the victim of a cyber attack.

Cyberattack against Manitoba child welfare agency under investigation (CBC) A major breach of the Southern First Nations Network of Care's information and technology system in Manitoba that forced a complete system shutdown is being treated as a criminal investigation, a spokesperson for the agency said.

Thwarting hackers (Uvalde Leader-News) Commissioners hear of cybersecurity efforts Julye Keeble Staff writer “Eighty percent of hacking-related breaches are from stolen passwords. If you think about it, how many passwords do you have that are probably pretty similar to each other,” said sales engineer Lydia McCloskey with HTS Voice and Data Systems. “And 85 percent of businesses with less …

More than 1 million T-Mobile customers exposed by breach (TechCrunch) T-Mobile has confirmed a data breach affecting more than a million of its customers, whose personal data (but no financial or password data) was exposed to a malicious actor. The company alerted the affected customers but did not provide many details in its official account of the hack. The company…

Data breach compromises T-Mobile prepaid accounts (SC Magazine) T-Mobile discloses a data breach incident that impacts certain customers with prepaid service accounts.

OnePlus Exposed Customer Order Information in Data Breach (BleepingComputer) Chinese smartphone maker OnePlus announced a data breach leading to some of its customers' order information including names, contact numbers, emails, and shipping addresses being accessed by a third-party without authorization.

Several high profile Android apps still have vulnerabilities discovered years ago (TechSpot) Messenger, Instagram and WeChat are among hundreds of unpatched apps

Apple says its App Store is ‘a safe and trusted place.’ We found 1,500 reports of unwanted sexual behavior on six apps, some targeting minors. (Washington Post) The complaints about popular social media platforms that connect strangers in video conversations, known as “random chat apps,” serve as digital cries for help.

Scammers try a new way to steal online shoppers’ payment-card data (Ars Technica) Skimmers host fraudulent third-party processor that looks just like the real thing.

Dark Web Vendors Are Reportedly Offering Black Friday Deals (CryptoGlobe) Vendors on dark web marketplaces are reportedly offering their clients large discounts over Black Friday on their goods, which include drugs, stolen credit cards, hacking tools, and more.

Drug dealers are offering Black Friday deals on the dark web (The Independent) 'Online discounts for criminals are an excellent opportunity for site operators to increase sales and attract new buyers,' researcher says

Risky behavior exposes consumers to seasonal security scares (Help Net Security) A study shows that millions of Americans continue to over-indulge in risky behaviors, leaving themselves open to seasonal security scares.

BA flights disrupted due to yet-another IT meltdown (Computing) British Airways IT meltdown causes flight delays of up to 12 hours.

Rats trip up Estonia's e-economy (BBC News) Rats and high winds cut the cables that connect Estonia's electronic public services.

Security Patches, Mitigations, and Software Updates

Twitter Just Confirmed A Better Way To Secure Your Account (Forbes) Twitter has made a crucial change to its security settings that helps improve your security and privacy. Where’s what you need to know.

Cyber Trends

WhiteHat Security Research Reveals that 75% of Developers Worry about the Security of their Applications, Yet Half Their Teams Lack a Dedicated Security Expert (BusinessWire) WhiteHat Security today released the results of its

Vulnerability QuickView 2019 Q3 Trends (Risk Based Security) Our QuickView Report is sourced from our product VulnDB® and has garnered media attention from publications such as TechRepublic and Help Net Security.

2019 Trust Report in Practice: Trust at Scale - Synack (Synack) Crowd Security Intelligence

Your Health Data Isn’t as Safe as You Think (Wall Street Journal) Silicon Valley’s rush into the health-care business is challenging the antiquated protections of Americans’ medical histories.

Marketplace

Prevailion Receives Strategic Investment from Legion Capital (FinSMEs) Prevailion, a Columbia, MD.-based cybersecurity company, received an investment from Legion Capital Partners. The amount of the deal was not disclosed.

Older IT Workers Left Out Despite Tech Talent Shortage (Wall Street Journal) Older information-technology professionals are being passed over by employers, even as IT job openings soar to record highs and employers say recruiting tech talent is a challenge.

Google Workers Protest Company’s ‘Brute Force Intimidation’ (Bloomberg) Company denies wrongdoing with two employees placed on leave. Culture of openness battered by Google’s staff rebellion.

Darktrace Begins Preparations as Public Company, Nears CFO Hire (Yahoo) (Bloomberg) -- Darktrace Ltd. is close to naming a chief financial officer as the U.K. cybersecurity unicorn sets itself up to be run like a public company.The firm hasn’t made a decision about whether to hold an initial public offering, co-chief executive officer Poppy Gustafsson said in an interview

A10 Hires New CEO, No Word on Potential Sale (SDX Central) Almost four months after announcing that its CEO and President Lee Chen was on his way out, A10 Networks said it selected Dhrupad Trivedi to lead the company, effective Dec. 2.

Products, Services, and Solutions

New infosec products of the week: November 22, 2019 (Help Net Security) The featured infosec products include releases from the following vendors: Nubeva Technologies, Rancher Labs, Arctic Wolf Networks, IBM, Trend Micro,

Lastline to Deliver Unmatched Network Visibility to the Public Sector Through immixGroup (PR Newswire) Lastline®, the leader in AI-powered network detection and response, today announced an agreement with immixGroup, an Arrow ECS company that...

Mocana and Siemens collaborate on IIoT cybersecurity (Chemical Engineering) Mocana Corp. (Sunnyvale, Calif.; www.mocana[.]com) announced a new partnership with Siemens Digital Industries Software to bring end-to-end security for any...

Two cyber leaders launch higher ed grant program valued at $5.6M (University Business Magazine) Program will provide colleges and universities access to advanced cyber training and tools for establishing preeminent cyber centers.

Verizon Business throws a zero trust lasso around its private IP networks (FierceTelecom) Verizon Business is shielding its private IP networks by embedding a software-defined perimeter service to create a zero trust architecture. Verizon's zero trust technology blocks connectivity to servers and applications from unknown devices, which makes corporate data virtually invisible to anyone that doesn't have approved access.

Technologies, Techniques, and Standards

Safeguarding SCADA Systems (Water & Wastes Digest) Supervisory control and data acquisition (SCADA) systems are an integral factor for operating any modern water collection, treatment or distribution operation. SCADA systems may consist of a few local controllers and operator interfaces or may be far more complex configurations that include networking, radio telemetry,

Your organisation will be hacked, how will you respond, asks IBM (Computing) Speaking at Computing's Cyber Security Live conference, Mike Spradbery, senior technical leader, IBM Security UK & Ireland, explains what organisations need to think of when building their incident response plans.

Managing the inevitable: what happens when security is breached (Computing) Threats are getting more serious, but defences are evolving too.

Security has a communication problem, and DevOps is the answer, says Chef (Computing) Jeff Mery, VP global solutions architects at Chef tells delegates at Computing's Cyber Security Live conference that treating everything as code helps traditional translation challenges between developers, infrastructure teams and security.

Tension-by-design is a healthy way to run cybersecurity, say panellists (Computing) Managing the friction between compliance and security is all about empathy.

When it comes to 5G, Army says ‘show us what you have’ (C4ISRNET) With 5G expected to become more widespread, the Army is exploring how the new hardware could improve global asset management, “smart depots

Bug Bounties Alone Won't Make You Secure (Forbes) With both Apple and Google each offering one million dollars for bugs, Katie Moussouris, CEO of Luta Security, thinks things may have gotten a little out of hand.

How the FCC’s new ban on Huawei benefits the military (Fifth Domain) 5G technology will introduce new cybersecurity risks to U.S. networks. Here's what FCC did to minimize that risk.

Design and Innovation

Arlo: An open source post-election auditing tool - Help Net Security (Help Net Security) CISA and VotingWorks are working on Arlo, an open source post-election auditing tool provided for free for state and local election officials.

The Debate Over How to Encrypt the Internet of Things (Wired) So-called lightweight encryption has its place. But some researchers argue that more manufacturers should stick with proven methods.

Facebook built a facial recognition app for employees (CNET) The discontinued app could identify employees and their friends who had enabled facial recognition, Facebook said.

Legislation, Policy, and Regulation

Tim Berners-Lee launches 'Contract for the Web' to govern internet giants and governments (Computing) Google, Facebook and others sign-up to Berners-Lee's 'global plan of action to make our online world safe and empowering for everyone'

Russia bans smartphones without local software (BBC News) Supporters say the law on new sales promotes Russian technology but there are concerns about surveillance.

Russia passes law forcing 'locally produced' software onto people's devices (Computing) This is a local internet for local people…

Putin’s New Gadget Ban: Another Warning Sign For Russia (Forbes) Russia has now passed a law banning mainstream consumer gadgets that do not come preinstalled with Russian software.

Data leak details China's 'brainwashing system' (BBC News) Leaked documents show new evidence of China's systematic brainwashing of Uighur and other detainees.

Exposed: China’s Operating Manuals for Mass Internment and Arrest by Algorithm (ICIJ) A new leak of highly classified Chinese government documents reveals the operations manual for running the mass detention camps in Xinjiang and exposed the mechanics of the region’s system of mass surveillance.

US regulators rule that China's Huawei and ZTE threaten national security (CNN) American regulators voted to impose new restrictions on subsidies for American telecom companies Friday. The ruling is designed to constrain Chinese companies, including Huawei and ZTE.

Huawei and ZTE barred from FCC Universal Service Fund (ZDNet) US telcos receiving USF money could be forced to replace existing Huawei and ZTE equipment.

FCC votes to bar China's Huawei, ZTE from government subsidy program (CNBC) The U.S. Federal Communications Commission (FCC) voted 5-0 Friday to designate China's Huawei and ZTE as national security risks

Analysis | The Cybersecurity 202: The U.S. is racking up tactical victories in Huawei fight (Washington Post) Moves in Brussels, Berlin and Brazil are likely to lessen the company's global reach,

Canada's use of Huawei 5G would hamper its access to U.S. intelligence: U.S. official (Reuters) The U.S. national security adviser urged Canada on Saturday not to use Huawei 5G...

Beware a Huawei 'Trojan horse,' U.S. security adviser warns Canada (CBC) The spectre of restricting Canada’s access to Five-Eyes intelligence, if the Liberal government does not ban Huawei from the upcoming 5G network, was raised Saturday as U.S. lawmakers delivered stern warnings about the Chinese telecom giant.

Ursula-Owusu asks int’l community to probe application of cyber-space laws (Ghana Web) The Minister for Communications, Mrs Ursula Owusu-Ekuful, has asked the...

To protect GPS satellites, Esper is against private 5G proposal (C4ISRNET) A plan to use L-Band spectrum for 5G could disrupt GPS satellites, the Secretary of Defense said.

DHS Leadership Turnover Extends Beyond Secretary’s Office (Nextgov) The rotating cast of officials in top tech and cyber jobs could hinder the department’s ability to develop and execute a consistent digital strategy.

Litigation, Investigation, and Law Enforcement

Utilities Targeted in Cyberattacks Identified (Wall Street Journal) More than a dozen U.S. utilities that were targets in a recent wave of cyberattacks have been identified by The Wall Street Journal. Some of the utilities are strategically located near dams, locks and other critical infrastructure.

China defector breaks great wall of silence to expose Beijing’s spies (Times) A self-proclaimed Chinese spy has made explosive claims that Beijing used an alleged “front” company in Hong Kong to infiltrate universities in the former British colony, interfere in elections in...

Defecting Chinese spy offers information trove to Australian government (The Age) Wang “William” Liqiang is the first Chinese operative to ever blow his cover and he has taken his story to ASIO.

Former CIA officer sentenced to 19 years for conspiring with Chinese spies (NBC News) Jerry Chun Shing Lee is the third former U.S. intelligence officer to be convicted in less than a year of conspiring with the Chinese to give them national defense information.

Russian cyber firm hounded in US helped NSA bust 50TB data breach – report (Stock Daily Dish) Russian cyber firm hounded in US helped NSA bust 50TB data breach – report Kaspersky Lab may be portrayed by the US media as an extension of the Russian government using its antivirus software to snoop on gullible Americans, but in 2016 it helped the NSA to bust a massive security breach.

'Almost certain that organised criminal group' behind wave of cyberattacks in SA (SowetanLIVE) SA experienced the single longest running cyber-attack campaign monitored around the world by e-mail and data security company Mimecast between July and September

Aleksei Burkov, Russian accused of operating 'elite' hacking forum, pleads not guilty (CyberScoop) The accused Russian scammer at center of a geopolitical standoff pleaded not guilty Friday to allegations that he operated two hacking forums where members bought and sold payment data worth roughly $20 million.

Federal Reserve Steps Up Scrutiny of Tech Firms That Serve Banks (Wall Street Journal) The Federal Reserve is looking at ways to step up supervision of technology firms that serve the banking industry, amid ongoing concerns about the threat of cybersecurity breaches, a senior official said.

Authorities Arrest Alleged Member of Group That Hacked Jack Dorsey (Vice) The alleged member was arrested around two weeks ago, another member of the hacking group told Motherboard.

Russian Hacker Gets 4 Years in U.S. Prison for Malware Attacks (Bloomberg) Stanislov Lisov pleaded guilty in February to conspiracy. Lisov was arrested in Spain in 2017 and extradited that year.

Russian Hacker Behind NeverQuest Banking Malware Gets 4 Years in U.S. Prison (The Hacker News) Stanislav Vitaliyevich Lisov, Russian Hacker Behind NeverQuest Banking Malware Gets 4 Years in U.S. Prison

Convicted Nigerian fraudster keeps a-fraudin’ from behind bars (Naked Security) He was supposed to be serving a 24-year sentence in the “maximum security” prison, not continuing the fraud… and going to parties.

Graham launches probe of Bidens, Burisma and Ukraine (Washington Post) The Judiciary Committee chairman has asked the State Department for certain communications between former vice president Joe Biden and Ukrainian officials.

Huawei Sues Critics in France Over Remarks on China State Ties (Bloomberg) Claim it’s controlled by the Chinese state is false, it says. The company is seeking to sell 5G equipment in Europe.

Suspect can’t be compelled to reveal “64-character” password, court rules (Ars Technica) Prosecutors say forced disclosure permitted by “foregone conclusion.” Justices disagree.

Botnet Creator Confesses to Hacking Over 800,000 Devices (KoDDoS Blog) A man has confessed and pleaded guilty to creating botnets that transformed more than 800,000 devices into cash-spinning denial-of-service units.

Ponzi Schemes, Private Yachts, and a Missing $250 Million in Crypto: The Strange Tale of Quadriga (Vanity Fair) When Canadian blockchain whiz Gerald Cotten died unexpectedly last year, hundreds of millions of dollars in investor funds vanished into the crypto ether. But when the banks, the law, and the forces of Reddit tried to track down the cash, it turned out the young mogul may not have been who he purported to be.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

ENISA Maritime Cybersecurity Workshop (Lisbon, Portugal, November 26, 2019) The ENISA Maritime Cybersecurity Workshop will be a full-day event and will take place at EMSA's Headquarters in Lisbon, Portugal. The workshop will include presentations and discussions around the topic...

WSJ Pro Cybersecurity Executive Forum (New York, New York, USA, December 3, 2019) Cybersecurity risks are rapidly changing, so this year’s forum and masterclasses have been redesigned to focus on timely topics including: lessons from the most recent major hacks, what and how to report...

International Security Expo 2019 (London, England, UK, December 3 - 4, 2019) International Security Expo, formerly UK Security Expo showcases over 1,000 of the latest innovative security products to help you improve your security. Featured over the 2 days are 13 free to attend,...

Insider Threat Program Development & Management Training (College Park, Maryland, USA, December 3 - 4, 2019) The Insider Threat Defense Group will hold its highly sought after and very affordable Insider Threat Program (ITP) Development & Management Course, at the University of Maryland College Park Campus.

Dallas Cybersecurity Conference (Dallas, Texas, USA, December 4, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.