skip navigation

More signal. Less noise.

MVISION Insights: Move Beyond Intelligence to Insights that Empower You to Change Your Environment.

Harnessing the power of one billion threat sensors worldwide, McAfee designs security fueled by Insights. MVISION Insights enables you to move beyond intelligence and empowers you to change your environment. Identify with Machine Learning. Defend and correct with Deep Learning. Anticipate with Artificial Intelligence. Move your security out of reactive mode to a proactive posture. McAfee, the device-to-cloud cybersecurity company. Go to McAfee.com/insights to learn more.

Daily briefing.

CyberWire Pro, just around the corner.

We're pleased to announce our new subscription program, CyberWire Pro, is launching soon. For cyber security professionals and others who want to stay abreast of our rapidly evolving industry, CyberWire Pro is a premium news service that will save you time as it keeps you informed. Learn more and sign up to get launch updates here.

The news as it’s developed over the weekend centers on heightened tension between the US and Iran in the wake of attacks against US forces in Iran and the US retaliation that killed Iranian Major General Suleimani. Iran has promised retribution, and many believe that such retribution is likely to include a heavy cyber component. The Washington Post has a summary of such predictions, and Fifth Domain offers an account of what Iranian cyber campaigns might look like.

That’s also the official view of the US Department of Homeland Security. Cybersecurity and Infrastructure Security Agency Director Krebs tweeted a warning and a recommendation that enterprises brush up on Iranian cyber tactics, techniques, and procedures: “pay close attention to your critical systems, particularly ICS.”

A great deal of Twitter traffic associated with Tehran has organized itself around the pre-existing hashtags #HardRevenge and #DeathToAmerica, as CyberScoop, citing Atlantic Council studies, reports.

There’s also been one minor attack on a US Government website that would seem to represent the work of either Tehran’s operators or of patriotic hacktivists aligned with Iran. The website of the US Federal Depository Library Program was defaced with Iranian messaging, Forbes and others report. The Department of Homeland Security is investigating. The affected site was probably a target of opportunity, hacked because it was hackable.

The Wall Street Journal says that Britain’s GCHQ is investigating the possibility that a London Stock Exchange outage in August, regarded as an accidental glitch, may have in fact been a cyber attack.

Notes.

Today's issue includes events affecting Australia, Austria, Canada, China, Iraq, Iran, NATO/OTAN, Qatar, Russia, United Kingdom, United States.

Bring your own context.

Artificial intelligence and machine learning are things almost all security companies talk about. What's the current state of play, buzzwords aside?

"So backing up around two to five years ago in cybersecurity, most applications of AI have been antivirus-driven: machine learning models that have been put in place specifically to recognize malicious code patterns, to be able to recognize that, push out signatures to block those, right? That's been a traditional approach to AI. It's been a monolithic model, meaning that it's cloud-based. So it's basically one learning node where all the viruses will feed in. And you can, through that model, do the processing, and then push out some sort of decisive pattern to other organizations where those security appliances sit to be able to act on that."

So code-blocking and antivirus represent the first generation of AI. What about the second? 

"What I'm seeing is basically, the second generation is extended reach to those learning-modeled nodes. So instead of just having this monolithic brain, if you will, in the cloud that's doing all the processing and that's relying on everything to input into it, we're seeing now extended reach in the second generation of AI, which is a regional learning system, right? So you have - now you have - you're basically extending the same success that you've had from machine learning models of the cloud and putting them onto on premises - so regional sites, you know, different verticals, different environments, different nodes of inspection for traffic, different types of traffic. All of this now is entering into the second generation of AI, where those regional learning nodes extend into the cloud. So now they're also collecting data and feeding the cloud based off of its learned results, right? So then the cloud model can still take that extra input from these regional brains, do some additional processing and crunching, and then distribute that out to security appliances."

And a third generation? 

"In the future, I believe that we're going to get into this federated machine learning models, where you have different devices doing their own machine learning, but peer-to-peer, so talking to each other and being able to pass data so it's much quicker and then actually, you know, be able to act on that data. So it's like a regionalized response completely on premises, so more of a distributed AI as a system model. That's going to allow for a lot of fascinating cases, I think. Obviously, you'll have much quicker response, which is, by the way, incredibly important because I often talk about the weaponization of artificial intelligence, how attackers are going to be able to leverage AI to, you know, get in and out of networks much quicker."

—Derek Manky, chief of security insights and global threat alliances at Fortinet, on the CyberWire Daily Podcast, 1.3.20.

Interested in space and associated C4ISR news?

If you're interested in space and communications (technology, policy, business, and operations), take a look at Cosmic AES Signals & Space. Produced in partnership with the CyberWire, Signals & Space offers a monthly overview of news in this sector.

A Look Back at Cybersecurity In 2019

Each year, the cybersecurity industry is bombarded with threats to be concerned about. In the beginning of 2019, we heard about threats like artificial intelligence, machine learning, and ransomware attacks that would plague cyber professionals all year long. LookingGlass threat researchers want to look back at the trends that stood out to them, and which type of threats we can expect to see in 2020. Join us January 16 at 2pm ET for our webinar.

In today's Daily Podcast, out later this afternoon, we speak with our partners at the Johns Hopkins University Information Security Institute, as Joe Carrigan describes a clever defense against laptop theft.

RSAC 2020 (San Francisco, California, United States, February 24 - 28, 2020) Connect to the people and ideas that matter. To your growth. To your organization. At RSAC 2020, February 24 – 28, explore current and emerging trends, gain valuable skills and network with peers. Register today!

Cyber Attacks, Threats, and Vulnerabilities

'Serious cyber-attack' on Austrian government (BBC News) Foreign ministry officials believe another country may be responsible.

U.S. Companies Should Brace for Iranian Cyberattacks, Security Experts Warn (Barron's) U.S. policy leaves companies to fend for themselves against Iran's inevitable retaliation to Qassem Soleimani's death.

Analysis | The Cybersecurity 202: U.S. should brace for Iran to cross red lines in cyberspace, experts warn (Washington Post) "We're definitely in new territory," one security expert says after Soleimani's killing.

U.S. on Alert for Iranian Response, Either Direct Assaults or Cyberattacks (Wall Street Journal) American officials were on high alert about the potential for Iran to retaliate against domestic or allied interests after a U.S. strike killed an Iranian military leader.

‘They’re going to want bloodshed’: 5 ways Iran could retaliate in cyberspace (Fifth Domain) A combination of real-world and virtual actions are likely to follow in the aftermath of the U.S. killing of Qassem Soleimani, and experts warn that cyberattacks are likely to be the best-case scenario.

Iran Will Wage Insurgency in U.S. Cyberspace, VMware's Kellermann Says (Bloomberg) Tom Kellermann, VMware head of cybersecurity strategy, and Bloomberg's Kartikay Mehrotra discuss Iran's cyber capabilities amid possible retaliation for a U.S. airstrike that killed one of Iran’s most powerful generals. They speak with Bloomberg's Taylor Riggs on "Bloomberg Technology."

After Soleimani’s Killing, Will Iran Launch A Cyberattack Against The U.S.? (Forbes) Iran is already threatening to retaliate to the killing of general Qassem Soleimani. Could this action include cyber-attacks?

Iran strike puts U.S. cybersecurity experts on alert (NBC News) Iran is considered one of Washington’s primary adversaries in cyberspace, and has shown a willingness to go after government and civilian targets.

Iran’s retaliation could be hacking, not bombs (POLITICO) Tehran is widely considered to be one of the world’s most malicious online actors.

Pro-Soleimani messaging immediately floods Twitter following general's death in drone strike (CyberScoop) The U.S. drone strike that killed Iran’s top security and intelligence commander also triggered a wave of social media propaganda apparently meant to sway international opinion on an attack that represents a dramatic escalation in the conflict between Washington and Tehran.

Analysis: U.S. Killing Of Iran's Top General Risks 'Dangerous' Consequences (RadioFreeEurope/RadioLiberty) Analysts warn that the U.S. air strike that killed a top Iranian general threatens to trigger a wider conflict in the region.

DHS warns of potential Iranian attacks, updates terror advisory (CNN) The Department of Homeland Security on Saturday updated its terrorism threat advisory system following the US airstrike targeting a top Iranian general and is warning of the potential for Iranian cyber attacks.

DHS warns Iran retaliation could include cyberattacks (SC Media) Although it stressed there is no evidence of a specific credible threat to the U.S. after the killing Iranian General Qasem Soleimani, the Department of

DHS: Iran maintains a robust cyber program and can execute cyber-attacks against the US (ZDNet) US Department of Homeland Security issues terror alert about possible Iran-sponsored terrorist acts and cyber-attacks.

U.S. Government Issues Warning About Possible Iranian Cyberattacks (BleepingComputer) Christopher C. Krebs, Director of Cybersecurity and Infrastructure Security Agency issued a warning about a potential new wave of Iranian cyber-attacks targeting U.S. assets after Maj. Gen. Qassim Suleimani was killed by a U.S. airstrike at the Baghdad airport in Iraq.

DHS Releases NTAS Bulletin (CISA) Today, Acting Secretary of Homeland Security Chad Wolf reissued the NTAS bulletin pertaining to the terror threat to the U.S. homeland. Upfront, you should know that: “At this time there is no specific, credible threat against the homeland.” You can read the new, entire bulletin at National Terrorism Advisory System Bulletin - January 4, 2020.  

Iranian cyberattacks feared after killing of top general (Star Tribune) Iran's retaliation for the United States' targeted killing of its top general is likely to include cyberattacks, security experts warned Friday. Iran's state-backed hackers are already among the world's most aggressive and could inject malware that triggers major disruptions to the U.S. public and private sector.

After U.S. kills Iranian general, analysts warn of Tehran’s ability to retaliate in cyberspace (CyberScoop) After the U.S. military said it killed Qassem Soleimani, the chief of Iran’s Quds Force, in an airstrike early Friday in Baghdad, Iran’s supreme leader vowed to exact revenge on the United States.

Wall Street braces for cyberattacks from Iran (Crain's New York Business) In February 2014, Las Vegas Sands Corp.'s computers were attacked by Iranian hackers after the casino company’s CEO, Sheldon Adelson, suggested the U.S. attack Iran with a nuclear missile. Credit card, Social Security and drivers’ license data was compromised or stolen for people who…

Here's what a cyber attack by Iran might look like (Mother Jones) Experts warn that Iran might turn to its growing army of hackers.

Soleimani ‘Revenge’—This Is Why Iran’s Most Dangerous Cyber Weapons Will Stay Hidden (Forbes) Iran is likely to deploy cyber weapons as part of its retaliation for this week's U.S. attack—but that cyber response will not come in the way you might expect.

How Iran could retaliate around the world (euronews) Analysis: Iran has many weapons, from hackers to Hezbollah, and potential targets that range from embassies to individual U.S. citizens.

Iran’s Cyber Attack on Billionaire Adelson Provides Lesson on Strategy (Bloomberg) Digital warfare likely among Iran’s options for retribution. Cyberfeud between Iran and U.S. dates back more than a decade.

Cyber security after Soleimani assassination - FireEye (Trade Arabia) The US assassination of Qassem Soleimani has increased the likelihood that a decade of cyber-hostilities between the US and Iran could escalate into true cyberwarfare, said FireEye, a global cyber security solutions provider.

First Suleimani Attack By ‘Iranian’ Hackers Hits U.S., Exposing ‘Noisy’ New Threat (Forbes) The first U.S. government website has been hacked post the killing of Qassem Suleimani, exposing the true nature of the short-term threat

Potential cyberwar begins as Iran takes down US government website (SiliconANGLE) Potential cyberwar begins as Iran takes down US government website - SiliconANGLE

DHS monitoring apparent hack of government library program website (CNN) The Department of Homeland Security is monitoring the apparent hack of a government website, according to a senior administration official, who called it "defacement."

US government website hacked with pro-Iranian messages, image of bloodied Trump (USA TODAY) A federal website was taken down after a hacker posted pro-Iranian messages and an image of President Donald Trump being punched in the face.

Apparent Pro-Iran Hackers Deface Federal Library Program Site (NBC4 Washington) The website for a federal library program was hacked by an apparent pro-Iranian group late Saturday night, officials said. A spokesperson for the U.S. Government Publishing Office (GPO) said an intrusion was detected on the website for the Federal Depository Library Program and that the site was later taken down. There is no confirmation yet that Iranian state-sponsored actors were behind the hack, a Department of Homeland Security spokesperson said.

As Iran tensions escalate, officials urge NH to remain vigilant (UnionLeader.com) In a chilling reminder of the 9/11 era, state emergency officials are warning Granite Staters, “If you see something, say something.”

Artificial intelligence: China ‘uses Taiwan for target practice’ as it perfects cyber-warfare techniques (Times) China has already deployed its expertise in artificial intelligence to erect a surveillance state, power its economy and develop its military. Now Taiwan’s cyber-security chiefs have identified...

WSJ News Exclusive | U.K. Examines if Cyberattack Triggered London Stock Exchange Outage (Wall Street Journal) U.K. government agencies are examining whether a trading outage blamed on a software hiccup at the London Stock Exchange in August may actually have been caused by a cyberattack aimed at disrupting markets, according to people familiar with the matter.

Fresh Cambridge Analytica leak ‘shows global manipulation is out of control’ (the Guardian) Company’s work in 68 countries laid bare with release of more than 100,000 documents

Qatar Uses AJ+ To Meddle In Our Culture War. (Human Events) The emirate punishes homosexuality with death while funding “woke” outrage bait in America.

How Deepfakes Make Disinformation More Real Than Ever (Bloomberg) One video shows Barack Obama using an obscenity to refer to U.S. President Donald Trump. Another features a different former president, Richard Nixon, performing a comedy routine. But neither video is real...

Another Malicious Crypto Wallet App Stealing Private Keys and Data (Crowdfund Insider) Harry Denley, director of security at MyCrypto, 'an open-source...tool for generating ether wallets,' has warned the public about a malicious crypto wallet app called 'Shitcoin Wallet,' which, according to Zero Day, 'was caught injecting JavaScript code on web pages to steal passwords and private keys

Travelex ignored September warning over 'insecure' VPN server software (Computing) Travelex among a large number of organisations running vulnerable Pulse Secure VPN software

DeathRansom evolves from joke to actual ransomware (ZDNet) A highly active ransomware strain once considered a joke is now capable of encrypting files using a solid encryption scheme.

DeathRansom Ransomware Can Actually Encrypt Files Now (Fossbytes) DeathRansom ransomware was first reported in November 2019 but it was considered a joke until recently. According to cyber-security firm Fortinet [1,2], DeathRansom is now capable of encrypting files using a solid encryption scheme.

High-Impact Windows 10 Security Threat Revealed As App-Killing Malware Evolves (Forbes) This evolving Windows 10 malware threat will terminate applications ranging from Acrobat to Word

Clop Ransomware Evolves, Now can Terminate 663 Windows Processes (KoDDoS Blog) The ransomware threat, according to the FBI, has been upgraded by hackers to make it more difficult to detect but more effective in attack.

FBI Warns of Maze Ransomware Focusing on U.S. Companies (BleepingComputer) Organizations in the private sector received an alert from the F.B.I. about operators of the Maze ransomware focusing on companies in the U.S. to encrypt information on their systems after stealing it first.

Ransomware Attackers Offer Holiday Discounts (Avast) Some ransomware victims received holiday-themed ransom notes from their attackers, offering discounted rates for file decryptors.

School management software provider discloses severe security breach (ZDNet) Active Network discloses security incident that impacted school online stores built on the Blue Bear platform.

Search engine for Japanese sex hotels announces security breach (ZDNet) The 2010s decade ends with a major security breach at a search engine for finding love hotels across Japan.

Penn State community reminded to be on alert for phishing email scams (Penn State University) Penn State’s Office of Information Security has detected an increased volume of phishing email attacks against University employees in recent weeks. Specifically, attackers are sending emails that appear to be from Penn State users, primarily co-workers who are asking victims to purchase gift cards worth hundreds of dollars from places like Target, Amazon and Google Play with a promise that the employees will be reimbursed.

Christmas cyber attack spelled early holidays for council staff, nightmare for IT workers (ABC News) A council in Adelaide's south is up and running again after a cyber attack in December locked down its IT systems and forced staff to start holidays earlier than planned.

Contra Costa County Cyber Attack Snarls County Library Network (NBC Bay Area) It may take several days to recover from a ransomware attack that has shuttered the online network linking all branches Contra Costa County Library branches and the Martinez administrative offices, the system said Friday evening.

Cyber attack hits Enloe; patient records safe, officials say (Chico Enterprise-Record) Enloe Medical Center in Chico was attacked in a ransomware incident Thursday evening, according to a press release from the hospital.

Cyber-attack on Wallace State Community College delays start of classes (WAAY News) Spokeswoman Kristen Holmes confirmed the attack did not breach student or employee data.

Adam Sandler’s Twitter gets hacked, spews racist comments (Page Six) The hackers are likely the same group who targeted Mariah Carey.

Widespread fears of a new draft crashed the Selective Service website (Military Times) “Due to the spread of misinformation, our website is experiencing high traffic volumes at this time. If you are attempting to register or verify registration, please check back later today as we are working to resolve this issue. We appreciate your patience.”

Security Patches, Mitigations, and Software Updates

Smartphone Security Surprise As Samsung Shows Google How Android Updates Can Be Done (Forbes) You bought a Google Pixel smartphone partly because you know it means you will get Android security updates before anyone else. Right? You are in for a surprise then.

Microsoft Products Reaching End of Life in 2020 (BleepingComputer) Several major Microsoft products will reach their end of support during 2020, with Office 2010, Visual Studio 2010, Windows 7, Windows Server 2008 (including 2008R2), and multiple Windows 10 versions including 1803 and 1903 being some of the most important ones.

Cyber Trends

Five cyber risks that will define 2020 (Help Net Security) Only 26% of CISOs indicated that their company was ready to respond to a cyber threat. Here are five cyber risks that will endanger company data in 2020.

Security Think Tank: Let’s call time on inciting fear among users (ComputerWeekly) The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security?

Tomorrow is Good: The professor and the hacker (Innovation Origins) It was the day before Christmas when the professor's phone rang. The screen said "anonymous", with a small a. That could only mean one thing."Hacker!" said the professor."Professor!" replied the

Automotive cybersecurity incidents doubled in 2019, up 605% since 2016 (Help Net Security) Upstream Security introduces the key findings of automotive cybersecurity incidents, highlighting vulnerabilities and insights.

Marketplace

Contractors keeping close eye on aftermath of U.S. strike on Iranian leader (Washington Business Journal) Friday's airstrike sent ripples back to the D.C. government contractor community as it watches the Defense Department's response and works to secure its own personnel in the Middle East.

RSA Conference 2020 USA: What you can expect at this year's event (Help Net Security) Learn what to expect at RSAC 2020 in this feature interview with Britta Glade, Director of Content and Curation for RSA Conference.

BigID Starts 2020 with $50 Million in New Funding from Tiger Global (Yahoo) New Round To Further Accelerate Global Sales, Channel and Product Expansion

Email Security Company Mimecast Acquires Cybersecurity Company Segasec (CTECH) Segasec develops a cybersecurity service that protects website operators from consumer phishing scams

Snapchat quietly acquired AI Factory, the company behind its new Cameos feature, for $166M (TechCrunch) After acquiring Ukraine startup Looksery in 2015 to supercharge animated selfie lenses in Snapchat — arguably changing the filters game for all social video and photo apps — Snap has made another acquisition with roots in the country, co-founded by one of Looksery’s founders, to give a big bo…

Cyber Company Armis Is Negotiating Its Acquisition According to a Valuation of Approximately $1 Billion (CTECH) The potential buyer is a leading U.S. investment firm, according to two people familiar with the matter

Dell Selling RSA? ‘There May Be No Better Time’ (Channel Futures) According to PE Hub, Dell Technologies has hired Morgan Stanley to sell RSA for at least $3 billion. RSA has more than 30,000 customers globally, and its channel partners include VARs, distributors, systems integrators and consulting firms.

7 Industrial IoT Startups You Should Watch in 2020 (Thomas) It’s predicted that the IoT device market will reach $1.1 trillion by 2026, with more than 80% of industrial manufacturing companies either using or intending to use IoT devices.

Tech Moves: ExtraHop adds execs; Simply Measured co-founder returns to startups; and more (GeekWire) — Network security startup ExtraHop added two new executives ahead of a potential IPO in 2020. Sri Sundaralingam joined as vice president of product and solutions marketing. He previously held product…

Army chief censor in talks to join controversial Israeli cyber attack firm NSO group (Haaretz) The Israeli military’s chief censor, Brig. Gen. Ariella Ben-Avraham, is in the midst of negotiations to join cybertechnology firm NSO Group Technologies, which has recently been under scrutiny for its alleged role in persecuting human rights activists.

Tenable appoints Vice President of OT Security (Zawya) Longest-serving Director of ICS-CERT joins Tenable following its acquisition of industrial security leader Indegy

Products, Services, and Solutions

SilverSun Technologies Secures $1 Million Contract for Cybersecurity-as-a-Service Business (Globe) Dual-shore Security Operations Center Enters Agreement with Enterprise Financial Service Firm

HP’s New Elite Dragonfly laptop is all about security when working on the go (TechRadar) Digital nomads rejoice

Technologies, Techniques, and Standards

Modern security product certification best practices (Help Net Security) Here are five steps product managers and developers can take to manage the security product certification process a little more smoothly.

Design and Innovation

Why the U.S. Sent Librarians Undercover to Gather Intelligence During World War II (Time) The ordinary activities of librarianship—acquisition, cataloguing, and reproduction—became fraught with mystery

Legislation, Policy, and Regulation

NATO to hold urgent meeting on Monday over Iraq-Iran crisis (Reuters) NATO ambassadors will gather on Monday in Brussels for an urgent meeting convene...

Innocent Cyber Bystanders Entangled in an Act of War (International Policy Digest) The start of a new decade may usher in cyber warfare as the new normal in global combat.

A 'Forever War' With Iran Is Unlikely. But More Death and Violence Seems Inevitable (Time) Admiral James Stavridis breaks down what might happen next after Soleimani death

US on high alert for cyber-attack retaliation from Iran (Computing) Iran has pledged to take revenge for the assassination of Qassem Soleimani last week

Iran says its response to killing of revered Quds Force commander will be ‘against military sites' (Military Times) “[Trump] doesn’t know international law. He doesn’t recognize UN resolutions either. Basically he is a veritable gangster and a gambler. He is no politician he has no mental stability.

Iran withdraws from nuclear arms agreement (The Western Standard) Early Sunday morning, the United States announced it was suspending most operations against ISIS (Daesh).

Soleimani is dead, but the enemy still stands (TheHill) While Iran is likely to retaliate, Soleimani’s death comes at a vulnerable time as the regime fights economic collapse and popular rebellion.

Trump says Tweet serves as ‘notification’ to Congress that U.S. may 'quickly & fully strike back’ against Iran (Military Times) Trump’s assertion on Twitter Sunday that he can use social media to inform Congress of future military actions against Iran is likely to cause further tensions between lawmakers and the White House.

Trump says Iranian military leader was killed by drone strike ‘to stop a war,’ warns Iran not to retaliate (Washington Post) The death of Qasem Soleimani, a feared Iranian operator, put the region on edge.

Trump says there’s no intent to start a war with Iran. Here’s where things stand. (Military Times) Following the assassination of a top Iranian general, the U.S. military is waiting for Iran -- and Iraq's -- next moves.

Trump threatens Iran that US is targeting 52 sites if Tehran retaliates following death of Iranian general (Military Times) “Let this serve as a WARNING that if Iran strikes any Americans, or American assets, we have targeted 52 Iranian sites (representing the 52 American hostages taken by Iran many years ago), some at a very high level & important to Iran & the Iranian culture, and those targets, and Iran itself, WILL BE HIT VERY FAST AND VERY HARD. The USA wants no more threats!”

Trump doubles down on striking cultural sites in Iran (Elko Daily Free Press) President Donald Trump insisted Sunday that Iranian cultural sites were fair game for the U.S. military, dismissing concerns within his own administration that doing so could constitute

Trump’s Iran Policy Spirals Toward Control (Bloomberg Opinion via Yahoo News) The U.S. airstrike that killed Qassem Soleimani, head of Iran's Revolutionary Guard Quds Force, and Abu Mahdi al-Muhandis, a leader of Iranian-backed militias in Iraq, was not simply a sharp departure in the Trump administration’s policy toward Tehran. It also marks a larger

Petraeus Says Trump May Have Helped ‘Reestablish Deterrence’ by Killing Suleimani (Foreign Policy) The former U.S. commander and CIA director says Iran’s “very fragile” situation may limit its response.

Killing of Soleimani follows long push from Pompeo for aggressive action against Iran, but airstrike brings serious risks (Washington Post) The secretary of state began conversations with President Trump months ago about killing Iran’s top commander, but Trump at the time would not countenance such an operation, officials said.

Trump threatens sanctions if US troops exit Iraq (BBC News) The US president warns Iraq of sanctions "like they've never seen before" if US troops are expelled.

Will Russia Enforce Its New Internet Laws in 2020? (The Moscow Times) Legislation may be strict, but experts say it’s easy to circumvent.

When A Tech Company Engages In Severe Human Rights Violations (Forbes) In December 2019, several British politicians wrote to the UK Foreign Secretary to raise the issue of a Tech company, Huawei, allegedly engaging in severe human rights violations in China.

5G Is Where China and the West Finally Diverge (The Atlantic) The rollout of speedy new cellular networks is a geopolitical turning point, but neither Trump nor the public yet recognizes this.

Telecoms security bill may exclude Huawei from Estonian market, firm says (ERR) Chinese mobile phone giant Huawei has written to interior minister Mart Helme (EKRE) in opposition to a bill requiring greater security checks on its devices and software. The company says that the bill – which concerns all telecoms companies - does not constitute fair and transparent regulation and would in effect exclude it from the market.

FUREY: Banning Huawei could be a national unity moment for Canada (Toronto Sun) There’s an eerie scene in the new documentary American Factory that needs to be watched by any Canadian who is still on the fence about the Huawei question.The 2019 film now available on Netf…

FCC says it will accept comments until February 3 on Huawei, ZTE security risks (Reuters) The U.S. Federal Communications Commission (FCC) said on Friday it will accept p...

New Orleans to Boost Cyber Insurance to $10M Post-Ransomware (Dark Reading) Mayor LaToya Cantrell anticipates the recent cyberattack to exceed its current $3 million cyber insurance policy.

Indiana counties battle cyber attackers with help from state, feds (Indianapolis Business Journal) To fight cyberattacks, state and local government officials are taking a page from the enemy’s playbook by expanding protections against attacks from one entry point to thousands.

Litigation, Investigation, and Law Enforcement

Explainer: Inside the lawful killing of Qassim Suleimani (Navy Times) An Iranian general, the Japanese architect of the Pearl Harbor attack, Jimmy Carter and Donald Trump.

The killing of General Soleimani was lawful self-defense, not “assassination” (Lawfire) Today a news reporter asked whether the killing of General Qasem Soleimani, who led the Islamic Revolutionary Guard Corps-Quds Force (a U.S.-designated terrorist organization), amounted to “assassi…

The key word in U.S. justifications for the killing of Iranian general: ‘Imminent’ (Washington Post) The Trump administration says the killing of Qasem Soleimani stopped an imminent attack. But what does it mean by imminent?

Iran leader killed in strike linked to years of attacks, killing of more than 1,000 U.S. troops during Iraq War (Military Times) Qassem Soleimani led the Iran's effort to provide Iraq-based insurgents with powerful IEDs during the Iraq war.

A Chinese “tourist” accused of espionage is the latest example of a growing threat to US security (Quartz) It might have worked, if the FBI wasn't already watching.

Ninth Circuit Denies Malwarebytes' Petition for Rehearing - Court Rules Enigma Software can Proceed with its Lawsuit Against Malwarebytes for Anticompetitive Practices (PR Leap) Ninth Circuit rules against Malwarebytes in Enigma Software's lawsuit for claims of unfair trade practices. Ninth Circuit denies Malwarebytes petition for rehearing and orders that no further petitions will be entertained. Enigma Software is permitted to proceed with its lawsuit against Malwarebytes.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

CPX 360 Bangkok (Bangkok, Thailand, January 14 - 16, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable...

Cyber Security for Critical Assets, MENA 2020 (Dubai, United Arab Emirates, January 20 - 21, 2020) The 17th in a global series of Cyber Security for Critical Assets summits, #CS4CA MENA 2020 focuses on safeguarding the critical industries of the Middle East and Northern Africa from cyber threats. CS4CA...

SANS Cyber Threat Intelligence Summit (Arlington, Virginia, USA, January 20 - 21, 2020) The collection, classification, and exploitation of knowledge about adversaries - collectively known as cyber threat intelligence (CTI) - gives security practitioners information superiority that is used...

CPX 360 New Orleans (New Orleans, Lousiana, USA, January 27 - 29, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable...

SINET: Global Cybersecurity Innovation Summit (London, England, UK, January 30, 2020) Advancing global collaboration and innovation, SINET convenes a summit of international cybersecurity leaders at the British Museum. The conference will bring together innovators, investors, researchers,...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.