thecyberwire.com

The CyberWire - Your cyber security news connection.

Your cyber security news connection.
The CyberWire - Your cyber security news connection.

Description

More signal, less noise—we distill the day’s critical cyber security news into a concise daily briefing.

Categories

Technology

Episodes

A rough year ahead for ransomware attacks - and how to stop them.

Apr 4, 2020 12:04

Description:

2020 is shaping up to be a rough year. Ransomware attacks will continue to grow as cybercriminals get more sophisticated in their methods and expand their reach. Allan Liska, Senior Analyst at Recorded Future, shares their findings and predictions in a new report. 

The research can be found here:

5 Ransomware Trends to Watch in 2020

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Cybersecurity notes during the pandemic emergency. Twitter bots. Ransomware attack on a biotech firm. WHO updates. And how are the cyber gangs doing these days?

Apr 3, 2020 26:28

Description:

Geolocation in support of social distancing. Fixing vulnerabilities in a popular teleconferencing service. Twitter bots running an influence campaign against the Turkish government are taken down. A biotech firm reports a ransomware attack. More on attempts to compromise the World Health Organization. And a look at how cyber criminals are faring during the emergency. Michael Sechrist from BAH on cybercrime changes in the age of Coronavirus, guest is Admiral James Stavridis (Ret.) from Preveil on global cyber security threats and realities.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/April/CyberWire_2020_04_03.html

WHO email accounts prospected. Mandrake versus Android users. Vollgar versus MS-SQL servers. Ransomware and hospitals. Notes on the effects of COVID-19, and a disinformation campaign.

Apr 2, 2020 20:30

Description:

Attempts on World Health Organization email accounts possibly linked to Iran. Mandrake Android malware is active against carefully selected targets. Vollgar attacks Windows systems running MS-SQL Server. Hospitals remain attractive targets for ransomware gangs. Italy’s social security operations shut down by hacking. Coronavirus disinformation. The pandemic’s effects on business. And a look at the fortunes of Zoom. Andrea Little Limbago from Virtru on the global battle for information control, guest is Perry Carpenter from KnowBe4 on security awareness.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/April/CyberWire_2020_04_02.html

More data breaches. DPRK spearphishing. DoJ IG sees problems in FISA warrant processes. Houseparty updates. Huawei sanctions. And notes about the pandemic.

Apr 1, 2020 20:20

Description:

Marriott discloses a major data breach. Another insecurely configured Elasticsearch database is found, this one belonging to a secure cloud backup provider. More spearphishing from Pyongyang. The US Justice Department IG sees systemic problems in the FISA warrant process. Updates on the Houseparty affair. Huawei suggests that Beijing will retaliate against more sanctions from Washington. And more COVID-19 notes concerning the cyber sector. Joe Carrigan from JHU ISI on Safari blocking third-party cookies, guest is Monzy Merza of Splunk on becoming an InfoSec leader.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/April/CyberWire_2020_04_01.html

Supply chain attack warning. CFAA clarified. COVID-19 and its economic squalls.

Mar 31, 2020 20:55

Description:

FBI warns of another supply chain attack, this one distributing the Kwampirs RAT. More exposed databases found. The US Computer Fraud and Abuse Act gets some clarification from a Federal Court. Security and networking companies are weathering the COVID-19 economic storm, but not without squalls, some legal, some cyber, and others just reputational. Ben Yelin from UMD CHHS on ending targeted advertising, guest is Brendan O’Connor from AppOmni on the state of cloud security.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/March/CyberWire_2020_03_31.html

Support our show

Updates on the cyber ramifications of the coronavirus pandemic. Saudi surveillance program. Ransomware developments. Lost USB attacks are in progress.

Mar 30, 2020 21:27

Description:

Updates on the coronavirus and its effect on the cyber sector. Criminals spoof infection warnings from hospitals. The country of Georgia’s voter data has been exposed online. The Kingdom of Saudi Arabia seems to have conducted extensive surveillance of its subjects as they travel in the US. The Zeus Sphinx Trojan is back. Dharma ransomware’s source code is for sale in the black market. And beware teddy bears bearing USB drives. David Dufour from Webroot on differences between privacy and security, guest is Daniel dos Santos from Forescout on Ransomware, IoT, and the impact on critical infrastructure.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/March/CyberWire_2020_03_30.html

Support our show

Hidden dangers inside Windows and LINUX computers.

Mar 28, 2020 20:28

Description:

Eclypsium has issued a study that suggests the prevalence of “unsigned firmware in WiFi adapters, USB hubs, trackpads, and cameras used in computers from Lenovo, Dell, HP and other major manufacturers.” Here to discuss their findings is Rick Altherr, a Principle Engineer at Eclypsium.

The research can be found here:

Perilous Peripherals: The Hidden Dangers Inside Windows and LINUX Computers. 

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Some notes on cyber gangland. South Koren APT using zero days against North Koreans? USB attacks. Telework challenges. CMMC remains on schedule.

Mar 27, 2020 25:19

Description:

Ransomware gangs don’t seem to be trimming their activities for the greater good. TA505 and Silence identified as the groups behind recent attacks on European companies. An APT possibly connected to South Korea is linked to attacks on North Korean professionals. A criminal campaign of USB attacks is reported. Problems with VPNs and teleconferencing. The Pentagon’s CMMC will move forward on schedule. Rob Lee from Dragos on ICS resiliency in the face of Coronavirus, guest is James Dawson from Danske Bank on the unique challenges of IT Risk & Controls in global banking.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/March/CyberWire_2020_03_27.html

Support our show

Advice on secure telework. Magecart infestations. DNS hijacking with a COVID-19 twist and an info-stealer hook. Patch notes. The US 5G security strategy.

Mar 26, 2020 19:11

Description:

NIST offers advice on telework, as does Microsoft. Things to do for your professional growth while you’re in your bunker. Magecart hits Tupperware, and they won’t be the last as e-commerce targeting spikes. DNS hijacking contributes to an info-stealing campaign. Apple and Adobe both patch. The US publishes its 5G security strategy. And some thoughts on the value of work, as brought into relief by a pandemic. Thomas Etheridge from Crowdstrike on their 2020 Cyber Front Lines Report, guest is Michelle Koblas from AppDynamics on third-party risk management.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/March/CyberWire_2020_03_26.html

Support our show

APT41 is back from its Lunar New Year break. Commodity attack tools for states and gangs. Russia takes down a domestic carding crew. Restricting misinformation.

Mar 25, 2020 20:01

Description:

APT41 is back, and throwing its weight around in about twenty verticals. States and gangs swap commodity malware. The FSB--yes, that FSB--takes down a major Russian carding gang. Coronavirus-themed attacks are likely to outlast the pandemic. Facebook Messenger considers limiting mass message forwarding as a way of slowing the spread of COVID-19 misinformation. Joe Carrigan from JHU ISI on stimulus check scams, guest is Rachael Stockton from LogMeIn (LastPass) on the future of business network access security.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/March/CyberWire_2020_03_25.html

Support our show

Active ICS threats. TrickBot and TrickMo. RCE vulnerability in Windows. Google ejects click-fraud malware infested apps from Play. Attackers hit WHO, hospitals, and biomedical research.

Mar 24, 2020 20:38

Description:

WildPressure APT targets industrial systems in the Middle East. ICS attack tools show increasing commodification. TrickMo works against secure banking. Microsoft warns of RCE vulnerability in the way Windows renders fonts. Click fraud malware found in childrens’ apps sold in Google Play. DarkHotel attacks the World Health Organization. Ransomware hits Parisian hospitals and a British biomedical research firm. More COVID-19 phishbait. Ben Yelin from UMD CHHS on Coronavirus detecting cameras, guest is Allan Liska from Recorded Future on security in the time of Coronavirus.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/March/CyberWire_2020_03_24.html

Support our show

Coronavirus fraud booms; prosecutors are taking note. Stolen data on the dark net. Software updates affected by pandemic. A new Mirai variant is out. A DDoS that wasn’t.

Mar 23, 2020 20:47

Description:

US prosecutors begin to follow through on their announced determination to pay close attention to coronavirus fraud. Data stolen from Chinese social network Weibo is now for sale on the black market--at a discount. The pandemic affects scheduled software updates and sunsets at Google and Microsoft. A new Mirai variant is out in the wild. And a DDoS attack in Australia turns out to be just a lot of Australians in need of government services. Mike Benjamin from CenturyLink on threat actors using 3rd party file hosting, guest is Andrew Peterson from Signal Sciences on top application security attacks.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/March/CyberWire_2020_03_23.html

Support our show

The security implications of cloud infrastructure in IoT.

Mar 21, 2020 27:16

Description:

Cloud computing is now at the center of nearly every business strategy. But, as with the rapid adoption of any new technology, growing pains persist. The key findings in these reports shed light on security missteps that are actually in practice by organizations across the globe.

Joining us in this special Research Saturday are Palo Alto Network's Matthew Chiodi and Ryan Olson. They discuss their findings in two different threat reports. 

The research can be found here:

Cloud Threat Report

IoT Threat Report

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

CISA on running critical sectors during an emergency. Disinformation, phishbait, and rumor. What’s Fancy Bear up to these days? Distinguishing altruism from self-interest.

Mar 20, 2020 24:55

Description:

CISA describes what counts as critical infrastructure during a pandemic, and offers some advice on how to organize work during the emergency. Iran runs a disinformation campaign--apparently mostly for the benefit of a domestic audience--alleging that COVID-19 is a US biowar operation. Intelligence services, criminals, vandals, and gossips all flack coronavirus hooey in cyberspace. Fancy Bear is back. And what would provoke good behavior among thieves? (A hint: not altruism.) Malek Ben Salem from Accenture on mobile tracking and privacy, guest is Thomas Quinn from T Rowe Price on the job of protecting a financial institution.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/March/CyberWire_2020_03_20.html

Support our show

EU suspects Russia of disinformation. TrickBot’s latest module is a brute. Parallax RAT and the MaaS black market. Pandemic hacking trends. What to do with time on your hands.

Mar 19, 2020 20:42

Description:

The EU suggests that Russia’s mounting an ongoing disinformation campaign concerning COVID-19. Russia says they didn’t do nuthin’. TrickBot is back with a new module, still under development, and it seems most interested in Hong Kong and the US. The Parallax RAT is the latest offering in the malware-as-a-service market. Food delivery services are now targets of opportunity for cybercriminals. Zoom-bombing is now a thing. And some advice from an astronaut. Andrea Little Limbago from Virtru with insights into her career path, guest is Tom Creedon from LookingGlass Cyber on the Asia-Pacific Cyber Conflict.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/March/CyberWire_2020_03_19.html

Support our show

Coronavirus phishing. Money mule recruiting. Remote work and behavioral baselining. HHS incident seems to have been...an incident. Advice from NIST, and from Dame Vera Lynne.

Mar 18, 2020 21:21

Description:

More coronavirus phishing expeditions. Don’t let idleness or desperation lead you into a money-mule scam. How do behavioral expectations change during periods of remote work? The Health and Human Services incident appears to be just that. NIST has some advice for video-conferencing and virtual meetings. And an exhortation to return to the Blitz spirit. Joe Carrigan from JHU ISI on limitations of two-factor authenticator mobile apps, guest is Johnnie Konstantas from Oracle on cloud misconfigurations and shared responsibility in the public cloud.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/March/CyberWire_2020_03_18.html

Support our show

Cyberattack on US HHS probably a minor probe. Disinformation about COVID-19 continues to serve as both phishbait and disruption. US prosecutors move to stop prosecution Concord Management.

Mar 17, 2020 20:24

Description:

The cyberattack on the US Department of Health and Human Services seems now to have been a minor incident. Disinformation about COVID-19 and measures to contain the pandemic continues to serve as both phishbait and disruption. And US prosecutors move to stop prosecution of a Russian influence shop fingered by the Mueller investigation. Ben Yelin from UMD CHHS on HHS issuing health data rules, guest is Kevin Mitnick from KnowBe4 on the state of cybersecurity from the RSAC 2020 floor. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/March/CyberWire_2020_03_17.html

Support our show

COVID-19’s effects on cyberspace: disinformation, espionage, data theft, fraud, and extortion. Also far greater remote working.

Mar 16, 2020 20:24

Description:

COVID-19’s effects on cyberspace: disinformation, espionage, data theft, fraud, and extortion. Also far greater remote working. David Dufour from Webroot on their 2020 Threat Report, guest is Simone Petrella from CyberVista on cybersecurity skills.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/March/CyberWire_2020_03_16.html

Support our show

TLS is here to stay.

Mar 14, 2020 16:01

Description:

As websites and apps more widely adopt TLS (Transport Layer Security) and communicate over HTTPS connections, unencrypted traffic may draw even more attention, since it’s easier for analysts and security tools to identify malicious communication patterns in those plain HTTP sessions. Malware authors know this, and they’ve made it a priority to adopt TLS and thereby obfuscate the contents of malicious communication.

Joining us on this week's Research Saturday is Chester Wisniewski from SophosLabs discussing their research on the subject. 

The research can be found here:

Nearly a quarter of malware now communicates using TLS

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

COVID-19 as both incentive for remote work and phishbait. Offshored trolling. A list of “digital predators.” US Senate doesn’t extend domestic surveillance authority.

Mar 13, 2020 24:06

Description:

COVID-19 significantly increased remote working, and the pandemic is now a favorite lure in the phishing tackle of both intelligence services and criminal gangs. Russian trolling has been off-shored, setting up shop in Ghana and Nigeria for running influence operations against the US. Microsoft issues an out-of-band patch. Reporters Without Borders publishes its list of “digital predators.” And the Senate doesn’t renew US domestic surveillance authorities. Thomas Etheridge from Crowdstrike on the impact of ransomware, guest is Josiah Dykstra from NSA on Cloud Vulnerabilities from an NSA viewpoint.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_03_13.html

Support our show

The return of Turla. Data exposure incidents disclosed. Beijing accuses Taipei of waging cyberwarfare against the PRC. Coronavirus disinformation.

Mar 12, 2020 20:49

Description:

Turla’s back, this time with watering holes in compromised Armenian websites. Data exposures are reported in the Netherlands and the United States. China accuses Taiwan of waging cyberwarfare in an attempt to disrupt Beijing’s management of the coronavirus epidemic. The US and the EU separately undertake efforts to suppress COVID-19 disinformation. And the ins-and-outs of teleworking. Mike Benjamin from CenturyLink with Emotet updates, guest is Tom Pendergast from MediaPRO on their State of Privacy and Security Awareness Report.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_03_12.html

Support our show

The Cyberspace Solarium reports. Coronavirus scams and coronavirus realities. Notes on March’s Patch Tuesday.

Mar 11, 2020 19:17

Description:

The Cyberspace Solarium has released its report, as promised, and they wish to make your flesh creep. Coronavirus scams and phishbait amount to what some are calling an “infodemic.” Some notes on Patch Tuesday, and, finally, some words on the actual coronavirus epidemic. Joe Carrigan from JHU ISI on FBI recovering stolen funds, guest is Josh Mayfield from RiskIQ on his 2020 predictions.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_03_11.html

Support our show

Caution in the Play store. EU power consortium’s business systems hacked. Cablegate--a look back. Schulte trial ends in minor convictions, but a hung jury on major counts. The cyber underworld.

Mar 10, 2020 20:11

Description:

Google removes from the Play store an app nominally designed to track COVID-19 infections. An EU power distribution consortium says its business systems were hacked. An assessment of Cablegate has been declassified. Ex-CIA employee Schulte’s trial for disclosing classified information ends in a hung jury. The alleged proprietor of a criminal market is arrested. Crooks hack rival crooks. More US primaries are held today. And a case of identity theft in North Carolina. Ben Yelin from UMD CHHS with updates on ClearView AI, guest is Kathleen Kuczma from Recorded Future on 2019 Top Vulnerabilities List.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_03_10.html

Support our show

Coronavirus misinformation, phishbait, and disinformation. Ransomware’s growing reach. How criminals’ desire for glory works against their desire to escape apprehension.

Mar 9, 2020 20:56

Description:

Coronavirus misinformation, coronavirus online scams, and coronavirus disinformation. Ransomware hits a steel plant, local government, and a defense contractor. And how criminals’ desire for glory betrays them in social media. Zulfikar Ramzan from RSA Security with three product updates, guest is Robert Waitman from Cisco on their Annual Data Privacy Benchmark study.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_03_09.html

Support our show

Overworked developers write vulnerable software.

Mar 7, 2020 14:21

Description:

Why do some developers and development teams write more secure code than others? Software is written by people, either alone or in teams. Ultimately secure code development depends on the actions and decisions taken by the people who develop the code. Understanding the human factors that influence the introduction of software vulnerabilities, and acting on that knowledge, is a definitive way to shift security to the left. 

On this Research Saturday, our conversation with Anita D’Amico from CodeDX on which developers and teams are more likely to write vulnerable software.

The research can be found here:

Which Developers and Teams Are More Likely to Write Vulnerable Software?

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Misconfigured databases, again. Vulnerable subdomains. Dark web search engines. Troll farming. An update on the crypto wars.

Mar 6, 2020 23:11

Description:

Virgin Media discloses a data exposure incident, another misconfigured database. Microsoft subdomains are reported vulnerable to takeover. A dark web search engine is gaining popularity, and black market share. Researchers find that Russian disinformation trolls have upped their game. The crypto wars have flared up as the US Senate considers the EARN IT act. Tech companies sign on to voluntary child protection principles. And Huawei talks about backdoors. Thomas Etheridge from Crowdstrike on empowering business leaders to manage cyber risk, guest is Sherri Davidoff on her book, Data Breaches: Crisis and Opportunity.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_03_06.html

Support our show

Credential stuffing attacks and data breaches. Coronavirus-themed phishbait is an international problem. Super Tuesday security post mortems. Huawei agonistes.

Mar 5, 2020 19:45

Description:

Credential stuffing affects J. Crew and Tesco customers. T-Mobile discloses a data breach. Emcor works to recover from a ransomware infestation. Coronavirus-themed emails remain common phishbait--it’s an international problem. US authorities are pleased with how election security on Super Tuesday went, but some local governments are recovering from self-inflicted tech wounds. And there’s more on official US suspicion of Huawei. Mike Benjamin from CenturyLink on Nanocore, guest is Bil Harmer from SecureAuth on nation-state attacks.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_03_05.html

Support our show

Election security--a look back at Super Tuesday. Cyberspace Solarium preview. Rapid Alert System engaged in EU. Cyber capability building in Ukraine. Cloud backups as attack surface.

Mar 4, 2020 20:28

Description:

A quick security retrospective on Super Tuesday, a day on which no dogs barked (or bears growled, or kittens yowled, or pandas did whatever it is that pandas do). The Cyberspace Solarium previewed the good-government framework it intends to recommend in next Wednesday’s final report. The EU uses its Rapid Alert System against coronavirus disinformation. US aid will go to Ukraine for cybersecurity capability building. And backups are an attack surface, too. Joe Carrigan from JHU ISI on FBI convictions of Romanian criminals, guest is Chris Kubic from Fidelis Cybersecurity with lessons learned from securing the country’s biggest and deepest secrets. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_03_04.html

Support our show

Vault 7, again, as Beijing names and shames. Schulte case goes to jury. Maersk to cut incident response jobs. The Cyberspace Solarium’s election security preview. Advice for intel collection.

Mar 3, 2020 22:30

Description:

Chinese security firm calls out the US CIA for Vault 7 campaigns against civil aviation. Meanwhile, the jury’s out in the Joshua Shulte Vault 7 case. Incident responders in the UK may be reentering the labor market. US agencies issue a joint warning to adversaries (and joint encouragement to citizens) about election interference. The Cyberspace Solarium talks about elections. And the Justice Department offers advice on cyber threat intelligence collection. Ben Yelin from UMD CHHS on telecommunications companies in hot water with the FCC, guest is Stuart Reed from Nominet with new CISO stress research.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_03_03.html

Support our show

Super Tuesday eve primary jitters. DoppelPaymer hits an aerospace supplier. WordPress plugins exploited in the wild. Vote for the catphish.

Mar 2, 2020 18:14

Description:

It’s Super Tuesday eve, and people worry about influence operations, both foreign and domestic. DoppelPaymer hits a precision manufacturer, and moves surprisingly quickly to expose stolen files. Vulnerable WordPress plugins are being exploited in the wild. And a catphish is running for Congress in Rhode Island--he’s even got the blue checkmark. Johannes Ullrich from the SANS Technology Center on the development of authentication issues in iOS, guest is Elvis Chan from the FBI on election security.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_03_02.html

Support our show

Application tracking in Wacom tablets.

Feb 29, 2020 18:50

Description:

Today's Research Saturday features our conversation with Robert Heaton, a software engineer with Stripe who penned a blog post about his disappointing discovery involving his Wacom tablet tracking his applications. The post struck a nerve and has since been widely distributed.

The research can be found here: 

Wacom drawing tablets track the name of every application that you open

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

South Carolina primary affords the next test of US election security. Cerberus evolves. Bot-driven fraud. FCC to fine wireless carriers for location data handling. FISA changes.

Feb 28, 2020 25:16

Description:

South Carolina prepares for tomorrow’s primary, confident that it will be able to conduct the vote securely and without disruption. An evolved version of the Cerberus Trojan has been spotted. Bots are making fraudulent appeals for brushfire aid to the Australian Red Cross. The FCC is preparing to fine four major wireless carriers for mishandling user geolocation data. Proposed changes to FISA surveillance in the US. And farewell to RSAC 2020. Partner is Mike Benjamin from CenturyLink with observations from RSA, guests are magicians Penn and Teller with insights on deception and social engineering.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_28.html

Support our show

RSAC 2020. Naming and shaming. Kitty espionage update. Wi-Fi crypto flaw. Impersonating the DNC. Ransomware gets more aggressive. When is removing a GPS tracker theft?

Feb 27, 2020 22:50

Description:

Naming and shaming seems to work, at least against China’s Ministry of State Security. Iranian cyberespionage continues its regional focus. Wi-Fi chip flaws could expose encrypted traffic to snoopers. Someone, maybe from abroad, is pretending to be the US Democratic National Committee. Tips on backing up files. Ransomware gangs up their game. And that unmarked small box on your car? Go ahead: you can take it off. David Dufour from Webroot with trends and predictions from the floor at RSA, guest is Liesyl Franz from the Dept. of State on nation state cyber activities and deterrence in cyberspace.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_27.html

Support our show

Chrome zero-day patched. Ransomware against infrastructure. Notes from RSAC 2020. Julian Assange’s extradition hearing.

Feb 26, 2020 20:45

Description:

Google patches a Chrome zero-day. Ransomware attacks against infrastructure. DoppelPaymer prepares to dox its victims. How CISA and NSA cooperate. Dallas County, Iowa, finally drops charges against pentesters. Mr. Assange’s evolving defense against extradition to the US. Notes on RSAC 2020. And if you were a superhero, which superhero would you be? Justin Harvey from Accenture on his RSA observations, guest is Keith Mularski from EY on ransomware.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_26.html

Support our show

Cloud Snooper is out and about. US states’ contracts with Chinese vendors. Voatz receives more scrutiny. Facebook’s troll hunt--no joy this time. Notes from RSAC 2020.

Feb 25, 2020 22:59

Description:

Cloud Snooper is infesting cloud infrastructure servers. A China-skeptical advocacy group draws attention to US states’ contracts with Chinese vendors that aren’t named “Huawei.” Senator Wyden would like the security company that audited the Voatz to explain the clean bill of health it gave the voting app. Facebook’s campaign troll hunt comes up empty, so far, this time. And what we’re seeing and hearing at RSAC 2020. Our Chief Analyst Rick Howard on SASE and what he’s looking for at RSA, guest is Dr. Chenxi Wang from Rain Capital previewing her panel at RSA and discussing innovations in the industry. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_25.html

Support our show

Reactions to allegations in Georgia’s October cyber incidents. Commodification of spamming kit. Satellite vulnerabilities. Election security. FISA reauthorization? Mr. Assange’s extradition. RSAC 2020.

Feb 24, 2020 21:30

Description:

The EU condemns Russian cyberattacks on Georgia, and Russia says Russia didn’t do it--it’s all propaganda. Skids can buy spamming tools for less than twenty bucks. Satellite constellations offer an expanding attack surface. Amid continuing worries about US election security, the question of Russian trolling or home-grown American vitriol arises in Nevada (but the smart money’s on the U S of A). FISA reauthorization is coming up. And hello from RSAC 2020. Joe Carrigan from JHU ISI on SIM swappers targeting carrier employees, guest is Erez Yalon from Checkmarx on the recently published OWASP API Security Top Ten list.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_24.html

Support our show

Rigging the game.

Feb 23, 2020 40:45

Description:

*This is a rebroadcast from our Cyber Law and Policy show, Caveat.*

Ben describes a decades-long global espionage campaign alleged to have been carried out by the CIA and NSA, Dave shares a story about the feds using cell phone location data for immigration enforcement, and later in the show our conversation with Drew Harwell from the Washington Post on his article on how Colleges are turning students’ phones into surveillance machines.

Remember to subscribe to Caveat in your podcasting platform of choice. 

Links to stories:

‘The intelligence coup of the century’

RIGGING THE GAME Spy sting

Federal Agencies Use Cellphone Location Data for Immigration Enforcement

Thanks to our sponsor, KnowBe4.

New vulnerabilities in PC sound cards.

Feb 22, 2020 19:51

Description:

SafeBreach Labs discovered a new vulnerability in the Realtek HD Audio Driver Package, which is deployed on PCs containing Realtek sound cards. 

On this week's Research Saturday, our conversation with Itzik Kotler, who is Co-Founder and CTO at SafeBreach. 

The research can be found here: 

Realtek HD Audio Driver Package - DLL Preloading and Potential Abuses

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

DISA data breach. More complaint against alleged GUR operations in Georgia. Trolls move from creation to curation. The UK deals with high-risk 5G vendors.

Feb 21, 2020 23:14

Description:

The US Defense Information Agency discloses a data breach affecting personal information of up to two-hundred thousand individuals. More international reprobation for the alleged GRU hack of Georgian websites. Trolls move from creation to curation. Stalkerware data exposure. And a look at how the UK might actually implement its compromise position on high-risk 5G vendors. Joining us in studio, a surprise new addition to the CyberWire team, guest is Aisling MacRunnels from Synack on women in cyber.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_21.html

Support our show

UK, US blame Russia for 2019 Georgia hacks. Senator Sanders thinks Russian bots could impersonate supporters. Mr. Assange’s extradition. MGM Resorts breach. Ms Winner wants a pardon.

Feb 20, 2020 21:26

Description:

British and American authorities blame Russia’s GRU for last October’s defacement campaign against Georgian websites. Senator Sanders thinks maybe some of his apparent supporters are Russian bots--the ones who are tweeting bad stuff in social media. Julian Assange says he was offered a pardon to say the Russians didn’t meddle with the DNC. Stolen data from MGM Resorts turns up in a hacker forum. NSA leaker Reality Winner would like a pardon. Justin Harvey from Accenture on staying prepared against potential Iranian cyberattacks, guest is Jamie Tomasello from Cisco Duo on cognitive capacity and burnout.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_20.html

Support our show

Ransomware hits US natural gas pipeline facility. DRBControl’s espionage campaign. Firmware signing. No bill of attainder against Huawei. A mistrial in the Vault 7 case?

Feb 19, 2020 20:45

Description:

CISA reports a ransomware infestation in a US natural gas compression facility--it arrived by spearphishing and there are, CISA thinks, larger lessons to be learned. A new threat actor, possibly linked to China’s government, is running an espionage campaign against gambling and betting operations in Southeast Asia. More notes on firmware signatures. Huawei loses one in US Federal Court, and the defense asks for a mistrial in the Vault 7 case. Caleb Barlow from CynergisTek on Wigle and the impact your SSID name can have on your privacy, guest is Anita D’Amico from CodeDX on which developers and teams are more likely to write vulnerable software.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_19.html

Support our show

Fox Kitten campaign linked to Iran. LokiBot’s new clothes. Unsigned firmware. Iowa Democratic caucus post-mortem. SoftBank and the GRU. Hacker madness.

Feb 18, 2020 21:04

Description:

Fox Kitten appears to combine three APTs linked to Iran. LokiBot is masquerading as an installer for Epic Games. Unsigned firmware found in multiple devices. Extortionists threaten to flood AdSense banners with bot traffic. China says the Empire of Hackers is in Washington, not Beijing. Iowa Democratic caucus IT post-mortems continue. Japan connects SoftBank breach to GRU. And more on that hacker-madness poster from the West Midlands. Ben Yelin from UMD CHHS on wireless carriers selling location data. Guest is Kaitlin Bulavinetz from Washington Cyber Roundtable on facilitating conversations among the industry. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_18.html

Support our show

If you can't detect it, you can't steal it.

Feb 15, 2020 23:25

Description:

BGN Technologies, the technology transfer company of Ben-Gurion University (BGU) of the Negev, Israel, is introducing the first all-optical “stealth” encryption technology that will be significantly more secure and private for highly-sensitive cloud computing and data center network transmission. Joining us in this special Research Saturday is BGN's Dan Sadot who helped pioneer this technology. 

The Research can be found here:

Ben-Gurion University Researchers Introduce the First All-Optical, Stealth Data Encryption Technology

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Huawei gets a RICO prosecution. Details on DPRK Hidden Cobra Trojans. Google takes down Chrome malvertising network. Run DNC. Hacker madness. Happy St. Valentine’s Day.

Feb 14, 2020 23:36

Description:

The US indicts Huawei for racketeering. The FBI and CISA release details on malware used by North Korea’s Hidden Cobra. Iran attributes last week’s DDoS attack to the US. Google takes down a big malvertising and click-fraud network that exploited Chrome extensions. Reports surface of DNC involvement in IowaReporterApp. Not all official advice is necessarily good advice. And if things don’t work out with your object of affection, don’t spy on their social media accounts, OK? Craig Williams from Cisco Talos with updates on JhoneRAT. Guest is Shuvo Chatterjee from Google on their Advanced Protection Program (APP).

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_14.html

Support our show

Internecine phishing in the Palestinian Territories. What could Iran do in cyberspace? US Census 2020 and cybersecurity. Mobile voting. How to make bigger money in sextortion.

Feb 13, 2020 20:55

Description:

Researchers report phishing campaigns underway in the Palestinian Territories. They appear to be a Hamas-linked effort targeting the rival Fatah organization. FireEye offers a summary of current Iranian cyber capabilities. The GAO warns that the Census Bureau still has some cyber security work to do before this year’s count. Researchers call mobile voting into question. And some observations about why some extortion brings in a bigger haul than its rivals. Johannes Ullrich from SANS Technology Center on IoT threats. Guest is Darren Van Booven from Trustwave on how to know if the CCPA applies to your organization. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_13.html

Support our show

Facebook takes down coordinated inauthenticity. US says it’s got the goods on Huawei. EU will leave facial recognition policy up to member states. Patch Tuesday. Counting on the caucus.

Feb 12, 2020 20:27

Description:

Facebook takes down coordinated inauthenticity from Myanmar, Vietnam, Iran, and Russia. The US says it’s got the goods on Huawei’s backdoors. Notes on Patch Tuesday. The EU backs away from a five-year moratorium on facial recognition software. Switzerland takes a look at Crypto AG. And the Nevada Democratic caucus a week from Saturday will use iPads, Google Forms, and some tools to process the results. That’s “tools,” Jack, not “apps.” Ben Yelin from UMD CHHS on the Senate GOP blocking election security bills. Guest is Christopher Hadnagy from Social-Engineer, LLC on social engineering trends they are tracking. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_12.html

Support our show

Pyongyang’s guide to hacking on behalf of rogue regimes. RATs in the supply chain? Data exposures and data breaches. Securing elections (and caucuses, too).

Feb 11, 2020 20:38

Description:

Pyongyang establishes a template for pariah states trying to profit in cyberspace. The FBI warns that there’s a RAT in the ICS software supply chain. The US has a new counterintelligence strategy, and cyber figures in it prominently. Likud’s exposure of Israeli voter data may benefit opposition intelligence services. Notes on the Equifax breach indictments. As New Hampshire votes in its primaries, CISA warns everyone not to get impatient. And Iowa? Still counting. Robert M. Lee from Dragos on their recent report, “Industrial Cyber Attacks: A Humanitarian Crisis in the Making.” Guest is Andrew Wajs from Scenera on the NICE Alliance and Cloud Privacy. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_11.html

Support our show

US indicts PLA officers in Equifax hack. Pyongyang shows pariah states how it’s done. DDoS in Iran. Updates on Democratic Party caucus IT issues. Likud has a buggy app, too.

Feb 10, 2020 21:14

Description:

US indicts four members of China’s People’s Liberation Army in connection with the 2017 Equifax breach. North Korea establishes an Internet template for pariah regimes’ sanctions evasion. Iran sustained a major DDoS attack Saturday. US Democratic Party seeks to avoid a repetition of the Iowa caucus in other states as the Sanders campaign asks for a partial recanvas. Israel’s Likud Party involved in a voter database exposure incident via its own app. Joe Carrigan from JHU ISI with a look back at the Clipper chip. Guest is Shannon Brewster from AT&T Cybersecurity with thoughts on election security. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_10.html

Support our show

The Chameleon attacks Online Social Networks - Research Saturday

Feb 8, 2020 16:25

Description:

The Chameleon attack technique is a new type of OSN-based trickery where malicious posts and profiles change the way they are displayed to OSN users to conceal themselves before the attack or avoid detection. Joining us to discuss their findings in a new report entitled "The Chameleon Attack: Manipulating Content Display in Online Social Media" is Ben-Gurion University's Rami Puzis. 

The research can be found here:

The Chameleon Attack: Manipulating Content Display in Online Social Media

Demonstration video of a Chameleon Attack

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Chinese cyber espionage in Malaysia and Japan. Android Bluetooth bug. Google expels suspect apps from the Play store. More Iowa caucus finger-pointing. US preps indictments of Chinese nationals.

Feb 7, 2020 25:36

Description:

Chinese espionage groups target Malaysian officials, and two more Japanese defense contractors say they were breached, also by China. Google patches Android problems, including an unusual Bluetooth bug. Google also expels apps that wanted unreasonable permissions from the Play store. Some in Iowa say the DNC pushed an eleventh-hour security patch to IowaReporterApp. The US may indict more Chinese nationals for hacking. More Senate reporting on 2016 Russian influence. Caleb Barlow from Synergistek with more insights on hospitals and ransomware, this time from the patient’s perspective. Guest is Matt Cauthorn from ExtraHop comparing cloud platforms’ similarities and differences.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_07.html

Support our show

Iowa caucus problems induced by buggy counting and reporting app. Bitbucket repositories used to spread malware. Gamaredon active again against Ukraine. Charming Kitten’s phishing.

Feb 6, 2020 21:04

Description:

Iowa Democrats continue to count their caucus results, and blame for the mess is falling squarely on Shadow, Inc.’s IowaReporterApp. Bitbucket repositories are found spreading malware. The attack on Toll Group turns out to be Mailto ransomware. The Gamaredon Group is active, against, against Ukrainian targets. Charming Kitten’s been phishing. And there’s a new legal theory out and about: the pain-in-the-ass defense. (We know some colleagues who’d plead to that.) Justin Harvey from Accenture on DNS over HTTPS (DoH). Guest is Peter Smith from Edgewise Networks on defending against Python attacks.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_06.html

Support our show

Update on the Iowa Democrats’ bad app. DDoS warning for state election sites. DDoS trends. New ransomware tracked. Tehran spoofing emails? Nintendo hacker pleads guilty.

Feb 5, 2020 20:34

Description:

Iowa’s Democrats are still counting their caucus results, but on the other hand they weren’t hacked. A poorly built and badly tested app is still being blamed, and that judgment seems likely to hold up. The FBI warns of a DDoS attempt against a state voter registration site. Trends in DDoS. Some new strains of ransomware are out in the wild. Spoofed emails may be an Iranian espionage effort. And the confessed Ninendo hacker cops a plea. Craig Williams from Cisco Talos with updates on Emotet. Guest is Kurtis Minder from GroupSense on the Pros and Cons of notifying breached companies.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_05.html

Support our show

Buggy app delays count in Iowa Democratic caucus. US county election sites ill-prepared against influence ops. Twitter fixes API exploited by fake accounts. NIST on ransomware.

Feb 4, 2020 21:02

Description:

Iowa Democrats work to sort out app-induced confusion over Monday’s Presidential caucus. A McAfee study finds widespread susceptibility to influence operations in US county websites. Twitter fixes an API vulnerability and suspends a large network of fake accounts. NIST’s proposed ransomware defense standards are out for your review--comments are open until February 26th. Ben Yelin from UMD CHHS on rules regarding destruction of electronic evidence. Guest is Alex Burkardt from VERA on how to protect critical financial data beyond the corporate perimeter. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_04.html

Support our show

More on EKANS, the ransomware with an ICS kicker. Shipping company customer-facing IT disrupted in cyber incident. Coronavirus as phishbait. Election security, new DoD rules, and insider threats.

Feb 3, 2020 17:26

Description:

Dragos publicly releases its full report on EKANS ransomware, the first known ransomware with a real if primitive capability against industrial control systems. An Australian logistics company struggles with an unspecified malware infestation. Coronovirus fake news used as phishbait. Election security may get an early test in Iowa. The US Department of Defense issues new cybersecurity rules for contractors. And two cases of insider threats (alleged insider threats). Joe Carrigan from JHU ISI with reactions to ransomware legislation proposed in Maryland.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_03.html

Support our show

Eric Haseltine on his book, "The Spy in Moscow Station."

Feb 2, 2020 25:24

Description:

On this Special Edition, our extended conversation with Eric Haseltine on his book "The Spy in Moscow Station." The book... "tells of a time when—much like today—Russian spycraft had proven itself far beyond the best technology the U.S. had to offer. The perils of American arrogance mixed with bureaucratic infighting left the country unspeakably vulnerable to ultra-sophisticated Russian electronic surveillance and espionage." 

Thanks to our sponsor, KnowBe4.

Tracking one of China's hidden hacking groups - Research Saturday

Feb 1, 2020 17:49

Description:

Operation Wocao (我操, “Wǒ cāo”, is a Chinese curse word) is the name that Fox-IT uses to describe the hacking activities of a Chinese based hacking group.

We are joined by Fox-IT's Maarten van Dantzig who shares his insights into their new report entitled "Operation Wocao: Shining a light on one of China’s hidden hacking groups".

The Research can be found here:

Operation Wocao: Shining a light on one of China’s hidden hacking groups

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

The Winnti Group is interested in Hong Kong protestors. The UK, the US, and the EU all look for a cooperative way forward into 5G. DDoS for hire hits an independent Serbian media outlet. Ransomware may have hit a US defense contractor. EvilCorp is back. T

Jan 31, 2020 23:14

Description:

The Winnti Group is interested in Hong Kong protestors. The UK, the US, and the EU all look for a cooperative way forward into 5G. DDoS for hire hits an independent Serbian media outlet. Ransomware may have hit a US defense contractor. EvilCorp is back. The Sodinokibi ransomware gang is running an essay contest. And the 2015 Ashley Madison breach keeps on giving, in the form of blackmail. Emily Wilson from Terbium Labs on the sale of “points” and “status benefits” on the dark web. Guest is Michael Sutton from Stonemill Ventures with insights from the cyber VC world.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_31.html

Support our show

Hacking the UN. Avast closes Jumpshot over privacy uproar. Facebook settles a biometric lawsuit. Data exposures, a LiveRamp compromise, and more newly aggressive ransomware.

Jan 30, 2020 22:54

Description:

UN agencies in Geneva and Vienna were successfully hacked last summer in an apparent espionage campaign. Avast shuts down its Jumpshot data analysis subsidiary and resolves to stick to its security last. Facebook reaches a preliminary, $550 million settlement in a privacy class-action lawsuit. SpiceJet and Sprint suffer data exposures. LiveRamp was compromised for ad fraud. And Russia blocks ProtonMail and StartMail. Caleb Barlow from Cynergistek on the business impact of ransomware on a hospital. Guest is Matthew Doan, cyberecurity policy fellow at New America, discussing his recent recent Harvard Business Review article “Companies Need to Rethink What Cybersecurity Leadership Is.”

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_30.html

Support our show

Ransomware in industrial control systems. Phone hacks, proved and unproved. Britain’s compromise decision on Huawei. Wawa cards in the Joker’s Stash. CardPlanet boss pleads guilty.

Jan 29, 2020 21:31

Description:

Snake ransomware appears to have hit industrial control systems, and may be connected to Iran. The verdict on the Saudi hack of Mr. Bezos’ phone seems to stand at not proven, but the Kingdom does seem to have used Pegasus intercept tools against journalists and critics of the regime. Neither the US nor China are happy with Britain’s decision on Huawei. Cards from the Wawa breach are on sale in the Joker’s Stash. And CardPlanet’s boss will do some Federal time. Ben Yelin from UMD CHHS on AOC’s comments during House hearings on facial recognition technology. Guest is Dan Conrad from One Identity on sophisticated “pass the hash” attacks.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_29.html

Support our show

Huawei will play in UK infrastructure, at least a little. Citizen Lab on KINGDOM, a Pegasus operator. Avast and sale of user data. Happy Data Privacy Day.

Jan 28, 2020 20:57

Description:

Britain decides to let Huawei into its 5G infrastructure, just a little bit, anyway. Citizen Lab reports on its investigation of Saudi use of Pegasus spyware against journalists. Avast is again collecting user data and sharing anonymized data with a subsidiary for sale to business customers. Some Data Privacy Day thoughts on agreeing to terms and conditions, with reflections on the first systematic look at End User License Agreements, found in the final chapter of Plato’s Republic. Joe Carrigan from JHU ISI on evolving ransomware business models. Guest is Dr. Christopher Pierson from BLACKCLOAK with insights on the alleged Bezos phone hack and the vulnerabilities of high-profile individuals.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_28.html

Support our show

A cyber espionage campaign is to use DNS hijacking. More observations on l’affaire Bezos. Operation Night Fury versus e-commerce hackers. Farewell to Clayton Christensen.

Jan 27, 2020 19:58

Description:

Someone has been running a DNS hijacking campaign against governments in southeast Europe and southwest Asia, and Reuters thinks that someone looks like Turkey. Experts would like to see a more thorough forensic analysis of Mr. Bezos’ iPhone: that hack may look like a Saudi job, but the evidence remains circumstantial. Interpol’s Operation Night Fury dismantles a gang that had been preying on e-commerce. And ave atque vale, Clayton Christensen, theorist of disruptive innovation. Robert M. Lee from Dragos with 2020 predictions (reluctantly).

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_27.html

Support our show

 

Hank Thomas and Mike Doniger, getting the specs on the cyber SPAC

Jan 26, 2020 32:46

Description:

In this special edition, our extended conversation with Hank Thomas and Mike Doniger from their new company SCVX. Both experienced investors, their plan is to bring a new funding mechanism known as a SPAC to cyber security which, they say, is new to the space. 

Thanks to our sponsor, The Johns Hopkins University Information Security Institute. 

Know Thine Enemy - Identifying North American Cyber Threats - Research Saturday

Jan 25, 2020 26:34

Description:

The electric utility industry is a valuable target for adversaries seeking to exploit industrial control systems (ICS) and operations technology (OT) for a variety of purposes. As adversaries and their sponsors invest more effort and money into obtaining effects-focused capabilities, the risk of a disruptive or destructive attack on the electric sector significantly increases.

Selena Larson from Dragos joins us to discuss their new report North American Electric Cyber Threat Perspective.

The report can be found here:
North American Electric Cyber Threat Perspective

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

PupyRAT is back. So is the Konni Group. Twitter storm over claims that MBS hacked Jeff Bezos. Anti-disinformaiton laws considered. Canada is ready to impose costs on cyber attackers.

Jan 24, 2020 26:25

Description:

PupyRAT was found in a European energy organization: it may be associated with Iranian threat actors. Another threat actor, the Konni Group, was active against a US government agency last year. Saudi Arabia maintains it had nothing to do with hacking Jeff Bezos’s phone. The EU and Ukraine separately consider anti-disinformation regulations. Canada may be ready to “impose costs” in cyberspace. And Huawei’s a threat, but what’re you gonna do? Justin Harvey from Accenture with an outlook on 2020. Guests are Hank Thomas and Mike Doniger from SCVX, describing their plan to bring a funding mechanism know as a SPAC to cyber security.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_24.html

Support our show

Phishing with a RAT in the Gulf. More on how Jeff Bezos was hacked. Microsoft discloses data exposure. Ransomware continues to dump data. Windows 7, already back from the great beyond.

Jan 23, 2020 18:23

Description:

There’s more phishing around the Arabian Gulf, but it doesn’t look local. Reactions to Brazil’s indictment of Glenn Greenwald. The forensic report on Jeff Bezos’s smartphone has emerged, and the UN wants some investigating. Microsoft discloses an exposed database, now secured. Ransomware gets even leakier--if it hits you, assume a data breach. And Windows 7 is going to enjoy an afterlife in software Valhalla--you know, around Berlin. Tom Etheridge from CrowdStrike with thoughts on incident response plans.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_23.html

Support our show

The UN takes up a case of spyware; it’s linked to an extrajudicial killing. Glenn Greenwald indicted on hacking charges in Brazil. NetWire and StarsLord are back.

Jan 22, 2020 20:19

Description:

UN rapporteurs say that the Saudi Crown Prince was probably involved in the installation of spyware on Amazon founder Jeff Bezos’s personal phone. Brazilian prosecutors have indicted Glenn Greenwald, co-founder of the Intercept, on hacking charges. IBM describes a renewed NetWire campaign, and Microsoft says StarsLord is back, too. And in cyberspace, there’s nothing new on the US-Iranian front. Ben Yelin from UMD CHHS on surveillance cameras hidden in gravestones. Guest is Sean Frazier from Cisco Duo on their most recent State of the Auth report. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_22.html

Support our show

RATs, backdoors, and a remote code execution zero-day. Hoods breach Mitsubishi Electric. Telnet credentials dumped.

Jan 21, 2020 20:56

Description:

A new RAT goes after Arabic-speaking targets. Updates on US-Iranian tension in cyberspace. An Internet Explorer bug is being exploited in the wild; a patch will arrive in February. A pseudo-vigilante seems to be preparing Citrix devices for future exploitation. Mitsubishi Electric discloses a breach. A booter service dumps half a million Telnet credentials online. And tomorrow is the last day to file a claim under the Equifax breach settlement. Joe Carrigan from JHU ISI with the story of a random encounter that set him on his professional path. Carole Theriault speaks with Jon Fielding from Apricorn on whether or not anything has really changed with GDPR, 18 months into it.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_21.html

Support our show

Clever breaches demonstrate IoT security gaps - Research Saturday

Jan 18, 2020 20:50

Description:

Some of our favorite and most trusted IoT devices help make us feel secure in our homes. From garage door openers to the locks on our front doors, we trust these devices to recognize and alert us when people are entering our home. It should come as no surprise that these too are subject to attack. 

Steve Povolny is head of advanced research at McAfee; we discuss a pair of research projects they recently published involving popular IoT devices. 

The research can be found here:

McAfee Advanced Threat Research demo McLear NFC Ring

McAfee Advanced Threat Research Demo Chamberlain MyQ

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Hacks, and rumors of hacks. Burisma incident under investigation. SharePoint exploitation. How to spark a run on a bank. WeLinkInfo taken down. Phishbait update.

Jan 17, 2020 25:11

Description:

Hacks and rumors of hacks surrounding US-Iranian tension. Ukrainian authorities are looking into the Burisma hack, and they’d like FBI assistance. The FBI quietly warns that two US cities were hacked by a foreign service. The New York Fed has thoughts on how a cyberattack could cascade into a run on banks. Arrests and a site takedown in the WeLeakInfo case. And a quick look at the chum being dangled in front of prospective phishing victims these days. Emily Wilson from Terbium Labs on synthetic identity detection. Guest is Eric Haseltine, author of The Spy in Moscow Station.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_17.html

Support our show

Curveball proofs-of-concept. CISA warns chemical industry. Military families harassed online. Phishing the UN. Fleeceware in the Play Store. Moscow says there was no Burisma hack.

Jan 16, 2020 21:39

Description:

Proof-of-concept exploits for the CryptoAPI vulnerability Microsoft patched this week have been released. CISA warns the chemical industry to look to its security during this period of what the agency calls “heightened geopolitical tension.” Families of deployed US soldiers receive threats via social media. Someone’s been phishing in Turtle Bay. More fleeceware turns up in the Play Store. And Moscow heaps scorn on anyone who thinks they hacked Burisma. Craig Williams from Cisco Talos on how adversaries take advantage of politics. Guest is Ron Hayman from AVANT on how companies might leverage Trusted Advisors to proactively prepare their security response.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_16.html

Support our show

Disclosure, patching, and warning. Norway takes on “out-of-control” data sharing by dating apps. Ransomware all-in on doxing. What to do about Huawei.

Jan 15, 2020 21:05

Description:

NSA gives Microsoft a heads-up about a Windows vulnerability, and CISA is right behind them with instructions for Federal civilian agencies and advice for everyone else. Norway’s Consumer Council finds that dating apps are “out of control” with the way they share data. Ransomware goes all-in for doxing. The US pushes the UK on Huawei as Washington prepares further restrictions on the Chinese companies. And think twice before you book that alt-coin conference in Pyongyang. Johannes Ullrich from SANS Technology on malicious AutoCAD files. Guest is Chris Duvall from Chertoff Group with an overview of the current state of ransomware. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_15.html

Support our show

Microsoft patches a vulnerability NSA disclosed. Fronting for APT40 in Hainan. Fancy Bear pawed at Burisma. The NSA Pensacola shooting and the debate over encryption.

Jan 14, 2020 21:35

Description:

NSA discloses a vulnerability to Microsoft so it can be patched quickly. Intrusion Truth describes thirteen front companies for China’s APT40--they’re interested in offensive cyber capabilities. Area 1 reports that Russia’s GRU conducted a focused phishing campaign against Urkraine’s Burisma Group, the energy company that figured prominently in the House’s resolution to impeach US President Trump. And the US Justice Department moves for access to encrypted communications. Joe Carrigan from JHU ISI on the security issues of Android bloatware. Guest is Haiyan Song from Splunk with 2020 predictions.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_14.html

Support our show

Cyber tensions and cyberwar. China’s influence ops against Taiwan apparently backfire. Maze gang goes for doxing. SIM swapping. FBI promises FISA Court it will do better.

Jan 13, 2020 20:15

Description:

The FBI reiterates prudent, consensus warnings about a heightened probability of cyberattacks from Iran, but so far nothing beyond credential-spraying battlespace preparation has come to notice. The US Congress mulls the definition of “act of war” in cyberspace. Taiwan’s president is re-elected amid signs that Chinese influence operations backfired on Beijing. The Maze gang doxes a victim. SIM swapping enters a new phase. And the FBI promises the FISA Court it will do better. Ben Yelin from UMD CHHS on a Washington Post story about college campuses gathering location data on their students.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_13.html

Support our show

Profiling the Linken Sphere anti-detection browser

Jan 11, 2020 11:14

Description:

Multiple e-commerce and financial organizations around the world are targeted by cybercriminals attempting to bypass or disable their security mechanisms, in some cases by using tools that imitate the activities of legitimate users. Linken Sphere, an anti-detection browser, is one of the most popular tools of this kind at the moment.

Staffan Truvé is the CTO and Co-Founder of Recorded Future, he joins us to discuss their new report on the browser. 

The research can be found here:
Profiling the Linken Sphere Anti-Detection Browser

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Updates on US-Iranian tensions, and especially on hacktivism and possible power grid battlespace preparation. Researchers complain of preinstalled malware said to be in discount Android phones.

Jan 10, 2020 25:28

Description:

Amid indications that both Iran and the US would prefer to back away from open war, concerns about Iranian power grid battlespace preparation remain high. Recent website defacements, however, increasingly look more like the work of young hacktivists than a campaign run by Tehran. Phones delivered under the FCC’s Lifeliine Assistance program may come with malware preinstalled. And we’ll take Cybersecurity for six hundred, Alex. Tom Etheridge from Crowdstrike on having a board of directors’ playbook. Guest is Curtis Simpson from Armis on CISO burnout.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_10.html

Support our show

Cyber alert remains high as the US-Iranian confrontation cools. Information ops, wipers, and energy sector targeting.

Jan 9, 2020 21:36

Description:

As kinetic combat abates in Iraq, warnings of cyber threats increase. US intelligence agencies warn of heightened likelihood of Iranian cyber operations. These may be more serious than the low-grade website defacements and Twitter impersonations so far observed. One operation, “Dustman” has hit Bahrain, and it looks like an Iranian wiper. And some notes on the Lazarus Group, and a quick look at information ops across the Taiwan Strait. Emily Wilson from Terbium Labs with details from their recent report, “How Fraud Stole Christmas.” Guest is Karl Sigler from Trustwave in the risks of using Windows 7.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_09.html

Support our show

No major Iranian cyberattacks against the US so far, as both sides appear interested in cooling off. The Cyber Solarium offers a preview of its coming report on US cyber strategy.

Jan 8, 2020 21:13

Description:

Iran took some missile shots at two US air bases in Iraq last night, and President Trump barked back in a late morning press conference, but actually both sides seem inclined to move toward de-escalation. No major Iranian cyberattacks have developed, despite some low-grade skid vandalism of indifferently defended sites, but CISA’s warnings seem generally to be taken seriously. And the Cyber Solarium gave a preview of its recommendations for a US national cyber strategy. Caleb Barlow from CynergisTek with insights on potential cyber attacks from Iran.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_08.html

Support our show

No more Iranian cyberattacks since the minor weekend vandalism, but the US Government advises all to look to their defenses. Fancy Bear is the usual suspect in Austria. A guilty plea by an insider threat.

Jan 7, 2020 21:15

Description:

The kittens haven’t scratched much so far, but the US Government and others are warning organizations to be alert to the likelihood of Iranian cyberattacks in retaliation for the combat death, by US missile, of Quds Force commander Soleimani. Fancy Bear is the usual suspect in the case of the Austrian Foreign Ministry hack. Patch your Pulse Secure VPN servers if you’ve got ‘em. ToTok is back in the Play Store. And there’s an executive who turned out to be an insider threat. Robert M. Lee from Dragos with a look back at 2019 ICS security issues. Guest is Tom Tovar from AppDome on mobile API security. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_08.html

Support our show

Sequelae of the US Reaper strike against the Quds Force commander. Warnings of Iranian retaliation, with an emphasis on cyberspace. Espionage in Austria, and a second look at an LSE outage.

Jan 6, 2020 17:52

Description:

Iran vows retribution for the US drone strike that killed the commander of the Quds Force. The US prepares for Iranian action, and the Department of Homeland Security warns that cyberattacks are particularly likely. Some low-grade Iranian cyber operations may have already taken place. Austria’s Foreign Ministry sustains an apparent state-directed cyber espionage attack, and in the UK authorities are taking a second look at the August outages at the London Stock Exchange. Joe Carrigan from JHU ISI, describing a clever defense against laptop theft. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_06.html

Support our show

Escalation in the Gulf as a US air strike kills Iran’s Quds commander. Travelex and RavnAir continue their recovery from cyberattacks. Taiwan’s memes against misinformation.

Jan 3, 2020 22:39

Description:

The US and Iran trade fire in Iraq, and a leading Iranian general is killed in a US airstrike. A corresponding escalation of cyber operations can be expected. Currency exchange Travelex continues to operate manually as it works to recover from what it calls “a software virus.” There’s speculation that the RavnAir incident may have been a ransomware attack. And Taiwan adopts an active policy against Chinese attempts to influence its elections. Johannes Ullrich from the SANS Technology Center on vulnerabilities in Citrix NetScaler installations. Guest is Derek Manky from Fortinet on what to expect in AI for 2020. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_03.html

Support our show

A Jira vulnerability that’s leaking data in the public cloud - Research Saturday

Jan 2, 2020 13:40

Description:

Unit 42 (the Palo Alto Networks threat intelligence team) released new research on a Jira vulnerability that’s leaking data of technology, industrial and media organizations in the public cloud. The vulnerability (a Server Side Request Forgery -- SSRF) is the same type that led to the Capital One data breach in July 2019.

Jen Miller-Osborn is the Deputy Director of Threat Intelligence for Unit 42 at Palo Alto Networks, and she joins us to share their findings.

The research can be found here:
https://unit42.paloaltonetworks.com/server-side-request-forgery-exposes-data-of-technology-industrial-and-media-organizations/

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Taking down Thallium. Cloud Hopper: bigger (and worse) than thought. US tightens screws on the supply chain. The bite of winter and the scent of plums.

Jan 2, 2020 20:51

Description:

Microsoft takes down bogus domains operated by North Korea’s Thallium Advanced Persistent Threat. The Cloud Hoppercyber espionage campaign turns out to have been far more extensive than hitherto believed. The US wants Huawei (and ZTE) out of contractor supply chains this year. India will test equipment before allowing it into its 5G networks. And the California Consumer Privacy Act is now in effect. Joe Carrigan from JHU ISI with the story of a financial advisor who payed the price for falling for a phishing scheme. Guest is Dave Burg from EY on the global perspective of cyber security risk.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_02.html

Support our show

Special Edition - Daniel Garrie from Law & Forensics on eDiscovery

Dec 31, 2019 16:46

Description:

In this CyberWire special edition, an extended conversation with Daniel Garrie from Law & Forensics, a global legal engineering firm, and Editor-in-Chief of the Journal of Law & Cyber Warfare. Much of the discovery that happens in litigation these days is eDiscovery - dealing with all things electronic and online. That's an area of expertise for Daniel Garrie and he shares his insights. 

Thanks to our sponsors McAfee, the device-to-cloud cybersecurity company.

Special Edition - Ron Gula and Mike Janke - VC pitfalls and how to avoid them

Dec 30, 2019 29:09

Description:

In this CyberWire special edition, advice from a pair of seasoned cyber security investors. Ron Gula caught our eye with an article he recently penned titled "Cyber entrepreneur pitfalls you can avoid." In it, he gathers a group of tech investors to get their takes on the dos and don'ts of pitching to venture capitalists. Ron runs Gula Tech Adventures along with his wife Cindi, where they aim to support the next generation of cyber technology strategy and policy. DataTribe's Mike Janke joins the conversation with his experiences guiding hopeful young entrepreneurs through the pitch process.

Thanks to our sponsors McAfee, the device-to-cloud cybersecurity company.

Special Edition - Mandy Rogers from Northrup Grumman on her career and diversity in cyber security

Dec 28, 2019 18:50

Description:

In this CyberWire special edition, an extended conversation with Mandy Rogers, Operations Manager for Engineering and Sciences at Northrup Grumman. The conversation centers around her inspirational career journey from humble beginnings on a farm in rural Virginia to leadership positions with some of the largest and most influential technology companies in the world. She shares her insights on the importance of diversity in the workplace and why she's dedicated to making sure the next generation of women in cyber security have ample opportunities to succeed. 

Thanks to our sponsors McAfee, the device-to-cloud cybersecurity company.

Special Edition - Phil Quade from Fortinet on his book "The Digital Big Bang"

Dec 27, 2019 11:45

Description:

In this CyberWire special edition, an extended conversation with Phil Quade, CISO of Fortinet and author of the book "The Digital Big Bang". The book features insights from industry security leaders from both the public and private sectors revealing the connections between fundamental and scientific principles and cybersecurity best practices to address today’s biggest security challenges. The Digital Big Bang is part how-to, part call-to-arms and provides an insider’s tour of the past, present, and rapidly intensifying imperatives of twenty-first century data protection. 

Thanks to our sponsors McAfee, the device-to-cloud cybersecurity company.

Special Edition - Bob Ackerman from Allegis Capital with Insights on the cyber security VC environment

Dec 26, 2019 16:16

Description:

In this CyberWire special edition, an extended conversation with Bob Ackerman from Allegis Capital. Cybersecurity will continue to be a major investment theme in 2020, but the maturing of the market will see a change to focus on better measurement and management of cyber risk exposure through Continuous Controls Monitoring, and preventive cyber solutions as opposed to reactive tools.

Thanks to our sponsors McAfee, the device-to-cloud cybersecurity company.

Special Edition - Kevin Lancaster from ID Agent on monitoring people affected by the OPM breach

Dec 24, 2019 19:48

Description:

In this CyberWire special edition, an extended conversation with Kevin Lancaster from Kaseya and ID Agent. In 2015, Kevin led the team responsible for restoring and protecting the identities of 4.2M gov employees in the Office of Personnel Management who were compromised in the most damaging data breach in U.S. history.

Thanks to our sponsors McAfee, the device-to-cloud cybersecurity company.

Special Edition - Sean O'Brien with @RISK Technologies on Election Security.

Dec 23, 2019 26:06

Description:

In this CyberWire special edition, a conversation with Sean O'Brien with @RISK Technologies on Election Security. Having fought both on the ground in Africa as a member of the US Intelligence Community and the Department of Defense and in cyberspace against Nation States like Russia and China, O'Brien shares his concerns for the integrity of the US election system, and even democracy itself. 

Thanks to our sponsors McAfee, the device-to-cloud cybersecurity company.

Inside Magecart and Genesis. — Research Saturday

Dec 21, 2019 17:47

Description:

Dan Woods is VP of the intelligence center and Shape Security. He shares insights on two noteworthy attacks tools, Genesis and Magecart. Before joining Shape Security Dan served as assistant chief agent of special investigations at the Arizona attorney general's office, where he investigated complex fraud. Prior to that, he spent 20 years with federal law enforcement agencies and intelligence organizations, including the CIA and FBI, where he specialized in information operations and cybercrime.

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Pegasus and Pakistan. What’s in Legion Loader. Threats to financial markets. Seasonal scams. What would Clippy do?

Dec 20, 2019 21:23

Description:

Pegasus may have appeared in Pakistan. Legion Loader packs in six bits of malware in one Hornets’ Nest campaign. Someone may have hacked Bank of England press releases to give them a few seconds’ advantage in high-speed trading. Frakfurt, in the German Land of Hessen, is clearing its networks of an Emotet infection. Some seasonal, topical scams are circulating. And what would Clippy do? Craig Williams from Cisco Talos with a look back at 2019's most serious vulnerabilities. Guest is Bob Ackerman from Allegis Capital with insights on the cyber security VC environment.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_20.html 

Support our show

TV program swap-out. Cyber espionage out of Beijing. US Congress in a mood to sanction. Emotet phishing spoofs Germany’s BSI. A Dark Overlord pleads not guilty.

Dec 19, 2019 20:50

Description:

Spanish TV is temporarily replaced by Russian programming. APT20, Violin Panda, is back, and playing a familiar tune. Rancor against Cambodia. The US Congress gets frosty with China and Russia. How Zeppelin ransomware spreads. Due diligence in M&A. Germany’s BSI warns of an Emotet campaign. A suspect in the Dark Overlord case is arraigned in St. Louis. The FBI collars a guy who ratted himself out over social media. David Dufour from Webroot with a review of their 2019 mid-year threat report. Guest is James Ritchey from GitLab with lessons learned on the one-year anniversary of their bug bounty program.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_19.html 

Support our show

 

Steal first, encrypt later. Cobots at risk? Gangnam Industrial Style looks for industrial info. Rancor update. FISC takes FBI to the woodshed. Vlad the Updater.

Dec 18, 2019 20:27

Description:

More ransomware steals first, encrypts later. Are cobots vulnerable to novel forms of ransomware? Gangnam Industrial Style--the espionage campaign, not the K-pop dance number. Rancor is a persistent, well-resourced, and creative APT, but without much success to its credit. The Foreign Intelligence Surveillance Court takes the FBI to the woodshed. And, hey, maybe he’s really Vlad the Updater? Tom Etheridge from CrowdStrike on incident response speed and the 1-10-60 concept. Guest is Eli Sugarman from the Hewlett Foundation with the results of their CyberVisuals contest. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_18.html 

Support our show

 

Ransomware updates. Lazarus Group’s new Trojan. IoT insecurity. Exploiting older versions of WhatsApp. Mr. Assange’s extradition. Door kick in IP beef. Someone naughty’s still running XP.

Dec 17, 2019 21:26

Description:

Updates on the ransomware attacks in Florida and Louisiana. North Korea’s Lazarus Group adopts a new Trojan as it shows signs of pivoting into the Linux ecosystem. Insufficient entropy in IoT key generation. Older versions of WhatsApp are vulnerable to exploitation. The state of Julian Assange’s extradition to the US. Hey--this is Moscow! Where’d you think you were, Iowa? And guess who’s still running Windows XP? Ben Yelin from UMD CHHS on Google location data being used to find a bank robber. Guest is Michael Chertoff from the Chertoff group on the 5G transition.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_17.html 

Support our show

Iran says it stopped a cyber espionage campaign by China’s APT27. India closes the Internet in two states. Ransomware in Louisiana and New Jersey. National Security Letters.

Dec 16, 2019 16:57

Description:

Iran says it’s foiled a cyber espionage campaign mounted by APT27, a Chinese threat group. The Indian government responds to protests over a citizenship law in two states by sending in troops and cutting off the Internet in those states. The City of New Orleans sustains what appears to be a ransomware attack. So does a New Jersey healthcare network. And three Senators would like credit bureaus to tell them what the FBI is asking for. Joe Carrigan from JHU ISI on Twitter’s proposal to shift to open standards. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_16.html 

Support our show

Special Edition — Capturing the flag at NXTWORK 2019

Dec 15, 2019 29:23

Description:

Capture the Flag competitions are an increasingly popular and valuable way for both cyber security students and seasoned professionals to test their skills, stay sharp and maybe even put a bit swagger on display. We set out to capture the excitement of a capture the flag event. As luck would have it, our sponsors at Juniper Networks were hosting a capture the flag hackathon at their annual NXTWork conference in Las Vegas, and they invited our CyberWire team to join them to experience it for ourselves.

WAV files carry malicious data payloads. — Research Saturday

Dec 14, 2019 16:57

Description:

Researchers at BlackBerry Cylance have been tracking ordinary WAV audio files being used to carry hidden malicious data used by threat actors. 

Eric Milam is VP of threat research and intelligence at BlackBerry Cylance, and he joins us to share their findings.

The research can be found here:
https://threatvector.cylance.com/en_us/home/malicious-payloads-hiding-beneath-the-wav.html

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

 

Phishing for credentials. Compromised Telegram accounts. Lateral movement. Crypto Wars updates. Data retention compliance. Iago did it for the lulz.

Dec 13, 2019 22:10

Description:

Parties unknown are phishing for government credentials in at least eight countries. Some other parties unknown are compromising Telegram accounts in Russia. Lateral movement is in the news, but not the good, Lamar Jackson kind. A familiar order of battle in the Crypto Wars emerges, again. NSA’s IG reports on SIGINT data retention. And a peek into what we suppose we must call the minds of some of the people hacking Ring systems. Daniel Prince from Lancaster University on Cyber security testbeds for IoT research. Guest is David Belson with Internet Society on Russian “Sovereign Internet” Law.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_13.html 

Support our show

 

False flags and attack kit hijacking. Maze ransomware in Pensacola. China’s own OS. Crypto Wars update. TrickBot phishing. And Krampus spoils Christmas.

Dec 12, 2019 19:12

Description:

Flying false flags, and borrowing someone else’s attack tools as the mast you use to run them up. The Pensacola cyber attack has been identified as involving Maze ransomware. China moves toward building its own autarkic operating system. US Senate Judiciary Committee hearings take an anti-encryption turn. TrickBot is phishing with payroll phishbait. And Krampus malware is punishing iPhone users as they shop during the holidays. Tom Etheridge VP of services from CrowdStrike, introducing himself. Guest is Dean Sysman from Axonius on S3 security flaws.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_12.html 

Support our show

Hacking in Iran? The Lazarus Group hires Trickbot. Election influence ops. Cryptowars updata. Ransomware in municipal and tribal governments. Patch Tuesday notes. Do it for State.

Dec 11, 2019 20:46

Description:

Iran says it’s stopped a cyber attack, and that an insider was responsible for a major paycard exposure. Trickbot is now working for the Lazarus Group. Influence operations both foreign and domestic concern British voters on the eve of the general election. The cryptowars are heating up again as the US Senate opens hearings on encryption. Pensacola’s cyberattack was ransomware, and so too apparently was the one that hit the Cherokee Nation. And do it for state. Emily Wilson from Terbium Labs with warnings about connected gifts for children. Guest is Kevin Lancaster from ID Agent on monitoring people affected by the OPM breach. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_11.html 

Support our show

Pensacola under cyberattack. Notes on ransomware. The US Justice Department IG report on Crossfire Hurricane. Who let the bots out?

Dec 10, 2019 19:48

Description:

The city of Pensacola is hit hard by an unspecified cyberattack. Ryuk ransomware decryptors may cause data loss. A new variant of Snatch ransomware evades anti-virus protection. The US Justice Department’s Inspector General has reported on the FBI’s Crossfire Hurricane investigation. Another unsecured database exposes PII. Keep an eye out for Patch Tuesday updates. And it’s prediction season, so CyberScoop lets the bots out. Ben Yelin from UMD CHHS on legislating the right to sue online platforms. Guest is Chris Wysopal from Veracode with findings on security debt from their State of Software Security report.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_10.html 

Support our show

Ocean Lotus versus car manufacturers. Ransomware versus dental practices. $5 million reward offered in Dridex case. Information operations and the UK’s general election.

Dec 9, 2019 14:47

Description:

Ocean Lotus puts down more roots in automobile manufacturing. Ransomware hits dentists’ IT providers as well as a Rhode Island town. The US is offering a reward of $5 million for information leading to the arrest or--and we stress “or”--conviction of Dridex proprietor Maksim Yakubets. Russian influence operations seem to be aiming at stirring things up over this week’s British election. And an awful lot of Windows 7 machines still seem to be out there. Joe Carrigan from JHU ISI on McAfee predictions of two-stage ransomware extortion. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_09.html 

Support our show

Targeting routers to hit gaming servers. — Research Saturday

Dec 7, 2019 16:08

Description:

Researchers at Palo Alto Networks' Unit 42 recently published research outlining attacks on home and small-business routers, taking advantage of known vulnerabilities to make the routers parts of botnets, ultimately used to attack gaming servers.

Jen Miller-Osborn is the Deputy Director of Threat Intelligence for Unit 42 at Palo Alto Networks. She joins us to share their findings.

The research can be found here:

https://unit42.paloaltonetworks.com/home-small-office-wireless-routers-exploited-to-attack-gaming-servers/

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

 

Facebook sues over ad fraud. Tampering with VPN connections. Russian disinformation in Lithuania.

Dec 6, 2019 22:07

Description:

Facebook sues a company for ad fraud. Unix-based VPN traffic is vulnerable to tampering. Russian disinformation in Lithuania. Apple explains why new iPhones say they’re using Location Services, even when Location Services are switched off. Researchers set a new record for cracking an encryption key. And ransomware hits a New Jersey theater.  David Dufour from Webroot with a look back at 2019's nastiest cyber threats. Guest is Robert Waitman from Cisco with results from their recent Consumer Privacy Survey.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_06.html 

Support our show

Data center ransomware. Third-party breach hits telco customers. Buran and Buer on the black market. The Great Canon opens fire. Russia trolls Lithuania. Big bad BEC.

Dec 5, 2019 21:35

Description:

Data center operator CyrusOne sustains a ransomware attack. Another third-party breach involves a database inadvertently left exposed on an unprotected server. Buran ransomware finds its place in the black market, as does the new loader Buer. China’s Great Cannon is back and firing DDoS all over Hong Kong. Russian trolls are newly active in Lithuania. And a business email compromise scam fleeces a Chinese venture capital firm of $1 million--enough for a nice seed round. Robert M. Lee from Dragos on the evolution of safety and security in ICS. Guest is Sean O’Brien from @RISK Technologies on how states and cities need to prepare against election-targeted cyber attacks.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_05.html 

Support our show

Lazarus Group interested in thorium reactors? Disinformation by phishing. ZeroCleare wiper in the wild. NATO addresses cyber conflict. NotPetya litigation. Black market takedown.

Dec 4, 2019 20:21

Description:

North Korea’s Lazarus Group may have been looking for Indian reactor design information. A possible case of Russian influence operations, served up by phishing, is under investigation in the UK. The ZeroCleare wiper malware is out and active in the wild. NATO’s summit addresses cyber conflict, and a big NotPetya victim challenges insurers’ contentions that the malware was an act of war. And an international police action takes down a black market spyware souk. Michael Sechrist from Booz Allen Hamilton on security concerns with messaging apps like Slack. Guest is Roger Hale from YL Ventures on the changing role of the CISO when it comes to managing risk.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_04.html 

Support our show

Secondary Infektion may be back, and interested in UK elections. Quantum Dragon. FaceApp risks. PyXie RAT in the wild. An Ethereum developer is charged with helping North Korea evade sanctions.

Dec 3, 2019 20:08

Description:

Someone believes, or would like others to believe, that Britain’s National Health Service is for sale to the US. There’s no word on whether the US has offered the Brooklyn Bridge in exchange. The “Quantum Dragon” study summarizes Chinese efforts to obtain quantum research results from Western institutions. The FBI says FaceApp is a security threat. PyXie, a Python RAT, has been quietly active in the wild since 2018. An Ethereum developer is accused with aiding Pyongyang. Ben Yelin from UMD CHHS on a bipartisan bill requiring a warrant for facial recognition use. Guest is Earl Matthews from Verodin on the importance of collaboration between state governments and technology vendors to ensure election security.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_03.html 

Support our show

ANSSI considering retaliation for ransomware attack. MixCloud breached. Imminent Monitor shut down.

Dec 2, 2019 15:20

Description:

France might go on the offensive against ransomware attackers. The UK’s NCSC has been helping an unnamed nuclear power company recover from a cyberattack. A failed cyberattack targeted the Ohio Secretary of State’s website on Election Day. MixCloud confirms data breach. The Imminent Monitor RAT is shut down by law enforcement. And a cryptocurrency exchange loses nearly fifty-million dollars. Joe Carrigan from JHU ISI on victim blaming.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_02.html 

Support our show

Caveat 04 — Slowly awakening to the problems we face

Dec 1, 2019 41:09

Description:

Ben looks at the cozy relationship between Ring and local law enforcement, Dave shares a story about a DNA tests and search warrants. Our listener on the line wonders about deleted emails. Our guest is Michael Chertoff, former US Secretary of Homeland Security, now head of the Chertoff Group.

Links to stories:

https://gizmodo.com/ring-gave-police-stats-about-users-who-said-no-to-law-e-1837713840

https://www.nytimes.com/2019/11/05/business/dna-database-search-warrant.html

Got a question you'd like us to answer on our show? Send your audio file to caveat@thecyberwire.com or leave a message at (410) 618-3720.

Thanks to our sponsors KnowBe4, who's KCM GRC platform helps you get audits done in half the time, is easy to use, and is surprisingly affordable.

Special Edition — Peter W. Singer author of LikeWar

Nov 30, 2019 31:36

Description:

In this CyberWire special edition, an extended version of our conversation from earlier this year with Peter W. Singer. We spoke not long after the publication of his book, Like War - the Weaponization of Social Media.

Thanks to our special edition sponsors, McAfee.

Special Edition — John Maeda author of How to Speak Machine

Nov 29, 2019 20:49

Description:

In this CyberWire special edition, a conversation with John Maeda. He’s a Graphic designer, visual artist, and computer scientist, and former President of the Rhode Island School of Design and founder of the SIMPLICITY Consortium at the MIT Media Lab. His newly released book is How to Speak Machine - Computational Thinking for the Rest of Us.

Thanks to our special edition sponsors, McAfee.

Phishing, cryptojacking, and commodity malware. New supply chain security measures. And have you heard about this Black Friday thing?

Nov 27, 2019 20:34

Description:

A Fullz House for Thanksgiving. Google finds that nation-state phishing continues at its customary high levels. DeathRansom, the low-end ransomware that didn’t actually encrypt files, has now begun to do so. The Stantinko botnet adds cryptomining functionality. Microsoft reflects on Dexphot, and the sophistication it brings to ordinary malware. Supply chain security rules are coming to the US. A lawsuit in Tel Aviv. And some final notes on Black Friday. Daniel Prince from Lancaster University on business innovation and cyber security. Guest is Francesca Spidalieri from Salve Regina University on the importance of collaboration from all sectors.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_27.html 

Support our show

Potentially malicious SDKs draw cease-and-desist letters. Nursing homes get ransom demands. A look back at the Sony Pictures hack. CISA offers advice on safe online shopping.

Nov 26, 2019 19:32

Description:

Twitter and Facebook warn of potentially malicious software development kits being used by app developers to, potentially, harvest and monetize users’ data. Nursing homes affected by a third-party ransomware incident receive extortion demands that amount to some $14 million. THe Hollywood Reporter retails skeptical musings about the Sony Pictures hack on the fifth anniversary of the North Korean attack. And CISA offers advice for safe holiday shopping. Justin Harvey from Accenture with thoughts on smart cities. Guest is Sam Bakken from OneSpan on mobile app developers protecting against jailbreaking.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_26.html 

Support our show

Arrest by algorithm. Dangers of data enrichment. Golden Falcon in Kazakhstan. FCC vs. Huawei and ZTE. Internet sovereignty. Chuckling Squad popped for Twitter caper. Other crime and punishment.

Nov 25, 2019 20:36

Description:

A defection and a leak expose Chinese espionage and social control operations. Data aggregation and enrichment seem to underlie a big inadvertent data exposure. Something seems to be up in Kazakhstan’s networks. The US FCC takes a swing at Huawei and ZTE. Russia moves closer to its desired Internet sovereignty. A Chuckling Squad member is in custody. A spy goes to prison, cyber hoods do time, and the rats are up to no good in Estonia. That’s the rodents, not the Trojans. Caleb Barlow from Cynergistek with insights gained from a scammer’s call.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_25.html 

Support our show

Mustang Panda leverages Windows shortcut files. — Research Saturday

Nov 23, 2019 12:10

Description:

Researchers at Anomali have been tracking China-based threat group, Mustang Panda, believing them to be responsible for attacks making clever use of Windows shortcut files. 

Parthiban is a researcher at Anomali, and he joins us to share their findings.

The research is here:
https://www.anomali.com/blog/china-based-apt-mustang-panda-targets-minority-groups-public-and-private-sector-organizations

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

 

Sandworm in Google Play. Internet sovereignty. Bogus accounts on LInkedIn. Pupil becomes teacher. Six-year sentence for DDoS. Big bug bounty at Google. Ransomware updates. Pegasus inquest.

Nov 22, 2019 25:50

Description:

Google researchers provide a Sandworm update. Internet sovereignty considered: an aid to law enforcement or a means of social control. LinkedIn reports on the 21-million bogus accounts it closed over the past year. Teacher becomes pupil as marketing learns from informaiton operators. Ohio man gets six years in Akron DDoS case. Ransomware case updates. A Parliamentary inquiry in India will look into the deployment of Pegasus against WhatsApp users. Craig Williams from Cisco Talos on the Panda cryptominer. Guest is Keenan Skelly from Circadence on getting the younger generation excited about cyber.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_22.html 

Support our show

Refined Kitten paws at ICS. Debunking BlueKeep rumors. FBI warns Detroit of cyber threats. The UN’s long deliberation over cybercrime. Cryptowars. 5G security and a 5G czar. Ransomware updates.

Nov 21, 2019 20:10

Description:

Refined Kitten seems to be up to something, perhaps in the control system world. Microsoft debunks claims about Teams, BlueKeep, and Doppelpaymer ransomware. The FBI warns the auto industry that it’s attracting attackers’ attention. A new attack technique, RIPlace, is described. Phineas Fisher’s bouty, considered. The UN, the AG, and the course of the cryptowars. Does America need a 5G czar? And ransomware from Baton Rouge to Rouen. Michael Sechrist from BAH on third party malware risks. Guest is Bill Connor from SonicWall with results from their Q3 Threat Data Report.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_21.html 

Support our show

Louisiana works to recover from Monday’s ransomware attack. Gekko Group sustains a massive data exposure. US student charged with coding for ISIS.

Nov 20, 2019 18:57

Description:

Louisiana works to recover from Monday’s ransomware attack. The HydSeven criminal group is delivering Trojans via spearphishing. A hotel reservation company sustained a massive data exposure. India’s government says it’s legally permitted to surveil citizens’ devices when it’s deemed necessary. Google, Facebook, Apple, and Amazon answer questions for Congress’s antitrust inquiry. A Chicago student is charged with coding for ISIS. And the National Security Agency offers advice for implementing TLSI. David Dufour from Webroot with findings from their midyear threat report . Guest is Bill Harrod from MobileIron on biometric data in the federal space.

Ransomware recovery in Louisiana. DPRK phishing for aerospace jobseekers? Cybercrime campaigns. Notes on current legal matters.

Nov 19, 2019 20:58

Description:

Louisiana recovers from a ransomware attack against state servers. North Korea appears to still be interested in Indian industry--this time it’s people looking for jobs at Hindustan Aeronautics. Compromised CMS distributing info-stealing Trojans. HydSeven mounts a cross-platform spearphishing campaign. Macy’s and Magecart. Thoughts on supply chain security and cyber deterrence. And some legal updates, including some alleged academic money laundering.  Ben Yelin from UMD CHHS on your rights to images you post of yourself online. Guest is Tom Miller from ClearForce on continuous discovery of insider threats.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_19.html 

Support our show

Disney+ credentials hacked. Kudankulam reassurance. Chinese, Iranian documents leak. Iran and Venezuela restrict Internet access. Russia proposes Internet control treaty. Hacktivist notes.

Nov 18, 2019 15:21

Description:

Disney+ credentials already on sale in the black market souks. India reassures nuclear power partners that the Kudankulam incident didn’t compromise safety. Documents pertaining to Chinese and Iranian security operations leak. Internet restrictions go into force in Iran and Venezuela. Russia offers an Internet control treaty at the UN. The Lizard Squad might be back, and Phineas Fisher has also resurfaced. And happy birthday, CISA. Joe Carrigan from JHU ISI on the NICE conference.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_18.html 

Support our show

Sodinokibi aka REvil connections to GandCrab — Research Saturday

Nov 16, 2019 17:21

Description:

Researchers at McAfee's Advanced Threat Research Team have been analyzing Sodinokibi ransomware as a service, also known as REvil. John Fokker is head of cyber investigations for McAfee Advanced Threat Research, and he joins us to share their findings.

The research is here:

https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-what-the-code-tells-us/

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Pemex ransomware update. Spearphishing with spoofed government phishbait. Trojan two-fer. AntiFrigus ransomware avoids C-drive files. BLE bug. DataTribe’s annual Challenge.

Nov 15, 2019 26:37

Description:

Pemex has recovered from the ransomware attack it sustained...or has it? TA2101 is spoofing German, Italian, and US government agencies in its phishing emails. A dropper in the wild is delivering a Trojan two-fer. AntiFrigus ransomware is avoiding C-drives for some reason. Ohio State researchers find a Bluetooth vulnerability. And the results of the annual DataTribe Challenge are in--we heard the three finalists pitch yesterday, and the judges have a winner. Robert M. Lee from Dragos on purple-teaming ICS networks. Guest is David Spark from the CISO/Security Vendor Relationship Podcast on marketing to CISOs.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_15.html 

Support our show

PureLocker ransomware. APT33 update. Hong Kong and information war, in the courts and on PornHub. Facebook content takedowns. Alleged criminals prepare to face the court.

Nov 14, 2019 19:43

Description:

PureLocker is a new ransomware strain available in the black market. APT33 is showing a surge of activity. Lawfare and information operations in and around Hong Kong. Facebook takes down content for violating its Community Standards. And two alleged cyber criminals are facing charges: one is allegedly the former proprietor of Cardplanet, the other was selling a remote administrative tool the RCMP says was really a different kind of RAT.  Justin Harvey from Accenture on the increasing use of biometrics in security. Guest is Jennifer Ayers from Crowdstrike with the insights from their Overwatch threat hunting report.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_14.html 

Support our show

NAM hacked during US-China trade tensions. DDoS against British political parties. Pemex recovers from ransomware. Project Nightingale gets US Federal scrutiny. Patch notes.

Nov 13, 2019 20:21

Description:

National Association of Manufacturers hacked during Sino-American trade negotiations (and tensions). Ineffectual DDoS attacks hit both of the UK’s largest political parties. Pemex says it’s completed recovery from ransomware. The US Department of Health and Human Services will investigate Google’s Project Nightingale for possible HIPAA issues. And did BlueKeep warnings scare people into patching? Apparently not.  Ben Yelin from UMD CHHS on California going after Facebook on alleged user privacy violations. Guest is Edward Roberts from Imperva on Ecommerce and bots.

Labour Party reports a cyberattack. What the Lazarus Group is up to. Platinum adds a quiet backdoor. Buran competes on price. PCI DSS compliance falling. Ahoy, Yantar.

Nov 12, 2019 15:36

Description:

The UK’s Labour Party says it was hacked, but unsuccessfully. The Lazarus Group seems to be back out and about, and apparently interested in India. The Platinum threat actor continues to prospect Southeast Asian targets with stealthy malware, and a new backdoor. Buran tries to take black market share in the ransomware-as-a-service souk. Paycard standard compliance is down. And is that a spy ship we see, or are you just looking at the seabed, all for science? Joe Carrigan from JHU ISI with browser vulnerabilities in Chrome and Firefox.

Special Edition — Andy Greenberg from WIRED on his book Sandworm

Nov 11, 2019 26:37

Description:

In this CyberWire special edition, a conversation with Andy Greenberg, senior writer at WIRED and author of the new book Sandworm -  A New Era of CyberWar and the Hunt for the Kremlin’s Most Dangerous Hackers. It’s a thrilling investigation of the Olympic Destroyer malware, and an accounting of the new era in which we find ourselves, where nation states can target their adversaries critical infrastructure, and the often unintended consequences that follow.

Thanks to our sponsors McAfee, the device-to-cloud cybersecurity company. 

Monitoring the growing sophistication of PKPLUG — Research Saturday

Nov 9, 2019 20:44

Description:

Researchers from Palo Alto Networks' Unit 42 have been tracking a Chinese cyber espionage group they've named PKPLUG. The group mainly targets victims in the Southeast Asia region. Ryan Olson is VP of threat intelligence at Palo Alto Networks, and he joins us to share their findings.

The original research is here:

https://unit42.paloaltonetworks.com/pkplug_chinese_cyber_espionage_group_attacking_asia/

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Warnings about Emotet and BlueKeep. Crooks test their stolen cards before the holiday shopping season. Amazon fixes Ring. Chinese security gear allegedly sold as made-in-USA.

Nov 8, 2019 24:22

Description:

Warnings and advice about Emotet and BlueKeep, both being actively used or exploited in the wild. Two new carding bots are in circulation against e-commerce sites. Expect more of this as criminals test stolen credentials in advance of the holiday shopping season. Amazon fixes a security flaw in its Ring doorbell. A Long Island company is charged with selling bad Chinese security systems as good made-in-USA articles. Michael Sechrist from BAH on preventing supply chain attacks. Guest is Andy Greenberg, senior writer at Wired an author of the book Sandworm — A new era of cyberwar and the hunt for the Kremlin’s most dangerous hackers.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_08.html 

Support our show

US off-off-year elections go off OK, but don’t get cocky, kids. US charges three in Saudi spy case. Adware dropping apps removed from Google Play. Patch Confluence.

Nov 7, 2019 20:23

Description:

The US off-off-year elections seem to have gone off largely free of interference, but officials caution that major foreign influence campaigns can be expected in 2020. Three former Twitter employees are charged with spying for Saudi Arabia. The website defacement campaign in Georgia remains unattributed. Google boots seven adware droppers from the Play Store. Phishers are using web analytics for better hauls. And nation-states are targeting unpatched Confluence. Johannes Ullrich from the SANS Technology Institute on encrypted SNI in TLS 1.3 and how that can be used for domain fronting. Guest is Kevin O’Brien from GreatHorn on managing email threats.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_07.html 

Support our show

App developers had access to more Facebook Group data than intended. Election security and disinformation. DarkUniverse described. Millions lost to business email compromise.

Nov 6, 2019 20:31

Description:

Facebook closes a hole in Group data access. US authorities seek to reassure Congress and the public concerning the security of election infrastructure. Disinformation remains a challenge, however, as the US prepares for the 2020 elections. Criminals catch Potomac fever as they use politicians’ names and likenesses as an aid to distributing malware. Kaspersky outlines the now-shuttered DarkUniverse campaign. And Nikkei America loses millions to a BEC scam. Justin Harvey from Accenture on automated incident response. Carole Theriault speaks with Kristen Poulos from Tripwire on protecting the IoT.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_06.html 

Support our show

Ransomware in Spain. Pegasus in India. TikTok on the Huawei highway? Booz Allen predicts! And good dogs sniff out bad data.

Nov 5, 2019 15:36

Description:

Ransomware hits Spanish companies. Pegasus continues to excite controversy in India. TikTok applies for Big Tech’s good-citizen club, but has apparently so far been blackballed. Booz Allen offers nine predictions for 2020: balkanization, supply chain threats, automotive data theft, war-droning, satellite hacks, tougher attribution, election interference, missiles against malware, and Olympic interference. And good dogs go after bad guys’ data storage devices. Ben Yelin from UMD CHHS on AT&T’s claims that they cannot be sued for selling location data to bounty hunters.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_05.html 

Support our show

BlueKeep is exploited for cryptojacking. Ransomware hits Canadian provincial government. Pegasus lands in India. Magecart, GandCrab updates. US Cyber Command deploys to Montenegro.

Nov 4, 2019 15:21

Description:

BlueKeep is being exploited in the wild, not too seriously, yet, but you should still patch. Nunavut’s government is recovering from a ransomware attack is sustained Saturday morning. The NSO Group controversy spreads into an Indian politcal dust-up. Different Magecart groups are found to be be independently hitting the same victims. GandCrab provided a new template for the cyber underworld. And US Cyber Command deploys to Montenegro. Joe Carrigan with thoughts on the Coalfire pentesters criminal case.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_04.html 

Support our show

Special Edition — Insider Threats

Nov 3, 2019 22:52

Description:

What’s an insider threat? Loosely, it’s a threat that operates from within your organization. In this CyberWire special edition, our UK correspondent Carole Theriault speaks with experts who’ll talk us through the different ways insider threats manifest themselves. 

A quick note - when Carole interviewed Dr. Richard Ford he was with Forcepoint. He’s since moved on to Cyren.

Thanks to our special edition sponsor, Okta. 

Usable security is a delicate balance. — Research Saturday

Nov 2, 2019 18:09

Description:

Until recently, usability was often an afterthought when developing security tools. These days there's growing realization that usability is a fundamental part of security. Lorrie Cranor is director of the CyLab Usable Privacy and Security lab (CUPS) at Carnegie Mellon University. She shares the work she's been doing with her colleagues and students to improve security through usability.

The research can be found here:

https://www.cylab.cmu.edu/news/2019/07/29-usability-history.html

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Cyber espionage. Russia tries Web autarky. The US will investigate TikTok. A bad keyboard app is out of Google Play but still in circulation. Crime comes to e-sports. Happy hundredth, GCHQ.

Nov 1, 2019 25:03

Description:

FireEye warns of Messagetap malware and its spying on SMS. NSO Group’s Pegasus troubles seem to be expanding. Russia prepares to disconnect its Internet. The US opens a national security investigation into TikTok. An Android keyboard app is making bogus purchases and doing other adware stuff. E-sports draw criminal attention. And happy birthday, GCHQ. Robert M. Lee from Dragos on why it’s important for him to set aside time for teaching. Guest is Phil Quade from Fortinet on his recently published book, The Digital Big Bang, which makes an analogy between the Big Bang that created our Universe, and the explosion of bits & chaos in humankind’s age of cyber.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_01.html 

Support our show

Malware in nuclear plant business system, but not in control systems. Facebook versus inauthenticity and spyware. Twitter refuses political ads. NIST wants comments. Cyber risk a factor in credit ratings.

Oct 31, 2019 20:55

Description:

The Kudankulam Nuclear Power Plant confirms it had malware in a business system, but that control systems were unaffected. Franchising coordinated inauthenticity. Facebook deletes NSO Group employees. Twitter says it will no longer accept political ads. NIST wants your comments. And Moody’s appears ready to consider cyber risk in its credit ratings. Ben Yelin from UMD CHHS on Europeans' right to repair. Guest is part two of my interview with Tanya Janca from Security Sidekick on web application inventory and vulnerability discovery.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_31.html 

Support our show

Caveat Ep 2 — Privacy and biometric data.

Oct 30, 2019 37:26

Description:

Ben wonders if the NSA's authority to collect metadata will be renewed. Dave describes an expensive case of mobile device snooping. Our listener on the line wonders if the feds can monitor his laptop. Our guest is Elizabeth Wharton from Prevalion on biometric data security. 

Thanks to our sponsors KnowBe4, who's KCM GRC platform helps you get audits done in half the time, is easy to use, and is surprisingly affordable.   Ben’s Story - https://www.lawfareblog.com/house-judiciary-committees-fisa-oversight-hearing-overview

Dave’s Story - 
https://www.thedailybeast.com/husband-ordered-to-pay-almost-dollar500k-after-bugging-tobacco-heiress-wifes-iphone?via=twitter_page

WhatsApp sues NSO Group over Pegasus distribution. Georgia continues its recovery, as does Johannesburg. Facebook stops more inauthentic action. A Bed, Bath, and Beyond breach.

Oct 30, 2019 20:54

Description:

WhatsApp sues NSO Group for spreading Pegasus intercept software through WhatsApp’s service. Georgia continues its recovery from the large website defacement campaign it suffered at the beginning of the week. Facebook ejects more inauthenticity. Johannesburg hangs tough on cyber extortion. Money laundering finds its way into online games. Norsk Hydro’s insurance claim. An update on pentesting in Iowa. And Bed, Bath, and Beyond sustains a data breach.  Awais Rashid from Bristol University on securing large scale infrastructure. Guest is Tanya Janca from Security Sidekick on finding mentors and starting her own company.

Fancy Bear paws at anti-doping agencies. Johannesburg says no to the Shadow Kill Hackers. Adwind jRAT’s new misdirection. US FCC versus Huawei, ZTE. Georgia hacked.

Oct 29, 2019 21:39

Description:

Fancy Bear is pawing at anti-doping agencies, again, suggesting more to come for the 2020 Tokyo Olympics. Johannesburg has declined to pay the Shadow Kill Hackers the money they demanded. Adwind jRAT has gotten a bit harder to detect. The US FCC is considering a measure that would prevent certain funds from being used to purchase Huawei or ZTE gear. Pwn2Own goes ICS. Georgia is hit by unknown hackers, and Magecart appears in an American Cancer Society website. Daniel Prince from Lancaster University on risk management and uncertainty. Guest is Robb Reck from Ping Identity with their research, 5 Steps to Improve API Security.

Actionable intelligence, and the difficulty of cutting through noise. Extortion hits Johannesburg. Criminal-to-criminal markets. Who’s more vulnerable to phishing, the old or the young?

Oct 28, 2019 16:05

Description:

Actionable intelligence, culling signal from noise, and the online resilience of threat groups. Ransomware hits a legal case management system. The city of Johannesburg continues its recovery from an online extortion attempt. The Raccoon information stealer looks like a disruptive product in the criminal-to-criminal market: not the best, but good enough, and cheaper than the high-end alternatives. And who’s more vulnerable to scams: seniors or young adults? It’s complicated.  Joe Carrigan from JHU ISI on Metasploit as a tool for good or bad.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_28.html 

Support our show

Masad Steals via Social Media. — Research Saturday

Oct 26, 2019 17:43

Description:

Researchers at Juniper Networks have been tracking a trojan they call Masad Stealer, which uses the Telegram instant messaging platform for part it its command and control infrastructure. (Telegram wasn't hacked; it's the innocent conduit.) Mounir Hahad is head of Juniper Threat Labs at Juniper Networks and he joins us to share their findings

The original research is here:

https://forums.juniper.net/t5/Threat-Research/Masad-Stealer-Exfiltrating-using-Telegram/ba-p/468559

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Spearphishing the UN and NGOs. Clickware kicked out of app stores. ICS security notes. Close-reading the Turla false-flag reports. A good use for the dark web. Senators call for investigations.

Oct 25, 2019 26:05

Description:

A spearphishing campaign is found targeting humanitarian, aid, and policy organizaitons. Google and Apple remove clickfraud-infested apps from their stores. A last look back at SecurityWeek’s 2019 ICS Cyber Security Conference, which wrapped up in Atlanta yesterday afternoon. Close- reading GCHQ and NSA advisories. The BBC takes to the dark web, in a good way. And Senators call for investigations of Amazon and TikTok. David Dufour from Webroot with research on phishing. Guest is Jeremy N. Smith, author and host of The Hacker Next Door podcast.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_25

.html 

Support our show

Clouds are back after being out. Bitpaymer hits German manufacturer. Cross-plaform mobile malware. SecurityWeek’s 2019 ICS Cyber Security Conference.

Oct 24, 2019 20:58

Description:

AWS and Google Cloud are back up after early week unrelated outages. A German automation tool manufacturer discloses a ransomware infestation. Mobile malware in the spies’ toolkit. The FBI’s Protected Voices share election secuirty informaiton. Notes from SecurityWeek’s 2019 ICS Cyber Security Conference. NCSC’s annual report. And people have things to say about backdoors, bribes, and those aliens at Area 51. (Chemtrails, too.) Craig Williams from Cisco Talos with an update on Emotet. Guest is Dave Weinstein from Claroty discussing threats to critical infrastructure.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_24.html 

Support our show

Caveat — Crowdsourced private surveillance.

Oct 24, 2019 39:34

Description:

Dave shares a candidate's plan to make personal data private property. Ben describes a system of crowdsourced private surveillance. The listener on the line has a question about expectations of privacy in places like shopping malls. Our guest is Kim Phan from the law firm Ballard Spahr, here to discuss new privacy legislation going into effect in Nevada.

Thanks to our sponsors KnowBe4, who's KCM GRC platform helps you get audits done in half the time, is easy to use, and is surprisingly affordable.

Criminal connections. The risky business of acquisition. Joker is back, and it’s not funny. Most dangerous celebrities. Notes from SecurityWeek’s ICS Cyber Security Conference.

Oct 23, 2019 20:29

Description:

Magecart Group 5 is linked to the Carbanak gang. Another recently acquired reservation systems brings a headache to hospitality. Another app is found to carry the Joker malware. Some more notes from SecurityWeek’s ICS Cyber Security Conference in Atlanta, where the emphasis remains on attention to detail and taking care of first things first. And a list of the most dangerous celebrities offers a peek into the bad actors’ tackle box. Ben Yelin from UMD CHHS on a federal injunction against a company scraping user profiles from LinkedIn. Guest is Mandy Rogers from Northrop Grumman, on her own professional journey and the importance of diversity.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_23.html 

Support our show

More coordinated inauthenticity taken down. The Westphalian system and cyber conflict. VPNs and an AV company sustain incidents. Assange and extradition.

Oct 22, 2019 21:21

Description:

Facebook takes down more coordinated inauthenticity from Iran and Russia, and announces a new transparency policy about news sources. The former NSA Director schools an ICS security audience on the Westphalian system. Three VPNs and one antivirus provider sustain breaches that may be contained, but that may also derive from exploitation of phantom accounts. Microsoft gets more EU scrutiny. And Mr. Assange gets another day in court.  Johannes Ullrich from the SANS Technology Institute on phishing targeting the financial industry. Guest is Ori Eisen from Trusona on moving beyond phone numbers, usernames and passwords online.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_22.html 

Support our show

Not every incident is necessarily an attack. Not everything that purrs is a kitten (sometimes it’s a bear that would like you to think it’s a kitten). ICS security notes.

Oct 21, 2019 15:07

Description:

Some notes on not jumping to conclusions that incidents are cyber attacks. A false flag operation shows the difficulty of attribution: not everything that purrs is a kitten, because sometimes it’s a bear. Notes from the ISC Security Conference in Atlanta, including some reflections on the criminal market’s business cycle, the dangers of social engineering, and the importance of attending to the fundamentals. And the Vatican fixes a bug. Joe Carrigan from JHU ISI on the ease with which one’s identity can be determined using previously anonymized data sets.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_21.html 

Support our show

Hoping for SOHO security — Research Saturday

Oct 19, 2019 15:23

Description:

Researchers at Independent Security Evaluators (ISE) recently published a report titled SOHOpelessly Broken 2.0, Security Vulnerabilities in Network Accessible Services. This publication continues and expands previous work they did examining small office/home office (SOHO) routers, network-attached storage devices (NAS), and IP cameras. 

Shaun Mirani is a security analyst at ISE, and he joins us to share their findings. 

The original research is here:
https://www.ise.io/whitepaper/sohopelessly-broken-2/

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Clickfraud and third-parties (both SDKs and stores). Trojanized TOR browser steals from Russian users. WiFi bugs. Sketchy jailbreak. Big Tech on free speech. Cooperation against terrorism.

Oct 18, 2019 25:41

Description:

Clickfraud arrives via a third-party SDK, and the app developers who used it say they didn’t know nuthin’. Maybe they didn’t. A Trojanized TOR browser warns its bro’s that, whoa, you’re out of date and the police might see you, but it’s really just stealing the bros’ alt-coin. WiFi bugs are fixed in Kindle and Alexa. Don’t try to jailbreak your iPhone from a sketchy Checkrain site. Two Big Tech companies take different directions on free speech. And Russia gets an assist from Uncle Sam. Craig Williams from Cisco Talos on a Tortoiseshell creating a fake veteran’s job site. Guest is Caleb Barlow from Cynergistek on the challenges of securing medical records.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_18.html 

Support our show

Cozy Bear never really left. Iran denies it suffered a US cyberattack. Malicious WAV files. Darknet dragnet hauls in child exploitation ring. Graboid infests Docker hosts.

Oct 17, 2019 20:29

Description:

Cozy Bear isn’t back--Cozy Bear never really left at all. Iran says the Americans are dreaming: there was no cyberattack in retaliation for Iran’s implausibly deniable missile strikes on Saudi oil fields last month. Malicious audio files are dropping cryptominers and reverse shells into victim systems. An international dragnet collars hundreds in a darknet child exploitation sweep. And Graboid is out there, worming its cryptojacker into susceptible Docker hosts. Robert M. Lee from Dragos on their contribution to the Splunk Boss of the SOC (BOTS) capture-the-flag (CTF) competition. Guest is Chris Hickman from Keyfactor on Public Key Infrastructure.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_17.html 

Support our show

Cyber retaliation for a kinetic attack, again. Industrial espionage from China. Botnet does sextortion. Typosquatting the other candidate. A poor approach to reputation management.

Oct 16, 2019 19:08

Description:

The US may have retaliated in cyberspace for Iran’s strikes against Saudi oil fields. China’s new C919 airliner seems to have benefited greatly from industrial espionage. An old botnet learns new tricks. Typosquatting as an election influence trick. A look at price lists in the Criminal-to-Criminal marketplace. Recovering from ransomware. And when it comes to reputation management, there’s not so much a right to be forgotten as there is a right to fuggeddaboutit, if your get what we mean. Justin Harvey from Accenture on ESports gaining popularity in cyber security.  Guest is Aashka, a high school junior who helped plan the Raytheon Girl Scouts National Cyber Challenge.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_16.html 

Support our show

Ransomware hits US, French companies. ISPs as combat support arms. Lawful intercept gone rogue? Lazarus Group is back and in GitHub. China’s security laws and security risks.

Oct 15, 2019 20:49

Description:

Ransomware hits companies in France and the US. A Finnish energy company sustains a suspicious IT incident. Turkey jams social media as it rolls tanks against the Kurds. Pegasus spyware said to be in use against Moroccan activists. Silent Librarian is still making noise. The Lazarus Group is back with a malign crypto-trading app. China tightens its cyber laws, and the EU privately warns itself that, yes, companies like Huawei are a security risk. Joe Carrigan from JHU ISI, responding to a listener question about training new employees. Carole Theriault interviews Dirk Schrader from Greenbone Networks on the security of medical data.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_15.html 

Support our show

Decrypting ransomware for good. — Research Saturday

Oct 12, 2019 19:59

Description:

Michael Gillespie is a programmer at Emsisoft, as well as a host of the popular ID Ransomware web site that helps victims identify what strain of ransomware they may have been infected with, and what decryptors may be available. He's written many decryptors himself, most recently for the Syrk strain of ransomware. 

Links to the research and Michael's work:
https://blog.emsisoft.com/en/33885/emsisoft-releases-a-free-decryptor-for-the-syrk-ransomware/
https://id-ransomware.malwarehunterteam.com/

https://www.youtube.com/user/Demonslay335

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Ransomware and a zero-day. A newly discovered espionage platform. FIN7’s new tricks. Beijing speaks and Apple listens. A visit to NSA’s Cybersecurity Directorate.

Oct 11, 2019 22:38

Description:

BitPaymer ransomware is exploiting an Apple zero-day. “Attor” isn’t your ordinary malign faerie: it’s also an espionage platform that’s been carefully deployed against Russian and Eastern European targets. FIN7 upgrades its toolkit. Apple does what the Chinese government asks it to do, blocking a mapping and a news app from users in China. And a look inside the black box, as we visit NSA’s Cybersecurity Directorate. Awais Rashid from Bristol University on the need for real-world experimentation. Guest is Kumar Saurabh from LogicHub on the importance of making breach forensics public.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_11.html 

Support our show

Alleged DIA leaker. Europol cybergang study. Protecting the DIB. Chinese information operations.

Oct 10, 2019 19:41

Description:

A US Defense Intelligence Agency analyst has been charged with leaking national defense information. Europol releases its 2019 Internet Organized Crime Threat Assessment. NSA Director Nakasone says the Agency’s Cybersecurity Directorate will first focus on protecting the Defense Industrial Base from intellectual property theft. CISA wants subpoena power over ISPs. And US companies are criticised for caving to Beijing's demands. Robert M. Lee from Dragos on regulations vs incentives when securing the electrical grid. Guest is Robb Reck from Ping Identity with results from their CISO Advisory Council’s new research on Securing Customer Identity.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_10.html 

Support our show

Twitter and two-factor authentication. Privacy concerns. The US Senate Intelligence Committee reports on Russian troll farms. Turla is back with some new tricks.

Oct 9, 2019 20:45

Description:

Twitter says it’s sorry is anything might have inadvertently happened with users’ email addresses and phone numbers, and that it’s taking steps to stop whatever might have happened from happening again. If anything actually happened. Other concerns about privacy surface elsewhere. The US  Senate Intelligence Committee issues its report on influence operations in the 2016 elections. Kaspersky ties a sophisticated malware campaign to Turla. Ben Yelin from UMD CHHS on a DARPA-inspired program exploring the possibility of using predictive technology to identify dangerous individuals. Guest is Neill Sciarrone from Trinity Cyber, discussing her career and the importance of attracting women to cyber.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_09.html 

Support our show

Riding herd on Mustang Panda. Drupalgeddon2 is out in the wild. VPN warnings and mitigations. Patch notes. An offer to share intelligence about Huawei. Presidential sites get low privacy grades.

Oct 8, 2019 19:06

Description:

An update on Mustang Panda, and its pursuit of the goals outlined in the Thirteenth Five Year Plan. Unpatched Drupal instances are being hit as targets of opportunity. NSA adds its warnings to those of CISA and NCSC concering widely used VPNs: if you use them, patch them. (And change your credentials). Five Senators tell Microsoft, nicely, that Redmond is naive about Huawei. Patch Tuesday is here. And US Presidential campaign websites get privacy grades. Johannes Ullrich from the SANS Technology Institute on server side request forging. Guest is Jadee Hanson from Code42 with the results of their 2019 Global Data Exposure Report.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_08.html 

Support our show

Iran hacks for influence. Brazilian PII up for auction. Prince Harry vs. Fleet Street. Electrical infrastructure cyber risk. Paying ransom. HildaCrypt developers say they’re going straight.

Oct 7, 2019 17:02

Description:

Iranian threat group Phosphorus (or Charming Kitten) has been found active against US elections and other targets. A big database of PII on Brazilians is up for auction in the dark web souks. Prince Harry takes a legal whack at Fleet Street. An Atlantic Council session takes a look at electrical infrastructure cyber risk. An Alabama medical system pays the ransom to get its files back. And HildaCrypt’s developers say it was all in fun, and release their own keys. Joe Carrigan from JHU ISI on the wider availability of malicious lightning charging cables.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_07.html 

Support our show

The fuzzy boundaries of APT41. — Research Saturday

Oct 5, 2019 22:59

Description:

Researchers at FireEye recently released a report detailing the activities of APT41, a Chinese cyber threat group notable for the range of tools they use, their origins in the world of video gaming, and their willingness to shift from seemingly state-sponsored activity to hacking for personal gain. 

Nalani Fraser and Fred Plan contributed to the report, and they join us to share their findings.

The original research is here:

https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Android vulnerability exploited in the wild. Careless spycraft. The Eye on the Nile. A new Chinese threat actor. A spoiling attack in the CryptoWars. Take election interference, please.

Oct 4, 2019 25:20

Description:

Project Zero warns that a use-after-free vulnerability in widely used Android devices is being exploited in the wild. Uzbekistan’s National Security Service continues to get stick in the court of public opinion for sloppy opsec. Check Point reports on what appears to be an Egyptian domestic surveillance operation. Palo Alto reports on a newly discovered Chinese state threat actor. A new volley in the Cryptowars. And Vlad gets out the rubber chicken. Guest is Paige Schaffer, CEO of Generali Global Assistance’s Identity and Digital Protection Services Global Unit, on the University of Texas ITAP report.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_04.html 

Support our show

A new threat group, Avivore, is called out in the Airbus hack. Ransomware and VPN exploit warnings. EU tells Facebook to take down some content, everywhere. Spearphishing ANU. SandCat’s bad opsec.

Oct 3, 2019 20:02

Description:

Who’s been hacking aerospace firms? Context Security suggests it’s a new Chinese threat actor, “Avivore.” The FBI issues a ransomware alert. The NCSC warns of active exploitation of vulnerable VPNs. The EU issues a sweeping takedown order to Facebook. US Senators ask Facebook about deep fakes. Spearphishing at the Australian National University. FireEye may be for sale. And the SandCat threat group shows poor opsec. Craig Williams from Cisco Talos on maliciously crafted ODT files. Guest is Yoav Leitersdof of YL Ventures with insights on the VC market in Israel.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_03.html 

Support our show

RATs, ransomware, payloads, and unsecured data: a look at the cybercriminal underground.

Oct 2, 2019 20:24

Description:

Sobinokibi ransomware looks more like the child of GandCrab, and McAfee has some thoughts on how ransomware-as-a-service operates. FakeUpdates are back, and they’re installing ransomware, too. The Adwind RAT is back and infesting a new set of targets: it’s moved on from hospitality and retail and into the oil industry. Maliciously crafted ODT files are appearing in the wild. And a big database about Russian taxpayers has appeared in an unsecured Elasticsearch cluster. Ben Yelin from UMD CHHS on a California town implementing a robot police patrol unit. Guest is Daniel Garrie from Law & Forensics on eDiscovery.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_02.html 

Support our show

Piling on sanctions. The disinformation-as-a-service black market. Technological sovereignty through R&D investment? Ransomware continues to rise. NSA’s new Cybersecurity Directorate.

Oct 1, 2019 20:25

Description:

The oligarch behind the St. Petersburg troll farm is sanctioned, again. Recorded Future looks at disinformation and finds there’s a functioning private sector market for it. The European Union seems likely to pursue technological sovereignty, at least to the tune of some R&D investment. Ransomware attacks against US state and local governments have been trending up, and that trend is likely to continue. And NSA has its new Cybersecurity Directorate.  Joe Carrigan from JHU ISI on Microsoft no longer trusting built-in encryption on hard drives. Carole Theriault speaks with Simon Rodway from Entersekt about Facebook’s Libra and how it may effect traditional banks.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_01.html 

Support our show

Industrial firms disclose cyber incidents. US DHS to check airliner cybersecurity. RCMP security case update. Bulletproof host taken down. Gnosticplayers. Royal phish.

Sep 30, 2019 19:19

Description:

Rheinmetall and DCC have disclosed sustaining cyber attacks. The US Government is looking at airliner cyber vulnerabilities. SimJacker is real, but recent phones seem unaffected. RCMP data misappropriation case update. German police raid a bulletproof host. Gnosticplayers may be back. And someone is sending phishing snail mail that claims the British Crown needs your help to ease the economic fallout of Brexit--a Bitcoin wallet is helpfully made available. Malek Ben Salem from Accenture labs with an overview of five threat factors influencing the cyber security landscape.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_30.html 

Support our show

Focusing on Autumn Aperture. — Research Saturday

Sep 28, 2019 18:31

Description:

Researchers at Prevalion have been tracking a malware campaign making use of antiquated file formats and social engineering to target specific groups. 

Danny Adamitis and Elizabeth Wharton are coauthors of the report, and they join us to share their findings.

The research can be found here:

https://blog.prevailion.com/2019/09/autumn-aperture-report.html

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Supply chain hacks versus Airbus. Phishing around Google Cloud. Masad Clipper and Stealer on the criminal-to-criminal market. Quick zero-day exploitation. DoorDash hack. Inside JTF Ares.

Sep 27, 2019 25:58

Description:

The Airbus supply chain is reported to be under attack, possibly by Chinese industrial espionage operators. Phishing campaigns impersonate Google Cloud services. A new commodity information stealer is on offer in the black market. The vBulletin zero-day was weaponized surprisingly quickly. DoorDash discloses a hack that exposed almost five million persons’ data. And a look at JTF Ares operations against ISIS shows commendable attention to increasing the enemy’s friction.  David Dufour from Webroot on the need for a variety of areas of expertise in security. Guest is Caleb Barlow CEO and President of Cynergistek, discussing the security implications of being CEO of a public company.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_27.html 

Support our show

Lazarus Group in India. Suspected Chinese APT uses fake Narrator. Fleeceware. DNI testimony. TalkTalk hacker charged in US. Yahoo breach compensation. Chameleon spam campaign.

Sep 26, 2019 20:44

Description:

North Korea’s Lazarus Group is active against targets in India. A “suspected Chinese advanced persistent threat group” is exploiting a Windows accessibility feature. Sophos warns of “fleeceware.” US DNI testifies efore the House Intelligence Committee. The TalkTalk hacker and an alleged accomplice are indicted on US charges. What’s involved in receiving compensation in the Yahoo breach settlement. And notes on the Chameleon spam campaign. Jonathan Katz from George Mason University with an overview of salting and hashing. Guest is Greg Martin from JASK on DOJ’s efforts to improve outreach with hackers.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_26.html 

Support our show

Notes on Tortoiseshell. Fancy Bear snuffles around embassies and foreign ministries. Poison Carp targets Tibetan groups. GandCrab unretires. And Chameleon’s curious spam.

Sep 25, 2019 20:17

Description:

Tortoiseshell is trolling for military veterans. There’s been a fresh Fancy Bear sighting. The transcript of a conversation between the US and Ukrainian presidents has been released. Citizen Lab warns that Poison Carp is actively working against Tibetan groups. A zero-day afflicting vBulletin forum software is out. GandCrab comes out of retirement. And there’s an odd spam campaign in circulation that looks like phishing but seems not to be.  Ben Yelin from UMD CHHS on the White House blocking Congress from auditing its offensive hacking strategy. Guest is Tim Keeler from Remediant looking at lateral movement in the context of the NotPetya attacks.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_25.html 

Support our show

Utility phishing. Google wins on the right to be forgotten. Transatlantic data transfer. Responsible state behavior in cyberspace. Huawei and 5G. Permanent Record, temporarily phishbait.

Sep 24, 2019 19:00

Description:

APT10 has been phishing in US utilities. Google wins a big round over the EU’s right to be forgotten. European courts are also considering binding contractual clauses and Privacy Shield, which together have facilitated transatlantic data transfer. Twenty-seven nations agree on “responsible state behavior in cyberspace.” A hawkish take on Huawei’s 5G ambitions. And Edward Snowden’s book is being used as phishbait (not, we hasten to say, by Mr. Snowden). Johannes Ullrich from the SANS Technology Institute on the security issues with local host web servers. Guest is Fleming Shi from Barracuda with research on city/state ransomware attacks.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_24.html 

Support our show

YouTube account hijacking. Facebook finds more apps misusing data. Cyber deterrence in the Gulf region. Huawei’s CFO continues to fight extradition from Canada to the US. Pentesting blues.

Sep 23, 2019 16:30

Description:

YouTube creators in the “car community” get their accounts hijacked over the weekend. Facebook finds tens of thousands of apps behaving badly with respect to priority--the social network’s announcement has been cooly received in the US Senate. The Gulf region continues to be a field of cyber as well as kinetic competition. Huawei’s CFO is back in court today. And Iowa tries to sort out what it actually hired pentesters to do (and to whom they were supposed to do it.) Joe Carrigan from JHU ISI on smart TV privacy concerns.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_23.html 

Support our show

Leaky guest networks and covert channels. — Research Saturday

Sep 21, 2019 15:30

Description:

Many users of inexpensive internet routers use guest network functionality to help secure their home networks. Researchers at Ben Gurion University have discovered methods for defeating these security measures. Dr. Yossi Oren joins us to share their findings.

The original research is here:
https://www.usenix.org/system/files/woot19-paper_ovadia.pdf

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Coordinated inauthenticity in five countries draws action from Twitter. Cryptomining continues. Huawei fights its ban in US Federal court. Notes from CISA’s Cybersecurity Summit.

Sep 20, 2019 24:55

Description:

Twitter details actions against coordinated inauthenticity in Egypt, the United Arab Emirates, Ecuador, Spain, and China. Tension with Iran remain high, but cyber action hasn’t sharply spiked. The Smominru botnet installs malware, including miners, and kicks other malicious code out of infected machines. Panda cryptojackers are careless but effective. Huawei says it’s the victim of a bill of attainder. And notes from CISA’s National Cybersecurity Summit.  Malek Ben Salem from Accenture labs on the security aspects of facial recognition systems. Guest is Henry Harrison CTO of Garrison on Hardsec, a new approach to security that came out of the UK.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_20.html 

Support our show

Notes from the CISA Summit. New DDoS vector reported. Medical images exposed online. Huawei and US sanctions. Engaging ISIS in cyberspace.

Sep 19, 2019 18:31

Description:

A quick look at CISA’s National Cybersecurity Summit. A big new distributed denial-of-service vector is reported. Medical servers leave patient information exposed to the public Internet. Huawei is suspended from the FIRST group as it argues its case in a US Federal court. And one of the challenges of engaging ISIS online is that it relies so heavily on commercial infrastructure--it’s got to be targeted carefully. Ben Yelin from UMD CHHS on a case of compelled encryption which may be heading to the supreme court. Guest is David Talaga from Talend on how privacy fines have informed customers’ approach to planning around data security compliance.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_19.html 

Support our show

Tortoiseshell threat-actor active in the Middle East. Simjacker less dangerous than thought? Decentralizing cyber attack. The Ortis affair. Mr. Snowden’s book deal.

Sep 18, 2019 19:48

Description:

A newly discovered threat actor, “Tortoiseshell,” has been active against targets in the Middle East. The Simjacker vulnerability may not be as widely exploitable as early reports led many to believe. The US Army seems committed to decentralizing cyber operations along long-familiar artillery lines. Joint Task Force Ares continues to keep an eye on ISIS. Canada seeks to reassure allies over the Orts affair. And the Justice Department wants any royalties Mr. Snowden’s book might earn. Daniel Prince from Lancaster University on cyber security as a force multiplier. Guest is Brian Roddy from Cisco on securing the multi-cloud.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_18.html 

Support our show

More updates on the Royal Canadian Mounted Police counterintelligence case. Australian elections and China’s interests. ISIS howls to the lone wolves. Ed Snowden would prefer Paris to Moscow.

Sep 17, 2019 20:15

Description:

More notes on the RCMP espionage scandal. The CSE’s preliminary assessment sounds serious indeed, and Canadian intelligence services are trying to identify and contain the damage Cameron Ortis is alleged to have done. And the other Four Eyes are doing so as well. Australia considered that a hacking incident early this spring may have been a Chinese effort to compromise election systems. ISIS is back online. And Mr. Snowden wouldn’t mind asylum in France. David Dufour from Webroot with thoughts on backups. Carole Theriault interviews ethical hacker Zoe Rose, who shares insights on entering the industry.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_17.html 

Support our show

Espionage and counter-espionage in at least three of the FIve Eyes. New sanctions against North Korea. Password managers and flashlights.

Sep 16, 2019 17:20

Description:

Spy versus spy, in America, Canada, and Australia, with special guest stars from the Russian and Chinese services. The US Treasury Department issues more sanctions against North Korea’s  Reconnaissance General Bureau, better known as the Lazarus Group or Hidden Cobra. Russian election influence goes local (and domestic). Password manager security problems. And why does your flashlight want to know so much about you? Justin Harvey from Accenture with insights on HTTPS and phishing.

Bluetooth blues: KNOB attack explained. — Research Saturday

Sep 14, 2019 17:01

Description:

A team of researchers have published a report titled, "KNOB Attack.
Key Negotiation of Bluetooth Attack: Breaking Bluetooth Security." The report outlines vulnerabilities in the Bluetooth standard, along with mitigations to prevent them. 

Daniele Antonioli is from Singapore University of Technology and Design, and is one of the researchers studying KNOB. He joins us to share their findings.

The research can be found here:
https://knobattack.com

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

CRASHOVERRIDE tried to be worse than it was. InnfiRAT scouts for wallets. Simjacker exploited in the Middle East. SINET 16 are out. Pentesting scope. Back up your files, Mayor.

Sep 13, 2019 25:25

Description:

The Ukrainian electrical grid hack seems, on further review, to have been designed to do far more damage than it actually accomplished. InnfiRAT is scouting for access to cryptocurrency wallets. A sophisticated threat actor is using Simjacker for surveillance on phones in the Middle East. The SINET 16 have been announced. A penetration test goes bad due to a misunderstanding of scope, and Baltimore decides, hey, it might be a good idea to back up files.  Johannes Ullrich from the SANS Technology Institute on web spam systems. Guest is Rosa Smothers from KnowBe4 discussing her career journey and the importance of diversity in tech.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_13.html 

Support our show

The StingRays that were n DC. Old-school file formats and attack code. Ransomware becomes spyware. Joker apps ejected from the Play store. Multifaceted deterrence. Advice on BEC.

Sep 12, 2019 19:17

Description:

DC StingRays alleged to be Israeli devices. North Korea is slipping malware past defenses by putting it into old, obscure file formats. Ryuk ransomware gets some spyware functionality. Google has purged Joker-infested apps from the Play store. The US Defense Department explains its “multifaceted” approach to cyber deterrence. The FBI warns that business email compromise is on the upswing, and offers some advice on staying safe. Awais Rashid from Bristol University with warnings on accepting default settings on mobile devices. Guest is Bill Conner from SonicWall on side channel attacks.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_12.html 

Support our show

Cobalt Dickens, coming to a university library near you. UNICEF data exposure. Election security notes. Operation reWired arrests 281 alleged BEC scammers.

Sep 11, 2019 20:55

Description:

Cobalt Dickens is back, and phishing in universities’ ponds. UNICEF scores a security own-goal. Patch Tuesday notes. A look at US election security offers bad news, but with some hope for improvement. The US extends its state of national emergency with respect to foreign meddling in elections. And an international police sweep draws in 281 alleged BEC scammers. Ben Yelin from UMD CHHS on the privacy implications of geofencing. Guest is Drew Kilbourne from Synopsys with result of their report, The State of Software Security in the Financial Services Industry.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_11.html 

Support our show

US National Security Advisor to be replaced. Stealth Falcon’s new backdoor. DDoS, social engineering investigations proceed. Exfiltrating an agent. Patch Tuesday notes.

Sep 10, 2019 20:47

Description:

John Bolton is out as US National Security Advisor. A new backdoor is attributed to Stealth Falcon. Wikipedia’s DDoS attack remains under investigation. So does a business email compromise at Toyota Boshoku and a raid on the Oklahoma Law Enforcement Retirement Services. Vulnerable web radios get patches. The US is said to have exfiltrated a HUMINT asset from Russia in 2017. Microsoft patches 79 vulnerabilities, 17 of them rated critical. Michael Sechrist from Booz Allen Hamilton on the spillover of geopolitical issues into cyber security. Guest is Ashish Gupta from Bugcrowd on the economics of hacking and the adoption of ethical hacking.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_010.html 

Support our show

BEC attack pulls millions from car parts company. Wikipedia DDoS. NERC and FERC on grid hacking. Trolling Pyongyang. Mike Hammer goes to the DMV.

Sep 9, 2019 15:56

Description:

A big BEC extracts more than $37 million from a major automotive parts supplier. Wikipedia suffers a DDoS attack in Europe and the Middle East. NERC and FERC get to work. Thrip may really be Billbug, and that’s attribution, not etymology. Was US Cyber Command trolling North Korea on the DPRK’s national day? And what does the Department of Motor Vehicles do with all the data they collect on drivers? In some US states, it seems, they sell it to private eyes. Joe Carrigan from JHU ISI on a GMail update for iOS which enables the blocking of tracking pixels.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_09.html 

Support our show

VOIP phone system harbors decade-old vulnerability. — Research Saturday

Sep 7, 2019 26:08

Description:

Researchers at McAfee's Advanced Threat Research Team recently published the results of their investigation into a popular VOIP system, where they discovered a well-know, decade-old vulnerability in open source software used on the platform. 

Steve Povolny serves as the Head of Advanced Threat Research at McAfee, and he joins us to share their findings.

The original research can be found here:
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/avaya-deskphone-decade-old-vulnerability-found-in-phones-firmware/

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

China hacks to track. Turning the enemy’s weapons against them? Notes from the Billington CyberSecurity Summit. Anti-trust investigations for Facebook and, probably, Google.

Sep 6, 2019 25:54

Description:

Chinese intelligence and security services have been busy in cyberspace. A third-party customer leaks data it received from Monster.com. There’s a Joker in the Play Store. Some notes from the Billington CyberSecurity Summit: a military look at cyber ops, what CISA’s up to, and some advice from the NCSC. Anti-trust investigations are on the way for Facebook, and it seems likely that Google will be next. Malek Ben Salem from Accenture Labs on leveraging the blockchain for AI. Guest is Doug Grindstaff from the CMMI institute, who makes the case that CISOs need to think more like VCs.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_06.html 

Support our show

Scraped data found gurgling around in an unsecured third-party database. Ransomware and election security. Spy in your pocket? (Probably not.) Guilty plea in the Satori case.

Sep 5, 2019 19:15

Description:

A database scraped from Facebook in the bad old days before last year’s reforms holds informaiton about 419 million users. The ransomware threat to election security. Notes from the Billington CyberSecurity Summit. Is your phone reporting back to Mountain View or Cupertino? Probably not, at least not in the way the Twitterverse would have you believe. And the Feds get a guilty plea in the case of the Satori botnet. Awais Rashid from Bristol University on the notion of bystander privacy. Carole Theriault speaks with Dov Goldman, Director of Risk and Compliance at Panorays on the most noteworthy third-party breaches of 2019 so far.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_05.html 

Support our show

Ransomware, Bitcoin, underwriters, and the bandit economy. OTA provisioning could lead to subtle phishing. Alleged spammers indicted. ZAO flashes and flickers out, for now.

Sep 4, 2019 19:03

Description:

A look at the ongoing ransomware epidemic, with some speculation about its connection to the criminal economy. Over-the-air provisioning might open Android users to sophisticated phishing approaches. Alleged spammers are indicted in California. And, ZAO, we hardly knew ye. Jonathan Katz from UMD on the evolution of Rowhammer attacks. Tamika Smith speaks with Troy Gill from AppRiver about cities being hit with ransomware.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_04.html 

Support our show

Stuxnet’s story. Watering hole was designed to attract China’s Muslim minority. USBAnywhere affects some Supermicro servers. Twitter’s CEO has his Twitter stream hijacked.

Sep 3, 2019 20:00

Description:

A report on Stuxnet suggests there were at least five and probably six countries whose intelligence services cooperated in the disabling cyberattack against Iran’s nuclear enrichment program. The watering hole Project Zero reported last week seems to have affected Android and Windows as well as iOS devices, and appears directed against China’s Uyghur minority. USBAnywhere vulnerability affects servers. And no, those tweets last Friday weren’t from Mr. Dorsey. Joe Carrigan from JHU ISI with thoughts on security onboarding as the fall semester begins. Guest is Rinki Sethi from Rubrick on the cybersecurity skills gap and the importance of diversity.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_03.html 

Support our show

Emotet's updated business model — Research Saturday

Aug 31, 2019 23:07

Description:

The Emotet malware came on the scene in 2014 as a banking trojan and has since evolved in sophistication and shifted its business model. Researchers at Bromium have taken a detailed look at Emotet, and malware analyst Alex Holland joins us to share their findings.

The research can be found here:

https://www.google.com/url?q=https://www.bromium.com/resource/emotet-a-technical-analysis-of-the-destructive-polymorphic-malware

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Watering hole for iPhones. Dental record service hit with ransomware. Huawei reportedly under investigation for IP theft. “erratic” faces cryptojacking charges. Farewell to a Bletchley Wren.

Aug 30, 2019 21:30

Description:

Google’s Project Zero releases information on a long-running watering-hole campaign against iPhone users. A dental record backup service is hit by ransomware, and the decryptor the extortionists gave them may not work. Huawei may be in fresh legal hot water over alleged IP theft. Cryptojacking charges are added to those the accused Capital One hacker faces. And we say farewell to a Bletchley Park veteran. Emily Wilson from Terbium Labs on back-to-school season in the fraud markets. Guest is the one-and-only Jack Bittner, with his insights on how middle-schoolers are handling security.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/August/CyberWire_2019_08_30.html 

Support our show

Cyberattacks and intelligence trade-offs. TrickBot’s new interests. Fancy Bear versus machine learning. Facebook looks for more ad transparency. Retadup take-down.

Aug 29, 2019 19:45

Description:

Senior US officials say the June 20th attacks on Iranian networks helped stop Tehran’s attacks on tankers in the Arabian Gulf. TrickBot seems to be going after mobile users’ PINs. Fancy Bear has taken note of machine learning and modified her behavior accordingly. Facebook revises its rules to achieve greater transparency in political and issue advertising. A multinational takedown cleans up the Retadup worm infestation. Ben Yelin from UMD CHHS on the proliferation of privately owned license plate readers. Guest is Martin Zizi from Aerendir on biometric security technologies.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/August/CyberWire_2019_08_29.html 

Support our show

LYCEUM active against Middle Eastern energy-sector targets. LinkedIn used to recruit spies. Autonomous car expert indicted. Imperva exposure. VPN software patches. AI writes.

Aug 28, 2019 20:19

Description:

LYCEUM is active against the oil and gas sector in the Middle East. Leaving government service? That nice offer from the head-hunters you got on LinkedIn may be the beginning of an approach by Chinese Intelligence. Autonomous car expert indicted for alleged theft of trade secrets. Imperva discloses a possible breach. Exploitation attempts against VPNs reported. And why did the chicken cross the road? The AI’s not sure, but it thinks the chicken used LIDAR.  Joe Carrigan from JHU ISI on the federal office of the CIO’s Cyber Reskilling Academy graduating their first class. Guest is Peter Smith from Edgewise on microsegmentation.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/August/CyberWire_2019_08_28.html 

Support our show

Hostinger resets passwords after an intrusion. Social media fraud. Notes on RATs and ransomware. Free decryptor for Syrk. Hedge funds go bananas.

Aug 27, 2019 19:45

Description:

Hostinger resets passwords after a breach. Arkose finds that more than half the social media logins they investigated during the recent quarter were fraudulent. US State governors seem likely to call on the National Guard to help with cyber incidents. A new phishing campaign is distributing the Quasar RAT. A new ransomware strain, Nemty, is out in the wild. Fortnite account encrypted? Emsisoft can help. And who knew that hedge funds liked bananas. David Dufour from Webroot on company cyber security assessments. Carole Theriault speaks with Omar Yaacoubi from Barac on the growth in encrypted hacks, and how they use metadata to detect and analyze them.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/August/CyberWire_2019_08_27.html 

Support our show

BioWatch info potentially exposed. Scammers indicted. Ukrainian cryptojacking exposed sensitive data. Social engineering notes. Boo birds and lawsuits. Data use and privacy. Low-earth orbit hack.

Aug 26, 2019 19:50

Description:

BioWatch info exposed. Patched vulnerabilities are weaponized in the wild. Romance and other scam indictments name eighty defendants. Cryptomining and data exposure. Social engineering with a sheen of multi-factor authentication. Suing the boo birds and the people who let them in. The road to unhappiness is paved with mutually exclusive good intentions. And alleged identity theft from low-earth orbit. Craig Williams from Cisco Talos discussing Heaven’s Gate RAT. Guest is Mike Weber from Coalfire on their recently published Penetration Risk Report.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/August/CyberWire_2019_08_26.html 

Support our show

Gift card bots evolve and adapt — Research Saturday

Aug 24, 2019 23:29

Description:

Researchers at Distil Networks have been tracking online bots targeting ecommerce gift card systems of major online retailers. The threat actors show remarkable resourcefulness and adaptability. Jonathan Butler is technical account team manager at Distil Networks, part of Imperva, and he joins to share their findings.

The research can be found here:

https://resources.distilnetworks.com/all-blog-posts/giftghostbot-attacks-ecommerce-gift-card-systems

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Google takes down YouTube influence operation. Cryptomining in a nuclear plant. Spyware in the Google Play Store.

Aug 23, 2019 22:29

Description:

Google takes down YouTube accounts spreading disinformation about Hong Kong protests. Cryptomining gear seized at a Ukrainian nuclear plant. CISA outlines its strategic vision. Telcos and law enforcement team up to stop robocalls. Spyware makes it into the Google Play Store twice. And a man gets life in prison for installing hidden cameras. Awais Rashid from University of Bristol on cybersecurity risk decisions. Guest is Cathy Hall from Sila on Privileged Access Management.

North Korean and Chinese cyber espionage. Updates on Texas ransomware. Steam zero-day released.

Aug 22, 2019 20:05

Description:

A North Korean cyber espionage campaign targets universities, think tanks, and foreign ministries. Chinese cyber spies goes after the healthcare sector. A bug hunter discloses a zero-day for Steam. Updates on the Texas ransomware attacks. Adult sites leak user information. And Veracruz fans hack their club president’s Twitter account to express their displeasure. Guest is Stewart Kantor, CFO and co-founder of Ondas Networks, on securing licensed spectrum. Emily Wilson from Terbium Labs on Phishing Kits.

China criticizes Twitter and Facebook. Silence expands internationally. A popular Ruby library was backdoored.

Aug 21, 2019 20:39

Description:

China says Twitter and Facebook are restricting its freedom of speech. The Silence criminal gang has expanded internationally. Google, Mozilla, and Apple are blocking the Kazakh government’s root certificate. A popular Ruby library was backdoored after a developer’s account was hacked. And scammers buy ads to place their phone numbers at the top of search results. Daniel Prince from Lancaster University on cyber risk in a global economy and guest is Rick Howard Palo Alto Networks on a study revealing Americans are confused about cybersecurity.

Chinese information operations on Twitter and Facebook. iOS jailbreak released. Adult websites leak information.

Aug 20, 2019 21:10

Description:

Twitter and Facebook shut down Chinese information operations. A jailbreak for the latest version of iOS is out. Facebook may have known about the “view as” bug. Vulnerabilities in Google’s Nest cams are patched. Instagram gets a data abuse bounty program. The FCC released a report on the CenturyLink outage. And adult websites leak information. Michael Sechrist from Booz Allen Hamilton on exploits. Guest is John Bennett from LogMeIn on addressing the growing cyber threats to the SMB market.

 

ISIS claims Kabul massacre. Huawei gets a temporary break. Texas governments hit by ransomware. Hy-Vee warns of point-of-sale attack.

Aug 19, 2019 19:27

Description:

ISIS claims responsibility for Kabul massacre. Huawei gets another temporary reprieve. Local governments in Texas sustain ransomware attacks. Georgia hopes to combat cyberattacks with training. Google cuts a data sharing service. Bulletproof VPN services purchase residential IPs. Smartphones could be used to carry out acoustic side channel attacks. And Hy-Vee warns of a point-of-sale breach. Joe Carrigan from JHU ISI discusses corporate password policies. Guest is Ben Waugh from RedOx talks about bug bounties in healthcare.

Detecting dating profile fraud — Research Saturday

Aug 17, 2019 25:04

Description:

Researchers from King’s College London, University of Bristol, Boston University, and University of Melbourne recently collaborated to publish a report titled, "Automatically Dismantling Online Dating Fraud." The research outlines techniques to analyze and identify fraudulent online dating profiles with a high degree of accuracy.

Professor Awais Rashid is one of the report's authors, and he joins us to share their findings.

The original research can be found here:
https://arxiv.org/pdf/1905.12593.pdf

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

ECB sustains an intrusion into a third-party-hosted service. Norman quietly mines Monero. MetaMorph appears in a stealthy phishing campaign. Information operations.

Aug 16, 2019 23:28

Description:

The European Central Bank shutters a service due to a hostile intrusion. Norman quietly mines Monero. MetaMorph passes through email security filters. Some Capital One insiders thought they saw trouble brewing. Instagram crowd-sources epistemology. Deep fakes are well and good, but the will to believe probably gets along just fine with shallow fakes. US Cyber Command posts North Korea’s Electric Fish malware to VirusTotal. Johannes Ullrich from the SANS Technology Institute on IP fragmentation in operating systems. Guest is John Smith from ExtraHop on the aftermath of an insurance claim.

Huawei accused of abetting domestic surveillance in Africa. Cyber gangs adapt and evolve. Prosecutors indicate they’ll add charges to “erratic.” Bluetana detects card skimmers.

Aug 15, 2019 18:33

Description:

Huawei accused of aiding government surveillance programs in Zambia and Uganda. Cyber gangs are adapting to law enforcement, and they’ve turned to “big game hunting.” They’re also adapting legitimate tools to criminal purposes. US Federal prosecutors indicate they intend to add charges to those Paige Thompson already faces for alleged data theft from Capital One. And there’s a new tool out there for detecting gas pump paycard skimmers. Malek Ben Salem from Accenture Labs on transparency and community standards online. Guest is Taylor Armerding from Synopsis on the projected employment shortfall in cyber security.

Hacking the Czech Foreign Ministry. Microsoft patches new wormable bugs. More controversial human review of AI. Insecure links, exposed databases, and a California vanity plate.

Aug 14, 2019 20:08

Description:

The Czech Senate wants action on what it describes as a foreign state’s cyberattack on the country’s Foreign Ministry. Microsoft warns against the wormable DéjaBlue set of vulnerabilities. More humans found training AI. Insecure airline check-in links. Exposed databases involve BioStar 2 and Choice Hotels--the latter was held at a third-party vendor. And the LAPD doesn’t find a vanity license plate with the letters N-U-L-L particularly funny. David Dufour from Webroot with thoughts on cyber security insurance policies. Guest is Elisa Costante from ForeScout on building automation vulnerabilities.

UN Security Council looks at North Korean cybercrime. Notes on PsiXBot and BITTER APT. The state of spearphishing. Election security. A final look back at Black Hat and Def Con.

Aug 13, 2019 20:16

Description:

More on the UN Security Council’s report on North Korean state-sponsored cyber crime. PsiXBot evolves. BITTER APT probes Chinese government networks in an apparent espionage campaign. A study looks at the state of spearphishing. It’s not just the three-letter agencies out securing US voting systems; it’s the four-letter agencies who are taking point. And a last look back at Black Hat and Def Con. Jonathan Katz from UMD on Apple’s clever new cryptographic protocol. Guest is Mike Overly from Foley and Lardner LLP on the House’s hold on the State Department’s proposal for a Bureau of Cyberspace Securities and Emerging Technologies.

A look back at Black Hat and Def Con. Sometimes failures that look like accidents are accidents. Russia wants better content suppression from Google. Notes on intelligence services.

Aug 12, 2019 20:36

Description:

A look back at Black Hat and Def Con, with notes on technology and public policy. Participants urge people to contribute their expertise to policymakers. Power failures in the UK at the end of last week are largely resolved, and authorities say they’ve ruled out cyberattack as a possible cause. Russia puts Google on notice that it had better moderate YouTube content to put an end to what Moscow considers incitement to unrest. And China says reports of criminal activity are bunkum. Joe Carrigan from JHU ISI with thoughts on corporate password policies. Guest is Ralph Russo from Tulane University on how schools like Tulane are shaping their programs to meet the needs of business and government.

Unpacking the Malvertising Ecosystem — Research Saturday

Aug 10, 2019 26:09

Description:

Researchers at Cisco's Talos Unit recently published research exploring the tactics, technics and procedures of the global malvertising ecosystem. Craig Williams is head of Talos Outreach at Cisco, and he guides us through the life cycle of malicious online ads, along with tips for protecting yourself and your organization.

The research can be found here: 

https://blog.talosintelligence.com/2019/07/malvertising-deepdive.html

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Voting machine security. Airliner firmware. Attribution and deterrence in cyberwar. Monitoring social media. Broadcom buys Symantec’s enterprise security business. Policing, privacy, and an IoT OS.

Aug 9, 2019 25:07

Description:

Are voting machines too connected for comfort? Airliner firmware security is in dispute. Attribution, deterrence, and the problem of an adversary who doesn’t have much to lose. Monitoring social media for signs of violent extremism. Broadcom will buy Symantec’s enterprise business for $10.7 billion. Amazon’s Ring and the police. A CISA update on VxWorks vulnerabilities. And human second-guessing of AI presents some surprising privacy issues.  Justin Harvey from Accenture with his insights from the Black Hat show floor. Guest is Tim Tully from Splunk on the AI race between the US and China.

Hacking in the Gulf region. Vulnerability research into airliner avionics. Phishing and ransomware move to the cloud. EU data responsibilities. US bans five Chinese companies.

Aug 8, 2019 19:43

Description:

Tensions in the Gulf are accompanied by an increase in cyber optempo. A warning about vulnerable airliner avionics. Phishing is moving to the cloud, and so is ransomware. Android’s August patches address important Wi-Fi issues. An EU court decision clarifies data responsibilities. The US bans contractors from dealing with five Chinese companies. Bogus Equifax settlement sites are established for fraud. Our guests are both offering insights and observations from this year’s Black Hat conference. Matt Aldridge is from Webroot and Bob Huber is CSO at Tenable.

Another speculative execution flaw. LokiBot evolves. APT41 moonlights. Scammers exploit tragedies. Black Hat notes.

Aug 7, 2019 20:08

Description:

A new speculative execution processor flaw is addressed with software mitigations. LokiBot gets more persistent, and it adopts steganography for better obfuscation. The cyber-spies of APT41 seem to be doing some moonlighting. An accused criminal who bribed telco workers to unlock phones is in custody. Scammers are exploiting the tragedies in El Paso and Dayton. And a call at Black Hat for the security sector to bring in some safety engineers. Ben Yelin from UMD CHHS on Virginia updating legislation to address Deep Fakes. Guest is James Plouffe from MobileIron on the challenges of authentication and the legacy of passwords.

 

Fancy Bear is snuffling around corporate IoT devices. Machete takes its cuts at Venezuelan military targets. What Mr. Kim is buying. MegaCortex goes for automation. Vigilantes, misconfigurations, etc.

Aug 6, 2019 20:44

Description:

Fancy Bear is back, and maybe in your office printer. El Machete, a cyber espionage group active at least since 2014, is currently working against the Venezuelan military. A UN report allegedly offers a look at what Mr. Kim is doing with the money his hackers raked in. MegaCortex ransomware shows growing automation. Another unsecured AWS S3 bucket is found. A bank stores some PINs in a log file. Vigilante smishing. And when popping off becomes arguably criminal. Craig Williams from Cisco Talos with updates on Sea Turtle. Guest is Chris Roberts from Attivo Networks with a preview of his Black Hat keynote, A Hacker’s Perspective, Where Do We Go From Here?

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/August/CyberWire_2019_08_06.html 

Support our show

Ransomware attacks in Mexico and Germany. Wipers in criminal service. Supervising Siri and Alexa. Mass shooters find inspiration and online expression.

Aug 5, 2019 18:28

Description:

A Mexican publisher is hit with an extortion demand. Ransomware increasingly carries a destructive, wiper component: Germany is dealing with a virulent strain right now. Apple and Amazon, after the bad optics of reports that they’re farming out Siri and Alexa recordings to human contractors for quality control, are both modifying their approaches to training the assistants. And investigators sort through mass shooters’ digital trails. Joe Carrigan from JHU ISI on the VXWorks operating system vulnerabilities. Guest is Eli Sugarman from the Hewlett Foundation on their efforts to reimagine cybersecurity visuals.

Package manager repository malware detection — Research Saturday

Aug 3, 2019 11:38

Description:

Researchers at Reversing Labs have been tracking malware hidden in software package manager repositories, and it's use as a supply chain attack vector. Robert Perica is a principal engineer at Reversing Labs, and he joins us to share their findings. 

The research can be found here:

https://blog.reversinglabs.com/blog/suppy-chain-malware-detecting-malware-in-package-manager-repositories

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Spearphishing utility companies. Bellingcat as gadfly, and target. Facebook takes down more coordinated inauthenticity. Card skimming. Tech regulation. Random acts of cruelty.

Aug 2, 2019 24:35

Description:

LookBack malware used in spearphishing campaigns against US utilities. Phishing Bellingcat. Facebook takes down two campaigns of coordinated inauthenticity that had been active in the Middle East and North Africa. The growing problem of online card skimming. The FTC’s investigation of Facebook centers on acquisitions. The Fed visits Amazon. And followers of a YouTube streamer treat the homeless as punchlines in a big practical joke. Prof. Awais Rashid from University of Bristol on the ability to “smell” security issues in software. Guest is Matt Howard from Sonotype on their State of the Software Supply Chain report.

Capital One investigation update. Don’t give up on the cloud. Exposed databases and backdoors. Cybercrime as high-stakes poker. Phishing the financials. Bots on holiday.

Aug 1, 2019 20:43

Description:

Investigators pursue the possibility that the alleged Capital One hacker might have hit other companies’ data. An exposed ElastiSearch database, now secured, was found at Honda Motors. Data from beauty retailer Sephora are found on the dark web. Defenders are urged to think of themselves as in a poker game with the opposition. Phishing remains the biggest threat to financial services. And what vacation spots attract the eyes of bots? Emily Wilson from Terbium Labs with more details from their recent fraud and international crime report. Guest is Giovanni Vigna from Lastline with thoughts on the upcoming Black Hat conference.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/August/CyberWire_2019_08_01.html 

Support our show

Capital One breach update. CISA warns of avionics CAN bus vulnerabilities. More attacks on local Louisiana governments. Change at the SEC. Cyber summer school for NATO, EU diplomats.

Jul 31, 2019 19:49

Description:

Capital One takes a market hit from its data loss. Observers see the incident as a reminder that cloud users need to pay attention to their configurations. CISA warns of vulnerabilities in small, general aviation aircraft. Another parish in Louisiana is hit with a cyberattack. The SEC’s top cyber enforcer is moving on from the Commission. And diplomats go to cyber summer school in Estonia. It’s not a coding bootcamp, but it should give them the lay of the cyber land.  Jonathan Katz from UMD on speculation of what a quantum internet might involve. Guest is Jessica Gulick from Katzcy Consulting on the Wicked6 eSports-style cyber competition coming to Las Vegas during Black Hat & Defcon.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/July/CyberWire_2019_07_31.html 

Support our show

Capital One sustains a major data breach. Phishing in LinkedIn. VxWorks patches and mitigations. Brute-forcing NAS credentials. LAPD doxed?

Jul 30, 2019 20:22

Description:

Capital One sustains a major data breach affecting 106 million customers, and a suspect is in custody, thanks largely to her incautious online boasting. Iranian social engineers are phishing in LinkedIn, baiting the hook with a bogus job offer. WindRiver fixes VxWorks bugs. Network Attached Storage is being brute-forced. A hacker claims to have doxed members of the Los Angeles Police Department.  Ben Yelin from UMD CHHS on cities piloting aerial surveillance programs. Tamika Smith interviews Noam Cohen from the New Yorker on California’s new law regulating bots.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/July/CyberWire_2019_07_30.html 

Support our show

Bears sniff at Bellingcat. Magecart in spoofed domains. MyDoom is still active. Shipboard malware was Emotet. Hutchins sentenced. Digital assistants have big ears. Taxes owed on alt-coin gains.

Jul 29, 2019 19:54

Description:

Bellingcat gets a look-in from the Bears. Magecart card-skimming code found in bogus domains. The MyDoom worm remains active in the wild, fifteen years after it first surfaced. Election security threats. The US Coast Guard says the malware that hit a container ship off New York earlier this year was Emotet. Marcus Hutchins gets time served. Fresh concerns about digital assistants and privacy. And yes, you do owe taxes on those alt-coins. Joe Carrigan from JHU ISI on the availability of the BlueKeep vulnerability. Guest is Tom Hegel from AT&T Cybersecurity with thoughts on integrating threat intelligence.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/July/CyberWire_2019_07_29.html 

Support our show

Special Edition - Cult of the Dead Cow author Joseph Menn extended interview

Jul 28, 2019 23:18

Description:

Our guest today is Joseph Menn. He’s a longtime investigative reporter on technology issues, currently working for Reuters in San Francisco. He’s the author of several books, the latest of which is titled Cult of the Dead Cow - How the original hacking supergroup might just save the world.

This program sponsored by Proactive Risk.

Day to day app fraud in the Google Play store — Research Saturday

Jul 27, 2019 20:08

Description:

Researchers at bot mitigation firm White Ops have been tracking fraudulent apps in the Google Play store. These apps often imitate legitimate apps, even going so far as to lift code directly from them, but instead of providing true functionality they harvest user data and send it back to command and control servers.

Marcelle Lee is a principal threat intel researcher at White Ops, and she shares their findings. 

The original research can be found here —
https://www.whiteops.com/blog/another-day-another-fraudulent-app

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

 

Winnti and other Chinese espionage activity. Volume I of the US Senate report on election meddling is out. Ransomware from Sabine, Louisiana, to Johannesburg, South Africa.

Jul 26, 2019 25:36

Description:

Winnti and other Chinese threats have been active against German and French targets. The US Senate Intelligence Committee has issued the first volume of its report on Russian operations against US elections--this one deals with infrastructure. Louisiana declares a state of cyber emergency over ransomware. Johannesburg’s power utility is also hit with ransomware. And you could get up to $175 from the Equifax breach settlement. Daniel Prince from Lancaster University on experimental protocols for ICS security systems. Guest is Joseph Menn, author of The Cult of the Dead Cow.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/July/CyberWire_2019_07_26.html 

Support our show

News about Russian and Chinese government threat actors. Powerful crimeware active in Brazil. BlueKeep really needs to be patched. Messenger Kids issues. Dispatches from the cryptowars.

Jul 25, 2019 20:09

Description:

Did you know that Fancy Bear has taken to wearing a Monokle? A new Chinese cyber espionage campaign is identified. Intrusion Truth tracks APT17 to Jinan, and China’s Ministry of State Security. Guildma malware is active in Brazil, and may be spreading. BlueKeep is out in the wild, and now available to pentesters. Facebook’s Messenger Kids app has been behaving badly. And an update on the cryptowars, with some dispatches from the American front. Michael Sechrist from Booz Allen Hamilton on municipalities paying ransomware. Guest is Eric Murphy from SpyCloud on threat intelligence at scale.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/July/CyberWire_2019_07_25.html 

Support our show

Lancaster University breached. Kazakhstan is testing out HTTPS interception. The UK postpones its decision on Huawei’s 5G gear. The FTC is requiring Facebook to set up a privacy committee.

Jul 24, 2019 19:18

Description:

In today’s podcast, we hear that Lancaster University has suffered a data breach. A reportedly critical vulnerability in VLC Media Player may have already been fixed last year. Kazakhstan is testing out HTTPS interception. The UK postpones its decision on Huawei’s 5G gear. The FTC is requiring Facebook to set up a privacy committee. Attorney General Barr wants a way for law enforcement to access encrypted data. And the National Security Agency is launching a Cybersecurity Directorate. David Dufour from Webroot on security awareness training. Guest is Emily Wilson from Terbium Labs about the Federal Trade Commission’s investigation into complaints over Youtube’s improper data collection of kids online data.

Venezuela blames power failure on exotic sabotage, again. Huawei may have built North Korea’s 3G wireless networks. Were record privacy fines high enough? Logic bombing the customer.

Jul 23, 2019 19:27

Description:

Venezuela’s government says the country’s massive blackout is the work of sabotage by foreign actors (read, the Yanquis) who took down the grid with an “electromagnetic attack.” Documents leaked from Huawei indicate that the electronics giant did essential work for North Korea’s infrastructure. Both Facebook and Equifax say major fines over privacy issues, but there’s growing sentiment that the fines were on the low side. And, coders, make loyalty programs, not logic bombs. Malek Ben Salem from Accenture Labs on defending against disinformation. Guest is Robb Reck from Ping Identity on insider threat programs.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/July/CyberWire_2019_07_23.html 

Support our show

FSB contractor hacked. Pegasus now able to rummage clouds? Iranian cyber ops spike. Fraudulent student profiles. Judgement in Equifax FTC case. NSA hoarder gets nine years.

Jul 22, 2019 19:57

Description:

A contractor for Russia’s FSB security agency was apparently breached. NSO Group says its Pegasus software can now obtain access to private messages held in major cloud services. Iranian cyber operations are said to be spiking, and Tehran is paying particular attention to LinkedIn. Colleges and universities are experiencing ERP issues, and a minor wave of bogus student applications. Equifax receives its judgment. And there’s a sentence in the case of the NSA hoarder.  Joe Carrigan from JHU ISI on Android apps circumventing privacy permission settings. Guest is David Brumley from ForAllSecure on autonomous security and DevSecOps.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/July/CyberWire_2019_07_22.html 

Support our show

Special Edition — The Fifth Domain coauthor Richard A. Clarke

Jul 21, 2019 22:40

Description:

Our guest today is Richard A. Clarke, former National Coordinator for Security, Infrastructure Protection and Counter-terrorism for the United States. Under President George W. Bush he was appointed Special Advisor to the President on cybersecurity. He’s currently Chairman of Good Harbor Consulting. He’s the author or coauthor of several books, the latest of which is titled The Fifth Domain - Defending Our Country, Our Companies, and Ourselves in the Age of Cyber Threats.

This is an extended version of an interview originally aired on the July 19, 2019 edition of the CyberWire daily podcast.

Thanks to our sponsors FTI Cybersecurity.

 

Nansh0u not your normal cryptominer — Research Saturday

Jul 20, 2019 17:48

Description:

Researchers at Guardicore Labs have been tracking an unusual cryptominer that seems to be based in China and is targeting Windows MS-SQL and phpMyAdmin servers. Some elements of the exploit make use of sophisticated components previously associated with nation-state actors.

Ophir Harpaz and Daniel Goldberg are members of the Guardicore Labs team, and they join us to explain their findings.

The research can be found here - 
https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

 

Following K3chang. Bulgaria’s tax agency breach. An alternative currency gets some incipient regulatory scrutiny. Why towns are hit with ransomware. A hair-care hack.

Jul 19, 2019 24:47

Description:

K3chang is out, about, and more evasive than ever. Data breached at Bulgaria’s National Revenue Agency has turned up online in at least one hacker forum. Facebook’s planned Libra cryptocurrency received close scrutiny and a tepid reception on Capitol Hill this week. Emsisoft offers some common-sense reflections on why local governments are attractive ransomware targets. Please patch BlueKeep. And a hair care product is vulnerable to hacking. Johannes Ullrich from the SANS Technology Institute with tips on ensuring your vulnerability scans are secure. Guest is Richard Clarke, former National Coordinator for Security, Infrastructure Protection and Counter-terrorism for the United States, and coauthor of the book The Fifth Domain.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/July/CyberWire_2019_07_19.html 

Support our show

TrickBot’s new tricks. Poisoning the ad supply chain. Clouds get schooled. Novel phishing tackle, but stale bait. Cyberwar powers. Election interference. FaceApp fears. Bad macro suspect arrested.

Jul 18, 2019 19:46

Description:

TrickBot gets some new tricks, and they’re being called Trickbooster. Poisoning the advertising supply chain. Hessian schools will shy away from American cloud services. A novel phishing campaign is technically savvy but gives itself away with broken English phishbait. Congress would like to see Presidential cyberwar instructions. Microsoft warns of foreign attacks on elections. FaceApp looks suspicious. And a suspect is collared in a malicious macro case. Jonathan Katz from UMD on random number issues in YubiKeys. Carole Theriault speaks with Michael Madon from MimeCast on email imposter scams.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/July/CyberWire_2019_07_18.html 

Support our show

Telco data breach. Firmware supply chain problems. Hacking BLE. Census security. Continuity of operations. Decryptor for GandCrab, NSPM 13. Bulgaria’s tax hack.

Jul 17, 2019 20:32

Description:

Sprint warns of data breach. Eclypsium announces discovery of server firmware supply chain problems. Bluetooth Low Energy may be less secure than thought. Congress hears about US census cybersecurity. Ransomware and continuity of operations. The FBI offers help decrypting GandCrab-affected files. Venafi on why financial services are especially affected by certificate issues. Congress asks to see NSPM 13. And an arrest is made in Bulgaria’s tax agency hack. Ben Yelin from UMD CHHS on the DOJ being required to make public attempts to break encryption in Facebook Messenger. Tamika Smith speaks with Alex Guirakhoo from Digital Shadows about scammers registering fake domains to try to capitalize on Facebook’s Libra cryptocurrency plans.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/July/CyberWire_2019_07_17.html 

Support our show

GandCrab hoods may be back with new ransomware. Video-on issues. Broadcom-Symantec talks are off, for now. Treason or just business? Robo-calls. A decryptor for Ims0rry ransomware.

Jul 16, 2019 19:47

Description:

The retirement of GandCrab’s hoods may have been exaggerated. Video conferencing tools RingCentral and Zhumu may have picked up Zoom’s issues in the tech they licensed. Broadcom’s projected acquisition of Symantec is on hold, at least for now. One Silicon Valley executive calls another company “treasonous.” The US FCC wants to reign in robo-calls. And there’s a free decryptor out for Ims0rry ransomware. Emily Wilson from Terbium Labs on recent Terbium research on transnational crime. Guest is Wim Coekaerts from Oracle on security in the age of AI.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/July/CyberWire_2019_07_16.html 

Support our show

Voting machine woes. Router exploits trouble Brazil, Bitpoint alt-coin exchange investigates theft. Facebook fined $5 billion. Power failures probably unrelated to cyberattacks. Amazon Prime phishing.

Jul 15, 2019 19:39

Description:

Upgraded voting machines may not be as secure, or as upgraded, as election officials seem to think. Criminals continue to exploit routers in Brazil. A Japanese cryptocurrency exchange shuts down while it investigates a multimillion dollar theft. The Federal Trade Commission fines Facebook $5 billion over privacy issues. Weekend power outages seem not to have been the result of cyberattacks. Another city sustains a ransomware attack. Shop carefully on Amazon Prime Day. Joe Carrigan from JHU ISI on Apple pushing an update to mitigate Zoom conferencing app vulnerabilities. Guest is Patrick Cox from TrustID on government agencies using inadequate ID authentication via phone.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/July/CyberWire_2019_07_15.html 

Support our show

Opportunistic botnets round up vulnerable routers — Research Saturday

Jul 13, 2019 18:04

Description:

Researchers at Netscout's ASERT Team have been tracking the growth of botnets originating in Egypt and targeting routers in South Africa. The payload is a variant of the Hakai DDoS bot.

Richard Hummel is threat intelligence manager at Netscout, and he joins us to share their findings.

The original research is here:

https://www.netscout.com/blog/asert/realtek-sdk-exploits-rise-egypt

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

 

 

Buhtrap gets into the spying game. US cyber operations against Iran considered: there are both strategic and Constitutional issues. Election security. Water bills. And again with the WannaCry.

Jul 12, 2019 23:51

Description:

Buhtrap moves from financial crime to cyber espionage. There may have been as many as three distinct US cyber operations against Iran late last month. The US legislative and executive branches continue to try to sort out Constitutional issues surrounding cyber conflict. The US Intelligence Community tell Congress that there are “active threats” to upcoming elections. One city’s cyber woes will be expressed in water bills. And WannaCry may ride again, if you don’t patch. Mike Benjamin from CenturyLink on DNS scanning they’re tracking. Guest is Martha Saunders, President of the University of West Florida, on how her institution is adapting to meet the workforce needs for cyber security professionals.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/July/CyberWire_2019_07_12.html 

Support our show

Magecart is getting interested in exposed databases. Agent Smith may be in your Android app store. Tracking FinSpy. A contractor gets spearphished.

Jul 11, 2019 20:09

Description:

GDPR fines and their implications. A reminder about Magecart, and some notes on its recent interest in scanning for unprotected AWS S-3 buckets. Agent Smith (of Guangzhou, not the Matrix) is infesting Android stores with evil twins of legitimate apps. FinSpy is out and about in the wild again. “Daniel Drunz” is the catphish face of a gang that stung a US Government contractor for millions in goods. Justin Harvey from Accenture on the recent GDPR fines. Carole Theriault speaks with Michael Covington from Wandera on the risks facing financial services firms.

Zoom addresses concerns about call joining and cameras. ICS vulnerabilities addressed. Patch Tuesday notes. Tracing a disinformation campaign.

Jul 10, 2019 20:44

Description:

Zoom agrees to change what it still sort of regards as a feature and not a bug. Industrial control system vulnerabilities are reported and patched. Microsoft issues seventy-seven fixes on Patch Tuesday. Adobe has a relatively light month for patches. Marriott is hit with a large fine from the UK’s Information Commissioner’s Office. An investigative report traces disinformation about a 2016 Washington murder to Russia’s SVR foreign intelligence service. Craig Williams from Cisco Talos with info on the Spelevo exploit kit. Tamika Smith speaks with Myke Lyons, CISO for Collibra, on new industry regulations based on GDPR.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/July/CyberWire_2019_07_10.html 

Support our show

Security issues with Zoom for Macs. Astaroth fileless malware reported in Brazil. GoBotKR distributed by torrent. ICO hits British Airways with a record fine. State attacks and state defenses.

Jul 9, 2019 20:17

Description:

Zoom user security appears to have been sacrificed on the altar of user experience. The fileless Astaroth Trojan is again in circulation, mostly, for now, in Brazil. Torrents are distributing the GoBot2 backdoor. The UK’s Information Commissioner’s Office clobbers British Airways with a record fine under GDPR, probably to encourage all the rest of us. Croatian government offices are spearphished. Iran says it’s now got an attack-proof comms system. And NSA’s IG reports.  Joe Carrigan from JHU ISI on security issues with D-Link routers. Guest is Martin Mckeay from Akamai on their most recent State of the Internet report.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/July/CyberWire_2019_07_09.html 

Support our show

Another ransomware victim pays extortionists. Business email compromise. Government impostor scams. ShadowBrokers still airborne. Exploit supply chain. Silence suspected in bank heists.

Jul 8, 2019 20:24

Description:

Another ransomware victim pays up. Privilege escalation comes to ransomware. Vendor impersonation scams hit cities, and government impersonation scams hit citizens: be wary of both. Former NSA contractor Hal Martin will be sentenced later this month, with suspected connections with the ShadowBrokers still unresolved. An exploit supply chain is described. The Silence gang is suspected in Bangladeshi bank heists. And a bad message can brick a phone. Ben Yelin from UMD CHHS on privacy concerns with a shared bar patron database. Guest is Derek E. Weeks from Sonotype on supply chain security.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/July/CyberWire_2019_07_08.html 

Support our show

Warnings of Outlook exploitation, with a possible Iranian connection. GPS jamming in the Eastern Med. Satellite vulnerabilities. 505 errors. TA505’s new tactics. Content moderation updates.

Jul 3, 2019 20:11

Description:

US Cyber Command warns that an Outlook vulnerability is being actively exploited in the wild. Other sources see a connection with Iran. GPS signals are being jammed near Tel Aviv, and Russian electronic activity in Syria is suspected as the cause. A look at the consequences of satellite cyber vulnerabilities. The TA505 gang changes some of its tactics. Yesterday’s brief Internet outages are traced to a Cloudflare glitch. Facebook and YouTube continue to grapple with content moderation. Mike Benjamin from CenturyLink on Emotet’s C2 behavior. Guest is Avital Grushcovski  from Source Defense on the risk posed by third party web site tools.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/July/CyberWire_2019_07_03.html 

Support our show

US-Iranian tension expressed in cyberspace. OceanLotus and Ratsnif. Ransomware in Georgia, again. Going low-tech to protect the grid. Magecart update. Cryptowars and agency equities.

Jul 2, 2019 19:38

Description:

Tensions between the US and Iran are likely to find further expression in cyberspace. OceanLotus’s Ratsnif kit isn’t up to the threat actors normally high standards of coding, but it’s plenty good enough. Cyberattacks in the states of Florida and Georgia. Utilities are urged to go lower tech where possible. Magecart skimmer “Inter” is being hawked on the dark web. And no, they haven’t videoed you using EternalBlue: just dump that email. Johannes Ullrich from the SANS Technology Institute and the ISC Stormcast podcast on Weblogic exploits. Guest is Nick Jovanovic from Thales on cloud security in the federal space.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/July/CyberWire_2019_07_02.html 

Support our show

Huawei spits the hook? CISA warns about the risk of Iranian cyberattack. Power grid security. Cryptocurrency and fraud. Content moderation. Senators like Hack the Pentagon.

Jul 1, 2019 20:14

Description:

Huawei gets to buy some products from US companies, again. CISA reiterates warnings about the risk of cyberattack from Iran. Considerations about power grid security. Cryptocurrencies draw criminals, and some of the scammers are looking ahead. Australia and New Zealand will conduct a simulation to study ways of removing “abhorrent content” from the Web. The Senate likes Hack the Pentagon. And tech enthusiasm or voyeurism? You decide. Justin Harvey from Accenture on ways attackers are bypassing 2-factor authentication on mobile devices. Guest is Gretel Egan from Proofpoint on the shift toward human-centric security.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/July/CyberWire_2019_07_01.html 

Support our show

Giving everyone a stake in the success of Open Source implementation — Research Saturday

Jun 29, 2019 21:48

Description:

Synopsys recently published the 2019 edition of their Open Source Security and Risk Analysis (OSSRA) Report, providing an in-depth look at the state of open source security, compliance, and code quality risk in commercial software.

Tim Mackey is principal security strategist within the Synopsys Cyber Research Center, and he joins us to share their findings.

The research can be found here:

https://www.synopsys.com/software-integrity/resources/analyst-reports/2019-open-source-security-risk-analysis.html

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

 

Regin in Yandex? Golang is out and busy. So is the ShadowGate crew. The ICO wants an explanation from the Metropolitan Police. Trackers in news sites. Phishing those who seek “Verification.”

Jun 28, 2019 24:37

Description:

Yandex says it was hacked with Regin spyware. The Golang cryptominer is spreading, again. And the ShadowGate ransomware crew is newly active with a dangerous drive-by. Three data exposures are reported. London’s Metropolitan Police are in trouble with the Information Commissioner’s Office. A look as tracker behavior. The Verified Badge as a phishing lure. And congratulations to a Loeb Award winner. Micahel Sechrist from BAH on Deep Fakes and data integrity. Deloitte’s new head of cyber Deborah Golden shares her leadership philosophy.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/June/CyberWire_2019_06_28.html 

Support our show

Washington and Tehran confront one another in cyberspace. Dominion National investigates data incident. Facebook on info ops (and identity). Labor market notes. Skids on skids.

Jun 27, 2019 20:30

Description:

The US cyberattack against Iranian targets remains only indistinctly visible in the information fog of cyberwar. Iran’s APT33 seems to have altered its tactics after its operations against Saudi targets were described by Symantec at the end of March. An insurer and provider of vision and dental benefits investigates a “data incident.” Skids-on-skids, kids. Facebook talks information operations, and teases plans concerning identity. Notes on the labor market. Johannes Ullrich from the SANS Technology Institute and the ISC Stormcast podcast on malware C&C channels making use of TLS. Tamika Smith speaks with Harrison Van Riper from Digital Shadows about their recent report, “Too Much Information: The Sequel,” outlining the increase in data exposure over the past year.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/June/CyberWire_2019_06_27.html 

Support our show

Militia said to be target of US cyberattack. Myanmar shuts down networks. Spam campaign. Supply chain issues for Huawei gear. Election security. Recovering from ransomware by paying up?

Jun 26, 2019 20:12

Description:

Sources name a Shi’ite militia aligned with Iran as one target of last week’s US cyberattacks. Myanmar shuts down mobile networks in its Rakhine province, where the Buddhist insurgents of the Arakan Army have been using Facebook for coordination and inspiration. A major spam campaign is distributing LokiBot and NanoCore. Finite State finds bugs in Huawei gear. Election security notes. And paying the ransom to ransomware extortionists. David Dufour from Webroot on the different trends they are tracking in Europe vs. the US. Guest is David Politis from BetterCloud with a warning about information sprawl.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/June/CyberWire_2019_06_26.html 

Support our show

Operation Soft Cell targets mobile networks. DC and Tehran trade barbs. Critical infrastructure concerns. Maryland’s Cyber Defense Initiative.

Jun 25, 2019 20:35

Description:

Operation Soft Cell was low, slow, patient, and focused, and apparently run from China. Washington and Tehran are woofing at each other, with more exchanges in cyberspace expected. Cyber due diligence is taken increasingly seriously during mergers and acquisitions. Short-sighted design choices affect app security. The US security clearance process gets an overhaul. Shimmers replace skimmers. And yesterday’s US Internet outage explained. Sergio Caltagirone from Dragos on the growing tensions between the US, Russia and Iran and how providers of critical infrastructure can prepare. Tamika Smith interviews Danielle Gaines, a reporter for Maryland Matters, on MD Gov. Hogan’s response to the Baltimore ransomware incident, the creation of the Maryland Cyber Defense Initiative.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/June/CyberWire_2019_06_25.html 

Support our show

Notes on a reported US cyberattack against Iran. A look at “Secondary Infektion.” And some cases of cyber stalking.

Jun 24, 2019 19:11

Description:

The US is said to have conducted cyberattacks against Iranian targets related to recent Iranian moves in the Gulf. They cyber operations are also said to have been a covert alternative to conventional military strikes. The Atlantic Council describes “Secondary Infektion,” a Russian disinformation campaign that begins obscurely, then depends upon amplification. And a case of cyber stalking in Minnesota goes to court. Joe Carrigan from JHU ISI on the escalating calls to patch the BlueKeep vulnerability.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/June/CyberWire_2019_06_24.html 

Support our show

Middleboxes may be meddling with TLS connections — Research Saturday

Jun 22, 2019 21:50

Description:

Researchers at Cloudflare have been examining HTTPS interception, a technique that weakens security, and have developed tools to help detect it. 

Nick Sullivan is head of cryptography at Cloudflare, and he joins to us share their findings.

The research can be found here:
https://blog.cloudflare.com/monsters-in-the-middleboxes/

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

US-Iranian tensions find expression in cyberspace as Refined Kitten returns. Facebook tries friction against abuse. Cryptominers in the wild. Lead generation for cyber criminals.

Jun 21, 2019 25:00

Description:

Tensions between the US and Iran over tanker attacks, nuclear ambitions, and the downing of a Global Hawk drone seem to be finding expression in cyberspace: Refined Kitten sees to be pawing for some American phish. Facebook tries friction as an alternative to content moderation in damping its abuse in fomenting South Asian violence. Cryptomining campaigns are showing some renewed vigor. And a look at lead generation for Nigerian prince scams. Mike Benjamin from CenturyLink on RDP scanning and the GoldBrute campaign. Guest is Michael Coates, former CISO for Twitter and former head of security for Mozilla, from Altitude Networks on better addressing the needs of CISOs and improving the sales process.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/June/CyberWire_2019_06_21.html 

Support our show

Turla hijacks OilRig infrastructure. Bouncing Golf is no game. CISA panel recommends supply chain security reforms. AMCA driven toward bankruptcy by data breach. Florida town pays ransom.

Jun 20, 2019 20:00

Description:

Call it Waterbug or call it Turla, the Russian cyber operation has been hijacking Iran’s OilRIg cyber espionage infrastructure. Other cyber campaigns also afflict Middle Eastern targets. A US panel convened by CISA has some recommendations for supply chain security. An ad agency inadvertently exposes sensitive personal data. A bankruptcy filing in the AMCA breach. And Riviera Beach, Florida, decides to pay $600,000 in ransom to decrypt its files. Johannes Ullrich from SANS and the ISC Stormcast podcast on DNS security issues. Carole Theriault returns with an interview with ethical hacker Zoe Rose, who shares her advice for woman working in cyber security.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/June/CyberWire_2019_06_20.html 

Support our show

BlueKeep, again. Facebook’s cryptocurrency play. Updates on alleged or suspected electrical grid hacks. Catphishing and spying. Compromised social media accounts.

Jun 19, 2019 19:52

Description:

More advice to patch BlueKeep, already. Facebook announces its planned launch of a cryptocurrency, Libra, to the accompaniment of considerable acclaim and at least as much skepticism. Updates on alleged power grid cyber operations. Catphishing and the adaptation of traditional espionage craft in the digital age. And cheap sunglasses turn up as phishbait in compromised social media accounts. Justin Harvey from Accenture with thoughts on tabletop exercises. Guest is Tom Hickman from Edgewise Networks on access control and zero trust.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/June/CyberWire_2019_06_19.html 

Support our show

Power grids, accidents, the challenge of forensics, and the nature of deterrence. BlueKeep considerations. Third- and fourth-party risks.

Jun 18, 2019 20:08

Description:

Investigation into Argentina’s power failure continues, with preliminary indications suggesting “operational and design errors were responsible for the outage. Russia reacts to reports that the US staged malware in its power grid. Iran says it stopped US cyberespionage. ISIS worries about its vulnerability to BlueKeep. A breach at EatStreet illustrates some of the features of third-party risk. Ben Yelin from UMD CHHS on a Virginia license plate reader ban. Guest is Jack Danahy from Alert Logic on the troubling issue of adversary dwell time and the IT vigilance gap.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/June/CyberWire_2019_06_18.html 

Support our show

 

Cyber deterrence? What grid failure looks like (and it needn’t come from a cyberattack). EU complains of Russian info ops. Twitter takes down inauthentic accounts.

Jun 17, 2019 20:18

Description:

The New York Times reports that the US has staged malware in Russia’s power grid, presumably as deterrence against Russian cyberattacks against the US. South America has largely recovered from a large-scale power outage that seems, so far, to have been accidental. An EU report claims that Russian information operations against the EU are increasing. Twitter takes down more inauthentic sites. The Target outage over the weekend seems to have been caused by glitches, not hacking. Joe Carrigan from JHU ISI on the GDPR fine of a Spanish soccer league for a spying app. Tamika Smith speaks with Britt Paris from the Data & Society Research Institute on the weaponization of AI.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/June/CyberWire_2019_06_17.html 

Support our show

Apps on third-party Android store carry unwelcome code — Research Saturday

Jun 15, 2019 12:18

Description:

Researchers at Zscaler have been tracking look-alike apps in third-party Android app stores that carry malicious code. Deepen Desai is VP of security research and operations and Zscaler, and he joins us to share their findings. 

The original research can be found here:
https://www.zscaler.com/blogs/research/third-party-android-store-sms-trojan

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

 

Xenotime is now interested in the power grid. Vulnerable Exim servers under attack. Mr. Assange goes to court. Credential-stuffing attacks on gamers. And that Ms Katie Jones? Not a real person.

Jun 14, 2019 24:50

Description:

Xenotime is detected snooping around the North American power grid. Hacking groups exploit the Return of the Wizard vulnerability in Exim servers. Hearings on the extradition of WikiLeaks’ Julian Assange have begun. Online gamers are being chased with credential stuffing attacks: they’re after your skins, your accounts, your credit cards. And some LinkedIn catphish seem to be going to AI charm school. Justin Harvey from Accenture with advice for job-hunting grads. Guest is Dr. Matthew Dunlop, Vice President and Chief Information Security Officer for Under Armour, on the challenges of protecting one of the world’s most well-known brands.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/June/CyberWire_2019_06_14.html 

Support our show

Telegram recovers from DDoS. Fishwrap campaign breaks old news. Ransomware hits ACSO plants. Congress considers hacking back, again. That ol’ devil limbic system.

Jun 13, 2019 20:18

Description:

Telegram recovers from a distributed denial-of-service attack. No attribution yet, but all the circumstantial evidence points to the Chinese security services. Operation Fishwrap, conducted by parties unknown, is an influence campaign that substitutes olds for news. Aircraft component manufacturer ASCO’s production is hit by ransomware. Hacking back is back, in Congress. Why don’t people patch? And a tip on fact-checking. Ben Yelin from UMD CHHS on NYPD cellphone surveillance. Guest is Dave Aitel from Cyxtera on offense oriented security and the INFILTRATE conference.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/June/CyberWire_2019_06_13.html 

Support our show

Shifting techniques in cybercrime. Miscreants take note: “the aperture” will henceforth be wider for US Cyber Command and offensive ops. What Radiohead did.

Jun 12, 2019 20:32

Description:

TA505 and Fin8 are both up to their old ways, with some new tricks in their criminal bag. A reminder about social engineering and Google Calendar. A new assertiveness is promised in US cyber operations, as the Administration “widens the aperture.” Updates on the security concerns that surround Huawei and ZTE. And Radiohead takes a different approach to online extortion--just render what they’re holding for ransom valueless. Craig Williams from Cisco Talos on the Jasper Loader. Guest is Lisa Sotto from Hunton Andrews Kurth LLP on the report Seeking Solutions: Aligning Data breach Notification rules across borders.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/June/CyberWire_2019_06_12.html 

Support our show

Russia’s sovereign Internet. Huawei updates. CBP discloses exposure of images collected at a border crossing. Gmail features used for social engineering. M&A notes. Top bugs found by bounty hunters.

Jun 11, 2019 20:18

Description:

Russia says shrapnel from America’s war on that nice company Huawei is “destroying the world.” Russia also tells Tinder to fork over user pictures and messages. A Recorded Future study outlines the case for regarding Huawei as a security risk. US Customs and Border Protection discloses a breach of images collected at a border-crossing point. Crooks are taking advantage of Gmail features. Notes on recent mergers. And the top ten bugs bug hunters are finding. Johannes Ullrich from SANS and the ISC Stormcast podcast on the GoldBrute botnet. Guest is Tim Woods from FireMon reflecting on the past year under GDPR.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/June/CyberWire_2019_06_11.html 

Support our show

An espionage campaign succeeds without zero-days. Spam serves up old Office exploit. Disinformation makes it into YouTube. The Huawei Affair. Raytheon to be acquired.

Jun 10, 2019 17:07

Description:

MuddyWater shows renewed activity--no zero-days and no exotic malware, just clever approaches and determined social engineering. Spam is serving up payloads that exploit an old Microsoft Office vulnerability. Russian-sponsored disinformation has been romping freely through YouTube. Some back-and-forth over Huawei: Washington isn’t relenting, but some relief for US companies may be forthcoming. And Beijing rumbles about retaliation. United Technologies has agreed to acquire Raytheon. Joe Carrigan from JHU ISI on Apple’s newly announced secure sign-in service and it’s focus on privacy.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/June/CyberWire_2019_06_10.html 

Support our show

Xwo scans for default credentials and exposed web services — Research Saturday

Jun 8, 2019 14:43

Description:

Researchers at AT&T Alien Labs have been tracking a new malware family they've named "Xwo" that's scanning systems for default credentials and vulnerable web services. 

Tom Hegel is security researcher with AT&T Alien Labs, and he share their findings.

The original research is here:

https://www.alienvault.com/blogs/labs-research/xwo-a-python-based-bot-scanner

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Recruiting spies at university? GoldBrute botnet and RDP vulnerabilities. MuddyWater update. RIG delivers Buran. Achilles claims to sell access. NRC’s IG reports on cyber. Antitrust for Big Tech.

Jun 7, 2019 25:43

Description:

The Australian National University hack and data loss look to many observers like the work of Chinese intelligence services. The GoldBrute botnet is scanning vulnerable RDP servers. MuddyWater is back, undeterred by leaks and learning from the best. The RIG exploit kit is delivering Buran ransomware. Achilles says he’s got the goods. The Nuclear Regulatory Commission IG looks at cyber inspections. And Big Tech prepares for big antitrust. Robert M. Lee from Dragos on natural gas infrastructure security. Guest is Frank Downs from ISACA on the challenges educators face preparing the cyber security workforce.

BlueKeep proofs-of-concept. BeiTaAd plug-in is a serious Android pest. Cyber espionage against the EU’s Moscow embassy. Influence operations. A motive for GPS spoofing?

Jun 6, 2019 19:49

Description:

BlueKeep proof-of-concept exploits have been developed, and people are urged to patch. An annoying, disruptive advertising plug-in comes bundled with a couple of hundred Android apps in the Play Store. The EU’s Moscow embassy seems to have been the focus of Russian cyber espionage since 2017. Influence operations feature a small core of sites surrounded by many amplifying accounts. A possible motive for GPS spoofing. Johannes Ullrich from SANS and the ISC Stormcast podcast on Google throwing their weight behind MTA-STS, a protocol to make e-mail more secure. Guest is Josh Stella from Fugue on security and compliance in cloud infrastructure.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/June/CyberWire_2019_06_06.html 

Support our show

AMCA breach extends to LabCorp. Still no EternalBlue in Baltimore ransomware attack. Frankenstein malware. Real hacking isn’t like the movies. Huawei’s no-spy deal. US Data Strategy. Patch BlueKeep.

Jun 5, 2019 20:32

Description:

Another medical testing firm is hit by the third-party breach at AMCA. More officials say there’s no EternalBlue involved in Baltimore’s ransomware attack. (And that attack may have involved some doxing, too--investigation is underway.) Real hacking isn’t like the movies. It’s alive: Frankenstein malware, that is. Huawei offers a no-spy agreement. The draft US Data Strategy is out. Really, you should patch for BlueKeep. A university’s donor list exposed online. Ben Yelin from UMD CHHS on secret tracking pixels in emails to the Navy Times in a controversial legal case. Tamika Smith speaks with Ariana Mirian from UC San Diego on research on the Hacker for Hire market.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/June/CyberWire_2019_06_05.html 

Support our show

Iranian brute-forcing tool leaked. Third-party data breach touches medical testing company. Ransomware news and updates. An antitrust look at Silicon Valley?

Jun 4, 2019 19:56

Description:

Jason, an Iranian brute-forcing tool, has been leaked. A third-party breach affects customer and patient data held by Quest Diagnostics. Eurofins Scientific is recovering from a ransomware attack. A look at Baltimore City’s ransomware infestation shows no signs of EternalBlue, security firm Armor says. Instead, it looks like “vanilla ransomware.” And the prospect of antitrust investigations drives down Big Tech stock prices, tipping the Nasdaq into a correction. Emily Wilson from Terbium Labs on dark web fraud guide pricing. Guest is Jordan Blake from BehavioSec on digital transformations.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/June/CyberWire_2019_06_04.html 

Support our show

Recovery from network congestion. GandCrab to close. BlackSquid drops XMRig. BlueKeep patching lags. Crypto for criminals trial. Antitrust investigation of Google. “Persistence of Chaos” sold.

Jun 3, 2019 20:46

Description:

Google’s cloud services recover from network congestion. GandCrab’s proprietors say they’re retiring rich at the end of the month. BlackSquid delivers the XMRig Monero miner. Updates on the Baltimore ransomware incident. Too many machines not yet patched against BlueKeep. CEO sentenced for providing criminals crypto. The US Justice Department is said to be preparing an antitrust investigation of Google. And “The Persistence of Chaos” has been sold for $1.3 million.  Joe Carrigan from JHU ISI on Google restricting ad-blocking in upcoming versions of Chrome. Tamika Smith speaks with Washington Post writer Geoffrey Fowler on his recent article “It’s the middle of the night. Do you know who your iPhone is talking to?”

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/June/CyberWire_2019_06_03.html 

Support our show

Blockchain bandits plunder weak wallets — Research Saturday

Jun 1, 2019 19:12

Description:

Adrian Bednarek is a senior research analyst at Independent Security Evaluators. He and his colleagues looked at weak private cryptocurrency keys on the Ethereum blockchain in an attempt to discover how and why they are being generated as well as how bad actors are taking advantage of them.

The original research is here:

https://www.securityevaluators.com/casestudies/ethercombing/

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Malicious misdirection. Found on the subway. A summary of file exposure. Turla’s back, and as clever as ever. ICRC proposes rules of cyberwar. Baltimore ransomware update.

May 31, 2019 25:42

Description:

Malicious misdirection served up from unpatched WordPress sites. A big, big set of dating site records has been found exposed online--it’s in China, but the records seem to belong to anglophones. Many other files are exposed elsewhere, too, so it’s not a single problem. Turla’s back, and still after diplomats. The International Red Cross proposes rules for cyber conflict. And Baltimore City calculates the cost of not patching. It’s a lot higher than the cost of patching. Craig Williams from Cisco Talos with his take on a critical Microsoft vulnerability, CVE-2019-0708. Guest is Matt Aldridge from Webroot on the San Francisco facial recognition ban. Justin Harvey from Accenture on the dramatic increase in targeted ransomware. Guest is NSA’s Diane M. Janosek, celebrating the 20th year of their Centers of Academic Excellence in Cybersecurity program.

Malicious misdirection. Found on the subway. A summary of file exposure. Turla’s back, and as clever as ever. ICRC proposes rules of cyberwar. Baltimore ransomware update.

May 30, 2019 20:21

Description:

Malicious misdirection served up from unpatched WordPress sites. A big, big set of dating site records has been found exposed online--it’s in China, but the records seem to belong to anglophones. Many other files are exposed elsewhere, too, so it’s not a single problem. Turla’s back, and still after diplomats. The International Red Cross proposes rules for cyber conflict. And Baltimore City calculates the cost of not patching. It’s a lot higher than the cost of patching. Craig Williams from Cisco Talos with his take on a critical Microsoft vulnerability, CVE-2019-0708. Guest is Matt Aldridge from Webroot on the San Francisco facial recognition ban.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/May/CyberWire_2019_05_30.html 

Support our show

 

Special Counsel Mueller speaks about his investigation of Russian influence in the 2016 US presidential campaign. Iranian coordinated inauthenticity. BlueKeep, Pegasus updates.

May 29, 2019 20:56

Description:

Special Counsel Mueller makes his first public statement about the results of his investigation into influence operations surrounding the 2016 US Presidential campaign. He says his first statement will also be his last. FireEye identifies Iranian coordinated inauthenticity in US 2018 midterm elections, and Twitter and Facebook take down the offending accounts. Notes on the BlueKeep exploit. More Pegasus infestations. Reality Winner revisited. Updates on Baltimore ransomware.  Ben Yelin from UMD CHHS reacts to allegations that NSA may have some culpability in the Baltimore ransomware incident. Guests are Julie Bernard from Deloitte and John Carlson from the FS-ISAC on the recent report, “Pursuing cybersecurity maturity at financial institutions.”

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/May/CyberWire_2019_05_29.html 

Support our show

Sensitive mortgage documents left exposed online. Someone’s scanning for BlueKeep RDP issues. Huawei updates. The case of Baltimore City’s ransomware.

May 28, 2019 15:19

Description:

First American Financial suffers a data exposure, with hundreds of millions of mortgage-related documents left open to the Internet. Someone is scanning Tor for signs of BlueKeep RDP vulnerabilities. China complains about US complaints against Huawei as some major German firms rethink their dealings with Shenzhen. And no, NSA did not hold Baltimore for ransom, but Baltimore wants Washington to pick up its remediation and recovery tab. Malek Ben Salem from Accenture Labs on NIST transitioning some crypto algorithms.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/May/CyberWire_2019_05_28.html 

Support our show

A fresh look at GOSSIPGIRL and the Supra Threat Actors — Research Saturday

May 25, 2019 29:27

Description:

Chronicle researchers Juan Andres Guerrero Saade and Silas Cutler recently published research tracking the development of the Stuxnet family of malware, which ultimately led them to the GOSSIPGIRL Supra Group of threat actors. 

Juan Andres Guerrero Saade joins us to share their findings.

The research can be found here:

https://medium.com/chronicle-blog/who-is-gossipgirl-3b4170f846c0

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

 

Stone Panda update. A new strain of Mirai. Bogus cryptocurrency apps are trending in Google Play. Mr. Assange is charged under the Espionage Act. Info ops. Law firms as phishbait.

May 24, 2019 25:18

Description:

Stone Panda is distributing the Quasar RAT. A new strain of Mirai is out. Bitcoin prices are up, and so is the incidence of malicious cryptocurrency apps in Google Play. The US charges Wikileaks’ Julain Assagne with seventeen new counts under the Espionage Act. UK political parties are said to have poor security. Huawei’s charm offensive. Russia points with sad alarm to NATO cyber deterrence policy. Bogus law firm emails prove effective phishbait. Joe Carrigan from JHU ISI on recent research from Google on the effectiveness of basic security hygiene. Guest is Nate Lesser from Cypient Black on  “entangled enterprise risk.”

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/May/CyberWire_2019_05_24.html 

Support our show

NATO and UK to Russia: hands off elections and infrastructure. More trouble for Huawei, and maybe for others. Notes from the Cyber Investing Summit. Equifax downgraded over 2017 breach. Is it art?

May 23, 2019 20:31

Description:

The UK and NATO send Moscow a pointed message about the consequences of meddling with either infrastructure or elections. More companies, including ARM, decide they won’t be working with Huawei. Other Chinese companies seem headed for US blacklisting. Moody’s cuts Equifax’s rating over its 2017 breach. Notes from last week’s Cyber Investing Summit. And we may not know much about art, but we know what we like. Justin Harvey from Accenture on the ongoing threat of USB devices. Tamika Smith speaks with Sydney Freedberg Jr. from Breaking Defense about his article, “Can NSA Stop China Copying Its Cyber Weapons?”

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/May/CyberWire_2019_05_23.html 

Support our show

Fancy Bear fingered, again. Warnings for travelers. Political parties get a cybersecurity grade. Updates on US restrictions on Chinese companies.

May 22, 2019 19:40

Description:

Fancy Bear’s latest campaign is using malware reported to Virus Total by US Cyber Command. IBM’s X-Force looks at cybersecurity for travelers, and shares a bunch of horror stories. Security Scorecard looks at the online security of political parties in the US and Europe: some are better than others, but all could use some help. Updates on Huawei and other Chinese companies facing US sanctions. And if you’re listening to this in the US, you may believe you know more than you in fact do. Johannes Ullrich from SANS and the ISC Stormcast podcast on website vulnerabilities due to third party tools. Guest is Inga Goddijn from Risk Based Security on their Q1 Data Breach Report and cyber insurance issues.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/May/CyberWire_2019_05_22.html 

Support our show

BlackWater snoops through the Middle East. TeamViewer hacked. Android app behaving badly. A misconfigured database with scraped Instagram data. Ransomware notes. Huawei updates.

May 21, 2019 18:02

Description:

BlackWater is snooping around the Middle East. It’s evasive, and it looks a lot like the more familiar MuddyWater threat actor. TeamViewer turns out to have been hacked, and the perpetrators look like the proprietors of the Winnti backdoor. An Android app is behaving badly. Another unsecured database is found hanging out on the Internet. There’s a free decryptor out for a strain of ransomware, but  also it won’t help Baltimore. And the market’s look at the Huawei ban. Craig Williams from Cisco Talos discussing honeypots on Elasticsearch. Guest is Dave Venable from Masergy on cyber vulnerabilities at the infrastructure level.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/May/CyberWire_2019_05_21.html 

Support our show

Huawei agonistes. Hacktivism is way down. New EU sanctions regime. Facebook goes after more coordinated inauthenticity. Salesforce still fixing its fix. OGuser hacked.

May 20, 2019 20:04

Description:

Huawei is on the US Entity List, and US exporters have been quick to notice and cut the Shenzhen company off. Security concerns are now expected to shift to the undersea cable market. Hacktivism seems to have gone into eclipse. The EU enacts a sanctions regime to deter election hacking. Facebook shutters inauthentic accounts targeting African politics. Salesforce is restoring service after an unhappy upgrade. OGuser forum hacked. And don’t worry about a hacker draft. Jonathan Katz from UMD on encryption for better security at border crossings. Tamika Smith reports on the Baltimore City government ransomware situation.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/May/CyberWire_2019_05_20.html 

Support our show

Elfin APT group targets Middle East energy sector — Research Saturday

May 18, 2019 15:19

Description:

Researchers at Symantec have been tracking an espionage group known as Elfin (aka APT 33) that has targeted dozens of organizations over the past three years, primarily focusing on Saudi Arabia and the United States. 

Alan Neville is a principal threat intelligence analyst at Symantec, and he joins us to share their findings.

The research can be found here:
https://www.symantec.com/blogs/threat-intelligence/elfin-apt33-espionage

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

 

Slack closes a vulnerability. Email tracking in a court martial. Restrictions on doing business with Huawei come into place. A case of responsible disclosure.

May 17, 2019 25:28

Description:

A Slack vulnerability is disclosed and fixed. And this is not as seen on TV: a real NCIS investigation is likely to occupy real JAGs for some time to come, with implications for military and civilian cyber law. The US is moving rapidly on Huawei and its associated companies: it’s now much harder for US companies to do business with them, and there’s likely to be fallout in other countries as well. An exposed database affords an instructive case of responsible disclosure.  Joe Carrigan from JHU ISI on USB device encryption and best practices. Guest is Mike Kijewski from MedCrypt on security for new and legacy medical devices.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/May/CyberWire_2019_05_17.html 

Support our show

US Executive Order aimed at China, and Huawei. Hunting backdoors in Dutch networks. Spyware proliferation. Cipher stunting. Titan key spoofing. Meaconing warning. Exposed PII in Russia.

May 16, 2019 20:38

Description:

President Trump declares a state of emergency over the threat from foreign adversaries and the companies they control. (And yes, Huawei, he’s looking at you.) Dutch intelligence is said to be investigating the possibility of backdoors in telecommunications networks. Concerns about spyware proliferation rise. Cipher stunting is observed in the wild. Titan security keys are spoofable. Meaconing airliners. And misconfigurations expose PII in Russia. Emily Wilson from Terbium Labs on the surprisingly open nature of online sales of elicit goods and services. Guest is Kris Beevers from NS1 on DNS security and management technology.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/May/CyberWire_2019_05_16.html 

Support our show

Sharing espionage tools and infrastructure. Speculative execution flaws found in Intel chips. A big Patch Tuesday. CrowdStrike’s IPO. WhatsApp exploitation. Cyber Solarium. Ransomware in Baltimore.

May 15, 2019 18:04

Description:

Chinese domestic and foreign intelligence services are cooperating more closely in cyberspace. Another set of speculative execution issues is found in Intel chips. This month’s Patch Tuesday was a big one. CrowdStrike files for its long-anticipated IPO. WhatsApp, spyware, and zero-days. Apple may be required to open its devices to apps from third-party stores. The Cyber Solarium is ready to get started, and Russia offers a helpful hand. Baltimore continues to suffer from ransomware. Malek Ben Salem from Accenture Labs with an overview of the Accenture Technology Vision report. Guest is Tom Pedersen from OneLogin on password use trends.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/May/CyberWire_2019_05_15.html 

Support our show

Russians hacked two Florida counties. Fxmsp targets named. WhatsApp patches spyware-enabling flaws. Breach costs. Cisco patches routers. Endless Mayfly’s endless hogwash.

May 14, 2019 20:36

Description:

Russian operators breached two Florida counties’ voting systems, but without altering vote counts. Symantec, McAfee and Trend Micro are thought to be the security vendors hit by Fxmsp cybercrminals. WhatApp patches a flaw exploited to install spyware. The Equifax breach seems to have cost the company $1.4 billion. Companies are increasingly aware of data’s potential toxicity. Cisco patches two flaws. And Endless Mayfly peddled fake news on behalf of Iran. Daniel Prince from Lancaster University on asymmetric information and attacker/defender dynamics. Tamika Smith debuts on our show with her story on Hackground, a STEM and robotics club.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/May/CyberWire_2019_05_14.html 

Support our show

Security companies allegedly hacked by Fxmsp remain unidentified. SharePoint bug exploited in the wild. G7 preps major cyber exercise. Anthem hack motive? Amnesty takes NSO Group to court.

May 13, 2019 16:08

Description:

Fxmsp criminals are now said to have code from a fourth security company, but none of the claimed victims have been publicly identified. A SharePoint vulnerability is being exploited against unpatched servers in the wild. The G7 are preparing a major exercise to evaluate the financial system’s ability to withstand a major cyberattack. No one is saying what the Anthem hackers were after. Amnesty takes NSO Group to court. And the Pentagon takes a security look at VCs. Jonathan Katz from UMD on differential privacy, a technique for providing privacy for individuals taking part in studies.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/May/CyberWire_2019_05_13.html 

Support our show

Steganography enables sophisticated OceanLotus payloads — Research Saturday

May 11, 2019 17:31

Description:

Researchers at Blackberry Cylance have been tracking payload obfuscation techniques employed by OceanLotus (APT32), specifically steganography used to hide code within seemingly benign image files.

Tom Bonner is director of threat research at Blackberry Cylance, and he joins us to share their findings.

The original research can be found here:
https://www.cylance.com/en-us/lp/threat-research-and-intelligence/oceanlotus-steganography-malware-analysis-white-paper-2019.html

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Breaches at AV companies? Pyongyang’s ElectricFish. Symantec’s CEO steps down. Calls to break up Facebook and regulate the pieces. US Federal indictments for leaks and breaches. Verizon DBIR reviewed.

May 10, 2019 24:47

Description:

Fxmsp may have breached three anti-virus companies. US-CERT and CISA warn against a new North Korean malware tool being used by Hidden Cobra: they’re calling it “ElectricFish.” A changing of the guard at Symantec. Former Facebook insiders call for breaking up the company and for more regulation. Facebook disagrees about the breakup, but says it likes the idea of regulation. Two indictments are unsealed--one for leaking classified information, the other for the Anthem breach. Johannes Ullrich shares some vulnerabilities involving tools from Google. Verizon DBIR coauthor Alex Pinto shares this year’s key findings.

Someone is after Tehran’s hackers. GitLab misconfiguration. AI’s attack potential. Amazon pursues hackers who defrauded sellers. DeepDotWeb indictments. Evil Clippy. Lunch hacks in San Mateo.

May 9, 2019 18:58

Description:

The Green Leakers release more information about Iranian cyber operators, including details about MuddyWater and the Rana Institute. A misconfigured GitLab instance exposes data used by Samsung engineers. Thoughts on how AI can shift the advantage to the attacker.  Amazon is after hackers who defrauded sellers. DeepDotWeb proprietors are indicted. “Evil Cippy” does VBA stomping. And a food fight in San Mateo’s corner of cyberspace. Justin Harvey from Accenture reviews cyber insurance. UVA’s Mariah Carey shares her experience as captain of the championship winning NCCDC team.

Turla’s new backdoor. Verizon’s 2019 Data Breach Investigations Report. Bad actors seek to influence the EU. US CYBERCOM preps for 2020. Baltimore’s ransomware. Monolingual content moderation.

May 8, 2019 20:24

Description:

Turla is back, and with a clever backdoor called “LightNeuron.” Verizon’s Data Breach Investigations Report shows that the C-suite remains a big target of social engineers, that crooks are following companies into the cloud, that ransomware remains popular, and that people seem warier of phishing. Bad actors peddle influence in the EU. Binance gets looted, Baltimore gets hacked. Meny Har from Siemplify explains SOCs, SIEMs and SOARs. Ben Yelin from UMD CHHS considers emojis in the courtroom.

Reverse engineering Equation Group attack tools (and putting them to bad use). Hacking, jamming, and airstrikes. Taking down coordinated inauthenticity. How big is the dark web?

May 7, 2019 20:33

Description:

Buckeye seems to have reengineered some of Uncle Sam’s cyber tools, and they did it without, apparently, help from the ShadowBrokers. More on airstrikes as retaliation for hacking, with a brief excursus on electronic warfare. Notes on malicious commitment as one of the hazards of open source software development. How big is the dark web? Big enough, but maybe not as big as everyone thinks. And beware of bogus Avengers Endgame sites. David Dufour from Webroot with thoughts on HTTPS security concerns. Guest is Michael Figueroa from the Advance Cyber Security Center on their recent report identifying a need for a board-level cyber risk management standard.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/May/CyberWire_2019_05_07.html 

Support our show

Supply chain hacking campaign looks like espionage. Airstrikes versus hackers. FTC versus Facebook. Notes from the Global Cyber Innovation Summit. What’s up with MegaCortex.

May 6, 2019 20:48

Description:

Tracking a group that’s after the software supply chain. Israel adds airstrikes to the array of responses it’s prepared to make to hackers. The US Federal Trade Commission still doesn’t know how you solve a problem like Mark. Some more notes from last week’s Global Cyber Innovation Summit. Sophos has more details on MegaCortex, a new strain of ransomware. And criminal organizations organize and operate a lot like legitimate businesses. Joe Carrigan from JHU ISI with information on a remote code execution vulnerability affecting Dell systems. Guest is Blake Sobczak from E & E News on the recent electrical grid “cyber event”.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/May/CyberWire_2019_05_06.html 

Support our show

Sea Turtle state-sponsored DNS hijacking — Research Saturday

May 4, 2019 23:33

Description:

Researchers at Cisco Talos have been tracking what they believe is a state-sponsored attack on DNS systems, targeting the Middle East and North Africa. This attack has the potential to erode trust and stability of the DNS system, so critical to the global economy.

Craig Williams is director of Talos Outreach at Cisco, and he joins us to share their findings. 

The original research can be found here:

https://blog.talosintelligence.com/2019/04/seaturtle.html

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Utility hack update. Surveillance tool proliferation. Exploit black market. Novel ransomware, old distro channel. Notes from the Global Cyber Innovation Summit.

May 3, 2019 25:34

Description:

That cyber incident that affected electrical utilities in the western United States seems to have been a denial-of-service attack. Concerns arise over potential proliferation of Chinese security service tools. Exploit blackmarketeer Volodya and some customers. The Retefe banking Trojan is back. Some new ransomware thinks it’s the moving finger that writes, and, having written, moves on. And some cause for measured optimism at the Global Cyber Innovation Summit. Emily Wilson from Terbium Labs on the Dynamic Connections conference, hosted by General Dynamics. Guest is Joseph Carson from Thycotic on lessons he’s learned (the hard way) on communications with the board.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/May/CyberWire_2019_05_03.html 

Support our show

Wipro update. Office 365 attacks. The "Smart Content Store" is bad mojo. Russian Internet sovereignty. Global Cyber Innovation Summit notes.

May 2, 2019 17:14

Description:

The group behind the Wipro attack has been active since 2015. Office 365 are still being targeted by account takeover attacks. A third-party Android app store is serving malware. The UK Defense Secretary has been sacked over leaked information. The US warned Russia to cease its support of Venezuela’s Chavista regime. Russia’s Internet sovereignty bill is signed into law. And notes on the Global Cyber Innovation Summit. Jonathan Katz from UMD on law enforcement requests for “ghost” encryption. Guest is Cody Cornell from Swimlane on collaborative SOCs.

US Energy Department alludes to March cyber incident. BND 19-02 is out. Facebook likes privacy. Assange gets a short nickel.

May 1, 2019 20:17

Description:

In today’s podcast, we hear that a US Energy Department report alludes to a March cyber incident. Citycomp refused to yield to blackmail, so now its client data is being leaked. The US Department of Homeland Security has issued Binding Operational Directive 19-02. A UK judge sentenced Julian Assange to fifty weeks jail for bail jumping. Facebook the privacy-focused initiatives it plans to implement. And notes on the Global Cyber Innovation Summit. Robert M. Lee from Dragos on the pros and cons of conferences like RSA. Guest is Bert Grantges from Vera on cyber security as a business enabler.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/May/CyberWire_2019_05_01.html 

Support our show

Telnet may not be the backdoor you’re looking for. Large PII database left exposed by parties unknown. DHS has a Critical Functions List. ISIS inspiration is back.

Apr 30, 2019 20:06

Description:

A backdoor turns out to be a familiar kind of Telnet implementation (and it was fixed seven years ago in any case). A large database of US household personally identifiable information was found exposed online, but who owned it remains unclear. The US Department of Homeland Security releases a Critical Functions List. ISIS’s sometime Caliph is back online. And piracy streaming is loaded with malware. Who knew? Craig Williams from Cisco Talos on their research into malware markets on Facebook. Guest is Dean Pipes from TetraVX on the root cause of shadow IT.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_30.html 

Support our show

IoT devices exposed in peer-to-peer software vulnerability. Car hacking claims. More warnings of possible violence in Sri Lanka. Curating app stores for security. eScooter’s “voices” hacked.

Apr 29, 2019 15:11

Description:

Vulnerable peer-to-peer software exposes consumer and small-business IoT devices to compromise. A hacker says he’s hacked automotive GPS trackers, all for the good, of course, and could even turn off a car’s engine. Not, you know, that he would. Sri Lanka warns of the possibility of more violence, and journalists wonder if prior restraint of certain speech might be worth considering. Curating app stores for security. And potty-mouthed eScooters on Brisbane streets.  Joe Carrigan from JHU ISI on Facebook’s continuing privacy violations, potential FTC fines and PR woes.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_29.html 

Support our show

Deep Learning threatens 3D medical imaging integrity — Research Saturday

Apr 27, 2019 21:10

Description:

Researchers at Ben Gurion University in Israel have developed techniques to infiltrate medical imaging system networks and alter 3D medical scans within, fooling both human and automated examiners with a high rate of success. 

Yisroel Mirsky is a cybersecurity researcher and project manager at Ben Gurion University, and he joins us to share what his team discovered.

The original research can be found here:
https://arxiv.org/pdf/1901.03597.pdf

A video demonstrating the exploit is here:

https://youtu.be/_mkRAArj-x0

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Sri Lanka bombing investigation updates. Cryptojacking targets enterprises in East Asia. Oracle web server zero-day. The criminal-to-criminal credential-stuffing market. Who talked about Huawei in UK?

Apr 26, 2019 24:42

Description:

Investigation of the Easter massacres in Sri Lanka continues. For all the concern about online inspiration, some of the coordination seems to have been face-to-face. Symantec describes a cryptojacking campaign, Beapy, that propagates using EternalBlue. An Oracle web server zero-day is reported. Recorded Future describes the commodified black market for credential-stuffing. And there’s a cabinet dust-up in the UK over a leak about the government’s plans for Huawei. Johannes Ullrich from SANS and the ISC Stormcast podcast on the increase in DHCP client vulnerabilities he’s been tracking. Guest is Anura Fernando from UL on the technological and regulatory challenges of medical devices and wearables.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_26.html 

Support our show

Pledging allegiance to ISIS, and then going forth to kill. Adware in Google Play. Context-aware phishbait. Facebook and the FTC. Server crash or exit scam?

Apr 25, 2019 20:50

Description:

Sri Lanka’s investigation of the Easter massacres continues, with some ISIS video surfacing. Apps with aggressive adware found in Google Play. Context-aware phishbait may be bringing the Qbot banking Trojan to an email thread near you. Facebook seems to think the FTC is about to hit it hard, and sets aside a rainy day fund. And the Wall Street Market, a contraband souk on the dark web, may be engaged in an exit scam.  Ben Yelin from UMD CHHS on the NSA recommending dropping the phone surveillance program. Guest is Jason Mical from Devo on the increasing importance of threat hunting.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_25.html 

Support our show

Sri Lanka bombing investigation update. Christchurch call. ShadowHammer moves upstream. Carbanak in VirusTotal after all. Spoofing banks. Bots vs. Mueller Report. ASD’s best practices.

Apr 24, 2019 20:49

Description:

Sri Lanka investigates a homegrown jihadist group with possible international connections for the Easter massacres. New Zealand is preparing the Christchurch Call to exclude violent terrorist content from the Internet. ShadowHammer moves its supply chain attacks upstream. Carbanak source code seems to have been in VirusTotal for two years. Someone’s spoofing financial institutions. Bots surged upon the release of the Mueller report. ASD offers a counsel of perfection. Prof. Awais Rashid from University of Bristol on evidence based risk assessment. Guest is Michael P. Morris from Topcoder on the challenges of creating secure apps in the gig economy.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_24.html 

Support our show

ISIS claims responsibility for Sri Lanka massacre. Spearphishing embassies in Europe. How the Blockchain Bandit probably did it. Mexican embassy doxed.

Apr 23, 2019 20:07

Description:

ISIS claims responsibility for the Sri Lankan bombings. The government maintains its declared state of emergency, and has arrested at least forty in the course of its investigation. Check Point describes a spearphishing campaign against embassies in Europe. It’s thought to be the work of the Russian mob. Weak keys let the “Blockchain Bandit” rifle alt-coin wallets. And a disgruntled bug hunter doxes one of Mexico’s embassies. Justin Harvey from Accenture on preserving digital evidence in the aftermath of a cyber attack. Guest is Maryam Rahmani on the upcoming NYIT Girls in Engineering and Technology Day.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_23.html 

Support our show

Sri Lanka’s social media clamp-down, and investigation of Easter massacres. CIA said to have details on Huawei’s relationship with China’s security services. Marcus Hutchins pleads guilty.

Apr 22, 2019 16:06

Description:

Sri Lanka clamps down on social media in the wake of Easter massacres. Authorities suspect an Islamist group, but no terrorist organization has so far claimed responsibility. CIA intelligence is said to have the goods on Chinese security services’ hold over Huawei. Marcus Hutchins, also known as MalwareTech, and famous as the sometime hero of the WannaCry kill-switch, has taken a guilty plea to charges connected with the distribution of Kronos banking malware. Joe Carrigan from JHU ISI on password research from WP Engine.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_22.html 

Support our show

Undetectable vote manipulation in SwissPost e-voting system — Research Saturday

Apr 20, 2019 26:00

Description:

Researchers have discovered a number of vulnerabilities in the SwissPost e-vote system which could allow undetectable manipulation of votes. 

Dr Vanessa Teague is Associate Professor and Chair, Cybersecurity and Democracy Network at the Melbourne School of Engineering, University of Melbourne, Australia. She joins us to explain her team's findings.

The original research is here:
https://people.eng.unimelb.edu.au/vjteague/SwissVote

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

 

Observations on the Mueller Report. Doxing Iranian intelligence. Insecure messaging. Old Excel macros. Wipro hack and gift cards.

Apr 19, 2019 24:51

Description:

Some observations on the Mueller Report, in particular its insight into what two specific GRU units were up to. (And some naming of DCLeaks and Guccifer 2.0 as GRU fronts.) Someone is doxing Iran’s OilRig cyberespionage group. A French government messaging app appears less secure than intended. Old Excel macros can still be exploited. And what were the Wipro hackers after? Gift cards, apparently. Malek Ben Salem from Accenture Labs on the Cisco Talos report on malware markets in Facebook groups. Guest is Barbara Lawler from Looker Data Sciences on GDPR, CCPA and the coming wave of privacy legislation.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_19.html 

Support our show

Mueller Report is out. Sea Turtle DNS-manipulation campaign. Over-privileged and under-honest apps kicked out of Google Play. Facebook has another privacy incident. Fraud and destruction.

Apr 18, 2019 20:54

Description:

The US Justice Department releases the redacted Mueller Report: investigators found no evidence sufficient to establish conspiracy or coordination between any US persons and the Russians over the 2016 campaign, but the Bears were busy. The Sea Turtle campaign sets a worrisome example of DNS manipulation. Sneaky apps booted from Google Play. Facebook apologizes again. Notre Dame fire fraud. Replication in cyber research. And an act of gratuitous computer destruction. Robert M. Lee from Dragos with a look back at the evolution of ICS technology. Guest is Nathan Katzenstein. He’s got 20 years in IT, and offers his perspective on the job market as he finishes up his masters in cyber security.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_18.html 

Support our show

Spearphishing from “Luhansk.” Pro-Assange hacktivism. Another undercover private eye? Pirated Game of Thrones episodes carry malware.

Apr 17, 2019 19:59

Description:

Spearphishing campaign against Ukraine traced to the so-called “Luhansk People’s Republic.” Anonymice threaten to rain chaos on Yorkshire if Julian Assange isn’t freed--actually, more chaos since the initial chaos was perhaps too easily overlooked. An implausible venture capitalist is asking people if they’re being paid to bad-mouth a security firm. Pirated Game of Thrones episodes carry malware. David Dufour from Webroot with survey results on AI and ML. Guest is Derek Vadala from Moody’s Investor Service on Moody’s framework for assessing cyber risk.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_17.html 

Support our show

Fraud will follow fire, alas. Wipro compromise. DDoS in Ecuador. Brazil’s hacker underground. Selling a keylogger. Facebook and data. EU copyright law. Huawei’s prospects. Fact-checkin’, fer real.

Apr 16, 2019 19:48

Description:

Condolences to the city of Paris and the people of France. And, alas, expect fraud to follow fire. A compromise may have turned a company’s networks against its customers. Denial-of-service in Ecuador. A look at Brazil’s cyber criminals. Selling a keylogger, complete with terms of service. Facebook’s attitude toward data. The EU finalizes its controversial copyright law. Huawei’s prospects. And what did the algorithm know, and when did the algorithm know it? Emily Wilson from Terbium Labs with their Fraud Guides 101 report. Guest is Ed Bellis from Kenna Security on their latest research report focused on vulnerability remediation.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_16.html 

Support our show

ISIS inspiration in exile. Facebook’s Sunday outage. A Microsoft IE bug, and a web-mail breach. Issues with VPNs. Last minute tax scams. Oculus Easter eggs.

Apr 15, 2019 15:34

Description:

An ISIS hard drive suggests the Caliphate’s plans for inspiration as it enters exile. Facebook’s Sunday outage remains unexplained. Microsoft deals with a breach in its consumer web mail products. A researcher drops an Internet Explorer zero-day that may affect you even if you don’t use IE. CISA warns of bugs in widely used VPNs. Last minute Tax Day online scams. Security pros advocate poor restroom hygiene. Easter eggs in Oculus. Joe Carrigan from JHU ISI on research from Tenable on Verizon FIOS router vulnerabilities.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_15.html 

Support our show

The ghost and the mole; Eric O'Neill's Gray Day — Special Edition

Apr 14, 2019 37:48

Description:

Eric O’Neill is a former FBI counterintelligence and counterterrorism operative, and founder of the Georgetown Group, a security and investigative firm, as well as national security strategist for Carbon Black. In his book Gray Day, My Undercover Mission to Expose America’s First Cyber Spy, Eric O’Neil shares the fascinating and sometimes harrowing tale of his experience being assigned to help expose Robert Hanssen, the FBI’s most notorious mole. In 2001 Hanssen pleaded guilty to multiple charges of espionage for sharing classified information with the Soviet Union and Russia over the course of over two decades.

Establishing software root of trust unconditionally — Research Saturday

Apr 13, 2019 22:29

Description:

Researchers at Carnegie Mellon University's CyLab Security and Privacy Institute claim to have made an important breakthrough in establishing root of trust (RoT) to detect malware in computing devices. Virgil Gligor is one of the authors of the research, and he joins us to share their findings.

Link to original research - 
https://www.ndss-symposium.org/ndss-paper/establishing-software-root-of-trust-unconditionally/

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Mr. Assange’s courthouse future(s). Dragonblood Wi-Fi vulnerabilities. Tax fraud and identity theft dark web souks.

Apr 12, 2019 24:30

Description:

Julian Assange remains in British custody. Hearings on the US extradition warrant are expected to begin next month. The US indictment revives discussion of the Computer Fraud and Abuse Act under which Mr. Assange was charged. Some notes on why Ecuador decided to revoke the WikiLeaks leader’s asylum. Notes on Dragonblood. And we’re at the end of tax season, but the dark web souks are still hawking 1040s and W-2s. Ben Yelin from UMD CHHS on pending state legislation restricting law enforcement use of DNA data. Guest is Eric O’Neill, former FBI operative and author of Gray Day, My Undercover Mission to Expose America’s First Cyber Spy. This is a preview of the full interview that will run on Sunday.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_12.html 

Support our show

Julian Assange is out of the embassy and in custody. Pyongyang’s HOPLIGHT. Operations SneakyPastes. Incident response planning blues. High school jam.

Apr 11, 2019 20:09

Description:

Julian Assange is out of the Ecuadoran embassy and in British custody. He’s been found guilty of bail jumping, and will face extradition to the US on charges related to conspiracy to release classified material. Hidden Cobra is back with a new Trojan: “HOPLIGHT.” Kaspersky describes Operation SneakyPastes. IBM Security finds organizations don’t exercise incident response plans. Two New Jersey high school boys are in trouble for jamming Secaucus High’s wi-fi.  Jonathan Katz from UMD with his response to a skeptical critique of quantum computing. Guest is Maurice Singleton from Vidsys on the convergence of IoT security devices and IT security.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_11.html 

Support our show

The Triton actor seems to be back. Project TajMahal is after diplomatic secrets. California’s motor-voter program and a DMV hack.

Apr 10, 2019 17:56

Description:

FireEye says that the Triton actor is back. There’s some ICS malware staged in an unnamed “critical infrastructure” facility, and it looks as if the people who went after a petrochemical plant in 2017 are back for battlespace preparation. Kaspersky describes Project TajMahal, a cyberespionage effort against a Central Asian embassy. And California’s motor-voter program hits a hacker-induced bump in the road. Johannes Ullrich from SANS and the ISC Stormcast podcast on protecting yourself from hidden cameras when vacationing. Guest is Dr. Ratinder Ahuja from ShieldX on Elastic Microsegmentation.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_10.html 

Support our show

GossipGirl, the supra threat actor. LockerGoga’s destructive functionality. More hacking allegations out of Caracas. Revolutionary Guard now a designated terrorist group. Creepy crime.

Apr 9, 2019 20:49

Description:

In today’s podcast, we hear about GossipGirl, potentially a “supra threat actor” Chronicle sees linking Stuxnet, Flame, and Duqu. LockerGoga’s destructive functionality may be a feature, not a bug. Venezuela now says its power grid is being hacked by Chile and Colombia. The US designates Iran’s Revolutionary Guard a terrorist organization. What’s up with New Zealand and hidden, networked cameras? And second thoughts about what counts as a “preliminary forensic investigation.” Joe Carrigan from JHU ISI on minding permissions on mobile devices. Guest is Mike O’Malley from Radware on the true costs of cyber attacks.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_09.html 

Support our show

US DHS Secretary Nielsen resigns. Credential stuffing campaigns. Cryptojacking disrupts a business. A duty of care, online. Tax season scams.

Apr 8, 2019 15:44

Description:

In today’s podcast, we hear about leadership changes at the US Department of Homeland Security. A look at credential stuffing. Cryptojacking disrupts production at an optical equipment manufacturer. The British Government moves toward establishing a duty of care that would impose new legal responsibilities on search engines, social media, and others. Tax season scams grow more plausible, and some of them are aimed at rounding up money mules.  Rick Howard from Palo Alto networks reflects on the accomplishments of the Cyber Threat Alliance.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_08.html 

Support our show

Lessons learned from Ukraine elections — Research Saturday

Apr 6, 2019 23:15

Description:

Joep Gommers from EclecticIQ joins us to share their research tracking the information operations and and security methods they've been tracking that Russians have been using in advance of the recently held elections in Ukraine.

The research can be found here:
https://www.eclecticiq.com/resources/fusion-center-report-situational-awareness-ukraine-elections

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

 

Crooks use Facebook, too. Congress asks FEMA for an explanation. Card skimmers in Mexico.

Apr 5, 2019 20:49

Description:

In today’s podcast we hear about an “Amazon-style fulfillment model” for the criminal-to-criminal market. Criminals have Facebook groups, too, and lots of friends (“friends” here being a term of art). Xiaomi patches man-in-the-middle problems in its phones. Defense firms organize a supply chain security task force. Congress would like FEMA to explain its privacy incident. Alleged card skimmers arrested on other charges in Mexico. And Mr. Assange remains in Ecuador’s London embassy, at least for now. Ben Yelin from UMD CHHS on predictive policing software. Guest is Rob Strayer, Ambassador and Deputy Assistant US Secretary of State on security challenges in the global supply chain.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_05.html 

Support our show

Keeping Winnti out of the goods while keeping an eye on them. GlitchPOS malware. What do apps want? Third-party Facebook data exposure. Digital hygiene. A scareware scam.

Apr 4, 2019 20:35

Description:

In today’s podcast we hear that Bayer, maker of pharmaceuticals and agricultural products, blocked an espionage attempt by China’s Winnti Group, and has been quietly monitoring the threat actor since last year. GlitchPOS and its evolution. Do those apps really need all that access? Two breaches of Facebook data by third parties. Some good digital hygiene notes:  change default passwords and backup your data in a secure and recoverable way. And no, there’s no CIA officer warning you’ll be arrested if you don’t pony up 1.4 Bitcoin. Craig Williams from Cisco Talos with research on GlitchPOS malware. Guest is Leo Simonovich from Siemens Energy on challenges and opportunities in the energy sector.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_04.html 

Support our show

For OceanLotus, a picture is worth a thousand words (or at least a few lines of loader code). Georgia Tech breached. Mounties raid offices associated with Orcus RAT.

Apr 3, 2019 20:45

Description:

In today’s podcast, we hear that OceanLotus, a.k.a. Cobalt Kitty, a.k.a. APT32, is out and about and using a steganographic vector to deliver its loader. Georgia Tech suffers a major data breach, with access to student, staff, and faculty records by parties unknown. Research universities remain attractive targets. Reflections on dual-use technologies. The Royal Canadian Mounted Police have raided offices connected with the production of the Orcus RAT, which is either a legitimate tool or a commodity Trojan, depending on whom you believe. David Dufour from Webroot with results from their most recent threat report. Guest is Roy Zur from Cybint Solutions on the essentials of hunting and fishing for information online.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_03.html 

Support our show

Ransomware deletes dupes. Exodus scandal grows in Italy. Election reports from Ukraine and Israel.

Apr 2, 2019 20:27

Description:

In today’s podcast, we hear that a ransomware strain deletes duplicates. But you know that just keeping a duplicate on the same drive wasn’t a secure backup, right? Right? Exodus spyware, now ejected from Google Play, is becoming a significant scandal in Italy. Influence operations meet campaigning in India and Israel--fair or unfair seems to be in the eye of the campaigner. In Ukraine, they’re just so much disinformation. OpIsrael hacktivists are expected back this weekend. More on below-the-belt selfies. Prof. Awais Rashid from University of Bristol on training people to work with cyber security complexity at scale. Guest is Hank Thomas from Strategic Cyber Ventures on the current environment for VC funding in cyber security.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_02.html 

Support our show

Patch Magento soon. Toyota hacked again. Exodus spyware hits app stores. Moscow seeks to corral VPN providers. Facebook wants regulation. Swatting sentence. Phishing tackle in Nigeria.

Apr 1, 2019 18:06

Description:

In today’s podcast, we hear that Magento users are being  urged to patch as risk of exploitation rises. Toyota experiences another cyber attack, and some observers blame, on grounds of motive, opportunity, and track record, OceanLotus. Exodus spyware in the Google Play store looks like a case of lawful intercept tools getting loose. Moscow seeks to control and limit VPN providers. Mr. Zuckerberg wants regulation. Mr. Barriss gets twenty years for swatting. And, hey, there’s phishing tackle on the Nigerian National Assembly’s site. Joe Carrigan from JHU ISI on a spying a leaving unsecured data online.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_01.html 

Support our show

Bonus Episode: The grugq illuminates influence operations

Mar 31, 2019 34:45

Description:

We're sharing a special bonus episode, celebrating the 100th episode of the Recorded Future podcast and featuring well-known hacker, presenter and social media personality the grugq. The topic is influence operations. 

Alarming vulnerabilities in automotive security systems — Research Saturday

Mar 30, 2019 18:42

Description:

Researchers at Pen Test Partners recently examined a variety of third-party automotive security systems and found serious security issues, potentially giving bad actors the ability to locate, disable or meddle with multiple vehicle systems.

Ken Munro is a security researcher with Pen Test Partners, and he joins us to share their findings.

The original research can be found here:

https://www.pentestpartners.com/security-blog/gone-in-six-seconds-exploiting-car-alarms/

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

 

Russian information operations, and lessons on election security from the Near Abroad. Magneto proof-of-concept exploit. Huawei, security, and bugs. Training AI. Labor market news.

Mar 29, 2019 24:41

Description:

In today’s podcast, we hear that Ukraine is preparing for this weekend’s elections while facing intense Russian information operations. Estonia’s experience with such interference may hold lessons. A Magneto vulnerability, just patched, could compromise paycards on e-commerce sites. Huawei reports record profits, and comes in for sharp British criticism over slipshod engineering. Prisoners in Finland will be helping train AI. And security companies hungry for talent should take note of tech layoffs in the larger IT sector. Ben Yelin from UMD CHHS with news that law enforcement agencies are encrypting their radio communications. Guest is Lorrie Cranor, director of CyLab at Carnegie Mellon University.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_29.html 

Support our show

Gustuff is out and after Android devices. Microsoft takes down Phosphorus. Elfin is working for Tehran. Russian cyber troops come to help Venezuela’s Chavistas. Guilty plea expected in Martin case.

Mar 28, 2019 19:58

Description:

In today’s podcast we hear that a  young banking Trojan gains criminal marketshare in the Android ecosystem. Microsoft lawyers up and seizes sites Iran’s Charming Kitten used to stage its attacks. Another Iranian APT, “Elfin,” is described. A battalion’s worth of Russian special operators and cyber troops are on the ground in Venezuela. Washington wants them out; Moscow says they’re in for the duration. And accused NSA leaker Hal Martin is expected to take a guilty plea this week. Daniel Prince from Lancaster University on cyber risk management. Guest is Satish Thiagarajan from Tata Consultancy Services on customizing machine learning to combat cyber attacks.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_28.html 

Support our show

State cyber-espionage. Influence operations and coordinated inauthenticity. Add Lucky Elephant to the menagerie. ASUS supply chain updates. Notes on Norsk Hydro’s recovery. Reactions to the Mueller Report.

Mar 27, 2019 20:47

Description:

In today’s podcast, we hear that the Spanish Defense Ministry has been reported to have suffered cyberespionage. The Lazarus Group’s life of crime. Facebook takes down “coordinated inauthenticity.” Add Lucky Elephant to the bad actor menagerie: it’s harvesting credentials in South Asia. Notes on the ASUS supply chain backdoor. Updates on Norsk Hydro’s recovery from its LockerGoga infestation. Russia says, hey, the Mueller Report totally exonerated us, too. Emily Wilson from Terbium Labs on data collection and protecting PII. Guest is Matthew Montgomery from Verizon on their Mobile Security Index report.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_27.html 

Support our show

More on ASUS supply chain backdoor. FEMA data mishandling. LockerGoga ransomware. Mueller report responses.

Mar 26, 2019 20:21

Description:

In today’s podcast we hear about supply chain attacks and Operation ShadowHammer’s ASUS backdoor. LockerGoga ransomware may be slow and sloppy, but its masters are determined and willing to play for high stakes. What will happen with FEMA over its data mishandling incident? Responses to the Mueller Report’s conclusions. Venezuela says it was hacked again--the rhetorical technique is implausible insistence. And what do PewDiePie fans call themselves? The Nine Year Olds, the Bro Army. Fans of Mr. Pie’s girlfriend are the Marzipans. Joe Carrigan from JHU ISI with thoughts on recent revelations that Facebook was making unencrypted passwords accessible to thousands of employees. Guest is Greg Jensen from Oracle on their 2019 Cloud Threat Report.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_26.html 

Support our show

Mueller finds no evidence of Russia collusion. ISIS no longer holds any ground. LockerGoga hits chemical plants. FEMA fumbles PII. Cyber 9/12. PewDiePie versus T-Series.

Mar 25, 2019 19:33

Description:

In today’s podcast, we hear that the  US Attorney General has reported to Congress the results of Special Counsel Mueller’s investigation. The basic finding is that there’s no evidence of collusion with Russian influence operations. ISIS no longer holds any ground. Expect it back in cyberspace. LockerGoga ransomware hits two chemical plants. FEMA mishandles more than two-million disaster victims’ PII. Notes on Cyber 9/12. And there’s a squabble for YouTube subscribers. Robert M. Lee from Dragos on their recent purchase of Next Defense and the subsequent open-sourcing of their tools. Guest is Rohit Sethi from Security Compass on the PCI security framework.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_25.html 

Support our show

Ryuk ransomware relationship revelations — Research Saturday

Mar 23, 2019 21:39

Description:

Investigators from McAfee's advanced threat research unit, working with partners at Coveware, have reevaluated hasty attributions of Ryuk ransomware to North Korea and have explored the inner workings of the threat.

John Fokker is head of cyber investigations in McAfee's Advanced Threat research unit. He join us to share their findings.

The original research can be found here:
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/ryuk-exploring-the-human-connection/

 

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Finland’s data protection authority investigates suspicious smartphone activity. GitHub repos are leaking keys. Cardiac devices can be hacked.

Mar 22, 2019 23:28

Description:

In today’s podcast, we hear that Finland’s data protection authority is investigating reports that Nokia 7 Plus smartphones are sending data to a Chinese telecom server. Thousands of API tokens and cryptographic keys are exposed in public GitHub repositories. The US government warns that certain cardiac devices can be hacked from close range. A North Carolina county government is dealing with its third ransomware attack. And Magecart groups go after bedding companies. Malek Ben Salem from Accenture Labs with thoughts on securing the digital economy. Guest is Adam Isles from the Chertoff Group on supply chain risks.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_22.html 

Support our show

Russian APTs target EU governments. FIN7 is back. Google and Facebook scammed.

Mar 21, 2019 19:36

Description:

Fancy Bear and Sandworm are launching cyberespionage campaigns against European governments before the EU parliamentary elections. The FIN7 cybercrime group is still active, and it’s using new malware. A scammer stole more than $100 million from Google and Facebook. Facebook stored hundreds of millions of passwords in plaintext for years. And chatbots can learn to impersonate you based on your texts. Ben Yelin from UMD CHHS on rumors of NSA shutting down the Section 215 program. Guest is Jadee Hanson from Code 42 on insider threats.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_21.html 

Support our show

Norsk Hydro recovers from LockerGoga infection. Cyber conflict, cyber deterrence, and an economic case for security. EU out of compliance with GDPR? Big Tech in court. Thoughts on courtship.

Mar 20, 2019 19:55

Description:

In today’s podcast, we hear that Norsk Hydro’s recovery continues, with high marks for transparency. Some notes on the challenges of deterrence in cyberspace from yesterday’s CYBERSEC DC conference, along with context for US skepticism about Huawei hardware. Cookiebot says the EU is out of compliance with GDPR, it’s sites infested with data-scraping adtech. Google and Facebook get, if not a haircut, at least a trim, in EU and US courts. And some animadversions concerning digital courtship displays.  Dr. Charles Clancy from VA Tech’s Hume Center on updates to the GPS system. Guest is Landon Lewis from Pondurance on balancing AI and human intelligence.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_20.html 

Support our show

LockerGoga hits Norse Hydro. Mirai botnet malware gets an update. The DHS is concerned about cybersecurity.

Mar 19, 2019 18:57

Description:

In today’s podcast, we hear that an aluminum manufacturing giant in Norway has suffered a major ransomware attack. A new version of the Mirai botnet malware is targeting enterprise systems. The US Homeland Security Secretary says the private sector and the government in the United States need to work together against cyber threats. Europol has a new cyber incident response strategy. And cybersecurity executives say some vendors’ marketing tactics are having a detrimental effect on the security industry. Johannes Ullrich from SANS and the ISC Stormcast Podcast on hardware security issues at the perimeter. Guest is Nathan Burke from Axonius, winners of the 2019 RSAC Innovation Sandbox competition.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_19.html 

Support our show

Online content and terrorism. Huawei’s shifting strategy. Venezuela’s grid failure is explicable by corruption and incompetence--no hacking or sabotage required. Gnostiplayers are back. AI and evil.

Mar 18, 2019 16:24

Description:

In today’s podcast we hear about content moderation in the aftermath of the New Zealand mosque shootings. A shift in Huawei’s strategy in the face of Five Eye--and especially US--sanctions: the US doesn’t like us because we’re a threat to their ability to conduct untrammeled surveillance. Corruption, neglect, and replacement of experts by politically reliable operators seem to have caused Venezuela’s blackouts. Gnosticplayers are back, with more commodity data. And AI has no monopoly on evil--natural intelligence has that market cornered. Joe Carrigan from JHU ISI on the recently announced DARPA funded effort to develop and open-source voting system.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_18.html 

Support our show

ThinkPHP exploit from Asia-Pacific region goes global — Research Saturday

Mar 16, 2019 11:43

Description:

Akamai's Larry Cashdollar joins us to describe an exploit he recently came across while researching MageCart incidents. It's a remote command execution vulnerability affecting ThinkPHP, a popular web framework.

The original research can be found here:
https://blogs.akamai.com/sitr/2019/01/thinkphp-exploit-actively-exploited-in-the-wild.html

 

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Terror, announced and celebrated online. JavaScript sniffer afflicts e-commerce sites. Cryptojacking in the cloud. Perspectives on regulation, thoughts on a pervasive IoT. China’s IP protection law.

Mar 15, 2019 21:55

Description:

In today’s podcast, we hear that a terror attack against two New Zealand mosques is announced on Twitter and live-streamed on Facebook. A new, unobtrusive JavaScript sniffer infests some e-commerce sites in the UK and the US. Cryptojacking finds its way into the cloud. A look at the consequences of regulation, both good and bad. How CISOs will have to grapple with the increasingly pervasive Internet-of-things. And China’s National People’s Congress makes a gesture toward respecting IP, but the world remains skeptical. Craig Williams from Cisco Talos with an update of crypto miners. Guest is Nirmal John, author of the book, “Breach: Remarkable Stories of Espionage and Data Theft and the Fight to Keep Secrets Safe.”

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_15.html 

Support our show

Indonesian election security. Watering hole in Pakistani passport site. RAT hunting. “Intelligence brute-forcing.” Just-patched zero-day exploited. PoS DGA attack. Operation Sheep. BND advises “nein” to Huawei.

Mar 14, 2019 20:12

Description:

In today’s podcast, we hear that Indonesia says it’s got its voting security under control, and a lot of the problems sound like good old familiar fraud and dirty campaigning. Trustwave warns of a watering hole on a Pakistani government site. Recorded Future goes RAT hunting. Proofpoint offers a look at “intelligent brute-forcing.” Kaspersky reports on two espionage APTs exploiting a just-patched Microsoft zero-day. Flashpoint describes an unusual point-of-sale attack, and Check Point find Trojanized Android apps. Germany’s BND warns against Huawei.  Robert M. Lee from Dragos with thoughts on the Venezuelan power outages. Guest is Jeremy Tillman from Ghostery on the California Consumer Privacy Act.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_14.html 

Support our show

Election security and influence operations. Hacking the Fleet. Undersea cable competition. 5G worries. Calls to rein in Big Tech. UN report outlines North Korean cyber crime (there’s a lot of it).

Mar 13, 2019 20:23

Description:

In  today’s podcast, we hear that election interference concerns persist around the world. Governments seek to address them with a mix of threat intelligence and attention to security basics. A US Navy report says the Fleet’s supply chain is well on the way to being pwned by Chinese intelligence. Undersea cables are a center of Sino-US competition. The European Parliament warns about the Chinese threat to 5G infrastructure. More calls to rein in Big Tech. And the UN looks at North Korea and sees massive cyber crime. Emily Wilson from Terbium Labs with a look back at the Equifax breach. Guest is Dr. Wenliang (Kevin) Du from Syracuse University on his SEED labs and the importance of hands-on training in cyber security.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_13.html 

Support our show

Venezuela power blackout updates. Social media and social control. Trojanized games. Free decryptor out for ransomware strain. Ads on Facebook. A look at 30 years of the web.

Mar 12, 2019 20:11

Description:

In today’s podcast, we hear an update on Venezuela and its power outages. Amplification of social media posts as a form of mass persuasion. A look at how control of the Internet has replaced control of the radio station as a move in civil war and coup or counter-coup planning. Asian game makers get backdoored out of China. Decryptors are out for BigBobRoss ransomware. Senator Warren versus Facebook, and Facebook versus itself. And Sir Tim Berners-Lee on the Web’s 30th birthday. Joe Carrigan from JHU ISI with an early look at NSA’s Ghidra reverse engineering tool. Guest is Dr. Phyllis Schneck from Promontory Financial Group (an IBM company) on regulation in cyber security, a preview of her talk at the upcoming JHU Annual Cybersecurity Conference for Executives. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_12.html 

Support our show

Allegations and information operations. Iridium group may have compromised Citrix. Sino-American trade and security conflicts continue. Fashions in trolling.

Mar 11, 2019 16:54

Description:

Venezuela sustains power outages, and the regime blames hackers and wreckers. The opposition says it’s all due to the regime’s corruption, incompetence, and neglect. Citrix loses business documents in what might have been an Iranian espionage operation. Huawei’s suit against the US gets some official cheering from Beijing. The US warns against Chinese information operations. And Russian troll farmers turn to amplification. Daniel Prince from Lancaster University on the importance of Cyber Design. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_11.html 

Support our show

Job-seeker exposes banking network to Lazurus Group — Research Saturday

Mar 9, 2019 22:11

Description:

Vitali Kremez is a Director of Research at Flashpoint. His team discovered that the recently disclosed intrusion suffered in December 2018 by Chilean interbank network Redbanc involved PowerRatankba, a malware toolkit with ties to North Korea-linked group Lazarus. The intrusion represents the latest known example of Lazarus-affiliated tools being deployed within financially motivated activity targeted toward financial institutions in Latin America.

The original research can be found here:
https://www.flashpoint-intel.com/blog/disclosure-chilean-redbanc-intrusion-lazarus-ties/

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Chinese influence campaigns. Egyptian spear phishing. Hundreds of million email records exposed.

Mar 8, 2019 22:58

Description:

In today’s podcast, we hear that Chinese information operations on US social media are widespread. The Egyptian government launches spear phishing attacks against activists. Hundreds of millions of email records were found online. Chelsea Manning is back in jail. The US is retaliating for Chinese cyberespionage. And Facebook wants to change its image. Ben Yelin from UMD CHHS on a PA supreme court ruling on protection of employee’s personal information. Guest is Scott Shackelford from Indiana University on the Paris call for trust and security.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_08.html 

Support our show

Scope of APT33 attacks revealed. GandCrab criminals shift tactics. Slub malware uses Slack.

Mar 7, 2019 20:55

Description:

The scope of Iran-linked APT33 cyberattacks has been revealed. GandCrab criminals are using more sophisticated tactics. A new type of malware was using Slack to communicate. Chrome gets an important update. Huawei sues the US, and Germany sets tougher security rules for telecom companies. And people who invest in cryptocurrency often don't know what they're getting into. David Dufour from Webroot with his thoughts on RSA Conference. Guest is Asaf Cidon from Barracuda Networks on account takeover vulnerabilities.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_07.html 

Support our show

5G worries. Whitefly vs. SingHealth. Speculative execution bug.

Mar 6, 2019 20:11

Description:

In today’s podcast, we hear that Australia's former prime minister warns Britain about Chinese tech companies. Symantec says Whitefly was behind SingHealth's massive data breach. Iranian hackers show code overlap. Intel CPUs are vulnerable to another speculative execution flaw. The NSA hasn't been using its domestic phone surveillance program lately. Sharing code presents dangers. And Google will ban political ads in Canada. Justin Harvey from Accenture with results from their Costs of Crime report, as well as observations from RSAC. Guest is Gerald Beuchelt from LogMeIn with info from their latest password survey.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_06.html 

Support our show

India hacks back. Rob Joyce discusses cyber conflict. Chinese hackers look for maritime technologies. Google reveals a macOS vulnerability.

Mar 5, 2019 19:48

Description:

In today’s podcast, we hear that India went on the offensive when its government websites were attacked by hackers from Pakistan. Rob Joyce, Senior Advisor for Cybersecurity Strategy to the Director of the US National Security Agency, discusses trends in cyber conflict. A Chinese cyberespionage group hacks for maritime technologies. Facebook lets people look you up by your two-factor authentication phone number. And Google researchers disclose a vulnerability in macOS.  CyberWire Editor John Petrik with results from the RSA Conference Innovation Sandbox. Guest Balaji Parimi from CloudKnox weighs the pros and cons of various authorization schemes.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_05.html 

Support our show

Operation Sharpshooter. Canada begins extradition process. Huawei will sue the US. Facebook’s global lobbying practices revealed. Visitor management systems are vulnerable.

Mar 4, 2019 15:22

Description:

In today’s podcast, we hear that Operation Sharpshooter is linked to North Korea. Canada begins the extradition process for Meng Wanzhou. Huawei is planning to sue the US for banning its equipment from government use.  Facebook may have used questionable tactics to lobby against stricter data protection laws. Thailand passes a controversial cybersecurity law. And IBM interns discover a host of vulnerabilities in visitor management systems. Joe Carrigan from JHU ISI with details on a Ring Doorbell vulnerability.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_04.html 

Support our show

Fake Fortnite app scams infect gamers — Research Saturday

Mar 2, 2019 15:17

Description:

Researchers at Zscaler have been tracking a variety fake versions of the popular Fortnite game on the Google Play store, along with associated scams. Deepen Desai is head of security research at Zscaler, and he joins us to share their findings.

The original research can be found here:

https://www.zscaler.com/blogs/research/fake-fortnite-apps-scamming-and-spying-android-gamers

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Qbot spreads. Bug hunting makes a millionaire. US Cyber Command shows what “persistent engagement” looks like. Huawei agonistes. There’s no Momo, really.

Mar 1, 2019 23:07

Description:

Qbot infections are spreading. The bounty-hunting gig economy apparently has its first millionaire. Observers are liking what they see in US Cyber Command’s “persistent engagement.” Canada mulls the extradition of Huawei’s CFO to the US. The US continues to call Huawei a security risk, and Huawei has some things to say back. The Momo Challenge is a viral online craze, but not the way you may have heard. Awais Rashid from Bristol University with thoughts on edge computing. Guest is Dr. Dena Haritos Tsamitis from Carnegie Mellon University on improving the culture of infosec, as well as her thoughts on the upcoming RSA conference. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_01.html 

Support our show

Third-parties can misconfigure, too. Coinhive goes out of business. Intel decides 5G project with Chinese partner is too hard. Bronze Union. Clearing Facebook data. Proper disposal of lawful intercept tools.

Feb 28, 2019 20:50

Description:

In today’s podcast we hear that a misconfigured Amazon Web Services database has exposed a risk screening database--and it seems the exposure itself was an instance of third-party risk. Farewell to Coinhive, long a favorite of cryptominers everywhere. Intel pulls back from a 5G project with a Chinese partner. A quick look at Bronze Union, and what the threat actor’s up to. Facebook will soon help you clear your data. And if you have a lawful intercept tool you no longer need, please don’t sell it on eBay. Malek Ben Salem from Accenture Labs on the commoditization of malware. Guest is Michelle Dennedy from Cisco with results from their most recent Data Privacy Benchmark Study.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_28.html 

Support our show

Router vulnerabilities. Hacking around the Hanoi summit. DDoSing an election. Brushing back a troll farm. Crytpojacking an embassy.

Feb 27, 2019 20:34

Description:

In today’s podcast, we hear that Nokia routers have been found vulnerable to man-in-the-middle and denial-of-service attacks. As one would expect, the  US and North Korean summit in Hanoi this week summons up some hacking. Ukraine accuses Russia of DDoS attacks in the service of election disruption. US Cyber Command played some chin music for St. Petersburg during US midterm elections. And if you’re going to hack into an embassy, wouldn’t you want to do more than install a cryptojacker? David Dufour from Webroot with insights on their pending purchase by Carbonite. Guest is Randy Vanderhoof from the Secure Technology Alliance on managing identity and fraud in the payment space. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_27.html 

Support our show

Sino-Australian, Sino-American cyber tensions. Threat trends. Bare-metal cloud issues addressed. USB-C and memory attacks, Credential stuffing in tax season. Twitter hijacking.

Feb 26, 2019 20:35

Description:

In today’s podcast, we hear updates on suspicions of Chinese operators. Some trend reports from IBM and NETSCOUT. Bare-metal cloud services get reflashed. USB-C ports may be more vulnerable than thought to direct memory access attacks. Credential-stuffing attacks hit users of online tax-preparation services. And that missile attack on Tampa was not a drill—in fact, it never happened at all—and congratulations to the citizens of Florida for recognizing a hack and a hoax when they see one.  Justin Harvey from Accenture on the types of vulnerabilities adversaries target. Guest is Guarav Tuli from F-Prime Capital on the current venture capital environment for cyber. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_26.html 

Support our show

Another warning of DNS hijacking. B0r0nt0k ransomware is out and about, and in too many servers. Whitelisting a controversial CA. Blockchain security. Bots get on the consular calendar.

Feb 25, 2019 16:21

Description:

In today’s podcast, we hear that ICANN has warned of a DNS hijacking wave, and is urging widespread DNSSEC adoption. Security firms see Iran as a particularly active DNS hijacker. A B0r0nt0k ransomware outbreak infests Linux servers, but Windows users might be at risk as well. A request for whitelisting in the Firefox certificate store arouses controversy. Technology Review raises questions about blockchain security. Bots keep people from getting consular appointments, and people don’t like it. And telling minotaurs from unicorns. Rick Howard from Palo Alto Networks with tips on moving data to the cloud.  

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_25.html 

Support our show

Rosneft suspicions shift from espionage to business email compromise — Research Saturday

Feb 23, 2019 27:06

Description:

Researchers at security firm Cylance have been tracking a threat group targeting the Rosneft Russian oil company. As Cylance uncovered details, suspicions shifted from state-sponsored espionage to business email compromise. 

Kevin Livelli is director of threat intelligence at Cylance, and he joins us to share what they found.

The original research can be found here:
https://threatvector.cylance.com/en_us/home/poking-the-bear-three-year-campaign-targets-russian-critical-infrastructure.html

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Influence operations in Ukraine’s elections. Australian hacks look more like China’s work. Huawei and the 5G future. Objectionable content in comments. DrainerNot. No more soldier-selfies in Russia.

Feb 22, 2019 25:20

Description:

In today’s podcast, we hear that Kiev says it’s found complex, large-scale Russian influence operations in Ukraine’s presidential election. Australian investigators are said to be closer to concluding that recent hacking attempts were the work of Chinese intelligence services. There’s also plenty of ordinary crime to go around. Huawei continues its charm and affordability offensive. User comments drive advertisers away from YouTube. DrainerBot sucks power from phones. And Russia outlaws soldier-selfies. Ben Yelin from UMD CHHS about a lawsuit involving a man refusing to unlock his phone at the U.S. border. Guest is Linda Burger from NSA with information on their Technology Transfer Program. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_22.html 

Support our show

Hybrid war and tactical influence operations. Separ lives off the land. NoRelationship attacks get past email filters. Responsible disclosure. Man-in-the-room bug. Ship hacking. Password managers.

Feb 21, 2019 20:24

Description:

In today’s podcast we hear about a test of influencing soldiers through their social media: Instagram works best, Twitter not so much. Separ credential-stealing malware successfully lives off the land. NoRelationship attacks get past some email filters. Spamming users to get your point across may not be the best form of disclosure. University researchers find a man-in-the-room bug. Other researchers think they could capsize a ship. Britain’s NCSC continues its dance with Huawei. Password managers remain a good idea. Emily Wilson from Terbium Labs discussing law enforcement on the dark web. UK correspondent Carole Theriault returns with the story of surveillance and facial recognition in London. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_21.html 

Support our show

Fancy Bear phishes in think tanks. Lazarus Group takes a swipe at Russian organizations. New decryptor for GandCrab. Citizen Lab and Novalpina discuss NSO Group. Ryuk’s lousy help desk.

Feb 20, 2019 20:37

Description:

In today’s podcast, we hear that Microsoft has disclosed a Fancy Bear sighting, snuffling around Atlanticist think tanks in Europe. Ukraine says, in effect, see, we told you so. Speaking of bears, it seems that North Korea’s Hidden Cobra may be striking at the biggest bear of them all, going after Russian targets. There’s new decryptor available for GandCrab ransomware. Citizen Lab and NSO Group’s new partial owner exchange notes. A look at a ransomware help desk. Mike Benjamin from CenturyLink with an update on the Necurs botnet. Guest is Tommy McDowell from the R-CISC (the retail ISAC) on the importance of sharing threat data.

International cyber conflict: India and Pakistan; Australia and China. Rietspoof malware. Microsoft ejects cyptojackers from its store. NCSC may go easy on Huawei. Parliament criticizes Facebook.

Feb 19, 2019 20:24

Description:

In today’s podcast, we hear of a small flare in cyber conflict between India and Pakistan. Australian political parties as well as Parliament subjected to attempted cyberattacks. A new strain of malware is being distributed through messaging apps. Microsoft pulls cryptojacking Windows 10 apps from its store. Britain’s NCSC is rumored to have concluded that it can mitigate Huawei risks. Facebook gets a harsh report from Westminster. And a hacker claims a higher motive for his breach (but still wants Bitcoin).  Joe Carrigan from JHU ISI on Apple requiring two-factor authentication for developers. Guest is Igal Gofman from XM Cyber on network compromise through email.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_18.html 

Support our show

Seedworm digs Middle East intelligence — Research Saturday

Feb 16, 2019 16:19

Description:

Researchers at Symantec have been tracking Seedworm, a cyber espionage group targeting the Middle East as well as Europe and North America. The threat group targets government agencies, oil & gas facilities, NGOs, telecoms and IT firms.

Al Cooley is director of product management at Symantec, and he joins us to share their findings.

The original research can be found here:
https://www.symantec.com/blogs/threat-intelligence/seedworm-espionage-group

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

GandCrab notes. Make tests, not bans, says GSMA. Content moderation. Takedown of inauthentic accounts. Influence operations. Happy birthday, GCHQ.

Feb 15, 2019 26:04

Description:

In today’s podcast, we hear that GandCrab has been scuttling through unpatched holes. Independent testing as an alternative to banning specific vendors as security risks. Big Tech gets some Congressional scrutiny over content moderation. Facebook takes down inauthentic accounts working to influence the Moldovan elections. The Federal Trade Commission is rumored to be queuing up a record privacy fine. Defending forward from disillusioned Bears. And happy birthday, GCHQ. Craig Williams from Cisco Talos on router vulnerabilities. Guest is Amanda Berlin, founder of Mental Health Hackers on her efforts to address mental health issues in infosec.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_15.html 

Support our show

Former Air Force counterintelligence specialist indicted on charges of spying for Iran. Where’s the stolen Equifax data? Two alleged Apophis Squad clowns indicted.

Feb 14, 2019 20:32

Description:

In today’s podcast we hear that US prosecutors have unsealed the indictment of a former US Air Force counterintelligence specialist on charges she conspired to commit espionage on behalf of Iran. The US Treasury Department announces further sanctions on Iranian individuals and one organization named in that indictment. Two alleged members of Apophis Squad are indicted. Whatever became of the all the data stolen from Equifax? That information’s apparently not for sale on the dark web. Malek Ben Salem from Accenture Labs on reducing the attack surface of containers. Guest is Kevin McNamee from Nokia with results from their recent threat intelligence report. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_14.html 

Support our show

China says it had nothing to do with the Parliament hack in Australia. Notes on Patch Tuesday. Shlayer and GreyEnergy malware analyzed. Tomorrow is Valentine’s Day—act accordingly.

Feb 13, 2019 19:59

Description:

In today’s podcast, we hear that China has denied involvement in the Australian Parliament hack. Patch Tuesday notes. A new strain of Shlayer malware is out. A look at GreyEnergy. Reactions to the destructive VFEmail attack. And thoughts on St. Valentine’s Day, with advice, admonition, and an excursus on credential-stuffing and holiday doughnuts. Dr. Charles Clancy from VA Tech’s Hume Center on the Pentagon’s use of AI for RF spectrum management. Guest is Matt Cauthorn from ExtraHop on malicious Chrome extensions.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_13.html 

Support our show

VFEmail attacked, infrastructure wiped. EU considers a response to APT10. US Executive Order on AI is out. GPS jamming threat. Stryker hack. Shadow IT in the Corps.

Feb 12, 2019 19:35

Description:

In today’s podcast, we hear that VFEmail has sustained a devastating, data-destroying attack. The EU considers whether it should, can, or will make a coordinated response to China’s APT10. A US Executive Order outlines a strategy to maintain superiority in artificial intelligence. Norway warns, again, of the risk of GPS jamming. US Army Stryker vehicles were hacked during testing last year. And some Marines are getting ahead of themselves, downloading close air support control apps to personal tablets. Johannes Ullrich from SANS and the ISC Stormcast podcast on using hardware flaws for network access. Guest is Shane Harris from the Washington Post with an update on the Paul Whelan case in Russia.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_12.html 

Support our show

Cryptojackers gone wild. Attempted hack of Australia’s Parliament investigated. Huawei security concerns continue. Russia tests Internet autarky. Prosecutors investigate alleged blackmail.

Feb 11, 2019 19:02

Description:

In today’s podcast, we hear that clipper malware has been ejected from Google Play. A different cryptojacker is kicking its competitors out of infected machines. Australian authorities continue to investigate the attempted hack of Parliament, with Chinese intelligence services as the prime suspects. How do you solve a problem like Huawei? Russia prepares to test its ability to disconnect from the Internet in the event of war. Prosecutors investigate alleged blackmail by below-the-belt selfie. Ben Yelin from UMD CHHS on politicians blocking citizens on social media.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_11.html 

Support our show

Trends and tips for cloud security — Research Saturday

Feb 9, 2019 19:50

Description:

The team at Palo Alto Networks' Unit 42 recently published research tracking trends in how organizations are addressing cloud security, along with tips for improvement. 

Ryan Olson is VP of threat intelligence at Palo Alto Networks, and he joins us to share their findings.

The original research can be found here:
https://unit42.paloaltonetworks.com/unit-42-cloud-security-trends-tips/

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

 

Australia’s Federal Parliament has a cyber incident. DHS warns of third-party spying. Legit privacy app tampered with. Credit Union phishing. Bezos vs. Pecker. FaceTime bounty. Seal scat.

Feb 8, 2019 25:11

Description:

In today’s podcast, we hear that Australia is investigating an attempted hack of its Federal Parliament. The US Department of Homeland Security warns that spies are working through third parties to get to their targets. Spyware is bundled in a legitimate privacy app. Credit unions get spearphished. Mr. Bezos says, “No thanks, Mr. Pecker.” Apple will pay a FaceTime bug bounty. Microsoft says don’t use IE as a browser. And what they found in that seal scat.  Justin Harvey from Accenture on credential stuffing. Guest is Sandi Roddy from Johns Hopkins APL on secure key management.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_08.html 

Support our show

Social engineering and the power of brands. Insecure check-ins? APT10 is quiet but not gone. MacOS Keychain bug. Assessment of Chinese device manufacturers continues.

Feb 7, 2019 20:01

Description:

In today’s podcast, we hear about social engineering, with a few new twists. Some airlines may be exposing passenger data with insecure check-in links. APT10 may be lying low, for now, but the US Department of Homeland Security expects the cyber spies to be back. A researcher finds a macOS Keychain bug, but would rather not tell Apple about it. Governments in Europe and North America continue to assess risks associated with Huawei and ZTE. And a Trojan hides in The Sims 4. Awais Rashid from Bristol University with thoughts on the challenges of securing smart phones. Carole Theriault explores recent concerns over popular video app VLC Player security issues with Sophos’ Paul Ducklin.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_07.html 

Support our show

APT10 stays busy. More skepticism about Huawei (and ZTE, for that matter). No foreign “material effect” on US midterms. Reverse RDP risk. IIoT bug found. RSA Innovation Sandbox finalists.

Feb 6, 2019 20:43

Description:

In today’s podcast, we hear that Chinese threat group APT10 seems to have been busy lately, and up to its familiar industrial espionage. More governments express skepticism about Chinese manufacturers. The US report on election security is out: influence ops were found to have had no material effect on the midterms. Lithuania worries about Russian election meddling. A reverse RDP attack risk is reported. An industrial IoT remote code flaw. And congratulations to the finalists in RSA’s Innovation Sandbox. Emily Wilson from Terbium Labs on biometrics for sale on the dark web. Guest is Katie Nickels from MITRE on the ATT&CK knowledge base.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_06.html 

Support our show

ExileRAT versus Tibet. SpeakUp backdoors Linux. Facebook bans Myanmar militias. Norway sees a threat in Huawei. Westminster gets hacked? Bangladesh Bank sues over SWIFT caper.

Feb 5, 2019 20:10

Description:

In today’s podcast, we hear that ExileRAT is targeting Tibet’s government-in-exile. The SpeakUp backdoor afflicts many varieties of Linux systems. Facebook bans ethnic militias in Myanmar from its platform. Norway’s PST intelligence service says that Huawei constitutes a security risk, and China says that’s nonsense. Someone seems to be hacking contact lists belonging to UK Members of Parliament. Bangladesh Bank is suing to recover the $81 million missing from its 2016 SWIFT heist. Joe Carrigan from JHU ISI on Facebook’s password flexibility on mobile devices. Guest is Joseph Williamson from EclecticIQ on cyber espionage and nation state threats.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_05.html 

Support our show

Tracking the impresario behind Collection#1. OceanLotus and a new downloader. CookieMiner malware afflicts Macs. Huawei’ prospects. Influence ops. Extortion by bluff.

Feb 4, 2019 17:46

Description:

In today’s podcast, we hear that Collection#1 looks like the work of an aggregator who goes by the name of “C0rpz.” OceanLotus is working with a new downloader. CookieMiner malware is poking around in Macs. Huawei continues to receive harsh security scrutiny internationally even as it seeks to position itself as a 5G leader. Russian influencers begin to attend to Venezuela. And if someone says they’ve got video of you looking at things you shouldn’t, they probably don’t. Rick Howard from Palo Alto Networks on Australia’s controversial encryption legislation. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_04.html 

Support our show

Online underground markets in the Middle East — Research Saturday

Feb 2, 2019 17:59

Description:

Researchers at Trend Micro recently published their look inside online underground marketplaces in the Middle East and North Africa, where criminals are buying and selling malware, laundering money and event booking their next discount vacation.
Jon Clay is director of global threat communications at Trend Micro, and he joins us with their findings. 

The original research can be found here:
https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/cash-and-communication-new-trends-in-the-middle-east-and-north-africa-underground

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

No more Apple time-out for Facebook and Google. Inauthentic sites taken down. Fancy Bear paws at Washington, again. Malware-serving ads. Amplification DDoS. Data exposures in India.

Feb 1, 2019 24:39

Description:

In today’s podcast, we hear that Apple has let Facebook and Google out of time-out. Russia decides it would like access to Apple data because, you know, its Russian law. Social networks take down large numbers of inauthentic accounts. Fancy Bear is snuffling around Washington again, already, with some spoofed think-tank sites. Shape shifting campaign afflicts ads. China sees CoAPP DDoS attacks. An Aadhaar breach hits an Indian state as the SBI bank recovers from a data exposure incident. Johannes Ullrich from SANS and the ISC Stormcast Podcast on the effectiveness of blocklists. Guest is Daniel Faggella from Emerj Artificial Intelligence Research on the future of AI and security.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_01.html 

Support our show

Commodity credential stuffing gets four new collections. Google was also doing a pay-to-pwn, like Facebook. Russian trolling. FaceTime bug investigation. Joanap botnet. Other online scams.

Jan 31, 2019 20:05

Description:

In today’s podcast, we hear that Collections #2 through #5 have joined Collection #1 in hacker fora. Google is found to be collecting data from devices in much the same way its advertising peer Facebook was. Russian trolls seek to discredit the Special Counsel’s investigation of influence ops. New York State opens an investigation into Apple’s response to the FaceTIme bug. The US Department of Justice aims to disrupt a North Korean botnet. And a rundown of some current online scams. Mike Benjamin from Century Link with information on TheMoon botnet and how it targets websites. Guest is Lewie Dunsworth, CISO & Executive Vice President of Technical Operations at Herjavec Group on projected increases in ransomware aimed at hospitals.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_31.html

 

Support our show

US IC on cyber threats. Iran goes after PII. UAE surveillance described. Scanning for unpatched routers. Huawei’s possible fates. Scam exploits child. FaceTime disclosure. Facebook Research.

Jan 30, 2019 19:49

Description:

In today’s CyberWire, we hear that US Intelligence Community leaders testify that the major cyber threat comes from Russia, China, North Korea, and Iran. Iran’s APT39 takes an interest in PII. A UAE surveillance program is revealed. Hackers scanning for unpatched Cisco routers. What Huawei faces, in addition to fines. The FaceTime bug and responsible disclosure. Facebook was paying people to pwn their phones. Scam artists exploit a small disabled girl. And the Government shutdown’s mixed effect on cybersecurity. Craig Williams from Cisco Talos on Pylocky, a ransomware strain they’ve been tracking. Guest is Mark Orlando from Raytheon on safeguarding online information.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_30.html

 

Support our show

004 Case studies in risk and regulation — CyberWire-X

Jan 30, 2019 32:13

Description:

In the final episode of our four-part series, called “Ground Truth or Consequences: the challenges and opportunities of regulation in cyberspace,” we examine some of the game changing high profile breaches like Yahoo, Equifax and OPM, along with their impacts and lessons learned.

Our guest is Dr. Christopher Pierson, CEO and founder of BlackCloak.

Later in the program we'll hear from Jason Hart, CTO for enterprise and cybersecurity at Gemalto. They're the sponsors of this show.

FaceTime’s odd bug, and how to squash it. FormBook malware surges through a new hosting service. Some international law enforcement wins. International conflict in cyberspace.

Jan 29, 2019 20:04

Description:

In today’s podcast, we hear that a FaceTime bug lets you listen to someone’s phone before they’ve even picked up. FormBook malware’s surge is abetted by a new hosting service. Compromised server market xDedic has been taken down. Europol is looking for Webstressor users. Huawei faces new US criminal charges. Kim’s ambitious economic plan may augur ambitious North Korean hacking. EU foretells a surge in Iranian cyberattacks. Waiting for information operations around the Venezuelan crisis. Joe Carrigan from JHU ISI on legacy Twitter location data privacy issues. Guest is Jamil Jaffer from IronNet Cybersecurity with highlights from his recent Capital Hill briefing, “Nation-State Threats, Collective Defense, and Strategic Deterrence in Cyberspace: (How) Can We Get Better Fast?”

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_29.html

 

Support our show

Someone takes an unhealthy interest in Citizen Lab. Ukraines accuses Russia of election phishing. Russian bigshots doxed. Tension over Venezuela. Swatting indictments. National Privacy Day.

Jan 28, 2019 19:10

Description:

In today’s podcast, we hear about some Spy vs. Spy at Citizen Lab, but who the spies were working for isn’t clear. Ukraine’s cyber police accuse Russia of phishing for election influence. As Fortuna’s wheel turns, Russian bigwigs get doxed by transparency hacktivists. Great power tension over Venezuela bears watching in cyberspace. Alleged swatters indicted and arrested. Happy National Privacy Day. Emily Wilson from Terbium Labs on “fullz” records of children being sold on the dark web. Guest is Sean Lyngaas from CyberScoop with his insights on the DNS hijacking threat.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_28.html

 

Support our show

Amplification bots and how to detect them. — Research Saturday

Jan 26, 2019 18:34

Description:

Researchers from Duo Security have been analyzing the behavior of Twitter bots in a series of posts on their web site. Their most recent dive into the subject explores amplification bots, which boost the impact of tweets through likes and retweets.

Jordan Wright is a principal R&D engineer at Duo Security, and he joins us to share their findings.

Link to the original research - 
https://duo.com/labs/research/anatomy-of-twitter-bots-amplification-bots

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Glitches, not attacks or takedowns. Tracing Gray Energy and Zebrocy back to their servers. US Army tactical cyber operations. Venezuela crisis. Bellingcat and OSINT. Roger Stone arrested.

Jan 25, 2019 25:03

Description:

In today’s podcast, we hear that two potential cyberattacks now look like glitches. Gray Energy and Zebrocy look as if they’re close enough to be, if not the same threat actor, at least first cousins. The US Army pushes significant cyber capability to a tactical level. Venezuela’s crisis may provide the next occasion for Russian information operations. How Bellingcat exposes info operations. Special Counsel Mueller secures the indictment and arrest of Roger Stone. And leave the Nest alone. Dr. Charles Clancy from the Hume Center at VA Tech on confusing marketing claims from AT&T with regard to 5G cellular technology. Guest is P. W. Singer, author of the book LikeWar, the Weaponization of Social Media.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_25.html

 

Support our show

The US House of Representatives wants to know more about DNS-hijacking. Huawei skepticism. Anonymous dunnit, say the Russians. Financial data exposed. Family spooked by hackers.

Jan 24, 2019 20:00

Description:

In today’s podcast, we hear that the US House would like some more information from DHS about what prompted its emergency directive about DNS hijacking. More skepticism about Huawei from various governments. A British think tank has been hacked—observers think Russia’s GRU is good for it, but Russia says no, hey, it was Anonymous, and they did a good job. Exposed database leaves financial information out for the taking. Creeps take over a family’s Nest. Ben Yelin from UMD CHHS with a 4th amendment  personal privacy case out of Alaska. Guest is Kathleen Smith from CybersecJobs.com and ClearedJobs.net on the career benefits of volunteering.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_24.html

 

Support our show

Emergency Directive 19-01 versus DNS hijacking. 2019 US National Intelligence Strategy on cyber. France says cyber war is upon us. Courts in UK have email trouble. Hacks and lulz.

Jan 23, 2019 19:43

Description:

In today’s podcast, we hear that Emergency Directive 19-01 has told US Federal civilian agencies to take steps to stop an ongoing DNS-hijacking campaign. The US National Intelligence Strategy is out, and it prominently features cyber as a “topical mission objective.” France says that war has begun in cyberspace, and that the enemy should be en garde. British barristers scramble to restore secure email. A metals firm sustains an attack on business systems. And some clown cuts Australian telecoms cables. Justin Harvey from Accenture on blocking incoming threats. Guest is Tom Huckle from Crucial on closing the skills gap.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_23.html

 

Support our show

Ex-employee backdoor. Stealthy DDoS. Anubis dropper looks for motion. Influence operations. Privacy actions. The curious case of the espionage arrest in Russia.

Jan 22, 2019 20:44

Description:

In today’s podcast, we hear that the WordPress Multilingual Plugin was compromised by a disgruntled ex-employee. Stealthy DDoS might escape notice. Anubis droppers wait for the phone to move before executing. EU works against influence in its May elections. France fines Google for lack of transparency under GDPR. Facebook may face FTC action. And more emerges on the curious case of the American/Canadian/Irish/British citizen arrested in Moscow for spying.  Johannes Ullrich from SANS and the ISC Stormcast podcast on gift card scams. Carole Theriault speaks with guest Maria Varmazis about Fortnite vulnerabilities.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_22.html

 

Support our show

Luring IoT botnets to the honeypot — Research Saturday

Jan 19, 2019 18:54

Description:

Researchers from Netscout's ASERT team have been making use of honeypots to gather information on rapidly evolving IoT botnets that take advantage of default usernames and passwords to gain access and take control of unprotected devices.

Matt Bing is a security research analyst with Netscout, and he guides us through their findings.

The original research can be found here:
https://asert.arbornetworks.com/dipping-into-the-honeypot/

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Collection #1 and the threat of credential stuffing. Cryptojacker disables some cloud security tools. Don’t chat with strange bots. Facbebook shutters more Russian coordinated inauthenticity.

Jan 18, 2019 25:48

Description:

In today’s podcast we hear that Collection #1 is big but not the end-of-the-world. Still, be on the lookout for credential stuffing attacks. Rocke cryptojacker can disable some cloud security services. Beware of Telegram bots. Facebook shuts down a few hundred inauthentic Russian pages, and Sputnik shows up as either a free-speech paladin or another troll farm—take your pick. Epic Games closes a vulnerability that exposed data of Fortnite players. Malek Ben Salem from Accenture Labs on power grid vulnerabilities to botnets. Guest is former U.S. Secretary of Homeland Security Michael Chertoff discussing his book Exploding Data.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_18.html

 

Support our show

Cyber espionage vs. the RoK MoD. Fancy Bear’s old Lojax tricks. US rumored to be prepping another case against Huawei. Database exposure in Oklahoma. Yes Men prank Post.

Jan 17, 2019 19:53

Description:

In today’s podcast, we hear that South Korea’s Defense Ministry has disclosed a cyber espionage incident. Fancy Bear sticks to its old tricks with Lojax. The US Justice Department is rumored not to be done with Huawei—this time an IP theft beef is believed to be coming. A big database exposure case in Oklahoma. And an update on yesterday's bogus Washington Post edition: it was a prank by the Yes Men. Mike Benjamin from Century Link with an update on the Mylobot botnet. Guest is Angie White from Iovation on PSD2, the payment services directive update.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_17.html

 

Support our show

SEC, DoJ, issue civil and criminal complaints against EDGAR hackers. Lazarus Group in Chile? Iran’s Ashiyane Forum. Cryptomix ransomware. Money laundering through Fortnite. Fake WaPo edition.

Jan 16, 2019 20:29

Description:

In today’s podcast, we hear that the SEC and the Department of Justice are going after EDGAR hackers for securities fraud. Flashpoint sees the Lazarus Group in an attack on Chile’s Redbanc. Recorded Future shares notes on Iran’s Ashiyane Forum. Crytpomix ransomware is being distributed by fraudulent charitable appeals. Organized gangs are using Fortnite in-game currency for money laundering. A slickly done bogus edition of the Washington Post was being handed out in DC this morning. Ben Yelin from UMD CHHS on a recent ruling regarding 5th amendment protections for biometrics. Guest is Kevin O’Brien from GreatHorn on techniques to improve email security.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_16.html

 

Support our show

Web hosts fix account takeover issues. Passenger Name Record exposure proof-of-concept. Swatting isn’t funny. Chinese manufacturers and suspicions of espinonage.

Jan 15, 2019 19:43

Description:

In today’s podcast, we hear that a bug hunter has found and responsibly disclosed issues in web hosts. Compromising Passenger Name Records in airline reservations. Business email compromise seems on the rise, and it’s also growing a bit more interactive. A Facebook executive is swatted, and absolutely nobody should dismiss this sort of thing as a joke. China would like everyone to stop saying bad stuff about Huawei, but the Polish government seems unconvinced that there’s nothing to see here. Rick Howard from Palo Alto Networks, revisiting the notion of a cyber moon shot. Carole Theriault reports on a hack of the Australian emergency warning system. She speaks with Paul Baccas from Proofpoint.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_15.html

 

Support our show

Polish espionage case. Ryuk tactics, and some thoughts on its attribution. Access-control system zero-days. Lawsuit may bring clarity to cyber insurance war exclusion clauses.

Jan 14, 2019 18:58

Description:

In today’s podcast, we hear that Huawei has fired the sales manager arrested for espionage in Poland, and says that if he was spying, he was freelancing. Ryuk ransomware now looks more like a criminal than a state-sponsored operation. And its “big-game hunting” has pulled in almost four million dollars since August. Access control system zero-days found. And a lawsuit is likely to set some precedents concerning what counts as cyberwar. Joe Carrigan from JHU ISI on updated NIST password guidelines. Guest is Vijaya Kaza from Lookout on the shifting role of privacy in infosec.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_14.html

 

Support our show

Magecart payment card theft analysis — Research Saturday

Jan 12, 2019 29:01

Description:

Researchers at RiskIQ have been tracking a series of web-based credit card skimmers known as Magecart. We take a closer look at attacks on Ticketmaster, British Airways, NewEgg and Shopper Approved payment card pages. 

Yonathan Klijnsma is lead of threat research at RiskIQ, and he guides us through what they've learned.

Links to RiskIQ research:

https://www.riskiq.com/blog/labs/magecart-ticketmaster-breach/
https://www.riskiq.com/blog/labs/magecart-british-airways-breach/
https://www.riskiq.com/blog/labs/magecart-newegg/
https://www.riskiq.com/blog/labs/magecart-shopper-approved/

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Iran linked to DNS hijacking campaign. Smart doorbells not smart enough about security. Fuze cards are convenient for crooks, too. Huawei espionage arrest in Poland. Russian sympathy for NSA.

Jan 11, 2019 22:05

Description:

In today’s podcast, we hear that FireEye has called out Iran “with moderate confidence” for a long-running DNS-hijacking campaign. Smart doorbells may not be smart enough for their users’ comfort, if reports of video sharing are to be credited. Crooks are finding Fuze cards as handy as good-guy consumers do. Poland makes two arrests in an espionage case linked to Huawei. And the Russian media are happy to offer sympathy to NSA for some alleged security lapses at Fort Meade. Craig Williams from Cisco Talos with details on Persian Stalker targeting secure messaging apps. Guest is Rajiv Dholakia from Nok Nok Labs on the security pros and cons of biometrics.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_11.html

 

Support our show

TA505’s new tools. ISIS turns to emerging chat apps. Reddit asks for password resets. The EU’s right to be forgotten gets some court-imposed limits. The tweets Kaspersky flagged to NSA.

Jan 10, 2019 19:28

Description:

In today’s podcast, we hear that Proofpoint researchers are tracking the latest developments from the unusually diligent cyber criminals fo TA505. ISIS turns to newer, less closely monitored and moderated apps as it’s pushed out of larger social networks. Reddit asks users to reset their passwords, and to make them good ones. Google seems to have made strides against expansive interpretation of the EU’s right to be forgotten. And the curious tweets of @HAL999999999. Jonathan Katz from UMD on updated WiFi security. Guest is Ameesh Divatia from Baffle on the growing frustration with how companies handle our private information.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_10.html

 

Support our show

ICEPick-3PC in the wild. Influence ops warning in Israel. Hackerangriff and a lone hacktivist. OXO and Magecart. The Dark Overlord wants you. Oversharing. Internet autarky. Kaspersky helped NSA?

Jan 9, 2019 19:26

Description:

In today’s podcast, we hear that ICEPick-3PC is out in the wild and scooping up Android IP addresses. Shin Bet warns of influence operations threatening Israel’s April election—much predictable yelling and finger-pointing ensues. German authorities are pretty convinced Hackerangriff is the work of a lone, disgruntled student. OXO may have suffered a Magecart infestation. Dark Overlord’s labor market play. Facebook sharing. Internet autarky. And did Kaspersky finger an NSA contractor to NSA for mishandling secrets? Dr. Charles Clancy from VA Tech on security gaps in the 5G specification. Guest is Denis Cosgrove from Booz Allen Hamilton on the growing connectivity and autonomy in motor vehicles. 

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_09.html

Support our show

German police have a suspect in #hackerangriff. Cyber espionage awareness campaign. Cyber cold war in the offing? US political operators learn from Russian trolls. WikiLeaks on the record.

Jan 8, 2019 19:50

Description:

In today’s podcast, an arrest has been made in #hackerangriff: a student in the German state of Hessen. The US begins a campaign to heighten businesses’ awareness of cyber espionage. Observers see a coming “cyber cold war,” with China on one side and a large number of other countries on the other. Facebook is following a widening investigation into the use of inauthentic accounts, ads, and sites in recent US elections. WikiLeaks’ lawyers tell news media to stop defaming the organization and its founder.  Emily Wilson from Terbium Labs on the nine lives of a credit card. Guest is Robb Reck from Ping Identity on NIST password guidance.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2019_01_08.html

Support our show

German doxing incident remains under investigation. Marriott breach update. Dark Overlord watch. Can cryptocurrency become less burdensome in terms of energy consumption?

Jan 7, 2019 20:01

Description:

In today’s podcast, we hear that investigation into the doxing campaign German political leaders suffered continues, and the Interior Minister promises a transparent inquiry. Attribution remains unsettled, but a lot of people are looking toward Russia. Marriott thinks fewer guests were affected by its Starwood breach than initially feared. Online gamers affected by breaches. The Dark Overlord continues to make a pest of itself. And can alt-coin production become less of an energy hog? Awais Rashid from Bristol University on securing large-scale infrastructure. Guests are Karen Waltermire and Harry Perper from NIST, discussing the NIST National Cybersecurity Center of Excellence (NCCoE).

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2019_01_07.html

Support our show

NOKKI, Reaper and DOGCALL target Russians and Cambodians — Research Saturday

Jan 5, 2019 14:28

Description:

Researchers from Unit 42 at Palo Alto Networks have discovered an interesting relationship between the NOKKI and DOGCALL malware families, as well as a new RAT being used to deploy the malware.

Jen Miller-Osborn is Deputy Director of Threat Intelligence with Unit 42, and she joins us to share their findings.

The original research can be found here:
https://unit42.paloaltonetworks.com/unit42-nokki-almost-ties-the-knot-with-dogcall-reaper-group-uses-new-malware-to-deploy-rat/

 

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

 

Doxing in Germany. How Lojax works. Spyware found in apps downloaded from Google Play. ISIS hijacks dormant Twitter accounts. Update on Moscow spy case. Chromecast hacking endgame.

Jan 4, 2019 25:03

Description:

In today’s podcast, we hear that German politicians, celebrities, and journalists have been doxed by parties unknown. ESET describes the workings of Lojax malware. Google ejects spyware-infested apps from the Play Store. ISIS returns online to inspire, via some hijacked dormant Twitter accounts. Updates on the arrest of a dual US-UK citizen on spying charges in Moscow. And some PewDiePie followers sort of say they’re sorry for hacking Chromecasts. Sort of. Justin Harvey from Accenture with his outlook toward 2019. Guest is Ken Modeste from UL (Underwriters Laboratories) on their evolution as a safety certification organization.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2019_01_04.html

Support our show

2019’s first noteworthy breach. Update on the Tribune Publishing hack. reCAPTCHA defeated in proof-of-concept. Dark Overlord should avail itself of the right to remain silent.

Jan 3, 2019 19:39

Description:

In today’s podcast, we hear that prize for first big breach of 2019 goes to Australia, but the year is young. Ryuk “artisanal” malware implicated in newspaper print-plant hacks. reCAPTCHA gets captchu’d, again. The Dark Overlord teases some pretty dull stuff, a step ahead of the law and Pastebin content moderators. PewDiePie followers continue to pester Internet users. And there’s a new play about Reality Winner, the alleged NSA leaker. Johannes Ullrich from SANS and the ISC Stormcast podcast on cold boot attacks on laptops. Guest is Sarah Squire from Ping Identity with results from a survey on consumer response to breaches.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2019_01_03.html

Support our show

Stop the presses—the presses were stopped by ransomware. Video security system found vulnerable to oversharing. Changes in US DoD leadership. An arrest in Moscow, a court ruling in Baltimore. 

Jan 2, 2019 19:56

Description:

In today’s podcast, we hear that US newspapers sustained a major cyberattack—possibly ransomware—over the weekend that disrupted printing. The attack is said to have originated overseas, but attribution so far is preliminary, murky, and circumstantial. Home security video system is found to have hard-coded credentials. Changes in US Defense leadership. An American is arrested in Mosow on espionage charges. And alleged NSA leaker Hal Martin wins one and loses two in court. Ben Yelin from UMD CHHS on whether remotely wiping a mobile device could be considered destruction of evidence. Guest is Steve Durbin from the ISF on using a human-centered approach to building security teams.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2019_01_02.html

Support our show

Apple Device Enrollment Program vulnerabilities explored — Research Saturday

Dec 22, 2018 17:24

Description:

Researchers at Duo Security have been looking into Apple's Device Enrollment Program (DEM) and have discovered vulnerabilities that could expose users of the service to potential issues from social engineering and rogue devices.

James Barclay is Senior R&D Engineer at Duo Security, and he joins us to share what they've found.

The original research can be found here:

https://duo.com/blog/weak-apple-dep-authentication-leaves-enterprises-vulnerable-to-social-engineering-attacks-and-rogue-devices

 

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

Operation Cloudhopper and industrial espionage. Anonymous social network Blind server left exposed. Reputation jacking. Alexa shares too much, by accident. Hitman scam is back.

Dec 21, 2018 29:26

Description:

In today’s podcast, we hear that the Five Eyes have had quite enough of Stone Panda’s Cloudhopping, thank you very much, and they want Beijing to put a stop to it. Beijing says it’s all slander, and that the Yankees are probably just as bad. Blind turns out not to be as blind as its users thought. Reputation jacking comes to business email compromise. Alexa complies with GDPR, but goes a little overboard. And no, a hitman has not been hired to get you, no matter what that email says. Joe Carrigan from JHU ISI on hackers bypassing GMail two-factor authentication. Guest is Brian McCullough, host of the TechMeme Ride Home podcast and author of the book How the Internet Happened.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_21.html

Support our show

003 Risk and regulation in the financial sector — CyberWire X

Dec 21, 2018 29:09

Description:

In the third episode of our four-part series, called “Ground Truth or Consequences: the challenges and opportunities of regulation in cyberspace,” we take at risk and regulation in the financial sector, specifically how it intersects with cyber security. How do organizations operate in a heavily regulated global financial environment, while protecting their employees, their customers, and the integrity of a system largely built on trust?

Joining us are Valerie Abend from Accenture and Josh Magri from the Bank Policy Institute.

Later in the program we'll hear from Jason Hart, CTO for enterprise and cybersecurity at Gemalto. They're the sponsors of this show.

US indicts two Stone Panda operators amid ongoing international concern over Chinese IP theft. Suspicious customer support traffic on Twitter. Emergency IE patch. Influence experiment.

Dec 20, 2018 20:19

Description:

In today’s podcast, we hear that the US has indicted two hackers working for China’s Ministry of State Security. US and allies are said to be planning a joint response to China’s industrial espionage. Twitter sees suspicious customer support traffic. Microsoft issues an emergency patch for Internet Explorer. Facebook continues to struggle with transparency. New Knowledge CEO acknowledges a questionable experiment in social media manipulation. And, flash: Russian embassy hack was “brutal.” Rick Howard from Palo Alto Networks with some holiday reading suggestions. Guest is Sarah Tennant from the Michigan Economic Development Corporation describing new cyber security initiatives at Michigan universities.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_20.html

Support our show

Suspicion of Chinese hardware manufacturers continues. EU diplomatic cables leaked. Hiding out by dumbing down. Facebook data-sharing. NASA PII exposed. Parrot uses Alexa to advantage.

Dec 19, 2018 19:57

Description:

In today’s podcast we hear of more international skittishness about Chinese hardware manufacturers. Information operations in Taiwan’s elections. EU diplomatic cables hacked, rehacked, and published. Dumbing down cyber craft as a form of misdirection. More Facebook data-sharing practices come under scrutiny. NASA PII exposed; investigation continues. And did you hear the one about the parrot, Alexa, Amazon orders, and sappy dance tunes?  Jonathan Katz from UMD describing security improvements in the Signal messaging app. Guest Michael Doran from Optiv with tips on protecting your organization from ransomware.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_19.html

Support our show

Shamoon 3 and Charming Kitten. Czech CERT issues warning concerning Huawei, ZTE. Influence ops and a Facebook boycott. PewDiePie’s followers versus the Wall Street Journal.

Dec 18, 2018 19:54

Description:

In today’s podcast, we hear that Shamoon 3 and the renewed activity of Charming Kitty strike observers as the long-expected Iranian cyber retaliation for reimposition of sanctions. The Czech CERT says Huawei and ZTE both represent a threat. Huawei insists it didn’t do nuthin’. Facebook faces a boycott in the wake of Senate commissioned reports on Russian trolling. And PewDiePie’s followers deface a Wall Street Journal page. Craig Williams from Cisco Talos with a look back at 2018. Carole Thieriault speaks with Rapid7's Tod Beardsley about their Industry Cyber Exposure report.

Huawei and the Five Eyes. Report on Russian trolling finds fluency in American. Boomstortion scammers turn to new threats. PewDiePie followers hack printers, again.

Dec 17, 2018 15:07

Description:

In today’s podcast, we hear that the Five Eyes agreed to contain Huawei’s potential for espionage. Huawei and ZTE both continue their charm offensive to convince international customers it’s safe to use their gear. Senate commissioned report on Russian influence operations finds the St. Petersburg troll farmers “fluent in American trolling.” Boomstortion scammers now threaten acid attacks. PewDiePie followers—again—hack printers, but this time they say it’s for the public good. Justin Harvey from Accenture on M&A targets and resilience.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_17.html

Support our show

The Sony hack and the perils of attribution — Research Saturday

Dec 15, 2018 20:14

Description:

Researchers at Risk Based Security took a detailed look back at the 2014 Sony hack, comparing analysis that occurred while the facts were still unfolding with what we know, today. There are interesting lessons to be learned, especially when it comes to attribution.

Brian Martin is V.P. of vulnerability intelligence at Risk Based Security, and he shares their findings.

The research can be found here:
https://www.riskbasedsecurity.com/2018/09/you-didnt-think-the-sony-saga-was-over-did-you/

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

False flags and real flags. ISIS claims the Strasbourg killer as one of its soldiers. A bogus bomb threat circulates by email.

Dec 14, 2018 25:02

Description:

In today’s podcast, we hear about false flag cyberattacks that mimic state actors, especially Chinese state actors. Chinese intelligence services are prospecting US Navy contractors. Russia’s Fancy Bear continues its worldwide phishing campaign. ISIS claims the career criminal responsible for the Strasbourg Christmas market killings as one of its soldiers. And a bogus bomb threat is being circulated by email—call the technique “boomstortion.”  Malek Ben Salem from Accenture Labs on smart speaker vulnerabilities. Guest is Laura Noren from Obsidian Security on data science ethics.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_14.html

Support our show

Shamoon variant implicated in Saipem hack. Charming Kitten reappears. Sino-American tension over trade and industrial espionage.

Dec 13, 2018 20:36

Description:

In today’s podcast we hear that the Saipem hack looks like a new Shamoon variant. Charming Kitten started prowling through relevant places after the Iran sanctions became more serious. US authorities denounce Chinese espionage, especially industrial espionage, but there are as yet no new indictments or sanctions. Concerns mount over Chinese influence operations. Another Canadian may be in Chinese custody—possibly in retaliation for the detention of Huawei’s CFO. Ben Yelin from UMD CHHS on how password policies align with the 5th amendment. Guest is Liz Rice from Aqua Security on the notion of security teams “shifting left.”

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_13.html

Support our show

Operation Sharpshooter. Meng makes bail. Sino-American cyber tensions. Leadership crises in the UK and France. Congress doesn’t lay a glove on Google. 2018’s bad password practices.

Dec 12, 2018 20:11

Description:

In today’s podcast, we hear some of McAfee’s description of Operation Sharpshooter, an ambitious cyber reconnaissance campaign. Huawei’s CFO Meng makes bail in Vancouver, and China reacts sharply to the arrest. The US is said to be preparing sanctions and indictments in response to various Chinese hacking activities. A no-confidence vote is called in the UK. In France, President Macron makes concessions to the Yellow Vests. Google skates through its interrogation by Congress. And bad passwords get rated. Johannes Ullrich from SANs and the ISC Stormcast Podcast with holiday tips on securing new devices. Guest is Ali Golshan from StackRox on the shift toward DevOps.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_12.html

Support our show

Audit finds no Chinese spy chips on motherboards. Huawei CFO hearings continue in Vancouver. Oilfield services firm’s servers attacked. Spyware and adware. Congressional hearings, reports.

Dec 11, 2018 19:54

Description:

Audit finds no “Chinese spy chips” on Supermicro motherboards. Huawei CFO Meng’s hearing continues. Oil services firm’s servers attacked. Seedworm shows some new tricks. Secure instant messaging apps may be less secure than hoped. A new adware strain reported. Mr. Pichai goes to Washington, and Uncle Pennybags puts in an appearance. The US House Oversight and Government Reform Committee reports on the Equifax breach. Prof. Awais Rashid from Bristol University on risk management in a data-intensive world. Guest is Barry Hensley from Secureworks on supply chain risks.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_11.html

Support our show

A bail hearing in Vancouver. The prospect of indictments in IP theft cases. Kubernetes vulnerabilities. Russia and Ukraine swap hacks? An advance fee scam asks for help getting out of jail.

Dec 10, 2018 19:57

Description:

In today’s podcast, we hear that Huawei’s CFO awaits her immediate fate in a Vancouver detention facility, where she faces possible extradition to the US on a sanctions-violation beef. Huawei itself receives hostile scrutiny from the Five Eyes, the EU, and Japan. US indictments are expected soon in other IP theft cases involving China. Upgrade Kubernetes. Russia and Ukraine swap cyberattacks in their ongoing hybrid war. An advance fee scam promises not only money, but maybe love, too. Emily Wilson from Terbium labs, on why she feels the Lesbians Who Tech conference gets diversity right. 

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_10.html

Support our show

Operation Red Signature targets South Korean supply chain — Research Saturday

Dec 8, 2018 23:54

Description:

Researchers at Trend Micro uncovered a supply chain attack targeting organizations in South Korea. With the goal of information theft, attackers compromised the update server of a third party support provider, resulting in the installation of a RAT, or remote access trojan.

Rik Ferguson is Vice President of Security Research at Trend Micro, and he guides us through their discoveries.

The research can be found here:
https://blog.trendmicro.com/trendlabs-security-intelligence/supply-chain-attack-operation-red-signature-targets-south-korean-organizations/

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

Huawei legal and security updates. A shift to personalized spam in attacks on retailers. “Hollywood hacks” in Eastern European banks.

Dec 7, 2018 25:23

Description:

In today’s podcast we hear that Huawei’s CFO remains in Canadian custody, perhaps facing extradition to the US. All Five Eyes have now expressed strong reservations about Huawei on security grounds. They’ve been joined in this by Japan and the European Union. Proofpoint sees a shift in cybercrime toward more carefully targeted and thoughtful social engineering. Kaspersky describes “DarkVishnaya,” a criminal campaign using surreptitiously planted hardware to loot Eastern European banks. Justin Harvey from Accenture discussing what should be in your incident response “go bag.” Guest is New York Times national security correspondent David E. Sanger, discussing his latest book The Perfect Weapon.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_07.html

Support our show

Huawei CFO arrested in Canada, faces extradition to US. Anonymous claims that Chinese intelligence hacked Marriott. Russian hospital phished. SamSam indictments, warnings. Facebook agonistes.

Dec 6, 2018 19:56

Description:

In today’s podcast, we hear that Huawei’s CFO was arrested in Vancouver on a US sanctions beef. Anonymous sources tell Reuters Chinese intelligence was behind the Marriott hack. A Flash zero-day is used in an attack against a Russian hospital. SamSam warnings and new US indictments. In the UK, Parliament releases internal Facebook emails that suggest discreditable data-use practices. Facebook says the emails are being taken out of context. And DDoS downs Illinois homework. Dr. Charles Clancy from VA Tech’s Hume Center on the ban of specific 5G hardware around the world. Guest is Tom Bonner from Cylance on the SpyRATs of Ocean Lotus.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_06.html

Support our show

DDoS and BEC risks rising. Ukraine says it stopped Russian cyber campaign. EU looks to stopping disinformation. NRCC email compromise. Facebook emails released by Parliament.

Dec 5, 2018 20:01

Description:

In today’s podcast, we hear that CoAp-based DDoS attacks are on the rise. A Nigerian gang has done some industrial-scale work on business email compromise. Ukraine says it stopped a major Russian cyber attack. The EU looks toward its May elections and determines to do something about disinformation. The US National Republican Congressional Committee sustains an email compromise. Attribtution of a phishing expedition to Cozy Bear grows dubious. And Westminster doxes Facebook.  Joe Carrigan from JHU ISI explaining the National Centers for Academic Excellence. Carole Theriault interviews SANS’ James Lyne explains the Cyber Discovery program which aims bolster the security workforce.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_05.html

Support our show

Fancy Bear in Czech government systems. Watering hole attacks. Quora breached. Marriott breach follow-up. Kubernetes privilege escalation flaw. Scams kicked out of Apple’s App Store.

Dec 4, 2018 20:18

Description:

In today’s podcast we hear how Fancy Bears and free-range catphish have been disporting themselves in the Czech Republic. China reported to have used watering hole attacks to gain entry into Australian institutions. Quora suffers a data breach. Marriott’s breach response earns mediocre marks. A Kubernetes privilege escalation flaw is found and patched. Two scammy apps are ejected from Apple’s App Store. An object lesson in the difficulty of controlling fake news—or at least fake op-eds.  Jonathan Katz from UMD on SSD drive encryption security woes. Guest is Brian Egenrieder from SyncDog on the challenges of commingling work and personal mobile devices.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_04.html

Support our show

US Defense Department and UK’s MI6 aren’t buying Russian honey over cyber operations. Iranian influence operations. Marriott breach fallout. Court upholds Kaspersky ban. Ransom and sanctions.

Dec 3, 2018 14:59

Description:

In today’s podcast, we hear that senior US and UK officials have harsh words for Russian actions in cyberspace even as President Putin undertakes a charm offensive at the G20 meetings. (In fairness to the US and UK officials, it’s a pretty dour charm offensive.) Iran ups its influence operations game. Legal investigations and legislative responses to the Marriott breach begin. A US Court upholds the Government’s ban on Kaspersky products. And paying ransom to cyber extortionists could violate US sanctions. Daniel Prince from Lancaster University discussing growth, innovation and productivity within cyber security.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_13_03.html

Support our show

Settling in with GDPR — CyberWire-X

Dec 3, 2018 29:55

Description:

In the second episode of our new, four-part series, called “Ground Truth or Consequences: the challenges and opportunities of regulation in cyberspace,” we take a look at the impact GDPR has had since it's implementation in May 2018.

Joining us are Emily Mossburg from Deloitte, Caleb Barlow from IBM and Steve Durbin from ISF.

Later in the program we'll hear from Jason Hart, CTO for enterprise and cybersecurity at Gemalto. They're the sponsors of this show.

Getting an education on Cobalt Dickens — Research Saturday

Dec 1, 2018 12:24

Description:

Researchers from Secureworks' Counter Threat Unit have been tracking a threat group spoofing login pages for universities. Evidence suggests the Iranian group Cobalt Dickens is likely responsible.

Allison Wikoff is a senior researcher at Secureworks, and she joins us to share what they've found.

The original research is here:
https://www.secureworks.com/blog/back-to-school-cobalt-dickens-targets-universities

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

Marriott suffers data breach. Dunkin Donuts credential stuffing attack. Urban Massage database exposed, unsecured. Fancy Bear paws at German government targets. SamSam cost.

Nov 30, 2018 24:11

Description:

In today’s podcast we hear about Marriott’s big breach. And Dunkin’ Donuts big breach. And, and, Urban Massage’s embarrassing exposure. Lessons are drawn about third-party risk, password reuse, and the importance of being less creepy to the people you do business with. Fancy Bear shows up to paw at the phish swimming in Germany’s government. And how much did SamSam really cost people? FBI? DoJ? Is it millions or billions? In either case you’re talking about real money. Robert M. Lee from Dragos discussing the notion of IoT hot water heaters taking down the power grid. Guest is Michelle Guel from Cisco, discussing smart cities and her perspective as a pioneering woman in the industry.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_30.html

Support our show

Reconnaissance and degradation. Hybrid war in Eastern Europe and Southwest Asia. Eternal Silence infects unpatched systems. Dell customers reset passwords. SamSam indictments.

Nov 29, 2018 20:04

Description:

In today’s podcast, we hear warnings of Russian recon “degradation” of the North American power grid. Information operations in Russia’s hybrid war against Ukraine. Factions in Yemen’s civil war contest cyberspace (and fiber optic cables). Eternal Silence exploits systems not patched against EternalBlue and EternalRed. Dell tells its customers to reset their passwords. And the US indicts two Iranians for deploying the SamSam ransomware. Emily Wilson from Terbium labs with unintended consequences of GDPR. Guest is Francis Dinha, founder and CEO of OpenVPN, discussing the VPN landscape.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_29.html

Support our show

DNSpionage. Cobalt Dickens’ unwelcome return. iOS spyware may be more widespread than believed. Governments move toward content moderation. Small towns, big problems.

Nov 28, 2018 20:35

Description:

In today’s podcast, we hear that DNSpionage espionage tools are hitting Middle Eastern targets. Iran’s Cobalt Dickens returns to pester universities. Lawful intercept vendors receive more scrutiny, and that scrutiny suggests iOS might not have escaped their attention as much as many had assumed. Facebook gets grilled in London. Nine Western countries issue a joint communique resolving to control “false and misleading” content on the Internet. And lessons from small towns. Ben Yelin from UMD CHHS reviewing government requests of Google’s Nest to turn over user information. UK correspondent Carole Theriault speaks with Graham Cluley about police monitoring criminals using the Ironchat secure messaging service.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_28.html

Support our show

Rotexy Trojan gets worse. Bad apps in Google Play. Backdoor for crypto-wallets. Facebook goes before Parliament. Pegasus spyware versus journalists. Russian hybrid war. Too-smart devices.

Nov 27, 2018 20:07

Description:

In today’s podcast we hear that the Rotexy Trojan has evolved into phishing and ransomware. Bad apps found in Google Play. An open source library used in cryptocurrency wallets had a wide-open backdoor. Facebook goes before Parliament, which seems in a pretty feisty mood. Pegasus spyware found to have been deployed against journalists in Mexico and elsewhere. Russia escalates its hybrid war against Ukraine. Do people care if their smart speakers eavesdrop? How about their smart lightbulbs? Johannes Ullrich from SANs and the ISC Stormcast podcast on DNS over HTTPS and network visibility. Guest is Shaun Bierweiler from Hortonworks on the use of open source software in the federal space.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_27.html

Support our show

A quick look at the state of spam. Phishing for power grids. Industrial espionage. Free and command economy versions of social control. Lessons from JTF Ares.

Nov 26, 2018 18:20

Description:

In today’s podcast we hear that Emotet ramped up for Black Friday—beware of the spam. Social engineering and the power grid. Industrial espionage resurfaces as an issue in Sino-American relations. Huawei remains unforgiven in Washington. China’s emerging social credit system. Bottom-up social control in the US: first they came for the dogwalkers. Making a Dutch book on social media. Russia tightens Internet laws. The US Army learns some lessons, in a good way, from Joint Task Force Ares. Joe Carrigan from JHU ISI, wondering if we have a cyber skills gap or a shortage of courage. 

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_26.html

Support our show

Perils of paycards, as Cyber Weekend approacheth. Tessa88 is identified. Many more people than before have now heard of High Tail Hall.

Nov 21, 2018 19:48

Description:

In today’s podcast, we hear that Amazon has offered customers a modified, limited hangout on some kind of data exposure. The online retailer says everything’s OK, but it hasn’t said much else. Facebook is back online—yesterday’s outage attributed to a server misconfiguration. Shoppers and retailers prepare for Cyber Weekend. Tessa88, the dark web data hawker, may have been identified. Cyber espionage continues. And there’s been another breach in what we’ve curiously agreed to call an “adult” site. David Dufour from Webroot on the pros and cons of open source code. Guest is Andrew Kling from Schneider Electric with an update on Triton malware.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_21.html

Support our show

Nation-state cyber campaigns: North Korean, Iranian, Russian, and unknown. Social media outages.

Nov 20, 2018 19:56

Description:

In today’s podcast, we hear about nations behaving badly (but from the point-of-view of cyberespionage they’re doing, unfortunately, well). The Lazarus Group is back robbing banks in Asia and Latin America. Russia’s Hades Group, known for Olympic Destroyer, is back, too. Gamaredon and Cozy Bear have returned, respectively pestering Ukraine and the US. Iran’s OilRig is upping its game with just-in-time malicious phishbait. And it’s not you: Facebook has been down. Malek Ben Salem from Accenture Labs on skills squatting with Amazon’s Alexa. Guest is Ronnie Tokazowski from Flashpoint on his work with the business email compromise working group.

CISA is now officially an agency. Cozy Bear is back. Gmail spoofing issue opens social engineering possibilities. Speculation about “cyber 9/11s.”

Nov 19, 2018 16:45

Description:

In today’s podcast, we hear that CISA is now an agency within DHS. Cozy Bear is back, and spearphishing in American civilian waters. Ukrainian authorities say they’ve detected and blocked a malware campaign that appears targeted against former Soviet Republics. A reported Gmail issue may make for more plausible social engineering. The Outlaw criminal group expands into cryptojacking. Infrastructure, financial, and data corruption attacks discussed as possible “cyber 9/11s”. Rick Howard from Palo Alto Networks with a book recommendation from the Cybersecurity Canon project.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_19.html

Support our show

Doubling down on Cobalt Group activity — Research Saturday

Nov 17, 2018 18:55

Description:

The NETSCOUT Arbor ASERT team has been tracking Cobalt Group campaigns targeting financial institutions. Richard Hummel is manager of threat intelligence with ASERT, and he joins us to share his team's findings. 

The research can be found here:

https://asert.arbornetworks.com/double-the-infection-double-the-fun/

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

GPS jamming. Bank phishing. Exposed server. Censorship, East, West, and South. Is there a sealed indictment of Julian Assange?

Nov 16, 2018 22:36

Description:

In today’s podcast, we ask a question: when does a military exercise become hybrid warfare? Answer: when it affects civilian safety. Like with GPS jamming. Russian banks are sustaining a major, and well-crafted, phishing campaign. An unprotected server exposes SMS messages. China tightens laws enabling censorship and social control. It also helps Venezuela to do likewise. And did the US indict Julian Assange, or is it just a cut-and-paste error? Craig Williams from Cisco Talos with info on the sextortion scams they’ve been tracking. Guest is Christopher Porter from FireEye on threats in the aviation sector.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_16.html

Support our show

RATs and the long game. New ransomware, Learning from other espionage services. Advance-fee scams continue to infest Twitter. Fancy Bear says it can’t be sued.

Nov 15, 2018 18:19

Description:

In today’s podcast, we hear that tRAT indicates a criminal shift to a longer game. Chinese industrial espionage copies Russian services’ tricks. Dharma ransomware evolves. Bitcoin’s price may be tanking, but Bitcoin-based advance-fee scams are still all over Twitter, with bogus big brands’ blue checks all over them. Nigeria plans to go after cyber gangs. Fancy Bear says it can’t be sued, even if it did anything. And why a password manager is better than an infernal machine. Jonathan Katz from UMD describing a side channel attack on mobile device encryption. Guest is Mike McKee from ObserveIT on nation state attacks.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_15.html

Support our show

When BGP hijacking isn’t hijacking at all. The White Company’s Operation Shaheen. SWAuTistic pleads guilty. NPPD will become CISA.

Nov 14, 2018 20:00

Description:

In today’s podcast, we hear that Monday’s BGP hijacking wasn’t hijacking at all, but rather a fumbled upgrade in an ISP. The White Company’s Operation Shaheen is a nation-state espionage campaign directed against Pakistan’s military. Sleazy gamer and hacker SWAuTistic pleads guilty to Wichita swatting charges, and to bomb threats just about everywhere else. And the NPPD will soon become CISA, and the lead US civilian cybersecurity agency. Emily Wilson from Terbium Labs on their recent Truth About Dark Web Pricing white paper. Guest is Gregory Garrett from BDO on their telecommunications risk report.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_14.html

Support our show

GPS jamming. Jihadist account hijacking. ISIS on Wickr? Magecart exposed. Cathay Pacific breach. Paris Call for Trust and Security in Cyberspace.

Nov 13, 2018 19:59

Description:

In today’s podcast, we hear that Finland is investigating  GPS signal jamming during NATO exercises. Russia’s the usual suspect, as usual Russia feels picked on and ill-used. Jihadists seem to be feeling the effects of social media screening, and may turn to account hijacking. Indian intelligence services look at ISIS use of Wickr. A look at Magecart. Cathay Pacific’s breach now believed to be worse than originally thought. The “Paris Call for Trust and Security in Cyberspace” expresses eight aspirations. Joe Carrigan from JHU ISI with a report on the NICE conference, and a presentation on including psychologists in cyber security decision making. Guest is Rich Bolstridge from Akamai with credential stuffing info from their latest State of Internet Security report.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_13.html

Support our show

Regulation in the U.S. — CyberWire X

Nov 13, 2018 28:18

Description:

In this premier episode of our new, four-part series, called “Ground Truth or Consequences: the challenges and opportunities of regulation in cyberspace,” we take a closer look at cyber security regulation in the U.S. 

Joining us are Dr. Christopher Pierson from BlackCloak and Randy Sabett from Cooley LLC. 

Later in the program we'll hear from Jason Hart, CTO for enterprise and cybersecurity at Gemalto. They're the sponsors of this show.

Establishing international norms in cyberspace — Research Saturday

Nov 10, 2018 20:29

Description:

Joseph Nye is former dean of the Harvard Kennedy School of Government. He served as Chair of the National Intelligence Council, and as Assistant Secretary of Defense for International Security Affairs under President Clinton. He serves as a Commissioner for the Global Commission on Internet Governance, and is the author of over a dozen books, including, “Soft Power: The means to success in work politics,” and “The future of power.”

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

Critical infrastructure resiliency. Lazarus Group’s FASTcash robberies. China’s ongoing industrial espionage. Trolls aside, Russian observers think the US elections were A-OK.

Nov 9, 2018 24:52

Description:

In today’s podcast we hear that Britain’s NCSC has warned, again, that the UK is likely to face a Category One cyberattack within the next few years. In the US, Government-industry-academic partnerships work toward making critical infrastructure more resilient to cyberattack. Pyongyang’s Lazarus Group continues to rob ATMs using malware. US officials complain that China is in violation of 2015’s agreement to avoid industrial espionage. Any Russian observers give the US a passing grade for fair midterm elections. Awais Rashid from Bristol University with thoughts on placing trust in blockchain systems. Guest is Bruce Schneier, discussing his latest book, “Click here to kill everybody.”

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_09.html

Support our show

Post hack ergo propter hack: DHS calls Russian claims “noisy garbage.” Responsible and irresponsible disclosure. FCC wants an end to robocalls. USPS Informed Delivery abused. Post Canada—whoa.

Nov 8, 2018 18:53

Description:

In today’s podcast, we hear that, while election hacking seems not have happened in the US this week, that hasn’t stopped the IRA and its mouthpieces in Sputnik, RT, and elsewhere from loudly claiming it has. Election influence operations continue long after the election. VirtualBox zero-day disclosed to everyone. USCYBERCOM posts Lojack to VirusTotal. FCC vs. robocalls. US Postal Services’ Informed Delivery exploited. Canada Post slips to reveal cannabis customers. Dr. Charles Clancy from the Hume Center at VA Tech on in-car cell phone jammers. Guest is Ian Paterson from Plurilock Security Solutions on behavioral biometrics.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_08.html

Support our show

A quick look back at the US midterms, and the cyber Pearl Harbor that wasn’t. Update Apache Struts. Smishing with the Play Store. Another advance fee scam.

Nov 7, 2018 20:01

Description:

In today’s podcast we take a quick look back at the US midterm elections, and at what did and didn’t happen. Is Iran looking at waging cyber-enabled economic warfare? If you use Apache Struts, update now to avoid remote code execution. A spyware-delivering app is used to smish Spanish-speaking users of the Play Store. And, once again, people really seem to think that Elon Musk will return them their Bitcoin donations tenfold. (Enough people to make crime pay, anyway.) Justin Harvey from Accenture on notification laws and incident response. Guest is Christian Lees from InfoArmor with thoughts on what they’re seeing trafficked on the dark web.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_07.html

Support our show

Iran complains, threatens, and spies. Election Day cybersecurity notes.

Nov 6, 2018 19:47

Description:

In today's podcast, we hear that Iran has accused Israel of a second Stuxnet, claiming the attack was thwarted, and threatening retaliation. Nor is Tehran neglecting domestic surveillance of its own: Persian Stalker is involved with some pretty suspicious greyware. It's Election Day in the US, and officials are cautiously optimistic work to secure the voting will be successful. Concerns about information operations persist, and people continue to work to distinguish them from good-old-fashioned American confident chatter. Ben Yelin from UMD CHHS on the FBI using Google location data to nab crooks. Guest is Victor Danevich from Infoblox on the challenges on managing higher ed networks.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_06.html

Support our show

US midterm election cybersecurity updates. PortSmash side-channel proof-of-concept. Botnets compete to cryptojack Android devices. And will the GRU get its "R" back?

Nov 5, 2018 16:01

Description:

In today's podcast, we note that US midterm elections end tomorrow evening, with officials on high alert for election hacking. Russia sends poll watcher to the US to make sure democratic norms are observed. Side-channel attack proof-of-concept announced for CPUs, but risk seems relatively low. Botnets are fighting over Android devices for cryptojacking power. And Russia's GU, né GRU? It looks like it's going to get its "R" back. Rick Howard from Palo Alto Networks with thoughts on DevOps and the future of orchestration. 

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_05.html

Support our show

Election protection — Research Saturday

Nov 3, 2018 22:22

Description:

Symantec technical director Vikram Thakur returns to share his team's look at threat groups APT 28 and APT 29, the influence they had on the 2016 election, and how the cyber security industry has responded in preparation for the 2018 midterms.

The original research can be found here:
https://www.symantec.com/blogs/election-security/election-hacking-faq

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

Cyber Sitzkrieg. Waiting for the Bears to show up (and ready to set the Dogs on them). Facebook private messages for sale.

Nov 2, 2018 25:02

Description:

In today's podcast, we hear that people are asking if that lull in Chinese cyber operations was just a strategic pause. Huawei's on a charm offensive. People are seeing plenty of Russian trolling, but election hacking proper continues to be quiet. Another strategic pause? US Cyber Command is said to be ready to respond to any election cyberattacks swiftly and in kind. And if you want to hear what people think about 80s techno-pop, a dark web souk will sell you the relevant Facebook messages for just one thin dime apiece. Malek Ben Salem from Accenture Labs on blockchain use in election security. Guest is Shannon Morse, host and producer at Hak5.org.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_02.html

Support our show

Wi-Fi access point zero-day reported. US Cyber Command on the offensive. Transparency is tougher than it looks. GandCrab not paying out as much—good. PIPEDA takes effect. Soulmate spyware.

Nov 1, 2018 20:51

Description:

In today's podcast, we hear that Bleeding Bit flaws leave Wi-Fi access points open to war drivers and other malefactors within a hundred meters of your equipment. US Cyber Command continues its attempts to dissuade foreign influence operations against midterm elections. Social networks have difficulty identifying who's buying ads. Canada's data privacy law takes effect today. GandCrab crooks take a million-dollar bath. And if you go to Soulmates in Google Play, you're looking for love in all the wrong places. Johannes Ullrich from the ISC Stormcast podcast on hiding malware in benign files. Guest is Tara Combs from Alfresco on coming US cyber regulations.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_01.html

Support our show

Influence operations, and advice on recognizing them. Ransomware updates. US indicts Chinese nationals for industrial espionage. An object lesson from the US Geological Survey.

Oct 31, 2018 20:00

Description:

In today's podcast, we hear about influence operations in social media (again): Americans remain more vulnerable (because they lack a cultural experience of state propaganda) than Eastern Europeans. Rules of thumb for recognizing the good, the bad, and the bogus online. Kraken Cryptor is a black market leading ransomware strain. SamSam remains active. US indicts Chinese industrial spies. And what not to look at on your Government laptop. David Dufour from Webroot with thoughts on processor vulnerabilities. Guest is Maria Rerecich from Consumer Reports on their product testing processes, and how they’ve evolved to keep up with the times.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_31.html

Support our show

The Malware Mash

Oct 31, 2018 03:07

Description:

Enjoy this rerun of our Halloween musical parody, The Malware Mash!

This cybersecurity stuff is tougher than it looks, US state election officials learn. Saudi surveillance. Espionage in Iran. New attack varieties. Chinese hardware concerns. US sanctions chipmaker.

Oct 30, 2018 19:46

Description:

In today's podcast, we hear that installing cybersecurity tools to protect elections is tougher than it looks. Information operations continue to pose the most prominent foreign threat to US midterm elections, although there are concerns about voting machine security. Cointracker looks like a trader's tool with a side order of malware. Video embedded in Microsoft Word documents can carry malicious payloads through detection systems. Hardware worries and sanctions. Competing visions of norms in cyberspace. Robert M. Lee from Dragos with thoughts on the real-world threat of electromagnetic pulses. Guest is Rahul Kashyapp from Awake Security on the skills shortage and the importance of mentorship.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_30.html

Support our show

Facebook takes down Iranian-run accounts. Criminal investigations look online. IBM to buy Red Hat. Satori is still with us. British Airways and Magecart.

Oct 29, 2018 16:49

Description:

Facebook takes down accounts linked to Iran for coordinated inauthenticity. Iranian information operations appear to be learning from the Russian approach: be divisive, be negative, and be opportunistic. Investigations of pipe-bombs and the Pittsburgh synagogue shooting look at the suspects' digital record. IBM announces its acquisition of Red Hat. The Satori botnet continues to evolve. British Airways and Magecart. Supply chain seeding, probably not; dragonnades, yes. Emily Wilson from Terbium Labs on data from the most recent Facebook breach showing up on the dark web.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_29.html

Support our show

Faxploitation — Research Saturday

Oct 27, 2018 14:34

Description:

Researchers at security firm Check Point Software Technologies explored the possibility of exploiting old, complex fax protocols to gain access to modern multifunction office printers, and then pivot to connected networks. 

Yaniv Balmas is head of security research at Check Point, and he joins us to share what he and his colleague Eyal Itkin discovered.

The research can be found here:
https://research.checkpoint.com/sending-fax-back-to-the-dark-ages/

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

Airline breach bigger than thought. Securing Mexican financial institutions. Demonbot vs. Hadoop. New decryptor out for GandCrab ransomware. Civilian Cybersecurity Corps?

Oct 26, 2018 22:48

Description:

In today's podcast, we hear that British Airways' breach has gotten bigger. Mexico's financial institutions say they've contained the anomalies in interbank transfer systems. "Demonbot" is infesting poorly secured Hadoop servers. Google receives criticism for slow action against ad fraud. Bitdefender and Romanian police produce a decryptor for GandCrab ransomware. Discussion of a "Civilian Cybersecurity Corps:" are white hats the radio hams of the Twenty-first Century? Daniel Prince from Lancaster University joins us to talk about quantum hardware primitives. And Britney Hommertzheim, director of information security at AMC Theaters, sits down with Dave to talk about building partnerships within your organization to strengthen security’s role.

For links to all the stories mentioned in today' podcast, check out today's Daily Briefing: https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_26.html

Influence operations, da. Direct hacking? Maybe nyet. Chalubo botnet borrows old tricks. Financial sector alert in Mexico. Airline breach disclosed. Lawsuits over privacy. ICS Security notes.

Oct 25, 2018 18:26

Description:

In today's podcast, we hear that the US Department of Homeland Security sees lower-than-expected rates of Russian election system probing even as Russian information operations continue. Sophos warns of the emergence of the Linux-based "Chalubo" botnet. Mexico's Central Bank raises its alert level. Cathay Pacific discloses a breach of passenger information. Privacy-related fines and lawsuits. And notes from the 2018 ICS Cyber Security Conference. Justin Harvey from Accenture joins us to talk about insourcing vs. outsourcing threat intelligence, and Tony Pepper from Egress Software Technologies shares his perspective on protecting unstructured data.

For links to all of the stories mentioned in today's podcast, check out our Daily Briefing: https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_25.html

Trolling the trolls. Triton/Trisis attributed to Russia. Asset management in ICS. Threat intelligence drives threat evolution. Shadow web-apps. Apple likes GDPR, hates the Data-Industrial Complex.

Oct 24, 2018 20:01

Description:

In today's podcast, we hear that US Cyber Command has been reaching out to tell the trolls Uncle Sam cares. Industrial control system security suffers from poor asset management practices. FireEye looks at the Triton malware and says the Russians did it, but of course things are complicated. Are hostile intelligence service hackers superheroes, salaryman nebbishes, or something in between? How threat intelligence drives threat evolution. The risk of shadow web-apps. Apple speaks on privacy. Ben Yelin from the University of Maryland Center for Health and Homeland Security talks with us about the EFF coming out against license plate sharing between retailers and law enforcement. Our UK correspondent Carole Theriault speaks with ESET’s Lysa Meyers about overcoming the cyber skills shortage and attracting new talent to the industry.

For links to all the stories in today's podcast, check out today's Daily Briefing: https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_24.html

Influence operations in Brazil and the US. Vulnerabilities disclosed in commonly used software. Healthcare.gov breach. Industrial control system cybersecurity.

Oct 23, 2018 17:59

Description:

In today's podcast we wonder WhatsApp with Brazil's runoff election? Hacktivism hits Davos-in-the-Desert. Kraken Cryptor ransomware gets an upgrade. Remote code execution vulnerabilities disclosed in two classes of systems. Healthcare.gov breach under investigation. More calls for retraction of the spy chip story. Cozy Bear calls for proper Internet governance. US on effects of influence ops. Notes on industrial control system cybersecurity, with an emphasis on attending to the obvious. We talk to Awais Rashid from Bristol University to get his thoughts on supply chain security, and we also hear from IJay Palansky from Armstrong Teasdale on IoT legal liability concerns.

For links to all of the stories discussed in today's podcast, visit https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_23.html

Making the business case for privacy. — Special Edition

Oct 23, 2018 21:09

Description:

In this cyberwire special edition, my guest is Cisco’s Chief Privacy Officer Michelle Dennedy. We discuss what exactly a chief privacy officer does at a global organization like Cisco, why she thinks we’re in the early stages of a privacy revolution, why we all tend to shake our heads cynically when I company claims, “Your privacy is important to us” and how, maybe, respecting the privacy of your users and customers could be a competitive advantage.

This conversation continues on Michelle Dennedy's podcast, Privacy Sigma Riders. 
https://www.cisco.com/c/en/us/about/trust-center/privacy-podcast.html

 

Russian indicted in US midterm election influence conspiracy case. Styles and goals of info ops. Cyber deterrence. DPRK petty crime. Alt-coin scammer. Spy chip story remains unconfirmed, unretracted.

Oct 22, 2018 12:59

Description:

In today's podcast we hear that the US has indicted a Russian accountant for conspiring to influence US midterm elections. Different nations have different styles of information operations because they have different goals. Technology shifts, but underlying principles of propaganda remain. The EU barks cyber deterrence but doesn't bite, yet. North Korea's petty cyber crime wave. A scammer is after alt-coin enthusiasts. And there's neither confirmation nor retraction of Bloomberg's spy-chip story. Joe Carrigan from the Johns Hopkins Information Security Institute joins us to discuss network segmentation.

For links to all of today's stories, visit https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_22.html

Stormy weather in the Office 365 cloud. — Research Saturday

Oct 20, 2018 21:41

Description:

Security firm Lastline recently took a close look at threats to the Office 365 cloud environment, taking advantage of the insights they gain protecting their clients. 

Andy Norton is director of threat intelligence at Lastline, and he joins us to describe their findings. 

The research can be found here:
https://www.lastline.com/blog/malspam-malscape-snapshot-malicious-activity-in-the-office-365-cloud/

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

Chinese supply-chain hack story gets vanishingly thin. Twitter downs pro-Saudi bots. SEO poisoning. OceanLotus evolves. Ransomware notes.

Oct 19, 2018 23:42

Description:

In today's podcast, we hear that no one but Bloomberg seems to retain much faith in Bloomberg's story about Chinese supply-chain seeding attacks. Twitter blocks bots retailing coordinated Saudi talking points about the disappearance of journalist Jamal Khashoggi. Latvia says it blocked attempts to interfere with its October elections. SEO poisoning exploits interest in key words associated with US midterms. OceanLotus shows some new trick. A Connecticut town pays ransom. Ransomware hoods take pity on a grieving father. We speak with our Johannes Ullrich from the SANS Institute who discusses DNSSEC root key rollover and Mike Horning from Virginia Tech, shares the results of a study on the implications of regulating social media. For links to all of today's stories, visit https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_19.html

Looks like Comment Crew, but probably isn't. Facebook breached by spammers. Twitter's big troll trove. Router issues. Who dunnit to YouTube?

Oct 18, 2018 19:51

Description:

In today's podcast, we hear that a campaign reuses some of the old Comment Crew code, but McAfee researchers think it's not the same old Crew. Facebook thinks its big breach was the work of spammers, not spies. Twitter releases a trove of trolling and invites researchers to take a look. Researchers disclose flaws in D-Link and Linksys routers. Ghost Squad says that they downed YouTube the other day, but who knows? And if YouTube goes down, please don't call 911.  Dr. Charles Clancy from VA Tech’s Hume Center on cognitive electronic warfare. Guest is Mike Janke from DataTribe on Maryland’s aspirations to be the nation’s hub of cyber operations.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_18.html

Support our show

Meddling with the midterms — Special Edition

Oct 17, 2018 21:04

Description:

Kim Zetter is longtime cybersecurity and national security reporter for the New York Times, and author of the book Countdown to Zero Day. She joins us to discuss her recent feature for the New York Times Magazine,  titled The Crisis of Election Security. In it she explores the structure and fragile integrity of the US election system, how we got to where we are today, and what can be done to reestablish confidence in the system.

Link to Kim Zetter's feature The Crisis of Election Security:
https://www.nytimes.com/2018/09/26/magazine/election-security-crisis-midterms.html

Two ways of hacking the vote. BlackEnergy is active in Poland and Ukraine. ISIS and info ops. Hurricane-stressed utility further stressed by ransomware. Silicon Valley governance.

Oct 17, 2018 19:30

Description:

In today's podcast, we hear about election security, and two ways of hacking the vote. DHS points out that the states are getting better about sharing election security information. ISIS sets the template for terrorist information operations. BlackEnergy is back, in Poland and Ukraine, with new, "GreyEnergy" malware. Diplomatic targets prospected in Central Asia. North Carolina, recovering from hurricane damage, also faces some ransomware. Silicon Valley governance receives scrutiny. Craig Williams from CISCO Talos on dealing with FUD. New York Times writer Kim Zetter on election security.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_17.html

Support our show

Facebook in Myanmar. Supply chain seeding attack update. Election hacking. NCSC reports. EU prepares sanctions (Russia feels ill-used).

Oct 16, 2018 18:06

Description:

In today's podcast we hear about social networking for genocide in Myanmar: Facebook takes down the Army's inauthentic and inflammatory pages. The supply chain seeding attack from China remains dubious. Probes of US election infrastructure, and black market offers of voter databases, are reported. GCHQ sees cybercrime as a chronic threat, but state-sponsored cyber operations as an acute problem. EU prepares sanctions against a big country to the east. And farewell to Paul Allen, departed this life yesterday at the age of 65. Mike Benjamin from CenturyLink with an update on the Satori botnet. Guest is Larry Sjelin, Director of Game Development at the Center for Infrastructure Assurance and Security, discussing the Cyber Threat Defender card game.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_16.html

Support our show

Facebook breach details. Privacy issues and an image problem for advocates. Supply-chain-attack skepticism. Info ops, bikers, and deniable paramilitaries.

Oct 15, 2018 19:41

Description:

In today's podcast, we heat that Facebook has found that fewer users than feared were affected by its breach, but that in this case "fewer" still means "a lot"—nearly thirty-million of them. Do privacy advocates have an image problem? Supply chain seeding attack story draws more skeptical comment. A pipeline accident turns out not to have been a cyberattack. Estonia joins the UK and the Netherlands in an effort to clarify EU cyber sanctions. But Italy pumps the brakes. (Do Putin's Angels rejoice?) Rick Howard from Palo Alto Networks on exponential technologies, and how they could change the notion of scarcity.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_15.html

Support our show

Driving GPS manipulation — Research Saturday

Oct 13, 2018 27:29

Description:

Researchers at Virginia Tech investigate possible ways to manipulate GPS signals and send drivers to specific locations without their knowledge. 

Gang Wang is Assistant Professor of Computer Science at Virginia Tech, and he joins us to share his team's findings.

The original research can be found here:
https://people.cs.vt.edu/gangwang/sec18-gps.pdf

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

Busy Bears, again. Mixing IT and OT is a risky business. New Android Trojan. Supply chain seeding attack updates. Facebook purges more "inauthentic" accounts. Data privacy. Cyber sanctions.

Oct 12, 2018 24:59

Description:

In today's podcast we hear that Ukraine says it's under cyberattack, again. ESET connects Telebots and BlackEnergy. Port hacks suggest risks of mixing IT and OT. Talos finds a new Android Trojan. Skepticism over Chinese supply chain seeding attack report continues. Facebook purges more "inauthentic" sites—this time they're American. Data privacy regulation is trending, in both Sacramento and Washington. EU will consider cyber sanctions policy. NATO looks to cyber IOC. Alleged SIM-swappers arrested. Jonathan Katz from UMD on the use of a cryptographic ledger to provide accountability for law enforcement. Guest is April Wensel from Compassionate Coding on her work bringing emotional intelligence and ethics to the tech industry.

For links to today's stories check out our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_12.html

Support our show

Seeding-attack skepticism. MSS officer arrested, will face industrial espionage charges in the US. Russia says again that it didn't hack the OPCW.

Oct 11, 2018 20:20

Description:

In today's podcast, we hear that the report of Chinese supply chain seeding attacks comes in for more skepticism: NSA never heard of it, and Congress would like some answers. The US has an officer of China's MSS in front of a Cincinnati court on charges of industrial espionage: he was extradited this week from Belgium. Notes on officers and agents. Russia repeats denials of hacking the Organisation for the Prevention of Chemical Warfare. Ben Yelin from UMD CHHS with a court case on cell site location data. Guest is Brian Vecci from Varonis with results from their data breach survey.

For links to today's stories check out our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_11.html

Support our show

Updates on supply-chain seeding reports. DDoS in Ukraine. GAO reports on US weapon system cyber vulnerabilities. Bugs exploited by Mirai persist. Patch note and toe dialing.

Oct 10, 2018 20:49

Description:

In today's podcast we hear that there's no consensus, yet, on Bloomberg's report of Chinese seeding attacks on the IT hardware supply chain. Ukrainian fiscal authority sustains DDoS attack. GAO reports on cyber vulnerabilities in US Defense Department weapon systems. Xiongmai DVRs and cameras still exhibit bugs exploited by the Mirai botnet. Patch notes. And a lizard toe-dials from a veterinary clinic—he wasn't a patient; just visiting. Robert M. Lee from Dragos with insights on the Bloomberg hardware supply chain story. Guest is Stephen Cobb from ESET with results from their recent AI and ML silver bullet survey.

For links to today's stories check out our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_10.html

Support our show

 

Update on supply chain seeding reports. GRU comes in for more criticism. UK prepares cyber retaliatory capability. Power grid resilience. Panda Banker. Google's good and bad news.

Oct 9, 2018 19:51

Description:

In today's podcast we hear that Bloomberg's report of a Chinese seeding attack on the IT hardware supply chain comes in for skepticism, but Bloomberg stands by—and adds to—its reporting. Everyone is seeing Russia's GRU everywhere, and Russia feels aggrieved by the accusations. The UK prepares a retaliatory cyber capability. The US looks to grid security. Cylance describes Panda Banker. Google had a good day in UK courts Monday, but a bad day elsewhere. Justin Harvey from Accenture with thoughts in OSINT reconnaissance.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_09.html

Support our show

Cryptojacking criminal capers continue — Research Saturday

Oct 6, 2018 22:42

Description:

Researchers at Palo Alto Networks' Unit 42 have been tracking the rise of cryptocurrency mining operations run by criminal groups around the world. Ryan Olson is V.P. of threat intelligence at Palo Alto Networks, and he joins us to share what they've learned.

The original research can be found here:
https://researchcenter.paloaltonetworks.com/2018/06/unit42-rise-cryptocurrency-miners/

 

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

Reports of Chinese seeding attacks on the supply chain. Five Eyes and other allies push back at Russia's GRU. NPPD to become Cybersecurity and Infrastructure Security Agency

Oct 5, 2018 23:54

Description:

In today's podcast, we hear more on the possibility that China's Peoples Liberation Army engaged in seeding the supply chain with malicious chips. Companies deny it, but Bloomberg stands by its story. All Five Eyes denounce Russia's GRU for hacking. Russia responds unconvincingly. And the NPPD will become a new agency within the US Department of Homeland Security, and the lead civilian agency responsible for cybersecurity and critical infrastructure protection. Malek Ben Salem from Accenture Labs on pervasive cyber resilience. Guest is Adam Anderson, scholar in residence at Clemson University’s Center for Corporate Learning and founder of Element Security Group, on behavioral science and cyber crime.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_05.html

Support our show

Bloomberg reports a seeding attack on the supply chain by Chinese intelligence services. GRU is named, shamed, indicted, and expelled.

Oct 4, 2018 19:46

Description:

In today's podcast, we hear that Bloomberg reports that a Chinese hardware hack has infested sensitive US supply chains. Dutch authorities expel GRU officers for attempting to hack the international body investigating the nerve agent attacks in Salisbury. Australia, the UK, and Canada all finger the GRU as responsible for high-profile cyberattacks. The US indicts seven GRU officers for a range of hacking-related crimes. Craig Williams from Cisco Talos with tips on getting the most out of security conferences. Guest is Oussama El-Hilali from Arcserve with thoughts on business continuity and disaster recovery.

 

Facebook breach updates. Bogus Zoho Office Suite. Brazil's big botnet. Vulnerable router firmware. Patch news. A DGSI officer arrested for dark web collusion with the mob. Bad Fortnite cheats.

Oct 3, 2018 19:54

Description:

In today's podcast, we hear that Facebook continues to investigate its breach, and says it's not found any evidence of apps compromised through Facebook Login. Irish authorities open a GDPR investigation of Facebook. Bogus offers of Zoho Office Suite are malicious. A big botnet hits Brazil's banking customers. Home routers found vulnerable. Google and Adobe patch. A DGSI officer is arrested in France for dark web trafficking. FEMA tests its emergency text system. Fortnite cheats are bad news. David Dufour from Webroot on security issues in video games as they become social networks. Guest is Michael Feiertag from tCell with results from their Q2 incident report.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_03.html

Support our show

RDP exploitation. More on the Facebook breach. Google and content moderation. Reaper Group stayed busy even after US-DPRK summit. Spyware in Canada. Hacking an airport.

Oct 2, 2018 19:58

Description:

In today's podcast we hear that the US FBI and DHS warn that RDP exploitation is up. Facebook's breach exhibits the tension between swift disclosure and sound incident response. A look at slow-rolled disclosure. Google draws criticism for some content it hosts. North Korea's Reaper Group never missed a beat. Citizen Lab says Saudi Arabia is spying on at least one prominent dissident who's a permanent resident in Canada. Nepal's airport is hacked, apparently for the lulz. Joe Carrigan from JHU ISI on Android password managers being vulnerable to malicious apps. Guest is Robb Reck from Ping Identity on recently published white papers from the CISO Advisory Council.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_02.html

Support our show

Facebook agonistes. Election meddling. Livestreamed hack gets cancelled.

Oct 1, 2018 19:22

Description:

In today's podcast we hear an update on Facebook's data breach, including EU inquiries, Congressional attention, FTC scrutiny, and user unhappiness. The threat of Chinese election meddling seems to be a matter of concern in the US Intelligence Committee. And, despite promises, there was no livestreamed obliteration of much of anything yesterday. Rick Howard from Palo Alto Networks on rebooting the kill chain.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/September/CyberWire_2018_10_01.html

Support our show

Sophisticated FIN7 criminal group hits payment card data — Research Saturday.

Sep 29, 2018 31:33

Description:

Researchers at security firm FireEye have been tracking malicious actors they call FIN7, a group which targets payment card data in the hospitality industry and elsewhere. They make use of targeted phishing campaigns, telephone vishing and even a convincing front company to do their deeds. 

Nick Carr and Barry Vengerick are coauthors of the research, along with their colleagues Kimberly Goody and Steve Miller. 

The research is titled On the Hunt for FIN7: Pursuing an Enigmatic and Evasive Global Criminal Operation. It can be found here:
https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html

 

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

 

Facebook discloses a major breach. Botnet brute forcing ransomware. Retail domain typosquatting. ATM wiretapping. Ransomware in San Diego. SEC hits cyber deficiencies. Assange retires?

Sep 28, 2018 24:17

Description:

In today's podcast, we hear that Facebook has disclosed a cyberattack that affected fifty million users. A botnet is brute-forcing credentials. Cybercriminals show signs of ramping up spoofed retail domains in preparation for holiday shopping. The US Secret Service warns of ATM wiretapping. The Port of San Diego struggles with ransomware. The US SEC fines a company for cyber deficiencies. Mr. Assange goes offline. And some guy says he'll live-stream his annihilation of a prominent Facebook page. Jonathan Katz from University of MD on Bluetooth pairing protocol vulnerabilities. Guest is Andrea Little Limbago from Endgame on the internet’s effect on global conflict.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/September/CyberWire_2018_09_28.html

Extended interview with Endgame's Andrea Little Limbago:
https://www.patreon.com/posts/21704947

Support our show

Fancy Bear, again and again. QRecorder is a banking Trojan. Authentication issues with Apple's Device Enrollment Program. Notes on regulation. Farewell to a code-breaker.

Sep 27, 2018 19:04

Description:

In today's podcast, we find out that Fancy Bear has its very own rootkit. VPNFilter turns out to do a lot more than previously suspected. One of the Salisbury assassins is identified as a GRU colonel. A voice recorder app is kicked out of Google Play for being a banking Trojan. Apple's Device Enrollment Program may have authentication issues. Big Tech might learn to like being regulated. And farewell to one of Bletchley Park's Jenny Wrens. Mike Benjamin from CenturyLink with thoughts on the Foreshadow vulnerability. Guest is Daniel Riedel from New Context Services, discussing synthetic identities.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/September/CyberWire_2018_09_27.html

Support our show

Cryptojacking and ransomware news. The black market in zero-days looks like a bear market. Google budges (a little) on Chrome login. Senate hearings on privacy. Political campaign cybersecurity.

Sep 26, 2018 17:42

Description:

In today's podcast, we hear that cryptojacking apps have reappeared in Google Play. A brewer's experience with ransomware shows that victims needn't be helpless in the face of extortion. A look at the black market finds that zero-day vendors have grown a lot scarcer on the ground. Google responds—a little—to concerns about privacy in Chrome login. The US Senate is holding hearings on privacy. Big Tech will be there. And are political campaigns slipping into learned helplessness about cybersecurity? Dr. Charles Clancy from VA Tech’s Hume Center on university spin-offs and partnerships. Guest is Dinah Davis from Code Like a Girl on how men can help increase diversity through mentorship.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/September/CyberWire_2018_09_26.html

Support our show

Follow-up to terror attack in Iran. UN data exposure. Kodi and cryptojacking. SHEIN retail breach. Atlanta's ransomware remediation. Payroll phishing. Quantum strategy.

Sep 25, 2018 18:59

Description:

In today's podcast, we hear that Iran has accused Saudi Arabia, UAE, and the US of running Saturday's terror attack "from the shadows." Data exposure at the UN. Kodi platform exploited for cryptojacking. SHEIN retail breach affects more than six million. Atlanta says its ransomware incident is now "over." FBI warns of payroll phishing. A US strategy for quantum technology is offered. A look at sports and cybersecurity. Has the Riemann hypothesis been proved?  Johannes Ullrich from the SANS ISC Stormcast podcast with warnings of post-hurricane scams. Our UK correspondent Carole Theriault explores overly complex online terms and conditions, and speaks with a company that’s chosen a different way. Jeremy Forsberg is CMO at Axel.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_09_25.html

Support our show

Terror attack in Iran prompts info skirmishing, and perhaps worse to come. JET bug disclosed. ANSSI open-sources OS. Anglo-American response to Russian cyber ops. Russian elections. Scam notes.

Sep 24, 2018 16:47

Description:

In today's CyberWire, we hear about a terror attack in Iran that has heightened tensions among adversaries: expect a heightened cyber optempo.  A JET vulnerability in Microsoft products is publicly disclosed as Microsoft misses the Zero Day Initiative's 120-day deadline. France will open-source its secure operating system. UK, US attitudes continue to stiffen towards Russia in cyberspace. Russian elections are surprising, by Russian standards. Notes on some current scams. Ben Yelin from UMD CHHS on a ruling on warrantless GPS tracking at the U.S. border.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_09_24.html

Support our show

ICS honeypots attract sophisticated snoops. — Research Saturday

Sep 22, 2018 21:20

Description:

Researchers at security firm Cybereason recently set up online honeypots to attract adversaries interested in industrial control system environments. It didn't take long for sophisticated attackers to sniff out the virtual honey and start snuffling around.

Ross Rustici is senior director of intelligence services at Cybereason, and he joins us to share what they learned.

The research is titled ICS Threat Broadens: Nation-state Hackers are no Longer the Only Game in Town. It can be found here:
https://www.cybereason.com/blog/industrial-control-system-specialized-hackers

 

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

US National Cyber Strategy. New sanctions. GCHQ beefs up Russia unit. Cryptocurrency heist. Hacking Senatorial Gmail. Crime and punishment.

Sep 21, 2018 25:14

Description:

In today's podcast, we hear about the US national cyber security strategy, and developing international norms, calling out bad actors, establishing a credible deterrent, and imposing consequences are important parts of it. The State Department blacklists thirty-three Russian bad actors. GCHQ is standing up a 4000-person cyber operations group to counter Russian activity. A cryptocurrency heist in Tokyo. Hacking Senatorial Gmail. And some notes on crime and punishment.  Emily Wilson from Terbium Labs on Dark Web exit scamming. Guest is Tanya Janca from Microsoft on her OWASP DevSlop project.

Extended interview with Tanya Janca - 
https://www.patreon.com/posts/21559930

OWASP DevSlop show on Twitch - 
https://www.twitch.tv/videos/307974412

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_09_21.html

Magecart is back. Bad apps booted from Google Play. OilRig taken seriously. Election influence operations. Sending in the National Guard. ICO fines Equifax for last year's breach.

Sep 20, 2018 16:12

Description:

In today's podcast, we hear that Magecart has hit a Philippine media conglomerate. Bogus (and malicious) financial apps are ejected from Google Play. Gulf states are taking warnings about Iran's OilRig seriously. A cloud hosting service serves up phish. Taiwan believes China is preparing to meddle in its elections. Facebook sets up an anti-disinformation war room. Nebraska sends in the National Guard. The UK ICO fines Equifax for last year's breach. Craig Williams from Cisco Talos on distinguishing between features and bugs with regards to security. Guest is Roela Santos from Engility, describing the CyberWarrior scholarship for veterans.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/September/CyberWire_2018_09_20.html

State Department cybersecurity issues. Iron Group's pseudoransomware. Bristol Airport's deliberate recovery. State of cryptojacking. Facebook offers campaigns help. US cyber strategy. Mirai masters.

Sep 19, 2018 19:40

Description:

In this podcast, we hear that the US State Department has acknowledged an email breach. The criminal gang Iron Group is hitting targets with data-stealing and data destroying pseudoransomware. Bristol Airport continues its slow recovery from whatever hit a at the end of last week. A cryptomining study is out. Facebook offers help to political campaigns. The new US cyber strategy is out. ICOs get regulation. Mirai masters get suspended sentences in recognition for the help they've rendered the Government. Daniel Prince from Lancaster University with thoughts on asset-based risk assessment. Guest is Ray Watson from Masergy on soft targets.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/September/CyberWire_2018_09_19.html

Tracking Pegasus. OilRig spearphishing. IP theft from universities. Peekaboo bug in surveillance cameras. WannaMine won't be EternalBlue's last ride. Preventing data abuse.

Sep 18, 2018 19:45

Description:

In today's podcast, we hear about a Citizen Lab report on the global use of Pegasus lawful intercept tools. OilRig seems to be spearphishing in Bahrain. University IP theft by Iran seems widespread, but it also doesn't look very lucrative. Peekaboo vulnerability affects security cameras. WannaMine is the latest campaign to exploit the stubborn EternalBlue vulnerability. Data firms work toward guidelines to prevent political data abuse. David Dufour from Webroot with a primer on quantum computing. Guest is Sam Bisbee from Threat Stack on public cloud breaches.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/September/CyberWire_2018_09_18.html

Ransomware and cryptojacking are all the rage. Iran seeks IP, North Korea seeks a quick buck. More on EU content moderation. Alleged Russian hacking of WADA, Spiez Laboratory. Propaganda overreach?

Sep 17, 2018 18:30

Description:

In today's podcast, we hear about the ransomware that's clogged systems at a UK airport. New variants of ransomware are out and about in the wild. EternalBlue continues to be used to install cryptojackers in vulnerable systems—the campaign is being called WannaMine. EU considers short deadlines and sharp penalties for failure to remove "extremist content" from the Internet. Russia suspected in WADA and Spiez Lab hacking. Did Moscow overreach with its latest Novichok disinformation effort? Malek Ben Salem from Accenture on encryption techniques that make use of DNA.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/September/CyberWire_2018_09_17.html

Android device eavesdropping investigation. — Research Saturday

Sep 15, 2018 17:32

Description:

 

A team of researchers from Northeastern University and UC Santa Barbara examined over 17,000 Android apps, and revealed a number of alarming privacy risks. 

Elleen Pan and Christo Wilson were members of the research team, and they join us to share what they found. 

The research is titled Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications. It can be found here:
https://recon.meddle.mobi/papers/panoptispy18pets.pdf

 

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

 

Magecart continues its way. Evil cursor attacks. Seasonal trends in Trojans. More Novichok disinformation. Pyongyand denounces a "smear campaign." Wait and see on pipeline fires.

Sep 14, 2018 24:22

Description:

In today's podcast we hear that Magecart has achieved another library infestation as Feedify is hit. An evil cursor attack is a variant of a familiar tech support scam. The Ramnit banking Trojan seems to be spiking during the summer, and there are various theories as to why this might be so. More Novichok disinformation is out. Safari url spoofing seems more nuisance than serious menace. North Korea denounces the US for a "smear campaign" against the Lazarus Group, which doesn’t exist, either. Joe Carrigan from JHU ISI shares his frustrations with his bank’s insufficient password practices. Guest is Ron Gula, former CEO and co-founder of Tenable Network Security, currently President at Gula Tech Adventures which focuses on investing and advisement of two dozen cyber-security companies.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_09_14.html

Domestic Kitten spyware. Crypto wallet shenanigans. Firmware issues enable cold boot attacks. BlueBorne bugs are still out and about. Tech support scams. Election security.

Sep 13, 2018 19:56

Description:

In today's podcast we hear that an Iranian domestic spyware campaign has been reported: it's most interested in ethnic Kurds. A bogus cryptocurrency wallet site is taken down. F-Secure warns of a widespread firmware problem that could be exploited for cold boot attacks. The BlueBorne Bluetooth bugs are apparently still out there. Tech support scam ads are taken down. Policies for election security continue to evolve. And Facebook's founder offers some thoughts on how his platform can save democracy. Ben Yelin from UMD CHHS with analysis of a Florida court decision on the use of cell site simulators. Guest is Josh Mayfield from Absolute Software with tips on cyber hygiene. 

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_09_13.html

Executive Order mandates election interference sanctions. British Airways regulatory exposure. Patch Tuesday notes. EU passes copyright law. Russia says no to Novichok. WhatsApp scam.

Sep 12, 2018 19:44

Description:

In our podcast we hear that a US Executive Order issued today will impose sanctions on foreign actors following a determination that there's been an attempt at election meddling. The Executive Order covers both hacking and propaganda. British Airways may receive a heavy fine under GDPR for its recent breach. The EU passes controversial copyright legislation. Russia says the accused Novichok hitmen didn't do nothin'. And watch out for Olivia on WhatsApp—she's not what she at first seems to be. Jonathan Katz from the University of Maryland, with a cryptocurrency bug story from the MIT media lab. Guest is Robert Block from SecureAuth + CoreSecurity, with best practices for securing Office 365. 

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_09_12.html

Trend Micro answers spying allegations. Magecart blamed for British Airways breach. Tor Browser exploit disclosed. Google vs. the right to be forgotten. Accused JPMorgan hacker extradited.

Sep 11, 2018 19:48

Description:

In today's podcast, we hear that Trend Micro has clarified what was up with allegations it was deploying spyware with its tools—no spyware, but they've changed their products to remove the appearance of impropriety. RiskIQ fingers the Magecart gang as the hoods behind the British Airways data breach. Exploit broker Zerodium discloses a no-longer profitable Tor Browser vulnerability. Google will challenge the EU's right-to-be-forgotten in court this week. An extradition in the JPMorgan hack. Justin Harvey from Accenture with tips on building an effective incident response plan. Guest is Colin McKinty from BAE systems, discussing the launch of The Intelligence Network, a collaborative task force developed in partnership with Vodafone and Surrey University, to engage, unite and activate the global security community in the fight against cybercrime. 

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_09_11.html

Elections and information operations, but not necessarily the elections you expect. Apple purges dodgy security apps. Who are the Silence criminals? BA's breach. Cyber moonshots.

Sep 10, 2018 19:30

Description:

In today's podcast, we hear about foreign information operations surrounding elections in Israel and Sweden. Domestic information operations surround local elections in Russia. Apple purges questionable security apps from its store. Are the Silence cyber criminals security industry veterans? British Airways continues to recover from its data breach. What a "cyber moonshot" might actually mean. And ProtonMail says the coppers have collared an Apophis Squad member. Zulfikar Ramzan from RSA with a reality check on blockchain hype . Guest is Yehuda Lindell from Unbound Tech on the Foreshadow vulnerability. 

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_09_10.html

Leafminer espionage digs the Middle East. — Research Saturday

Sep 8, 2018 22:23

Description:

Researchers at Symantec recently published their findings on an active attack group named Leafminer that's targeting government organizations and businesses in the Middle East region. 

Vikram Thakur is a technical director at Symantec, and he joins us to share what they've found.

The research can be found here:
https://www.symantec.com/blogs/threat-intelligence/leafminer-espionage-middle-east

 

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

Russia does the info ops dance. An indictment of a Lazarus Groupie. FOIA shares too much. British Airways breaches. Silence makes some noise. Notes from the Billington Cybersecurity Summit.

Sep 7, 2018 24:38

Description:

In today's podcast we hear that Russia says it had nothing to do with the Salisbury nerve agent attacks, but no one really seems to be buying the denial. The US indicts a North Korean hacker in matters pertaining to the Lazarus Group. FOIA.gov overshares. British Airways sustains a data breach. The "Silence" gang makes some noise in the underworld. Notes from yesterday's Billington Cybersecurity Summit. And Twitter bans a grandstander…for life. Dr. Charles Clancy from VA Tech’s Hume Center describes the Virginia Commonwealth Cyber Initiative. Guest is Rich Baich, CISO at Wells Fargo with insights on protecting a major financial institution. 

Cyberwar looms between Russia and the UK. Twitter and Facebook complete testimony, but inquiries continue. Unpatched MikroTik routers exploited. OilRig's new tricks.

Sep 6, 2018 20:00

Description:

In today's podcast, we hear that the Novichok attacks have brought Britain and Russia to the brink of cyberwar. The UK will take its case to the UN Security Council. Twitter and Facebook have completed their testimony on Capitol Hill, but investigation of tech's role in influence operations and public discourse continue. So do concerns about election security. Unpatched MikroTik routers are being exploited in the wild. OilRig shows some new tricks.  Joe Carrigan from JHU ISI on biometric scanners tagging travelers at the border. Guest is Robert Anderson from the Chertoff Group with insights on the encryption debate. 

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_09_06.html

Sleeper malware. Hakai botnet spreads. SamSam is still with us. US DNI warns of election threats. Congressional panels interrogate Facebook and Twitter, but not Google.

Sep 5, 2018 20:01

Description:

In today's podcast, we hear that German security authorities warn about the possibility of sleeper sabotage malware. A botnet to rival Satori, this one called Hakai, continues to spread to new classes of router. SamSam ransomware remains dishearteningly successful. The US Director of National Intelligence warns against foreign influence in elections. Facebook's former security chief says the midterms could be the World Cup of information Warfare. Silicon Valley comes to Capitol Hill, but without Google. Craig Williams from Talos at Cisco with an update on the Remcos RAT. Guest is Robert Holmes from Proofpoint on the DHS’s Binding Operational Directive (BOD) 18-01 mandate to secure their email systems. 

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_09_05.html

Tracking Stone Panda to the Tianjin Bureau. Ad-fraud and Tokelau. RansomWarrior decrypted. US Congress to grill Facebook, Google, and Twitter. Celebrity scams.

Sep 4, 2018 15:28

Description:

In today's podcast, we hear that Intrusion Truth seems to have Stone Panda dead to rights. Chinese intelligence increases targeting of expatriate Uyghurs. Zscaler warns that an ad-fraud campaign is making use of the Tokelau top-level domain. Check Point has a decryptor for RansomWarrior. The US House and Senate will hear from Facebook, Twitter, and Google this week about influence operations, content moderation, and alleged monopolistic practices. And no, Pope Francis isn't giving away Bitcoin, nor did former President Obama encrypt your files. Emily Wilson from Terbium Labs with a look back at the effects of last year’s Alpha Bay takedown.  

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_09_04.html

ATM hacks on the rise. — Research Saturday

Sep 1, 2018 22:45

Description:

Threat researcher Marcelle Lee from LookingGlass Cyber Solutions joins us to share her research on the growing threat of ATM hacks in the U.S. 

The research can be found here:
https://www.lookingglasscyber.com/blog/atm-hacking-you-dont-have-to-pay-to-play/

 

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

Recruiting spies via LinkedIn. WindShift in the Gulf. GlobeImposter ransomware. Blocking Telegram is harder than it looks. Policy notes from the Five Eyes.

Aug 31, 2018 25:12

Description:

In today's podcast we hear that the US Intelligence Community says that China is actively trying to recruit spies over LinkedIn. Britain and Germany had earlier issued similar warnings. WindShift espionage group is active in the Gulf. GlobeImposter ransomware continues its evolution and spread. The Five Eyes issue some communiques about cooperation in cyberspace. Russia would like to block Telegram if it could do so without too much collateral traffic damage. Supply chain questions about Google's Titan. Johannes Ullrich from SANS and the ICS Stormcast podcast, with iPhone unlocking techniques. Guest is Andy Greenberg from WIRED discussing his recent article on NotPetya. 

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_31.html

Twitter bots in Swedish politics. A different approach to influence operations. Hotel guest PII for sale. Medical device vulnerabilities. Charges in the case of the Satori botnet.

Aug 30, 2018 17:45

Description:

In today's podcast, we hear that Twitter bots have shown up in Sweden's political discourse. Not so much Chinese hacking for influence: Beijing seems to prefer funding sympathetic cultural and research centers. 130 million hotel guests have their PII offered for sale on the dark web. Medical device vulnerabilities are disclosed, and hospitals are urged to patch. Nexus Zeta faces charges in a US Federal Court, apparently in connection with the Satori botnet. Mike Benjamin from CenturyLink with an update on the Necurs botnet. Guest is Gilad Peleg from SecBI on the challenges of secure BYOD policies. 

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_30.html

1

Unpatched Apache Struts installations being exploited in the wild. Windows local privilege escalation flaw. Similarities among spyware. Stalkerware hack. Criminal threats to the grid. Breaches.

Aug 29, 2018 20:00

Description:

In today's podcast we hear that the Apache Struts vulnerability, patched last week, is being actively exploited by cryptojackers. Microsoft works on a fix for local privilege escalation flaw in Windows. Trend Micro sees similarities among Urpage, Confucius, Patchwork, and Bahamut campaigns. Air Canada suffers a breach. Criminal threats to power grids. And searching for search engine optimization in all the wrong places. Jonathan Katz from UMD on flaws in Intel processors’ secure enclave. Guest is Fred Kneip from CyberGRX on third party risk. 

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_29.html

Social media struggle with their social role. Election hacking concerns remain high. Australia's new government shuffles cybersecurity responsibilities.

Aug 28, 2018 20:00

Description:

In today's podcast, we hear that Twitter has suspended more accounts for "divisive social commentary" and "coordinated manipulation." Facebook blocks accounts belonging to Myanmar leaders over Rohingya persecution. US Senators are unconvinced by claims that it's dangerous to research voting-machine vulnerabilities. The House takes a look at the CVE database. Australia's new government reorganizes its cybersecurity portfolio. Justin Harvey from Accenture with details from their mid-year cyber threatscape report. Guest is Sean Tierney from Infoblox with their shadow IoT report. 

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_28.html

Moscow HUMINT drought? Spying on the Patriarch. Ottoman hacktivism. Iranian information operations. ISIS in cyberspace. RtPOS malware discovered.

Aug 27, 2018 17:25

Description:

In today's podcast, we discuss reports that suggest US HUMINT collection in Russia has dried up. Russian intelligence services are showing an interest in disrupting a grant of autonomy to the Ukrainian Orthodox Church by the Ecumenical Patriarch. Turkish hacktivism shows up in the US, as journalists' social media accounts are hijacked. A look at Iranian information operations. ISIS limps back into cyberspace. A new point-of-sale malware family is discovered. David Dufour from Webroot on the role of engineers in securing an organization. 

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_27.html

Cyber espionage coming from Chinese University. — Research Saturday

Aug 25, 2018 26:02

Description:

Threat intelligence firm Recorded Future recently published research describing espionage activities originating from servers at a major Chinese university, coinciding with international economic development efforts.

Winnona DeSombre and Sanil Chohan are authors of the report, Chinese Cyberespionage Originating from Tsinghua University Infrastructure, along with their colleague Justin Grosfelt.

The research can be found here:
https://www.recordedfuture.com/chinese-cyberespionage-operations/

 

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

More action against Iranian influence operations. Tehran's cyberespionage against universities. Counter-value targeting in cyber deterrence. Sino-Australian trade war? Law and order.

Aug 24, 2018 24:44

Description:

In today's podcast, we hear that Google has put the cats out. Secureworks describes an Iranian cyberespionage campaign targeting universities. That DNC phishing campaign is confirmed to be a false alarm caused by a Michigan misstep, but almost fifteen million voter records appear to have been inadvertently exposed in Texas. The US tells Russia to knock off the influence operations, and some suggest a counter-value deterrent strategy to tame the Bears. China warns Australia its new government will face trade retaliation for banning ZTE and Huawei. Reality Winner gets five years, and two Minnesota lawyers go away, too. Ben Yelin From UMD CHHS on attempts by the State Department to establish international norms for behavior for cyber. Guest is Theresa Payton from Fortalice Solutions, addressing hype vs reality when it comes to blockchain, AI, and the IoT. 

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_24.html

If you're running a red team, let someone know it's a drill. Apache patches Struts. Another exposed AWS bucket. Remcos abused by hackers. DPRK goes after Macs. Dark Tequila runs in Mexico.

Aug 23, 2018 19:50

Description:

In today's podcast, we hear that a phishing attempt against the Democratic National Committee turned out to have been a poorly coordinated red-team exercise. Apache patches a remote code execution vulnerability in Struts. Another exposed AWS bucket. Remcos remote administration tool is being abused by black hats. Dark Tequila goes after customers of Mexican financial institutions. The Lazarus Group is back, and it's getting into Macs for the first time. Joe Carrigan from JHU ISI on Android vs. iOS data privacy. Guest is Oren Falkowitz from Area 1 Security on protection against phishing attempts. 

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_23.html

Facebook takes down "inauthentic" Russian and Iranian fronts. Twitter blocks Iranian false-flags, and FireEye explains why they think it's Tehran. Triout Android spyware described. Hacking back?

Aug 22, 2018 20:00

Description:

In today's podcast we hear that Facebook has taken down more inauthentic pages—some are Russian, but others are Iranian. Twitter blocks Iranian accounts for being bogus. Russia denies, again, any involvement in information operations against the US. US Army Cyber Command's boss wonders if his job isn't more "information ops" than "cyber." Bitdefender describes Triout, an Android spyware framework. And some in industry caution the Senate not to expect them to get frisky hacking back. Craig Williams from Cisco’s Talos team, discussing MDM (mobile device management) vulnerabilities. Guest is James Burns from CFC Underwriting on cyber security insurance. 

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_22.html

Fancy Bear bogus sites taken down. Some in the US Congress think they want hack-back laws. Cyber and sanctions. Operation Red Signature. Doxing Chinese Intelligence. Buggy medical devices.

Aug 21, 2018 19:56

Description:

In today's podcast, we hear that Microsoft has sprung its bear trap, again, and caught Fancy Bear. This time the targets are more to the right than the left. The US Senate holds hearings on cybersecurity—hacking back is expected to be on the table. The UK wants more sanctions on Russia. US Senators are looking into reducing sanctions' collateral economic damage. Operation Red Signature pokes at South Korean supply chains. Intrusion Truth doxes Chinese intelligence officers. Medical device bugs. Rick Howard from Palo Alto Networks with tips buying cybersecurity products. Guest is Travis Rosiek from BluVector on fileless attacks. 

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_21.html

Beers with Talos — Live from the RiRa at Black Hat

Aug 21, 2018 01:22:45

Description:

CyberWire host Dave Bittner joins the crew from Cisco's Talos team on a special live edition of their Beers with Talos podcast from Black Hat.

DarkHotel is back. So is Necurs, and it's distributing a modular malware dropper. Industrial espionage follows international trade. Election meddling. The use and abuse of data.

Aug 20, 2018 16:56

Description:

In today's podcast, we hear that an evolved DarkHotel campaign is under way. A new malware dropper is out and about thanks to the Necurs botnet. Researchers demonstrate proof-of-concept exploits. Cyber espionage follows trade. Notes on election meddling. Google and Facebook encounter some regulatory and legal headwinds over data collection. Connected cars know a lot about their drivers, and there's money in those data. Robert M. Lee from Dragos on the notion of cyber attacks as a distraction. 

For links to all today's stories, check out our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_20.html

Stealthy ad fraud campaign evades detection. — Research Saturday

Aug 18, 2018 19:21

Description:

Researchers at Bitdefender have been tracking a bit of complex rootkit malware called Zacinlo that they suspect has been operating virtually undetected for over six years. Bogdan Botezatu is a senior cyber security analyst with Bitdefender, and he describes what they've found.

Research link:
https://labs.bitdefender.com/2018/06/six-years-and-counting-inside-the-complex-zacinlo-ad-fraud-operation/

 

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

Election risks—hacking and influence. Chinese industrial espionage spike. Misconfigured project management. Necurs appears briefly. Bogus Fortnite downloads. What they heard in the banya.

Aug 17, 2018 24:42

Description:

In today's podcast we run through a brief guide to election risks, and the difference between hacking and influence operations. An Alaskan trade mission prompts a wave of Chinese industrial espionage. Misconfigured project management pages may have exposed Canadian and British Government information. Necurs flared up in a short-lived spam campaign against banks this week. Crooks use bogus Fortnite download pages. Final briefs are submitted in Kaspersky's court challenge to its US ban. Emily Wilson from Terbium Labs on her experience getting certified as a fraud examiner. Guest is Marco Rubin from the Center for Innovative Technology, on the security of UAVs and drones. 

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_17.html

Hacking Old Man River. Nation-state cyber conflict: objectives and norms of behavior. Australia's new cyber laws. ATM campaign. Lawsuits, and the Dread Pirate Robert asks for pardon.

Aug 16, 2018 19:55

Description:

In today's podcast we hear that cyber threats to river traffic have intermodal implications. Nation state hacking, Presidential Policy Directive 20, and international norms of cyber conflict. The tragic consequences of overconfidence concerning communications security. Australia's new cyber laws are more legal hammer than required backdoor. A campaign of ATM robbery nets millions worldwide. A cryptocurrency speculator sues the phone company, a spyware firm sues a former employee, and the Dread Pirate Roberts would like a pardon. Johannes Ullrich from SANS and the ICS Stormcast Podcast, on lingering legacy passwords in Office documents. Guest is Phil Neray from CyberX on the National Risk Management Center being spun up by DHS. 

For links to all today's stories, check out our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_16.html

Notes on patching. Foreshadow speculative execution vulnerability. Influence operations. The FBI's new cyber chief. Are stickers a temptation to thieves, hackers, and customs officers?

Aug 15, 2018 19:58

Description:

In today's podcast we hear some Patch Tuesday notes—both Microsoft and Adobe were busy yesterday. Foreshadow, a new speculative execution vulnerability, is reported. Malaysia gets attention from Chinese espionage services. Competition for jihadist mindshare. Influence operations as marketing. The US FBI gets a new cyber boss. The Kremlin thinks the BBC is biased in the crypto-wars. And laptop stickers: are they good, bad, or ugly? Zulfikar Ramzan from RSA on SOCs and IoT. Guest is Dimitris Maniatis from Upstream on Android ad fraud malware. 

For links to all of today's stories check out the CyberWire daily briefing:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_15.html

Cryptowars notes. DDoS in Finland. Bears aren't under the beds; they're in the routers. Smart city attack surfaces. Sanction notes. Training through puzzle-solving .

Aug 14, 2018 19:59

Description:

In today's podcast, we hear about the cryptowars down under. Major DDoS incident in Finland. Bears in the home routers, and concerns about IoT and power grid security prompt a US Senator to demand answers. Smart cities present big attack surfaces. Preliminary notes on patches. ZTE and Huawei devices formally disinvited from US Government networks. Cyber retaliation expected from Russia and Iran over sanctions. And locking people in a room to teach them good cyber hygiene. Justin Harvey from Accenture on threat hunting. Guest is Bob Stevens from Lookout discussing app-based malware on mobile devices. 

For links to all of today's stories check out our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_14.html

Spyware for states and spouses. Election hacking demos. New ransomware strains, and a clipper for Android. Airline Wi-Fi is not only irritating, but insecure as well.

Aug 13, 2018 16:30

Description:

In today's podcast, we hear about spyware in the guise of a missile attack warning app. New Dharma variant out. Android.Clipper redirects transactions to crooks' cryptowallets. DLink exploits rob Brazilian banking customers. Utilities prepare for grid hacks, but researchers say an appliance botnet could cycle demand enough to induce blackouts. Vulnerabilities in airline Wi-Fi and SATCOM connectivity. Election hacking demos may or may not be realistic. Family spy ware proves vulnerable to data exfiltration. Ben Yelin from UMD CHHS on police using facial recognition software to nab a suspect. 

Thrip espionage group lives off the land. — Research Saturday

Aug 11, 2018 25:46

Description:

Researchers at Symantec have been tracking a wide-ranging espionage operation that's targeting satellite, telecom and defense companies. 
Jon DiMaggio is a senior cyber intelligence analyst at Symantec, and he takes us through what they've discovered.

The research can be found here:
https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets

 

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

DPRK RAT in the wild. Vulnerable WPA2 4-way handshake implementations. Black Hat notes. Sanctions and retaliation. RoK to reorganize Cyber Command. PGA and ransomware.

Aug 10, 2018 22:05

Description:

In today's podcast we hear that US-CERT is warning of a North Korean RAT. Researchers find vulnerable WPA2 handshake implementations. A sales call results in inadvertent data exposure. Notes on Black Hat: circumspection, hype, barkers, and artificial intelligence. Russia braces for US sanctions and promises retaliation. South Korea will reorganize its Cyber Command. The PGA is hit with ransomware. Guests are Andrei Soldatov and Irina Borogan, authors of the book The Red Web. 

State-sponsored ransomware campaigns coming? DarkHydrus and Phishery. Hitting ATMs for alt-coin. US sanctions Russia. IBM looks at artificially intelligent malware. Black Hat notes.

Aug 9, 2018 19:05

Description:

In today's podcast we hear that Tehran seems ready to follow Pyongyang into state-sponsored theft to redress financial shortfalls: cryptocurrency ransomware looks like Iran's preferred approach. DarkHydrus uses commodity tool Phishery in Middle Eastern campaign. Jackpotting cryptocurrency ATMs. The US imposes sanctions on Russia. Reality Winner's sentencing date announced. IBM looks at artificially intelligent malware. The mob's role in the cyber black market. What's the bigger gaming threat, sideloading apps or the Fortnite dance? We're asking for a friend. Awais Rashid from Bristol University on issues with software warranties. Guest is Cheryl Biswas from the Diana Initiative, a conference in Las Vegas celebrating diversity, women in security, and how to pursue a career in information security and technology. 

Payment processors probed with BGP exploits for redirection attacks. WhatsApp vulnerable to manipulation? Deterrence and retaliation. Anonymous vs. QAnon. Notes from Black Hat.

Aug 8, 2018 17:03

Description:

In today's podcast we hare that Oracle has warned of BGP exploits against payment processors. Check Point says it's found vulnerabilities in WhatsApp that could enable chat sessions to be intercepted and manipulated. Germany, Ukraine, and the US independently mull responses to hacking and influence operations. Anonymous announces it wants to take its shots at QAnon. Notes from Black Hat, including observations on grid hacks, AI, and the gray hat phenomenon. David Dufour from Webroot with a look at the year in review. Guest is Travis Moore from TechCongress describing their fellowship programs. 

For links to all of today's stories check out our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_08.html

TSMC recovers from WannaCry infection. OpenEMR fixes 30 bugs. UK will ask Russia to extradite two GRU operators for Novichok attacks. Twitterbots flourish.

Aug 7, 2018 19:03

Description:

In today's podcast we hear that chipmaker TSMC says the virus that shut it down in Taiwan was WannaCry. It appears to have been an incidental infection enabled by inattentive installation of software. OpenEMR fixes bugs that could have exposed millions of patient records. British authorities are said to be readying an extradition request for GRU operators they hold responsible for the Novichok attack in Salisbury—the incident has prompted Russian hacking and disinformation. Mike Benjamin from CenturyLink on DDoS attack trends. Casey Ellis from Bugcrowd with an overview of bug bounty programs. 

More data exposures, from banks and a major CRM provider. Ransomware strikes back. The irresistibility of data. An unhackable wallet gets hacked…maybe. Spreading goodwill through Akido?

Aug 6, 2018 19:58

Description:

Leaky API may have exposed Salesforce customers' data, TSMC reports a virus in its semiconductor plants. TCM Bank discloses a paycard application leak. Ransomware in Hong Kong. The US Census Bureau prepares to secure its 2020 "fully digital" census. The unbearable, irresistible urge to monetize data. Notes on automotive cybersecurity. Depending on whom you ask, the Bitfi wallet was either hacked, or not. And a new goodwill ambassador seeks to repair US-Russian relations. Rick Howard from Palo Alto Networks exploring the notion of superforecasting. 

For links to all of today's stories check out our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_06.html

Cortana voice assistant lets you in. — Research Saturday

Aug 4, 2018 21:32

Description:

Researchers at McAfee recently discovered code execution vulnerabilities in the default settings of the Cortana voice-activated digital assistant in Windows 10 systems. 

Steve Povolny is head of advanced threat research at McAfee and he shares their findings.

The research can be found here:

https://securingtomorrow.mcafee.com/mcafee-labs/want-to-break-into-a-locked-windows-10-device-ask-cortana-cve-2018-8140

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

Russian threats and threats to Russia. Cryptojacking wave spreads out from Brazil. Recovering from malware in Alaska and Atlanta. Notes on automotive cybersecurity.

Aug 3, 2018 24:52

Description:

In today's podcast we hear that the US Intelligence Community warns of Russian threats, again. A criminal spearphishing campaign hits Russian industrial companies. A cryptojacking wave is installing CoinHive in MicroTik routers. Speakers at the Billington Automotive CyberSecuirty Summit stress collaboration, design for security, and the convergence of cyber and safety. Autonomy and connectivity make these imperative for the next generation of vehicles. Municipalities hit by malware feel the pain.  Ben Yelin from UMD CHHS on a NYT story on records being seized from a reporter. Guest is David Spark, cohost of the CISO Security Vendor Relationship podcast.  

For links to all of today's stories check out our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_03.html

 

RASPITE noses around the US power grid. Cisco will buy Duo Security. Sandworm afflicts lab investigating Novichok attack. Influence ops can be no-lose proposition.Crytpojacking and malspam.

Aug 2, 2018 18:06

Description:

In today's podcast, we hear that Cisco plans to buy Duo Security. Dragos warns of the RASPITE adversary actor. Russia's Sandworm group is phishing people connected with a Swiss chemical forensics lab. How influence operations can be a no-lose proposition. A cryptojacking campaign is discovered and stopped. Malspam is using gifs to carry a keylogger payload. And Facebook CSO Alex Stamos has fixed a date for his departure for Stanford. Robert M. Lee from Dragos with thoughts on categorizing threat actors. Guest is Wendi Whitmore from IBM with their 2018 Cost of a Data Breach study. 

For links to all of today's stories check out our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_02.html

Reddit Hacked. Ukrainians nabbed. Facebook boots "inauthentic" accounts for malign influence. Pegasus spyware found in Amnesty phone. Yale's old breach. Google and censorship.

Aug 1, 2018 19:49

Description:

In today's podcast we hear that a Swiss chemical agent forensic lab has seen Sandworm phishing attempts. Facebook kicks thirty-one "inauthentic" accounts from its platform: they seem to have been engaged in influence operations, possibly Russian. Attribution remains difficult. NSO Group's Pegasus spyware found in Amnesty International phone. SamSam ransomware exacts a high cost. Yale realizes it was breached about ten years ago. Google allegedly prepares a censor-engine for Chinese web searchers.  Craig Williams from Cisco’s Talos unit, describing his team and the work they do. Guest is Thomas Hofmann from Flashpoint on ransomware and online extortion. 

For links to all of today's stories check out out Cyberwire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_01.html

Data-centric security. — Special Edition

Aug 1, 2018 27:39

Description:

In this CyberWire special edition, we take a look at data-centric security, focusing on the security of the data itself, rather than the surrounding networks, application or servers. 

 
To help us on our journey of understanding we’ve lined up a number of industry experts. Ellison Anne Williams is CEO of Enveil, a company that’s developed cutting edge encryption techniques. Adam Nichols is principle of software security at Grimm, a cybersecurity engineering and consulting firm. Mark Forrest is CEO of Cryptshare, maker of secure electronic communication technologies for the exchange of business sensitive information. And John Prisco is CEO at QuantumXchange, a provider of what they claim is unbreakable quantum-safe encryption.

Thanks to our special edition sponsor Cylance.

Infrastructure security, especially power, finance, and elections. Preparation pays off. Proofpoint warns of new AZORult malware. Check Point tracks Master134 malvertising. Crime news.

Jul 31, 2018 19:22

Description:

In today's podcast we hear more warnings about Russian cyber operators in the North American power grid. The US Department of Homeland Security announces formation of a National Risk Management Center. Cosco's preparation may have rendered the shipper more resilient to the cyberattack it sustained. Congress worries over election hacking and deep fakes. Electronic warfare is back. An alt-coin platform is hacked, a carder goes to jail, an alleged sim-swapper is arrested, and coaches behave badly.  Johannes Ullrich from SANS and the ISC Stormcast podcast on TLS 1.3 implementation. Guest is Mark Orlando from Raytheon on critical infrastructure security. 

For links to all of today's stories check out our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2018/July/CyberWire_2018_07_31.html

NetSpectre proof-of-concept. Election hacking, in the US and Australia. Cyber industrial espionage. Cyber threats to power grids. Hacking JPay.

Jul 30, 2018 16:25

Description:

In today's podcast, we hear about NetSpectre, a new speculative execution proof-of-concept. Australia's Electoral Commission says there were no signs of hacking recent by-elections. US states remain concerned about election hacking. Missouri Senator McCaskill confirms that Fancy Bear made an unsuccessful attempt to access her staff's network. Russian threats to power grids. Industrial espionage continues to go after corporate IP. And news you can use about JPay (we know: you're asking for a friend). Jonathan Katz from UMD on the timeline for practical quantum computers. 

For links to all of these stories check out our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/July/CyberWire_2018_07_30.html

BabaYaga strangely symbiotic Wordpress malware — Research Saturday

Jul 28, 2018 20:30

Description:

Researchers at Defiant recently analyzed a malware family they named "BabaYaga," which has the curious behavior of clearing out other malware and keeping infected sites up to date.

Brad Hass is a senior security analyst at Defiant, and he guides us through their findings.

The research can be found here:

https://www.wordfence.com/blog/2018/06/babayaga-wordpress-malware/

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

Fancy Bear sniffs around Senatorial staffs. US NSC considers Russian election interference. Chinese and Iranian cyberespionage. Malware loaders. Smart home bugs. Stealing WiFi.

Jul 27, 2018 21:21

Description:

In today's podcast we learn that Fancy Bear is said to be snuffling around at least one US Senatorial office. The US National Security Council meets to consider Russian election interference. Notes on Chinese and Iranian cyberespionage. New malware loaders are offered on the black market. Smart home hubs are shown to be hackable. Tenable enjoys a good IPO. A burglar in Silicon Valley didn't say, your money or your life, but rather, dude I'm outta data—can I have your WiFi password? Dr. Charles Clancy from VA Tech on the security aspects of digital vs analog RF spectrum. Guest is Lisa Beegle from Akamai with info from their State of Internet Security report. 

For link to all of today's stories check out the CyberWire daily news brief:

https://thecyberwire.com/issues/issues2018/July/CyberWire_2018_07_27.html

LifeLock closes proof-of-concept hole. US-CERT warns of active campaigns against ERP applications. Ad blockers may function as spyware. Parasite HTTP RAT. Underminer EK. NSA's IG scowls.

Jul 26, 2018 19:25

Description:

In today's podcast we hear that LifeLock gets locked down—probably no harm done, maybe. US-CERT warns of active campaigns against ERP applications. Ad blockers may be doubling as spyware. A new RAT gnaws away at corporate HR departments. Underminer shows that exploit kits aren't obsolete after all. NSA gets a bad report from its IG. Congress worries over Russian infrastructure reconnaissance and influence operations. Iran's OilRig and Leafminer remain active regional threats. Joe Carrigan from JHU ISI on infosec pros reusing passwords. Guest is Jessica Ortega from SiteLock, discussing how having social media icons on your website increases the odds of falling victim to attacks.  

For links to stories in today's podcast check out our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2018/July/CyberWire_2018_07_26.html

Leafminer wants to learn from the best, and that's not good. Shipper hacked. Old malware resurfaces in improved form. Russian grid and election threats. What insurance covers.

Jul 25, 2018 20:00

Description:

In today's podcast, we hear that Leafminer is infesting networks in the Middle East. Red Alert, Kronos, Mirai, and Gafgyt make their reappearance in new forms. Shipping firm Cosco is dealing with a cyberattack. US officials raise warnings about Russian threats to the power grid and elections. Congress considers cyber retaliation. A dispute over cyber insurance coverage lands the insured and the insurer in court. Awais Rashid from Bristol University on IoT and OT convergence. Guest is Jason Morgan from Wiretap on their Human Behavior Risk Analysis Report. 

For links to all of today's stories check out our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2018/July/CyberWire_2018_07_25.html

Warnings of Russian cyber threat to power grids. Phishing rises. Patch gets patched. SingHealth breach. Satori botnet. Bluetooth MitM. Evil maids?

Jul 24, 2018 19:54

Description:

In today's podcast, we hear that warnings of Russian prep for an attack on power grids become more pointed. Phishing and impersonation attacks continue to rise. Microsoft patches a patch. The SingHealth breach remains under investigation. The Satori botnet may be taking another run at Android devices. Bluetooth vulnerabilities render paired devices susceptible to man-in-the-middle attacks. And evil maid attacks may be less difficult than you thought. Emily Wilson from Terbium Labs, sharing her experience attending a conference for professionals working to fight fraud. Guest is Brian Martin from Risk Based Security with their research on vulnerabilities they discovered with the Click2Gov service.  

For links to all of today's stories check out our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2018/July/CyberWire_2018_07_24.html

SingHealth breach hits Singapore. Manufacturers afflicted with third-party data exposure. Aspen Security Forum takes cyber threats seriously. Ecuador may withdraw asylum from Assange.

Jul 23, 2018 14:30

Description:

In today's podcast we hear that Singapore's SingHealth has sustained a major data breach: authorities speculate it may have been the work of a nation-state yet to be determined (or at least named). A third-party data exposure affects major manufacturers, including car makers. The Aspen Security Forum concludes with sobering warnings from senior US Government officials and the private sector of election interference and the prospects of a "cyber 9/11." Ecuador may be tiring of Mr. Assange. Rick Howard from Palo Alto Networks revisiting the notion of a metaphorical cyber moon-shot. 

For links to all of today's stories check out our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/July/CyberWire_2018_07_23.html

Measuring the spearphishing threat — Research Saturday

Jul 21, 2018 23:41

Description:

Researchers Gang Wang and Hang Hu from Virginia Tech recently conducted an end-to-end measurement on 35 popular email providers and examining user reactions to spoofing through a real-world spoofing/phishing test. Gang Wang joins us to share the sobering results.

End-to-End Measurements of Email Spoofing Attacks

https://people.cs.vt.edu/gangwang/usenix-draft.pdf

 

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

Cyberespionage and influence operations. Big botnet assembled in less than a day. Monetizing stolen paycards through online games. Amazon nudges developers. Report on Huawei. Phishing notes.

Jul 20, 2018 21:59

Description:

In today's podcast we hear that the US Intelligence Community remains convinced the Bears are up to no good. Finland experienced elevated rates of cyberattack during the Helsinki summit, mostly Chinese espionage. The hacker "Anarchy" assembled an 18,000-member botnet in less than a day, using known vulnerabilities. Crooks monetize stolen credit cards through online games. Amazon works to induce better AWS configurations. Annual UK report on Huawei is out. Phishing campaign notes. Zulfikar Ranzan from RSA on cyber risk quantification. Guest is Mark Peters II, author of the book Cashing in on Cyber Power. 

For links to all of today's stories, check out our CyberWire daily news brief.
https://thecyberwire.com/issues/issues2018/July/CyberWire_2018_07_20.html

Fancy Bear's Roman Holiday. RAT phishing in Ukraine. AWS S3 bucket leaks robocaller data. Bug or abuse? NIST to withdraw outdated cybersecurity publications. Content moderation.

Jul 19, 2018 19:52

Description:

In today's podcast, we hear that Fancy Bear has taken a Roman Holiday, and the Italian Navy may be taking note. A criminal espionage campaign is underway, with Ukraine's government as its target. An exposed AWS S3 bucket leaks voter information. A security firm and a vendor dispute whether an issue is a vulnerability or a case of user abuse. NIST announces its intention of withdrawing some obsolete cybersecurity publications. Congress presses tech companies about content moderation. Daniel Prince from Lancaster University on rewriting digital histories. Guest is Matt Cauthorn from ExtraHop on a new worm spreading through Android devices.  

For links to all of today's stories, check out the CyberWire daily news brief - 

https://thecyberwire.com/issues/issues2018/July/CyberWire_2018_07_19.html

Magnibur ransomware spreads. LabCorp discloses suspicious incident on its networks. Spectre, Meltdown notes. Oracle patches. Helsinki summit backing and filling and backing.

Jul 18, 2018 20:13

Description:

In today's podcast, we hear about the spread of Magnibur ransomware. LabCorp discloses "suspicious activity" on its networks. The Pentagon will add cybersecurity checks to its test and evaluation process. Siemens updates customers on Spectre and Meltdown. Oracle's quarterly patch bulletin is out. Fallout, clarifications, and more fallout from the Helsinki summit. US agencies continue preparations to secure elections and infrastructure. Robert M. Lee from Dragos on the Electrum threat group. Guest is Jonathan Couch from Threat Quotient on Dark Web markets.  

For links to stories in today's CyberWire podcast, check out our daily news brief.

https://thecyberwire.com/issues/issues2018/July/CyberWire_2018_07_18.html

Trump-Putin summit. East Asian cyberespionage campaigns. Vulnerable DVRs. Concern about census security.

Jul 17, 2018 19:59

Description:

In today's podcast we review fallout from the Trump-Putin summit. Cyberespionage campaigns resurface in East Asia—at least one of them originates in North Korea. Telefonica sustains a major data breach of Spanish customers' details. Passwords to DVRs are found cached in an IoT search engine. Those DVRs' firmware is also vulnerable to exploitation. The US Census Bureau is asked to provide an overview of measures being taken to secure the 2020 census. David Dufour from Webroot on ransomware in the UK. Guest is James Tabor from MEDIA Protocol on using blockchain technology with online advertising.  

For links to all of the stories mentioned in today's podcast, check out our CyberWire daily news brief - 
https://thecyberwire.com/issues/issues2018/July/CyberWire_2018_07_17.html

DNI warns of cyber threats. Russo-US summit. Mueller investigation and indictments. Huawei agonists. Congress reconsiders ZTE reinstatement. Kaspersky receives no emergency ban relief.

Jul 16, 2018 19:31

Description:

DNI says "warning lights are blinking red" over cyber threats. Election interference remains a risk despite lower than expected levels of threat activity. Presidents Trump and Putin meet in Helsinki. Notes on the Mueller investigation and the GRU indictments. Huawei, under suspicion over African cyberespionage, is said to be excluded from participation in Australian 5G buildout. Congress may reimpose ban on ZTE. Kaspersky fails to win emergency injunction against US sanctions. Ben Yelin from UMD CHHS, weighing in on the indictments of the Russians. 

For links to all of the stories mentioned in this podcast, visit our daily news brief on our web page.

https://thecyberwire.com/issues/issues2018/July/CyberWire_2018_07_16.html

A new approach to mission critical systems — Research Saturday

Jul 14, 2018 21:16

Description:

Andy Bochman is senior grid strategist for Idaho National Lab’s National and Homeland Security directorate. Today we’re discussing the research the INL has been doing, developing new approaches to protecting mission critical systems.

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

Fancy Bear indictments. VPNFilter found in Ukrainian water-treatment chlorine plant. Comment spam. Speculative execution side-channel attacks. MDM exploits in India.

Jul 13, 2018 25:07

Description:

In today's podcast, we hear that Special Counsel Mueller has secured an indictment of twelve Russian intelligence officers for hacking during the 2016 US presidential elections. Ukraine finds VPNFilter in a water treatment facility. Comment spam returns. Speculative execution issues. Mobile-device-management tool used against smartphone users in India. The US Army directly commissions two cyber operators—congratulations, First Lieutenants. Ben Yelin from UMD CHHS on California’s consumer privacy ballot measure. Guest is Martin Hellman, professor emeritus at Stanford University and known for his work on Diffie–Hellman key exchange. His new book is A New Map for Relationships: Creating True Love at Home and Peace on the Planet. 

Timehop refines its breach disclosure. Speculative execution side-channel attacks described. Tech manuals offered for sale on the dark web. Twitter versus bots.

Jul 12, 2018 20:00

Description:

In today's podcast, we hear that Timehop has released more information as its breach investigation proceeds. The case will be interesting as an indicator of what GDPR enforcement will look like. Two speculative execution side-channel attacks are described (in the lab, but not yet, it's believed, in the wild). The US Senate's flesh creeps over bug disclosure practices. Someone uses a Netgear exploit to get some US technical manuals. Twitter goes to work against bogus accounts. Mike Benjamin from CenturyLink on cryptojacking. Guest is Yaniv Avidan from MinerEye on cloud GDPR compliance.  

Ticketmaster paycard breach is part of a very large skimmer campaign. Chinese cyberespionage and censorship. Smartphone privacy issues. Data misuse litigation. Affirming the consequent.

Jul 11, 2018 19:37

Description:

In today's podcast we hear reports that the Ticketmaster breach is the tip of a big software supply chain iceberg. Chinese intelligence services closely interested in Cambodia's elections. iOS crashes appear related to code designed to block displays of Taiwan's flag to users in China. Congress wants some answers on smartphone privacy from both Apple and Alphabet. Facebook's wrist is slapped in the UK. Langley Credit Union identity theft case proves not necessarily related to the OPM breach. Johannes Ullrich from SANS and the ISC Podcast on securing DNS. Guest is Ken Spinner from Varonis, cautioning that we not allow the high-profile insider threat cases distract us. 

More Elon Musk impersonators in social media. Cryptocurrency raided. Spearphishing in Palestine. BlackTech espionage group. Apple upgrades. Polar Flow fitness app and oversharing.

Jul 10, 2018 20:00

Description:

In today's podcast, we hear that advance fee scams run by Elon Musk impersonators are using the recently rescued boys' soccer team as phishbait. Bancor wallet robbed of crytpocurrencies. Palestinian police spearphished. BlackTech espionage group using stolen certificates to sign malware. Apple's upgrades are out—one privacy enhancement has a workaround. Microsoft is in the process of patching. And another fitness app, Polar Flow, overshares.  Jonathan Katz from UMD on homomorphic encryption standards. Guests are Julie Bernard from Deloitte and John Carlson from the FS-ISAC with results from a recent FS-ISAC survey. 

Malware infections down during World Cup matches. UK-Russia tensions. Australian National University hacked. Data breach notes. Calls for cooperation. Tell it to the Marines.

Jul 9, 2018 15:39

Description:

In today's podcast, we hear that if your nation's team was playing a World Cup match, you probably weren't visiting dodgy websites. Concerns mount in the UK that Russia may be readying a long-expected attack on British infrastructure and holding it until the Cup is decided. The Australian National University is hacked in an apparent espionage attempt. Data breaches at Timehop, DomainFactory, and Macy's. Russia calls for international cooperation. The Marines say it wasn't them on that dating app. Malek Ben Salem from Accenture Labs with tips on GDPR compliance. 

No Distribute Scanners help sell malware

Jul 7, 2018 14:30

Description:

Sellers of malware on Dark Web forums often use No Distribute malware scanning tools to help verify the effectiveness of their wares, while preventing legitimate virus scanning tools from adding the malware to their database.

Daniel Hatheway is a Senior Security Analyst at Recorded Future, and he takes us through their recently published research, Uncover Unseen Malware Samples with No Distribute Scanners. 

 

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

When catphishing, it pays to know what bait they'll take. Permission hogs are often misers. Cyber comes to the NTC. Natural intelligence screening for artificial intelligence. The Thermanator.

Jul 6, 2018 22:47

Description:

In today's podcast we hear about catphishing in Berlin and Tel Aviv: whether you're offering payment for a white paper or up-to-date futbol scores, it pays to know the right bait. Android apps may be permission hogs, but it's surprising how often the hogs hoard like misers, never really using them. The US Army pushes cyber into the brigades. How Facebook checks facts. The Thermanator knows which keys you've typed from the heat your hot hand leaves behind. Emily Wilson from Terbium Labs on their recently released white paper on fraud as a supply chain. Guest is Brian Wells from Merlin International discussing how high-performing health care organizations are addressing cyber threats.  

Catphish and Charming Kittens. Data-sharing receives more scrutiny. European copyright law won't be fast-tracked. ZTE gets some relief. Juggalos and Juggalettes defeat facial recognition tools.

Jul 5, 2018 19:52

Description:

In today's podcast we hear about some catphishing in the IDF's pond. Charming Kitten uses itself as bait. Facebook and Google face scrutiny over sharing users' information with third-parties. The Pirate Bay is back after its hiatus, and it's back to cryptojacking. The European Parliament voted today to reopen debate on its controversial copyright legislation. ZTE receives some perhaps temporary, perhaps more enduring, relief from US sanctions.  And confusion to the Muggalos' facial recognition software. Justin Harvey from Accenture with thoughts on quantum computing. Guest is Gadi Naveh from Check Point Software with a look at open source security tools. 

Hybrid warfare. Inveterate DDoS against ProtonMail. Security concerns about Chinese companies. Retail breaches. Agencies scrutinize Facebook data abuse. Infrasound weapons?

Jul 3, 2018 19:20

Description:

In today's podcast we hear that Ukraine has warned of hybrid warfare during UN counter-terrorism meetings. ProtonMail DDoS continues. Security concerns surrounding ZTE, Huawei, and China Mobile. Retail data breaches. A quiz app's backup data are accessed by unauthorized parties. FBI, FTC, and SEC sift through Facebook's answers to questions for the record. A strange set of symptoms among diplomats in China arouses suspicion of infrasound weapons. Rick Howard from Palo Alto Networks on the Cyber Threat Alliance. Guest is Vince Arneja from 5nine on secure cloud implementations.  

Adidas data breach. Facebook on data abuse. Investigation of Exactis data exposure continues. Algonquin College hacked. Tenable's IPO. US-Russia summit will talk election influence ops.

Jul 2, 2018 15:52

Description:

In today's podcast we hear a bit about the data breach Adidas disclosed late last week. Facebook answers Congressional questions for the record and adopts a data abuse bounty program. Investigation of the Exactis data exposure incident continues, but the class action lawsuits have already begun. Algonquin College discloses a hacking incident. Tenable with hold an IPO. US-Russian summit will take up election influence ops. FireEye says North Korea is hacking Latin American banks. Joe Carrigan from JHU ISI reviewing a recent Black Hat survey of cyber security industry professionals. 

VPNFilter malware could brick devices worldwide — Research Saturday

Jun 30, 2018 28:43

Description:

Researchers from Cisco Talos continue to track malware they've named VPNFilter, a multi-stage infection with multiple capabilities, targeting consumer-grade routers. Craig Williams is head of Cisco Talos Outreach, and he joins us with the details. 

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

Data breaches and data exposure. Privacy legislation. Improperly collected phone call records destroyed.

Jun 29, 2018 24:55

Description:

In today's podcast we hear that Ticketmaster UK's hacking incident will provide an interesting GDPR test case. Data aggregator Exactis left nearly two terabytes of personal and business information exposed on the publicly accessible Internet. NSA destroys telephone call data collected in ways it can't square with applicable law. California hastily passes a data protection law. Ave atque vale Harlon Ellison. And our condolences to the victims of the shooting at the Capital Gazette in Annapolis. Dr. Charles Clancy from VA Tech’s Hume Center, discussing his recent congressional testimony concerning supply chain security. Guest is Dr. Mansur Hasib, discussing his book Cybersecurity Leadership. 

Ukraine accuses Russia of preparing a cyber campaign. China eyes Tibetan diaspora. A decryptor for Thanatos ransomware. Nudging away from privacy. Dark web undercover.

Jun 28, 2018 19:58

Description:

In today's podcast we hear that Ukraine has warned that Russia is preparing a coordinated attack against Ukrainian financial and energy infrastructure. China appears to be stepping up surveillance of the Tibetan diaspora. Cisco's Talos unit has a free decryptor for Thanatos ransomware. Facebook's self-audit of data usage proves both more difficult and more skeleton-rattling than hoped. Norwegian consumer watchdogs find that Facebook and Google nudge users away from privacy. An alt-coin sting against drug dealers. Mike Benjamin from CenturyLink on Malspam, and how it differs from run of the mill spam. Guest is Jaime Blasco from AlienVault on the security implications of using open source tools.  

Separating fools from money. — Hacking Humans

Jun 28, 2018 29:47

Description:

Dave shares a story of airport penetration testing with high degree of yuck-factor. Joe explores research on protecting passwords from social engineering. The catch-of-the-day comes courtesy of Graham Cluley's email spam box. Dave interviews Wired's Security Staff Writer Lily Hay Newman on her article tracking Nigerian email scammers. 

 

Thanks to our show sponsor KnowBe4.

DDoS attack on ProtonMail. Rancor cyberespionage campaign. PythonBot serves ads and a cryptominer. EU joint cyber response unit forming. Arrests in BEC campaign. Reality Winner's plea.

Jun 27, 2018 19:54

Description:

In today's podcast, we hear that ProtonMail was hit this morning by an Apophis Squad DDoS attack. Rancor cyberespionage campaign observed in Southeast Asia. PythonBot serves up adware and cryptojacking. WannaCry-themed protection racket is all bark and no bite. EU organizing a joint cyber incident response force. FBI and international partners make arrests in an Africa-based business email compromise racket. Reality Winner's guilty plea. Emily Wilson from Terbium labs with a story of a six-year-old dealing with identity theft. Guest is Paul Aubin from Varonis on the protection of federal systems. 

Romania, UK, warn of Russian cyber ops. International norms of cyber conflict. Bronze Butler's USB drives. Too-smart batteries not smart enough. Industry notes. Game cheater gets jail time.

Jun 26, 2018 19:59

Description:

In today's podcast, we hear warnings of Russian cyber operations from Romania and the UK. Recent attempts at developing international rules of conduct (and conflict) in cyberspace. Bronze Butler's naughty USB drives—not as scary as they sound, but a useful reminder of some sound precautions. FireEye says it never hacked back. Smart batteries may be too smart for their users' good. A new venture fund lends credibility to cryptocurrency and blockchain startups. Overwatch hacker gets jail time in Inchon. Daniel Prince from Lancaster University on cascading failures in complex systems. Guest is Vikram Thakur from Symantec on the VPNfilter router infestation. 

Nation-state cyberespionage and cybercrime. Cryptocurrency fraud and theft give alt-coins a rocky ride. Sino-US trade conflict update. GDPR data extortion. Spammy protection racket.

Jun 26, 2018 14:27

Description:

In today's podcast, we hear that Taiwan continues to receive the PLA's cyber attentions. A look at what the Lazarus Group is up to. Cryptocurrency fraudsters arrested as alt-coin values have a rocky ride. Continuing US hot water for ZTE and Huawei. GDPR-themed data extortion. Business email compromise is up. So are ransomware attacks against US city governments. And when is a ransomware attack not a ransomware attack? When it's just a protection racket. Johannes Ullrich from SANS and the ISC Internet Storm Center podcast on evasive cryptocoin miners. 

LG smartphone keyboard vulnerabilities — Research Saturday

Jun 23, 2018 16:22

Description:

Researchers at Check Point Research recently discovered vulnerabilities in some LG smartphone keyboards, vulnerabilities that could have been used to remotely execute code with elevated privileges, act as a keylogger and thereby compromise the users’ privacy and authentication details.

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

Phishing plays small ball with depressing success. Chinese cyberespionage up. US IC, JCS, worries about innovation. Guilty plea in US espionage case. Ex-Knesset member suspected of spying. Supreme Court decides location privacy case.

Jun 23, 2018 24:06

Description:

In today's podcast, we hear that phishing scams continue to nibble away at bank accounts and reputations: the State of Oregon is among those suffering. Avoid emails promising you leaked pictures of YouTube stars. Chinese espionage against US targets rises. US Intelligence officials worry that failure to play a long game puts the country at a disadvantage with respect to innovation. The Joint Chiefs mull electronic warfare issues. Reality Winner makes a plea agreement in her espionage case. And from ecstasy tablets to Iranian spying is a short sad road. Ben Yelin from UMD CHHS weighs in on the US Supreme Court decision on location data privacy. Guest is Taavi Kotka, former CIO of the Estonian government, discussing that nation’s innovative digital identity system. 

Malicious apps, a clever botnet, and cryptojacking. Patch notes. EU copyright regulations. Congress still doesn't like the cut of ZTE's or Huawei's jib. Tesla sues a former employee.

Jun 22, 2018 19:52

Description:

In today's podcast we hear about a malicious app that will save your battery, but it will also install a backdoor, steal information, and click on a bunch of ads. A sophisticated and patient botnet, Mylobot, is observed in the wild, but it's not yet clear what it's up to. Cryptojackers exploit a known (and patched) Drupal vulnerability. Vectra finds tunnels. Google adds security metadata to Android apps. Cisco patches. The EU's proposed copyright regulations attract little love. Congress pursues ZTE and Huawei. And Tesla sues a former employee. Ryan LaSalle from Accenture, on the opening of their new Cyber Fusion Center. Guest is Ned Miller from McAfee on their “Winning the Game” report on the gamification of security training. 

Playing on Kindness — Hacking Humans

Jun 21, 2018 22:17

Description:

Joe explains the Ben Franklin effect. Dave describes job applicants tricked unto money laundering. A listener tells a tale of being fooled by an appeal to greed. Joe interviews Stacey Cameron from DirectDefense about her physical penetration testing work.

 

Thanks to our show sponsor KnowBe4.

Satellite communications suffer from Thrip(s). Zacinlo rootkit poses as a VPN. Insecure Firebase apps. EU copyright legislation. Kardon Loader. Bithumb robbed. #Opicarus2018. Bitcoin Baron jailed.

Jun 21, 2018 19:57

Description:

In today's podcast, we hear that the Chinese espionage group Thrip is targeting satellite communications operators and others in the US and Southeast Asia. Zacinlo rootkit hides inside a bogus VPN. Developers are leaving Firebase apps insecure. The EU's controversial copyright regulation advances from committee. Kardon Loader malware is in beta. South Korean cryptocurrency exchange Bithumb is looted of more than $30 million. Anonymous is back with Opicarus2018. And the Bitcoin Baron goes to jail. Awais Rashid from Bristol University on why real-world experimentation is vital to cyber security. Guest is Dr. Chris Pierson from Binary Sun Cyber Risk Advisors, weighing in on the claims of sabotage at Tesla.  

Charges in Vault 7 case. Olympic Destroyer appears to be back. Liberty Life hack. Does Tesla have a rogue insider? US Senate hits at ZTE. Guilty plea in OPM hack-related fraud. Motive: blackmail.

Jun 20, 2018 19:57

Description:

In today's podcast we hear that the US has charged a former CIA engineer in the WikiLeaks Vault 7 case. Olympic Destroyer may be back, and preparing to hit chemical weapons investigators and arms control specialists. Updates on the Liberty Life data extortion investigation. Elon Musk says Tesla Motors has an internal saboteur. The US Senate snatches the lifeline out of ZTE's hands. A guilty plea in OPM-breach-related fraud. A possible motive in the Jeopardy champ's email hacking. David Dufour from Webroot with insights on the impact they’re seeing from GDPR. Guest is Lenny Zeltser from Minerva Labs discussing his IT and security “cheat sheets.” 

Date extortion attempt against Liberty Life. Rex Mundi, Black Hand arrests. Hidden Cobra's back. Clipboard hijacking hits cryptocurrency wallets. ZTE, Huawei security fears. Pulp fiction.

Jun 19, 2018 18:46

Description:

In today's podcast we hear that Liberty Life has sustained an attempt at data extortion. In separate operations, international police agencies cooperate against Rex Mundi, Black Hand, and the remnants of Silk Road. Cyber espionage notes. North Korean hacking resumes. More clipboard hijacking afflicts cryptocurrency wallets. Security concerns tighten around ZTE and Huawei. And pulp fiction: from Russia with love, and from the Clinton Library. Malek Ben Salem from Accenture Labs on concerns over emerging technology capable of voice impersonation.  

Cyber bank heists — Research Saturday

Jun 16, 2018 15:57

Description:

Carbon Black's Chief Cybersecurity Officer Tom Kellerman shares the results of their recent report, Modern Bank Heists: Cyberattacks & Lateral Movement in the Financial Sector.

For the report, they interviewed CISOs at 40 major financial institutions, revealing attack and mitigation trends.

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

MysteryBot developed from LokiBot. Satan rebranded as DBGer. Snooping on iOS got harder, but maybe not impossible. IG report on the FBI is out, not damning but not good, either.

Jun 16, 2018 22:40

Description:

In today's podcast we hear that MysteryBot is under development and presumably being prepared for sale on the black market. Satan ransomware gets a makeover and a new name. Apple has taken measures to make iOS traffic less accessible to snooping, but lawful snoops may already have a way around that security. Kasperky will no longer work with Europol. The US Justice Department IG reports on the FBI. And a former Jeopardy champion cops a hacking plea. Robert M. Lee from Dragos, on his efforts to educate through the use of comic strips. Guest is Scott Petry from Authentic8 discussing their FAKE booth at the RSA conference.  

Chinese espionage in Central Asia. Dixons Carphone data exposure. Lazy State speculative execution bug. Pyongyang is expected to come roaring back into cyberspace. Unlucky 13. Chinese espionage in Central Asia. Dixons Carphone data exposure. Lazy State sp

Jun 14, 2018 18:44

Description:

In today's podcast, we hear that LuckyMouse has crept into an unnamed Central Asian house. Dixons Carphone data exposure presents complex legal and regulatory issues—it's the first big incident since GDPR came into effect. "Lazy State" is another CPU speculative execution bug. The US Congress doesn't care for ZTE, Australia's government is wary of Huawei, and the EU doesn't like Kaspersky at all. If you didn't like the end of net neutrality, wait until you get a load of the proposed EU Copyright Regulation's Article 13. More hacking expected from Pyongyang. Dr. Charles Clancy from VA Tech, discussing research on antifragile communications. Guest is Stacey Smith from CAMI on MD's legislation supporting cyber security businesses. 

Hacking Humans — Gaming pro athletes online.

Jun 14, 2018 30:00

Description:

Joe warns of scammers taking advantage of natural disasters, Dave explores romance scams, and gets a strange voice mail. 
Stephen Frank from the National Hockey League Players Association joins us to share how professional athletes protect themselves from online scams. 

Thanks to our show sponsor KnowBe4.

Cable-tapping for a new century. Lazarus Group update. BabaYaga's cannibalistic malware. Patch Tuesday notes. Cryptojacking. World Cup surveillance. Beware of strangers bearing gifts with USB connections.

Jun 13, 2018 16:40

Description:

In today's podcast we hear that old news is new news when it comes to undersea cables. The Lazarus Group is still at it, against South Korean targets. BabaYaga eats other malware so it can stage WordPress spam. Patch Tuesday notes, including some products that Redmond will no longer support. Crytpojackers are still busy. One new strain of coin-mining malware uses the Eternal Romance exploit to spread. World Cup surveillance threatens visiting fans. And don't plug gifts from strangers into your USB port.  Justin Harvey from Accenture with thoughts on supply chain security. Guests are Saher Naumaan and Kirsten Ward promoting RESET, BAE Systems’ Women in cyber event. 

Don't get cozy with Cozy Bear. Code-signing issues stem from muddled documentation. Devices ship with inadvertent backdoor. Matryosha attack. Operation WireWire versus BEC scammers.

Jun 12, 2018 19:46

Description:

In today's podcast we hear that the US Treasury Department has announced sanctions against Russian entities it says were too cyber-cozy with the FSB. Code-signing issue looks like what we have here is a failure to communicate. Android devices are being shipped with ADB enabled, and cryptojackers enter by the backdoor. A layered criminal attack posing as emails from Samsung spearphishes Russian victims. Operation WireWire reels in seventy-four business email compromise suspects. Ben Yelin from UMD CHHS on the framing of the encryption debate.  Guest is Steve Schult from LogMeIn and LastPass on best practices password security. 

SWIFT fraud (behind a wiper). Coinrail ICO robbery. Chinese espionage. G7 agrees to a coordinated response to hostile cyber operations. Malwaretech faces new charges.

Jun 11, 2018 17:33

Description:

In today's podcast, we hear about more SWIFT fraud, with a wiper attack as misdirection. Cryptocurrency exchange looted of ICO tokens. Chinese espionage in Rhode Island, and a conviction in Virginia. Dropping Elephant spearphishes in think tanks. G7 agreement suggests a coordinated response to hostile cyber operations. Net neutrality expired this morning in the US. And Marcus Hutchins faces additional charges. Jonathan Katz from UMD discussing hashing. 

Winnti Umbrella Chinese threat group — Research Saturday

Jun 9, 2018 20:59

Description:

Researchers from ProtectWise's 401TRG team recently published research linking a variety of new and previously reported Chinese cyber threat groups.

Tom Hegel is a Senior Threat Researcher with the 401TRG, and he joins us to share their findings. 

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

Adobe patches a zero-day being exploited in the wild. Chinese cyber espionage, and the risks of data-sharing. Facebook default settings glitch. Industry notes.

Jun 8, 2018 24:50

Description:

In today's podcast, we hear that Adobe has patched a Flash vulnerability. InvisiMole is a discrete, selective cyber espionage tool. A Facebook glitch inadvertently changed users' default privacy settings. Leidos exits the commercial cyber market. China is back at IP theft, and some conventional cyber espionage, too. Congress wants explanations of data-sharing with Huawei and ZTE, and it wants those companies investigated as security risks. Feds Facebook friend felons. Rick Howard from Palo Alto Networks with the winners from this year’s Cyber Security Canon gala. Guest is Cory Petty from BAH, host of the BitCoin podcast, discussing blockchain.  

New criminal campaigns out and about. Fancy Bear changes style, but not management. VPNFilter hits more devices. CloudPets overshare, but maybe more benignly than Google and Facebook.

Jun 7, 2018 19:18

Description:

Iron Group said to use Hacking Team source code to build a backdoor. Operation Prowli both cryptojacks and sells traffic. Fancy Bear may be getting noisier. VPNFilter has a more extensive set of victim devices than previously believed. ZTE pays a billion dollar fine. CloudPets are oversharing via an unsecured server. The US Senate wants answers from both Facebook and Google about their user data sharing with Chinese companies. Daniel Prince from Lancaster University on the security of Industrial Control Systems. Guests are Kyle Lady and Olabode Anise from Duo Security covering their annual report on authentication. 

Hacking Humans — A flood of misinformation and fake news

Jun 7, 2018 30:07

Description:

In this episode, Joe examines the anatomy of a phishing attack, Dave explores pretexting, and a scammer targets real estate agents. 
Professor Stephen Lewandowsky from the University of Bristol joins us to share his research on misinformation, fake news, and inoculating people against them. 

Thanks to our show sponsor KnowBe4.

Espionage, influence, summits, and elections. What counts as a luxury? An iCloud warrant raises cryptowars speculation. Microsoft's GitHub acquisition. Facebook's coziness with Shanghai?

Jun 6, 2018 19:49

Description:

In today's podcast, we hear that TempTick and Turla are interested in the US-North Korean summit. That summit might not take up many cybersecurity issues. Where did North Korea get all that digital rope they want to hang the West with? It seems we competed to sell it to them, more-or-less unwittingly. Russian influence ops continue to give lies their bodyguard of truth. The FBI gets a warrant for a high-profile iCloud account. Microsoft outbid Google for GitHub—what will Redmond do with all that code? Facebook may have a complicated relationship with Shanghai. Johannes Ullrich from the ICS Stormcast podcast on deserialization. Guest is Ameesh Divatia from Baffle on GDPR and cloud data privacy. 

DPRK hackers quieter in the run-up to the Kim-Trump summit. Russian EW. Cryptocurrencies and crime. Law firm social engineering. Dodgy World Cup Wi-Fi. Bad AI, a time-traveler's poly.

Jun 5, 2018 18:30

Description:

In today's podcast, North Korea still seems to be leaving American IoT networks more-or-less alone, for now, however actively they're hacking elsewhere. Everything old is new again, at least with Russian EW. Cryptocurrency crime is a worry everywhere. A look at law firm hacks shows the counselors could use the help of some street-savvy hotel detectives more than a tech-savvy perimeter security solution, although that wouldn't be bad, either. Beware of letting World Cup Wi-FI be an own-goal. Apple's latest updates seem privacy friendly. Thoughts on AI, and the polygraphing of a time traveler that sounds totally legit. David Dufour from Webroot on new roles for security, and how that impacts hiring and education. Guest is John Dickson from Denim Group on securing voting infrastructure. 

Microsoft buys GitHub for $7.5 billion. VPNFilter tries to reconstitute itself. Ransomware and DDoS notes. USA Really seems to be latest in Russian disinformation.

Jun 4, 2018 14:57

Description:

In today's podcast we hear that Microsoft is buying GitHub for $7.5 billion. VPNFilter seeks to reestablish itself. Financial Trojans are up and ransomware is down, but don't count the ransomware out, not yet. A get-decrypted-for-free card to Russian ransomware victims. The children of Mirai trouble an unhappy world. USA Really may be the latest incarnation of the Internet Research Agency, complete with rabid Florida squirrels, Wisconsin blood-suckers, and advice on Louisiana's secession. Malek Ben Salem from Accenture Labs on using keyboard biometrics to detect mental disorders. 

Islamic State propaganda persistence — Research Saturday

Jun 2, 2018 19:02

Description:

Researchers from Flashpoint recently explored ISIS' ability to distribute propaganda across the internet, and their use of major internet service providers to help them achieve persistence.

Ken Wolf is a Senior Analyst at Flashpoint, and he describes what they learned.

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

Lazarus Group updates. Cybercrime's GDP. New Zealand a Chinese espionage target? ZTE and Huawei criticized. BND will continue to monitor Frankfurt hub. Google's knowledge panels.

Jun 1, 2018 24:37

Description:

In today's podcast we hear that the Lazarus Group may be on (relative, selective) good behavior. A study suggests that if cybercrime were a country, it would have a GDP comparable to Russia's. The Canadian Security Intelligence Service warns, in the nicest way possible, that Chinese spies are out to get New Zealand. ZTE and Huawei come in for more criticism. The BND gets a court victory in Leipzig. Google's ground-truth algorithms are looking a little truthy. Joe Carrigan from JHU ISI with follow-up on listener comments from last week’s iOS vs Android discussion. Guest is Todd Inskeep from BAH with highlights from a talk he gave at RSA on NotPetya. 

Kaspersky loses court challenge to US Government ban. Cryptomix ransomware. US Departments of Commerce, Homeland Security, and Energy plan resiliency. A packrat at CIA? Reboot your routers.

May 31, 2018 19:56

Description:

In today's podcast we hear that Kaspersky has lost its court challenge to the US Government ban on its products, but plans to  appeal. Cryptomix ransomware is out in the wild. Vulnerabilities found in SingTel routers. Chrome 67 update includes patches. The US Departments of Commerce and Homeland Security address botnets (and ask for research). The US Department of Energy plans for resiliency. Twitter takes down tweens. A packrat at CIA? Reboot your routers. Robert M. Lee from Dragos, reviewing some recently published ICS security reports. Guest is Adam Vincent from ThreatConnect on the increasing importance of threat intelligence for many organizations. 

Hacking Humans - Social engineering works because we're human.

May 31, 2018 30:08

Description:

In this premier episode of the Hacking Humans podcast, cohosts Dave Bittner from the CyberWire and Joe Carrigan from the Johns Hopkins University Information Security Institute discuss noteworthy social engineering schemes and ways to detect them. 

Author Christopher Hadnagy discusses his book The Art of Human Hacking. 

Thanks to our show sponsor KnowBe4.

More North Korean malware identified. EOS scanned for misconfigurations by parties unknown. Canadian banks won't pay extortion. Stay away from Joker's Stash. Crime and punishment.

May 30, 2018 18:41

Description:

In today' s podcast, we hear that the US has attributed two more strains of malware to North Korea. And whether you call them Hidden Cobra or the Lazarus Group, it's the same reliable crew of Pyongyang hoods. More trouble for the ICO world as unknown but probably bad actors scan for misconfigurations in EOS blockchain nodes. Canadian banks decline to pay extortion. Joker's Stash counterfeits show there's even less honor among thieves than you may have thought. Baratov gets five years for the Yahoo! hack, and "Courvoisier" gets a solid ten-year sentence for multiple crimes. Justin Harvey from Accenture with thoughts on GDPR. Guest is Ruvi Kitov from Tufin on why automation should be in wider use than it is.  

Rebooting routers against VPNFilter. Canadian banks compromised? Cobalt gang is back. 51% attacks on blockchains. "Courvoisier" sentenced. NATO looks at Russia's weaponized jokes.

May 29, 2018 19:55

Description:

In today's podcast we hear that the FBI recommends rebooting your routers against VPNFilter. Data extortion hits Canadian banks. The Cobalt Gang is back. 51% attacks fiddle with cryptocurrencies. BackSwap banking Trojan is tough to detect. Coca-Cola discloses data theft by a former employee. Courvoisier—the hacker, not the cognac, gets ten years. Facebook continues to work on its content moderation, and Papua New Guinea may block the platform for a month of study. NATO studies humor, very seriously. Ben Yelin from UMD CHHS on police attempts to use a deceased person’s fingerprints to unlock a phone. Guest is Mike Benjamin from CenturyLink on their recent threat report covering IoT and DDoS. 

UPnProxy infiltrates home routers — Research Saturday

May 26, 2018 20:26

Description:

Researchers at Akamai recently published a white paper titled UPnProxy: Blackhat proxies via NAT Injections.

In it, they describe vulnerabilities with Universal Plug and Play capabilities in home routers, and how malicious actors could take advantage of them. 

Chad Seaman is a senior CERT engineer at Akamai, and he's our guide. 

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

VPNFilter takedown. Low-cost Android phones with preloaded adware. Alexa's selective attention. BMW patches connected cars. Cryptocurrency crimes. New swatting charges. GDPR is here.

May 25, 2018 24:52