skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

Coming soon: CyberWire Pro.

Our new subscription program, CyberWire Pro, will launch soon. For cyber security professionals and others who want to stay abreast of our rapidly evolving industry, CyberWire Pro is a premium news service that will save you time and keep you informed. Learn more and sign up to get launch updates here.

The US FBI warned again of a heightened likelihood of Iranian cyberattacks, according to CyberScoop. The Bureau points to increased reconnaissance and scanning, but also notes, sensibly, that scanning from an Iranian IP address is not necessarily hostile, nor necessarily an indicator of an attack. The Bureau’s warning is consistent with conventional wisdom: a Washington Post poll of security industry leaders reports the same concerns.

Beyond last week's minor website defacements by sympathetic hacktivists, however, active attacks have yet to materialize. Forbes suggests that Iran is for the moment “on the back foot.” Protests in that country currently preoccupy its security forces, Reuters reports, with the immediate cause of the street demonstrations being the shootdown of Ukraine International Airlines Flight 752 on January 8th, for which Tehran acknowledged responsibility Saturday. The shootdown appears to have been a case of mistaken identity.

The most worrisome Iranian activity from the US point-of-view remains the password-spraying attempts against North American utility networks, on which Ars Technica has a brief update. The US Congress appears to be making heavy weather of rules of conflict in cyberspace. The Hill suggests that Congress is particularly concerned with determining what counts as an act of cyber war.

An eleventh-hour surge of Chinese propaganda and disinformation fell short of determining the results of Taiwan's presidential elections this Saturday. The New York Times reports that Tsai Ing-wen won reelection on the strength of support for continued independence, suggesting that Beijing's influence campaign (and the example of Hong Kong) backfired.

Notes.

Today's issue includes events affecting Australia, Belgium, Brunei, Canada, China, European Union, India, Iran, Iraq, Israel, Democratic Peoples Republic of Korea, Pakistan, Russia, Taiwan, United Kingdom, United States, and Vietnam.

Bring your own context.

Windows 7 reaches its end of life, for real, Wednesday. What should those still hanging onto it do?

"The most basic action you can take is to upgrade. If that's possible, it's highly recommended that you just upgrade. For Windows 7, that upgrade path would be to Windows 10. So for the desktop operating systems, if you're still on Windows 7 at home, you know that your organization is still using Windows 7, you want to look for that upgrade path to Windows 10. For Windows Server 2008, you're looking to upgrade to Server 2012 or hopefully 2016. Although we're seeing a lot of organizations, rather than upgrading in-house, just moving to cloud platforms for a lot of services, which puts, you know, the security question into somebody else's hands entirely, which is also a good path for upgrade."

Well, OK, fine, but aren't a lot of organizations still clinging to Windows 7, and for that matter, to Windows Server 2008?

"All over the place. By our estimates, at least a third of large organizations currently have some footprint of Windows 7 and Windows Server 2008 in those environments. We still see a lot of end users that are using them. People obviously don't like to upgrade. A lot of people, especially when it comes to technology, follow the principle, if it's not broke, don't fix it. And for Windows 7, Windows Server 2008, if it's still doing what you need it to do, then no one really has the impetus to upgrade."

—Karl Sigler, manager of SpiderLabs Threat Intelligence at TrustWave, on the CyberWire Daily Podcast, 1.9.20.

A thought: WannaCry appeared shortly after Windows XP reached its end of life. It's not unreasonable to think that something may hit Windows 7 and Windows Server 2008 in the not too distant future.

Georgetown University Part-Time Master's in Cybersecurity Risk Management

Looking to advance your cybersecurity career? Check out Georgetown University's graduate program in Cybersecurity Risk Management. Ideal for working professionals, our program offers flexible options to take classes online, on campus, or through a combination of both—so you don’t have to interrupt your career to earn your degree. You'll leave the program with the expertise you need to effectively manage risks and navigate today’s increasingly complex cyber threats. Learn more.

In today's Daily Podcast, out later this afternoon, we speak with our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin offers his take on a Washington Post story about college campuses gathering location data on their students.

Free Dragos Webinar: Introducing MITRE ATT&CK™ for ICS and Why it Matters (Online, January 14, 2020) Register today for the Jan. 14 webinar introducing the MITRE ATT&CK for ICS, a new framework that organizes and codifies the malicious threat behaviors affecting industrial control systems. Led by security experts from Dragos and MITRE, who worked together on the framework, you’ll find out how it works, why it was developed and when to apply it.

CyberTech Tel Aviv (Tel Aviv, Israel, January 28 - 30, 2020) Cybertech Tel Aviv is a 3-day event with 200+ organizations, 180+ speakers and 18,000+ attendees with a goal to create business and networking opportunities across borders. For 15% off, use code tcwtlv20dis on the registration page and enter the “Full-Pass" option. https://www.cybertechisrael.com/

RSAC 2020 (San Francisco, California, United States, February 24 - 28, 2020) Connect to the people and ideas that matter. To your growth. To your organization. At RSAC 2020, February 24 – 28, explore current and emerging trends, gain valuable skills and network with peers. Register today!

Cyber Attacks, Threats, and Vulnerabilities

Analysis | The Cybersecurity 202: Get ready for serious cyberattacks from Iran, experts say (Washington Post) Eighty-five percent of cybersecurity experts told us more Iranian hacks are on the way.

FBI says Iranian hackers have stepped up reconnaissance since Soleimani killing (CyberScoop) The FBI has told U.S. companies that Iranian hackers have stepped up their probing and reconnaissance activity in the days since the U.S. military killed Iranian Maj. Gen. Qassem Soleimani. In an advisory to industry this week obtained by CyberScoop, the FBI warned that Iranian hackers could target cleared defense contractors, government agencies, academia and nongovernmental organizations focused on Iran issues.

Iran’s ‘Critical’ Cyberattack Threat: This Is What Is Really Happening Right Now (Forbes) The media warnings are stark—is this now the calm before the cyber storm?

Iranian hackers have been “password spraying” the US grid (Ars Technica) State-sponsored group "Magnallium" has been probing US utilities for the past year.

Iran Cyber Targets Shifted to Civilian Organizations, Says Proofpoint (Bloomberg) Ryan Kalember, Proofpoint executive vice president of cybersecurity strategy, and Ron Gula, Gula Tech Adventures president, discuss the possibilities of a cyberattack by Iran on 'Bloomberg Technology

Colorado Could Be A Target Of Possible Cyberattacks By Iran (CBS Denver) History shows Iran’s strong cyber capabilities, including a strike that hit Colorado hard in 2018.

Is the Y2K bug alive after all? (Naked Security) One way to patch the millennium bug was to move it, rather than actually to fix it… are we looking at Y2.02K?

Hacker Group Lazarus Uses Fake Exchanges, Telegram Groups in Latest Malware Attacks (Bitcoin News) A new report shows that North Korea-linked Lazarus Group has adapted and evolved new techniques since initial attacks, and are using phony trading

One More Threat For Organizations – The Ako Ransomware (Latest Hacking News) Another ransomware has surfaced online, the Ako ransomware, which targets businesses as it steals data, encrypts it, and aims at infecting networks.

Ako Ransomware: Another Day, Another Infection Attacking Businesses (BleepingComputer) Like moths to a flame, new ransomware targeting businesses keep appearing every day as their enticed by the prospects of million-dollar ransom payments. An example of this is a new ransomware called Ako that is targeting the entire network rather than just individual workstations.

SNAKE Ransomware – A New Threat For Businesses In Town (Latest Hacking News) A new ransomware SNAKE targets entire networks instead of single devices for ransom. Besides encryption, the ransomware also kills several system processes.

Continued Exploitation of Pulse Secure VPN Vulnerability (CISA) Unpatched Pulse Secure VPN servers continue to be an attractive target for malicious actors. Affected organizations that have not applied the software patch to fix a remote code execution (RCE) vulnerability, known as CVE-2019-11510, can become compromised in an attack. [1]

US Govt Warns of Attacks on Unpatched Pulse VPN Servers (BleepingComputer) The US Cybersecurity and Infrastructure Security Agency (CISA) today alerted organizations to patch their Pulse Secure VPN servers as a defense against ongoing attacks trying to exploit a known remote code execution (RCE) vulnerability.

PayPal Confirms ‘High-Severity’ Password Security Vulnerability (Forbes) PayPal has confirmed that a researcher found a high-severity security vulnerability that could expose user passwords to an attacker.

Hackers Are Breaking Directly Into Telecom Companies to Take Over Customer Phone Numbers (Vice) SIM swappers have escalated from bribing employees to using remote desktop software to get direct access to internal T-Mobile, AT&T, and Sprint tools.

Academic research finds five US telcos vulnerable to SIM swapping attacks (ZDNet) Researchers find that 17 of 140 major online services are vulnerable to SIM swapping attacks.

‘Shopper’ Malware Affects Over 14% of Indian Smartphone Users With Fake Reviews (Inc42 Media) Kaspersky revealed that a new Trojan malware application called ‘Shopper’ has infected more than 14.23% Indian users.

A billion medical images exposed, but doctors ignore warnings (TechCrunch) Despite warnings from security researchers, the number of exposed images has risen.

Your Medical Images May be Floating Around the Internet. That Could Be Life-Threatening. (The Mighty) Medical images from people with chronic illness are like gold to cybercriminals.

Hackers use system weakness to rattle doors on Citrix systems (Naked Security) Attackers are using a serious bug in Citrix products to scan the internet for weaknesses, according to experts.

Proof-of-concept code published for Citrix bug as attacks intensify (ZDNet) Two Citrix bug (CVE-2019-19781) exploits have been published on GitHub yesterday, making future attacks trivial for most hackers.

Maze Ransomware Publishes 14GB of Stolen Southwire Files (BleepingComputer) The Maze Ransomware operators have released an additional 14GB of files that they claim were stolen from one of their victims for not paying a ransomware demand.

Australia Bushfire Donors Affected by Credit Card Skimming Attack (BleepingComputer) Attackers have compromised a website collecting donations for the victims of the Australia bushfires and injected a malicious script that steals the payment information of the donors.

Beware of the Latest Binance Phishing Email (The Merkle Hash) Binance is the largest crypto trading platform in the world.That also means it is home to a lot of novice users unfamiliar with potential scams.

M&T Bank warns of texting scam (WSYR) M&T Bank is warning people of a scam involving text messages claiming to be the bank. On its website, M&T says: “We recently learned of a scam involvi…

Wirex Users are Being Targeted by a new Phishing Email (CryptoMode) The link in the email has nothing to do with the Wirex domain.As is common with phishing emails, culprits hope to collect user information.

Office 365 users: Beware of phishing emails pointing to Office Sway (Help Net Security) Office 365 users are being directed to phishing pages hosted on Office Sway, a web application for content creation that's part of Microsoft Office.

Hackers are now using fake Netflix, Microsoft Office 365 emails to access user accounts (International Business Times, Singapore Edition) Hackers are sending out fraudulent Netflix and Microsoft Office 365 emails to victims to lure them into clicking fake links and harvest their credentials and personal information

Skype audio graded by workers in China with 'no security measures' (the Guardian) Exclusive: former Microsoft contractor says he was emailed login after minimal vetting

Christmas Day Cyber Attack Does Not Impact Airport Operations (Aviation Pros) The Albany County Airport Authority announced it had been the subject of a Christmas Day cyber attack that impacted Authority administrative computer servers but that it did not impact airport operations.

Eugene-Springfield have dodged cyber attacks so far, but threats are on the rise across the country (The Register-Guard) Though they're relatively small cities, Eugene and Springfield may soon have the kind of worldwide visibility which could make them a target for cyber

Woman says Amazon's Alexa told her to stab herself in the heart for "the greater good" (Newsweek) While studying for an exam, a U.K. woman claimed that her Amazon Echo gave her a disturbing message, advising her to kill herself.

Not All Cyber Threats Are Equally Worrisome (But They All Pose Consequences) (EfficientGov) Practically speaking, there's a big difference between scanning a network for vulnerabilities and actually breaking into it and extracting sensitive information. But that doesn't mean these efforts don't undermine the public's trust.

Travelex restoring some electronic services after cyber attack (Reuters) Travelex is restoring operations to process foreign exchange orders electronical...

Security Patches, Mitigations, and Software Updates

January 2020 Patch Tuesday forecast: Let's start the new decade right (Help Net Security) With a light January 2020 Patch Tuesday forecast, give some thought to starting the decade right! Simple updates may be coming, but take care of them.

Microsoft Enables Security Defaults in Azure Active Directory (BleepingComputer) Microsoft introduced new secure default settings dubbed 'Security Defaults' to Azure Active Directory (Azure AD), now available for all license levels, including trial tenants.

GCHQ warns not to use Windows 7 computers for banking or email after Tuesday (The Telegraph) GCHQ has warned people not to do internet banking or use emails from computers with Windows 7 from Tuesday, when Microsoft will end support for the software.

Am I Screwed If I Don't Upgrade Windows 7 by January 15? (Lifehacker) Deadlines are scary. I know. And Microsoft has thrown Windows 7 users a big one: Update to a more modern operating system by January 15, 2020, or you’ll never receive security updates ever again. Eventually, Microsoft will even start disabling key Windows 7 services—like Internet Backgammon and Internet Checkers—throughout the year.

Cyber Trends

Cybersecurity 2020: The Danger of Ransomware (TechNewsWorld Headlines) Ransomware tops the list of cybersecurity threats for 2020. While there have been efforts to convince individuals, corporations and municipalities not to pay ransoms, the simple fact is that whenever one is paid, the attack becomes a success that encourages cyberthieves to try again. Ransomware attacks increased 18 percent in 2019, up from an average 12 percent increase over the past five years.

Is ransomware dying, or merely hibernating? (Gigabit Magazine) Today, as data becomes an increasingly valuable commodity for businesses, ransomware is re-emerging to target those businesses that rely on data

DeepCode reveals the top security issues plaguing software developers (SD Times) DeepCode report: file I/O corruption is biggest general issue while missing input data sanitization top vulnerability

Insurance Journal's Top 10 Cyber Insurance Stories of 2019 (Insurance Journal) An A.M. Best report released in June gave a comprehensive look at the state of the cyber insurance market for 2018, the most recent year data was

Cyberfraud and the growing threat of organized retail crime (TechGenix) Cyberfraud perpetrated by organized retail crime costs businesses an eye-popping $30 billion each year. Can anything be done about it?

Cyber attacks cost Vietnam US$902 million in 2019 (SGGP English Edition) The total number of computers in Vietnam infected by various kinds of virus last year came to 85.2 million, an increase of 3.5 percent compared to 2018. It is predicted that in 2020, IoT devices like routers, Wi-Fi terminals, monitoring cameras, and terminal equipment will be the hot targets of these attacks.

Marketplace

Identifying opportunities in today’s saturated cybersecurity market (TechCrunch) Yoav Leitersdorf is the founder of YL Ventures, a 12-year-old, Mill Valley, California.-based seed-stage venture firm that invests narrowly in Israeli cybersecurity startups and closed its fourth fund with $120 million in capital commitments last summer — a vehicle that brings the capital it now ma…

Corporations Outside of Tech Ramp Up Venture Investing (Wall Street Journal) Large technology companies have long maintained startup-investment programs, but now corporations across many non-tech industries are plowing more money into startups.

Companies: Lean into consumer privacy to win (Help Net Security) The advent of the CCPA and other similar regulations marks a sea change in how companies need to manage data and consumer privacy.

At CES, companies slowly start to realize that privacy matters (TechCrunch) Every year, Consumer Electronics Show attendees receive a branded backpack, but this year’s edition was special; made out of transparent plastic, the bag’s contents were visible without the wearer needing to unzip. It isn’t just a fashion decision. Over the years, security has become more int…

How Defense Contractors Should Prepare for a Cyber Proxy War With Iran (ClearanceJobs) ClearanceJobs is your best resource for news and information on security-cleared jobs and professionals. Learn more with our article, "How Defense Contractors Should Prepare for a Cyber Proxy War With Iran ".

MTS Advantage Wins Potential $100M Navy Cybersecurity Test Support IDIQ (GovCon Wire) MTS Advantage, a joint venture between Millennium Corp. and TIME Systems, has won a potential $99.9M

Deloitte’s $137 Million Cybersecurity Award Withstands Challenge (Bloomberg Law) Deloitte Consulting LLP will provide information technology services under a $137 million blanket purchase agreement with the U.S. Department of Labor, the GAO said.

Tesla is challenging hackers to crack its car, and it is putting ~$1 million on the line - Electrek (Electrek) Tesla has been investing more in its cybersecurity over the last few years, and now it is returning to Pwn2Own to challenge hackers to crack its cars with ~$1 million on the line and a few Model 3 vehicles. Last year, Tesla went to Vancouver for Pwn2Own, which is a hacking competition run by Trend …

Facebook's PR feels broken (Margins) Facebook’s communications operation has begun to feel like its completely broken down over the past few days.

Paging Dr. Google: How the Tech Giant Is Laying Claim to Health Data (WSJ) Google has been pushing into health care, striking deals that grant it access to millions of patient records. The challenge: convincing the public that it can be trusted with our most personal information.

Israeli spyware company accused of hacking activists hires lobby firm (Al-Monitor) Q Cyber Technologies has been sued by Facebook and WhatsApp and is accused of helping Saudi Arabia spy on murdered journalist Jamal Khashoggi.

Netskope opens new data center in Johannesburg, South Africa (Help Net Security) Netskope, the leader in cloud security, has announced the opening of a dedicated data centre in Johannesburg, South Africa.

Alphabet’s Controversial Chief Legal Officer, David Drummond, Leaves Company (Forbes) David Drummond, Alphabet’s controversial chief legal officer who was being investigated as part of a probe into the company's handling of sexual misconduct, is leaving the company, effective January 31.

Ori Bach Appointed as TrapX's Chief Executive Officer (CIO Applications) A pioneer in cyber deception technology has appointed Ori Bach as its new Chief Executive...

Products, Services, and Solutions

New infosec products of the week: January 10, 2020 (Help Net Security) New infosec products of the week feature: Cloudflare, Avira, TP-LINK, Arlo Technologies, Ambarella, ON Semiconductor, Fingerprint Cards.

Technologies, Techniques, and Standards

Cybercriminals: Things are about to get a lot more confusing for you (Techxplore) There are three boxes on a table. Two are made of cardboard and sealed with packaging tape. The third is made of steel with a series of locks blocking entry. Obviously, you think, as an imaginary criminal, the goods are in the steel box. After successfully picking the locks, you realize there's nothing inside. As you stare into the empty box, authorities grab your arms from behind and, all of a sudden, you're in handcuffs.

China Isn’t the Only Problem With 5G (Foreign Policy) The network has plenty of other security weaknesses, including ones the United States doesn’t want to fix since they help its own surveillance efforts.

Why outsourcing your DPO role is an effective insurance policy (Help Net Security) A consultant or outsourced DPO role can provide a cost-effective way to fill a very important gap for most organizations dealing with personal data.

Research and Development

Welcome to Dominic Cummings’ dream factory, where failure can pave the way to success (The Telegraph) The grand vizier of Vote Leave is setting his sights on a much bigger goal

Academia

Canadian university must thread needle between the US and Huawei (Inkstone) Huawei has invested millions of dollars into research projects at the University of British Columbia. For the researchers who have accepted that money, they are worried that their work could be put at risk by the tensions between the US and China. 

CyberUp to launch youth hacking competition pilot in 2020 (CyberUp) CyberUp and Cyber Skyline partner for middle and high school cyber competition initiative

Building a base of cybersecurity experts in Indiana (WISHTV.com) With a growing risk of cybersecurity threats, Vincennes University and Fishers-based Eleven Fifty Academy hope to address a growing need for cybersecurity talent. The two organizations have announced a joint effort to develop the talent base in Indiana. “There is a great

Legislation, Policy, and Regulation

Hezbollah: It's time for Iran's allies to start working to avenge Soleimani (Reuters) Lebanon's Hezbollah said on Sunday it was time for Iran's allies to be...

Swiss Back Channel Helped Defuse U.S.-Iran Crisis (Wall Street Journal) Hours after a U.S. strike killed Iranian Maj. Gen. Qassem Soleimani, the Trump administration sent an urgent back channel message to Tehran: Don’t escalate.

British ambassador Robert Macaire arrested in Iran accused of inciting protests (Mirror) Tasnim News Agency reports that the 53-year-old diplomat was arrested for several hours accused of inciting protesters at Amir Akabir University

Iranians protest shot down plane; Iraqi soldiers wounded in rocket attack (WWNY TV) Iranian authorities admitted to accidentally shooting the plane down in the face of mounting evidence and accusations by Western leaders.

Video: Iran police shoot at those protesting plane shootdown (AP via 13 WTHR Indianapolis) Iranian security forces fired both live ammunition and tear gas to disperse demonstrators protesting against the Islamic Republic's initial denial that it shot down a Ukrainian jetliner, online videos purported to show Monday.

Iran protesters take to the streets in third day of demos over plane (Reuters) Protesters took to the streets of Iran for a third day on Monday, expressing out...

Defying police, Iranians protest over plane shootdown (Navy Times) Videos posted online showed protesters shouting anti-government slogans and moving through subway stations and sidewalks, many around Azadi, or Freedom, Square after an earlier call for people to demonstrate there.

Esper Says He Saw No Evidence Iran Targeted 4 Embassies, as Story Shifts Again (New York Times) The disparity between the defense secretary and President Trump added another twist to an ever-evolving explanation for a strike on an Iranian general that led to the brink of war.

Esper says he never saw evidence of threat against four US embassies (Military Times) Defense Secretary Mark Esper says he shares the president's opinion.

Israeli intel helped the US assassinate Soleimani – report (Jerusalem Post) Yisrael Beytenu head Avigdor Liberman said that the report was based on Israeli sources, which was a poor judgement.

US Scanning Cyberspace for Signs of Iranian Aggression (Voice of America) U.S. government officials are watching and waiting, with many believing it is only a matter of time before Iran lashes out in cyberspace for the U.S. drone strike that killed Quds Force commander Qassem Soleimani last week.

Trump Administration Expands Iran Sanctions (Wall Street Journal) The Trump administration expanded its sanctions campaign against Iran on Friday, as Washington’s chief diplomat said the U.S. would have been negligent not to kill a top Iranian general given what he described as intelligence of an imminent threat against Americans.

New Sanctions Power Could Squeeze Remaining Iranian Trade Channels (Wall Street Journal) Fresh sanction powers authorized by President Trump against Iran could squeeze the remaining trade and finance channels keeping the Iranian economy on life support by threatening those companies still doing business with the country.

Expect the US-Iran conflict to continue to play out in cyberspace (Boston Globe) Iran’s cyber operators appear to have the ability to potentially disrupt US energy, transportation, and water systems.

No immediate cyberthreat seen over Soleimani killing (SC Media) The most recent military portion or the United States’ on-going confrontation with Iran appears to be completed, but chatter is being detected among Iran’s supporters indicating anger over recent events, but none indicate an immediate threat.

On the day U.S. forces killed Soleimani, they targeted a senior Iranian official in Yemen (Washington Post) The mission may indicate that the killing of Soleimani was part of a broader U.S. operation to deal a major blow to Iran’s Islamic Revolutionary Guard Corps.

Seven Days in January: How Trump Pushed U.S. and Iran to the Brink of War (New York Times) The story of that week, and the secret planning in the months preceding it, ranks as the most perilous chapter so far in President Trump’s three years in office.

Congress struggles on rules for cyber warfare with Iran (TheHill) The U.S. and Iran may have walked back from the brink of war, but the potential for a cyber battle looms with no clear rules of engagement.

WSJ News Exclusive | U.S. Warns Iraq It Risks Losing Access to Key Bank Account if Troops Told to Leave (Wall Street Journal) The State Department warned that the U.S. could shut down Iraq’s access to the country’s central bank account held at the Federal Reserve Bank of New York, a move that could jolt Iraq’s already shaky economy, Iraqi officials said.

Cyber Cold War: U.S. Military Targeting Russian Data as 2020 Presidential Election Beckons (CCN.com) The U.S. military is developing tools for hacking the data of Russian elites, in a bid to prevent interference in the presidential election.

'There are no takers for your malware': India blasts Pakistan at UN debate (WION) "There are no takers for your malware" were the words of Indian ambassador to the United Nations as he gave a befitting reply to Pakistan after the country raised the issue of Kashmir yet again. 

In Blow to Beijing, Taiwan Re-elects Tsai Ing-wen as President (New York Times) The victory was a remarkable comeback for Ms. Tsai and suggested that Beijing’s pressure campaign had backfired.

Taiwan’s War on Fake News Is Hitting the Wrong Targets (Foreign Policy) The fight on Chinese disinformation has become dangerously partisan.

Taiwan’s president is battling a deluge of election-linked homophobic fake news (Quartz) Months after her government legalized gay marriage, opponents of Tsai Ing-wen are spreading anti-LGBT misinformation to derail her bid for re-election.

Belgian security services seek stricter 5G protections amid Huawei fears (South China Morning Post) The US has already excluded the Chinese telecoms giant from its network and European countries are now debating whether to follow suit.

Huawei Exec Accuses Trump Officials Of ‘Ridiculous’ Falsehoods As Tough New Ban Proposed (Forbes) Huawei security chief's claims come as a proposed new bill threatens 'consequences' for U.S. allies buying Huawei.

U.S. officials to visit Britain, pushing for Huawei 5G ban (Reuters) A delegation of U.S. officials will arrive in Britain on Monday to try to persua...

MI5 chief dismisses US intelligence-sharing fears over Huawei (Hampshire Chronicle) Sir Andrew Parker says no reason to think intelligence relationships will suffer if Chinese tech giant is given role in UK 5G network.

US Pressures UK on Final Huawei Decision (Infosecurity Magazine) New bill threatens to withdraw intel-sharing with allies

New Cybersecurity Rules Give Regime Control of Data Outside China (Epoch Times) The U.S. government is “very concerned” about China’s new cybersecurity measures that put American companies at risk of losing sensitive data.

Pentagon gets ‘big win’ on cyber forces (Fifth Domain) The Department of Defense has officially defined certain work roles and metrics for its cyber teams.

ODNI, NSA Working on Unclassified Cyber Reporting (MeriTalk) The Office of the Director of National Intelligence (ODNI) and the National Security Agency (NSA) are both working on less classified methods of cyberthreat information sharing, according to two officials at a FedInsider webinar on Jan. 9.

Competition chief hits out over big tech break-up call (The Telegraph) America’s top competition watchdog has defended the Silicon Valley tech titans from global calls for a crackdown, saying “we don’t break companies up just because they are big”.

Pan-India cyber security grid needed (Deccan Chronicle) As per NCRB, India is 3rd most cyber attack-prone country.

National cyber security agency to be formed, says MTIC minister (The Scoop) The government will establish a national cyber security agency and is currently drafting new cyber security laws, the minister of Transport and Infocommunications has revealed.

Bloomberg releases plan to shore up voting rights, election security (TheHill) Former New York City Mayor Mike Bloomberg on Friday released a plan to boost voting rights and election security, becoming the latest 2020 presidential candidate to address how votes are counted.

Litigation, Investigation, and Law Enforcement

After Soleimani’s death, Instagram shuts down Iranian accounts (Coda Story) Iranian Instagram users have had their accounts deleted and deactivated after posting their opinions about the death of Qassem Soleimani.

Iran Invites NTSB, Boeing to Participate in Ukrainian Plane Crash Investigation (Voice of America) Iran has invited the National Transportation Safety Board, the U.S. accident investigation agency, to participate in the probe of the Ukrainian Boeing commercial jetliner that crashed near Tehran earlier this week.

Iran admits to shooting down Ukrainian passenger jet because of ‘human error’ (Washington Post) The passenger plane turned toward a sensitive military site belonging to Iran’s Revolutionary Guard at an altitude that made it appear to be a hostile aircraft, Iran’s military said in a statement.

Iran's likely downing of airliner invokes an uncomfortable past (TheHill) The Iranians are about to have their own Vincennes moment, and they’re not going to like it.

Asia Times | Iran keeps concocting fake news on downed jet | Opinion (Asia Times) It’s extremely unlikely the missile operator had only ‘six seconds’ to make launch decision

F.B.I. Apologizes to Court for Botching Surveillance of Trump Adviser, and Pledges Fixes (New York Times) In a rare public filing, the bureau said it would extend wiretap changes to other tools for collecting data on suspected spies and terrorists.

FBI to follow FISA court recommendations on wiretapping (ABC 33|40) In the wake of its surveillance abuse scandal, the FBI has said it will follow recommendations made by the Foreign Intelligence Surveillance Act (FISA) court. That’s the court that approves government wiretaps on U.S. citizens.

More than a dozen Saudi servicemen to be expelled from US after review of December shooting at Naval Air Station (CNN) More than a dozen Saudi servicemen training at US military installations will be expelled from the United States after a review that followed the deadly shooting last month at a Naval Air Station in Pensacola, Florida, multiple sources told CNN.

Against all evidence, debunked Ukraine theory endures (AP via the Star Tribune) With President Donald Trump's impeachment trial set to begin in the Senate, some Republican allies continue to promote a discredited theory that accuses Ukraine of interfering in the 2016 U.S. election to keep him from winning.

Cookie consent tools are being used to undermine EU privacy rules, study suggests (TechCrunch) Most cookie consent pop-ups served to internet users in the European Union — ostensibly seeking permission to track people’s web activity — are likely to be flouting regional privacy laws, a new study by researchers at MIT, UCL and Aarhus University suggests. “The results of…

FBI investigating after Manor ISD loses $2.3M in phishing email scam (KEYE) Manor ISD is facing a loss of $2. 3 million after police say the district fell victim to an email phishing scam. Detective Anne Lopez with the Manor Police Department says three separate fraudulent transactions happened in November.

A Texas school district lost $2.3 million in a phishing email scam, police say (CNN) Texas authorities and the FBI are investigating after the Manor Independent School District lost about $2.3 million in a phishing email scam, the school system said in a news release.

Cops: $710G recovered after scam hits Nassau comptroller's office (Newsday) Nassau County has recovered $710,000 paid out of the comptroller's office to scammers pretending to be a county vendor, Nassau police announced Friday. The recovery of the taxpayer funds was a joint e

More Than $700K Stolen From Nassau County Comptroller's Office In Cyber Scam (WLNY CBS New York) The money ended up in a woman's account in Seattle.

San Diego’s massive, 7-year experiment with facial recognition technology appears to be a flop (Fast Company) Since 2012, the city’s law enforcement agencies have compiled over 65,000 face scans and tried to match them against a massive mugshot database. But it’s almost completely unclear how effective the initiative was, with one spokesperson saying they’re unaware of a single arrest or prosecution that stemmed from the program.

Port: Court's excuses for data exposure are lame (The Dickinson Press) These judges didn't exercise much judgment. 

Ex-Manager Says Wawa Scapegoated Workers After Breach (Law360) A fired Wawa manager launched a class action Friday in Pennsylvania federal court accusing the convenience store chain of improperly cracking down on workers instead of addressing the full extent of a data breach that allegedly exposed employee Social Security numbers and other sensitive information.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

2020 FAIR CONFERENCE (Washington, DC, USA, October 6 - 7, 2020) Hosted by the FAIR Institute and our sponsoring partners, the 2020 FAIR Conference brings leaders in information and operational risk management together to explore best FAIR practices that produce greater...

Upcoming Events

CPX 360 Bangkok (Bangkok, Thailand, January 14 - 16, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable...

Cyber Security for Critical Assets, MENA 2020 (Dubai, United Arab Emirates, January 20 - 21, 2020) The 17th in a global series of Cyber Security for Critical Assets summits, #CS4CA MENA 2020 focuses on safeguarding the critical industries of the Middle East and Northern Africa from cyber threats. CS4CA...

SANS Cyber Threat Intelligence Summit (Arlington, Virginia, USA, January 20 - 21, 2020) The collection, classification, and exploitation of knowledge about adversaries - collectively known as cyber threat intelligence (CTI) - gives security practitioners information superiority that is used...

CPX 360 New Orleans (New Orleans, Lousiana, USA, January 27 - 29, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable...

SINET: Global Cybersecurity Innovation Summit (London, England, UK, January 30, 2020) Advancing global collaboration and innovation, SINET convenes a summit of international cybersecurity leaders at the British Museum. The conference will bring together innovators, investors, researchers,...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.