skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

Watch for it: CyberWire Pro.

Our new subscription program, CyberWire Pro, will be available in the very near future. For cyber security professionals and others who want to stay abreast of our rapidly evolving industry, CyberWire Pro is a premium news service that will save you time and keep you informed. Learn more and sign up to get launch updates here.

Microsoft’s fix for Windows’ CryptoAPI, issued yesterday with credit to NSA for telling Microsoft about the vulnerability, prompted an emergency directive from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Directorate (CISA). Federal agencies are expected to patch promptly, in accordance with Emergency Directive 20-02, so the US Government is clearly putting its money where its disclosures are.

Forbrukerrådet, the Norwegian Consumer Council, determined that several dating apps are collecting users’ personal data and sharing them with various advertising networks. The Telegraph says the dating apps include Tinder, Grindr, and OKCupid; among the advertising outfits are Google, Facebook, and Twitter. The Norwegian Consumer Council is filing formal complaints against Grindr and five companies with whom the dating app was oversharing: Twitter's MoPub, AT&T's AppNexus, OpenX, AdColony and Smaato.

The gang behind Nemty ransomware intends, according to BleepingComputer, to follow the example of Maze and Sodinokibi by setting up a site on which it can dump files stolen from victims who are laggard in paying the ransom.

As the UK nears a decision on Huawei and its potential role in the nation’s 5G, the Guardian reports that Her Majesty's Government has already taken into account the most recent US revelations, and that it seems likely to conclude that any risk associated with Huawei is manageable.

The US Federal Communications Commission seems ready to expand its ban on Huawei and ZTE gear, JDSupra says. And according to CNBC, the US Commerce Department is tightening export controls against the Chinese firms.

Notes.

Today's issue includes events affecting Belgium, Canada, China, Estonia, Iran, Israel, Nigeria, Norway, Russia, Ukraine, United Kingdom, United States.

Bring your own context.

To be sure, the Panopticon was first conceived with benign albeit correctional intentions. (Just ask Mr. Bentham. He may not answer, but you can at least get a good look at him.) It seems to resurface in new, virtual forms. US universities, for example, are going digital as they appear to revive their old culture of acting toward students in loco parentis. What about this Washington Post story?

"If [the students are] not showing up at the dining hall, you know, and that's the only food option, you know, that's something that could be eye-opening to an administrator or his or her parents. If they're getting failing grades and they're not showing up to class and not showing up to the library to study, then that's certainly eye-opening as well. So you can understand why, you know, from an administrator's perspective and even from a, you know, perhaps overbearing parent's perspective, this could be useful. The reason it sticks out to me is if this gets broader, if this goes beyond the limited number of universities mentioned in this article, kids are not going be able to be kids at college just because everything is going to be tracked. And, you know, I just think you have to weigh the benefits of being able to identify risk among students with, you know, the chilling effect this would have on kids being able to learn proactively, to sort of be themselves, discover themselves. So I think you have to take all of that into consideration.

—Ben Yelin, of the University of Maryland's Center for Health and Homeland Security, on the CyberWire Daily Podcast, 1.13.20.

So, we know about aristocracy, oligarchy, democracy, and so on. Is there a good word for "rule by the dean of students?" Let us know.

Georgetown University Part-Time Master's in Cybersecurity Risk Management

Looking to advance your cybersecurity career? Check out Georgetown University's graduate program in Cybersecurity Risk Management. Ideal for working professionals, our program offers flexible options to take classes online, on campus, or through a combination of both—so you don’t have to interrupt your career to earn your degree. You'll leave the program with the expertise you need to effectively manage risks and navigate today’s increasingly complex cyber threats. Learn more.

In today's CyberWire Daily Podcast, we speak with our partners at the SANS Institute, as Johannes Ullrich discusses malicious AutoCAD files. Our guest is Chris Duvall from the Chertoff Group, who gives us an overview of the current state of ransomware.

And the CyberWire's Caveat podcast is up. In this episode, "One nation, tracked," Dave shares a story from Gizmodo about lawsuits aimed at Ring and Amazon. You asked - Ben listened - his take on an op-ed from the New York Times about cell phone tracking, and later in the show we interview Michelle Dennedy, formerly of Cisco and now CEO of DrumWave about the future of data value and...elephant masseuses. Really: elephant masseuses.

CyberTech Tel Aviv (Tel Aviv, Israel, January 28 - 30, 2020) Cybertech Tel Aviv is a 3-day event with 200+ organizations, 180+ speakers and 18,000+ attendees with a goal to create business and networking opportunities across borders. For 15% off, use code tcwtlv20dis on the registration page and enter the “Full-Pass" option. https://www.cybertechisrael.com/

RSAC 2020 (San Francisco, California, United States, February 24 - 28, 2020) Connect to the people and ideas that matter. To your growth. To your organization. At RSAC 2020, February 24 – 28, explore current and emerging trends, gain valuable skills and network with peers. Register today!

Cyber Attacks, Threats, and Vulnerabilities

CISA Releases Emergency Directive and Activity Alert on Critical Microsoft Vulnerabilities (CISA) The Cybersecurity and Infrastructure Security Agency (CISA) has released an Emergency Directive and Activity Alert addressing critical vulnerabilities affecting Windows CryptoAPI and Windows Remote Desktop Protocol (RDP) server and client. A remote attacker could exploit these vulnerabilities to decrypt, modify, or inject data on user connections.

Critical Vulnerabilities in Microsoft Windows Operating Systems (CISA) New vulnerabilities are continually emerging, but the best defense against attackers exploiting patched vulnerabilities is simple: keep software up to date. Timely patching is one of the most efficient and cost-effective steps an organization can take to minimize its exposure to cybersecurity threats.

Where did the NSA find a cybersecurity vulnerability? (Government Technology) Answer: In Windows 10.

Microsoft, NSA say security bug affects millions of Windows 10 computers (TechCrunch) Microsoft has released a security patch for a dangerous vulnerability affecting hundreds of millions of computers running Windows 10. The vulnerability is found in a decades-old Windows cryptographic component, known as CryptoAPI. The component has a range of functions, one of which allows develope…

Windows 7 ‘Crazy High’ Security Risk As Crypto Exploit Found In Audio Files (Forbes) If you are still thinking about clinging on to Windows 7, the risks are "crazy high" as this WAV-based attack demonstrates.

Burisma targeted by Russia-linked phishing attack, raising election-meddling fears (The Verge) The Russians used phishing attacks to get login credentials.

Nemty Ransomware to Start Leaking Non-Paying Victim's Data (BleepingComputer) The Nemty Ransomware has outlined plans to create a blog that will be used to publish stolen data for ransomware victims who refuse to pay the ransom.

49 million user records from US data broker LimeLeads put up for sale online (ZDNet) Data from an exposed LimeLeads Elasticsearch server ends up on a hacking forum.

Ryuk Ransomware Uses Wake-on-Lan To Encrypt Offline Devices (BleepingComputer) The Ryuk Ransomware uses the Wake-on-Lan feature to turn on powered off devices on a compromised network to have greater success encrypting them.

Experts warn Grindr, other dating apps may pose national security risk (NBC News) NBC News analyzed four popular dating apps, including Tinder and Hinge, finding each collect a range of personal information.

Dating apps Tinder, Grindr and OkCupid accused of leaking sensitive data to advertisers (The Telegraph) Dating apps have been accused of sending sensitive personal information to advertisers in a potential breach of European data laws.

Android Trojan Kills Google Play Protect, Spews Fake App Reviews (BleepingComputer) An Android malware strain camouflaged as a system app is used by threat actors to disable the Google Play Protect service, generate fake reviews, install malicious apps, show ads, and more.

Buguroo Sounds Alarm About Malicious Apps in Google Play Store (Mobile ID World) Buguroo is warning about malicious applications that are currently available through Google Play. All take advantage of the Android Binder vulnerability

Hackers Demand Ransom From Patients After Breaching Florida Clinic (HealthITSecurity) Hackers breached the server of The Center for Facial Restoration and stole complete medical records of some current and former patients, then demanded a ransom payment from the provider and patients.

P&N Bank discloses data breach, customer account information, balances exposed (ZDNet) The Australian bank says a cyberattack took place during a server upgrade.

Unsecured database exposes passport scans of thousands of British consulting professionals (Computing) Passport scans and other personal data was stored on an Amazon Web Services S3 bucket by a company called CHS Consulting

Panama-Buena Vista Union School District hit with ransomware attack (The Bakersfield Californian) The Panama-Buena Vista Union School District has been hit with a ransomware attack that has affected phone lines, emails and checking student grades, according to a district email.

Calhoun County School District: Malware attack limited; personal data not affected, official says (The Times and Democrat) The Calhoun County School District says it is continuing its efforts to maintain secure computer systems following a malware attack.

Albany Airport Pays Ransom After Its MSP Was Hit By Ransomware (CRN) The Albany (N.Y.) International Airport paid a five-figure ransom to restore data access after getting hit with Sodinokibi Ransomware over Christmas through its managed service provider.

Albany Airport Pays Off Sodinokibi Ransomware Gang: Report (BankInfo Security) Officials at the Albany International Airport paid a ransom to cybercriminals after the facility’s systems were hit with Sodiniokibi ransomware strain, according

What is Sodinokibi? The ransomware behind the Travelex attack (The Daily Swig) We take a closer look at the ransomware-as-a-service model

Cyber attack sees Picanol shares suspended (The Brussels Times) Picanol's shares were suspended on Tuesday morning on the Brussels Stock Exchange in expectation of the publication of a press release, the financial markets regulator (FSMA) announced. Picanol,

Opinion: LifeLabs finally got around to telling me my data was (possibly) hacked (Burnaby Now) I’m a Lifelabs customer who gets blood work regularly tested. This morning (Saturday), I received an email that started out this way: “You may have heard that LifeLabs recently experienced a . . .

Two-thirds of UK healthcare organisations breached last year (ComputerWeekly) The majority of healthcare organisations in the UK experienced a cyber security incident during 2019, with almost half the result of viruses and malware introduced on third party devices

Popular Apps Share Intimate Details About You With Dozens of Companies (Consumer Reports) Consumer Reports shares details of a new study that finds that popular apps share intimate details, such as your sexual preferences and religious beliefs, with a wide variety of companies.

Report: Adult Site Leaks Extremely Sensitive Data of Cam Models (vpnMentor) The vpnMentor cybersecurity research team, led by Noam Rotem and Ran Locar, have uncovered a leaking S3 Bucket with 19.95GB of visible data on a Virginia-based

Siemens SINAMICS PERFECT HARMONY GH180 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: SINAMICS PERFECT HARMONY GH180 Vulnerability: Protection Mechanism Failure 2.

GE PACSystems RX3i (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GE/Emerson Equipment: PACSystems RX3i Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the system to change to halt-mode, resulting in a denial-of-service condition.

Siemens SINEMA Server (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SINEMA Server Vulnerability: Incorrect Privilege Assignment 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker with a valid session, with low privileges, to perform firmware updates and other administrative operations on connected devices.

Siemens SCALANCE X Switches (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SCALANCE X Switches Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to violate access-control rules.

Siemens TIA Portal (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: TIA Portal Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to execute arbitrary code with SYSTEM privileges.

OSIsoft PI Vision (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: OSIsoft LLC Equipment: PI Vision Vulnerabilities: Improper Access Control, Cross-site Request Forgery (CSRF), Cross-site Scripting, Inclusion of Sensitive Information in Log Files 2.

Despite Election Security Fears, Iowa Caucuses Will Use New Smartphone App (NPR) The Iowa Democratic Party confirmed to Iowa Public Radio and NPR that it plans to use an Internet-based app to transmit results, but it declined to provide any more specifics or security details.

Security Patches, Mitigations, and Software Updates

Emergency Directive 20-02: Mitigate Windows Vulnerabilities from January 2020 Patch Tuesday (cyber.dhs.gov) On January 14, 2020, Microsoft released a software patch to mitigate significant vulnerabilities in supported Windows operating systems. Among the vulnerabilities patched were weaknesses in how Windows validates Elliptic Curve Cryptography (ECC) certificates1 and how Windows handles connection requests in the Remote Desktop Protocol (RDP) server and client.2

Chrome's privacy protections start arriving later this year (CNET) Google's online ad business benefits from harvesting your personal data, but its browser team is pushing to make the web private by default.

Intel Fixes High-Severity Flaw in Performance Analysis Tool (Threatpost) The flaw, in Intel VTune Profiler, could enable privilege escalation.

Microsoft Releases Patch to Severe Windows Flaw Detected by NSA (Wall Street Journal) The software maker moved to fix a vulnerability in its Windows 10 operating system after the National Security Agency identified the flaw, which could let hackers breach computer networks.

Today's Patch Tuesday brings fireworks and — a magic bullet? (Computerworld) The world is expecting a Thor’s thunder clap of a Windows patch later today. Given Microsoft’s track record with flashy hyper-hyped patches, a bit of skepticism is in order. Here’s a bit of history, and an invitation to a ringside seat.

Update: Don't Panic - prioritise. Critical flaw affects all versions of Windows (SC Magazine) How to priorise patching following Microsoft's Patch Tuesday announcement of Windows critical spoofing vulnerability in the CryptoAPI DLL (Crypt32.dll) - CVE-2020-0601.

Windows 7 gets the Viking funeral it deserves (really) (Windows Central) Windows 7 support officially ended today. That means no more security updates are in store for the aging OS (unless companies pay for them). So, what better way to give Windows 7 the sendoff it deserves than a proper Viking funeral?

Cyber Trends

Cyber Leads Global Business Risks for First Time: Allianz Risk Barometer 2020 (BusinessWire) Allianz 9th annual survey of top business risks attracts record participation of 2,700+ experts from over 100 countries

Q4 2019 KnowBe4 Finds Security-Related and Giveaway Phishing Email Sub (PRWeb) KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, revealed the results of its Q4 2019 top-clicked

Cyber Everywhere: What challenges leaders see in cybersecurity and cyber risk management (CyberScoop) We discuss the findings of a 2019 C-suite survey that explores how leaders are incorporating cybersecurity more holistically into their enterprises.

Herjavec Group releases 2020 Cyber Conversations for the C-Suite Report (Yahoo) Herjavec Group, a leader in global cybersecurity operations, specializing in Managed Security Services for enterprise level organizations, has launched its annual Cyber Conversations for the C-Suite Report. This year's 2020 edition is dedicated to how cybersecurity executives and business executives

Censornet: securing the future of the manufacturing industry (Manufacturing Global) Manufacturing Global hears from Censornet CEO Ed Macnair who reasons that while digital might hold the key to the future for manufacturing in the UK, the cybersecurity risks it brings must be addressed.

Cyberattackers lurking longer inside computers, report finds (Roll Call) Hackers remained undetected for an average of 95 days before discovery last year, compared with an average of 85 days in 2018, according to a report.

Doctored images have become a fact of life for political campaigns. When they’re disproved, believers ‘just don’t care.’ (Washington Post) There’s an explosion of online disinformation from politicians. They do it for a simple reason: It works, and there’s no price to pay.

New Wars Will Be Fought In Cyberspace (Kashmir Observer) There have been several scenarios including upgrades in surveillance, sharing of international databases and eye in the sky activity coupled with tail­ing suspects on the information high­way

CYBERSECURITY: Why Nigeria faces unprecedented cyber-attacks in 2020 (Vanguard News) Emerging technologies, such as the Internet of Things IoT, Cloud Technology, and Smart Phones are having a great impact on our daily lives.

Marketplace

How Britain’s technology industry shrugged off Brexit fears – and kept on growing (The Telegraph) Just days after the result of the EU referendum was announced, a German political party hired a van for an unusual publicity stunt.

Israeli cybersecurity startups raised $6.32b in 2013-2019 (Israel21c) New report released ahead of Cybertech Global Tel Aviv 2020, where 18,000 worldwide delegates will discuss the industry’s strengths and challenges.

Very Good Security Announces Strategic Investment From Visa (BusinessWire) Very Good Security (VGS), a leader in modern data security and custodianship, announced today that it has received a strategic investment from Visa In

Anti-bot startup Kasada raises $7M in Series A from CIA’s venture fund In-Q-Tel (TechCrunch) Kasada, an anti-bot startup we profiled earlier this year, has raised $7 million in its Series A with In-Q-Tel, the non-profit venture arm of the intelligence community, as the startup’s latest investor. The Sydney and Chicago-based company helps to fight online bots using its proprietary ant…

Trusona raises $20 million to bring passwordless authentication to more businesses (VentureBeat) Trusona, an authentication platform that helps businesses verify logins without passwords, has raised $20 million in a round led by Georgian Partners.

Cellebrite expands to computers with $33M acquisition of BlackBag Technologies forensics firm - 9to5Mac (9to5Mac) The Israeli forensics firm Cellebrite has announced a $33 million acquisition that it says will help it expand its forensics capabilities beyond smartphones. The company has acquired BlackBag Technologies, which is a separate forensics firm with a focus on computer forensics. In a press release announcing the acquisition, Cellebrite co-CEO Yossi Carmil said that the …

An Israel-U.S. Merger Creates An Apple Hacking Powerhouse For The Feds (Forbes) Cellebrite buys Blackbag, combining the latter's Apple Mac hacking expertise with the former's vast smartphone forensics capabilities. It comes at a time when U.S. law enforcement claims it's struggling to get into iPhones of critical investigations.

Seattle’s ExtraHop expects $100M ARR in 2020, IPO the following year (TechCrunch) Hello and welcome back to our regular morning look at private companies, public markets and the gray space in between. Today we’re continuing our series on companies that have reached the $100 million annual recurring revenue (ARR) threshold, or are about to. ExtraHop is the company of the da…

Wind River Extends Embedded Security and Linux Leadership With Acquisition of Star Lab (Valdosta Daily Times) Wind River ®, a leader in delivering software for the intelligent edge, today announced its acquisition of Star Lab, a leader in cybersecurity for embedded systems.

Kubernetes gets a bug bounty program (TechCrunch) The Cloud Native Computing Foundation (CNCF) today announced its first bug bounty program for Kubernetes, the ubiquitous container orchestration system originally built by Google. To run this program, the CNCF is partnering with Google and HackerOne and bounties will range from $100 to $10,000. Kub…

Q4 Success Caps Thycotic's Tremendous 2019 (PR Newswire) Thycotic, provider of privileged access management (PAM) solutions to more than 10,000 organizations, including 25 of the Fortune 100, today...

Principal® Joins Cyber Readiness Institute Board of Advisors (Yahoo) The Cyber Readiness Institute (CRI) is pleased to welcome Principal Financial Group® to its Board of Advisors.

AttackIQ Continues to Grow Executive Team Promoting Stacey Meyer to VP of Federal Operations (BusinessWire) AttackIQⓇ, the leading independent vendor of breach and attack simulation solutions, today announced the promotion of Stacey Meyer to vice president o

Imperva Appoints Chief Customer Officer and Chief Revenue Officer (AiThority) Imperva, Inc., the cybersecurity leader championing the fight to secure data and applications wherever they reside, announced the appointment

Forcepoint continues Symantec raid with new regional hire (ARN) Forcepoint has continued to appoint executives impacted by the recent retrenchment at Symantec, hiring Bjorn Engelhardt as regional leader.

Exclusive Networks Hires Christina Banker as New VP of North American Sales (EIN News) Exclusive Networks is proud to announce Christina Banker’s appointment as the company’s new Vice President of North American Sales.

Products, Services, and Solutions

Nexsan Adds RoCE and Private Blockchain Technology to Award Winning Assureon® Solution (Nexsan) Nexsan Assureon 8.3 includes Private Blockchain to protect and secure digital assets and RDMA over Converged Ethernet (RoCE) to enable over a 2x performance improvement for data retrieval

Cybersecurity Innovator CUJO AI Deploys Cloud-Native Networking Software from Aviatrix (Aviatrix Blog) Delivers Secure User Access and Global Transit Network Across AWS, Azure and GCP

ReliaQuest Opens GreyMatter UI and Introduces Advanced Capabilities to Award-Winning Cybersecurity Solution (PR Newswire) ReliaQuest, a leader in enterprise security, today announced it has opened the user interface and added three expanded capabilities to...

Thycotic Enhances PAM Ecosystem with Third Party Integrations (PR Newswire) Thycotic, provider of privileged access management (PAM) solutions to more than 10,000 organizations, including 25 of the Fortune 100, today...

CRITICALSTART Announces New Partnership with Fast-Growing Endpoint Protection Security Leader SentinelOne (PR Newswire) CRITICALSTART, a leading provider of Managed Detection and Response (MDR) services, today announced a new partnership with SentinelOne, the...

Kudelski Security Expands Specialized Partner Ecosystem (PR Newswire) Kudelski Security, the cybersecurity division of the Kudelski Group (SIX: KUD.S), today announced a major expansion to its partner ecosystem to...

STEALTHbits Offers New Capabilities to Strengthen Enterprise Passwords and Harden Active Directory Security in StealthINTERCEPT 7.0 (BusinessWire) STEALTHbits Technologies has announced the release of StealthINTERCEPT 7.0 real-time Active Directory (AD) policy enforcement solution.

Tripwire expands industrial cybersecurity capabilities (Tripwire) Tripwire introduces new line of hardware appliances and joins ISA Global Security Alliance to advance industrial cybersecurity

Mainstream Technologies receives elite cybersecurity rating (Talk Business & Politics) Little Rock-based Mainstream Technologies, Inc. announced Tuesday (Jan. 14) it has received the MSPAlliance Cyber Verify Risk Assurance Rating for Managed Services and Cloud Providers. Cyber Verify is designed to...

Intezer Launches Cloud Security Product, Intezer Protect, Leveraging Genetic Malware Analysis Technology (Yahoo) New York-based cybersecurity company, Intezer, today unveiled its new runtime cloud security product, Intezer Protect, powered by the company's Genetic Malware Analysis technology.

Enroll in the new Advanced Protection Program in an instant (Google) If you have an Android phone or iPhone, you can enroll in the Advanced Protection Program with just a few clicks.

AtScale Brings Unprecedented Big Data Analytics Scale and Performance across Heterogeneous Data Platforms with 2020.1 Release (Globe Newswire) Delivers Intelligent Data Virtualization and Expands Autonomous Data Engineering Capabilities for Today’s Cloud Analytics Workloads

Introducing Cloudflare for Campaigns (The Cloudflare Blog) Cloudflare for Campaigns is designed to make it easier for all political campaigns and parties to get access to cybersecurity services.

AttackIQ Selected by NTT Ltd as a Strategic Technology Partner to Provide a Holistic Predictive Threat Intelligence Solution (BusinessWire) AttackIQⓇ, the leading independent vendor of continuous security validation solutions, today announced the company was chosen by NTT Ltd. to collabora

MorganFranklin Consulting Adds Cybersecurity Practice As Firm Continues Rapid Growth (Yahoo) MorganFranklin Consulting, a leading management and technology advisory firm that specializes in solving complex transformational challenges for its clients, today officially announced the addition of comprehensive and robust end-to-end cybersecurity services through the rebrand of Vaco’s cybersecurity

Technologies, Techniques, and Standards

Estonia and the US to build joint cyber threat intelligence platform (ERR) A joint platform for sharing cyber threat intelligence will be built by Estonia and the United States to enhance the cyber defence capabilities of both countries and exchange information.

Threats Making WAVs - Incident Response to a Cryptomining Attack (Guardicore - Data Center and Cloud Security) Guardicore security researchers describe and uncover a full analysis of a cryptomining attack, which hid a cryptominer inside WAV files. The report includes the full attack vectors, from detection, infection, network propagation and malware analysis and recommendations for optimizing incident response processes in data centers.

Security can become a 'horrific tollgate' to business efficiency, CIO says (CIO Dive) When overhauling the furniture retailer's connectivity solutions, Rent-A-Center's Mike Santimaw had to shift the security-focused model of the business.

How investment dealers can get advisors to play a role in cybersecurity readiness (The Globe and Mail) Now that IIROC has made it mandatory for dealers to report cybersecurity incidents, they need to step up awareness among their advisors

Design and Innovation

Truly Secure Voting Is on the Way (Scientific American) Unfortunately, it won’t be here by 2020

Microsoft's new tool detects & reports pedophiles from online chats (HackRead) The perks of the internet are quite obvious and known to all but as they say “with every blessing comes a curse,” similarly, the digital boom has brought along various concerns, online child exploitation being one.

How the Army uses tech to balance awareness with battlefield distractions (Army Times) The Army is working on research to balance awareness with battlefield distractions through the use of cognitive studies and innovative technologies.

Research and Development

Instant, secure ‘teleportation’ of data in the works (Network World) Quantum teleportation, where information is sent instantaneously, will secure the Internet, researchers say. Scientists are making progress.

Academia

LSU Awarded $3.4 Million NSF Cybersecurity Training Grant (Globe Newswire) Hiring for cybersecurity positions in the United States has become a dire situation. Companies need more workers with an ever-increasing level of skill and there are not enough qualified applicants for most positions.

Legislation, Policy, and Regulation

Russian prime minister resigns amid government shake-up under Putin (Washington Post) Russia’s prime minister submitted his resignation Wednesday as part of a surprise government shake-up directed by President Vladi­mir Putin.

NSA found a dangerous Microsoft software flaw and alerted the firm — rather than weaponizing it (Washington Post) The National Security Agency recently discovered a major flaw in Microsoft’s Windows operating system — one that could expose computer users to significant breaches, surveillance or disruption — and alerted the firm about the problem rather than turning it into a hacking weapon, officials announced Tuesday.

The Cybersecurity 202: Intelligence official pledges heightened transparency on election threats (Washington Post) The U.S. intelligence community will share all the information it can about hacking threats against the 2020 election following the last presidential race that saw substantial interference from Russia.

After Soleimani, 'maximum pressure' campaign against Iran has entered a critical phase (Washington Examiner) Less than 24 hours after Defense Secretary Mark Esper warned of possible preemptive action against Iran, a historic strike killed Quds Force leader Qassem Soleimani, Iranian proxy militia commander Abu Mahdi al Muhandis, and other Islamic Revolutionary Guard Corps officers. These individuals, and…

Cyber security expert says U.S. response needs “careful calculation” (WHBQ) Cyber security expert says U.S. response needs “careful calculation” if Iran carries out cyber attack

Why we’re introducing a resolution on war with Iran (Washington Post) For more than 40 years, the United States and Iran have had a troubled relationship. Because of the Iranian regime’s insistence on spreading terror throughout the region and its efforts to develop nuclear weapons, multiple administrations have considered a broad range of options — both military and diplomatic — to counter these threats.

Senate Cybersecurity Co-Chairman to Pompeo: How Is State Dept. Protecting Systems from Iran? (Homeland Security Today) Warner cites two separate reports by the Department of State’s Office of the Inspector General (OIG) that detail a number of cybersecurity risks presented by the structure of the Department of State and by hiring freezes affecting the department.

Sen. Warner presses State Department for plan to address Iranian cyber threats (13newsnow.com) Senator Warner is looking for answers on how the U.S. State Department plans to defend its information security systems.

As the UK nears a decision on Huawei, what’s the story so far? (The Telegraph) After more than a year of debate and intense lobbying, the UK is finally nearing a decision on whether to allow China's Huawei to supply parts the its 5G network.

UK rebuffs US presentation on Huawei security risks (the Guardian) A source said the threat outlined by US officials had already been ‘factored into our planning’

Huawei 5G: the UK has been warned not to allow parts of the network's service – here's what to do if you have a Huawei phone (Scotsman) It "would be madness" to use technology provided by Huawei to help build the UK's 5G network, the British government has been warned by the US.

Trump’s Most Critical Huawei Threat Just Confirmed In ‘Surprisingly Outspoken’ Interview (Forbes) There can be no doubt now as to the seriousness of U.S. threats against the U.K. over Huawei—threats with serious implications for global security.

Ben Wallace interview: We can’t rely on US (Times) Britain must prepare to fight wars without America, the defence secretary has warned, amid concerns that President Donald Trump will pursue an ever more isolationist foreign policy.In an interview

Trump administration moves toward blocking more sales to Huawei, sources say (CNBC) The U.S. government is nearing publication of a rule that would vastly expand its powers to block shipments of foreign-made goods to China's Huawei, as it seeks to squeeze the blacklisted telecoms company, two sources said.

FCC Signals It May Be Prepared to Greatly Expand Its Proposed Ban on Huawei and ZTE Equipment (JD Supra) As previously reported, the FCC’s ban of Huawei and ZTE equipment and services from projects subsidized by the FCC’s Universal Service Fund (USF)...

Marco Rubio: US Needs to Create 5G Alternative to Chinese Backed Huawei, ZTE (Florida Daily) U.S. Sen. Marco Rubio, R-Fla., is pushing on Capitol Hill for Western alternatives to Chinese companies like Huawei and ZTE in order to develop 5G communications.

'We want to win the next war': US Army will revamp cyber operations to counter Russia and China (Washington Examiner) As warfare continues to enter the digital realm, the Army plans to transform its cyber operations branch into a full-scale information warfare command, according to a top U.S. general.

3-Star: We Must Combat Russian Attempts to Influence Troops Online (Military.com) Russian misinformation efforts are reaching into the military ranks.

How one official wants to increase DHS cyber efficiency (Fifth Domain) The new Cybersecurity and Infrastructure Security Agency assistant director shared that adversaries switching up tactics are challenging CISA, which is looking to evolve how it collects and shares threat indicators.

Census Bureau kicks off 2020 ad campaign amid fears around privacy and hacking (Washington Post) The Census Bureau on Tuesday unveiled an ad campaign to persuade every household in America to fill out the once-a-decade survey, which begins next week in remote parts of Alaska.

As digital reliance grows, agencies brace for cyber attacks (Carolina Coast Online) Most computer- and internet-literate people have probably heard of scams and cyber attacks on individuals, but computer criminals also go after bigger targets, like local governments.

Litigation, Investigation, and Law Enforcement

Exclusive: U.N. sanctions experts warn - stay away from North Korea cryptocurrency conference (Reuters) United Nations sanctions experts are warning people not to attend a cryptocurren...

Democrats press for details on alleged Burisma hack (POLITICO) It's unclear what the Trump administration actually knew about the alleged hack.

Trump slams Apple for refusing to unlock iPhones of suspected criminals (CNBC) "We are helping Apple all of the time on TRADE and so many other issues, and yet they refuse to unlock phones used by killers, drug dealers and other violent criminal elements," Trump tweeted.

Apple Said It Is Helping In The Pensacola Shooting Investigation, But It Won't Unlock The Shooter's iPhones (BuzzFeed News) "We reject the characterization that Apple has not provided substantive assistance in the Pensacola investigation," the company said in a statement.

Apple Denies FBI Request to Unlock Shooter’s iPhone—Again (Threatpost) Refusal to unlock the phones of a Florida shooter could set up another legal battle between Apple and the Feds over data privacy in the case of criminal investigations.

The FBI Can Unlock Florida Terrorist’s iPhones Without Apple (Yahoo) The FBI is pressing Apple Inc. to help it break into a terrorist’s iPhones, but the government can hack into the devices without the technology giant, according to experts in cybersecurity and digital forensics.

Israeli Court to Hear Amnesty Bid to Revoke NSO Export License (New York Times) Amnesty International will ask an Israeli court on Thursday to order Israel to revoke the export license of NSO Group, whose software is alleged to have been used by governments to spy on journalists and dissidents.

Amnesty suit asking Israel to revoke NSO Group's license heads to court - CyberScoop (CyberScoop) Amnesty International is urging an Israeli court to restrict the business of NSO Group, a spyware vendor accused of helping governments spy on dissidents.

Israel must stop NSO Group from exporting its spyware to human rights abusers (Amnesty) NSO's spyware has been used in malicious attacks against human rights activists around the world.

Equifax to pay $380.5 million in data breach settlement in the US (Computing) Equifax settles class-action lawsuit over 2017 data breach that spilt personal data of 147 million Americans (and more than 15.2 million Brits)

Zscaler To Pay $15 Million To Settle Symantec Patent Lawsuits (CRN) Zscaler has agreed to pay $15 million to settle all patent infringement lawsuits filed by Symantec just three months after Broadcom bought the Symantec Enterprise Security business.

Banner Health Agrees to Pay $6 Million for Data Breach (Orthopedics This Week) Phoenix-based Banner Health has agreed to pay $6 million to victims of its 2016 data breach. Banner Health will pay an additional $2.9 million for legal costs.

Meet the Trump Donor Who Allegedly Stalked America’s Ambassador in Ukraine (The Daily Beast) He was a longshot candidate with a penchant for the obscene. Now he’s at the center of the impeachment drama.

A West Point cadet tried to crowdfund money to bring a porn star to the academy's winter banquet (Task & Purpose) A cadet at West Point attempted to crowdfund money to cover travel fare and hotel fees so that his favorite adult film star could be his date to the service academy's annual winter banquet

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Kernelcon (Omaha, Nebraska, USA, March 27 - 28, 2020) Kernelcon is the result of many motivated information security professionals who recognized the opportunity to create an awesome security conference in Omaha. The idea for Kernelcon started within the...

CSA SECtember 2020 (Seattle, Washington, USA, September 16 - 17, 2020) Cloud Security Alliance is the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment. CSA is proud to launch...

Upcoming Events

CPX 360 Bangkok (Bangkok, Thailand, January 14 - 16, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable...

Cyber Security for Critical Assets, MENA 2020 (Dubai, United Arab Emirates, January 20 - 21, 2020) The 17th in a global series of Cyber Security for Critical Assets summits, #CS4CA MENA 2020 focuses on safeguarding the critical industries of the Middle East and Northern Africa from cyber threats. CS4CA...

SANS Cyber Threat Intelligence Summit (Arlington, Virginia, USA, January 20 - 21, 2020) The collection, classification, and exploitation of knowledge about adversaries - collectively known as cyber threat intelligence (CTI) - gives security practitioners information superiority that is used...

CPX 360 New Orleans (New Orleans, Lousiana, USA, January 27 - 29, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable...

SINET: Global Cybersecurity Innovation Summit (London, England, UK, January 30, 2020) Advancing global collaboration and innovation, SINET convenes a summit of international cybersecurity leaders at the British Museum. The conference will bring together innovators, investors, researchers,...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.