Our new subscription program, CyberWire Pro, will be available in the very near future. For cyber security professionals and others who want to stay abreast of our rapidly evolving industry, CyberWire Pro is a premium news service that will save you time and keep you informed. Learn more and sign up to get launch updates here.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
US Government is serious about yesterday's Windows patch. Oversharing dating apps. More ransomware turns to doxing. Huawei agonistes.
Microsoft’s fix for Windows’ CryptoAPI, issued yesterday with credit to NSA for telling Microsoft about the vulnerability, prompted an emergency directive from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Directorate (CISA). Federal agencies are expected to patch promptly, in accordance with Emergency Directive 20-02, so the US Government is clearly putting its money where its disclosures are.
Forbrukerrådet, the Norwegian Consumer Council, determined that several dating apps are collecting users’ personal data and sharing them with various advertising networks. The Telegraph says the dating apps include Tinder, Grindr, and OKCupid; among the advertising outfits are Google, Facebook, and Twitter. The Norwegian Consumer Council is filing formal complaints against Grindr and five companies with whom the dating app was oversharing: Twitter's MoPub, AT&T's AppNexus, OpenX, AdColony and Smaato.
The gang behind Nemty ransomware intends, according to BleepingComputer, to follow the example of Maze and Sodinokibi by setting up a site on which it can dump files stolen from victims who are laggard in paying the ransom.
As the UK nears a decision on Huawei and its potential role in the nation’s 5G, the Guardian reports that Her Majesty's Government has already taken into account the most recent US revelations, and that it seems likely to conclude that any risk associated with Huawei is manageable.
The US Federal Communications Commission seems ready to expand its ban on Huawei and ZTE gear, JDSupra says. And according to CNBC, the US Commerce Department is tightening export controls against the Chinese firms.
Today's issue includes events affecting Belgium, Canada, China, Estonia, Iran, Israel, Nigeria, Norway, Russia, Ukraine, United Kingdom, and United States.
Bring your own context.
To be sure, the Panopticon was first conceived with benign albeit correctional intentions. (Just ask Mr. Bentham. He may not answer, but you can at least get a good look at him.) It seems to resurface in new, virtual forms. US universities, for example, are going digital as they appear to revive their old culture of acting toward students in loco parentis. What about this Washington Post story?
"If [the students are] not showing up at the dining hall, you know, and that's the only food option, you know, that's something that could be eye-opening to an administrator or his or her parents. If they're getting failing grades and they're not showing up to class and not showing up to the library to study, then that's certainly eye-opening as well. So you can understand why, you know, from an administrator's perspective and even from a, you know, perhaps overbearing parent's perspective, this could be useful. The reason it sticks out to me is if this gets broader, if this goes beyond the limited number of universities mentioned in this article, kids are not going be able to be kids at college just because everything is going to be tracked. And, you know, I just think you have to weigh the benefits of being able to identify risk among students with, you know, the chilling effect this would have on kids being able to learn proactively, to sort of be themselves, discover themselves. So I think you have to take all of that into consideration."
—Ben Yelin, of the University of Maryland's Center for Health and Homeland Security, on the CyberWire Daily Podcast, 1.13.20.
So, we know about aristocracy, oligarchy, democracy, and so on. Is there a good word for "rule by the dean of students?" Let us know.
Looking to advance your cybersecurity career? Check out Georgetown University's graduate program in Cybersecurity Risk Management. Ideal for working professionals, our program offers flexible options to take classes online, on campus, or through a combination of both—so you don’t have to interrupt your career to earn your degree. You'll leave the program with the expertise you need to effectively manage risks and navigate today’s increasingly complex cyber threats. Learn more.
In today's CyberWire Daily Podcast, we speak with our partners at the SANS Institute, as Johannes Ullrich discusses malicious AutoCAD files. Our guest is Chris Duvall from the Chertoff Group, who gives us an overview of the current state of ransomware.
And the CyberWire's Caveat podcast is up. In this episode, "One nation, tracked," Dave shares a story from Gizmodo about lawsuits aimed at Ring and Amazon. You asked - Ben listened - his take on an op-ed from the New York Times about cell phone tracking, and later in the show we interview Michelle Dennedy, formerly of Cisco and now CEO of DrumWave about the future of data value and...elephant masseuses. Really: elephant masseuses.