skip navigation

More signal. Less noise.

MVISION Insights: Move Beyond Intelligence to Insights that Empower You to Change Your Environment.

Harnessing the power of one billion threat sensors worldwide, McAfee designs security fueled by Insights. MVISION Insights enables you to move beyond intelligence and empowers you to change your environment. Identify with Machine Learning. Defend and correct with Deep Learning. Anticipate with Artificial Intelligence. Move your security out of reactive mode to a proactive posture. McAfee, the device-to-cloud cybersecurity company. Go to McAfee.com/insights to learn more.

Daily briefing.

The attack Australian logistics company Toll Group sustained Sunday is ransomware, IT News reports, specifically the Mailto strain. The Australian Signals Directorate says it’s unclear whether the Mailto attacks are part of a larger campaign.

SentinelLabs reports on renewed activity against Ukrainian targets by the Gamaredon Group, a state-sponsored APT that Ukrainian security services associate with Russia’s FSB. (The FSB is generally regarded as Cozy Bear’s proprietor.) SentinelLabs sees the activity as a bellwether for future hybrid war: when kinetic fighting slows or freezes due to strategic, operational, or diplomatic pressures, expect an intensification of activity in cyberspace.

Security firm Certfa Lab is calling out Charming Kitten, the well-known Iranian APT, as the group responsible for a recent phishing campaign that spoofed a Wall Street Journal writer’s email to prospect targets for further compromise.

Cybereason found a malware campaign using Bitbucket repositories as its launching point. Atlassian's Bitbucket Support took down the affected repositories within hours of Cybereason's warning.

Iowa Democrats continue to count caucus results, with 97% of the precincts accounted for this morning. The problems at the caucus are attributed not to hacking, but to Shadow’s IowaReporterApp, which proved difficult to use and unable to transmit results correctly to state party headquarters. The emerging consensus is that IowaReporterApp was hastily put together and inadequately tested. ProPublica obtained a copy of the app and sent it to Veracode for a security assessment. Veracode found that “vote totals, passwords and other sensitive information could have been intercepted or even changed." 

Notes.

Today's issue includes events affecting Australia, Belarus, China, Estonia, France, Netherlands, Norway, Russia, Ukraine, United Kingdom, United States.

Bring your own context.

So you're being sued. You should delete all that discreditable stuff in your files, right? No, no, don't do that. But what if you did?

"And this rule, as - you know, they quote a retired judge here, making the statement this rule is sort of backwards. It requires that a litigant who claims the other side destroyed or didn't keep evidence - they have to prove that whatever was destroyed would have been unfavorable to the person destroying it. Now, that presents the very obvious Catch-22. How do you know it's unfavorable if that data has already been destroyed? And this is just an absolutely daunting hurdle for litigants. And usually, these litigants will have fancy, hotshot lawyers. But they're oftentimes, you know, people who use the products produced by these corporations or, you know, people alleging some sort of injury as a result of corporate action. And it's just because of this rule that's very favorable to these corporations, it's going to be much harder for those plaintiffs to seek relief."

—Ben Yelin, of the University of Maryland's Center for Health and Homeland Security, on the CyberWire Daily Podcast, 2.4.20.

OK, absence of evidence isn't evidence of absence, but c'mon, throw the plaintiff a bone.

Coming soon: CyberWire Pro.

Our new subscription program, CyberWire Pro, will be available soon. Designed for cyber security professionals and others who want to stay abreast of our rapidly evolving industry, CyberWire Pro is a premium news service that will save you time and keep you informed. Learn more and sign up to get launch updates here.

Aerospace news worthy of attention.

If you're interested in space and communications (technology, policy, business, and operations), take a look at Cosmic AES Signals & Space. Produced in partnership with the CyberWire, Signals & Space offers a monthly overview of news in this sector.

Investigating China’s Disinformation Campaigns

Cyber influence campaigns have plagued countries across the globe in the past few years, with foreign policy objectives, economic goals, and public opinion caught in the crossfire. LookingGlass researchers have tracked over 2000 People’s Republic of China-related influence operators on Twitter to better understand the current landscape. In our next webinar, Tom Creedon will explore these findings to gain an understanding of operator account patterns and targets. Save your seat for February 6 at 1pm ET.

In today's CyberWire Daily Podcast, out later this afternoon, we speak with our partners at Accenture, as Justin Harvey discusses DNS over HTTPS (DoH). Our guest is Peter Smith from Edgewise Networks, and he talks about defending against Python attacks (the programming language, not the big constricting snake that drops its coils on you from a tree).

And Hacking Humans is up. In this episode, "I wouldn't want my computer to be disappointed," Dave finally has good news. Joe shares a fake website created by the US Trading Commission... which doesn't exist. The catch of the day threatens FULL DATA LOSS! Later in the show, Anna Collard is the founder of security content publisher Popcorn Training – a South African company that promotes Cyber Security awareness by using story-based techniques. Our conversation centers on the state of cyber security in Africa.

Cyber or Cleared Job Fair, February 13, San Antonio. (San Antonio, Texas, United States, February 13, 2020) Cleared and non-cleared cybersecurity pros make your next career move at the Cyber or Cleared Job Fair, February 13 in San Antonio. Meet face-to-face with leading cyber employers. Visit our site for more details.

CyCon 3.0 (Sterling, Virginia, USA, February 15, 2020) Join us at this upcoming cybersecurity event in Loudoun, VA with a full lineup of industry experts, speakers and federal contractors presenting on cutting-edge topics in the domain of cyber. This event is FREE for everyone! Register today!

RSAC 2020 (San Francisco, California, United States, February 24 - 28, 2020) Connect to the people and ideas that matter. To your growth. To your organization. At RSAC 2020, February 24 – 28, explore current and emerging trends, gain valuable skills and network with peers. Register today!

Cyber Attacks, Threats, and Vulnerabilities

The intelligence community’s questions on supply chain security (Fifth Domain) Here's what the Office of the Director of National Intelligence general counsel said the IC is wrestling with.

Charming Kitten Uses Fake Interview Requests to Target Public Figures (Threatpost) APT group poses as a former Wall Street Journal journalist to launch phishing campaigns and steal victim email account details.

Fake Interview: The New Activity of Charming Kitten (Certfa) Certfa Lab has identified a new series of phishing attacks from the Charming Kitten, the Iranian hacking group who has a close relationship with Iran’s state and Intelligence services. According to our investigation, these new attacks have targeted journalists, political and human rights activists. These phishing attacks are in line with the previous activities of the group that companies like ClearSky and Microsoft have reported in detail in September and October 2019.

Why the Iranian cyberthreat has become ‘more dynamic’ (Fifth Domain) Following the death of a top Iranian general, one top U.S. official noted the growing forces that could exploit the rift between the United States and Iran.

Russia Unleashes New Weapons In Its ‘Cyber Attack Testing Ground’: Report (Forbes) A new report exposes escalating Russian cyber attacks on Ukraine—but this is really about targets much further west.

Pro-Russian CyberSpy Gamaredon Intensifies Ukrainian Security Targeting (SentinelLabs) Read how the Gamaredon group wages a silent cyber war against the Ukraine even when all other domains are denied by the strategic or political framework.

FBI director warns of ongoing Russian ‘information warfare’ (Fifth Domain) The FBI and Department of Homeland Security Department are on alert for possible election-related instructions like those that occurred in 2016.

The Cybersecurity 202: Here’s why NSA rushed to expose a dangerous computer bug (Washington Post) The National Security Agency is known for keeping secrets. But a bug it recently discovered in Microsoft's operating system was so potentially catastrophic that it fast-tracked a lengthy decision-making process to alert the company and the public as quickly as possible.

Iowa Democratic Party releases 85% of caucus results but an error forces correction (Des Moines Register) "There will be a minor correction to the last batch of results and we will be pushing an update momentarily," the Iowa Democratic Party said in a tweet.

An ‘Off-the-Shelf, Skeleton Project’: Experts Analyze the App That Broke Iowa (Vice) Multiple experts analyzed Shadow Inc.’s Iowa caucus app. They found all kinds of problems.

Theresa Payton Wonders Why the Iowa Democratic Party Declined Testing the App by Homeland Security (News 1110am 99.3fm WBT) The Iowa Caucus chaos may have been prevented, had the app been tested properly.

Report: Iowa Caucus App Vulnerable to Hacking (BankInfo Security) A review of the mobile app that malfunctioned during Iowa’s critical tally of the Democratic Party’s caucus has uncovered a security vulnerability, ProPublica

The Iowa Caucuses App Had Another Problem: It Could Have Been Hacked (ProPublica) While there is no evidence hackers intercepted or tampered with the results, a security firm consulted by ProPublica found that the app lacks key safeguards.

‘We Feel Really Terrible,’ Says CEO Whose App Roiled Iowa Caucus (Bloomberg) The chief executive of the technology company whose app threw the Iowa caucuses into disarray Monday night defended his company but apologized for a technological glitch that angered candidates, left voters baffled and upended the opening act of the 2020 Democratic presidential primary.

Iowa Election Snafu: What Happens When IT And Cybersecurity Best Practices Are Ignored (Forbes) The failure of a mobile app that disrupted the Iowa Democratic caucuses was really management's failure to ensure that the app adhered to IT and cybersecurity best practices and standards.

Emotet attacks— a spike to start the year... (Menlo Security) The Emotet malware has built a formidable infrastructure over time and can be destructive to an organization if not mitigated in a timely manner. isolation- or- block approach ensures that all web content is considered risky and is prevented from accessing users’ devices.

New Real Estate Research: Attackers Target the Full Transaction Chain (Proofpoint US) To uncover the top cyberattack trends—and detail necessary safety tips—we examined more than 600 U.S. real estate transaction attack attempts and here’s what we uncovered.

Cybereason Uncovers Malware Distributed via Bitbucket Repositories (Security Boulevard) Cybereason discovered a malware campaign that has been leveraging Bitbucket repositories from Atlassian to launch cyberattacks.

Cybercriminals abuse Bitbucket to infect users with potpourri of malware (SC Media) Cybercriminals have been abusing Bitbucket to store a wide range of malware, in a plot to infect users who download cracked versions of commercial software.

The Hole in the Bucket: Attackers Abuse Bitbucket to Deliver an Arsenal of Malware (Cybereason) Cybereason is following an active campaign to deliver multiple different types of malware to victims all over the world. This attack is able to steal data, mine for cryptocurrency, and in specific cases deliver ransomware.

This crafty malware makes you retype your passwords so it can steal them (ZDNet) Metamorfo banking trojan has expanded its campaign to target online users' banking services.

Cisco Flaws Put Millions of Workplace Devices at Risk (Wired) Five vulnerabilities in Cisco Discovery Protocol make it possible for a hacker to take over desk phones, routers, and more.

New Ransomware Strain Halts Toll Group Deliveries (BleepingComputer) Australian transportation and logistics company Toll Group confirmed today that systems across multiple sites and business units were encrypted by a new variant of the Mailto ransomware.

ACSC gets to grips with Mailto threat after Toll Group infection (iTnews) Releases hash of ransomware "from this incident".

A Queen’s Ransom: Varonis Uncovers Fast-Spreading "SaveTheQueen" Ransomware (Inside Out Security) A new strain of ransomware encrypts files and appends them with the extension, “.SaveTheQueen,” and propagates using the SYSVOL share on Active Directory Domain Controllers. Our customers encountered this malware...

New ransomware with '.SaveTheQueen' extension discovered by Varonis (Information Age) Varonis has uncovered a new strand of ransomware that encrypts files and adds the extension '.SaveTheQueen' to it

Sodinokibi Ransomware Active Among Cybercriminals (CISO MAG | Cyber Security Magazine) A new ransomware infection, dubbed Sodinokibi, is popular among cybercriminals and is attacking dozens of high-profile victims.

Data leaks and hacking reports rise, Maastricht Uni comes clean on ransomware (DutchNews.nl) The Dutch data protection authority AP received more than 27,000 reports of data leaks last year, most of which came from the financial sector, the agency said on Thursday. In total, the number of leaks rose 29% on 2018, while attacks on companies and individuals involving hacking, phishing and ransomware rose 25%, the agency said. The AP suspects the true number of data leaks may be higher because not all companies and leaks report leaks, even though they are required...

The time I sabotaged my editor with ransomware from the dark web. (Bloomberg) As you may be aware, there’s money to be made on the internet. The question, of course, is how. Not everyone has the reality-distortion skills to start their own tech unicorn, or the Stanford connections to become an early employee there, or the indifference to sunlight necessary to become a world-class Fortnite gamer.

Greenville Water cyber attack caused by employee clicking phishing email (WSPA 7News) Greenville Water officials say that a cyber attack happened after an employee clicked on a phishing email. We previously reported that the company was the target of …

Houston orthopedic practice reports malware attack: 5 details (Becker's Spine Review) Patient records of K. Mathew Warnock, MD, of Fondren Orthopedic Group, were damaged in a November malware attack.

The Dark Side of Smart Lighting: Check Point Research Shows How Business and Home Networks Can Be Hacked from a Lightbulb | MarketScreener (MarketScreener) Check Point Research, the Threat Intelligence arm of Check Point® Software Technologies Ltd. , a leading provider of cyber security solutions globally, has today revealed... | February 5, 2020

Academics steal data from air-gapped systems using screen brightness variations (ZDNet) Israeli researchers use quick flickers in LCD screen brightness to encode and exfiltrate data.

LCD pwn System: How to modulate screen brightness to covertly transmit data from an air-gapped computer... slowly (Register) To be honest, it was the impracticality and inefficiency that first attracted us to this otherwise cunning exfiltration

Coronavirus “safety measures” email is a phishing scam (Naked Security) Sadly, cybercrooks love a crisis, because it gives them a believable reason to contact you with a phishing scam. Take care out there!

PayPal SMS scams – don’t fall for them! (Naked Security) Text messages may be old hat – but SMS is still a handy tool for crooks out to find more about you.

Microsoft says it detects 77,000 active web shells on a daily basis (ZDNet) Microsoft detects and tracks a daily average of around 77,000 active web shells, spread across 46,000 infected servers.

What is Malware Obfuscation? (Infosec Resources) IT Security Training & Resources by Infosec

Security Patches, Mitigations, and Software Updates

Cisco Patches Critical CDP Flaws Affecting Millions of Devices (BleepingComputer) Five critical vulnerabilities found in various implementations of the Cisco Discovery Protocol (CDP) could allow attackers on the local network to take over tens of millions of enterprise devices as discovered by IoT security company Armis.

Critical Android flaws patched in February bulletin (Naked Security) Google has patched Android bugs that include a couple of critical flaws that could let hackers run their own code on the mobile operating system.

Facebook will let parents see kids’ chat history, peer into inbox (Naked Security) It’s revamping Messenger Kids with new parental controls and updated information on its children’s data policy.

Cyber Trends

Cyberattackers decreased their activity at the end of 2019, but only to change tactics (Help Net Security) Malicious cyber-activity was down partly as a result of hectic holiday schedules with fewer employees around to interact with malicious activity.

Global Security Report: End of Year 2019 (AppRiver) In 2019, Attackers continued to embrace malware distribution via URL While the distribution of banking trojans remained popular in 2019, we also saw a notable spike in ransomware as a secondary stage of infection. Attackers continued to evolve and improve their distribution methods and have begun widely embracing Living of the Land techniques to lend validity to their malicious campaigns.

Global DDoS Threat Landscape (Imperva Resource Library) While 2019 saw the largest network and application layer attacks ever recorded, attacks were overall smaller, shorter, and more persistent. In this report, security experts from Imperva Research Labs analyze DDoS attack sizes, duration, persistence, and more.

2019 Global DDoS Threat Landscape Report (Imperva) Today Imperva Research Labs, made up of senior researchers and industry experts who have been delivering sound and valid advice for over 15 years, is releasing a brand new Global DDoS Threat Landscape Report. The report is a statistical analysis of 3,643 network layer DDoS attacks throughout 2019 and 42,390 application layer DDoS attacks mitigated …

Palo Alto Networks Report Finds Poor Security Hygiene Leads to Escalating Cloud Vulnerabilities (PR Newswire) Palo Alto Networks (NYSE: PANW), the global cybersecurity leader, today released research showing how vulnerabilities in the development of...

Ransomware Attack on Hospital Shows New Risk for Muni-Bond Issuers (Yahoo) (Bloomberg) -- Hackers have finally done what bond issuers may have feared most from cyber criminals.A ransomware attack on Pleasant Valley Hospital in West Virginia was partly responsible for the hospital’s breach of its covenant agreement, according to a notice to the hospital’s bondholders from the

How ransomware insurance that protects companies and communities can also embolden criminals (CBC) Spurred by reports of criminals hijacking computer networks and demanding payment, many governments and companies are buying insurance against these high-tech crimes. But security experts warn that insuring against attacks — and, in particular, paying ransoms — is likely only to embolden criminals.

More data leaks, ransomware attacks reported to data protection authority (NL Times) Companies and institutions reported nearly 27 thousand data breaches to the Dutch Data Protection Authority last year, an increase of 29 percent compared to 2018. Most of the leaks came from companies in the financial sector. The number of data leaks due to cyber attacks also increased, especially in the case of ransomware, NOS reports. "We are seeing a huge increase in data breaches," Monique Verdier of the Dutch Data Protection Authority said to the broadcaster.

Adversarial artificial intelligence winning the cyber security battle (Information Age) Cybercriminals are utilising artificial intelligence to launch more effective cyber attacks and it's time to fight fire with fire

Marketplace

Coronavirus outbreak starts to hit tech industry (Computing) Graphics cards, motherboards, Apple iPhones and Nintendo consoles all affected by measures taken to combat the spread of Coronavirus

Cybersecurity company Forescout to be acquired by Advent in all-cash deal valued at $1.9 billion (MarketWatch) Forescout Technologies Inc. said Thursday it has reached an agreement to be acquired by private-equity firm Advent International in an all-cash deal valued...

Senate Democrats Nix Contract Talks With Company Behind Disastrous Iowa App (The Daily Beast) The Democratic Senatorial Campaign Committee had been looking to do business with Shadow. After the caucus blow-up, that won’t be happening.

RSA Conference Reveals RSAC Launch Pad 2020 Participants (Yahoo) RSA® Conference, the world’s leading information security conferences and expositions, today revealed the three cybersecurity startups selected to participate in the second annual RSAC Launch Pad. The event gives early stage startups a platform to introduce their potentially groundbreaking solutions

Lockheed launches $100K small biz innovation program here (Orlando Business Journal) The initiative invites small firms in Lake, Orange, Osceola and Seminole counties to submit proposals and compete for the money.

VMware and Box Chase Future in Cybersecurity ‘Wild West’ (Data Center Knowledge) Gelsinger: Security is "the fastest growing line item for IT and the number and scope of breaches has increased.”

Cygilant Opens New Burlington, Mass. Headquarters to Accommodate Growth (Yahoo) Cygilant today announced its expansion to new headquarters in Burlington, Mass. and formally named Steve Harrington as vice president of marketing.

Cybersecurity Firm Affirms Commitment to Growth with Renaming, U.S. Expansion, and New Senior Leadership (PR Newswire) Network Test Labs (NTL) today announced their rebranding and renaming to CyberClan, expansion into the American market as a new U.S. company,...

PerimeterX Expands Executive Leadership Team to Fuel Growth and Drive Scale (Benzinga) PerimeterX, the leading provider of application security solutions that keep web businesses safe in the digital world, has...

Tenable Appoints Mark Thurmond as Chief Operating Officer (Tenable®) Global cybersecurity leader deepens executive bench with technology industry veteran Tenable®, Inc., the Cyber Exposure company, today announced it has appointed Mark Thurmond as Chief Operating Officer (COO). In this role, Thurmond will lead Tenable’s global field operations, including sales, professional services and technical support. Thurmond’s appointment adds another layer of depth to Tenable’s executive bench as the company continues to deliver on its Cyber Exposure vision to help business executives and security teams understand and reduce cybersecurity risk.

Veteran FireEye President Travis Reese To Exit In Executive Reshuffling (CRN) Longtime FireEye second-in-command Travis Reese will retire March 1 as the platform security giant tightens its org chart to accelerate execution and drive operational discipline.

Products, Services, and Solutions

Clango Partners with SailPoint to Offer Industry-Leading Identity Governance Solution (PR Newswire) Clango, an independent cybersecurity advisory firm and provider of identity and access management solutions, today announced a new partnership...

Hunters Takes Generational Leap in AI-based Threat Hunting (Globe Newswire) Collaboration with new ally Snowflake to boost velocity and effectiveness of data-driven autonomous threat detection

IoTopia - GlobalPlatform (GlobalPlatform) The standard for secure digital services and devices

Cygna Labs Assumes Management of Auditor Suite from BeyondTrust (Benzinga) Deal ensures ongoing maintenance, support and future product development of the BeyondTrust Auditor Product Line MIAMI (PRWEB) February 05, 2020 Cygna Labs announced today that...

True Scope of Crypto-Ransomware Attacks Remains Unknown (CryptoNewsZ) Companies’ reluctance to report attacks and the rise of RaaS tech means that the real extent of ransomware attacks remains unknown.

The 2020 State of Crypto Crime (Chainalysis) Everything you need to know about darknet markets, exchange hacks, money laundering and more

NZ Utility Responds to National Cybersecurity Concerns (Industry Update) New Zealand energy and telecoms giant Trustpower has responded to that nation’s new Voluntary Cyber Security Standards for Industrial Control Systems (VCSS-OCS) by deploying Nozomi Networks Guardian a

BitRaser SSD & Mobile Erasure Software Receives ADISA Certification (Benzinga) BitRaser SSD and Mobile erasure software has received certification from ADISA (Asset Disposal and Information Security Alliance), an...

Fortinet Announces the Most Affordable Secure SD-WAN Appliance with Flexible Deployment Options for SMB (Globe Newswire) FortiGate 40F Delivers High Security Compute Ratings and Accelerated Performance, Expands Family of SoC4 SD-WAN ASIC-powered FortiGate Appliances

Technologies, Techniques, and Standards

Cybersecurity 2020: What Estonia knows about thwarting Russians (The Christian Science Monitor) Estonia has become a model in foiling Russian hacking and disinformation. What could the Baltic state teach the U.S. about securing the 2020 election?

My First Joyride With SILENTTRINITY (Black Hills Information Security) Jordan Drysdale // TL;DR SILENTTRINITY (ST) made the news a few times in July 2019, and I wanted to see what all the fuss was about. This article has enough information to get ST installed, the teamserver operational, and a client connected to the teamserver. Once all that is out of the way, we’ll go …

CISA Partners with Cactus League for Tabletop Security Exercise to Protect Spring Training Fans (Homeland Security Today) Wednesday’s exercise was not in a response to any specific threat, but was part of an ongoing collaborative effort to ensure the safety and security of fans attending spring training.

How can we harness human bias to have a more positive impact on cybersecurity awareness? (Help Net Security) Dr. Jessica Barker, Co-CEO of Cygenta, talks about how organizations can have a positive impact on cybersecurity awareness.

In Wake of Azure Error, NSA Updates Cloud Security Guidance (Redmondmag) The biggest cloud security issue plaguing organizations is misconfigurations, according to the National Security Agency (NSA), which recently published a security report titled 'Mitigating Cloud Vulnerabilities.'

Security experts: Here’s how to prevent your company from getting hacked (HousingWire) As the Iowa caucus delays fully showed, relying on technology can be just as much of a negative as a positive. It was in that spirit that a panel of security experts told the crowd at the MBA's Independent Mortgage Bankers Conference in New Orleans that cybersecurity only works if the people using it are prepared and ready to face whatever challenges are throw their way.

Why Cybersecurity is Important for Small Businesses (JumpCloud) Prioritizing cybersecurity and implementing best practices can keep your business, customers, and data safe. Learn how JumpCloud can help.

Design and Innovation

Honware: IoT honeypot for detecting zero-day exploits (Help Net Security) Honware could help security researchers, IoT manufacturers with detecting zero-day exploits targeting internet-connected devices.

Legislation, Policy, and Regulation

Will Belarus Be the Next Ukraine? (Foreign Affairs) Why the brewing conflict between Moscow and Minsk is bad news.

Opinion | There Is a Better Alternative to Huawei (Wall Street Journal) ‘Network virtualization’ can help the U.S. and its allies resist Chinese telecom domination.

FBI Director Argues Private Companies Shouldn’t Decide Encryption Debate  (Nextgov.com) A key lawmaker questioned whether the Justice Department’s position is at odds with the Defense Department’s.

Child-Welfare Activists Attack Facebook Over Encryption Plans (New York Times) The social network is facing criticism for how encryption can allow child exploitation to flourish undetected on its services.

Come on, NSA, it’s time to join the fight against Windows hacking (Channel Asia) The agency needs to demonstrate that it has truly abandoned the practices that unleashed WannaCry on the world.

NIST Hires Symantec VP Jeff Greene to Lead NCCoE (MeriTalk) Jeff Greene, former vice president of global government affairs and policy at Symantec, began a new role as director of the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) on Feb. 3.

Litigation, Investigation, and Law Enforcement

Top U.S. officials to spotlight Chinese spy operations, pursuit of American secrets (Reuters) An aggressive campaign by American authorities to root out Chinese espionage ope...

WSJ News Exclusive | EU Deepens Antitrust Inquiry Into Facebook’s Data Practices (Wall Street Journal) Authorities have sought documents related to the social media company’s alleged efforts to identify and squash potential rivals, deepening an E.U. preliminary probe into Facebook, according to people familiar with the matter.

WSJ News Exclusive | Justice Department Ramps Up Google Probe, With Heavy Focus on Ad Tools (Wall Street Journal) In recent months, the department has been posing increasingly detailed questions—to Google’s rivals and executives inside the company itself—about how Google’s third-party advertising business interacts with publishers and advertisers.

Welfare surveillance system violates human rights, Dutch court rules (the Guardian) Government told to halt use of AI to detect fraud in decision hailed by privacy campaigners

Chinese telecoms giant Huawei sues Verizon for patent infringement (CNBC) Huawei claims it has been trying to negotiate royalty payments with Verizon "for a significant period of time" but were "unable to reach an agreement on license terms."

Bloody Trail? Chechen Blogger Is The Latest Kadyrov Critic To Die Abroad (RadioFreeEurope/RadioLiberty) A Chechen blogger was found dead with multiple stab wounds in a hotel in northern France last week. French police in Lille suspect a "political motive" in the killing of Imran Aliyev, the latest in a growing list of critics of Kremlin-backed Chechen leader Ramzan Kadyrov to have been killed or to have died abroad under suspicious circumstances. Here are some of the most prominent cases.

CIA hacker on trial for leaking data (Times) A former hacker for the CIA who is accused of betraying it by leaking a “catastrophic” amount of classified data has gone on trial in Manhattan. Joshua Schulte, 31, allegedly stole documents...

Joshua Schulte's attorney suggests Vault 7 leaks were due to the CIA's poor cybersecurity (CyberScoop) So many people had access to the computer network used by CIA software engineers that U.S. officials still don’t know who is actually behind the leak of the agency’s hacking tools, according to the defense attorney for an accused leaker.

Alleged CIA Leaker Joshua Schulte Was Made Scapegoat for Being 'a Pain in the Ass,' Defense Argues (Gizmodo) Defense lawyers for former CIA software engineer Joshua Adam Schulte say that the CIA and federal prosecutors don’t actually know for certain who was behind a 2017 leak of cyber espionage documents, let alone whether it was their client, the Wall Street Journal reported on Tuesday. Instead, they said he really pissed off the entire CIA, making him a natural scapegoat for their incompetence.

CIA worker: Massive 2017 leak ‘was crippling’ to the agency (Washington Post) A CIA computer engineer testified at the espionage trial of a former CIA employee on Wednesday that the 2017 leak of thousands of pages of documents “was crippling” to the agency and turned his office into an FBI crime scene.

The FBI Downloaded CIA's Hacking Tools Using Starbuck's WiFi (emptywheel) There are many interesting details about the FBI investigation into Joshua Schulte revealed by the details of how FBI obtained the Vault 7 files they submitted into evidence yesterday.

Convicted Norwegian spy: intel agencies are ‘amateurish’ (Washington Post) A retired Norwegian border inspector, who was convicted in Russia for spying and who was returned home last year in a spy swap, lashed out Wednesday at the Scandinavian country’s intelligence services for using local people, saying they are “amateurish.”

Maryland Court Finds Coverage for Lost Data and Slow Computers After Ransomware Attack (Lexology) As previously posted on our Hunton Insurance Recovery blog, a Maryland federal court awarded summary judgment to policyholder National Ink in…

Second lawsuit filed over DCH ransomware attack (Washington County News/Holmes County Times-Advertiser) Three more DCH patients have filed a federal class-action lawsuit against the healthcare system, saying the ransomware attack that crippled operations in

Autonomy founder Mike Lynch submits himself for arrest over US extradition warrant (Computing) Lynch’s lawyers said the British tech entrepreneur will continue to fight the fraud allegations against him

Clearview AI hit with cease-and-desist from Google, Facebook over facial recognition collection (CNET) In an interview with CBS This Morning, Clearview AI's founder says it's his right to collect photos for the facial recognition app.

Soldier’s court-martial reversed after judge had an ‘intimate’ relationship with a JAG’s wife (Army Times) Staff Sgt. Tony S. Springer was convicted in 2017, but during his trial, a precarious relationship was forming between the legal staff involved.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

CPX 360 Vienna (Vienna, Austria, February 4 - 6, 2020) At CPX 360, you’ll gain an in-depth understanding of today’s dynamic threat landscape and the emerging challenges within cyber security. Get a look at the next wave of Check Point innovation and discover...

Suits & Spooks, 10th Anniversary: Taking Ownership of the Future of our Security (Washington, DC, USA, February 6 - 7, 2020) Suits & Spooks DC is the only international security summit where the attendees and speakers engage in discussion and debate of cyber/physical security challenges over the course of two days. World-class...

Meeting To Discuss Insider Threat Detection On Computer Systems & Networks (Laurel, Maryland, USA, February 11, 2020) The National Insider Threat Special Interest Group will hold a meeting to discuss the findings of a workshop that was held in 2019. The workshop was done in partnership with the University of Maryland’s...

2020 OurCrowd Global Investor Summit (Jerusalem, Israel, February 11 - 13, 2020) We’re expanding the Summit to three days! Invite-only events will take place February 11-12, with Summit Day on February 13. Summit Week will be packed as ever, with corporate meet ups, VC forums, insider...

CyCon 3.0 (Sterling, Virginia, USA, February 15, 2020) Our 3rd Annual NOVA CyCon event in Loudoun has a full lineup of cybersecurity experts, speakers and federal contractors presenting on cutting-edge topics! Networking, free lunch and refreshments, door...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.