After the Thanksgiving holiday, we'll be rolling out a new format for our email. We've redesigned it the better to avoid falling into spam traps, or becoming inadvertently enmeshed in the array of anti-phishing measures increasingly deployed. You've seen some of these changes already with our addition of inline links to our summary. When the redesign is complete, you'll see fewer links to suggested reading in the email itself. That selected reading will remain present in its entirety on our website, posted as always with the appropriate Daily News Briefing. We hope you'll find the new format more user-friendly. We'll announce the date of the rollout as it approaches. And, as always, thanks for subscribing and reading.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
Nation states (or at least two of them) go wild. Facebook and Instagram outages. Black Friday advice.
Several nation-state threat actors have returned to action this week. They're back in familiar but upgraded forms.
North Korea's Lazarus Group is back, hitting financial institutions in Asia and Latin America. They're making improved use of backdoors. As usual with the Lazarus Group, the motive is financial (TrendLabs).
The Pterado backdoor campaign reported by Ukrainian authorities is now being attributed by observers to Russia, but that attribution remains preliminary and circumstantial. They associate Pterado with the Gamaredon threat group, widely believed to be a unit of Russia's FSB (Ars Technica).
Coincidentally or not, the newly reawakened Cozy Bear, also generally regarded as an FSB (or possibly SVR) unit, has deployed improved phishing techniques against US targets (WIRED).
And another Russian threat group, the Hades APT, is also back. Hades was responsible for the Olympic Destroyer wiper campaign that targeted the South Korean-hosted Winter Olympic Games. It's added anti-analysis and delayed execution as well as a single-stage dropper, which suggests that Hades is learning from and reacting to the measures used against it earlier n 2018 (Check Point).
Since November 12th, an unknown (but believed to be foreign) group has been attacking certified email accounts in Italy. Both the government and the private sector have been affected, with courts particularly disrupted (Reuters).
HackRead reports that both Facebook and Instagram are suffering widespread outages. This is the second significant outage in as many days: yesterday it was Messenger (Forbes). They're working on it: at this point the outages seem to be accidents.
Today's issue includes events affecting Canada, China, Ecuador, European Union, Iran, Italy, Democratic Peoples Republic of Korea, Russia, Singapore, Ukraine, United Kingdom, and United States.
A quick note: we'll be observing Thanksgiving this week, so there will be no Daily News Briefing or Daily Podcast on Thursday or Friday, and no Week that Was this Saturday. Everything will return to normal Monday.
We're asking knowledgeable security insiders like you to take a short survey. In return, we're offering all qualified respondents a chance to enter a drawing to win one of three gift cards valued at $50 each. Join other cybersecurity leaders and share your viewpoints. Click here to take the survey.
Did you know that Amazon Alexa skills squatting is a thing? In today's podcast, up later this afternoon, Malek Ben Salem from our partners at Accenture Labs tells us about it. Our guest is Ronnie Tokazowski from Flashpoint, who describes his work with the Business Email Compromise Working Group.