skip navigation

More signal. Less noise.

Reduce fraud, minimize the attack surface and save millions of dollars.

Let Resecurity collaborate across your vulnerability and risk, threat intelligence, penetration testing and broader security teams to quickly reduce fraud, minimize the attack surface and shut down ongoing attacks, ultimately saving your company millions of dollars. We constantly research the latest techniques and tradecrafts of cybercriminals and nation-state actors, and analyze massive amounts of data in order to stay ahead of the bad actors. 

Daily briefing.

Facebook and Twitter warned yesterday that users may have unwittingly compromised personal information to two data-harvesting apps downloaded from Google Play: Giant Square and Photofy, by developers One Audience and Mobiburn, reports CNBC.

Nursing homes affected by a ransomware attack against Virtual Care Provider, a company that provides the care facilities with a range of IT and security services, have received their ransom demands. Those demands, CBS News says, amount to $14 million. The infection vector appears to have been a protracted series of phishing emails carrying malicious attachments.

The US Department of Energy has released its unclassified evaluation of its cybersecurity program. The inspectors found a variety of familiar, recurring issues at energy installations, including several facilities managed by the National Nuclear Security Administration. Among those issues is a persistent failure to patch.

Sony Pictures was hacked five years ago this week. Principal responsibility for the attack was widely and convincingly attributed (by the US Government and others) to the North Korean government. But the Hollywood Reporter recounts skepticism from film business people who were around Sony Pictures at the time who continue to wonder what happened. Here's the US Department of Justice statement about accused Lazarus Group figure Park Jin Hyok for his role in the Sony attack and other capers.

The US Cybersecurity and Infrastructure Security Agency has issued some advice on how to shop safely during the holiday season. In the US that season opens with Thanksgiving; the shopping season hits the following day, Black Friday.

Notes.

Today's issue includes events affecting China, European Union, Finland, Iran, Democratic Peoples Republic of Korea, Qatar, Russia, Singapore, United States, and Vietnam.

Bring your own context.

The Willie-Suttonesque reasons ransomware extortionists are getting better at their malign game.

"What's happening is, because it's a bigger target with more money at stake, they've gotten more sophisticated tools. And now you can go on the dark web and have ransomware as a service, literally 24-by-7. They - you go buy it for, you know, under a hundred bucks, and you can then target that however you would like and at whom you would ever like. And so it's really gotten more dangerous in terms of that, and that's why the overall numbers are a little bit misleading."

—Bill Connor, president and CEO at SonicWall, on the CyberWire Daily Podcast, 11.21.19.

That's where the money is.

Executives are the backdoor into your organization. Who’s patching that?

Every day, companies are under cyberattack and the personal lives of executives are a weak spot. For too long corporate teams have been unable to protect the executives in their personal lives due to privacy laws/implications and SEC impacts. BlackCloak provides a Concierge Cybersecurity™ solution for these evolving threats and offers a customized cloak of protection to protect corporate executives in their personal lives. Enlist BlackCloak for your executive cyber protection.

In today's Daily Podcast, out later this afternoon, we speak with our partners at Accenture, as Justin Harvey shares some thoughts on smart cities. Our guest, Sam Bakken from OneSpan, discusses mobile app developers protecting against jailbreaking.

Cyber Security Summits: November 21 in Houston and December 5 in Los Angeles (Houston, Texas, United States, November 21, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The US Department of Homeland Security, The FBI, US Department of Justice, Verizon, Center for Internet Security and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Your full day’s attendance will earn you 6 CPEs / CEUs. Passes are limited, secure yours today: www.CyberSummitUSA.com

NXTWORK 2019 EMEA (London, United Kingdom, December 3 - 4, 2019) Join us at NXTWORK 2019 in London to learn, share, and collaborate with GameChangers from companies across the networking industry. This year’s event features keynotes from Juniper executives, breakout sessions, as well as various opportunities for certification testing and training.

CyberMaryland Job Fair, December 5, Baltimore. Visit ClearedJobs.Net or CyberSecJobs.com for details. (Baltimore, Maryland, United States, December 5, 2019) Cleared and non-cleared cybersecurity pros make your next career move at the free CyberMaryland Job Fair, December 5 in Baltimore. Meet face-to-face with leading cyber employers. Visit our site for more details.

CS4CA MENA returns to Dubai on 20th – 21st January 2020. Visit mena.cs4ca.com for details. (, January 20 - 21, 2020) #CS4CA MENA returns to Dubai on 20th – 21st January 2020 for an intimate and exclusive platform promoting in-depth cybersecurity knowledge and collaboration among IT & OT leaders from MENA’s Oil & Gas, Utilities, Chemicals, Aviation, Transport, Manufacturing industries.

Cyber Attacks, Threats, and Vulnerabilities

Auditors Uncover Tens of Thousands of Critical Security Gaps At Energy Facilities (Nextgov.com) The review, which included locations operated by the National Nuclear Security Administration, revealed multiple cybersecurity weaknesses recurring year after year.

Ginp Android Banker Sets as Default SMS App, Steals All Text (BleepingComputer) A new strain of mobile banking trojan called Ginp has been constantly refined to collect login credentials and credit card details.

Some Fortinet products shipped with hardcoded encryption keys (ZDNet) It took Fortinet 18 months to fix the issue. Updates are now out.

FortiGuard Used Hardcoded Key, XOR to Encrypt Communications (BleepingComputer) Security researchers found that multiple security products from Fortinet use weak encryption and static keys to communicate with FortiGuard services in the cloud, such as AntiSpam, AntiVirus, and Web Filter.

Facebook and Twitter say hundreds of users accidentally gave improper access to personal data through third-party apps (CNBC) Facebook and Twitter announce that personal data of hundreds of users may have been improperly accessed after they used their accounts to log in to certain apps.

Warning over spike in attacks on exposed Docker platforms (Computing) Attackers have already scanned nearly 59,000 IP networks, claim researchers

Forget zero-days, the most dangerous vulnerabilities are decades old, says ethical hacker (Computing) Ethical hacker Holly Grace Williams on the blind spots that lead to companies being compromised

Exploit kits are slowly migrating toward fileless attacks (ZDNet) Three out of the nine exploit kits active today are using fileless attacks to infect victims.

Mystery blurs dump of over 1 billion people's personal data (Tech Explore) Two security sleuths last month discovered an enormous amount of data that was left exposed on a server. Data found on the server belonged to around 1.2 billion people.

Tech service provider for nursing homes a ransomware victim (Washington Post) Hackers have launched a ransomware attack against a Milwaukee-based company that provides technology services to more than 100 nursing homes nationwide

Hackers demand $14 million from nursing homes in ransomware attack (CBS News) Some facilities unable to access patient records, order drugs or pay employees after their computers were hijacked

Vulnerability Summary for the Week of November 18, 2019 (CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.  

Cyber Trends

Cybercriminals targeting e-commerce website vulnerabilities this holiday season (Help Net Security) Expect unprecedented levels of online data theft this holiday season due to a lack of deployed client-side security measures.

The New Norm (Trend Micro) The year 2020 marks the transition to a new decade, and recent notable events and trends signify a similar changeover in the threat landscape.

Fingerprints - Access all areas - Using biometrics to make it genius (Fingerprints) We all have several things to open, access and unlock, multiple times daily. Buildings, devices, padlocks, vehicles, servers – the list goes on.

Over 38 Million Healthcare Records Exposed in Breaches Over 2019 (BleepingComputer) This October was the month with the largest number of data breaches formally reported by entities in the healthcare sector.

10 Predictions How AI Will Improve Cybersecurity In 2020 (Forbes) Capgemini predicts 63% of organizations are planning to deploy AI in 2020 to improve cybersecurity, with the most popular application being network security.

From afterthought to providence, cybersecurity’s journey has come full circle (SiliconANGLE) From afterthought to providence, cybersecurity’s journey has come full circle - SiliconANGLE

7 Big Ideas from Cybersecurity Leaders We've Interviewed | Bricata (Bricata) This post brings together powerful ideas from the interviews we've conducted with cybersecurity leaders for our Q&A series.

Marketplace

Cybersecurity Firm Buguroo Raises $11M to Build on Its Success in Europe and Latin America, Now Sets Its Sights on Global Expansion (PR Newswire) Madrid-based cybersecurity firm buguroo has secured $11 million in Series A funding to bring its Deep Learning based online fraud detection and...

Detectify raises additional €21M for its ethical hacker network (TechCrunch) Detectify, the Sweden-born cybersecurity startup that offers a website vulnerability scanner powered by the crowd, has raised €21 million in further funding. Leading the round is London-based VC firm Balderton Capital, with participation from existing investors Paua Ventures, Inventure and Insight …

Cymulate raises $15 million to expand its cloud-based security platform (VentureBeat) Cymulate today announced that it has raised $15 million in venture capital as the cybersecurity company seeks to expand its cloud-based platform.

Palo Alto Networks acquires Aporeto for cloud security (ZDNet) Meanwhile, Palo Alto reported Q1 results above expectations; Nutanix also reported solid Q1 results.

Dell to explore sale of RSA Security (TechCentral) Dell Technologies is exploring a sale of RSA Security, a cybersecurity business it hopes could fetch at least US$1-billion, including debt, according to people familiar with the matter.

Dell to Explore Sale of RSA Cybersecurity Unit (Bloomberg) Computer maker’s unit could fetch at least $1 billion in sale. Dell acquired RSA through its 2016 takeover of EMC Corp.

Proofpoint Completes the Acquisition of ObserveIT (Yahoo) Proofpoint, Inc., (PFPT), a leading cybersecurity and compliance company, today announced it has completed its acquisition of ObserveIT, the leading insider threat management platform. “More than 30% of all data breaches are the result of insider threats and only a people-centric approach to data security

Kape’s transformational acquisition (Investors Chronicle) An acquisition should prove to be a game changing deal for the cyber security software company

Jacobs further steps away from 'E&C' label as KeyW integration moves ahead (Washington Technology) By rebrand and recasting itself, Jacobs begins to tell investors a different story about the company with the acquisition of KeyW Corp. a critical piece of that new narrative.

Google Fires Four Workers, Including Staffer Tied to Protest (Bloomberg) Move comes after employee protests and union organizing. Tension has been rising between company management and staff.

Champagne, shotguns, and surveillance at spyware’s grand bazaar (MIT Technology Review) The world’s leading surveillance and spyware companies gathered in Paris to meet growing demand from governments around the world.

If We Could Share What NSO Really Does, Media Discourse Would Change, Says Exec (CTECH) Shiri Dolev, president and chief product officer of Israeli cyber surveillance company NSO, spoke Monday at Calcalist’s Mind the Tech conference in Tel Aviv

Zscaler Stock Is Surging Because the Company Is ‘Future-Proof’ (Barron's) Bank of America Merrill Lynch analyst Daniel Bartus raised his rating on the company to Buy from Neutral, with a new price target of $68, up from $65.

Cygilant Establishes Customer Advisory Board to Help Guide Long-Term Strategy and Future Security-as-a-Service Offerings (BusinessWire) Cygilant established a customer advisory board to guide the company’s future offerings and growth. First member is Will Semple of eBay.

Former DHS CIO Zangardi Joins Leidos (Defense Daily) Leidos on Monday said that John Zangardi, who resigned from the Department of Homeland Security in mid-November after two years as chief information office

CyberArk Names Matthew Cohen Chief Revenue Officer (BusinessWire) CyberArk, (NASDAQ: CYBR), the global leader in privileged access management, announced that Matthew Cohen will join CyberArk’s executive management te

Products, Services, and Solutions

Anitian Completes SOC 2 Type I Certification for Security Operations Services (Anitian) This rigorous audit validates Anitian as a trusted partner for cloud security operations

Coronet Partners with Coalition to Offer Combined Enterprise-Grade Cyb (PRWeb) Leader in small business cybersecurity Coronet today announced a cutting-edge partnership with Coalition, the leading cyber insurance provider for small an

Qualys Brings its Vulnerability Management Solution to the Next Level (Dark Reading) Introducing VMDR: Vulnerability Management, Detection, and Response. VMDR delivers a continuous cycle of protection from a single pane of glass with built-in orchestration workflows and real-time vulnerability detection to prioritize, remediate, and audit across hybrid IT environments.

ForgeRock Expands Relationship with Amazon Web Services (West) Support for AWS Resources with AWS Session Tags Designed to Further Streamline User Access

Tanium Announces Key Platform Enhancements to Help Customers Achieve Visibility, Management & Security Across Endpoints (Dark Reading) Unified endpoint management and security breaks down organizational silos and provides IT teams with unprecedented visibility and control of their environment.

Sonatype Fully Automates Container Security (Container Journal) Nexus Lifecycle delivers open API for best-in-class policy control for all container layers   Fulton, MD, Nov. 25, 2019 (GLOBE NEWSWIRE) -- Sonatype,

Sumo Logic Expands Global Intelligence Service | Markets Insider (markets.businessinsider.com) Sumo Logic, a leader in continuous intelligence, today continues to follow-through with ...

SyncDog Enables Small Businesses by Easing New Hire Onboarding and Mobile Device Security (BusinessWire) SyncDog Inc., the leading Independent Software Vendor (ISV) for next generation mobile security and data loss prevention, provides unrivaled support f

Code42 Offers New Insider Risk Detection Capabilities to Help Security Teams Quickly Spot Data Theft When Employees Resign and Depart (BusinessWire) Code42 has advanced its data security solution with new capabilities designed to help companies defend against the rising tide of insider threats.

AlgoSec’s Network Security Management Solution Now on Cisco’s Global Price List (EIN) AlgoSec extends Cisco ACI’s policy-based automation to security devices in the Data Center

Technologies, Techniques, and Standards

Finland becomes the first European country to certify safe smart devices – new Cybersecurity label helps consumers buy safer products (Traficom) The Finnish Transport and Communications Agency Traficom has today launched a Cybersecurity label. The label guarantees to consumers that the labelled devices have basic information security features. The Cybersecurity label can be awarded to networking smart devices if the devices meet the certification criteria, which are based on EN 303 645. With the label, Traficom aims to raise consumer awareness of information security and the safe use of connected devices.

Reports of Pemex cyberattack has U.S. companies taking precautions (Houston Chronicle) American oil companies operating south of the border are stepping up their cybersecurity measures following reports of a ransomware attack that allegedly knocked out computers at Mexico's state-run oil company Petroleos Mexicanos, or Pemex.

CISA Releases “Cyber Essentials” to Assist Small Businesses Updated (The National Law Review) On November 6, 2019, the Department of Homeland Security (“DHS”), Cybersecurity & Infrastructure Security Agency ("CISA") released its Cyber Essentials guide.

Shop Safely (CISA) The holiday season is a prime time for hackers, scammers, and online thieves. While millions of Americans will be online looking for the best gifts and Cyber Monday deals, hackers will be looking to take advantage of unsuspecting shoppers by searching for weaknesses in their devices or internet connections or attempting to extract personal and financial information through fake websites or charities.

Huawei controversy shows US need for robust supply chain security strategy (C4ISRNET) As 5G implementation picks up, the U.S. government needs an established and repeatable process to mitigate supply chain security risks.

Increased Ransomware Attacks Affecting All Industries (JD Supra) Organizations across all industries, including government agencies, are facing a surge of ransomware attacks launched by cybercriminals. New types of...

Time to Warn Users About Black Friday & Cyber ... (National Cyber Security) Warn your employees to avoid the inevitable scams associated with these two “holidays,” or you risk compromising your company’s network.

These 4 Tips Will Make You Fluent in Cyber Risk (ZeroNorth) Understanding the Security Gap According to a recent report by the Advanced Cyber Security Center, 91% of organizations say their boards believe cybersecurity presents some level of business risk. However, 64% of those respondents also agreed the role of their company’s board in digital transformation initiatives is an early-stage or maturing partnership. These numbers highlight …

Ad-blocking companies block ‘unblockable’ tracker (Naked Security) Ad-blockers have figured out a way to block the unblockable – a pernicious tracker technique that hides advertising networks in plain sight.

Stop Throwing Spaghetti at the Wall (Infosecurity Magazine) The SOC Visibility Triad signifies a massive paradigm shift in cybersecurity

Activity around DOD's new cyber certification to heat up in early 2020 (Washington Technology) Activity around the Defense Department's new cybersecurity certification for contractors should heat up in early 2020 and expectations are that civilian requirements will begin to hit in 2021.

Research and Development

Cyberwarriors lack planning tools. That could change. (Fifth Domain) Cyberwarriors still don't have a robust cyber-planning tool that spans across all services and teams within U.S. Cyber Command. The Air Force and Strategic Capabilities Office is continuing DARPA's work to change that.

Academia

Major role possible for USC Aiken as Cyber Command brings opportunity to South Carolina (Aiken Standard) The establishment of the U.S. Army’s new Cyber Command headquarters at Fort Gordon and other related developments have created a “huge opportunity” for the entire Palmetto State, University of South

Legislation, Policy, and Regulation

Tim Berners-Lee unveils global plan to save the web (The Guardian) Inventor of web calls on governments and firms to safeguard it from abuse and ensure it benefits humanity

The EU doesn’t have a sense of its disinformation problem — this report suggests the policy changes it can make (Nieman Lab) "In the long run, it is unsustainable for public authorities and private companies to be allowed to mark their own homework in such an important area with no independent oversight."

China issues directive to 'intensify' protections around intellectual property rights (TheHill) The Chinese government on Sunday announced it was “intensifying” intellectual property rights protections, as Washington and Beijing struggle to reach a trade deal due in part to disagreements over IP issues.

The EU says security is not the only concern when it comes to 5G (CNBC) European governments should consider the wider consequences of handing out contracts to 5G suppliers, according to an EU document seen by CNBC.

Analysis | The Cybersecurity 202: U.S. officials fret about hacking by a new generation of nations (Washington Post) Vietnam, Qatar and others are entering a field once dominated by Russia and China

With U.S. cyber policy, clear lanes still hard to come by (FCW) The elevation of CISA and maturation of Cyber Command have clarified 'big picture' responsibilities for the U.S. government's cyber mission, but private-sector coordination remains a question mark.

Ohio gears up cyber-soldiers for virtual defense tactics in 2020 (Crain's Cleveland Business) From Bloomberg: Cyberattacks in Ohio have disrupted airport flight displays, led to the shutdown of a help line during a winter storm and cut off access to police investigation reports temporarily. The Buckeye State is fighting back.

Litigation, Investigation, and Law Enforcement

European police attack Islamic State's online presence (Reuters) European police agencies have knocked out several internet servers used by Islam...

First target of Singapore’s ‘fake news’ law is Facebook post that alleged a failed state investment in Salt Bae (Washington Post) The government says the post by the opposition lawmaker inaccurately described how state investors work.

Apple Settles Allegations of U.S. Sanctions Violations (Wall Street Journal) The technology giant allegedly violated U.S. sanctions by hosting, selling and facilitating the transfer of software applications from a Slovenian software company that was previously blacklisted by the U.S., according to the Office of Foreign Assets Control

OneCoin crypto-scam lawyer found guilty of worldwide $400m fraud (Naked Security) A lawyer who boasted of making “50 by 50” – as in, $50m by the age of 50 – is now facing a potential 50+ years behind bars.

Retired colonels bribed active-duty officers, paid military spouse $1.2 million for ‘no-show’ job, to win IT contracts (Army Times) A retired colonel has pleaded guilty in a $20 million bribery scheme.

Who Leaked ‘Sword And Shield’ Secrets? Pokémon Lawyers Want To Catch ’Em All (Forbes) Pokémon lawyers blame four Discord users for leaking Sword and Shied game secrets before launch. They now want Discord and 4Chan to help identify them.

Five Years Later, Who Really Hacked Sony? (The Hollywood Reporter) The massive cyberattack just before Thanksgiving 2014 crippled a studio, embarrassed executives and reshaped Hollywood. The FBI blamed a North Korea scheme to retaliate for the comedy 'The Interview,’ but many whose lives were upended have doubts. Says Seth Rogen: "The fact that [co-director Evan Goldberg and I] were never really specifically targeted always raised suspicions in my head."

Perspective | Trump’s conspiracy theory about ‘the server’ threatens election security (Washington Post) The president has gone to bizarre lengths to ascertain the whereabouts of a computer that effectively doesn't exist.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

ENISA Maritime Cybersecurity Workshop (Lisbon, Portugal, November 26, 2019) The ENISA Maritime Cybersecurity Workshop will be a full-day event and will take place at EMSA's Headquarters in Lisbon, Portugal. The workshop will include presentations and discussions around the topic...

WSJ Pro Cybersecurity Executive Forum (New York, New York, USA, December 3, 2019) Cybersecurity risks are rapidly changing, so this year’s forum and masterclasses have been redesigned to focus on timely topics including: lessons from the most recent major hacks, what and how to report...

International Security Expo 2019 (London, England, UK, December 3 - 4, 2019) International Security Expo, formerly UK Security Expo showcases over 1,000 of the latest innovative security products to help you improve your security. Featured over the 2 days are 13 free to attend,...

Insider Threat Program Development & Management Training (College Park, Maryland, USA, December 3 - 4, 2019) The Insider Threat Defense Group will hold its highly sought after and very affordable Insider Threat Program (ITP) Development & Management Course, at the University of Maryland College Park Campus.

Dallas Cybersecurity Conference (Dallas, Texas, USA, December 4, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.