skip navigation

More signal. Less noise.

MVISION Insights: Move Beyond Intelligence to Insights that Empower You to Change Your Environment.

Harnessing the power of one billion threat sensors worldwide, McAfee designs security fueled by Insights. MVISION Insights enables you to move beyond intelligence and empowers you to change your environment. Identify with Machine Learning. Defend and correct with Deep Learning. Anticipate with Artificial Intelligence. Move your security out of reactive mode to a proactive posture. McAfee, the device-to-cloud cybersecurity company. Go to McAfee.com/insights to learn more.

Daily briefing.

Iran promised retaliation after a US airstrike in the outskirts of Baghdad early today killed Iranian Major General Qassem Soleimani, commander of the Islamic Revolutionary Guard's Quds Force. One of Soleimani's principal collaborators, Iraqi militia commander Abu Mahdi al-Muhandis, was also killed. Reuters cites US sources as saying the strike was intended to disrupt further plans by militia aligned with Iran to attack US targets, including the US embassy in Iraq. Iranian operations against US assets and interests have long been asymmetric and, despite recent rocket and mob attacks, are likely to remain so. Observers expect an increase in cyber conflict, and the Telegraph takes a look at the current state of Tehran’s capabilities.

Taiwan’s government has adopted a rumor-control program that appears to be enjoying some success, the Wall Street Journal reports, against Chinese disinformation campaigns mounted against the island republic’s elections.

Travelex, a major London-based international currency exchange, is still working to restore online services after finding what it called a “software virus” in its systems on New Year’s Eve. The exchange is still able to conduct in-person transactions manually, and it has reassured customers that no personal data were compromised.

Little new is known about the attack on RavnAir, but apparently maintenance software specific to the airline group's Dash 8 twin-turboprop aircraft was affected. It's publicly unknown how or why the incident occurred, but the Register quotes speculation that this may have been a ransomware attack.

British businesses feel the effects of California's CCPA, SC Magazine reports.

Notes.

Today's issue includes events affecting Canada, China, India, Iran, Israel, Liberia, Pakistan, Taiwan, United Arab Emirates, United Kingdom, United States.

Bring your own context.

Why do people swallow phishbait, hook line and sinker?

"Fear of missing out, anger, frustration - all of these triggers that are essential to an effective phishing email are the things that we see today. And so my focus has always been on cutting through the fog in the minds of the average employee to enable them to see a little bit more clearly the threats that surround them. But at the end of the day, it's about the emotional trigger and the sophistication of the data capture that happens after the trigger has been tripped.

"I'm generalizing here, right? So there are obviously a couple of different buckets that employees fall into. So I'm talking about, you know, the average person who's not intimately engaged with security as a profession. Those employees largely are completely unconcerned with security. And that's not a criticism. That's just the fact of life of an adult learner is that they're focused on a hierarchy of needs that relate to their personal situation, their immediate professional obligations. And everything after that, they struggle to find time for. And a lot of people see security as a field handled by others who are responsible for keeping them safe. And so their day-to-day view of the world is not focused on good security habits."

—Dennis Dillman, VP of security awareness at Barracuda Networks, on Hacking Humans, 1.2.20

People take the bait not because they're dumb or lazy. They take it because they have responsibilities other than security, and those responsibilities tend to be at the forefront of their mind. And they take the phishbait because, like the rest of us, they're human, all too human.

Aerospace news worthy of attention.

If you're interested in space and communications (technology, policy, business, and operations), take a look at Cosmic AES Signals & Space. Produced in partnership with the CyberWire, Signals & Space offers a monthly overview of news in this sector.

We incorrectly identified the North Korean threat group Microsoft callsThallium as APT31 yesterday. It should have been APT37. (APT31 is the Chinese threat group also known to Redmond as Zirconium.)

Simple, secure identity and access management for your business.

LastPass Identity provides simple control and visibility across every entry point to your business through single sign-on, password management and multi-factor authentication in one unified solution. LastPass Identity provides a holistic view of end user activity to simplify security for IT, all while delivering the passwordless login experience employees want. Start a free LastPass Identity trial today.

In today's Daily Podcast, we speak with our partners at the SANS Institute, as Johannes Ullrich discusses vulnerabilities in Citrix NetScaler installations. Our guest, Fortinet's Derek Manky, tells us what to expect in AI for 2020.

Cyber Attacks, Threats, and Vulnerabilities

Qasem Soleimani killing: Iran vows 'severe revenge' (BBC News) The latest reaction and analysis after one of the most powerful figures in Iran is killed by US forces in Iraq.

Iran promises to avenge U.S. killing of top Iranian commander Soleimani (Reuters) Iran promised harsh revenge after a U.S. air strike in Baghdad on Friday killed ...

Photos reveal damage to U.S. Embassy in Baghdad following attack by supporters of Iran-backed militia (Military Times) “The game has changed, and we’re prepared to do what is necessary to defend our personnel and our interests and our partners in the region.

Qassem Soleimani: What will revenge look like for Iran in wake of general's killing? (Sky News) Cyber attacks, missiles or further nuclear breaches: Iran will be considering its next actions after the US drone strike.

Qassim Soleimani: What are Iran’s cyber warfare capabilities? (The Telegraph) The assassination of Iranian General Qassim Soleimani by a US airstrike in the early hours of Friday morning is set to cause the greatest escalation of tensions in the Middle East for decades.

FPGA cards can be abused for faster and more reliable Rowhammer attacks (ZDNet) Researchers expand Rowhammer attacks to FPGA-CPU hybrid platforms.

Your smart TV is spying on you. Here are step-by-step instructions to stop it (USA TODAY) Smart TV sets have settings for adjusting your preferences. You can take control and tell the TV manufacturers not to sell your data.

Leveraging Disk Imaging Tools to Deliver RATs (Trustwave) This year we observed a notable uptick in disc imaging software (like .ISO) being used as a container for serving malware via email, with .ISO archives attributing to 6% of all malware attachment archives seen this year.

Travelex suspends services after malware attack (TechCrunch) Travelex, a major international foreign currency exchange, has confirmed it has suspended some services after it was hit by malware on December 31. The London-based company, which operates more than 1,500 stores globally, said it took systems offline “as a precautionary measure in order to pr…

New Year’s Eve malware attack strikes Travelex, services still offline (ZDNet) Customers are being told “planned maintenance" -- as well as malware -- has restricted currency ordering across UK services.

This page is currency unavailable... Travelex scrubs UK homepage, kills services, knackers other sites amid 'software virus' infection (Register) Systems still toast since NYE compromise, manual processing only

Oddly specific 'cyber attack' hits Alaskan airline RavnAir and one plane type (Register) Dash 8? More like dash for the maintenance hangar

Co-creator defends suspected UAE spying app called ToTok (Star Tribune) If the popular ToTok video and voice calling app is a spying tool of the United Arab Emirates, that's news to its co-creator.

Eye on Scams: Phishing Emails Target Shoppers with Post-Holiday Offer (KLFY) Con-artists are sending phony emails and texts that look like messages from major retailers instructing you to redeem reward points accrued during your holiday shopping. Here’s how the scam w…

New Mexico Hospital Finds Malware Infection on Digital Imaging Server (HealthITSecurity) This week's breach roundup is led by a malware infection on the digital imaging server of Roosevelt General Hospital in New Mexico, which potentially exposed the health data of 500 patients.

Pleasantville schools investigating cyber security incident (Press of Atlantic City) The Pleasantville School District is investigating a cyber security incident that occurred over the holiday break, school officials said Thursday.

Ransomware attack shuts down some Michigan schools (CBS News) U.S. faces an epidemic of cyberattacks in which hackers seize computer systems and demand payment.

Ransomware attack forces Richmond Schools to extend holiday break (WDIV) A suspected ransomware attack has forced Richmond Schools to cancel classes Thursday and Friday.

Ransomware attack hits City of Ingleside (KIII) Ransomware is a type of software that requires a victim to pay a ransom to access a file.

Police warn businesses to be vigilant after ransomware attacks (Braintree and Witham Times) Police are reminding companies in Essex to ensure staff are careful while checking their emails following a ransomware attack.

The Heritage Company still closed and fighting cyber attack (KLRT - FOX16.com) We have an update about the Heritage Company that closed just two days before Christmas without any notice to employees. Today, former employees were asked to call a hotline, which wo…

Starbucks Devs Leave API Key in GitHub Public Repo (BleepingComputer) One misstep from developers at Starbucks left exposed an API key that could be used by an attacker to access internal systems and manipulate the list of authorized users.

Cable Bahamas warns users of phishing scams (EyeWitness News) Cable Bahamas has warned of ongoing attempts by cyber criminals to obtain information from its customers in the form of “phishing”, a common online scam that tricks unsuspecting v…

Popular U.S. Restaurant Owner Hit by Credit Card Stealing Malware (BleepingComputer) Landry's, a U.S. restaurant chain and property owner has disclosed that they were infected with a point-of-sale (POS) malware that allowed attackers to steal customer's credit card information.

Poloniex resets customer passwords after alleged data leak that wasn't (SiliconANGLE) Poloniex resets customer passwords after alleged data leak that wasn't

Colorado municipality falls victim to Click2Gov software breach (The Daily Swig | Cybersecurity news and views) Third-party payment platform hit, again

'I don't think any of us are going to feel any real measure of security until we get out of this thing,' councilman says about cyberattack (WDSU) 'I don't think any of us are going to feel any real measure of security until we get out of this thing,' councilman says about cyberattack

Cyberattack update: New Orleans police, court systems to be restored by Monday, officials say (NOLA.com) Three weeks after City Hall computer systems were crippled by a cyberattack, New Orleans officials on Thursday offered their first timeline for restoring the systems, saying the city's Police Department

Ransomware Hackers Have Started Leaking City Of Pensacola Data (Forbes) Ransomware hackers stole multiple gigabytes of data during an attack earlier this month. Now they're publicly posting it.

Before Wawa found data breach exposing customers' credit and debit cards, Visa warned it could happen (Chicago Tribune) About a month before Wawa disclosed a data breach exposing customers' credit and debit card numbers, the nation's largest credit card network warned that

Security Patches, Mitigations, and Software Updates

[Update: Xiaomi issues statement] Google temporarily kills Mi Home integration with Assistant following creepy Xiaomi security camera bug (xda-developers) Following a security camera bug that displayed footage from a different home on a Nest Hub, Google has killed Xiaomi's Mi Home integration with Assistant.

Don't Xiaomi pics of other people's places! Chinese kitmaker fingers dodgy Boxing Day cache update after Google banishes it from Home (Register) Redditor finds security camera capturing stills from strangers' cribs

Cisco critical bugs: Nexus data center switch software needs patching now (ZDNet) Patch your Cisco Data Center Network Manager software now or uninstall it.

Chrome to show error codes, similar to Windows BSOD screens (ZDNet) Devs are working on adding error codes to the Chrome crash page to make debugging crashes easier.

Firefox will let users delete collected data thanks to California's new privacy law (CNET) Mozilla is making changes to its browser, and not just for users in California.

Cyber Trends

Ransomware may have cost the US more than $7.5 billion in 2019 (MIT Technology Review) It was another big year for ransomware, the extremely profitable style of cyberattack in which computer systems and data are taken over by hackers and held hostage until the victim hands over a payoff.In 2019, these attacks wreaked havoc around the globe, earned criminals vast sums, and even occasionally provided a weapon for government hackers.

7 security incidents that cost CISOs their jobs (CSO Online) Whether or not security executives lose their jobs in the wake of a major incident, security failure should be seen as a learning opportunity.

What's next for cybersecurity: five predictions for 2020 (Lexology) Big household names such as British Airways and Marriott have faced record fines from the Information Commissioner's Office (ICO) for data b…

How generations approach cybersecurity: It's not one-size fits all (Verdict) Managing people from different generations is not an easy task and this is particularly the case when you throw cybersecurity into the mix.

Marketplace

Dell puts RSA on the block (Blocks and Files) Dell Technologies has hired Morgan Stanley to sell its RSA security business, according to PE Hub. RSA supplies software to detect cyber-security risks such as fraud and malware. The business has more than 30,000 customers across the globe, generates $170m – $200m EBITDA and could fetch as much as $3bn, according to some estimates. Bloomberg …

A top Google exec pushed the company to commit to human rights. Then Google pushed him out, he says. (Washington Post) Google’s shifting moral calculus around China illustrates the tech giant’s transformation from an organization that portrayed itself as an exception to corporate norms into one driven by business imperatives and market opportunities.

Ousted Google human rights chief says it has lost its 'Don't be evil' mantra (The Telegraph) Google's ousted human rights chief has accused the company of ditching its "Don't be evil" mantra and has slammed it for racism, a poor human rights record and concerning relationships with China and Saudi Arabia.

AI Offers an Edge as Cybersecurity Sector Consolidates (Wall Street Journal) The cybersecurity-vendor sector is set to trim some of its fat in 2020, venture-capital executives say, and companies that weave sophisticated technologies such as AI into their products are the ones likely to succeed.

Products, Services, and Solutions

EXCLUSIVE: Free resource launched to teach infosec researchers a thing or two from the past (SC Magazine) In an exclusive interview with CTO at Octopi Managed Services, Ian Thornton-Trump, SC reports launch of The Octopi Hacking Archive, including1995 BBS files, provided free to aid understading of threat evolution.

CUJO AI to Showcase Lens, AI-powered Network Analytics Solution, and Participate in Privacy and Security Panel at CES 2020 (PR Newswire) CUJO AI, the global leader in the development and application of artificial intelligence to improve the security, control and privacy of...

PenTera Selected by Swedish Construction Group, Skanska, to Automate Cyber Security Validation (Yahoo) Pcysys has announced that Skanska, the leading global Project Management and Construction Group, has chosen Pcysys' Automated Penetration Testing platform, PenTera™, to automate its cyber security validation efforts.

Technologies, Techniques, and Standards

Insuring against cyber crime damage (Lancashire Business View) While you can certainly reduce your chances of falling victim to cyber crime by following the advice contained within this feature, no system is entirely secure.

The Paper Password Manager (Black Hills Information Security) Michael Allen // Every year around the holidays I end up having a conversation with at least one friend or family member about the importance of choosing unique passwords for each web site or service they use. Usually, it’s after they’ve received a phone or a camera or some other “smart” device for Christmas and …

Here Are the Threats Federal Network Defenders Need to Know (Nextgov.com) Some cyber criminals are going old school.

You’ve been hit by a data breach – now what? (TechRadar) What to do after a data breach

Design and Innovation

This $20 USB Cable Is A Dead Man’s Switch For Your Laptop (Forbes) This cheap "kill cord" can trigger a laptop to self-destruct if stolen by a snatch and grab thief. So, what's the catch?

Research and Development

Inside the race to quantum-proof our vital infrastructure (Computing) When quantum computers arrive the Web as we know it will break. We talk to scientists cryptographers and entrepreneurs working to ensure this does not happen.

Academia

Pre-empting cyberattacks: India’s first offensive cybersecurity program is here (News Minute) Bengaluru-based Jigsaw Academy has launched a new course in Cybersecurity in association with HackerU, world leader in Cybersecurity.

D214 teams earn top spots in state cyber security competition (Daily Herald) High School District 214 students continue to lead the way in cyber security competition, with a pair of D214 teams earning first and second place in state finals held Dec. 6.

Legislation, Policy, and Regulation

Iran Loses Its Indispensable Man (The Atlantic) The killing of Qassem Soleimani robs the regime of the central figure for its ambitions in the Middle East.

The Soleimani Assassination Is America’s Most Consequential Strike This Century (The Atlantic) The U.S. attack against the top Iranian general will have far greater repercussions than the killings of al-Qaeda and ISIS leaders.

Israel puts military on heightened alert after U.S. killing of Iranian commander (Reuters) Israel put its military on heightened alert on Friday and Prime Minister Benjami...

Taiwan Turns to Facebook and Viral Memes to Counter China’s Disinformation (Wall Street Journal) Taiwan is toughening laws, fostering memes and partnering with the likes of Facebook to fight back against China’s attempts to influence its coming election, which might be a test bed for a similar campaign aimed at the U.S. presidential election later this year.

Pakistan​'s ISPR recruits youth for cyber propaganda war on India (The New Indian Express) The ISPR has told these youths that they are fighting a narrative warfare with India and they are as important as soldiers.

U.S. legislation on spread of cyber tools passes after Reuters investigation (Reuters) Newly passed legislation will push the U.S. State Department to disclose how it ...

Opinion: Why Ottawa must say no to Huawei on building Canada’s 5G networks (The Globe and Mail) Without a hint of exaggeration, this decision will affect the future of every Canadian’s privacy.

California Adopts Strictest Privacy Law in US (Threatpost) On Wednesday California signed into law the strictest privacy law in the United States.

California's new consumer privacy law comes into effect this week (Computing) The landmark California Consumer Privacy Act offers Californians several basic rights

California's privacy act impacts UK companies as GDPR principles go global (SC Magazine) The California Consumer Privacy Act came into effect on 1 Jan, UK companies under ambit as countries around the world consider privacy rules in the wake of GDPR.

I helped draft California’s new privacy law. Here’s why it doesn’t go far enough (Fast Company) The California Consumer Privacy Act is the strictest privacy law in the country. But it is largely toothless and under threat by corporate lobbyists.

Oregon Requires Vendors to Report Data Breaches (Lexology) While much of the New Year attention has been focused on California due to the effective date of the California Consumer Privacy Act, a new Oregon…

Many agencies still not using FedRAMP for cloud providers, GAO says (Federal News Network) After several years, a consortium of agencies has been working on FedRAMP, a program to certify cybersecurity of cloud computing services providers.

Mumbai: State to get separate cyber crime portal (Free Press Journal) This portal will enable the citizens and netizens to have a direct communication when it comes to addressing a suspicious matter like a virus, trojan or malware.

Litigation, Investigation, and Law Enforcement

Cyber incidents at the Labor Dept. were poorly reported (Fifth Domain) An agency inspector general annual review of DoL cybersecurity practices found flaws in reporting personal info breaches.

Another Federal Employee Caught Watching Porn at Work (Nextgov.com) The employee admitted watching adult pornography at work but retired amid a government investigation.

Police Tracked a Terror Suspect—Until His Phone Went Dark After a Facebook Warning (Wall Street Journal) Facebook’s WhatsApp messaging tool in October notified some 1,400 users—among them a suspected terrorist—that their phones had been hacked by an “advanced cyber actor,” just as a surveillance team was using spyware to track the suspect.

Microsoft Targets North Korean Hackers in Domain Takedown (Decipher) Microsoft took over 50 domains used by threat actors known as Thallium, which the company says are operating from North Korea.

Microsoft helps shutter domains run by North Korean cybergang Thallium (SC Media) A U.S. district court issued an order enabling Microsoft to take over 50 domains used by a North Korea-based cybercrime gang to conduct spear phishing

TikTok claims zero takedown requests from China in first transparency report (The Verge) The highest number of requests came from India and the US

LifeLabs faces two class action lawsuits following data breach incident (Insurance Business) Lawsuits allege company was negligent in its data protection, as breach incident led to the leak of millions of customers' data

Kalispell hospital faces second lawsuit over data breach (Missoulian) Patients of Kalispell Regional Healthcare have leveled a second lawsuit against the northwest Montana healthcare provider, this time in U.S. District Court in Missoula.

DCH Health Faces Federal Lawsuit After 10-Day Ransomware Attack (HealthITSecurity) Alabama-based DCH Health System was hit with a federal class-action lawsuit, after a ransomware attack in October drove the hospitals to EHR downtime; non-critical patients were redirected.

Georgia Revives Patient Breach Lawsuit Against Athens Orthopedic (HealthITSecurity) A lawsuit against Athens Orthopedic Clinic following its 2016 hack and theft patient data has been revived by the Supreme Court of Georgia, arguing injury claimed by patients is cognizable.

FBI warns U.S. companies about Maze ransomware, appeals for victim data (CyberScoop) The FBI is warning U.S. companies about a series of recent ransomware attacks in which the perpetrator, sometimes posing as a government agency, steals data and then encrypts it to further extort victims.

Southwire Files Lawsuit Against Maze Ransomware For Disclosing Their Data (TechDator) Southwire, which was being hacked last month by Maze Ransomware group, was now sued for publicly disclosing a part of their stolen data on a website.

US Biz Wins Court Case Against Ransomware Data Thieves (Infosecurity Magazine) Southwire secures injunction after data is published online

Police Federation gets assurances officers' details in honours list data breach 'not compromised' (The Irish News) Almost 100 people from Northern Ireland were included in the new year’s honours list which is now the subject of an alleged data breach investigation.

His Epic Hack Paralyzed a Nation. He's About to Go Free (Newser) Daniel Kaye took down Liberia's internet as part of a corporate plot

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Women in Cybersecurity 2020 Conference (Denver, Colorado, USA, March 12 - 14, 2020) Each year, WiCyS holds an annual conference with local host college partners. The WiCyS Conference is an excellent opportunity for companies to connect with women students and candidates to recruit them...

Upcoming Events

CPX 360 Bangkok (Bangkok, Thailand, January 14 - 16, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable...

Cyber Security for Critical Assets, MENA 2020 (Dubai, United Arab Emirates, January 20 - 21, 2020) The 17th in a global series of Cyber Security for Critical Assets summits, #CS4CA MENA 2020 focuses on safeguarding the critical industries of the Middle East and Northern Africa from cyber threats. CS4CA...

SANS Cyber Threat Intelligence Summit (Arlington, Virginia, USA, January 20 - 21, 2020) The collection, classification, and exploitation of knowledge about adversaries - collectively known as cyber threat intelligence (CTI) - gives security practitioners information superiority that is used...

CPX 360 New Orleans (New Orleans, Lousiana, USA, January 27 - 29, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable...

SINET: Global Cybersecurity Innovation Summit (London, England, UK, January 30, 2020) Advancing global collaboration and innovation, SINET convenes a summit of international cybersecurity leaders at the British Museum. The conference will bring together innovators, investors, researchers,...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.