thecyberwire.com

The CyberWire - Your cyber security news connection.

Your cyber security news connection.
The CyberWire - Your cyber security news connection.

Description

More signal, less noise—we distill the day’s critical cyber security news into a concise daily briefing.

Categories

Technology

Episodes

Ryuk ransomware relationship revelations — Research Saturday

Mar 23, 2019 21:39

Description:

Investigators from McAfee's advanced threat research unit, working with partners at Coveware, have reevaluated hasty attributions of Ryuk ransomware to North Korea and have explored the inner workings of the threat.

John Fokker is head of cyber investigations in McAfee's Advanced Threat research unit. He join us to share their findings.

The original research can be found here:
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/ryuk-exploring-the-human-connection/

 

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Finland’s data protection authority investigates suspicious smartphone activity. GitHub repos are leaking keys. Cardiac devices can be hacked.

Mar 22, 2019 23:28

Description:

In today’s podcast, we hear that Finland’s data protection authority is investigating reports that Nokia 7 Plus smartphones are sending data to a Chinese telecom server. Thousands of API tokens and cryptographic keys are exposed in public GitHub repositories. The US government warns that certain cardiac devices can be hacked from close range. A North Carolina county government is dealing with its third ransomware attack. And Magecart groups go after bedding companies. Malek Ben Salem from Accenture Labs with thoughts on securing the digital economy. Guest is Adam Isles from the Chertoff Group on supply chain risks.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_22.html 

Support our show

Russian APTs target EU governments. FIN7 is back. Google and Facebook scammed.

Mar 21, 2019 19:36

Description:

Fancy Bear and Sandworm are launching cyberespionage campaigns against European governments before the EU parliamentary elections. The FIN7 cybercrime group is still active, and it’s using new malware. A scammer stole more than $100 million from Google and Facebook. Facebook stored hundreds of millions of passwords in plaintext for years. And chatbots can learn to impersonate you based on your texts. Ben Yelin from UMD CHHS on rumors of NSA shutting down the Section 215 program. Guest is Jadee Hanson from Code 42 on insider threats.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_21.html 

Support our show

Norsk Hydro recovers from LockerGoga infection. Cyber conflict, cyber deterrence, and an economic case for security. EU out of compliance with GDPR? Big Tech in court. Thoughts on courtship.

Mar 20, 2019 19:55

Description:

In today’s podcast, we hear that Norsk Hydro’s recovery continues, with high marks for transparency. Some notes on the challenges of deterrence in cyberspace from yesterday’s CYBERSEC DC conference, along with context for US skepticism about Huawei hardware. Cookiebot says the EU is out of compliance with GDPR, it’s sites infested with data-scraping adtech. Google and Facebook get, if not a haircut, at least a trim, in EU and US courts. And some animadversions concerning digital courtship displays.  Dr. Charles Clancy from VA Tech’s Hume Center on updates to the GPS system. Guest is Landon Lewis from Pondurance on balancing AI and human intelligence.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_20.html 

Support our show

LockerGoga hits Norse Hydro. Mirai botnet malware gets an update. The DHS is concerned about cybersecurity.

Mar 19, 2019 18:57

Description:

In today’s podcast, we hear that an aluminum manufacturing giant in Norway has suffered a major ransomware attack. A new version of the Mirai botnet malware is targeting enterprise systems. The US Homeland Security Secretary says the private sector and the government in the United States need to work together against cyber threats. Europol has a new cyber incident response strategy. And cybersecurity executives say some vendors’ marketing tactics are having a detrimental effect on the security industry. Johannes Ullrich from SANS and the ISC Stormcast Podcast on hardware security issues at the perimeter. Guest is Nathan Burke from Axonius, winners of the 2019 RSAC Innovation Sandbox competition.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_19.html 

Support our show

Online content and terrorism. Huawei’s shifting strategy. Venezuela’s grid failure is explicable by corruption and incompetence--no hacking or sabotage required. Gnostiplayers are back. AI and evil.

Mar 18, 2019 16:24

Description:

In today’s podcast we hear about content moderation in the aftermath of the New Zealand mosque shootings. A shift in Huawei’s strategy in the face of Five Eye--and especially US--sanctions: the US doesn’t like us because we’re a threat to their ability to conduct untrammeled surveillance. Corruption, neglect, and replacement of experts by politically reliable operators seem to have caused Venezuela’s blackouts. Gnosticplayers are back, with more commodity data. And AI has no monopoly on evil--natural intelligence has that market cornered. Joe Carrigan from JHU ISI on the recently announced DARPA funded effort to develop and open-source voting system.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_18.html 

Support our show

ThinkPHP exploit from Asia-Pacific region goes global — Research Saturday

Mar 16, 2019 11:43

Description:

Akamai's Larry Cashdollar joins us to describe an exploit he recently came across while researching MageCart incidents. It's a remote command execution vulnerability affecting ThinkPHP, a popular web framework.

The original research can be found here:
https://blogs.akamai.com/sitr/2019/01/thinkphp-exploit-actively-exploited-in-the-wild.html

 

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Terror, announced and celebrated online. JavaScript sniffer afflicts e-commerce sites. Cryptojacking in the cloud. Perspectives on regulation, thoughts on a pervasive IoT. China’s IP protection law.

Mar 15, 2019 21:55

Description:

In today’s podcast, we hear that a terror attack against two New Zealand mosques is announced on Twitter and live-streamed on Facebook. A new, unobtrusive JavaScript sniffer infests some e-commerce sites in the UK and the US. Cryptojacking finds its way into the cloud. A look at the consequences of regulation, both good and bad. How CISOs will have to grapple with the increasingly pervasive Internet-of-things. And China’s National People’s Congress makes a gesture toward respecting IP, but the world remains skeptical. Craig Williams from Cisco Talos with an update of crypto miners. Guest is Nirmal John, author of the book, “Breach: Remarkable Stories of Espionage and Data Theft and the Fight to Keep Secrets Safe.”

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_15.html 

Support our show

Indonesian election security. Watering hole in Pakistani passport site. RAT hunting. “Intelligence brute-forcing.” Just-patched zero-day exploited. PoS DGA attack. Operation Sheep. BND advises “nein” to Huawei.

Mar 14, 2019 20:12

Description:

In today’s podcast, we hear that Indonesia says it’s got its voting security under control, and a lot of the problems sound like good old familiar fraud and dirty campaigning. Trustwave warns of a watering hole on a Pakistani government site. Recorded Future goes RAT hunting. Proofpoint offers a look at “intelligent brute-forcing.” Kaspersky reports on two espionage APTs exploiting a just-patched Microsoft zero-day. Flashpoint describes an unusual point-of-sale attack, and Check Point find Trojanized Android apps. Germany’s BND warns against Huawei.  Robert M. Lee from Dragos with thoughts on the Venezuelan power outages. Guest is Jeremy Tillman from Ghostery on the California Consumer Privacy Act.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_14.html 

Support our show

Election security and influence operations. Hacking the Fleet. Undersea cable competition. 5G worries. Calls to rein in Big Tech. UN report outlines North Korean cyber crime (there’s a lot of it).

Mar 13, 2019 20:23

Description:

In  today’s podcast, we hear that election interference concerns persist around the world. Governments seek to address them with a mix of threat intelligence and attention to security basics. A US Navy report says the Fleet’s supply chain is well on the way to being pwned by Chinese intelligence. Undersea cables are a center of Sino-US competition. The European Parliament warns about the Chinese threat to 5G infrastructure. More calls to rein in Big Tech. And the UN looks at North Korea and sees massive cyber crime. Emily Wilson from Terbium Labs with a look back at the Equifax breach. Guest is Dr. Wenliang (Kevin) Du from Syracuse University on his SEED labs and the importance of hands-on training in cyber security.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_13.html 

Support our show

Venezuela power blackout updates. Social media and social control. Trojanized games. Free decryptor out for ransomware strain. Ads on Facebook. A look at 30 years of the web.

Mar 12, 2019 20:11

Description:

In today’s podcast, we hear an update on Venezuela and its power outages. Amplification of social media posts as a form of mass persuasion. A look at how control of the Internet has replaced control of the radio station as a move in civil war and coup or counter-coup planning. Asian game makers get backdoored out of China. Decryptors are out for BigBobRoss ransomware. Senator Warren versus Facebook, and Facebook versus itself. And Sir Tim Berners-Lee on the Web’s 30th birthday. Joe Carrigan from JHU ISI with an early look at NSA’s Ghidra reverse engineering tool. Guest is Dr. Phyllis Schneck from Promontory Financial Group (an IBM company) on regulation in cyber security, a preview of her talk at the upcoming JHU Annual Cybersecurity Conference for Executives. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_12.html 

Support our show

Allegations and information operations. Iridium group may have compromised Citrix. Sino-American trade and security conflicts continue. Fashions in trolling.

Mar 11, 2019 16:54

Description:

Venezuela sustains power outages, and the regime blames hackers and wreckers. The opposition says it’s all due to the regime’s corruption, incompetence, and neglect. Citrix loses business documents in what might have been an Iranian espionage operation. Huawei’s suit against the US gets some official cheering from Beijing. The US warns against Chinese information operations. And Russian troll farmers turn to amplification. Daniel Prince from Lancaster University on the importance of Cyber Design. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_11.html 

Support our show

Job-seeker exposes banking network to Lazurus Group — Research Saturday

Mar 9, 2019 22:11

Description:

Vitali Kremez is a Director of Research at Flashpoint. His team discovered that the recently disclosed intrusion suffered in December 2018 by Chilean interbank network Redbanc involved PowerRatankba, a malware toolkit with ties to North Korea-linked group Lazarus. The intrusion represents the latest known example of Lazarus-affiliated tools being deployed within financially motivated activity targeted toward financial institutions in Latin America.

The original research can be found here:
https://www.flashpoint-intel.com/blog/disclosure-chilean-redbanc-intrusion-lazarus-ties/

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Chinese influence campaigns. Egyptian spear phishing. Hundreds of million email records exposed.

Mar 8, 2019 22:58

Description:

In today’s podcast, we hear that Chinese information operations on US social media are widespread. The Egyptian government launches spear phishing attacks against activists. Hundreds of millions of email records were found online. Chelsea Manning is back in jail. The US is retaliating for Chinese cyberespionage. And Facebook wants to change its image. Ben Yelin from UMD CHHS on a PA supreme court ruling on protection of employee’s personal information. Guest is Scott Shackelford from Indiana University on the Paris call for trust and security.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_08.html 

Support our show

Scope of APT33 attacks revealed. GandCrab criminals shift tactics. Slub malware uses Slack.

Mar 7, 2019 20:55

Description:

The scope of Iran-linked APT33 cyberattacks has been revealed. GandCrab criminals are using more sophisticated tactics. A new type of malware was using Slack to communicate. Chrome gets an important update. Huawei sues the US, and Germany sets tougher security rules for telecom companies. And people who invest in cryptocurrency often don't know what they're getting into. David Dufour from Webroot with his thoughts on RSA Conference. Guest is Asaf Cidon from Barracuda Networks on account takeover vulnerabilities.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_07.html 

Support our show

5G worries. Whitefly vs. SingHealth. Speculative execution bug.

Mar 6, 2019 20:11

Description:

In today’s podcast, we hear that Australia's former prime minister warns Britain about Chinese tech companies. Symantec says Whitefly was behind SingHealth's massive data breach. Iranian hackers show code overlap. Intel CPUs are vulnerable to another speculative execution flaw. The NSA hasn't been using its domestic phone surveillance program lately. Sharing code presents dangers. And Google will ban political ads in Canada. Justin Harvey from Accenture with results from their Costs of Crime report, as well as observations from RSAC. Guest is Gerald Beuchelt from LogMeIn with info from their latest password survey.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_06.html 

Support our show

India hacks back. Rob Joyce discusses cyber conflict. Chinese hackers look for maritime technologies. Google reveals a macOS vulnerability.

Mar 5, 2019 19:48

Description:

In today’s podcast, we hear that India went on the offensive when its government websites were attacked by hackers from Pakistan. Rob Joyce, Senior Advisor for Cybersecurity Strategy to the Director of the US National Security Agency, discusses trends in cyber conflict. A Chinese cyberespionage group hacks for maritime technologies. Facebook lets people look you up by your two-factor authentication phone number. And Google researchers disclose a vulnerability in macOS.  CyberWire Editor John Petrik with results from the RSA Conference Innovation Sandbox. Guest Balaji Parimi from CloudKnox weighs the pros and cons of various authorization schemes.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_05.html 

Support our show

Operation Sharpshooter. Canada begins extradition process. Huawei will sue the US. Facebook’s global lobbying practices revealed. Visitor management systems are vulnerable.

Mar 4, 2019 15:22

Description:

In today’s podcast, we hear that Operation Sharpshooter is linked to North Korea. Canada begins the extradition process for Meng Wanzhou. Huawei is planning to sue the US for banning its equipment from government use.  Facebook may have used questionable tactics to lobby against stricter data protection laws. Thailand passes a controversial cybersecurity law. And IBM interns discover a host of vulnerabilities in visitor management systems. Joe Carrigan from JHU ISI with details on a Ring Doorbell vulnerability.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_04.html 

Support our show

Fake Fortnite app scams infect gamers — Research Saturday

Mar 2, 2019 15:17

Description:

Researchers at Zscaler have been tracking a variety fake versions of the popular Fortnite game on the Google Play store, along with associated scams. Deepen Desai is head of security research at Zscaler, and he joins us to share their findings.

The original research can be found here:

https://www.zscaler.com/blogs/research/fake-fortnite-apps-scamming-and-spying-android-gamers

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Qbot spreads. Bug hunting makes a millionaire. US Cyber Command shows what “persistent engagement” looks like. Huawei agonistes. There’s no Momo, really.

Mar 1, 2019 23:07

Description:

Qbot infections are spreading. The bounty-hunting gig economy apparently has its first millionaire. Observers are liking what they see in US Cyber Command’s “persistent engagement.” Canada mulls the extradition of Huawei’s CFO to the US. The US continues to call Huawei a security risk, and Huawei has some things to say back. The Momo Challenge is a viral online craze, but not the way you may have heard. Awais Rashid from Bristol University with thoughts on edge computing. Guest is Dr. Dena Haritos Tsamitis from Carnegie Mellon University on improving the culture of infosec, as well as her thoughts on the upcoming RSA conference. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_01.html 

Support our show

Third-parties can misconfigure, too. Coinhive goes out of business. Intel decides 5G project with Chinese partner is too hard. Bronze Union. Clearing Facebook data. Proper disposal of lawful intercept tools.

Feb 28, 2019 20:50

Description:

In today’s podcast we hear that a misconfigured Amazon Web Services database has exposed a risk screening database--and it seems the exposure itself was an instance of third-party risk. Farewell to Coinhive, long a favorite of cryptominers everywhere. Intel pulls back from a 5G project with a Chinese partner. A quick look at Bronze Union, and what the threat actor’s up to. Facebook will soon help you clear your data. And if you have a lawful intercept tool you no longer need, please don’t sell it on eBay. Malek Ben Salem from Accenture Labs on the commoditization of malware. Guest is Michelle Dennedy from Cisco with results from their most recent Data Privacy Benchmark Study.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_28.html 

Support our show

Router vulnerabilities. Hacking around the Hanoi summit. DDoSing an election. Brushing back a troll farm. Crytpojacking an embassy.

Feb 27, 2019 20:34

Description:

In today’s podcast, we hear that Nokia routers have been found vulnerable to man-in-the-middle and denial-of-service attacks. As one would expect, the  US and North Korean summit in Hanoi this week summons up some hacking. Ukraine accuses Russia of DDoS attacks in the service of election disruption. US Cyber Command played some chin music for St. Petersburg during US midterm elections. And if you’re going to hack into an embassy, wouldn’t you want to do more than install a cryptojacker? David Dufour from Webroot with insights on their pending purchase by Carbonite. Guest is Randy Vanderhoof from the Secure Technology Alliance on managing identity and fraud in the payment space. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_27.html 

Support our show

Sino-Australian, Sino-American cyber tensions. Threat trends. Bare-metal cloud issues addressed. USB-C and memory attacks, Credential stuffing in tax season. Twitter hijacking.

Feb 26, 2019 20:35

Description:

In today’s podcast, we hear updates on suspicions of Chinese operators. Some trend reports from IBM and NETSCOUT. Bare-metal cloud services get reflashed. USB-C ports may be more vulnerable than thought to direct memory access attacks. Credential-stuffing attacks hit users of online tax-preparation services. And that missile attack on Tampa was not a drill—in fact, it never happened at all—and congratulations to the citizens of Florida for recognizing a hack and a hoax when they see one.  Justin Harvey from Accenture on the types of vulnerabilities adversaries target. Guest is Guarav Tuli from F-Prime Capital on the current venture capital environment for cyber. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_26.html 

Support our show

Another warning of DNS hijacking. B0r0nt0k ransomware is out and about, and in too many servers. Whitelisting a controversial CA. Blockchain security. Bots get on the consular calendar.

Feb 25, 2019 16:21

Description:

In today’s podcast, we hear that ICANN has warned of a DNS hijacking wave, and is urging widespread DNSSEC adoption. Security firms see Iran as a particularly active DNS hijacker. A B0r0nt0k ransomware outbreak infests Linux servers, but Windows users might be at risk as well. A request for whitelisting in the Firefox certificate store arouses controversy. Technology Review raises questions about blockchain security. Bots keep people from getting consular appointments, and people don’t like it. And telling minotaurs from unicorns. Rick Howard from Palo Alto Networks with tips on moving data to the cloud.  

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_25.html 

Support our show

Rosneft suspicions shift from espionage to business email compromise — Research Saturday

Feb 23, 2019 27:06

Description:

Researchers at security firm Cylance have been tracking a threat group targeting the Rosneft Russian oil company. As Cylance uncovered details, suspicions shifted from state-sponsored espionage to business email compromise. 

Kevin Livelli is director of threat intelligence at Cylance, and he joins us to share what they found.

The original research can be found here:
https://threatvector.cylance.com/en_us/home/poking-the-bear-three-year-campaign-targets-russian-critical-infrastructure.html

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Influence operations in Ukraine’s elections. Australian hacks look more like China’s work. Huawei and the 5G future. Objectionable content in comments. DrainerNot. No more soldier-selfies in Russia.

Feb 22, 2019 25:20

Description:

In today’s podcast, we hear that Kiev says it’s found complex, large-scale Russian influence operations in Ukraine’s presidential election. Australian investigators are said to be closer to concluding that recent hacking attempts were the work of Chinese intelligence services. There’s also plenty of ordinary crime to go around. Huawei continues its charm and affordability offensive. User comments drive advertisers away from YouTube. DrainerBot sucks power from phones. And Russia outlaws soldier-selfies. Ben Yelin from UMD CHHS about a lawsuit involving a man refusing to unlock his phone at the U.S. border. Guest is Linda Burger from NSA with information on their Technology Transfer Program. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_22.html 

Support our show

Hybrid war and tactical influence operations. Separ lives off the land. NoRelationship attacks get past email filters. Responsible disclosure. Man-in-the-room bug. Ship hacking. Password managers.

Feb 21, 2019 20:24

Description:

In today’s podcast we hear about a test of influencing soldiers through their social media: Instagram works best, Twitter not so much. Separ credential-stealing malware successfully lives off the land. NoRelationship attacks get past some email filters. Spamming users to get your point across may not be the best form of disclosure. University researchers find a man-in-the-room bug. Other researchers think they could capsize a ship. Britain’s NCSC continues its dance with Huawei. Password managers remain a good idea. Emily Wilson from Terbium Labs discussing law enforcement on the dark web. UK correspondent Carole Theriault returns with the story of surveillance and facial recognition in London. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_21.html 

Support our show

Fancy Bear phishes in think tanks. Lazarus Group takes a swipe at Russian organizations. New decryptor for GandCrab. Citizen Lab and Novalpina discuss NSO Group. Ryuk’s lousy help desk.

Feb 20, 2019 20:37

Description:

In today’s podcast, we hear that Microsoft has disclosed a Fancy Bear sighting, snuffling around Atlanticist think tanks in Europe. Ukraine says, in effect, see, we told you so. Speaking of bears, it seems that North Korea’s Hidden Cobra may be striking at the biggest bear of them all, going after Russian targets. There’s new decryptor available for GandCrab ransomware. Citizen Lab and NSO Group’s new partial owner exchange notes. A look at a ransomware help desk. Mike Benjamin from CenturyLink with an update on the Necurs botnet. Guest is Tommy McDowell from the R-CISC (the retail ISAC) on the importance of sharing threat data.

International cyber conflict: India and Pakistan; Australia and China. Rietspoof malware. Microsoft ejects cyptojackers from its store. NCSC may go easy on Huawei. Parliament criticizes Facebook.

Feb 19, 2019 20:24

Description:

In today’s podcast, we hear of a small flare in cyber conflict between India and Pakistan. Australian political parties as well as Parliament subjected to attempted cyberattacks. A new strain of malware is being distributed through messaging apps. Microsoft pulls cryptojacking Windows 10 apps from its store. Britain’s NCSC is rumored to have concluded that it can mitigate Huawei risks. Facebook gets a harsh report from Westminster. And a hacker claims a higher motive for his breach (but still wants Bitcoin).  Joe Carrigan from JHU ISI on Apple requiring two-factor authentication for developers. Guest is Igal Gofman from XM Cyber on network compromise through email.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_18.html 

Support our show

Seedworm digs Middle East intelligence — Research Saturday

Feb 16, 2019 16:19

Description:

Researchers at Symantec have been tracking Seedworm, a cyber espionage group targeting the Middle East as well as Europe and North America. The threat group targets government agencies, oil & gas facilities, NGOs, telecoms and IT firms.

Al Cooley is director of product management at Symantec, and he joins us to share their findings.

The original research can be found here:
https://www.symantec.com/blogs/threat-intelligence/seedworm-espionage-group

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

GandCrab notes. Make tests, not bans, says GSMA. Content moderation. Takedown of inauthentic accounts. Influence operations. Happy birthday, GCHQ.

Feb 15, 2019 26:04

Description:

In today’s podcast, we hear that GandCrab has been scuttling through unpatched holes. Independent testing as an alternative to banning specific vendors as security risks. Big Tech gets some Congressional scrutiny over content moderation. Facebook takes down inauthentic accounts working to influence the Moldovan elections. The Federal Trade Commission is rumored to be queuing up a record privacy fine. Defending forward from disillusioned Bears. And happy birthday, GCHQ. Craig Williams from Cisco Talos on router vulnerabilities. Guest is Amanda Berlin, founder of Mental Health Hackers on her efforts to address mental health issues in infosec.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_15.html 

Support our show

Former Air Force counterintelligence specialist indicted on charges of spying for Iran. Where’s the stolen Equifax data? Two alleged Apophis Squad clowns indicted.

Feb 14, 2019 20:32

Description:

In today’s podcast we hear that US prosecutors have unsealed the indictment of a former US Air Force counterintelligence specialist on charges she conspired to commit espionage on behalf of Iran. The US Treasury Department announces further sanctions on Iranian individuals and one organization named in that indictment. Two alleged members of Apophis Squad are indicted. Whatever became of the all the data stolen from Equifax? That information’s apparently not for sale on the dark web. Malek Ben Salem from Accenture Labs on reducing the attack surface of containers. Guest is Kevin McNamee from Nokia with results from their recent threat intelligence report. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_14.html 

Support our show

China says it had nothing to do with the Parliament hack in Australia. Notes on Patch Tuesday. Shlayer and GreyEnergy malware analyzed. Tomorrow is Valentine’s Day—act accordingly.

Feb 13, 2019 19:59

Description:

In today’s podcast, we hear that China has denied involvement in the Australian Parliament hack. Patch Tuesday notes. A new strain of Shlayer malware is out. A look at GreyEnergy. Reactions to the destructive VFEmail attack. And thoughts on St. Valentine’s Day, with advice, admonition, and an excursus on credential-stuffing and holiday doughnuts. Dr. Charles Clancy from VA Tech’s Hume Center on the Pentagon’s use of AI for RF spectrum management. Guest is Matt Cauthorn from ExtraHop on malicious Chrome extensions.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_13.html 

Support our show

VFEmail attacked, infrastructure wiped. EU considers a response to APT10. US Executive Order on AI is out. GPS jamming threat. Stryker hack. Shadow IT in the Corps.

Feb 12, 2019 19:35

Description:

In today’s podcast, we hear that VFEmail has sustained a devastating, data-destroying attack. The EU considers whether it should, can, or will make a coordinated response to China’s APT10. A US Executive Order outlines a strategy to maintain superiority in artificial intelligence. Norway warns, again, of the risk of GPS jamming. US Army Stryker vehicles were hacked during testing last year. And some Marines are getting ahead of themselves, downloading close air support control apps to personal tablets. Johannes Ullrich from SANS and the ISC Stormcast podcast on using hardware flaws for network access. Guest is Shane Harris from the Washington Post with an update on the Paul Whelan case in Russia.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_12.html 

Support our show

Cryptojackers gone wild. Attempted hack of Australia’s Parliament investigated. Huawei security concerns continue. Russia tests Internet autarky. Prosecutors investigate alleged blackmail.

Feb 11, 2019 19:02

Description:

In today’s podcast, we hear that clipper malware has been ejected from Google Play. A different cryptojacker is kicking its competitors out of infected machines. Australian authorities continue to investigate the attempted hack of Parliament, with Chinese intelligence services as the prime suspects. How do you solve a problem like Huawei? Russia prepares to test its ability to disconnect from the Internet in the event of war. Prosecutors investigate alleged blackmail by below-the-belt selfie. Ben Yelin from UMD CHHS on politicians blocking citizens on social media.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_11.html 

Support our show

Trends and tips for cloud security — Research Saturday

Feb 9, 2019 19:50

Description:

The team at Palo Alto Networks' Unit 42 recently published research tracking trends in how organizations are addressing cloud security, along with tips for improvement. 

Ryan Olson is VP of threat intelligence at Palo Alto Networks, and he joins us to share their findings.

The original research can be found here:
https://unit42.paloaltonetworks.com/unit-42-cloud-security-trends-tips/

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

 

Australia’s Federal Parliament has a cyber incident. DHS warns of third-party spying. Legit privacy app tampered with. Credit Union phishing. Bezos vs. Pecker. FaceTime bounty. Seal scat.

Feb 8, 2019 25:11

Description:

In today’s podcast, we hear that Australia is investigating an attempted hack of its Federal Parliament. The US Department of Homeland Security warns that spies are working through third parties to get to their targets. Spyware is bundled in a legitimate privacy app. Credit unions get spearphished. Mr. Bezos says, “No thanks, Mr. Pecker.” Apple will pay a FaceTime bug bounty. Microsoft says don’t use IE as a browser. And what they found in that seal scat.  Justin Harvey from Accenture on credential stuffing. Guest is Sandi Roddy from Johns Hopkins APL on secure key management.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_08.html 

Support our show

Social engineering and the power of brands. Insecure check-ins? APT10 is quiet but not gone. MacOS Keychain bug. Assessment of Chinese device manufacturers continues.

Feb 7, 2019 20:01

Description:

In today’s podcast, we hear about social engineering, with a few new twists. Some airlines may be exposing passenger data with insecure check-in links. APT10 may be lying low, for now, but the US Department of Homeland Security expects the cyber spies to be back. A researcher finds a macOS Keychain bug, but would rather not tell Apple about it. Governments in Europe and North America continue to assess risks associated with Huawei and ZTE. And a Trojan hides in The Sims 4. Awais Rashid from Bristol University with thoughts on the challenges of securing smart phones. Carole Theriault explores recent concerns over popular video app VLC Player security issues with Sophos’ Paul Ducklin.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_07.html 

Support our show

APT10 stays busy. More skepticism about Huawei (and ZTE, for that matter). No foreign “material effect” on US midterms. Reverse RDP risk. IIoT bug found. RSA Innovation Sandbox finalists.

Feb 6, 2019 20:43

Description:

In today’s podcast, we hear that Chinese threat group APT10 seems to have been busy lately, and up to its familiar industrial espionage. More governments express skepticism about Chinese manufacturers. The US report on election security is out: influence ops were found to have had no material effect on the midterms. Lithuania worries about Russian election meddling. A reverse RDP attack risk is reported. An industrial IoT remote code flaw. And congratulations to the finalists in RSA’s Innovation Sandbox. Emily Wilson from Terbium Labs on biometrics for sale on the dark web. Guest is Katie Nickels from MITRE on the ATT&CK knowledge base.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_06.html 

Support our show

ExileRAT versus Tibet. SpeakUp backdoors Linux. Facebook bans Myanmar militias. Norway sees a threat in Huawei. Westminster gets hacked? Bangladesh Bank sues over SWIFT caper.

Feb 5, 2019 20:10

Description:

In today’s podcast, we hear that ExileRAT is targeting Tibet’s government-in-exile. The SpeakUp backdoor afflicts many varieties of Linux systems. Facebook bans ethnic militias in Myanmar from its platform. Norway’s PST intelligence service says that Huawei constitutes a security risk, and China says that’s nonsense. Someone seems to be hacking contact lists belonging to UK Members of Parliament. Bangladesh Bank is suing to recover the $81 million missing from its 2016 SWIFT heist. Joe Carrigan from JHU ISI on Facebook’s password flexibility on mobile devices. Guest is Joseph Williamson from EclecticIQ on cyber espionage and nation state threats.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_05.html 

Support our show

Tracking the impresario behind Collection#1. OceanLotus and a new downloader. CookieMiner malware afflicts Macs. Huawei’ prospects. Influence ops. Extortion by bluff.

Feb 4, 2019 17:46

Description:

In today’s podcast, we hear that Collection#1 looks like the work of an aggregator who goes by the name of “C0rpz.” OceanLotus is working with a new downloader. CookieMiner malware is poking around in Macs. Huawei continues to receive harsh security scrutiny internationally even as it seeks to position itself as a 5G leader. Russian influencers begin to attend to Venezuela. And if someone says they’ve got video of you looking at things you shouldn’t, they probably don’t. Rick Howard from Palo Alto Networks on Australia’s controversial encryption legislation. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_04.html 

Support our show

Online underground markets in the Middle East — Research Saturday

Feb 2, 2019 17:59

Description:

Researchers at Trend Micro recently published their look inside online underground marketplaces in the Middle East and North Africa, where criminals are buying and selling malware, laundering money and event booking their next discount vacation.
Jon Clay is director of global threat communications at Trend Micro, and he joins us with their findings. 

The original research can be found here:
https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/cash-and-communication-new-trends-in-the-middle-east-and-north-africa-underground

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

No more Apple time-out for Facebook and Google. Inauthentic sites taken down. Fancy Bear paws at Washington, again. Malware-serving ads. Amplification DDoS. Data exposures in India.

Feb 1, 2019 24:39

Description:

In today’s podcast, we hear that Apple has let Facebook and Google out of time-out. Russia decides it would like access to Apple data because, you know, its Russian law. Social networks take down large numbers of inauthentic accounts. Fancy Bear is snuffling around Washington again, already, with some spoofed think-tank sites. Shape shifting campaign afflicts ads. China sees CoAPP DDoS attacks. An Aadhaar breach hits an Indian state as the SBI bank recovers from a data exposure incident. Johannes Ullrich from SANS and the ISC Stormcast Podcast on the effectiveness of blocklists. Guest is Daniel Faggella from Emerj Artificial Intelligence Research on the future of AI and security.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_01.html 

Support our show

Commodity credential stuffing gets four new collections. Google was also doing a pay-to-pwn, like Facebook. Russian trolling. FaceTime bug investigation. Joanap botnet. Other online scams.

Jan 31, 2019 20:05

Description:

In today’s podcast, we hear that Collections #2 through #5 have joined Collection #1 in hacker fora. Google is found to be collecting data from devices in much the same way its advertising peer Facebook was. Russian trolls seek to discredit the Special Counsel’s investigation of influence ops. New York State opens an investigation into Apple’s response to the FaceTIme bug. The US Department of Justice aims to disrupt a North Korean botnet. And a rundown of some current online scams. Mike Benjamin from Century Link with information on TheMoon botnet and how it targets websites. Guest is Lewie Dunsworth, CISO & Executive Vice President of Technical Operations at Herjavec Group on projected increases in ransomware aimed at hospitals.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_31.html

 

Support our show

US IC on cyber threats. Iran goes after PII. UAE surveillance described. Scanning for unpatched routers. Huawei’s possible fates. Scam exploits child. FaceTime disclosure. Facebook Research.

Jan 30, 2019 19:49

Description:

In today’s CyberWire, we hear that US Intelligence Community leaders testify that the major cyber threat comes from Russia, China, North Korea, and Iran. Iran’s APT39 takes an interest in PII. A UAE surveillance program is revealed. Hackers scanning for unpatched Cisco routers. What Huawei faces, in addition to fines. The FaceTime bug and responsible disclosure. Facebook was paying people to pwn their phones. Scam artists exploit a small disabled girl. And the Government shutdown’s mixed effect on cybersecurity. Craig Williams from Cisco Talos on Pylocky, a ransomware strain they’ve been tracking. Guest is Mark Orlando from Raytheon on safeguarding online information.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_30.html

 

Support our show

004 Case studies in risk and regulation — CyberWire-X

Jan 30, 2019 32:13

Description:

In the final episode of our four-part series, called “Ground Truth or Consequences: the challenges and opportunities of regulation in cyberspace,” we examine some of the game changing high profile breaches like Yahoo, Equifax and OPM, along with their impacts and lessons learned.

Our guest is Dr. Christopher Pierson, CEO and founder of BlackCloak.

Later in the program we'll hear from Jason Hart, CTO for enterprise and cybersecurity at Gemalto. They're the sponsors of this show.

FaceTime’s odd bug, and how to squash it. FormBook malware surges through a new hosting service. Some international law enforcement wins. International conflict in cyberspace.

Jan 29, 2019 20:04

Description:

In today’s podcast, we hear that a FaceTime bug lets you listen to someone’s phone before they’ve even picked up. FormBook malware’s surge is abetted by a new hosting service. Compromised server market xDedic has been taken down. Europol is looking for Webstressor users. Huawei faces new US criminal charges. Kim’s ambitious economic plan may augur ambitious North Korean hacking. EU foretells a surge in Iranian cyberattacks. Waiting for information operations around the Venezuelan crisis. Joe Carrigan from JHU ISI on legacy Twitter location data privacy issues. Guest is Jamil Jaffer from IronNet Cybersecurity with highlights from his recent Capital Hill briefing, “Nation-State Threats, Collective Defense, and Strategic Deterrence in Cyberspace: (How) Can We Get Better Fast?”

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_29.html

 

Support our show

Someone takes an unhealthy interest in Citizen Lab. Ukraines accuses Russia of election phishing. Russian bigshots doxed. Tension over Venezuela. Swatting indictments. National Privacy Day.

Jan 28, 2019 19:10

Description:

In today’s podcast, we hear about some Spy vs. Spy at Citizen Lab, but who the spies were working for isn’t clear. Ukraine’s cyber police accuse Russia of phishing for election influence. As Fortuna’s wheel turns, Russian bigwigs get doxed by transparency hacktivists. Great power tension over Venezuela bears watching in cyberspace. Alleged swatters indicted and arrested. Happy National Privacy Day. Emily Wilson from Terbium Labs on “fullz” records of children being sold on the dark web. Guest is Sean Lyngaas from CyberScoop with his insights on the DNS hijacking threat.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_28.html

 

Support our show

Amplification bots and how to detect them. — Research Saturday

Jan 26, 2019 18:34

Description:

Researchers from Duo Security have been analyzing the behavior of Twitter bots in a series of posts on their web site. Their most recent dive into the subject explores amplification bots, which boost the impact of tweets through likes and retweets.

Jordan Wright is a principal R&D engineer at Duo Security, and he joins us to share their findings.

Link to the original research - 
https://duo.com/labs/research/anatomy-of-twitter-bots-amplification-bots

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Glitches, not attacks or takedowns. Tracing Gray Energy and Zebrocy back to their servers. US Army tactical cyber operations. Venezuela crisis. Bellingcat and OSINT. Roger Stone arrested.

Jan 25, 2019 25:03

Description:

In today’s podcast, we hear that two potential cyberattacks now look like glitches. Gray Energy and Zebrocy look as if they’re close enough to be, if not the same threat actor, at least first cousins. The US Army pushes significant cyber capability to a tactical level. Venezuela’s crisis may provide the next occasion for Russian information operations. How Bellingcat exposes info operations. Special Counsel Mueller secures the indictment and arrest of Roger Stone. And leave the Nest alone. Dr. Charles Clancy from the Hume Center at VA Tech on confusing marketing claims from AT&T with regard to 5G cellular technology. Guest is P. W. Singer, author of the book LikeWar, the Weaponization of Social Media.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_25.html

 

Support our show

The US House of Representatives wants to know more about DNS-hijacking. Huawei skepticism. Anonymous dunnit, say the Russians. Financial data exposed. Family spooked by hackers.

Jan 24, 2019 20:00

Description:

In today’s podcast, we hear that the US House would like some more information from DHS about what prompted its emergency directive about DNS hijacking. More skepticism about Huawei from various governments. A British think tank has been hacked—observers think Russia’s GRU is good for it, but Russia says no, hey, it was Anonymous, and they did a good job. Exposed database leaves financial information out for the taking. Creeps take over a family’s Nest. Ben Yelin from UMD CHHS with a 4th amendment  personal privacy case out of Alaska. Guest is Kathleen Smith from CybersecJobs.com and ClearedJobs.net on the career benefits of volunteering.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_24.html

 

Support our show

Emergency Directive 19-01 versus DNS hijacking. 2019 US National Intelligence Strategy on cyber. France says cyber war is upon us. Courts in UK have email trouble. Hacks and lulz.

Jan 23, 2019 19:43

Description:

In today’s podcast, we hear that Emergency Directive 19-01 has told US Federal civilian agencies to take steps to stop an ongoing DNS-hijacking campaign. The US National Intelligence Strategy is out, and it prominently features cyber as a “topical mission objective.” France says that war has begun in cyberspace, and that the enemy should be en garde. British barristers scramble to restore secure email. A metals firm sustains an attack on business systems. And some clown cuts Australian telecoms cables. Justin Harvey from Accenture on blocking incoming threats. Guest is Tom Huckle from Crucial on closing the skills gap.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_23.html

 

Support our show

Ex-employee backdoor. Stealthy DDoS. Anubis dropper looks for motion. Influence operations. Privacy actions. The curious case of the espionage arrest in Russia.

Jan 22, 2019 20:44

Description:

In today’s podcast, we hear that the WordPress Multilingual Plugin was compromised by a disgruntled ex-employee. Stealthy DDoS might escape notice. Anubis droppers wait for the phone to move before executing. EU works against influence in its May elections. France fines Google for lack of transparency under GDPR. Facebook may face FTC action. And more emerges on the curious case of the American/Canadian/Irish/British citizen arrested in Moscow for spying.  Johannes Ullrich from SANS and the ISC Stormcast podcast on gift card scams. Carole Theriault speaks with guest Maria Varmazis about Fortnite vulnerabilities.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_22.html

 

Support our show

Luring IoT botnets to the honeypot — Research Saturday

Jan 19, 2019 18:54

Description:

Researchers from Netscout's ASERT team have been making use of honeypots to gather information on rapidly evolving IoT botnets that take advantage of default usernames and passwords to gain access and take control of unprotected devices.

Matt Bing is a security research analyst with Netscout, and he guides us through their findings.

The original research can be found here:
https://asert.arbornetworks.com/dipping-into-the-honeypot/

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Collection #1 and the threat of credential stuffing. Cryptojacker disables some cloud security tools. Don’t chat with strange bots. Facbebook shutters more Russian coordinated inauthenticity.

Jan 18, 2019 25:48

Description:

In today’s podcast we hear that Collection #1 is big but not the end-of-the-world. Still, be on the lookout for credential stuffing attacks. Rocke cryptojacker can disable some cloud security services. Beware of Telegram bots. Facebook shuts down a few hundred inauthentic Russian pages, and Sputnik shows up as either a free-speech paladin or another troll farm—take your pick. Epic Games closes a vulnerability that exposed data of Fortnite players. Malek Ben Salem from Accenture Labs on power grid vulnerabilities to botnets. Guest is former U.S. Secretary of Homeland Security Michael Chertoff discussing his book Exploding Data.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_18.html

 

Support our show

Cyber espionage vs. the RoK MoD. Fancy Bear’s old Lojax tricks. US rumored to be prepping another case against Huawei. Database exposure in Oklahoma. Yes Men prank Post.

Jan 17, 2019 19:53

Description:

In today’s podcast, we hear that South Korea’s Defense Ministry has disclosed a cyber espionage incident. Fancy Bear sticks to its old tricks with Lojax. The US Justice Department is rumored not to be done with Huawei—this time an IP theft beef is believed to be coming. A big database exposure case in Oklahoma. And an update on yesterday's bogus Washington Post edition: it was a prank by the Yes Men. Mike Benjamin from Century Link with an update on the Mylobot botnet. Guest is Angie White from Iovation on PSD2, the payment services directive update.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_17.html

 

Support our show

SEC, DoJ, issue civil and criminal complaints against EDGAR hackers. Lazarus Group in Chile? Iran’s Ashiyane Forum. Cryptomix ransomware. Money laundering through Fortnite. Fake WaPo edition.

Jan 16, 2019 20:29

Description:

In today’s podcast, we hear that the SEC and the Department of Justice are going after EDGAR hackers for securities fraud. Flashpoint sees the Lazarus Group in an attack on Chile’s Redbanc. Recorded Future shares notes on Iran’s Ashiyane Forum. Crytpomix ransomware is being distributed by fraudulent charitable appeals. Organized gangs are using Fortnite in-game currency for money laundering. A slickly done bogus edition of the Washington Post was being handed out in DC this morning. Ben Yelin from UMD CHHS on a recent ruling regarding 5th amendment protections for biometrics. Guest is Kevin O’Brien from GreatHorn on techniques to improve email security.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_16.html

 

Support our show

Web hosts fix account takeover issues. Passenger Name Record exposure proof-of-concept. Swatting isn’t funny. Chinese manufacturers and suspicions of espinonage.

Jan 15, 2019 19:43

Description:

In today’s podcast, we hear that a bug hunter has found and responsibly disclosed issues in web hosts. Compromising Passenger Name Records in airline reservations. Business email compromise seems on the rise, and it’s also growing a bit more interactive. A Facebook executive is swatted, and absolutely nobody should dismiss this sort of thing as a joke. China would like everyone to stop saying bad stuff about Huawei, but the Polish government seems unconvinced that there’s nothing to see here. Rick Howard from Palo Alto Networks, revisiting the notion of a cyber moon shot. Carole Theriault reports on a hack of the Australian emergency warning system. She speaks with Paul Baccas from Proofpoint.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_15.html

 

Support our show

Polish espionage case. Ryuk tactics, and some thoughts on its attribution. Access-control system zero-days. Lawsuit may bring clarity to cyber insurance war exclusion clauses.

Jan 14, 2019 18:58

Description:

In today’s podcast, we hear that Huawei has fired the sales manager arrested for espionage in Poland, and says that if he was spying, he was freelancing. Ryuk ransomware now looks more like a criminal than a state-sponsored operation. And its “big-game hunting” has pulled in almost four million dollars since August. Access control system zero-days found. And a lawsuit is likely to set some precedents concerning what counts as cyberwar. Joe Carrigan from JHU ISI on updated NIST password guidelines. Guest is Vijaya Kaza from Lookout on the shifting role of privacy in infosec.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_14.html

 

Support our show

Magecart payment card theft analysis — Research Saturday

Jan 12, 2019 29:01

Description:

Researchers at RiskIQ have been tracking a series of web-based credit card skimmers known as Magecart. We take a closer look at attacks on Ticketmaster, British Airways, NewEgg and Shopper Approved payment card pages. 

Yonathan Klijnsma is lead of threat research at RiskIQ, and he guides us through what they've learned.

Links to RiskIQ research:

https://www.riskiq.com/blog/labs/magecart-ticketmaster-breach/
https://www.riskiq.com/blog/labs/magecart-british-airways-breach/
https://www.riskiq.com/blog/labs/magecart-newegg/
https://www.riskiq.com/blog/labs/magecart-shopper-approved/

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Iran linked to DNS hijacking campaign. Smart doorbells not smart enough about security. Fuze cards are convenient for crooks, too. Huawei espionage arrest in Poland. Russian sympathy for NSA.

Jan 11, 2019 22:05

Description:

In today’s podcast, we hear that FireEye has called out Iran “with moderate confidence” for a long-running DNS-hijacking campaign. Smart doorbells may not be smart enough for their users’ comfort, if reports of video sharing are to be credited. Crooks are finding Fuze cards as handy as good-guy consumers do. Poland makes two arrests in an espionage case linked to Huawei. And the Russian media are happy to offer sympathy to NSA for some alleged security lapses at Fort Meade. Craig Williams from Cisco Talos with details on Persian Stalker targeting secure messaging apps. Guest is Rajiv Dholakia from Nok Nok Labs on the security pros and cons of biometrics.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_11.html

 

Support our show

TA505’s new tools. ISIS turns to emerging chat apps. Reddit asks for password resets. The EU’s right to be forgotten gets some court-imposed limits. The tweets Kaspersky flagged to NSA.

Jan 10, 2019 19:28

Description:

In today’s podcast, we hear that Proofpoint researchers are tracking the latest developments from the unusually diligent cyber criminals fo TA505. ISIS turns to newer, less closely monitored and moderated apps as it’s pushed out of larger social networks. Reddit asks users to reset their passwords, and to make them good ones. Google seems to have made strides against expansive interpretation of the EU’s right to be forgotten. And the curious tweets of @HAL999999999. Jonathan Katz from UMD on updated WiFi security. Guest is Ameesh Divatia from Baffle on the growing frustration with how companies handle our private information.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_10.html

 

Support our show

ICEPick-3PC in the wild. Influence ops warning in Israel. Hackerangriff and a lone hacktivist. OXO and Magecart. The Dark Overlord wants you. Oversharing. Internet autarky. Kaspersky helped NSA?

Jan 9, 2019 19:26

Description:

In today’s podcast, we hear that ICEPick-3PC is out in the wild and scooping up Android IP addresses. Shin Bet warns of influence operations threatening Israel’s April election—much predictable yelling and finger-pointing ensues. German authorities are pretty convinced Hackerangriff is the work of a lone, disgruntled student. OXO may have suffered a Magecart infestation. Dark Overlord’s labor market play. Facebook sharing. Internet autarky. And did Kaspersky finger an NSA contractor to NSA for mishandling secrets? Dr. Charles Clancy from VA Tech on security gaps in the 5G specification. Guest is Denis Cosgrove from Booz Allen Hamilton on the growing connectivity and autonomy in motor vehicles. 

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_09.html

Support our show

German police have a suspect in #hackerangriff. Cyber espionage awareness campaign. Cyber cold war in the offing? US political operators learn from Russian trolls. WikiLeaks on the record.

Jan 8, 2019 19:50

Description:

In today’s podcast, an arrest has been made in #hackerangriff: a student in the German state of Hessen. The US begins a campaign to heighten businesses’ awareness of cyber espionage. Observers see a coming “cyber cold war,” with China on one side and a large number of other countries on the other. Facebook is following a widening investigation into the use of inauthentic accounts, ads, and sites in recent US elections. WikiLeaks’ lawyers tell news media to stop defaming the organization and its founder.  Emily Wilson from Terbium Labs on the nine lives of a credit card. Guest is Robb Reck from Ping Identity on NIST password guidance.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2019_01_08.html

Support our show

German doxing incident remains under investigation. Marriott breach update. Dark Overlord watch. Can cryptocurrency become less burdensome in terms of energy consumption?

Jan 7, 2019 20:01

Description:

In today’s podcast, we hear that investigation into the doxing campaign German political leaders suffered continues, and the Interior Minister promises a transparent inquiry. Attribution remains unsettled, but a lot of people are looking toward Russia. Marriott thinks fewer guests were affected by its Starwood breach than initially feared. Online gamers affected by breaches. The Dark Overlord continues to make a pest of itself. And can alt-coin production become less of an energy hog? Awais Rashid from Bristol University on securing large-scale infrastructure. Guests are Karen Waltermire and Harry Perper from NIST, discussing the NIST National Cybersecurity Center of Excellence (NCCoE).

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2019_01_07.html

Support our show

NOKKI, Reaper and DOGCALL target Russians and Cambodians — Research Saturday

Jan 5, 2019 14:28

Description:

Researchers from Unit 42 at Palo Alto Networks have discovered an interesting relationship between the NOKKI and DOGCALL malware families, as well as a new RAT being used to deploy the malware.

Jen Miller-Osborn is Deputy Director of Threat Intelligence with Unit 42, and she joins us to share their findings.

The original research can be found here:
https://unit42.paloaltonetworks.com/unit42-nokki-almost-ties-the-knot-with-dogcall-reaper-group-uses-new-malware-to-deploy-rat/

 

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

 

Doxing in Germany. How Lojax works. Spyware found in apps downloaded from Google Play. ISIS hijacks dormant Twitter accounts. Update on Moscow spy case. Chromecast hacking endgame.

Jan 4, 2019 25:03

Description:

In today’s podcast, we hear that German politicians, celebrities, and journalists have been doxed by parties unknown. ESET describes the workings of Lojax malware. Google ejects spyware-infested apps from the Play Store. ISIS returns online to inspire, via some hijacked dormant Twitter accounts. Updates on the arrest of a dual US-UK citizen on spying charges in Moscow. And some PewDiePie followers sort of say they’re sorry for hacking Chromecasts. Sort of. Justin Harvey from Accenture with his outlook toward 2019. Guest is Ken Modeste from UL (Underwriters Laboratories) on their evolution as a safety certification organization.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2019_01_04.html

Support our show

2019’s first noteworthy breach. Update on the Tribune Publishing hack. reCAPTCHA defeated in proof-of-concept. Dark Overlord should avail itself of the right to remain silent.

Jan 3, 2019 19:39

Description:

In today’s podcast, we hear that prize for first big breach of 2019 goes to Australia, but the year is young. Ryuk “artisanal” malware implicated in newspaper print-plant hacks. reCAPTCHA gets captchu’d, again. The Dark Overlord teases some pretty dull stuff, a step ahead of the law and Pastebin content moderators. PewDiePie followers continue to pester Internet users. And there’s a new play about Reality Winner, the alleged NSA leaker. Johannes Ullrich from SANS and the ISC Stormcast podcast on cold boot attacks on laptops. Guest is Sarah Squire from Ping Identity with results from a survey on consumer response to breaches.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2019_01_03.html

Support our show

Stop the presses—the presses were stopped by ransomware. Video security system found vulnerable to oversharing. Changes in US DoD leadership. An arrest in Moscow, a court ruling in Baltimore. 

Jan 2, 2019 19:56

Description:

In today’s podcast, we hear that US newspapers sustained a major cyberattack—possibly ransomware—over the weekend that disrupted printing. The attack is said to have originated overseas, but attribution so far is preliminary, murky, and circumstantial. Home security video system is found to have hard-coded credentials. Changes in US Defense leadership. An American is arrested in Mosow on espionage charges. And alleged NSA leaker Hal Martin wins one and loses two in court. Ben Yelin from UMD CHHS on whether remotely wiping a mobile device could be considered destruction of evidence. Guest is Steve Durbin from the ISF on using a human-centered approach to building security teams.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2019_01_02.html

Support our show

Apple Device Enrollment Program vulnerabilities explored — Research Saturday

Dec 22, 2018 17:24

Description:

Researchers at Duo Security have been looking into Apple's Device Enrollment Program (DEM) and have discovered vulnerabilities that could expose users of the service to potential issues from social engineering and rogue devices.

James Barclay is Senior R&D Engineer at Duo Security, and he joins us to share what they've found.

The original research can be found here:

https://duo.com/blog/weak-apple-dep-authentication-leaves-enterprises-vulnerable-to-social-engineering-attacks-and-rogue-devices

 

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

Operation Cloudhopper and industrial espionage. Anonymous social network Blind server left exposed. Reputation jacking. Alexa shares too much, by accident. Hitman scam is back.

Dec 21, 2018 29:26

Description:

In today’s podcast, we hear that the Five Eyes have had quite enough of Stone Panda’s Cloudhopping, thank you very much, and they want Beijing to put a stop to it. Beijing says it’s all slander, and that the Yankees are probably just as bad. Blind turns out not to be as blind as its users thought. Reputation jacking comes to business email compromise. Alexa complies with GDPR, but goes a little overboard. And no, a hitman has not been hired to get you, no matter what that email says. Joe Carrigan from JHU ISI on hackers bypassing GMail two-factor authentication. Guest is Brian McCullough, host of the TechMeme Ride Home podcast and author of the book How the Internet Happened.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_21.html

Support our show

003 Risk and regulation in the financial sector — CyberWire X

Dec 21, 2018 29:09

Description:

In the third episode of our four-part series, called “Ground Truth or Consequences: the challenges and opportunities of regulation in cyberspace,” we take at risk and regulation in the financial sector, specifically how it intersects with cyber security. How do organizations operate in a heavily regulated global financial environment, while protecting their employees, their customers, and the integrity of a system largely built on trust?

Joining us are Valerie Abend from Accenture and Josh Magri from the Bank Policy Institute.

Later in the program we'll hear from Jason Hart, CTO for enterprise and cybersecurity at Gemalto. They're the sponsors of this show.

US indicts two Stone Panda operators amid ongoing international concern over Chinese IP theft. Suspicious customer support traffic on Twitter. Emergency IE patch. Influence experiment.

Dec 20, 2018 20:19

Description:

In today’s podcast, we hear that the US has indicted two hackers working for China’s Ministry of State Security. US and allies are said to be planning a joint response to China’s industrial espionage. Twitter sees suspicious customer support traffic. Microsoft issues an emergency patch for Internet Explorer. Facebook continues to struggle with transparency. New Knowledge CEO acknowledges a questionable experiment in social media manipulation. And, flash: Russian embassy hack was “brutal.” Rick Howard from Palo Alto Networks with some holiday reading suggestions. Guest is Sarah Tennant from the Michigan Economic Development Corporation describing new cyber security initiatives at Michigan universities.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_20.html

Support our show

Suspicion of Chinese hardware manufacturers continues. EU diplomatic cables leaked. Hiding out by dumbing down. Facebook data-sharing. NASA PII exposed. Parrot uses Alexa to advantage.

Dec 19, 2018 19:57

Description:

In today’s podcast we hear of more international skittishness about Chinese hardware manufacturers. Information operations in Taiwan’s elections. EU diplomatic cables hacked, rehacked, and published. Dumbing down cyber craft as a form of misdirection. More Facebook data-sharing practices come under scrutiny. NASA PII exposed; investigation continues. And did you hear the one about the parrot, Alexa, Amazon orders, and sappy dance tunes?  Jonathan Katz from UMD describing security improvements in the Signal messaging app. Guest Michael Doran from Optiv with tips on protecting your organization from ransomware.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_19.html

Support our show

Shamoon 3 and Charming Kitten. Czech CERT issues warning concerning Huawei, ZTE. Influence ops and a Facebook boycott. PewDiePie’s followers versus the Wall Street Journal.

Dec 18, 2018 19:54

Description:

In today’s podcast, we hear that Shamoon 3 and the renewed activity of Charming Kitty strike observers as the long-expected Iranian cyber retaliation for reimposition of sanctions. The Czech CERT says Huawei and ZTE both represent a threat. Huawei insists it didn’t do nuthin’. Facebook faces a boycott in the wake of Senate commissioned reports on Russian trolling. And PewDiePie’s followers deface a Wall Street Journal page. Craig Williams from Cisco Talos with a look back at 2018. Carole Thieriault speaks with Rapid7's Tod Beardsley about their Industry Cyber Exposure report.

Huawei and the Five Eyes. Report on Russian trolling finds fluency in American. Boomstortion scammers turn to new threats. PewDiePie followers hack printers, again.

Dec 17, 2018 15:07

Description:

In today’s podcast, we hear that the Five Eyes agreed to contain Huawei’s potential for espionage. Huawei and ZTE both continue their charm offensive to convince international customers it’s safe to use their gear. Senate commissioned report on Russian influence operations finds the St. Petersburg troll farmers “fluent in American trolling.” Boomstortion scammers now threaten acid attacks. PewDiePie followers—again—hack printers, but this time they say it’s for the public good. Justin Harvey from Accenture on M&A targets and resilience.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_17.html

Support our show

The Sony hack and the perils of attribution — Research Saturday

Dec 15, 2018 20:14

Description:

Researchers at Risk Based Security took a detailed look back at the 2014 Sony hack, comparing analysis that occurred while the facts were still unfolding with what we know, today. There are interesting lessons to be learned, especially when it comes to attribution.

Brian Martin is V.P. of vulnerability intelligence at Risk Based Security, and he shares their findings.

The research can be found here:
https://www.riskbasedsecurity.com/2018/09/you-didnt-think-the-sony-saga-was-over-did-you/

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

False flags and real flags. ISIS claims the Strasbourg killer as one of its soldiers. A bogus bomb threat circulates by email.

Dec 14, 2018 25:02

Description:

In today’s podcast, we hear about false flag cyberattacks that mimic state actors, especially Chinese state actors. Chinese intelligence services are prospecting US Navy contractors. Russia’s Fancy Bear continues its worldwide phishing campaign. ISIS claims the career criminal responsible for the Strasbourg Christmas market killings as one of its soldiers. And a bogus bomb threat is being circulated by email—call the technique “boomstortion.”  Malek Ben Salem from Accenture Labs on smart speaker vulnerabilities. Guest is Laura Noren from Obsidian Security on data science ethics.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_14.html

Support our show

Shamoon variant implicated in Saipem hack. Charming Kitten reappears. Sino-American tension over trade and industrial espionage.

Dec 13, 2018 20:36

Description:

In today’s podcast we hear that the Saipem hack looks like a new Shamoon variant. Charming Kitten started prowling through relevant places after the Iran sanctions became more serious. US authorities denounce Chinese espionage, especially industrial espionage, but there are as yet no new indictments or sanctions. Concerns mount over Chinese influence operations. Another Canadian may be in Chinese custody—possibly in retaliation for the detention of Huawei’s CFO. Ben Yelin from UMD CHHS on how password policies align with the 5th amendment. Guest is Liz Rice from Aqua Security on the notion of security teams “shifting left.”

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_13.html

Support our show

Operation Sharpshooter. Meng makes bail. Sino-American cyber tensions. Leadership crises in the UK and France. Congress doesn’t lay a glove on Google. 2018’s bad password practices.

Dec 12, 2018 20:11

Description:

In today’s podcast, we hear some of McAfee’s description of Operation Sharpshooter, an ambitious cyber reconnaissance campaign. Huawei’s CFO Meng makes bail in Vancouver, and China reacts sharply to the arrest. The US is said to be preparing sanctions and indictments in response to various Chinese hacking activities. A no-confidence vote is called in the UK. In France, President Macron makes concessions to the Yellow Vests. Google skates through its interrogation by Congress. And bad passwords get rated. Johannes Ullrich from SANs and the ISC Stormcast Podcast with holiday tips on securing new devices. Guest is Ali Golshan from StackRox on the shift toward DevOps.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_12.html

Support our show

Audit finds no Chinese spy chips on motherboards. Huawei CFO hearings continue in Vancouver. Oilfield services firm’s servers attacked. Spyware and adware. Congressional hearings, reports.

Dec 11, 2018 19:54

Description:

Audit finds no “Chinese spy chips” on Supermicro motherboards. Huawei CFO Meng’s hearing continues. Oil services firm’s servers attacked. Seedworm shows some new tricks. Secure instant messaging apps may be less secure than hoped. A new adware strain reported. Mr. Pichai goes to Washington, and Uncle Pennybags puts in an appearance. The US House Oversight and Government Reform Committee reports on the Equifax breach. Prof. Awais Rashid from Bristol University on risk management in a data-intensive world. Guest is Barry Hensley from Secureworks on supply chain risks.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_11.html

Support our show

A bail hearing in Vancouver. The prospect of indictments in IP theft cases. Kubernetes vulnerabilities. Russia and Ukraine swap hacks? An advance fee scam asks for help getting out of jail.

Dec 10, 2018 19:57

Description:

In today’s podcast, we hear that Huawei’s CFO awaits her immediate fate in a Vancouver detention facility, where she faces possible extradition to the US on a sanctions-violation beef. Huawei itself receives hostile scrutiny from the Five Eyes, the EU, and Japan. US indictments are expected soon in other IP theft cases involving China. Upgrade Kubernetes. Russia and Ukraine swap cyberattacks in their ongoing hybrid war. An advance fee scam promises not only money, but maybe love, too. Emily Wilson from Terbium labs, on why she feels the Lesbians Who Tech conference gets diversity right. 

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_10.html

Support our show

Operation Red Signature targets South Korean supply chain — Research Saturday

Dec 8, 2018 23:54

Description:

Researchers at Trend Micro uncovered a supply chain attack targeting organizations in South Korea. With the goal of information theft, attackers compromised the update server of a third party support provider, resulting in the installation of a RAT, or remote access trojan.

Rik Ferguson is Vice President of Security Research at Trend Micro, and he guides us through their discoveries.

The research can be found here:
https://blog.trendmicro.com/trendlabs-security-intelligence/supply-chain-attack-operation-red-signature-targets-south-korean-organizations/

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

Huawei legal and security updates. A shift to personalized spam in attacks on retailers. “Hollywood hacks” in Eastern European banks.

Dec 7, 2018 25:23

Description:

In today’s podcast we hear that Huawei’s CFO remains in Canadian custody, perhaps facing extradition to the US. All Five Eyes have now expressed strong reservations about Huawei on security grounds. They’ve been joined in this by Japan and the European Union. Proofpoint sees a shift in cybercrime toward more carefully targeted and thoughtful social engineering. Kaspersky describes “DarkVishnaya,” a criminal campaign using surreptitiously planted hardware to loot Eastern European banks. Justin Harvey from Accenture discussing what should be in your incident response “go bag.” Guest is New York Times national security correspondent David E. Sanger, discussing his latest book The Perfect Weapon.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_07.html

Support our show

Huawei CFO arrested in Canada, faces extradition to US. Anonymous claims that Chinese intelligence hacked Marriott. Russian hospital phished. SamSam indictments, warnings. Facebook agonistes.

Dec 6, 2018 19:56

Description:

In today’s podcast, we hear that Huawei’s CFO was arrested in Vancouver on a US sanctions beef. Anonymous sources tell Reuters Chinese intelligence was behind the Marriott hack. A Flash zero-day is used in an attack against a Russian hospital. SamSam warnings and new US indictments. In the UK, Parliament releases internal Facebook emails that suggest discreditable data-use practices. Facebook says the emails are being taken out of context. And DDoS downs Illinois homework. Dr. Charles Clancy from VA Tech’s Hume Center on the ban of specific 5G hardware around the world. Guest is Tom Bonner from Cylance on the SpyRATs of Ocean Lotus.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_06.html

Support our show

DDoS and BEC risks rising. Ukraine says it stopped Russian cyber campaign. EU looks to stopping disinformation. NRCC email compromise. Facebook emails released by Parliament.

Dec 5, 2018 20:01

Description:

In today’s podcast, we hear that CoAp-based DDoS attacks are on the rise. A Nigerian gang has done some industrial-scale work on business email compromise. Ukraine says it stopped a major Russian cyber attack. The EU looks toward its May elections and determines to do something about disinformation. The US National Republican Congressional Committee sustains an email compromise. Attribtution of a phishing expedition to Cozy Bear grows dubious. And Westminster doxes Facebook.  Joe Carrigan from JHU ISI explaining the National Centers for Academic Excellence. Carole Theriault interviews SANS’ James Lyne explains the Cyber Discovery program which aims bolster the security workforce.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_05.html

Support our show

Fancy Bear in Czech government systems. Watering hole attacks. Quora breached. Marriott breach follow-up. Kubernetes privilege escalation flaw. Scams kicked out of Apple’s App Store.

Dec 4, 2018 20:18

Description:

In today’s podcast we hear how Fancy Bears and free-range catphish have been disporting themselves in the Czech Republic. China reported to have used watering hole attacks to gain entry into Australian institutions. Quora suffers a data breach. Marriott’s breach response earns mediocre marks. A Kubernetes privilege escalation flaw is found and patched. Two scammy apps are ejected from Apple’s App Store. An object lesson in the difficulty of controlling fake news—or at least fake op-eds.  Jonathan Katz from UMD on SSD drive encryption security woes. Guest is Brian Egenrieder from SyncDog on the challenges of commingling work and personal mobile devices.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_04.html

Support our show

US Defense Department and UK’s MI6 aren’t buying Russian honey over cyber operations. Iranian influence operations. Marriott breach fallout. Court upholds Kaspersky ban. Ransom and sanctions.

Dec 3, 2018 14:59

Description:

In today’s podcast, we hear that senior US and UK officials have harsh words for Russian actions in cyberspace even as President Putin undertakes a charm offensive at the G20 meetings. (In fairness to the US and UK officials, it’s a pretty dour charm offensive.) Iran ups its influence operations game. Legal investigations and legislative responses to the Marriott breach begin. A US Court upholds the Government’s ban on Kaspersky products. And paying ransom to cyber extortionists could violate US sanctions. Daniel Prince from Lancaster University discussing growth, innovation and productivity within cyber security.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_13_03.html

Support our show

Settling in with GDPR — CyberWire-X

Dec 3, 2018 29:55

Description:

In the second episode of our new, four-part series, called “Ground Truth or Consequences: the challenges and opportunities of regulation in cyberspace,” we take a look at the impact GDPR has had since it's implementation in May 2018.

Joining us are Emily Mossburg from Deloitte, Caleb Barlow from IBM and Steve Durbin from ISF.

Later in the program we'll hear from Jason Hart, CTO for enterprise and cybersecurity at Gemalto. They're the sponsors of this show.

Getting an education on Cobalt Dickens — Research Saturday

Dec 1, 2018 12:24

Description:

Researchers from Secureworks' Counter Threat Unit have been tracking a threat group spoofing login pages for universities. Evidence suggests the Iranian group Cobalt Dickens is likely responsible.

Allison Wikoff is a senior researcher at Secureworks, and she joins us to share what they've found.

The original research is here:
https://www.secureworks.com/blog/back-to-school-cobalt-dickens-targets-universities

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

Marriott suffers data breach. Dunkin Donuts credential stuffing attack. Urban Massage database exposed, unsecured. Fancy Bear paws at German government targets. SamSam cost.

Nov 30, 2018 24:11

Description:

In today’s podcast we hear about Marriott’s big breach. And Dunkin’ Donuts big breach. And, and, Urban Massage’s embarrassing exposure. Lessons are drawn about third-party risk, password reuse, and the importance of being less creepy to the people you do business with. Fancy Bear shows up to paw at the phish swimming in Germany’s government. And how much did SamSam really cost people? FBI? DoJ? Is it millions or billions? In either case you’re talking about real money. Robert M. Lee from Dragos discussing the notion of IoT hot water heaters taking down the power grid. Guest is Michelle Guel from Cisco, discussing smart cities and her perspective as a pioneering woman in the industry.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_30.html

Support our show

Reconnaissance and degradation. Hybrid war in Eastern Europe and Southwest Asia. Eternal Silence infects unpatched systems. Dell customers reset passwords. SamSam indictments.

Nov 29, 2018 20:04

Description:

In today’s podcast, we hear warnings of Russian recon “degradation” of the North American power grid. Information operations in Russia’s hybrid war against Ukraine. Factions in Yemen’s civil war contest cyberspace (and fiber optic cables). Eternal Silence exploits systems not patched against EternalBlue and EternalRed. Dell tells its customers to reset their passwords. And the US indicts two Iranians for deploying the SamSam ransomware. Emily Wilson from Terbium labs with unintended consequences of GDPR. Guest is Francis Dinha, founder and CEO of OpenVPN, discussing the VPN landscape.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_29.html

Support our show

DNSpionage. Cobalt Dickens’ unwelcome return. iOS spyware may be more widespread than believed. Governments move toward content moderation. Small towns, big problems.

Nov 28, 2018 20:35

Description:

In today’s podcast, we hear that DNSpionage espionage tools are hitting Middle Eastern targets. Iran’s Cobalt Dickens returns to pester universities. Lawful intercept vendors receive more scrutiny, and that scrutiny suggests iOS might not have escaped their attention as much as many had assumed. Facebook gets grilled in London. Nine Western countries issue a joint communique resolving to control “false and misleading” content on the Internet. And lessons from small towns. Ben Yelin from UMD CHHS reviewing government requests of Google’s Nest to turn over user information. UK correspondent Carole Theriault speaks with Graham Cluley about police monitoring criminals using the Ironchat secure messaging service.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_28.html

Support our show

Rotexy Trojan gets worse. Bad apps in Google Play. Backdoor for crypto-wallets. Facebook goes before Parliament. Pegasus spyware versus journalists. Russian hybrid war. Too-smart devices.

Nov 27, 2018 20:07

Description:

In today’s podcast we hear that the Rotexy Trojan has evolved into phishing and ransomware. Bad apps found in Google Play. An open source library used in cryptocurrency wallets had a wide-open backdoor. Facebook goes before Parliament, which seems in a pretty feisty mood. Pegasus spyware found to have been deployed against journalists in Mexico and elsewhere. Russia escalates its hybrid war against Ukraine. Do people care if their smart speakers eavesdrop? How about their smart lightbulbs? Johannes Ullrich from SANs and the ISC Stormcast podcast on DNS over HTTPS and network visibility. Guest is Shaun Bierweiler from Hortonworks on the use of open source software in the federal space.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_27.html

Support our show

A quick look at the state of spam. Phishing for power grids. Industrial espionage. Free and command economy versions of social control. Lessons from JTF Ares.

Nov 26, 2018 18:20

Description:

In today’s podcast we hear that Emotet ramped up for Black Friday—beware of the spam. Social engineering and the power grid. Industrial espionage resurfaces as an issue in Sino-American relations. Huawei remains unforgiven in Washington. China’s emerging social credit system. Bottom-up social control in the US: first they came for the dogwalkers. Making a Dutch book on social media. Russia tightens Internet laws. The US Army learns some lessons, in a good way, from Joint Task Force Ares. Joe Carrigan from JHU ISI, wondering if we have a cyber skills gap or a shortage of courage. 

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_26.html

Support our show

Perils of paycards, as Cyber Weekend approacheth. Tessa88 is identified. Many more people than before have now heard of High Tail Hall.

Nov 21, 2018 19:48

Description:

In today’s podcast, we hear that Amazon has offered customers a modified, limited hangout on some kind of data exposure. The online retailer says everything’s OK, but it hasn’t said much else. Facebook is back online—yesterday’s outage attributed to a server misconfiguration. Shoppers and retailers prepare for Cyber Weekend. Tessa88, the dark web data hawker, may have been identified. Cyber espionage continues. And there’s been another breach in what we’ve curiously agreed to call an “adult” site. David Dufour from Webroot on the pros and cons of open source code. Guest is Andrew Kling from Schneider Electric with an update on Triton malware.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_21.html

Support our show

Nation-state cyber campaigns: North Korean, Iranian, Russian, and unknown. Social media outages.

Nov 20, 2018 19:56

Description:

In today’s podcast, we hear about nations behaving badly (but from the point-of-view of cyberespionage they’re doing, unfortunately, well). The Lazarus Group is back robbing banks in Asia and Latin America. Russia’s Hades Group, known for Olympic Destroyer, is back, too. Gamaredon and Cozy Bear have returned, respectively pestering Ukraine and the US. Iran’s OilRig is upping its game with just-in-time malicious phishbait. And it’s not you: Facebook has been down. Malek Ben Salem from Accenture Labs on skills squatting with Amazon’s Alexa. Guest is Ronnie Tokazowski from Flashpoint on his work with the business email compromise working group.

CISA is now officially an agency. Cozy Bear is back. Gmail spoofing issue opens social engineering possibilities. Speculation about “cyber 9/11s.”

Nov 19, 2018 16:45

Description:

In today’s podcast, we hear that CISA is now an agency within DHS. Cozy Bear is back, and spearphishing in American civilian waters. Ukrainian authorities say they’ve detected and blocked a malware campaign that appears targeted against former Soviet Republics. A reported Gmail issue may make for more plausible social engineering. The Outlaw criminal group expands into cryptojacking. Infrastructure, financial, and data corruption attacks discussed as possible “cyber 9/11s”. Rick Howard from Palo Alto Networks with a book recommendation from the Cybersecurity Canon project.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_19.html

Support our show

Doubling down on Cobalt Group activity — Research Saturday

Nov 17, 2018 18:55

Description:

The NETSCOUT Arbor ASERT team has been tracking Cobalt Group campaigns targeting financial institutions. Richard Hummel is manager of threat intelligence with ASERT, and he joins us to share his team's findings. 

The research can be found here:

https://asert.arbornetworks.com/double-the-infection-double-the-fun/

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

GPS jamming. Bank phishing. Exposed server. Censorship, East, West, and South. Is there a sealed indictment of Julian Assange?

Nov 16, 2018 22:36

Description:

In today’s podcast, we ask a question: when does a military exercise become hybrid warfare? Answer: when it affects civilian safety. Like with GPS jamming. Russian banks are sustaining a major, and well-crafted, phishing campaign. An unprotected server exposes SMS messages. China tightens laws enabling censorship and social control. It also helps Venezuela to do likewise. And did the US indict Julian Assange, or is it just a cut-and-paste error? Craig Williams from Cisco Talos with info on the sextortion scams they’ve been tracking. Guest is Christopher Porter from FireEye on threats in the aviation sector.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_16.html

Support our show

RATs and the long game. New ransomware, Learning from other espionage services. Advance-fee scams continue to infest Twitter. Fancy Bear says it can’t be sued.

Nov 15, 2018 18:19

Description:

In today’s podcast, we hear that tRAT indicates a criminal shift to a longer game. Chinese industrial espionage copies Russian services’ tricks. Dharma ransomware evolves. Bitcoin’s price may be tanking, but Bitcoin-based advance-fee scams are still all over Twitter, with bogus big brands’ blue checks all over them. Nigeria plans to go after cyber gangs. Fancy Bear says it can’t be sued, even if it did anything. And why a password manager is better than an infernal machine. Jonathan Katz from UMD describing a side channel attack on mobile device encryption. Guest is Mike McKee from ObserveIT on nation state attacks.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_15.html

Support our show

When BGP hijacking isn’t hijacking at all. The White Company’s Operation Shaheen. SWAuTistic pleads guilty. NPPD will become CISA.

Nov 14, 2018 20:00

Description:

In today’s podcast, we hear that Monday’s BGP hijacking wasn’t hijacking at all, but rather a fumbled upgrade in an ISP. The White Company’s Operation Shaheen is a nation-state espionage campaign directed against Pakistan’s military. Sleazy gamer and hacker SWAuTistic pleads guilty to Wichita swatting charges, and to bomb threats just about everywhere else. And the NPPD will soon become CISA, and the lead US civilian cybersecurity agency. Emily Wilson from Terbium Labs on their recent Truth About Dark Web Pricing white paper. Guest is Gregory Garrett from BDO on their telecommunications risk report.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_14.html

Support our show

GPS jamming. Jihadist account hijacking. ISIS on Wickr? Magecart exposed. Cathay Pacific breach. Paris Call for Trust and Security in Cyberspace.

Nov 13, 2018 19:59

Description:

In today’s podcast, we hear that Finland is investigating  GPS signal jamming during NATO exercises. Russia’s the usual suspect, as usual Russia feels picked on and ill-used. Jihadists seem to be feeling the effects of social media screening, and may turn to account hijacking. Indian intelligence services look at ISIS use of Wickr. A look at Magecart. Cathay Pacific’s breach now believed to be worse than originally thought. The “Paris Call for Trust and Security in Cyberspace” expresses eight aspirations. Joe Carrigan from JHU ISI with a report on the NICE conference, and a presentation on including psychologists in cyber security decision making. Guest is Rich Bolstridge from Akamai with credential stuffing info from their latest State of Internet Security report.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_13.html

Support our show

Regulation in the U.S. — CyberWire X

Nov 13, 2018 28:18

Description:

In this premier episode of our new, four-part series, called “Ground Truth or Consequences: the challenges and opportunities of regulation in cyberspace,” we take a closer look at cyber security regulation in the U.S. 

Joining us are Dr. Christopher Pierson from BlackCloak and Randy Sabett from Cooley LLC. 

Later in the program we'll hear from Jason Hart, CTO for enterprise and cybersecurity at Gemalto. They're the sponsors of this show.

Establishing international norms in cyberspace — Research Saturday

Nov 10, 2018 20:29

Description:

Joseph Nye is former dean of the Harvard Kennedy School of Government. He served as Chair of the National Intelligence Council, and as Assistant Secretary of Defense for International Security Affairs under President Clinton. He serves as a Commissioner for the Global Commission on Internet Governance, and is the author of over a dozen books, including, “Soft Power: The means to success in work politics,” and “The future of power.”

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

Critical infrastructure resiliency. Lazarus Group’s FASTcash robberies. China’s ongoing industrial espionage. Trolls aside, Russian observers think the US elections were A-OK.

Nov 9, 2018 24:52

Description:

In today’s podcast we hear that Britain’s NCSC has warned, again, that the UK is likely to face a Category One cyberattack within the next few years. In the US, Government-industry-academic partnerships work toward making critical infrastructure more resilient to cyberattack. Pyongyang’s Lazarus Group continues to rob ATMs using malware. US officials complain that China is in violation of 2015’s agreement to avoid industrial espionage. Any Russian observers give the US a passing grade for fair midterm elections. Awais Rashid from Bristol University with thoughts on placing trust in blockchain systems. Guest is Bruce Schneier, discussing his latest book, “Click here to kill everybody.”

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_09.html

Support our show

Post hack ergo propter hack: DHS calls Russian claims “noisy garbage.” Responsible and irresponsible disclosure. FCC wants an end to robocalls. USPS Informed Delivery abused. Post Canada—whoa.

Nov 8, 2018 18:53

Description:

In today’s podcast, we hear that, while election hacking seems not have happened in the US this week, that hasn’t stopped the IRA and its mouthpieces in Sputnik, RT, and elsewhere from loudly claiming it has. Election influence operations continue long after the election. VirtualBox zero-day disclosed to everyone. USCYBERCOM posts Lojack to VirusTotal. FCC vs. robocalls. US Postal Services’ Informed Delivery exploited. Canada Post slips to reveal cannabis customers. Dr. Charles Clancy from the Hume Center at VA Tech on in-car cell phone jammers. Guest is Ian Paterson from Plurilock Security Solutions on behavioral biometrics.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_08.html

Support our show

A quick look back at the US midterms, and the cyber Pearl Harbor that wasn’t. Update Apache Struts. Smishing with the Play Store. Another advance fee scam.

Nov 7, 2018 20:01

Description:

In today’s podcast we take a quick look back at the US midterm elections, and at what did and didn’t happen. Is Iran looking at waging cyber-enabled economic warfare? If you use Apache Struts, update now to avoid remote code execution. A spyware-delivering app is used to smish Spanish-speaking users of the Play Store. And, once again, people really seem to think that Elon Musk will return them their Bitcoin donations tenfold. (Enough people to make crime pay, anyway.) Justin Harvey from Accenture on notification laws and incident response. Guest is Christian Lees from InfoArmor with thoughts on what they’re seeing trafficked on the dark web.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_07.html

Support our show

Iran complains, threatens, and spies. Election Day cybersecurity notes.

Nov 6, 2018 19:47

Description:

In today's podcast, we hear that Iran has accused Israel of a second Stuxnet, claiming the attack was thwarted, and threatening retaliation. Nor is Tehran neglecting domestic surveillance of its own: Persian Stalker is involved with some pretty suspicious greyware. It's Election Day in the US, and officials are cautiously optimistic work to secure the voting will be successful. Concerns about information operations persist, and people continue to work to distinguish them from good-old-fashioned American confident chatter. Ben Yelin from UMD CHHS on the FBI using Google location data to nab crooks. Guest is Victor Danevich from Infoblox on the challenges on managing higher ed networks.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_06.html

Support our show

US midterm election cybersecurity updates. PortSmash side-channel proof-of-concept. Botnets compete to cryptojack Android devices. And will the GRU get its "R" back?

Nov 5, 2018 16:01

Description:

In today's podcast, we note that US midterm elections end tomorrow evening, with officials on high alert for election hacking. Russia sends poll watcher to the US to make sure democratic norms are observed. Side-channel attack proof-of-concept announced for CPUs, but risk seems relatively low. Botnets are fighting over Android devices for cryptojacking power. And Russia's GU, né GRU? It looks like it's going to get its "R" back. Rick Howard from Palo Alto Networks with thoughts on DevOps and the future of orchestration. 

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_05.html

Support our show

Election protection — Research Saturday

Nov 3, 2018 22:22

Description:

Symantec technical director Vikram Thakur returns to share his team's look at threat groups APT 28 and APT 29, the influence they had on the 2016 election, and how the cyber security industry has responded in preparation for the 2018 midterms.

The original research can be found here:
https://www.symantec.com/blogs/election-security/election-hacking-faq

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

Cyber Sitzkrieg. Waiting for the Bears to show up (and ready to set the Dogs on them). Facebook private messages for sale.

Nov 2, 2018 25:02

Description:

In today's podcast, we hear that people are asking if that lull in Chinese cyber operations was just a strategic pause. Huawei's on a charm offensive. People are seeing plenty of Russian trolling, but election hacking proper continues to be quiet. Another strategic pause? US Cyber Command is said to be ready to respond to any election cyberattacks swiftly and in kind. And if you want to hear what people think about 80s techno-pop, a dark web souk will sell you the relevant Facebook messages for just one thin dime apiece. Malek Ben Salem from Accenture Labs on blockchain use in election security. Guest is Shannon Morse, host and producer at Hak5.org.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_02.html

Support our show

Wi-Fi access point zero-day reported. US Cyber Command on the offensive. Transparency is tougher than it looks. GandCrab not paying out as much—good. PIPEDA takes effect. Soulmate spyware.

Nov 1, 2018 20:51

Description:

In today's podcast, we hear that Bleeding Bit flaws leave Wi-Fi access points open to war drivers and other malefactors within a hundred meters of your equipment. US Cyber Command continues its attempts to dissuade foreign influence operations against midterm elections. Social networks have difficulty identifying who's buying ads. Canada's data privacy law takes effect today. GandCrab crooks take a million-dollar bath. And if you go to Soulmates in Google Play, you're looking for love in all the wrong places. Johannes Ullrich from the ISC Stormcast podcast on hiding malware in benign files. Guest is Tara Combs from Alfresco on coming US cyber regulations.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_01.html

Support our show

Influence operations, and advice on recognizing them. Ransomware updates. US indicts Chinese nationals for industrial espionage. An object lesson from the US Geological Survey.

Oct 31, 2018 20:00

Description:

In today's podcast, we hear about influence operations in social media (again): Americans remain more vulnerable (because they lack a cultural experience of state propaganda) than Eastern Europeans. Rules of thumb for recognizing the good, the bad, and the bogus online. Kraken Cryptor is a black market leading ransomware strain. SamSam remains active. US indicts Chinese industrial spies. And what not to look at on your Government laptop. David Dufour from Webroot with thoughts on processor vulnerabilities. Guest is Maria Rerecich from Consumer Reports on their product testing processes, and how they’ve evolved to keep up with the times.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_31.html

Support our show

The Malware Mash

Oct 31, 2018 03:07

Description:

Enjoy this rerun of our Halloween musical parody, The Malware Mash!

This cybersecurity stuff is tougher than it looks, US state election officials learn. Saudi surveillance. Espionage in Iran. New attack varieties. Chinese hardware concerns. US sanctions chipmaker.

Oct 30, 2018 19:46

Description:

In today's podcast, we hear that installing cybersecurity tools to protect elections is tougher than it looks. Information operations continue to pose the most prominent foreign threat to US midterm elections, although there are concerns about voting machine security. Cointracker looks like a trader's tool with a side order of malware. Video embedded in Microsoft Word documents can carry malicious payloads through detection systems. Hardware worries and sanctions. Competing visions of norms in cyberspace. Robert M. Lee from Dragos with thoughts on the real-world threat of electromagnetic pulses. Guest is Rahul Kashyapp from Awake Security on the skills shortage and the importance of mentorship.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_30.html

Support our show

Facebook takes down Iranian-run accounts. Criminal investigations look online. IBM to buy Red Hat. Satori is still with us. British Airways and Magecart.

Oct 29, 2018 16:49

Description:

Facebook takes down accounts linked to Iran for coordinated inauthenticity. Iranian information operations appear to be learning from the Russian approach: be divisive, be negative, and be opportunistic. Investigations of pipe-bombs and the Pittsburgh synagogue shooting look at the suspects' digital record. IBM announces its acquisition of Red Hat. The Satori botnet continues to evolve. British Airways and Magecart. Supply chain seeding, probably not; dragonnades, yes. Emily Wilson from Terbium Labs on data from the most recent Facebook breach showing up on the dark web.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_29.html

Support our show

Faxploitation — Research Saturday

Oct 27, 2018 14:34

Description:

Researchers at security firm Check Point Software Technologies explored the possibility of exploiting old, complex fax protocols to gain access to modern multifunction office printers, and then pivot to connected networks. 

Yaniv Balmas is head of security research at Check Point, and he joins us to share what he and his colleague Eyal Itkin discovered.

The research can be found here:
https://research.checkpoint.com/sending-fax-back-to-the-dark-ages/

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

Airline breach bigger than thought. Securing Mexican financial institutions. Demonbot vs. Hadoop. New decryptor out for GandCrab ransomware. Civilian Cybersecurity Corps?

Oct 26, 2018 22:48

Description:

In today's podcast, we hear that British Airways' breach has gotten bigger. Mexico's financial institutions say they've contained the anomalies in interbank transfer systems. "Demonbot" is infesting poorly secured Hadoop servers. Google receives criticism for slow action against ad fraud. Bitdefender and Romanian police produce a decryptor for GandCrab ransomware. Discussion of a "Civilian Cybersecurity Corps:" are white hats the radio hams of the Twenty-first Century? Daniel Prince from Lancaster University joins us to talk about quantum hardware primitives. And Britney Hommertzheim, director of information security at AMC Theaters, sits down with Dave to talk about building partnerships within your organization to strengthen security’s role.

For links to all the stories mentioned in today' podcast, check out today's Daily Briefing: https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_26.html

Influence operations, da. Direct hacking? Maybe nyet. Chalubo botnet borrows old tricks. Financial sector alert in Mexico. Airline breach disclosed. Lawsuits over privacy. ICS Security notes.

Oct 25, 2018 18:26

Description:

In today's podcast, we hear that the US Department of Homeland Security sees lower-than-expected rates of Russian election system probing even as Russian information operations continue. Sophos warns of the emergence of the Linux-based "Chalubo" botnet. Mexico's Central Bank raises its alert level. Cathay Pacific discloses a breach of passenger information. Privacy-related fines and lawsuits. And notes from the 2018 ICS Cyber Security Conference. Justin Harvey from Accenture joins us to talk about insourcing vs. outsourcing threat intelligence, and Tony Pepper from Egress Software Technologies shares his perspective on protecting unstructured data.

For links to all of the stories mentioned in today's podcast, check out our Daily Briefing: https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_25.html

Trolling the trolls. Triton/Trisis attributed to Russia. Asset management in ICS. Threat intelligence drives threat evolution. Shadow web-apps. Apple likes GDPR, hates the Data-Industrial Complex.

Oct 24, 2018 20:01

Description:

In today's podcast, we hear that US Cyber Command has been reaching out to tell the trolls Uncle Sam cares. Industrial control system security suffers from poor asset management practices. FireEye looks at the Triton malware and says the Russians did it, but of course things are complicated. Are hostile intelligence service hackers superheroes, salaryman nebbishes, or something in between? How threat intelligence drives threat evolution. The risk of shadow web-apps. Apple speaks on privacy. Ben Yelin from the University of Maryland Center for Health and Homeland Security talks with us about the EFF coming out against license plate sharing between retailers and law enforcement. Our UK correspondent Carole Theriault speaks with ESET’s Lysa Meyers about overcoming the cyber skills shortage and attracting new talent to the industry.

For links to all the stories in today's podcast, check out today's Daily Briefing: https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_24.html

Influence operations in Brazil and the US. Vulnerabilities disclosed in commonly used software. Healthcare.gov breach. Industrial control system cybersecurity.

Oct 23, 2018 17:59

Description:

In today's podcast we wonder WhatsApp with Brazil's runoff election? Hacktivism hits Davos-in-the-Desert. Kraken Cryptor ransomware gets an upgrade. Remote code execution vulnerabilities disclosed in two classes of systems. Healthcare.gov breach under investigation. More calls for retraction of the spy chip story. Cozy Bear calls for proper Internet governance. US on effects of influence ops. Notes on industrial control system cybersecurity, with an emphasis on attending to the obvious. We talk to Awais Rashid from Bristol University to get his thoughts on supply chain security, and we also hear from IJay Palansky from Armstrong Teasdale on IoT legal liability concerns.

For links to all of the stories discussed in today's podcast, visit https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_23.html

Making the business case for privacy. — Special Edition

Oct 23, 2018 21:09

Description:

In this cyberwire special edition, my guest is Cisco’s Chief Privacy Officer Michelle Dennedy. We discuss what exactly a chief privacy officer does at a global organization like Cisco, why she thinks we’re in the early stages of a privacy revolution, why we all tend to shake our heads cynically when I company claims, “Your privacy is important to us” and how, maybe, respecting the privacy of your users and customers could be a competitive advantage.

This conversation continues on Michelle Dennedy's podcast, Privacy Sigma Riders. 
https://www.cisco.com/c/en/us/about/trust-center/privacy-podcast.html

 

Russian indicted in US midterm election influence conspiracy case. Styles and goals of info ops. Cyber deterrence. DPRK petty crime. Alt-coin scammer. Spy chip story remains unconfirmed, unretracted.

Oct 22, 2018 12:59

Description:

In today's podcast we hear that the US has indicted a Russian accountant for conspiring to influence US midterm elections. Different nations have different styles of information operations because they have different goals. Technology shifts, but underlying principles of propaganda remain. The EU barks cyber deterrence but doesn't bite, yet. North Korea's petty cyber crime wave. A scammer is after alt-coin enthusiasts. And there's neither confirmation nor retraction of Bloomberg's spy-chip story. Joe Carrigan from the Johns Hopkins Information Security Institute joins us to discuss network segmentation.

For links to all of today's stories, visit https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_22.html

Stormy weather in the Office 365 cloud. — Research Saturday

Oct 20, 2018 21:41

Description:

Security firm Lastline recently took a close look at threats to the Office 365 cloud environment, taking advantage of the insights they gain protecting their clients. 

Andy Norton is director of threat intelligence at Lastline, and he joins us to describe their findings. 

The research can be found here:
https://www.lastline.com/blog/malspam-malscape-snapshot-malicious-activity-in-the-office-365-cloud/

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

Chinese supply-chain hack story gets vanishingly thin. Twitter downs pro-Saudi bots. SEO poisoning. OceanLotus evolves. Ransomware notes.

Oct 19, 2018 23:42

Description:

In today's podcast, we hear that no one but Bloomberg seems to retain much faith in Bloomberg's story about Chinese supply-chain seeding attacks. Twitter blocks bots retailing coordinated Saudi talking points about the disappearance of journalist Jamal Khashoggi. Latvia says it blocked attempts to interfere with its October elections. SEO poisoning exploits interest in key words associated with US midterms. OceanLotus shows some new trick. A Connecticut town pays ransom. Ransomware hoods take pity on a grieving father. We speak with our Johannes Ullrich from the SANS Institute who discusses DNSSEC root key rollover and Mike Horning from Virginia Tech, shares the results of a study on the implications of regulating social media. For links to all of today's stories, visit https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_19.html

Looks like Comment Crew, but probably isn't. Facebook breached by spammers. Twitter's big troll trove. Router issues. Who dunnit to YouTube?

Oct 18, 2018 19:51

Description:

In today's podcast, we hear that a campaign reuses some of the old Comment Crew code, but McAfee researchers think it's not the same old Crew. Facebook thinks its big breach was the work of spammers, not spies. Twitter releases a trove of trolling and invites researchers to take a look. Researchers disclose flaws in D-Link and Linksys routers. Ghost Squad says that they downed YouTube the other day, but who knows? And if YouTube goes down, please don't call 911.  Dr. Charles Clancy from VA Tech’s Hume Center on cognitive electronic warfare. Guest is Mike Janke from DataTribe on Maryland’s aspirations to be the nation’s hub of cyber operations.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_18.html

Support our show

Meddling with the midterms — Special Edition

Oct 17, 2018 21:04

Description:

Kim Zetter is longtime cybersecurity and national security reporter for the New York Times, and author of the book Countdown to Zero Day. She joins us to discuss her recent feature for the New York Times Magazine,  titled The Crisis of Election Security. In it she explores the structure and fragile integrity of the US election system, how we got to where we are today, and what can be done to reestablish confidence in the system.

Link to Kim Zetter's feature The Crisis of Election Security:
https://www.nytimes.com/2018/09/26/magazine/election-security-crisis-midterms.html

Two ways of hacking the vote. BlackEnergy is active in Poland and Ukraine. ISIS and info ops. Hurricane-stressed utility further stressed by ransomware. Silicon Valley governance.

Oct 17, 2018 19:30

Description:

In today's podcast, we hear about election security, and two ways of hacking the vote. DHS points out that the states are getting better about sharing election security information. ISIS sets the template for terrorist information operations. BlackEnergy is back, in Poland and Ukraine, with new, "GreyEnergy" malware. Diplomatic targets prospected in Central Asia. North Carolina, recovering from hurricane damage, also faces some ransomware. Silicon Valley governance receives scrutiny. Craig Williams from CISCO Talos on dealing with FUD. New York Times writer Kim Zetter on election security.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_17.html

Support our show

Facebook in Myanmar. Supply chain seeding attack update. Election hacking. NCSC reports. EU prepares sanctions (Russia feels ill-used).

Oct 16, 2018 18:06

Description:

In today's podcast we hear about social networking for genocide in Myanmar: Facebook takes down the Army's inauthentic and inflammatory pages. The supply chain seeding attack from China remains dubious. Probes of US election infrastructure, and black market offers of voter databases, are reported. GCHQ sees cybercrime as a chronic threat, but state-sponsored cyber operations as an acute problem. EU prepares sanctions against a big country to the east. And farewell to Paul Allen, departed this life yesterday at the age of 65. Mike Benjamin from CenturyLink with an update on the Satori botnet. Guest is Larry Sjelin, Director of Game Development at the Center for Infrastructure Assurance and Security, discussing the Cyber Threat Defender card game.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_16.html

Support our show

Facebook breach details. Privacy issues and an image problem for advocates. Supply-chain-attack skepticism. Info ops, bikers, and deniable paramilitaries.

Oct 15, 2018 19:41

Description:

In today's podcast, we heat that Facebook has found that fewer users than feared were affected by its breach, but that in this case "fewer" still means "a lot"—nearly thirty-million of them. Do privacy advocates have an image problem? Supply chain seeding attack story draws more skeptical comment. A pipeline accident turns out not to have been a cyberattack. Estonia joins the UK and the Netherlands in an effort to clarify EU cyber sanctions. But Italy pumps the brakes. (Do Putin's Angels rejoice?) Rick Howard from Palo Alto Networks on exponential technologies, and how they could change the notion of scarcity.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_15.html

Support our show

Driving GPS manipulation — Research Saturday

Oct 13, 2018 27:29

Description:

Researchers at Virginia Tech investigate possible ways to manipulate GPS signals and send drivers to specific locations without their knowledge. 

Gang Wang is Assistant Professor of Computer Science at Virginia Tech, and he joins us to share his team's findings.

The original research can be found here:
https://people.cs.vt.edu/gangwang/sec18-gps.pdf

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

Busy Bears, again. Mixing IT and OT is a risky business. New Android Trojan. Supply chain seeding attack updates. Facebook purges more "inauthentic" accounts. Data privacy. Cyber sanctions.

Oct 12, 2018 24:59

Description:

In today's podcast we hear that Ukraine says it's under cyberattack, again. ESET connects Telebots and BlackEnergy. Port hacks suggest risks of mixing IT and OT. Talos finds a new Android Trojan. Skepticism over Chinese supply chain seeding attack report continues. Facebook purges more "inauthentic" sites—this time they're American. Data privacy regulation is trending, in both Sacramento and Washington. EU will consider cyber sanctions policy. NATO looks to cyber IOC. Alleged SIM-swappers arrested. Jonathan Katz from UMD on the use of a cryptographic ledger to provide accountability for law enforcement. Guest is April Wensel from Compassionate Coding on her work bringing emotional intelligence and ethics to the tech industry.

For links to today's stories check out our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_12.html

Support our show

Seeding-attack skepticism. MSS officer arrested, will face industrial espionage charges in the US. Russia says again that it didn't hack the OPCW.

Oct 11, 2018 20:20

Description:

In today's podcast, we hear that the report of Chinese supply chain seeding attacks comes in for more skepticism: NSA never heard of it, and Congress would like some answers. The US has an officer of China's MSS in front of a Cincinnati court on charges of industrial espionage: he was extradited this week from Belgium. Notes on officers and agents. Russia repeats denials of hacking the Organisation for the Prevention of Chemical Warfare. Ben Yelin from UMD CHHS with a court case on cell site location data. Guest is Brian Vecci from Varonis with results from their data breach survey.

For links to today's stories check out our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_11.html

Support our show

Updates on supply-chain seeding reports. DDoS in Ukraine. GAO reports on US weapon system cyber vulnerabilities. Bugs exploited by Mirai persist. Patch note and toe dialing.

Oct 10, 2018 20:49

Description:

In today's podcast we hear that there's no consensus, yet, on Bloomberg's report of Chinese seeding attacks on the IT hardware supply chain. Ukrainian fiscal authority sustains DDoS attack. GAO reports on cyber vulnerabilities in US Defense Department weapon systems. Xiongmai DVRs and cameras still exhibit bugs exploited by the Mirai botnet. Patch notes. And a lizard toe-dials from a veterinary clinic—he wasn't a patient; just visiting. Robert M. Lee from Dragos with insights on the Bloomberg hardware supply chain story. Guest is Stephen Cobb from ESET with results from their recent AI and ML silver bullet survey.

For links to today's stories check out our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_10.html

Support our show

 

Update on supply chain seeding reports. GRU comes in for more criticism. UK prepares cyber retaliatory capability. Power grid resilience. Panda Banker. Google's good and bad news.

Oct 9, 2018 19:51

Description:

In today's podcast we hear that Bloomberg's report of a Chinese seeding attack on the IT hardware supply chain comes in for skepticism, but Bloomberg stands by—and adds to—its reporting. Everyone is seeing Russia's GRU everywhere, and Russia feels aggrieved by the accusations. The UK prepares a retaliatory cyber capability. The US looks to grid security. Cylance describes Panda Banker. Google had a good day in UK courts Monday, but a bad day elsewhere. Justin Harvey from Accenture with thoughts in OSINT reconnaissance.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_09.html

Support our show

Cryptojacking criminal capers continue — Research Saturday

Oct 6, 2018 22:42

Description:

Researchers at Palo Alto Networks' Unit 42 have been tracking the rise of cryptocurrency mining operations run by criminal groups around the world. Ryan Olson is V.P. of threat intelligence at Palo Alto Networks, and he joins us to share what they've learned.

The original research can be found here:
https://researchcenter.paloaltonetworks.com/2018/06/unit42-rise-cryptocurrency-miners/

 

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

Reports of Chinese seeding attacks on the supply chain. Five Eyes and other allies push back at Russia's GRU. NPPD to become Cybersecurity and Infrastructure Security Agency

Oct 5, 2018 23:54

Description:

In today's podcast, we hear more on the possibility that China's Peoples Liberation Army engaged in seeding the supply chain with malicious chips. Companies deny it, but Bloomberg stands by its story. All Five Eyes denounce Russia's GRU for hacking. Russia responds unconvincingly. And the NPPD will become a new agency within the US Department of Homeland Security, and the lead civilian agency responsible for cybersecurity and critical infrastructure protection. Malek Ben Salem from Accenture Labs on pervasive cyber resilience. Guest is Adam Anderson, scholar in residence at Clemson University’s Center for Corporate Learning and founder of Element Security Group, on behavioral science and cyber crime.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_05.html

Support our show

Bloomberg reports a seeding attack on the supply chain by Chinese intelligence services. GRU is named, shamed, indicted, and expelled.

Oct 4, 2018 19:46

Description:

In today's podcast, we hear that Bloomberg reports that a Chinese hardware hack has infested sensitive US supply chains. Dutch authorities expel GRU officers for attempting to hack the international body investigating the nerve agent attacks in Salisbury. Australia, the UK, and Canada all finger the GRU as responsible for high-profile cyberattacks. The US indicts seven GRU officers for a range of hacking-related crimes. Craig Williams from Cisco Talos with tips on getting the most out of security conferences. Guest is Oussama El-Hilali from Arcserve with thoughts on business continuity and disaster recovery.

 

Facebook breach updates. Bogus Zoho Office Suite. Brazil's big botnet. Vulnerable router firmware. Patch news. A DGSI officer arrested for dark web collusion with the mob. Bad Fortnite cheats.

Oct 3, 2018 19:54

Description:

In today's podcast, we hear that Facebook continues to investigate its breach, and says it's not found any evidence of apps compromised through Facebook Login. Irish authorities open a GDPR investigation of Facebook. Bogus offers of Zoho Office Suite are malicious. A big botnet hits Brazil's banking customers. Home routers found vulnerable. Google and Adobe patch. A DGSI officer is arrested in France for dark web trafficking. FEMA tests its emergency text system. Fortnite cheats are bad news. David Dufour from Webroot on security issues in video games as they become social networks. Guest is Michael Feiertag from tCell with results from their Q2 incident report.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_03.html

Support our show

RDP exploitation. More on the Facebook breach. Google and content moderation. Reaper Group stayed busy even after US-DPRK summit. Spyware in Canada. Hacking an airport.

Oct 2, 2018 19:58

Description:

In today's podcast we hear that the US FBI and DHS warn that RDP exploitation is up. Facebook's breach exhibits the tension between swift disclosure and sound incident response. A look at slow-rolled disclosure. Google draws criticism for some content it hosts. North Korea's Reaper Group never missed a beat. Citizen Lab says Saudi Arabia is spying on at least one prominent dissident who's a permanent resident in Canada. Nepal's airport is hacked, apparently for the lulz. Joe Carrigan from JHU ISI on Android password managers being vulnerable to malicious apps. Guest is Robb Reck from Ping Identity on recently published white papers from the CISO Advisory Council.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_02.html

Support our show

Facebook agonistes. Election meddling. Livestreamed hack gets cancelled.

Oct 1, 2018 19:22

Description:

In today's podcast we hear an update on Facebook's data breach, including EU inquiries, Congressional attention, FTC scrutiny, and user unhappiness. The threat of Chinese election meddling seems to be a matter of concern in the US Intelligence Committee. And, despite promises, there was no livestreamed obliteration of much of anything yesterday. Rick Howard from Palo Alto Networks on rebooting the kill chain.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/September/CyberWire_2018_10_01.html

Support our show

Sophisticated FIN7 criminal group hits payment card data — Research Saturday.

Sep 29, 2018 31:33

Description:

Researchers at security firm FireEye have been tracking malicious actors they call FIN7, a group which targets payment card data in the hospitality industry and elsewhere. They make use of targeted phishing campaigns, telephone vishing and even a convincing front company to do their deeds. 

Nick Carr and Barry Vengerick are coauthors of the research, along with their colleagues Kimberly Goody and Steve Miller. 

The research is titled On the Hunt for FIN7: Pursuing an Enigmatic and Evasive Global Criminal Operation. It can be found here:
https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html

 

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

 

Facebook discloses a major breach. Botnet brute forcing ransomware. Retail domain typosquatting. ATM wiretapping. Ransomware in San Diego. SEC hits cyber deficiencies. Assange retires?

Sep 28, 2018 24:17

Description:

In today's podcast, we hear that Facebook has disclosed a cyberattack that affected fifty million users. A botnet is brute-forcing credentials. Cybercriminals show signs of ramping up spoofed retail domains in preparation for holiday shopping. The US Secret Service warns of ATM wiretapping. The Port of San Diego struggles with ransomware. The US SEC fines a company for cyber deficiencies. Mr. Assange goes offline. And some guy says he'll live-stream his annihilation of a prominent Facebook page. Jonathan Katz from University of MD on Bluetooth pairing protocol vulnerabilities. Guest is Andrea Little Limbago from Endgame on the internet’s effect on global conflict.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/September/CyberWire_2018_09_28.html

Extended interview with Endgame's Andrea Little Limbago:
https://www.patreon.com/posts/21704947

Support our show

Fancy Bear, again and again. QRecorder is a banking Trojan. Authentication issues with Apple's Device Enrollment Program. Notes on regulation. Farewell to a code-breaker.

Sep 27, 2018 19:04

Description:

In today's podcast, we find out that Fancy Bear has its very own rootkit. VPNFilter turns out to do a lot more than previously suspected. One of the Salisbury assassins is identified as a GRU colonel. A voice recorder app is kicked out of Google Play for being a banking Trojan. Apple's Device Enrollment Program may have authentication issues. Big Tech might learn to like being regulated. And farewell to one of Bletchley Park's Jenny Wrens. Mike Benjamin from CenturyLink with thoughts on the Foreshadow vulnerability. Guest is Daniel Riedel from New Context Services, discussing synthetic identities.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/September/CyberWire_2018_09_27.html

Support our show

Cryptojacking and ransomware news. The black market in zero-days looks like a bear market. Google budges (a little) on Chrome login. Senate hearings on privacy. Political campaign cybersecurity.

Sep 26, 2018 17:42

Description:

In today's podcast, we hear that cryptojacking apps have reappeared in Google Play. A brewer's experience with ransomware shows that victims needn't be helpless in the face of extortion. A look at the black market finds that zero-day vendors have grown a lot scarcer on the ground. Google responds—a little—to concerns about privacy in Chrome login. The US Senate is holding hearings on privacy. Big Tech will be there. And are political campaigns slipping into learned helplessness about cybersecurity? Dr. Charles Clancy from VA Tech’s Hume Center on university spin-offs and partnerships. Guest is Dinah Davis from Code Like a Girl on how men can help increase diversity through mentorship.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/September/CyberWire_2018_09_26.html

Support our show

Follow-up to terror attack in Iran. UN data exposure. Kodi and cryptojacking. SHEIN retail breach. Atlanta's ransomware remediation. Payroll phishing. Quantum strategy.

Sep 25, 2018 18:59

Description:

In today's podcast, we hear that Iran has accused Saudi Arabia, UAE, and the US of running Saturday's terror attack "from the shadows." Data exposure at the UN. Kodi platform exploited for cryptojacking. SHEIN retail breach affects more than six million. Atlanta says its ransomware incident is now "over." FBI warns of payroll phishing. A US strategy for quantum technology is offered. A look at sports and cybersecurity. Has the Riemann hypothesis been proved?  Johannes Ullrich from the SANS ISC Stormcast podcast with warnings of post-hurricane scams. Our UK correspondent Carole Theriault explores overly complex online terms and conditions, and speaks with a company that’s chosen a different way. Jeremy Forsberg is CMO at Axel.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_09_25.html

Support our show

Terror attack in Iran prompts info skirmishing, and perhaps worse to come. JET bug disclosed. ANSSI open-sources OS. Anglo-American response to Russian cyber ops. Russian elections. Scam notes.

Sep 24, 2018 16:47

Description:

In today's CyberWire, we hear about a terror attack in Iran that has heightened tensions among adversaries: expect a heightened cyber optempo.  A JET vulnerability in Microsoft products is publicly disclosed as Microsoft misses the Zero Day Initiative's 120-day deadline. France will open-source its secure operating system. UK, US attitudes continue to stiffen towards Russia in cyberspace. Russian elections are surprising, by Russian standards. Notes on some current scams. Ben Yelin from UMD CHHS on a ruling on warrantless GPS tracking at the U.S. border.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_09_24.html

Support our show

ICS honeypots attract sophisticated snoops. — Research Saturday

Sep 22, 2018 21:20

Description:

Researchers at security firm Cybereason recently set up online honeypots to attract adversaries interested in industrial control system environments. It didn't take long for sophisticated attackers to sniff out the virtual honey and start snuffling around.

Ross Rustici is senior director of intelligence services at Cybereason, and he joins us to share what they learned.

The research is titled ICS Threat Broadens: Nation-state Hackers are no Longer the Only Game in Town. It can be found here:
https://www.cybereason.com/blog/industrial-control-system-specialized-hackers

 

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

US National Cyber Strategy. New sanctions. GCHQ beefs up Russia unit. Cryptocurrency heist. Hacking Senatorial Gmail. Crime and punishment.

Sep 21, 2018 25:14

Description:

In today's podcast, we hear about the US national cyber security strategy, and developing international norms, calling out bad actors, establishing a credible deterrent, and imposing consequences are important parts of it. The State Department blacklists thirty-three Russian bad actors. GCHQ is standing up a 4000-person cyber operations group to counter Russian activity. A cryptocurrency heist in Tokyo. Hacking Senatorial Gmail. And some notes on crime and punishment.  Emily Wilson from Terbium Labs on Dark Web exit scamming. Guest is Tanya Janca from Microsoft on her OWASP DevSlop project.

Extended interview with Tanya Janca - 
https://www.patreon.com/posts/21559930

OWASP DevSlop show on Twitch - 
https://www.twitch.tv/videos/307974412

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_09_21.html

Magecart is back. Bad apps booted from Google Play. OilRig taken seriously. Election influence operations. Sending in the National Guard. ICO fines Equifax for last year's breach.

Sep 20, 2018 16:12

Description:

In today's podcast, we hear that Magecart has hit a Philippine media conglomerate. Bogus (and malicious) financial apps are ejected from Google Play. Gulf states are taking warnings about Iran's OilRig seriously. A cloud hosting service serves up phish. Taiwan believes China is preparing to meddle in its elections. Facebook sets up an anti-disinformation war room. Nebraska sends in the National Guard. The UK ICO fines Equifax for last year's breach. Craig Williams from Cisco Talos on distinguishing between features and bugs with regards to security. Guest is Roela Santos from Engility, describing the CyberWarrior scholarship for veterans.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/September/CyberWire_2018_09_20.html

State Department cybersecurity issues. Iron Group's pseudoransomware. Bristol Airport's deliberate recovery. State of cryptojacking. Facebook offers campaigns help. US cyber strategy. Mirai masters.

Sep 19, 2018 19:40

Description:

In this podcast, we hear that the US State Department has acknowledged an email breach. The criminal gang Iron Group is hitting targets with data-stealing and data destroying pseudoransomware. Bristol Airport continues its slow recovery from whatever hit a at the end of last week. A cryptomining study is out. Facebook offers help to political campaigns. The new US cyber strategy is out. ICOs get regulation. Mirai masters get suspended sentences in recognition for the help they've rendered the Government. Daniel Prince from Lancaster University with thoughts on asset-based risk assessment. Guest is Ray Watson from Masergy on soft targets.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/September/CyberWire_2018_09_19.html

Tracking Pegasus. OilRig spearphishing. IP theft from universities. Peekaboo bug in surveillance cameras. WannaMine won't be EternalBlue's last ride. Preventing data abuse.

Sep 18, 2018 19:45

Description:

In today's podcast, we hear about a Citizen Lab report on the global use of Pegasus lawful intercept tools. OilRig seems to be spearphishing in Bahrain. University IP theft by Iran seems widespread, but it also doesn't look very lucrative. Peekaboo vulnerability affects security cameras. WannaMine is the latest campaign to exploit the stubborn EternalBlue vulnerability. Data firms work toward guidelines to prevent political data abuse. David Dufour from Webroot with a primer on quantum computing. Guest is Sam Bisbee from Threat Stack on public cloud breaches.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/September/CyberWire_2018_09_18.html

Ransomware and cryptojacking are all the rage. Iran seeks IP, North Korea seeks a quick buck. More on EU content moderation. Alleged Russian hacking of WADA, Spiez Laboratory. Propaganda overreach?

Sep 17, 2018 18:30

Description:

In today's podcast, we hear about the ransomware that's clogged systems at a UK airport. New variants of ransomware are out and about in the wild. EternalBlue continues to be used to install cryptojackers in vulnerable systems—the campaign is being called WannaMine. EU considers short deadlines and sharp penalties for failure to remove "extremist content" from the Internet. Russia suspected in WADA and Spiez Lab hacking. Did Moscow overreach with its latest Novichok disinformation effort? Malek Ben Salem from Accenture on encryption techniques that make use of DNA.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/September/CyberWire_2018_09_17.html

Android device eavesdropping investigation. — Research Saturday

Sep 15, 2018 17:32

Description:

 

A team of researchers from Northeastern University and UC Santa Barbara examined over 17,000 Android apps, and revealed a number of alarming privacy risks. 

Elleen Pan and Christo Wilson were members of the research team, and they join us to share what they found. 

The research is titled Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications. It can be found here:
https://recon.meddle.mobi/papers/panoptispy18pets.pdf

 

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

 

Magecart continues its way. Evil cursor attacks. Seasonal trends in Trojans. More Novichok disinformation. Pyongyand denounces a "smear campaign." Wait and see on pipeline fires.

Sep 14, 2018 24:22

Description:

In today's podcast we hear that Magecart has achieved another library infestation as Feedify is hit. An evil cursor attack is a variant of a familiar tech support scam. The Ramnit banking Trojan seems to be spiking during the summer, and there are various theories as to why this might be so. More Novichok disinformation is out. Safari url spoofing seems more nuisance than serious menace. North Korea denounces the US for a "smear campaign" against the Lazarus Group, which doesn’t exist, either. Joe Carrigan from JHU ISI shares his frustrations with his bank’s insufficient password practices. Guest is Ron Gula, former CEO and co-founder of Tenable Network Security, currently President at Gula Tech Adventures which focuses on investing and advisement of two dozen cyber-security companies.

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_09_14.html

Domestic Kitten spyware. Crypto wallet shenanigans. Firmware issues enable cold boot attacks. BlueBorne bugs are still out and about. Tech support scams. Election security.

Sep 13, 2018 19:56

Description:

In today's podcast we hear that an Iranian domestic spyware campaign has been reported: it's most interested in ethnic Kurds. A bogus cryptocurrency wallet site is taken down. F-Secure warns of a widespread firmware problem that could be exploited for cold boot attacks. The BlueBorne Bluetooth bugs are apparently still out there. Tech support scam ads are taken down. Policies for election security continue to evolve. And Facebook's founder offers some thoughts on how his platform can save democracy. Ben Yelin from UMD CHHS with analysis of a Florida court decision on the use of cell site simulators. Guest is Josh Mayfield from Absolute Software with tips on cyber hygiene. 

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_09_13.html

Executive Order mandates election interference sanctions. British Airways regulatory exposure. Patch Tuesday notes. EU passes copyright law. Russia says no to Novichok. WhatsApp scam.

Sep 12, 2018 19:44

Description:

In our podcast we hear that a US Executive Order issued today will impose sanctions on foreign actors following a determination that there's been an attempt at election meddling. The Executive Order covers both hacking and propaganda. British Airways may receive a heavy fine under GDPR for its recent breach. The EU passes controversial copyright legislation. Russia says the accused Novichok hitmen didn't do nothin'. And watch out for Olivia on WhatsApp—she's not what she at first seems to be. Jonathan Katz from the University of Maryland, with a cryptocurrency bug story from the MIT media lab. Guest is Robert Block from SecureAuth + CoreSecurity, with best practices for securing Office 365. 

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_09_12.html

Trend Micro answers spying allegations. Magecart blamed for British Airways breach. Tor Browser exploit disclosed. Google vs. the right to be forgotten. Accused JPMorgan hacker extradited.

Sep 11, 2018 19:48

Description:

In today's podcast, we hear that Trend Micro has clarified what was up with allegations it was deploying spyware with its tools—no spyware, but they've changed their products to remove the appearance of impropriety. RiskIQ fingers the Magecart gang as the hoods behind the British Airways data breach. Exploit broker Zerodium discloses a no-longer profitable Tor Browser vulnerability. Google will challenge the EU's right-to-be-forgotten in court this week. An extradition in the JPMorgan hack. Justin Harvey from Accenture with tips on building an effective incident response plan. Guest is Colin McKinty from BAE systems, discussing the launch of The Intelligence Network, a collaborative task force developed in partnership with Vodafone and Surrey University, to engage, unite and activate the global security community in the fight against cybercrime. 

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_09_11.html

Elections and information operations, but not necessarily the elections you expect. Apple purges dodgy security apps. Who are the Silence criminals? BA's breach. Cyber moonshots.

Sep 10, 2018 19:30

Description:

In today's podcast, we hear about foreign information operations surrounding elections in Israel and Sweden. Domestic information operations surround local elections in Russia. Apple purges questionable security apps from its store. Are the Silence cyber criminals security industry veterans? British Airways continues to recover from its data breach. What a "cyber moonshot" might actually mean. And ProtonMail says the coppers have collared an Apophis Squad member. Zulfikar Ramzan from RSA with a reality check on blockchain hype . Guest is Yehuda Lindell from Unbound Tech on the Foreshadow vulnerability. 

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_09_10.html

Leafminer espionage digs the Middle East. — Research Saturday

Sep 8, 2018 22:23

Description:

Researchers at Symantec recently published their findings on an active attack group named Leafminer that's targeting government organizations and businesses in the Middle East region. 

Vikram Thakur is a technical director at Symantec, and he joins us to share what they've found.

The research can be found here:
https://www.symantec.com/blogs/threat-intelligence/leafminer-espionage-middle-east

 

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

Russia does the info ops dance. An indictment of a Lazarus Groupie. FOIA shares too much. British Airways breaches. Silence makes some noise. Notes from the Billington Cybersecurity Summit.

Sep 7, 2018 24:38

Description:

In today's podcast we hear that Russia says it had nothing to do with the Salisbury nerve agent attacks, but no one really seems to be buying the denial. The US indicts a North Korean hacker in matters pertaining to the Lazarus Group. FOIA.gov overshares. British Airways sustains a data breach. The "Silence" gang makes some noise in the underworld. Notes from yesterday's Billington Cybersecurity Summit. And Twitter bans a grandstander…for life. Dr. Charles Clancy from VA Tech’s Hume Center describes the Virginia Commonwealth Cyber Initiative. Guest is Rich Baich, CISO at Wells Fargo with insights on protecting a major financial institution. 

Cyberwar looms between Russia and the UK. Twitter and Facebook complete testimony, but inquiries continue. Unpatched MikroTik routers exploited. OilRig's new tricks.

Sep 6, 2018 20:00

Description:

In today's podcast, we hear that the Novichok attacks have brought Britain and Russia to the brink of cyberwar. The UK will take its case to the UN Security Council. Twitter and Facebook have completed their testimony on Capitol Hill, but investigation of tech's role in influence operations and public discourse continue. So do concerns about election security. Unpatched MikroTik routers are being exploited in the wild. OilRig shows some new tricks.  Joe Carrigan from JHU ISI on biometric scanners tagging travelers at the border. Guest is Robert Anderson from the Chertoff Group with insights on the encryption debate. 

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_09_06.html

Sleeper malware. Hakai botnet spreads. SamSam is still with us. US DNI warns of election threats. Congressional panels interrogate Facebook and Twitter, but not Google.

Sep 5, 2018 20:01

Description:

In today's podcast, we hear that German security authorities warn about the possibility of sleeper sabotage malware. A botnet to rival Satori, this one called Hakai, continues to spread to new classes of router. SamSam ransomware remains dishearteningly successful. The US Director of National Intelligence warns against foreign influence in elections. Facebook's former security chief says the midterms could be the World Cup of information Warfare. Silicon Valley comes to Capitol Hill, but without Google. Craig Williams from Talos at Cisco with an update on the Remcos RAT. Guest is Robert Holmes from Proofpoint on the DHS’s Binding Operational Directive (BOD) 18-01 mandate to secure their email systems. 

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_09_05.html

Tracking Stone Panda to the Tianjin Bureau. Ad-fraud and Tokelau. RansomWarrior decrypted. US Congress to grill Facebook, Google, and Twitter. Celebrity scams.

Sep 4, 2018 15:28

Description:

In today's podcast, we hear that Intrusion Truth seems to have Stone Panda dead to rights. Chinese intelligence increases targeting of expatriate Uyghurs. Zscaler warns that an ad-fraud campaign is making use of the Tokelau top-level domain. Check Point has a decryptor for RansomWarrior. The US House and Senate will hear from Facebook, Twitter, and Google this week about influence operations, content moderation, and alleged monopolistic practices. And no, Pope Francis isn't giving away Bitcoin, nor did former President Obama encrypt your files. Emily Wilson from Terbium Labs with a look back at the effects of last year’s Alpha Bay takedown.  

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_09_04.html

ATM hacks on the rise. — Research Saturday

Sep 1, 2018 22:45

Description:

Threat researcher Marcelle Lee from LookingGlass Cyber Solutions joins us to share her research on the growing threat of ATM hacks in the U.S. 

The research can be found here:
https://www.lookingglasscyber.com/blog/atm-hacking-you-dont-have-to-pay-to-play/

 

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

Recruiting spies via LinkedIn. WindShift in the Gulf. GlobeImposter ransomware. Blocking Telegram is harder than it looks. Policy notes from the Five Eyes.

Aug 31, 2018 25:12

Description:

In today's podcast we hear that the US Intelligence Community says that China is actively trying to recruit spies over LinkedIn. Britain and Germany had earlier issued similar warnings. WindShift espionage group is active in the Gulf. GlobeImposter ransomware continues its evolution and spread. The Five Eyes issue some communiques about cooperation in cyberspace. Russia would like to block Telegram if it could do so without too much collateral traffic damage. Supply chain questions about Google's Titan. Johannes Ullrich from SANS and the ICS Stormcast podcast, with iPhone unlocking techniques. Guest is Andy Greenberg from WIRED discussing his recent article on NotPetya. 

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_31.html

Twitter bots in Swedish politics. A different approach to influence operations. Hotel guest PII for sale. Medical device vulnerabilities. Charges in the case of the Satori botnet.

Aug 30, 2018 17:45

Description:

In today's podcast, we hear that Twitter bots have shown up in Sweden's political discourse. Not so much Chinese hacking for influence: Beijing seems to prefer funding sympathetic cultural and research centers. 130 million hotel guests have their PII offered for sale on the dark web. Medical device vulnerabilities are disclosed, and hospitals are urged to patch. Nexus Zeta faces charges in a US Federal Court, apparently in connection with the Satori botnet. Mike Benjamin from CenturyLink with an update on the Necurs botnet. Guest is Gilad Peleg from SecBI on the challenges of secure BYOD policies. 

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_30.html

1

Unpatched Apache Struts installations being exploited in the wild. Windows local privilege escalation flaw. Similarities among spyware. Stalkerware hack. Criminal threats to the grid. Breaches.

Aug 29, 2018 20:00

Description:

In today's podcast we hear that the Apache Struts vulnerability, patched last week, is being actively exploited by cryptojackers. Microsoft works on a fix for local privilege escalation flaw in Windows. Trend Micro sees similarities among Urpage, Confucius, Patchwork, and Bahamut campaigns. Air Canada suffers a breach. Criminal threats to power grids. And searching for search engine optimization in all the wrong places. Jonathan Katz from UMD on flaws in Intel processors’ secure enclave. Guest is Fred Kneip from CyberGRX on third party risk. 

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_29.html

Social media struggle with their social role. Election hacking concerns remain high. Australia's new government shuffles cybersecurity responsibilities.

Aug 28, 2018 20:00

Description:

In today's podcast, we hear that Twitter has suspended more accounts for "divisive social commentary" and "coordinated manipulation." Facebook blocks accounts belonging to Myanmar leaders over Rohingya persecution. US Senators are unconvinced by claims that it's dangerous to research voting-machine vulnerabilities. The House takes a look at the CVE database. Australia's new government reorganizes its cybersecurity portfolio. Justin Harvey from Accenture with details from their mid-year cyber threatscape report. Guest is Sean Tierney from Infoblox with their shadow IoT report. 

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_28.html

Moscow HUMINT drought? Spying on the Patriarch. Ottoman hacktivism. Iranian information operations. ISIS in cyberspace. RtPOS malware discovered.

Aug 27, 2018 17:25

Description:

In today's podcast, we discuss reports that suggest US HUMINT collection in Russia has dried up. Russian intelligence services are showing an interest in disrupting a grant of autonomy to the Ukrainian Orthodox Church by the Ecumenical Patriarch. Turkish hacktivism shows up in the US, as journalists' social media accounts are hijacked. A look at Iranian information operations. ISIS limps back into cyberspace. A new point-of-sale malware family is discovered. David Dufour from Webroot on the role of engineers in securing an organization. 

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_27.html

Cyber espionage coming from Chinese University. — Research Saturday

Aug 25, 2018 26:02

Description:

Threat intelligence firm Recorded Future recently published research describing espionage activities originating from servers at a major Chinese university, coinciding with international economic development efforts.

Winnona DeSombre and Sanil Chohan are authors of the report, Chinese Cyberespionage Originating from Tsinghua University Infrastructure, along with their colleague Justin Grosfelt.

The research can be found here:
https://www.recordedfuture.com/chinese-cyberespionage-operations/

 

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

More action against Iranian influence operations. Tehran's cyberespionage against universities. Counter-value targeting in cyber deterrence. Sino-Australian trade war? Law and order.

Aug 24, 2018 24:44

Description:

In today's podcast, we hear that Google has put the cats out. Secureworks describes an Iranian cyberespionage campaign targeting universities. That DNC phishing campaign is confirmed to be a false alarm caused by a Michigan misstep, but almost fifteen million voter records appear to have been inadvertently exposed in Texas. The US tells Russia to knock off the influence operations, and some suggest a counter-value deterrent strategy to tame the Bears. China warns Australia its new government will face trade retaliation for banning ZTE and Huawei. Reality Winner gets five years, and two Minnesota lawyers go away, too. Ben Yelin From UMD CHHS on attempts by the State Department to establish international norms for behavior for cyber. Guest is Theresa Payton from Fortalice Solutions, addressing hype vs reality when it comes to blockchain, AI, and the IoT. 

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_24.html

If you're running a red team, let someone know it's a drill. Apache patches Struts. Another exposed AWS bucket. Remcos abused by hackers. DPRK goes after Macs. Dark Tequila runs in Mexico.

Aug 23, 2018 19:50

Description:

In today's podcast, we hear that a phishing attempt against the Democratic National Committee turned out to have been a poorly coordinated red-team exercise. Apache patches a remote code execution vulnerability in Struts. Another exposed AWS bucket. Remcos remote administration tool is being abused by black hats. Dark Tequila goes after customers of Mexican financial institutions. The Lazarus Group is back, and it's getting into Macs for the first time. Joe Carrigan from JHU ISI on Android vs. iOS data privacy. Guest is Oren Falkowitz from Area 1 Security on protection against phishing attempts. 

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_23.html

Facebook takes down "inauthentic" Russian and Iranian fronts. Twitter blocks Iranian false-flags, and FireEye explains why they think it's Tehran. Triout Android spyware described. Hacking back?

Aug 22, 2018 20:00

Description:

In today's podcast we hear that Facebook has taken down more inauthentic pages—some are Russian, but others are Iranian. Twitter blocks Iranian accounts for being bogus. Russia denies, again, any involvement in information operations against the US. US Army Cyber Command's boss wonders if his job isn't more "information ops" than "cyber." Bitdefender describes Triout, an Android spyware framework. And some in industry caution the Senate not to expect them to get frisky hacking back. Craig Williams from Cisco’s Talos team, discussing MDM (mobile device management) vulnerabilities. Guest is James Burns from CFC Underwriting on cyber security insurance. 

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_22.html

Fancy Bear bogus sites taken down. Some in the US Congress think they want hack-back laws. Cyber and sanctions. Operation Red Signature. Doxing Chinese Intelligence. Buggy medical devices.

Aug 21, 2018 19:56

Description:

In today's podcast, we hear that Microsoft has sprung its bear trap, again, and caught Fancy Bear. This time the targets are more to the right than the left. The US Senate holds hearings on cybersecurity—hacking back is expected to be on the table. The UK wants more sanctions on Russia. US Senators are looking into reducing sanctions' collateral economic damage. Operation Red Signature pokes at South Korean supply chains. Intrusion Truth doxes Chinese intelligence officers. Medical device bugs. Rick Howard from Palo Alto Networks with tips buying cybersecurity products. Guest is Travis Rosiek from BluVector on fileless attacks. 

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_21.html

Beers with Talos — Live from the RiRa at Black Hat

Aug 21, 2018 01:22:45

Description:

CyberWire host Dave Bittner joins the crew from Cisco's Talos team on a special live edition of their Beers with Talos podcast from Black Hat.

DarkHotel is back. So is Necurs, and it's distributing a modular malware dropper. Industrial espionage follows international trade. Election meddling. The use and abuse of data.

Aug 20, 2018 16:56

Description:

In today's podcast, we hear that an evolved DarkHotel campaign is under way. A new malware dropper is out and about thanks to the Necurs botnet. Researchers demonstrate proof-of-concept exploits. Cyber espionage follows trade. Notes on election meddling. Google and Facebook encounter some regulatory and legal headwinds over data collection. Connected cars know a lot about their drivers, and there's money in those data. Robert M. Lee from Dragos on the notion of cyber attacks as a distraction. 

For links to all today's stories, check out our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_20.html

Stealthy ad fraud campaign evades detection. — Research Saturday

Aug 18, 2018 19:21

Description:

Researchers at Bitdefender have been tracking a bit of complex rootkit malware called Zacinlo that they suspect has been operating virtually undetected for over six years. Bogdan Botezatu is a senior cyber security analyst with Bitdefender, and he describes what they've found.

Research link:
https://labs.bitdefender.com/2018/06/six-years-and-counting-inside-the-complex-zacinlo-ad-fraud-operation/

 

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

Election risks—hacking and influence. Chinese industrial espionage spike. Misconfigured project management. Necurs appears briefly. Bogus Fortnite downloads. What they heard in the banya.

Aug 17, 2018 24:42

Description:

In today's podcast we run through a brief guide to election risks, and the difference between hacking and influence operations. An Alaskan trade mission prompts a wave of Chinese industrial espionage. Misconfigured project management pages may have exposed Canadian and British Government information. Necurs flared up in a short-lived spam campaign against banks this week. Crooks use bogus Fortnite download pages. Final briefs are submitted in Kaspersky's court challenge to its US ban. Emily Wilson from Terbium Labs on her experience getting certified as a fraud examiner. Guest is Marco Rubin from the Center for Innovative Technology, on the security of UAVs and drones. 

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_17.html

Hacking Old Man River. Nation-state cyber conflict: objectives and norms of behavior. Australia's new cyber laws. ATM campaign. Lawsuits, and the Dread Pirate Robert asks for pardon.

Aug 16, 2018 19:55

Description:

In today's podcast we hear that cyber threats to river traffic have intermodal implications. Nation state hacking, Presidential Policy Directive 20, and international norms of cyber conflict. The tragic consequences of overconfidence concerning communications security. Australia's new cyber laws are more legal hammer than required backdoor. A campaign of ATM robbery nets millions worldwide. A cryptocurrency speculator sues the phone company, a spyware firm sues a former employee, and the Dread Pirate Roberts would like a pardon. Johannes Ullrich from SANS and the ICS Stormcast Podcast, on lingering legacy passwords in Office documents. Guest is Phil Neray from CyberX on the National Risk Management Center being spun up by DHS. 

For links to all today's stories, check out our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_16.html

Notes on patching. Foreshadow speculative execution vulnerability. Influence operations. The FBI's new cyber chief. Are stickers a temptation to thieves, hackers, and customs officers?

Aug 15, 2018 19:58

Description:

In today's podcast we hear some Patch Tuesday notes—both Microsoft and Adobe were busy yesterday. Foreshadow, a new speculative execution vulnerability, is reported. Malaysia gets attention from Chinese espionage services. Competition for jihadist mindshare. Influence operations as marketing. The US FBI gets a new cyber boss. The Kremlin thinks the BBC is biased in the crypto-wars. And laptop stickers: are they good, bad, or ugly? Zulfikar Ramzan from RSA on SOCs and IoT. Guest is Dimitris Maniatis from Upstream on Android ad fraud malware. 

For links to all of today's stories check out the CyberWire daily briefing:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_15.html

Cryptowars notes. DDoS in Finland. Bears aren't under the beds; they're in the routers. Smart city attack surfaces. Sanction notes. Training through puzzle-solving .

Aug 14, 2018 19:59

Description:

In today's podcast, we hear about the cryptowars down under. Major DDoS incident in Finland. Bears in the home routers, and concerns about IoT and power grid security prompt a US Senator to demand answers. Smart cities present big attack surfaces. Preliminary notes on patches. ZTE and Huawei devices formally disinvited from US Government networks. Cyber retaliation expected from Russia and Iran over sanctions. And locking people in a room to teach them good cyber hygiene. Justin Harvey from Accenture on threat hunting. Guest is Bob Stevens from Lookout discussing app-based malware on mobile devices. 

For links to all of today's stories check out our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_14.html

Spyware for states and spouses. Election hacking demos. New ransomware strains, and a clipper for Android. Airline Wi-Fi is not only irritating, but insecure as well.

Aug 13, 2018 16:30

Description:

In today's podcast, we hear about spyware in the guise of a missile attack warning app. New Dharma variant out. Android.Clipper redirects transactions to crooks' cryptowallets. DLink exploits rob Brazilian banking customers. Utilities prepare for grid hacks, but researchers say an appliance botnet could cycle demand enough to induce blackouts. Vulnerabilities in airline Wi-Fi and SATCOM connectivity. Election hacking demos may or may not be realistic. Family spy ware proves vulnerable to data exfiltration. Ben Yelin from UMD CHHS on police using facial recognition software to nab a suspect. 

Thrip espionage group lives off the land. — Research Saturday

Aug 11, 2018 25:46

Description:

Researchers at Symantec have been tracking a wide-ranging espionage operation that's targeting satellite, telecom and defense companies. 
Jon DiMaggio is a senior cyber intelligence analyst at Symantec, and he takes us through what they've discovered.

The research can be found here:
https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets

 

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

DPRK RAT in the wild. Vulnerable WPA2 4-way handshake implementations. Black Hat notes. Sanctions and retaliation. RoK to reorganize Cyber Command. PGA and ransomware.

Aug 10, 2018 22:05

Description:

In today's podcast we hear that US-CERT is warning of a North Korean RAT. Researchers find vulnerable WPA2 handshake implementations. A sales call results in inadvertent data exposure. Notes on Black Hat: circumspection, hype, barkers, and artificial intelligence. Russia braces for US sanctions and promises retaliation. South Korea will reorganize its Cyber Command. The PGA is hit with ransomware. Guests are Andrei Soldatov and Irina Borogan, authors of the book The Red Web. 

State-sponsored ransomware campaigns coming? DarkHydrus and Phishery. Hitting ATMs for alt-coin. US sanctions Russia. IBM looks at artificially intelligent malware. Black Hat notes.

Aug 9, 2018 19:05

Description:

In today's podcast we hear that Tehran seems ready to follow Pyongyang into state-sponsored theft to redress financial shortfalls: cryptocurrency ransomware looks like Iran's preferred approach. DarkHydrus uses commodity tool Phishery in Middle Eastern campaign. Jackpotting cryptocurrency ATMs. The US imposes sanctions on Russia. Reality Winner's sentencing date announced. IBM looks at artificially intelligent malware. The mob's role in the cyber black market. What's the bigger gaming threat, sideloading apps or the Fortnite dance? We're asking for a friend. Awais Rashid from Bristol University on issues with software warranties. Guest is Cheryl Biswas from the Diana Initiative, a conference in Las Vegas celebrating diversity, women in security, and how to pursue a career in information security and technology. 

Payment processors probed with BGP exploits for redirection attacks. WhatsApp vulnerable to manipulation? Deterrence and retaliation. Anonymous vs. QAnon. Notes from Black Hat.

Aug 8, 2018 17:03

Description:

In today's podcast we hare that Oracle has warned of BGP exploits against payment processors. Check Point says it's found vulnerabilities in WhatsApp that could enable chat sessions to be intercepted and manipulated. Germany, Ukraine, and the US independently mull responses to hacking and influence operations. Anonymous announces it wants to take its shots at QAnon. Notes from Black Hat, including observations on grid hacks, AI, and the gray hat phenomenon. David Dufour from Webroot with a look at the year in review. Guest is Travis Moore from TechCongress describing their fellowship programs. 

For links to all of today's stories check out our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_08.html

TSMC recovers from WannaCry infection. OpenEMR fixes 30 bugs. UK will ask Russia to extradite two GRU operators for Novichok attacks. Twitterbots flourish.

Aug 7, 2018 19:03

Description:

In today's podcast we hear that chipmaker TSMC says the virus that shut it down in Taiwan was WannaCry. It appears to have been an incidental infection enabled by inattentive installation of software. OpenEMR fixes bugs that could have exposed millions of patient records. British authorities are said to be readying an extradition request for GRU operators they hold responsible for the Novichok attack in Salisbury—the incident has prompted Russian hacking and disinformation. Mike Benjamin from CenturyLink on DDoS attack trends. Casey Ellis from Bugcrowd with an overview of bug bounty programs. 

More data exposures, from banks and a major CRM provider. Ransomware strikes back. The irresistibility of data. An unhackable wallet gets hacked…maybe. Spreading goodwill through Akido?

Aug 6, 2018 19:58

Description:

Leaky API may have exposed Salesforce customers' data, TSMC reports a virus in its semiconductor plants. TCM Bank discloses a paycard application leak. Ransomware in Hong Kong. The US Census Bureau prepares to secure its 2020 "fully digital" census. The unbearable, irresistible urge to monetize data. Notes on automotive cybersecurity. Depending on whom you ask, the Bitfi wallet was either hacked, or not. And a new goodwill ambassador seeks to repair US-Russian relations. Rick Howard from Palo Alto Networks exploring the notion of superforecasting. 

For links to all of today's stories check out our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_06.html

Cortana voice assistant lets you in. — Research Saturday

Aug 4, 2018 21:32

Description:

Researchers at McAfee recently discovered code execution vulnerabilities in the default settings of the Cortana voice-activated digital assistant in Windows 10 systems. 

Steve Povolny is head of advanced threat research at McAfee and he shares their findings.

The research can be found here:

https://securingtomorrow.mcafee.com/mcafee-labs/want-to-break-into-a-locked-windows-10-device-ask-cortana-cve-2018-8140

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

Russian threats and threats to Russia. Cryptojacking wave spreads out from Brazil. Recovering from malware in Alaska and Atlanta. Notes on automotive cybersecurity.

Aug 3, 2018 24:52

Description:

In today's podcast we hear that the US Intelligence Community warns of Russian threats, again. A criminal spearphishing campaign hits Russian industrial companies. A cryptojacking wave is installing CoinHive in MicroTik routers. Speakers at the Billington Automotive CyberSecuirty Summit stress collaboration, design for security, and the convergence of cyber and safety. Autonomy and connectivity make these imperative for the next generation of vehicles. Municipalities hit by malware feel the pain.  Ben Yelin from UMD CHHS on a NYT story on records being seized from a reporter. Guest is David Spark, cohost of the CISO Security Vendor Relationship podcast.  

For links to all of today's stories check out our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_03.html

 

RASPITE noses around the US power grid. Cisco will buy Duo Security. Sandworm afflicts lab investigating Novichok attack. Influence ops can be no-lose proposition.Crytpojacking and malspam.

Aug 2, 2018 18:06

Description:

In today's podcast, we hear that Cisco plans to buy Duo Security. Dragos warns of the RASPITE adversary actor. Russia's Sandworm group is phishing people connected with a Swiss chemical forensics lab. How influence operations can be a no-lose proposition. A cryptojacking campaign is discovered and stopped. Malspam is using gifs to carry a keylogger payload. And Facebook CSO Alex Stamos has fixed a date for his departure for Stanford. Robert M. Lee from Dragos with thoughts on categorizing threat actors. Guest is Wendi Whitmore from IBM with their 2018 Cost of a Data Breach study. 

For links to all of today's stories check out our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_02.html

Reddit Hacked. Ukrainians nabbed. Facebook boots "inauthentic" accounts for malign influence. Pegasus spyware found in Amnesty phone. Yale's old breach. Google and censorship.

Aug 1, 2018 19:49

Description:

In today's podcast we hear that a Swiss chemical agent forensic lab has seen Sandworm phishing attempts. Facebook kicks thirty-one "inauthentic" accounts from its platform: they seem to have been engaged in influence operations, possibly Russian. Attribution remains difficult. NSO Group's Pegasus spyware found in Amnesty International phone. SamSam ransomware exacts a high cost. Yale realizes it was breached about ten years ago. Google allegedly prepares a censor-engine for Chinese web searchers.  Craig Williams from Cisco’s Talos unit, describing his team and the work they do. Guest is Thomas Hofmann from Flashpoint on ransomware and online extortion. 

For links to all of today's stories check out out Cyberwire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_01.html

Data-centric security. — Special Edition

Aug 1, 2018 27:39

Description:

In this CyberWire special edition, we take a look at data-centric security, focusing on the security of the data itself, rather than the surrounding networks, application or servers. 

 
To help us on our journey of understanding we’ve lined up a number of industry experts. Ellison Anne Williams is CEO of Enveil, a company that’s developed cutting edge encryption techniques. Adam Nichols is principle of software security at Grimm, a cybersecurity engineering and consulting firm. Mark Forrest is CEO of Cryptshare, maker of secure electronic communication technologies for the exchange of business sensitive information. And John Prisco is CEO at QuantumXchange, a provider of what they claim is unbreakable quantum-safe encryption.

Thanks to our special edition sponsor Cylance.

Infrastructure security, especially power, finance, and elections. Preparation pays off. Proofpoint warns of new AZORult malware. Check Point tracks Master134 malvertising. Crime news.

Jul 31, 2018 19:22

Description:

In today's podcast we hear more warnings about Russian cyber operators in the North American power grid. The US Department of Homeland Security announces formation of a National Risk Management Center. Cosco's preparation may have rendered the shipper more resilient to the cyberattack it sustained. Congress worries over election hacking and deep fakes. Electronic warfare is back. An alt-coin platform is hacked, a carder goes to jail, an alleged sim-swapper is arrested, and coaches behave badly.  Johannes Ullrich from SANS and the ISC Stormcast podcast on TLS 1.3 implementation. Guest is Mark Orlando from Raytheon on critical infrastructure security. 

For links to all of today's stories check out our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2018/July/CyberWire_2018_07_31.html

NetSpectre proof-of-concept. Election hacking, in the US and Australia. Cyber industrial espionage. Cyber threats to power grids. Hacking JPay.

Jul 30, 2018 16:25

Description:

In today's podcast, we hear about NetSpectre, a new speculative execution proof-of-concept. Australia's Electoral Commission says there were no signs of hacking recent by-elections. US states remain concerned about election hacking. Missouri Senator McCaskill confirms that Fancy Bear made an unsuccessful attempt to access her staff's network. Russian threats to power grids. Industrial espionage continues to go after corporate IP. And news you can use about JPay (we know: you're asking for a friend). Jonathan Katz from UMD on the timeline for practical quantum computers. 

For links to all of these stories check out our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/July/CyberWire_2018_07_30.html

BabaYaga strangely symbiotic Wordpress malware — Research Saturday

Jul 28, 2018 20:30

Description:

Researchers at Defiant recently analyzed a malware family they named "BabaYaga," which has the curious behavior of clearing out other malware and keeping infected sites up to date.

Brad Hass is a senior security analyst at Defiant, and he guides us through their findings.

The research can be found here:

https://www.wordfence.com/blog/2018/06/babayaga-wordpress-malware/

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

Fancy Bear sniffs around Senatorial staffs. US NSC considers Russian election interference. Chinese and Iranian cyberespionage. Malware loaders. Smart home bugs. Stealing WiFi.

Jul 27, 2018 21:21

Description:

In today's podcast we learn that Fancy Bear is said to be snuffling around at least one US Senatorial office. The US National Security Council meets to consider Russian election interference. Notes on Chinese and Iranian cyberespionage. New malware loaders are offered on the black market. Smart home hubs are shown to be hackable. Tenable enjoys a good IPO. A burglar in Silicon Valley didn't say, your money or your life, but rather, dude I'm outta data—can I have your WiFi password? Dr. Charles Clancy from VA Tech on the security aspects of digital vs analog RF spectrum. Guest is Lisa Beegle from Akamai with info from their State of Internet Security report. 

For link to all of today's stories check out the CyberWire daily news brief:

https://thecyberwire.com/issues/issues2018/July/CyberWire_2018_07_27.html

LifeLock closes proof-of-concept hole. US-CERT warns of active campaigns against ERP applications. Ad blockers may function as spyware. Parasite HTTP RAT. Underminer EK. NSA's IG scowls.

Jul 26, 2018 19:25

Description:

In today's podcast we hear that LifeLock gets locked down—probably no harm done, maybe. US-CERT warns of active campaigns against ERP applications. Ad blockers may be doubling as spyware. A new RAT gnaws away at corporate HR departments. Underminer shows that exploit kits aren't obsolete after all. NSA gets a bad report from its IG. Congress worries over Russian infrastructure reconnaissance and influence operations. Iran's OilRig and Leafminer remain active regional threats. Joe Carrigan from JHU ISI on infosec pros reusing passwords. Guest is Jessica Ortega from SiteLock, discussing how having social media icons on your website increases the odds of falling victim to attacks.  

For links to stories in today's podcast check out our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2018/July/CyberWire_2018_07_26.html

Leafminer wants to learn from the best, and that's not good. Shipper hacked. Old malware resurfaces in improved form. Russian grid and election threats. What insurance covers.

Jul 25, 2018 20:00

Description:

In today's podcast, we hear that Leafminer is infesting networks in the Middle East. Red Alert, Kronos, Mirai, and Gafgyt make their reappearance in new forms. Shipping firm Cosco is dealing with a cyberattack. US officials raise warnings about Russian threats to the power grid and elections. Congress considers cyber retaliation. A dispute over cyber insurance coverage lands the insured and the insurer in court. Awais Rashid from Bristol University on IoT and OT convergence. Guest is Jason Morgan from Wiretap on their Human Behavior Risk Analysis Report. 

For links to all of today's stories check out our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2018/July/CyberWire_2018_07_25.html

Warnings of Russian cyber threat to power grids. Phishing rises. Patch gets patched. SingHealth breach. Satori botnet. Bluetooth MitM. Evil maids?

Jul 24, 2018 19:54

Description:

In today's podcast, we hear that warnings of Russian prep for an attack on power grids become more pointed. Phishing and impersonation attacks continue to rise. Microsoft patches a patch. The SingHealth breach remains under investigation. The Satori botnet may be taking another run at Android devices. Bluetooth vulnerabilities render paired devices susceptible to man-in-the-middle attacks. And evil maid attacks may be less difficult than you thought. Emily Wilson from Terbium Labs, sharing her experience attending a conference for professionals working to fight fraud. Guest is Brian Martin from Risk Based Security with their research on vulnerabilities they discovered with the Click2Gov service.  

For links to all of today's stories check out our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2018/July/CyberWire_2018_07_24.html

SingHealth breach hits Singapore. Manufacturers afflicted with third-party data exposure. Aspen Security Forum takes cyber threats seriously. Ecuador may withdraw asylum from Assange.

Jul 23, 2018 14:30

Description:

In today's podcast we hear that Singapore's SingHealth has sustained a major data breach: authorities speculate it may have been the work of a nation-state yet to be determined (or at least named). A third-party data exposure affects major manufacturers, including car makers. The Aspen Security Forum concludes with sobering warnings from senior US Government officials and the private sector of election interference and the prospects of a "cyber 9/11." Ecuador may be tiring of Mr. Assange. Rick Howard from Palo Alto Networks revisiting the notion of a metaphorical cyber moon-shot. 

For links to all of today's stories check out our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/July/CyberWire_2018_07_23.html

Measuring the spearphishing threat — Research Saturday

Jul 21, 2018 23:41

Description:

Researchers Gang Wang and Hang Hu from Virginia Tech recently conducted an end-to-end measurement on 35 popular email providers and examining user reactions to spoofing through a real-world spoofing/phishing test. Gang Wang joins us to share the sobering results.

End-to-End Measurements of Email Spoofing Attacks

https://people.cs.vt.edu/gangwang/usenix-draft.pdf

 

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

Cyberespionage and influence operations. Big botnet assembled in less than a day. Monetizing stolen paycards through online games. Amazon nudges developers. Report on Huawei. Phishing notes.

Jul 20, 2018 21:59

Description:

In today's podcast we hear that the US Intelligence Community remains convinced the Bears are up to no good. Finland experienced elevated rates of cyberattack during the Helsinki summit, mostly Chinese espionage. The hacker "Anarchy" assembled an 18,000-member botnet in less than a day, using known vulnerabilities. Crooks monetize stolen credit cards through online games. Amazon works to induce better AWS configurations. Annual UK report on Huawei is out. Phishing campaign notes. Zulfikar Ranzan from RSA on cyber risk quantification. Guest is Mark Peters II, author of the book Cashing in on Cyber Power. 

For links to all of today's stories, check out our CyberWire daily news brief.
https://thecyberwire.com/issues/issues2018/July/CyberWire_2018_07_20.html

Fancy Bear's Roman Holiday. RAT phishing in Ukraine. AWS S3 bucket leaks robocaller data. Bug or abuse? NIST to withdraw outdated cybersecurity publications. Content moderation.

Jul 19, 2018 19:52

Description:

In today's podcast, we hear that Fancy Bear has taken a Roman Holiday, and the Italian Navy may be taking note. A criminal espionage campaign is underway, with Ukraine's government as its target. An exposed AWS S3 bucket leaks voter information. A security firm and a vendor dispute whether an issue is a vulnerability or a case of user abuse. NIST announces its intention of withdrawing some obsolete cybersecurity publications. Congress presses tech companies about content moderation. Daniel Prince from Lancaster University on rewriting digital histories. Guest is Matt Cauthorn from ExtraHop on a new worm spreading through Android devices.  

For links to all of today's stories, check out the CyberWire daily news brief - 

https://thecyberwire.com/issues/issues2018/July/CyberWire_2018_07_19.html

Magnibur ransomware spreads. LabCorp discloses suspicious incident on its networks. Spectre, Meltdown notes. Oracle patches. Helsinki summit backing and filling and backing.

Jul 18, 2018 20:13

Description:

In today's podcast, we hear about the spread of Magnibur ransomware. LabCorp discloses "suspicious activity" on its networks. The Pentagon will add cybersecurity checks to its test and evaluation process. Siemens updates customers on Spectre and Meltdown. Oracle's quarterly patch bulletin is out. Fallout, clarifications, and more fallout from the Helsinki summit. US agencies continue preparations to secure elections and infrastructure. Robert M. Lee from Dragos on the Electrum threat group. Guest is Jonathan Couch from Threat Quotient on Dark Web markets.  

For links to stories in today's CyberWire podcast, check out our daily news brief.

https://thecyberwire.com/issues/issues2018/July/CyberWire_2018_07_18.html

Trump-Putin summit. East Asian cyberespionage campaigns. Vulnerable DVRs. Concern about census security.

Jul 17, 2018 19:59

Description:

In today's podcast we review fallout from the Trump-Putin summit. Cyberespionage campaigns resurface in East Asia—at least one of them originates in North Korea. Telefonica sustains a major data breach of Spanish customers' details. Passwords to DVRs are found cached in an IoT search engine. Those DVRs' firmware is also vulnerable to exploitation. The US Census Bureau is asked to provide an overview of measures being taken to secure the 2020 census. David Dufour from Webroot on ransomware in the UK. Guest is James Tabor from MEDIA Protocol on using blockchain technology with online advertising.  

For links to all of the stories mentioned in today's podcast, check out our CyberWire daily news brief - 
https://thecyberwire.com/issues/issues2018/July/CyberWire_2018_07_17.html

DNI warns of cyber threats. Russo-US summit. Mueller investigation and indictments. Huawei agonists. Congress reconsiders ZTE reinstatement. Kaspersky receives no emergency ban relief.

Jul 16, 2018 19:31

Description:

DNI says "warning lights are blinking red" over cyber threats. Election interference remains a risk despite lower than expected levels of threat activity. Presidents Trump and Putin meet in Helsinki. Notes on the Mueller investigation and the GRU indictments. Huawei, under suspicion over African cyberespionage, is said to be excluded from participation in Australian 5G buildout. Congress may reimpose ban on ZTE. Kaspersky fails to win emergency injunction against US sanctions. Ben Yelin from UMD CHHS, weighing in on the indictments of the Russians. 

For links to all of the stories mentioned in this podcast, visit our daily news brief on our web page.

https://thecyberwire.com/issues/issues2018/July/CyberWire_2018_07_16.html

A new approach to mission critical systems — Research Saturday

Jul 14, 2018 21:16

Description:

Andy Bochman is senior grid strategist for Idaho National Lab’s National and Homeland Security directorate. Today we’re discussing the research the INL has been doing, developing new approaches to protecting mission critical systems.

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

Fancy Bear indictments. VPNFilter found in Ukrainian water-treatment chlorine plant. Comment spam. Speculative execution side-channel attacks. MDM exploits in India.

Jul 13, 2018 25:07

Description:

In today's podcast, we hear that Special Counsel Mueller has secured an indictment of twelve Russian intelligence officers for hacking during the 2016 US presidential elections. Ukraine finds VPNFilter in a water treatment facility. Comment spam returns. Speculative execution issues. Mobile-device-management tool used against smartphone users in India. The US Army directly commissions two cyber operators—congratulations, First Lieutenants. Ben Yelin from UMD CHHS on California’s consumer privacy ballot measure. Guest is Martin Hellman, professor emeritus at Stanford University and known for his work on Diffie–Hellman key exchange. His new book is A New Map for Relationships: Creating True Love at Home and Peace on the Planet. 

Timehop refines its breach disclosure. Speculative execution side-channel attacks described. Tech manuals offered for sale on the dark web. Twitter versus bots.

Jul 12, 2018 20:00

Description:

In today's podcast, we hear that Timehop has released more information as its breach investigation proceeds. The case will be interesting as an indicator of what GDPR enforcement will look like. Two speculative execution side-channel attacks are described (in the lab, but not yet, it's believed, in the wild). The US Senate's flesh creeps over bug disclosure practices. Someone uses a Netgear exploit to get some US technical manuals. Twitter goes to work against bogus accounts. Mike Benjamin from CenturyLink on cryptojacking. Guest is Yaniv Avidan from MinerEye on cloud GDPR compliance.  

Ticketmaster paycard breach is part of a very large skimmer campaign. Chinese cyberespionage and censorship. Smartphone privacy issues. Data misuse litigation. Affirming the consequent.

Jul 11, 2018 19:37

Description:

In today's podcast we hear reports that the Ticketmaster breach is the tip of a big software supply chain iceberg. Chinese intelligence services closely interested in Cambodia's elections. iOS crashes appear related to code designed to block displays of Taiwan's flag to users in China. Congress wants some answers on smartphone privacy from both Apple and Alphabet. Facebook's wrist is slapped in the UK. Langley Credit Union identity theft case proves not necessarily related to the OPM breach. Johannes Ullrich from SANS and the ISC Podcast on securing DNS. Guest is Ken Spinner from Varonis, cautioning that we not allow the high-profile insider threat cases distract us. 

More Elon Musk impersonators in social media. Cryptocurrency raided. Spearphishing in Palestine. BlackTech espionage group. Apple upgrades. Polar Flow fitness app and oversharing.

Jul 10, 2018 20:00

Description:

In today's podcast, we hear that advance fee scams run by Elon Musk impersonators are using the recently rescued boys' soccer team as phishbait. Bancor wallet robbed of crytpocurrencies. Palestinian police spearphished. BlackTech espionage group using stolen certificates to sign malware. Apple's upgrades are out—one privacy enhancement has a workaround. Microsoft is in the process of patching. And another fitness app, Polar Flow, overshares.  Jonathan Katz from UMD on homomorphic encryption standards. Guests are Julie Bernard from Deloitte and John Carlson from the FS-ISAC with results from a recent FS-ISAC survey. 

Malware infections down during World Cup matches. UK-Russia tensions. Australian National University hacked. Data breach notes. Calls for cooperation. Tell it to the Marines.

Jul 9, 2018 15:39

Description:

In today's podcast, we hear that if your nation's team was playing a World Cup match, you probably weren't visiting dodgy websites. Concerns mount in the UK that Russia may be readying a long-expected attack on British infrastructure and holding it until the Cup is decided. The Australian National University is hacked in an apparent espionage attempt. Data breaches at Timehop, DomainFactory, and Macy's. Russia calls for international cooperation. The Marines say it wasn't them on that dating app. Malek Ben Salem from Accenture Labs with tips on GDPR compliance. 

No Distribute Scanners help sell malware

Jul 7, 2018 14:30

Description:

Sellers of malware on Dark Web forums often use No Distribute malware scanning tools to help verify the effectiveness of their wares, while preventing legitimate virus scanning tools from adding the malware to their database.

Daniel Hatheway is a Senior Security Analyst at Recorded Future, and he takes us through their recently published research, Uncover Unseen Malware Samples with No Distribute Scanners. 

 

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

When catphishing, it pays to know what bait they'll take. Permission hogs are often misers. Cyber comes to the NTC. Natural intelligence screening for artificial intelligence. The Thermanator.

Jul 6, 2018 22:47

Description:

In today's podcast we hear about catphishing in Berlin and Tel Aviv: whether you're offering payment for a white paper or up-to-date futbol scores, it pays to know the right bait. Android apps may be permission hogs, but it's surprising how often the hogs hoard like misers, never really using them. The US Army pushes cyber into the brigades. How Facebook checks facts. The Thermanator knows which keys you've typed from the heat your hot hand leaves behind. Emily Wilson from Terbium Labs on their recently released white paper on fraud as a supply chain. Guest is Brian Wells from Merlin International discussing how high-performing health care organizations are addressing cyber threats.  

Catphish and Charming Kittens. Data-sharing receives more scrutiny. European copyright law won't be fast-tracked. ZTE gets some relief. Juggalos and Juggalettes defeat facial recognition tools.

Jul 5, 2018 19:52

Description:

In today's podcast we hear about some catphishing in the IDF's pond. Charming Kitten uses itself as bait. Facebook and Google face scrutiny over sharing users' information with third-parties. The Pirate Bay is back after its hiatus, and it's back to cryptojacking. The European Parliament voted today to reopen debate on its controversial copyright legislation. ZTE receives some perhaps temporary, perhaps more enduring, relief from US sanctions.  And confusion to the Muggalos' facial recognition software. Justin Harvey from Accenture with thoughts on quantum computing. Guest is Gadi Naveh from Check Point Software with a look at open source security tools. 

Hybrid warfare. Inveterate DDoS against ProtonMail. Security concerns about Chinese companies. Retail breaches. Agencies scrutinize Facebook data abuse. Infrasound weapons?

Jul 3, 2018 19:20

Description:

In today's podcast we hear that Ukraine has warned of hybrid warfare during UN counter-terrorism meetings. ProtonMail DDoS continues. Security concerns surrounding ZTE, Huawei, and China Mobile. Retail data breaches. A quiz app's backup data are accessed by unauthorized parties. FBI, FTC, and SEC sift through Facebook's answers to questions for the record. A strange set of symptoms among diplomats in China arouses suspicion of infrasound weapons. Rick Howard from Palo Alto Networks on the Cyber Threat Alliance. Guest is Vince Arneja from 5nine on secure cloud implementations.  

Adidas data breach. Facebook on data abuse. Investigation of Exactis data exposure continues. Algonquin College hacked. Tenable's IPO. US-Russia summit will talk election influence ops.

Jul 2, 2018 15:52

Description:

In today's podcast we hear a bit about the data breach Adidas disclosed late last week. Facebook answers Congressional questions for the record and adopts a data abuse bounty program. Investigation of the Exactis data exposure incident continues, but the class action lawsuits have already begun. Algonquin College discloses a hacking incident. Tenable with hold an IPO. US-Russian summit will take up election influence ops. FireEye says North Korea is hacking Latin American banks. Joe Carrigan from JHU ISI reviewing a recent Black Hat survey of cyber security industry professionals. 

VPNFilter malware could brick devices worldwide — Research Saturday

Jun 30, 2018 28:43

Description:

Researchers from Cisco Talos continue to track malware they've named VPNFilter, a multi-stage infection with multiple capabilities, targeting consumer-grade routers. Craig Williams is head of Cisco Talos Outreach, and he joins us with the details. 

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

Data breaches and data exposure. Privacy legislation. Improperly collected phone call records destroyed.

Jun 29, 2018 24:55

Description:

In today's podcast we hear that Ticketmaster UK's hacking incident will provide an interesting GDPR test case. Data aggregator Exactis left nearly two terabytes of personal and business information exposed on the publicly accessible Internet. NSA destroys telephone call data collected in ways it can't square with applicable law. California hastily passes a data protection law. Ave atque vale Harlon Ellison. And our condolences to the victims of the shooting at the Capital Gazette in Annapolis. Dr. Charles Clancy from VA Tech’s Hume Center, discussing his recent congressional testimony concerning supply chain security. Guest is Dr. Mansur Hasib, discussing his book Cybersecurity Leadership. 

Ukraine accuses Russia of preparing a cyber campaign. China eyes Tibetan diaspora. A decryptor for Thanatos ransomware. Nudging away from privacy. Dark web undercover.

Jun 28, 2018 19:58

Description:

In today's podcast we hear that Ukraine has warned that Russia is preparing a coordinated attack against Ukrainian financial and energy infrastructure. China appears to be stepping up surveillance of the Tibetan diaspora. Cisco's Talos unit has a free decryptor for Thanatos ransomware. Facebook's self-audit of data usage proves both more difficult and more skeleton-rattling than hoped. Norwegian consumer watchdogs find that Facebook and Google nudge users away from privacy. An alt-coin sting against drug dealers. Mike Benjamin from CenturyLink on Malspam, and how it differs from run of the mill spam. Guest is Jaime Blasco from AlienVault on the security implications of using open source tools.  

Separating fools from money. — Hacking Humans

Jun 28, 2018 29:47

Description:

Dave shares a story of airport penetration testing with high degree of yuck-factor. Joe explores research on protecting passwords from social engineering. The catch-of-the-day comes courtesy of Graham Cluley's email spam box. Dave interviews Wired's Security Staff Writer Lily Hay Newman on her article tracking Nigerian email scammers. 

 

Thanks to our show sponsor KnowBe4.

DDoS attack on ProtonMail. Rancor cyberespionage campaign. PythonBot serves ads and a cryptominer. EU joint cyber response unit forming. Arrests in BEC campaign. Reality Winner's plea.

Jun 27, 2018 19:54

Description:

In today's podcast, we hear that ProtonMail was hit this morning by an Apophis Squad DDoS attack. Rancor cyberespionage campaign observed in Southeast Asia. PythonBot serves up adware and cryptojacking. WannaCry-themed protection racket is all bark and no bite. EU organizing a joint cyber incident response force. FBI and international partners make arrests in an Africa-based business email compromise racket. Reality Winner's guilty plea. Emily Wilson from Terbium labs with a story of a six-year-old dealing with identity theft. Guest is Paul Aubin from Varonis on the protection of federal systems. 

Romania, UK, warn of Russian cyber ops. International norms of cyber conflict. Bronze Butler's USB drives. Too-smart batteries not smart enough. Industry notes. Game cheater gets jail time.

Jun 26, 2018 19:59

Description:

In today's podcast, we hear warnings of Russian cyber operations from Romania and the UK. Recent attempts at developing international rules of conduct (and conflict) in cyberspace. Bronze Butler's naughty USB drives—not as scary as they sound, but a useful reminder of some sound precautions. FireEye says it never hacked back. Smart batteries may be too smart for their users' good. A new venture fund lends credibility to cryptocurrency and blockchain startups. Overwatch hacker gets jail time in Inchon. Daniel Prince from Lancaster University on cascading failures in complex systems. Guest is Vikram Thakur from Symantec on the VPNfilter router infestation. 

Nation-state cyberespionage and cybercrime. Cryptocurrency fraud and theft give alt-coins a rocky ride. Sino-US trade conflict update. GDPR data extortion. Spammy protection racket.

Jun 26, 2018 14:27

Description:

In today's podcast, we hear that Taiwan continues to receive the PLA's cyber attentions. A look at what the Lazarus Group is up to. Cryptocurrency fraudsters arrested as alt-coin values have a rocky ride. Continuing US hot water for ZTE and Huawei. GDPR-themed data extortion. Business email compromise is up. So are ransomware attacks against US city governments. And when is a ransomware attack not a ransomware attack? When it's just a protection racket. Johannes Ullrich from SANS and the ISC Internet Storm Center podcast on evasive cryptocoin miners. 

LG smartphone keyboard vulnerabilities — Research Saturday

Jun 23, 2018 16:22

Description:

Researchers at Check Point Research recently discovered vulnerabilities in some LG smartphone keyboards, vulnerabilities that could have been used to remotely execute code with elevated privileges, act as a keylogger and thereby compromise the users’ privacy and authentication details.

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

Phishing plays small ball with depressing success. Chinese cyberespionage up. US IC, JCS, worries about innovation. Guilty plea in US espionage case. Ex-Knesset member suspected of spying. Supreme Court decides location privacy case.

Jun 23, 2018 24:06

Description:

In today's podcast, we hear that phishing scams continue to nibble away at bank accounts and reputations: the State of Oregon is among those suffering. Avoid emails promising you leaked pictures of YouTube stars. Chinese espionage against US targets rises. US Intelligence officials worry that failure to play a long game puts the country at a disadvantage with respect to innovation. The Joint Chiefs mull electronic warfare issues. Reality Winner makes a plea agreement in her espionage case. And from ecstasy tablets to Iranian spying is a short sad road. Ben Yelin from UMD CHHS weighs in on the US Supreme Court decision on location data privacy. Guest is Taavi Kotka, former CIO of the Estonian government, discussing that nation’s innovative digital identity system. 

Malicious apps, a clever botnet, and cryptojacking. Patch notes. EU copyright regulations. Congress still doesn't like the cut of ZTE's or Huawei's jib. Tesla sues a former employee.

Jun 22, 2018 19:52

Description:

In today's podcast we hear about a malicious app that will save your battery, but it will also install a backdoor, steal information, and click on a bunch of ads. A sophisticated and patient botnet, Mylobot, is observed in the wild, but it's not yet clear what it's up to. Cryptojackers exploit a known (and patched) Drupal vulnerability. Vectra finds tunnels. Google adds security metadata to Android apps. Cisco patches. The EU's proposed copyright regulations attract little love. Congress pursues ZTE and Huawei. And Tesla sues a former employee. Ryan LaSalle from Accenture, on the opening of their new Cyber Fusion Center. Guest is Ned Miller from McAfee on their “Winning the Game” report on the gamification of security training. 

Playing on Kindness — Hacking Humans

Jun 21, 2018 22:17

Description:

Joe explains the Ben Franklin effect. Dave describes job applicants tricked unto money laundering. A listener tells a tale of being fooled by an appeal to greed. Joe interviews Stacey Cameron from DirectDefense about her physical penetration testing work.

 

Thanks to our show sponsor KnowBe4.

Satellite communications suffer from Thrip(s). Zacinlo rootkit poses as a VPN. Insecure Firebase apps. EU copyright legislation. Kardon Loader. Bithumb robbed. #Opicarus2018. Bitcoin Baron jailed.

Jun 21, 2018 19:57

Description:

In today's podcast, we hear that the Chinese espionage group Thrip is targeting satellite communications operators and others in the US and Southeast Asia. Zacinlo rootkit hides inside a bogus VPN. Developers are leaving Firebase apps insecure. The EU's controversial copyright regulation advances from committee. Kardon Loader malware is in beta. South Korean cryptocurrency exchange Bithumb is looted of more than $30 million. Anonymous is back with Opicarus2018. And the Bitcoin Baron goes to jail. Awais Rashid from Bristol University on why real-world experimentation is vital to cyber security. Guest is Dr. Chris Pierson from Binary Sun Cyber Risk Advisors, weighing in on the claims of sabotage at Tesla.  

Charges in Vault 7 case. Olympic Destroyer appears to be back. Liberty Life hack. Does Tesla have a rogue insider? US Senate hits at ZTE. Guilty plea in OPM hack-related fraud. Motive: blackmail.

Jun 20, 2018 19:57

Description:

In today's podcast we hear that the US has charged a former CIA engineer in the WikiLeaks Vault 7 case. Olympic Destroyer may be back, and preparing to hit chemical weapons investigators and arms control specialists. Updates on the Liberty Life data extortion investigation. Elon Musk says Tesla Motors has an internal saboteur. The US Senate snatches the lifeline out of ZTE's hands. A guilty plea in OPM-breach-related fraud. A possible motive in the Jeopardy champ's email hacking. David Dufour from Webroot with insights on the impact they’re seeing from GDPR. Guest is Lenny Zeltser from Minerva Labs discussing his IT and security “cheat sheets.” 

Date extortion attempt against Liberty Life. Rex Mundi, Black Hand arrests. Hidden Cobra's back. Clipboard hijacking hits cryptocurrency wallets. ZTE, Huawei security fears. Pulp fiction.

Jun 19, 2018 18:46

Description:

In today's podcast we hear that Liberty Life has sustained an attempt at data extortion. In separate operations, international police agencies cooperate against Rex Mundi, Black Hand, and the remnants of Silk Road. Cyber espionage notes. North Korean hacking resumes. More clipboard hijacking afflicts cryptocurrency wallets. Security concerns tighten around ZTE and Huawei. And pulp fiction: from Russia with love, and from the Clinton Library. Malek Ben Salem from Accenture Labs on concerns over emerging technology capable of voice impersonation.  

Cyber bank heists — Research Saturday

Jun 16, 2018 15:57

Description:

Carbon Black's Chief Cybersecurity Officer Tom Kellerman shares the results of their recent report, Modern Bank Heists: Cyberattacks & Lateral Movement in the Financial Sector.

For the report, they interviewed CISOs at 40 major financial institutions, revealing attack and mitigation trends.

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

MysteryBot developed from LokiBot. Satan rebranded as DBGer. Snooping on iOS got harder, but maybe not impossible. IG report on the FBI is out, not damning but not good, either.

Jun 16, 2018 22:40

Description:

In today's podcast we hear that MysteryBot is under development and presumably being prepared for sale on the black market. Satan ransomware gets a makeover and a new name. Apple has taken measures to make iOS traffic less accessible to snooping, but lawful snoops may already have a way around that security. Kasperky will no longer work with Europol. The US Justice Department IG reports on the FBI. And a former Jeopardy champion cops a hacking plea. Robert M. Lee from Dragos, on his efforts to educate through the use of comic strips. Guest is Scott Petry from Authentic8 discussing their FAKE booth at the RSA conference.  

Chinese espionage in Central Asia. Dixons Carphone data exposure. Lazy State speculative execution bug. Pyongyang is expected to come roaring back into cyberspace. Unlucky 13. Chinese espionage in Central Asia. Dixons Carphone data exposure. Lazy State sp

Jun 14, 2018 18:44

Description:

In today's podcast, we hear that LuckyMouse has crept into an unnamed Central Asian house. Dixons Carphone data exposure presents complex legal and regulatory issues—it's the first big incident since GDPR came into effect. "Lazy State" is another CPU speculative execution bug. The US Congress doesn't care for ZTE, Australia's government is wary of Huawei, and the EU doesn't like Kaspersky at all. If you didn't like the end of net neutrality, wait until you get a load of the proposed EU Copyright Regulation's Article 13. More hacking expected from Pyongyang. Dr. Charles Clancy from VA Tech, discussing research on antifragile communications. Guest is Stacey Smith from CAMI on MD's legislation supporting cyber security businesses. 

Hacking Humans — Gaming pro athletes online.

Jun 14, 2018 30:00

Description:

Joe warns of scammers taking advantage of natural disasters, Dave explores romance scams, and gets a strange voice mail. 
Stephen Frank from the National Hockey League Players Association joins us to share how professional athletes protect themselves from online scams. 

Thanks to our show sponsor KnowBe4.

Cable-tapping for a new century. Lazarus Group update. BabaYaga's cannibalistic malware. Patch Tuesday notes. Cryptojacking. World Cup surveillance. Beware of strangers bearing gifts with USB connections.

Jun 13, 2018 16:40

Description:

In today's podcast we hear that old news is new news when it comes to undersea cables. The Lazarus Group is still at it, against South Korean targets. BabaYaga eats other malware so it can stage WordPress spam. Patch Tuesday notes, including some products that Redmond will no longer support. Crytpojackers are still busy. One new strain of coin-mining malware uses the Eternal Romance exploit to spread. World Cup surveillance threatens visiting fans. And don't plug gifts from strangers into your USB port.  Justin Harvey from Accenture with thoughts on supply chain security. Guests are Saher Naumaan and Kirsten Ward promoting RESET, BAE Systems’ Women in cyber event. 

Don't get cozy with Cozy Bear. Code-signing issues stem from muddled documentation. Devices ship with inadvertent backdoor. Matryosha attack. Operation WireWire versus BEC scammers.

Jun 12, 2018 19:46

Description:

In today's podcast we hear that the US Treasury Department has announced sanctions against Russian entities it says were too cyber-cozy with the FSB. Code-signing issue looks like what we have here is a failure to communicate. Android devices are being shipped with ADB enabled, and cryptojackers enter by the backdoor. A layered criminal attack posing as emails from Samsung spearphishes Russian victims. Operation WireWire reels in seventy-four business email compromise suspects. Ben Yelin from UMD CHHS on the framing of the encryption debate.  Guest is Steve Schult from LogMeIn and LastPass on best practices password security. 

SWIFT fraud (behind a wiper). Coinrail ICO robbery. Chinese espionage. G7 agrees to a coordinated response to hostile cyber operations. Malwaretech faces new charges.

Jun 11, 2018 17:33

Description:

In today's podcast, we hear about more SWIFT fraud, with a wiper attack as misdirection. Cryptocurrency exchange looted of ICO tokens. Chinese espionage in Rhode Island, and a conviction in Virginia. Dropping Elephant spearphishes in think tanks. G7 agreement suggests a coordinated response to hostile cyber operations. Net neutrality expired this morning in the US. And Marcus Hutchins faces additional charges. Jonathan Katz from UMD discussing hashing. 

Winnti Umbrella Chinese threat group — Research Saturday

Jun 9, 2018 20:59

Description:

Researchers from ProtectWise's 401TRG team recently published research linking a variety of new and previously reported Chinese cyber threat groups.

Tom Hegel is a Senior Threat Researcher with the 401TRG, and he joins us to share their findings. 

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

Adobe patches a zero-day being exploited in the wild. Chinese cyber espionage, and the risks of data-sharing. Facebook default settings glitch. Industry notes.

Jun 8, 2018 24:50

Description:

In today's podcast, we hear that Adobe has patched a Flash vulnerability. InvisiMole is a discrete, selective cyber espionage tool. A Facebook glitch inadvertently changed users' default privacy settings. Leidos exits the commercial cyber market. China is back at IP theft, and some conventional cyber espionage, too. Congress wants explanations of data-sharing with Huawei and ZTE, and it wants those companies investigated as security risks. Feds Facebook friend felons. Rick Howard from Palo Alto Networks with the winners from this year’s Cyber Security Canon gala. Guest is Cory Petty from BAH, host of the BitCoin podcast, discussing blockchain.  

New criminal campaigns out and about. Fancy Bear changes style, but not management. VPNFilter hits more devices. CloudPets overshare, but maybe more benignly than Google and Facebook.

Jun 7, 2018 19:18

Description:

Iron Group said to use Hacking Team source code to build a backdoor. Operation Prowli both cryptojacks and sells traffic. Fancy Bear may be getting noisier. VPNFilter has a more extensive set of victim devices than previously believed. ZTE pays a billion dollar fine. CloudPets are oversharing via an unsecured server. The US Senate wants answers from both Facebook and Google about their user data sharing with Chinese companies. Daniel Prince from Lancaster University on the security of Industrial Control Systems. Guests are Kyle Lady and Olabode Anise from Duo Security covering their annual report on authentication. 

Hacking Humans — A flood of misinformation and fake news

Jun 7, 2018 30:07

Description:

In this episode, Joe examines the anatomy of a phishing attack, Dave explores pretexting, and a scammer targets real estate agents. 
Professor Stephen Lewandowsky from the University of Bristol joins us to share his research on misinformation, fake news, and inoculating people against them. 

Thanks to our show sponsor KnowBe4.

Espionage, influence, summits, and elections. What counts as a luxury? An iCloud warrant raises cryptowars speculation. Microsoft's GitHub acquisition. Facebook's coziness with Shanghai?

Jun 6, 2018 19:49

Description:

In today's podcast, we hear that TempTick and Turla are interested in the US-North Korean summit. That summit might not take up many cybersecurity issues. Where did North Korea get all that digital rope they want to hang the West with? It seems we competed to sell it to them, more-or-less unwittingly. Russian influence ops continue to give lies their bodyguard of truth. The FBI gets a warrant for a high-profile iCloud account. Microsoft outbid Google for GitHub—what will Redmond do with all that code? Facebook may have a complicated relationship with Shanghai. Johannes Ullrich from the ICS Stormcast podcast on deserialization. Guest is Ameesh Divatia from Baffle on GDPR and cloud data privacy. 

DPRK hackers quieter in the run-up to the Kim-Trump summit. Russian EW. Cryptocurrencies and crime. Law firm social engineering. Dodgy World Cup Wi-Fi. Bad AI, a time-traveler's poly.

Jun 5, 2018 18:30

Description:

In today's podcast, North Korea still seems to be leaving American IoT networks more-or-less alone, for now, however actively they're hacking elsewhere. Everything old is new again, at least with Russian EW. Cryptocurrency crime is a worry everywhere. A look at law firm hacks shows the counselors could use the help of some street-savvy hotel detectives more than a tech-savvy perimeter security solution, although that wouldn't be bad, either. Beware of letting World Cup Wi-FI be an own-goal. Apple's latest updates seem privacy friendly. Thoughts on AI, and the polygraphing of a time traveler that sounds totally legit. David Dufour from Webroot on new roles for security, and how that impacts hiring and education. Guest is John Dickson from Denim Group on securing voting infrastructure. 

Microsoft buys GitHub for $7.5 billion. VPNFilter tries to reconstitute itself. Ransomware and DDoS notes. USA Really seems to be latest in Russian disinformation.

Jun 4, 2018 14:57

Description:

In today's podcast we hear that Microsoft is buying GitHub for $7.5 billion. VPNFilter seeks to reestablish itself. Financial Trojans are up and ransomware is down, but don't count the ransomware out, not yet. A get-decrypted-for-free card to Russian ransomware victims. The children of Mirai trouble an unhappy world. USA Really may be the latest incarnation of the Internet Research Agency, complete with rabid Florida squirrels, Wisconsin blood-suckers, and advice on Louisiana's secession. Malek Ben Salem from Accenture Labs on using keyboard biometrics to detect mental disorders. 

Islamic State propaganda persistence — Research Saturday

Jun 2, 2018 19:02

Description:

Researchers from Flashpoint recently explored ISIS' ability to distribute propaganda across the internet, and their use of major internet service providers to help them achieve persistence.

Ken Wolf is a Senior Analyst at Flashpoint, and he describes what they learned.

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

Lazarus Group updates. Cybercrime's GDP. New Zealand a Chinese espionage target? ZTE and Huawei criticized. BND will continue to monitor Frankfurt hub. Google's knowledge panels.

Jun 1, 2018 24:37

Description:

In today's podcast we hear that the Lazarus Group may be on (relative, selective) good behavior. A study suggests that if cybercrime were a country, it would have a GDP comparable to Russia's. The Canadian Security Intelligence Service warns, in the nicest way possible, that Chinese spies are out to get New Zealand. ZTE and Huawei come in for more criticism. The BND gets a court victory in Leipzig. Google's ground-truth algorithms are looking a little truthy. Joe Carrigan from JHU ISI with follow-up on listener comments from last week’s iOS vs Android discussion. Guest is Todd Inskeep from BAH with highlights from a talk he gave at RSA on NotPetya. 

Kaspersky loses court challenge to US Government ban. Cryptomix ransomware. US Departments of Commerce, Homeland Security, and Energy plan resiliency. A packrat at CIA? Reboot your routers.

May 31, 2018 19:56

Description:

In today's podcast we hear that Kaspersky has lost its court challenge to the US Government ban on its products, but plans to  appeal. Cryptomix ransomware is out in the wild. Vulnerabilities found in SingTel routers. Chrome 67 update includes patches. The US Departments of Commerce and Homeland Security address botnets (and ask for research). The US Department of Energy plans for resiliency. Twitter takes down tweens. A packrat at CIA? Reboot your routers. Robert M. Lee from Dragos, reviewing some recently published ICS security reports. Guest is Adam Vincent from ThreatConnect on the increasing importance of threat intelligence for many organizations. 

Hacking Humans - Social engineering works because we're human.

May 31, 2018 30:08

Description:

In this premier episode of the Hacking Humans podcast, cohosts Dave Bittner from the CyberWire and Joe Carrigan from the Johns Hopkins University Information Security Institute discuss noteworthy social engineering schemes and ways to detect them. 

Author Christopher Hadnagy discusses his book The Art of Human Hacking. 

Thanks to our show sponsor KnowBe4.

More North Korean malware identified. EOS scanned for misconfigurations by parties unknown. Canadian banks won't pay extortion. Stay away from Joker's Stash. Crime and punishment.

May 30, 2018 18:41

Description:

In today' s podcast, we hear that the US has attributed two more strains of malware to North Korea. And whether you call them Hidden Cobra or the Lazarus Group, it's the same reliable crew of Pyongyang hoods. More trouble for the ICO world as unknown but probably bad actors scan for misconfigurations in EOS blockchain nodes. Canadian banks decline to pay extortion. Joker's Stash counterfeits show there's even less honor among thieves than you may have thought. Baratov gets five years for the Yahoo! hack, and "Courvoisier" gets a solid ten-year sentence for multiple crimes. Justin Harvey from Accenture with thoughts on GDPR. Guest is Ruvi Kitov from Tufin on why automation should be in wider use than it is.  

Rebooting routers against VPNFilter. Canadian banks compromised? Cobalt gang is back. 51% attacks on blockchains. "Courvoisier" sentenced. NATO looks at Russia's weaponized jokes.

May 29, 2018 19:55

Description:

In today's podcast we hear that the FBI recommends rebooting your routers against VPNFilter. Data extortion hits Canadian banks. The Cobalt Gang is back. 51% attacks fiddle with cryptocurrencies. BackSwap banking Trojan is tough to detect. Coca-Cola discloses data theft by a former employee. Courvoisier—the hacker, not the cognac, gets ten years. Facebook continues to work on its content moderation, and Papua New Guinea may block the platform for a month of study. NATO studies humor, very seriously. Ben Yelin from UMD CHHS on police attempts to use a deceased person’s fingerprints to unlock a phone. Guest is Mike Benjamin from CenturyLink on their recent threat report covering IoT and DDoS. 

UPnProxy infiltrates home routers — Research Saturday

May 26, 2018 20:26

Description:

Researchers at Akamai recently published a white paper titled UPnProxy: Blackhat proxies via NAT Injections.

In it, they describe vulnerabilities with Universal Plug and Play capabilities in home routers, and how malicious actors could take advantage of them. 

Chad Seaman is a senior CERT engineer at Akamai, and he's our guide. 

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

VPNFilter takedown. Low-cost Android phones with preloaded adware. Alexa's selective attention. BMW patches connected cars. Cryptocurrency crimes. New swatting charges. GDPR is here.

May 25, 2018 24:52

Description:

In today's podcast, we hear that the FBI's takedown of VPNFilter may have averted a major state-directed campaign. Some discount Android phones come with preloaded adware. Amazon's Echo echoed a little too much. BMW patches some potentially serious vulnerabilities in its connected cars. Cryptocurrency exchanges hit by a double-spending crook. The US Justice Department investigates crypto exchange price manipulation. New charges have been filed in the December Kansas swatting death. And GDPR is now with us. Let the lawsuits begin. Joe Carrigan from JHU ISI, comparing the security of iOS vs. Android. Guest is Mischel Kwon from MKACyber on the evolving role of SOCs. 

VPNFilter and battlespace preparation. XENOTIME may be back, and after industrial systems. GDPR updates. Following Presidential Tweets.

May 24, 2018 19:58

Description:

In today's podcast, we hear that VPNFilter, described by Cisco's Talos research unit, looks like battlespace preparation for Fancy Bear. The FBI may have succeeded in impeding its operation. Dragos describes XENOTIME, the threat actor behind the TRISIS industrial safety system attacks, and they say we can expect them back. GDPR is coming tomorrow, and a company has found a way of letting worried CISOs sleep at night. And your right to follow theRealDonaldTrump on Twitter has now been secured by the US Federal Court for the Southern District of New York. Enjoy. Dr. Charles Clancy from the Hume Center at VA Tech, discussing how cell towers track you even when you have location services disabled (and why that’s a good thing). Guest is Erez Yalon from Checkmarx with their research on Amazon Echo eavesdropping vulnerabilities. 

Variant 4 and other chipset vulnerabilities. Confucius and Patchwork. Turla goes two-stage. Misconfigured not-for-profit bucket. ZTE's fraying lifeline. Facebook and the EU. Brain Food.

May 23, 2018 19:46

Description:

In today's podcast we hear a bit more on Variant 4—we may see more like it. Mitigations are under preparation. The Confucius threat group modifies its approach to targets. Turla adopts a two-stage infection technique. A misconfigured AWS S3 bucket exposes a California not-for-profit's clients. ZTE's lifeline may not be so strong after all: the US Administration wants significant concessions and the US Congress seems to want none of it at all. Facebook's EU testimony gets tepid reviews. And a botnet is pushing smart pills and diet supplements—not that any of you will be tempted. Daniel Prince from Lancaster University on risk management and uncertainty. Guest is Sung Cho from SEWORKS on research they did on the security of fitness apps.  

Speculative Store Bypass. GPON-based botnet. Customer data exposures. Roaming Mantis gets more capable. Nation-state threats.

May 22, 2018 18:57

Description:

In today' podcast we hear about the Speculative Store Bypass vulnerability that's been found in most current chipsets. GPON-based routers assembled into botnets. Comcast and TeenSafe close vulnerabilities in transmission and storage of customer data. Roaming Mantis banking Trojan acquires new functionality. Is Moscow waiting for the World Cup to conclude before going on cyberattack? How about Iran and China? Will DPRK hacking be on the summit agenda? And GDPR is coming Friday, to some information near you. Emily Wilson from Terbium Labs on the notion of fear vs. empowerment applied to security. Guest is Sam Elliott from Bomgar with a review of their 2018 Privileged Access Threat Report.  

DPRK's Sun Team works from three apps in Google Play. PII for sale in Zheijiang. SPEI theft. Jihadist content in social media. SEA charges. DDoS-for-hire sentencing. ZipperDown bug.

May 21, 2018 16:47

Description:

In today's podcast, we hear that North Korea's Sun Team is rising in Red Dawn. Much PII, mostly out of Japan, appears in the black-market stall of a poorly reviewed vendor. The Mexican bank raid seems, the Central Bank says, to have started with a small brokerage and spread from there. Facebook and Google+ continue to be infested with jihadist inspiration. More charges for alleged Syrian Electronic Army hoods. A man gets fifteen years for, among other things, DDoSing former employers. And mobile app users? XYZ. Ben Yelin from UMD CHHS on controversy involving North Carolina police using overly broad warrants to gather location data from Google. 

Threat actors hijack Lojack — Research Saturday

May 19, 2018 17:08

Description:

Researchers from Arbor Networks' ASERT Threat Intelligence Team recently published a report titled, "Lojack Becomes a Double Agent." It outlines how threat actors are altering legitimate recovery utility software and simulating its command and control servers to gain access to target machines. 

Richard Hummel is manager of the ASERT Threat Research Team, and he joins us to describe their work. 

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

Something Wicked this way comes. Automating wallet pilferage. Office 365 phsihing scams. DPRK hackers remain active. Recognizing alt-coin investment frauds.

May 18, 2018 23:48

Description:

In today's podcast, we hear that a new Mirai variant is out and about: they call it "Wicked." MEWkit automates coin theft. LocationSmart was buggy and leaky. The US Senate has confirmed Gina Haspel as Director of Cetnral Intelligence. Relaxed tensions along the 38th Parallel aside, North Korea remains active against South Korea in cyberspace. There's a lot of fraud in cryptocurrency investing, and the SEC would like to help you recognize it. David Dufour from Webroot on threat trends. Guest is Heather Vescent, a futurist and author, describing how she applies her work to cyber security.  

Competing for terrorist mindshare. ICS threat group update. AnonPlus vandalizes US state sites. GDPR's disclosure timeline. Congressional hearings. DarkOverlord collared.

May 17, 2018 19:24

Description:

In today's podcast, we hear that Al Qaeda is back, howling online toward whatever lone wolves might be within earshot. The CHRYSENE ICS threat group may be looking beyond the Arabian Gulf. AnonPlus is after US state governments—New Mexico, Idaho, and Connecticut have received the hacktivists' puzzling vandalism. What the EU will expect of you within seventy-two hours of discovering a breach. The US Congress wants answers about, among other things, ZTE and Cambridge Analytica. And an alleged DarkOverlord is nabbed in Serbia. Dr. Charles Clancy from the VA Tech’s Hume Center, discussing the skills shortage for the 5G network buildout. Guest is Ryan Barnette from Akamai on Drupalgeddon 2.0. 

Spyware campaigns: phishing and watering holes. Signal patches (fast). DHS cyber strategy. Russian election hacking. Cyber Investing Summit. Do smart people pick better passwords?

May 16, 2018 19:21

Description:

In today's podcast we hear that a spyware campaign centered on Pakistan and thought to be the work of Pakistan's military, comes in two variants: one for Android, the other for iOS. Vietnam is said to be phishing in a compromised Phom Penh Post website. Signal patches a cross-site-scripting issue very rapidly. The US Department of Homeland Security releases its cybersecurity strategy. The Cambridge Analytica whistleblower talks to the Senate Judiciary Committee. The Senate Intelligence Committee concludes that the Russians didn't like Hilary Clinton. Investigation of Vault 7 leaks continues. Notes from the Cyber Investing Summit. And if you're so smart, how come your password is "Ninja?" Johannes Ullrich from SANS and the ISC Stormcast podcast, discusses the EFail email encryption issue. Guest is Michelle Maitland from SecureStrux on risk management framework compliance.  

Email client vulnerabilities. Sanctions and trade policy. FinFisher in Turkey. myPersonality data scandal. Patch news. High school phishing.

May 15, 2018 19:44

Description:

In today's podcast, we hear about reports of email client vulnerabilities. Worries about Russian and Chinese software and hardware vendors. Security and trade policy notes. FinFisher found used in Turkey. The data scandal that brought down Cambridge Analytica moves to the University of Cambridge, but there the issues seem to be security, anonymization, and possible oversharing. Adobe and Samsung issue patches. A California high school student is accused of phishing for grade books. Ben Yelin from UMD CHHS on the Microsoft overseas data storage case that went to the U.S. Supreme Court. Guest is John Grimm from Thales eSecurity on their Global Encryption Trends study that they put together along with the Ponemon Institute.  

Unauthorized banking transfers in Mexico? A lifeline for ZTE. Iranian cyber op-tempo rises. Russian troll farm's ad buys. Reining in apps. Cell tracking. Anonymous is back.

May 14, 2018 15:17

Description:

In today's podcast we hear that Mexican banks may have sustained unauthorized funds transfers. Presidents Trump and Xi seem willing to toss a lifeline to drowning ZTE. Some researchers report an uptick in Iranian cyber operations. Russia's premier troll farm bought Facebook and Instagram ads targeting American teenaged girls. Apple, Facebook, and Twitter tighten their grip on apps connecting to their stores or services. Police cell-tracking receives scrutiny. And Anonymous is back. Justin Harvey from Accenture with his thoughts on whether the U.S. pulling out of the Iran nuclear deal will lead to more cyber attacks from Iran. 

Three pillars of Artificial Intelligence — Research Saturday

May 12, 2018 32:15

Description:

Bobby Filar is a Principal Data Scientist at Endgame, and coauthor of the research paper, The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and Mitigation. The report surveys the landscape of potential security threats from malicious uses of AI, and proposes ways to better forecast, prevent, and mitigate these threats. Bobby Filar joins us to discuss the paper, and his views on the evolving role of AI in cybersecurity. 

The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and Mitigation

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

Vigilantes and hacktivists. Point-of-sale malware source code leaks. Malicious extensions and apps. US Federal indictments: spying and hacking. Robo-caller gets record fine.

May 11, 2018 23:25

Description:

In today's podcast, we hear that vigilantes have visited ZooPark, and the lights go out—voluntarily—on some Georgia hacktivists. Treasure Hunter source code posted to a criminal forum. Malicious Chrome extensions and malicious Android photo-editing apps. GrandCrab ransomware served by compromised legitimate sites. Russian influence ops. Concerns about a resumption of Iranian hacking. Ex-CIA officer charged with espionage. Hobby hacker indicted on Federal charges. FCC hits a robo-caller with a record fine. Jonathan Katz from UMD on why cryptography is more challenging than many software engineers think. Guest is Cyrus Farivar, author of the book Habeas Data, Privacy vs. the Rise of Surveillance Tech. 

Cyber conflict between Iran and the US widely expected. ALLENITE threat group is after US, UK power grids. Jack-in-the-Box vulnerability. Signal's memory. Is ZTE going down?

May 10, 2018 19:58

Description:

In today's podcast we hear that US withdrawal from the Iranian nuclear deal is widely taken as heralding a new round of cyber conflict. Cyberattacks on critical infrastructure are seen as an asymmetric way of war. The ALLANITE threat group is observed successfully reconnoitering US and UK electrical power grids. Jack-in-the-Box does nasty things with images. Signal's self-deleting messages don't, or at least they don't always. And US sanctions may be putting ZTE out of business. Robert M. Lee from Dragos on the sliding scale of cyber security. Guest is Jonathan Matkowsky from RiskIQ with concerns over ICANNs pending interim policy changes on the WHOIS database in response to GDPR.  

Subborn IoT botnets. Razzle-dazzle HTML phishing lure. Fancy Bear's false flag. Busy Yahoo boys. Crooks turn from Tor to Telegram. Kaspersky and contractors. Patch notes. SB 315 vetoed.

May 9, 2018 18:28

Description:

In today's podcast we hear about Hide-and-Seek, a hard to flush botnet. A phishing technique takes advantage of an email client's rendering of HTML. Facebook death threats in 2015 are said to have been the work of Fancy Bear, dressed up as the Cyber Caliphate. Nigeria's Yahoo boys are busier than ever. DHS wonders what it will take to get US Federal contractors to get rid of Kaspersky. Crooks turn from Tor to Telegram. Patch Tuesday notes. And Georgia's governor vetoes a controversial cybersecurity bill. Joe Carrigan from JHU ISI on a pilot program from Delaware on mobile drivers licenses. Guest is Phillip Dunkelberger from Nok Nok Labs on authentication usability, standardization, and security issues. 

Greek and Turkish hacktivists swap defacements. Process Doppelgänging in the wild. GDRP is coming (like winter, for you Game of Thrones fans.) Profiling infosec enthusiasts.

May 9, 2018 18:49

Description:

In today's podcast we hear that hacktivist lightning is flashing across the Aegean, hitting Greek and Turkish TV stations. Process Doppelgänging is observed in ransomware circulating in the wild. Unstructured data could expose enterprises to GDPR regulatory risk. So might transitive data sharing. Big US companies are ready to follow GDPR standards in North America as well as Europe. Older Lantech industrial servers appear vulnerable to remote code execution. Vandals hit security cameras in Japan. And teachers, don't necessarily leave those kids alone, but maybe that cultist is actually an infosec enthusiast. Emily Wilson from Terbium Labs on third party data showing up on the dark web. Guest is Chris Dollase from Mimecast on the role of the threat researcher.  

2018 RSAC Outlook - Special Edition

May 9, 2018 17:51

Description:

Just before the RSA conference this year, we spoke with a pair of industry experts for their take on the year so far, and what they expect to see in the coming months. In this CyberWire Special Edition, we hear from Craig Williams, Director of Talos Outreach at Cisco, and later in the show from Jon Rooney, Vice President of Product marketing at Splunk.

Winnti Umbrella covers multiple threat actors. DPRK off-shores cyber ops. ZooPark is in its fourth generation. GPON router bugs exploited in the wild. Russian Twitterbots. Block the EU?

May 8, 2018 16:34

Description:

In today's podcast we hear that Chinese intelligence services have been seen beneath the Winnti Umbrella. North Korea's off-shoring of cyber operations. ZooPark Android spyware is now in its fourth generation, and still active in the Middle East and North Africa. Vulnerabilities in Dasan GPON routers are exploited in the wild. Russian Twitterbots are suspected of tweeting death threats in the UK. David Dufour from Webroot on anti-malware testing procedures. And how do you solve a problem like GDPR? 

BlackTDS and ThreadKit offered in criminal markets — Research Saturday

May 5, 2018 21:16

Description:

Kevin Epstein is Vice President of Proofpoint's Threat Operations Center. We’re discussing two bits of research with him today. The first is about BlackTDS, a traffic distribution tool for sale in dark web markets. A little later in the show, he’ll tell us about ThreadKit, a document exploit builder.

 

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

In the shredder or off the truck? Battlespace prep for a supply chain campaign? NG-Spectre found in Intel chips. No domain fronting for you. Kitty mines monero. NSA, US Cyber Command under new management.

May 5, 2018 24:55

Description:

In today's podcast we hear that they're hoping in Australia that backup tapes made it to the shredder, and didn't fall off the truck. Equifax's board of directors gets reelected. Are China's espionage services preparing the battlespace for a supply chain attack. New Spectre-like vulnerabilities are found in Intel chips. Google and Amazon clamp down on domain fronting, and anti-censorship advocates are unhappy. Here Kitty…we have Monero for you. And a change of command at NSA and US Cyber Command. Johannes Ullrich from SANS and the Internet Stormcast podcast, reviewing the history of hardware flaws. Guest is Philip Tully from ZeroFox with a recap of a talk he gave at RSA on AI. 

Lojack for Laptops backdoor? World Cup cybersecurity. Schneider Electric patch. Reward points for sale. Medical device vulnerabilities. PPD-20 revision?

May 4, 2018 19:47

Description:

In today's podcast we look at some indications that LoJack for Laptops might have been compromised to report back to Moscow. World Cup cybersecurity. Schneider Electric patches developer's tools. Travel and hospitality rewards points are the menhaden of the black market. Medical device vulnerabilities. Taking the gloves off Cyber Command. It's National Password Day, and Microsoft (along with many others) would like to move beyond the password. And a requiem on Press Freedom Day for working journalists murdered by the Taliban. Ben Yelin from UMD CHHS discussing who’s responsible when an AI kills someone. Guest is Edna Conway from Cisco on pervasive security architecture and third party risk. 

New nation-state actors in cyberspace. SiliVaccine AV said to incorporate pirated code. Credential stuffing and password reuse. GravityRAT evades sandboxes. GDPR approaches.

May 3, 2018 19:27

Description:

In today's podcast we hear that more nation-states have acquired and are using cyber capabilities. North Korea's SiliVaccine anti-virus product appears to have pirated an old version of Trend Micro's scan engine. Despite warnings of credential stuffing, people still reuse passwords. GravityRAT now takes its victims' temperature. Many firms remain unprepared for GDPR. Questions arise about possible overpreparation by two of the biggest companies out there. And some dimwit has hacked a highway sign in Arizona. (Congratulations, knucklehead.) Justin Harvey from Accenture on the uptick in credential harvesting they’re seeing. Guest is Piero DePaoli from Service Now with results from their recently published security report. 

Payment system hack investigated. Patch weaponization. Medical zero-days for sale. Responsible disclosure. Bad bots attack. Car hacking. Trends in phishbait.

May 2, 2018 18:58

Description:

In today's podcast, we hear that a possible bank payment system hack remains under investigation in Mexico. Medical zero-days for sale, and not on the black market. SamSam continues to spread. What to look for in bad bots. Patched vulnerabilities are being weaponized at higher rates. Proof-of-concept car hacking demonstration shows in-vehicle infotainment system vulnerabilities. And when you see these phishbait phrases in an email subject line, be sure to spit the hook. Emily Wilson from Terbium Labs on recent takedowns of content on Reddit. Guest is Patrick Peterson from Agari on Brand Indicators for Message Identification (BIMI), a proposed standard to better secure email. 

Bank hack in Mexico. FacexWorm goes cryptomining. SamSam's volume discount. Influence ops. Researchers confirm that teams use teamwork.

May 1, 2018 19:53

Description:

In today's podcast, we hear about an attempted banking hack in Mexcio. Hidden Cobra gets busy around diplomacy. The FacexWorm adds cryptomining functionality. SamSam ransomware looks to catpure entire enterprises. A Sunday Times investigation finds that Russian Twitterbots tried to swing British voters toward Labour. The US House Intelligence Committee has released its report on influence operations during the last US Presidential election. Researchers find that teams and committees are different things. Robert M. Lee from Dragos on regulations vs. incentives. Guest is Dan Lyon from Synopsys on IoT security.  

New MacOS backdoor linked to OceanLotus — Research Saturday

Apr 28, 2018 19:59

Description:

Researchers at Trend Micro recently discovered a backdoor targeting MacOS users that they believe is the work of the OceanLotus threat group, an organization previously thought to have launched targeted attacks against human rights organizations, media organizations, research institutes, and maritime construction firms.

Mark Nunnikhoven is VP of Cloud Research at Trend Micro, and he explains what they've learned. 

https://blog.trendmicro.com/trendlabs-security-intelligence/new-macos-backdoor-linked-to-oceanlotus-found/

 

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

Crimeware kits, ransomware, and source code breaches. The Internet conduces to organic radicalization. Russia in Finland. Snooper's Charter notes. Crypt armistice or just key escrow?

Apr 28, 2018 20:58

Description:

In today's podcast we hear that Rubella hits the shelves of the criminal black market—it's the crimeware kit, not the German measles. Necurs gets shifty by going retro. iPhone unlocking specialists endure an apparently minor breach. The sad story of structural extremism on the Internet. Finland says the Russians are coming there, too. Snooper's Charter setback. Proposed bill would make it easier for DHS to clean US Federal networks. Crypto Wars modus vivendi said to be just key escrow. Dr. Charles Clancy from VA Tech Hume Center on the 5G mobile network rollout. Guest is Merike Kaeo from Farsight Security, discussing DNS data as an early warning system for cyber threats. 

Some fix fast, others not at all. Ransomware campaign's demands are non-negotiable (for most victims—Russians get a hometown discount). Content filtering. Jamming in Syria.

Apr 27, 2018 19:49

Description:

In today's podcast we hear about another exposed data base, trouble with routers, issues with storage cameras, and problems with storage devices. Some have been promptly fixed, but others are offering users Hobson's choice: take it or leave it. An apparent ransomware campaign says payment demands are "non-negotiable," unless, of course, you happen to be Russian, in which case, let's talk. Citizen Lab complains about certain kinds of content filtering in South Asia. What's up with Compass Call in Syria?  Jonathan Katz from UMD on mathematical backdoors. Guest is Paul Burbage from Flashpoint on the compromised Magento sites. 

DPRK plays offense and defense. PyRoMine and EternalRomance. Russian disinformation on Syrian massacre. Alt-coin heist may be misdirection. Nakasone confirmed at NSA. Webstresser takedown.

Apr 26, 2018 19:55

Description:

In today's podcast, we hear that North Korea has gone big with GhostSecret. Meanwhile, Pyongyang's elite tries to cover its online tracks. PyRoMine uses EternalRomance to disable security systems enroute to cryptomining. Russia enagages in video disinformation about Syrian nerve agent attacks. A complicated alt-coin heist may be misdirection for something bigger. Huawei may be in trouble over Iran sanctions. Apple patches. Europol takes down Webstresser. General Nakasone confirmed as Director NSA and Commander US CyberCom. Daniel Prince from Lancaster University on security in the financial sector. Guest is Joe Cincotta from Thinking Studio on how smart design leads to better security.  

Ransomware in Ukraine's Energy Ministry. Energetic Bear infrastructure. Anonymous Twitter accounts equal bots? Orangeworm in x-ray, MRI machines. Sanction notes. Election security.

Apr 25, 2018 18:40

Description:

In today's podcast, we hear that Ukraine's Energy Ministry is under ransomware attack. Kaspersky finds infrastructure belonging to Energetic Bear. Lots of anonymous Twitter accounts pop up in East Asia. Orangeworm is after something in healthcare networks, but whether it's IP or PII is unclear. Disclosure and patch notes. Kaspersky may be the subject of US sanctions. A hacker in the Yahoo! breach case could get almost eight years. As US midterms approach, thoughts turn to election security. Joe Carrigan from JHU ISI on devices that unlock iPhones. Guest is Jerry Caponera from Nehemiah Security on quantifying cyber risk. 

ISIS coordinates online inspiration campaign with terror attacks. APT10 spearphishing. IE zero day. Twitter won't sell Kaspersky ads. UK sentence in Crackas with Attitude case.

Apr 24, 2018 15:18

Description:

ISIS returns to its grim inspiration. China's APT10 collects against Japan. An Internet Explorer zero-day is reported undergoing exploitation in the wild. Twitter won't sell Kaspersky any more ads, but doesn't have any specific explanation for why not. For its part Kaspersky says it's going to donate its Twitter advertising budget to the Electronic Frontier Foundation. Bad but expected news about router security. ZTE's regulatory troubles. Cracka with Attitude will do time. Malek Ben Salem from Accenture Labs on the malicious use of AI. 

InnaputRAT exfiltrates victim data — Research Saturday

Apr 21, 2018 20:18

Description:

Researchers with Arbor Networks ASERT team have been tracking a malware campaign targeting commercial manufacturing, and have uncovered various samples dating back to at least 2016.


Richard Hummel is Threat Intelligence Manager for Arbor Networks' ASERT Team, and he takes us through what they've discovered.

https://www.arbornetworks.com/blog/asert/innaput-actors-utilize-remote-access-trojan-since-2016-presumably-targeting-victim-files/

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

 

RSA wraps up. Staging offensive cyber operations. (Information ops, too.) Business email compromise affects maritime shipping sectors. Sanctions bit Chinese device giants.

Apr 21, 2018 18:51

Description:

In today's podcast, we take look back at RSA as the big security conference wraps up. Tension between Russia and the West continues to manifest itself in apparent staging attacks and information operations. ISIS in its diaspora returns to recruiting and inspiration. A business email compromise campaign afflicts the maritime shipping sector. Atlanta still struggles to recover from SamSam rasomware. Sanctions drive Huawei from the US market; ZTE may soon follow. David Dufour from Webroot, with thoughts on the conference. Guest is CyberWire editor John Petrik, with thoughts on a cyber Geneva convention. 

Dispatches from RSA 2018. Russia continues to test the Five Eyes' patience and resolve. Trustjacking, Stresspaint, and an exposed AWS bucket.

Apr 20, 2018 19:04

Description:

In today's podcast we have some RSA notes: an industry-led cyber Geneva Convention, threats and deterrence, and addressing a labor shortage. New Zealand joins Australia, the UK, and the US in warning that someone's exploiting vulnerable routers. Moscow demands to see the evidence that this someone is Russia. Trustjacking afflicts iOS users. Stresspaint Trojan is out in the wild, posing as an innocent app. Another exposed AWS bucket is found. Rick Howard from Palo Alto on the notion of a "cyber moon shot." Guest is Malcolm Harkins from Cylance on why it's unacceptable to adopt the attitude that bad guys getting in is inevitable. 

More cyber battlespace preparation. Hacking as the continuation of war by other means. Ongoing social media privacy concerns. Tech glitch extends tax deadline. Notes from RSA.

Apr 18, 2018 16:29

Description:

Reconnaissance and staging in cyberspace, with Five Eye warnings to Russia. Privacy class action suit complains of Facebook facial recognition. Australia joins the ranks of ZTE sceptics. Cyberwarfare discussed at RSA: retaliation, deterrence, renunciation, and a private sector push for international norms. Attention tax procrastinators: the IRS says it was hit by a glitch, and not hacked. Zulfikar Ramzan from RSA with thoughts on the conference. Guest is Kevin McNamee from Nokia, discussing threat intelligence and mobile device ransomware. 

Russia versus routers. Desert Scorpion swept out of Google Play. ZTE faces sanctions. RSA notes, and a Sandbox winner.

Apr 17, 2018 20:59

Description:

In today's podcast we hear that Western governments attribute a large-scale campaign against poorly secured connected devices to Russia. Battlespace preparation is suspected. No new US sanctions against Russia, yet, but the matter remains under consideration. ZTE falls under the same cloud as Huawei. Desert Scorpion spyware ejected from Google Play. And there's a winner in RSA's Innovation Sandbox: BigID took away the prize. Justin Harvey from Accenture, joined by the head of Accenture's Cyber Defense team, Ryan LaSalle, discussing their 2018 State of Cyber Resilience report. Guest is Jason Brvenik from NSS labs on their Advanced Endpoint Protection (AEP) Group Test. 

Info ops follow airstrikes, to be followed by sanctions. Expect cyberattacks and reprisals, with a chance of kompromat.

Apr 16, 2018 14:07

Description:

In today's podcast, we note that RSA has opened with ten rising stars in its annual Innovation Sandbox. US, British, and French coordinated strikes against Syrian chemical warfare targets prompt Russian information ops and warnings from Britain that the UK will retaliate against any cyberattacks against infrastructure. Charges are filed against an alleged Reveton ransomware money launderer. Emily Wilson from Terbium Labs with tips for conference-goers. Guest is Paul Martini from iBoss with thoughts on growing cyber security companies in a crowded marketplace.  

Energetic Dragonfly and DYMALLOY Bear 2.0 — Research Saturday

Apr 14, 2018 18:53

Description:

Researchers at Cylance recently uncovered the malicious use of a core router in a campaign aimed at critical infrastructure around the world. 

Kevin Levelli is Director of Threat Intelligence at Cylance, and he takes us through what they've discovered. 

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

Operation Parliament seems to have got what it came for. EITest finally sinkholed. Facebook testimony on Capitol Hill. Estonia reports. Swatting case teaches nothing?

Apr 13, 2018 24:47

Description:

In today's podcast, we hear that, while the operators behind Operation Parliament pretend to be nothing but a bunch of skids, they're anything but. EITest gets taken down. Facebook this week faced questions about privacy and ideological bias. Most observers think these questions were largely ducked. Estonia's Annual Report on security is worth reading no matter where you live. And an accused swatter seems to have learned nothing from his experience. Dr. Charles Clancy from the Hume Center at VA Tech, discussing LTE network vulnerabilities. Guest is Dinah Davis from CodeLikeaGirl.io and Arctic Wolf Networks, discussing diversity at tech conferences. 

Zuckerberg testimony. Supply chain cyber threat to satellites. DPRK destructive malware. "Early bird" code injection. GCHQ vs. ISIS. Germany blames compromise on Russia. Salisbury attack update.

Apr 12, 2018 19:21

Description:

In today's podcast we hear that Facebook's CEO Mark Zuckerberg has finished testifying on Capitol Hill, denying that Facebook sells data or that it knew what those people at Cambridge were up to with the data they obtained. Supply chain cyber threats to satellites. North Korean destructive malware may be back. Early bird code injection. GCHQ takes on ISIS in cyberspace. Germany attributes 2017 network intrusions to Russia. International body confirms British official accounts of the Salisbury nerve agent attacks. Chris Poulin from BAH on self driving car tech that monitors the driver’s gaze to make sure they are paying attention to the road. Guest is Oren Falkowitz from Area 1 Security, looking at the Atlanta ransomware incident. 

Mark Zuckerberg testifies about Facebook, big data, and influence. Patch Tuesday notes. Deterrence or open conflict in cyberspace?

Apr 11, 2018 15:45

Description:

Today we're following all things Facebook—it's four o'clock: do you know where your data are? We're betting no. Neither side of the aisle seems content with the answers Mr. Zuckerberg gave to the Senate panel. He's speaking before a House panel today. Patch Tuesday notes. Cyber tensions continue to rise as kinetic and chemical tensions rise between Russia and the West. Justin Harvey from Accenture, discussing cyber hygiene blind spots. Guest is Nahuel Sanchez from Onapsis on vulnerable password recovery systems. 

Facebook comes to Washington. Research ethics? IoT threats. Switch bug exploited in the wild. Criminal misdirection. Russia and the West, again. And what do cybercriminals earn?

Apr 10, 2018 18:54

Description:

In today's podcast, we hear that Facebook begins facing the Congressional music today.  What are the rules for online research, professors? Experts say they're worried about weaponized IoT hacks. Hoods exploiting Cisco switch vulnerability in unpatched systems. Named threat groups and bugs as insider misdirection. As relations between Russia and the West worsen, some in Moscow call an end to Peter the Great's experiment. And how do cybercriminals make, and what do they spend it on? Daniel Prince from Lancaster University on clandestine data transmission and steganography. Guest is Gabriel Bassett from Verizon, reviewing his work on the Verizon DBIR report. 

Hacktivists may be warning Russia and Iran against interfering in US elections. Britain on alert for Russian moves against infrastructure. Facebook preps for Congress. Ransomware updates.

Apr 9, 2018 14:33

Description:

In today's podcast we hear about the curious case of hacktivists who may be slugging for Uncle Sam. Maybe. Britain's NCSC warns of battlespace preparation for a campaign against critical infrastructure. Facebook prepares for its appearance on Capitol Hill. Facebook also cancels a plan to share anonymized medical data for research purposes. Atlanta continues to recover from SamSam. And some good news: Malwarebytes has solved LockCrypt ransomware. Robert M. Lee from Dragos with his take on why indicting foreign hackers is a bad move. 

Crypto crumple zones — Research Saturday

Apr 7, 2018 35:43

Description:

In their recently published paper, "Crypto Crumple Zones: Enabling Limited Access Without Mass Surveillance," coauthors Charles Wright and Mayank Varia make their case for an alternative approach to the encryption debate, one based on economics as a limiting factor on government overreach and surveillance. 

Crypto Crumple Zones: Enabling Limited Access Without Mass Surveillance

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

 

Multibreach via chat app. OceanLotus notes. Mirai vs. Banks. Energetic Bear vs. Switches. Russia warns Britain against provocation. DataTribe finalists.

Apr 6, 2018 21:44

Description:

In today's podcast we hear that a breach in several companies' consumer-facing systems is attributed to a third-party chat vendor. Crooks are tampering with chipped debit cards. Ocean Lotus is back, with a MacOS backdoor. A Mirai variant was used against banks earlier this year. Energetic Bear may be exploiting misconfigured switches. Microsoft looks into Office 360 outages. Russia warns Britain against playing with fire. And three cyber startups are DataTribe finalists. Johannes Ullrich from SANS and the ISC Stormcast podcast, on API security. Guest is Jimmy Heschl, head of digital security at Red Bull, discussing the challenges of securing a global brand. 

Facebook agonistes. Really agonizing. Ad-supported apps like them some data. Sino-US trade tensions and Chinese cyber espionage. Russian wet work and disinformation. Western reprisals.

Apr 5, 2018 19:38

Description:

In today's podcast we hear that Facebook's troubles are getting worse: more people's data were scraped, deleted videos were archived by Facebook, and so on. Appthority finds a more general problem with ad-supported apps: they're all hungry for data. Sino-American trade disputes are thought likely to find expression in cyber espionage. China's more interested in confidential financials than in IP. Russia and the West remain at loggerheads. One tip from Sweden on countering Moscow's info ops: don't get caught dancing in yellow rain boots. Joe Carrigan from JHU on power companies charging a premium rate for bitcoin miners. Guest is Larry Cochran from Claimatic on how driverless cars and automation is changing the landscape for insurance carriers.  

Facebook boots Russian trolls for being trolls. Zuckerberg will testify before Congress. Different continents, different privacy protections. YouTube shootings. Pipeline hacks. Panera Bread's incident response.

Apr 4, 2018 19:50

Description:

In today's podcast, we hear that Facebook has kicked some Russian trolls out from under its bridge. Why? Because they're Russian trolls, that's why. Facebook CEO Zuckerberg will testify about data security before a House panel next Wednesday. Privacy for the Old World, but maybe not as much for the new. The YouTube shooting may have been motivated by anger over the platform's policies. European air traffic control problems were a glitch, not a hack. Pipeline operators recovering from IT hack. Homeland Security tells the US Senate hostile intelligence services have stingrays in Washington. Panera Bread's response to its potential data exposure. Rick Howard from Palo Alto Networks on whether security platforms are putting all of your eggs in one basket. Guest is Jim Routh, CSO at Aetna, on Model-driven security and the rise of unconventional controls. 

Magento brute-forcing. Android IM spyware. njRAT updated. Panera breach. Pipeline operator hacked. Cyber tensions. Cambridge Analytica named in class action suit.

Apr 3, 2018 19:45

Description:

In today's podcast, we hear that the Magento e-commerce platform has brute forced. A new Android Trojan steals messaging info. njRAT gets an update, and some new and trendy criminal functionality. Notes on the Panera Bread data breach. A major US natural gas pipeline operator has its customer billing and scheduling system hacked, which reminds observers of threats to infrastructure. Russia thinks the US and UK are no longer as decent and trustworthy as they used to be during the Cold War. Another data scandal class action suit is filed, naming Cambridge Analytica. Jonathan Katz from UMD on isogeny-based cryptography. Guest is Mike McKee from ObserveIT, discussing data exfiltration. 

Department stores suffer a paycard breach. Atlanta still working on SamSam recovery. Ransomware in India. SWIFT fraud attempt. Facebook's troubles. Kremlin doxed. Reality Winner case update.

Apr 2, 2018 16:12

Description:

In today's podcast we hear about Saks and hacks, Lord and Taylor and JokerStash: a department store data breach. Atlanta still can't get fully back on its feet after SamSam. An Indian power utility's billing data are held for ransom. More SWIFT fraud reported—this round seems to have been unsuccessful. Russia gets doxed. Facebook on who really cares for you. Threats to avionics and undersea cables. And Reality Winner's defense team wants to subpoena a lot of witnesses. Malek Ben Salem from Accenture Labs, looking at a long-term approach to implementation of cryptography. 

Chasing FlawedAMMYY — Research Saturday

Mar 31, 2018 19:48

Description:

FlawedAMMYY is a newly discovered remote access trojan (RAT) that’s been used in malicious email campaigns, as far back as 2016.

Ryan Kalember is Senior Vice President of Cyber Security Strategy at Proofpoint, and he takes us through their research. 

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

 

Under Armour fitness app breached. Warning shot from WannaCry. Lazarus Group update. Aadhaar security questions. Ransomware and city governments. FBI agent charged in leak case.

Mar 30, 2018 20:36

Description:

In today's podcast, we hear that Under Armour's MyFItnessPal app has sustained a data breach. Boeing's WannaCry incident is minor, but a timely warning that this particular threat hasn't vanished. The Lazarus Group is showing fresh signs of activity against its usual targets. Questions about the security of India's Aadhaar circulate. Baltimore and Atlanta incidents show the ransomware threat to city governments. An FBI agent is charged with leaking secret documents. Updates on the Novichok affair and the Facebook data scandal. Awais Rashid from Bristol University on blockchain trust issues. Guest is Laurin Buchanan from Secure Decisions, discussing NICE competitions. She is co-chair of the competitions subgroup. 

Russia retaliates against the US with tit-for-tat PNGs, consular closure. Assange has no more Internet (until he behaves). Fauxpersky and WannaCry seen in the wild. Facebook works on privacy.

Mar 29, 2018 19:27

Description:

In today's podcast, we hear that Russia has retaliated against the US with diplomatic expulsions and at least one consulate closure. Potential cyber operations remain a matter of concern. Julian Assange no longer has Internet access in his room at Ecuador's embassy. WannaCry hits a Boeing plant, but Boeing is resilient enough to work through the infection. A new keylogger pretends to be Kaspersky AV, but not very convincingly. Facebook works to upgrade user privacy, and Apple says it doesn't need to do the same. David Dufour from Webroot with tips for first-time conference goers. Guest is Deral Heiland from Rapid7 on smart sensors.  

Tensions over Salisbury nerve agent attack remain high. BranchScope raises concerns about side-channel attacks. Facebook data scandal updates. Atlanta and Baltimore recover from hacks.

Mar 28, 2018 19:51

Description:

In today's podcast, we hear that tensions continue to rise between Russia and other, mostly Western, countries as the number of nations taking diplomatic measures to protest the Salisbury attack exceeds twenty-five. Western governments are on alert for Russian cyber operations as well as diplomatic reprisals. A new bug, BranchScope, is found affecting Intel processors. The Facebook data scandal continues. Atlanta and Baltimore recover from hacks of municipal systems. Dr. Charles Clancy from the Hume Center at VA Tech, discussing the security of analog devices in cyber physical systems. Guest is Liv Rowley from Flashpoint on Dark Web refund fraud. And don't be gulled by bogus job offers. 

Blockchains that bind us — Special Edition

Mar 28, 2018 33:44

Description:

The past few month have been all abuzz with excitement about cryptocurrencies and the blockchain. The price of Bitcoin took a rocket ride toward the stars, and stories were coming fast and furious about how the blockchain was going to tranform and revolutionize just about everything.

 Jonathan Katz is a professor of computer science at the University of Maryland and director of the Maryland cybersecurity center. As we’ll hear in this CyberWire special edition, he’s been following blockchain technology and cryptocurrency from its humble beginnings, and he’s our guide to understanding how it all works.

Phishing from the library. Facebook and Cambridge Analytica updates. Bots as propaganda readers. SamSam still plagues Atlanta. Aadhaar leaky? Many nations expel Russian diplomats.

Mar 27, 2018 18:33

Description:

In today's podcast, we hear that the Mabna Institute was pretty good at phishing. Facebook's Mark Zuckerberg sends regrets to Westminster. Facebook is under FTC investigation. Cambridge Analytica is in hot water with the FEC. Kaspersky says outing Slingshot was just part of the job. The City of Atlanta is finding it surprisingly hard to recover from SamSam ransomware. Aadhaar may be leaky, again. Bots as Lord Haw-Haws. More than twenty countries expel Russian diplomats. Russian cyber reprisal expected. Justin Harvey from Accenture on cryptocurrency mining. Guest is Steve Piper from CyberEdge with results from their 2018 Cyberthreat Defense Report. 

Persona non grata, Ivan Ivanovich. Grid threat worries. Data scandal updates. Malware notes. Reaction to Iranian indictments. Alleged Carbanak kingpin collared.

Mar 26, 2018 17:42

Description:

In today's podcast we hear that Sixty Russian diplomats are now persona non grata in the US. It's the largest such retaliation so far for the Russian nerve agent attack in Salisbury, England. Fear of a Russian riposte against Western power grids remains high. Cambridge Analytica was raided over the weekend in the continuing Facebook data scandal. Facebook faces more difficulties over Android data collection. Notes on malware circulating in the wild. Iran objects to US indictments.  Daniel Prince from Lancaster University discussing risk management. And the alleged Carbanak "mastermind" is arrested in Spain. 

Code comments cause SAML conundrum — Research Saturday

Mar 24, 2018 15:41

Description:

Researchers at Duo Security recently unearthed a new vulnerability class that affects SAML-based single sign-on (SSO) systems. This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim user’s password.

Kelby Ludwig is a Senior Application Security Engineer at Duo security, and he takes us through his discoveries

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative. Learn more at https://www.hewlett.org/cyber/

US indicts Iranian hackers. Guccifer 2.0 is a GRU Bear. Atlanta hit with ransomware. Equifax breach cost consumers plenty. Facebook's troubles persist, as do Cambridge Analytica's.

Mar 23, 2018 26:22

Description:

In today's podcast, we hear that the US has indicted Iranian hackers. Guccifer 2.0 has been fingered as a GRU team. Inquiries into their activities are folded into Special Counsel Mueller's investigation. Atlanta, Georgia, hit with ransomware. A study estimates the direct cost of the Equifax breach to consumers. App stores show a decline in malware infestations. Facebook leaders speak, finally, but do little to ease the company's pain. An FTC inquiry could be costly. The Cambridge Analytica affair will have implications for regulations, marketing, and consumer trust.  Ben Yelin from UMD CHHS on the Equifax probe being put on ice by the US Consumer Protection agencies. Guest is Kevin Haley from Symantec, on their annual Internet Security Threat Report. 

Kaspersky burned a JSOC op? Facebook affair: apps, legal fallout, regulatory inspiration, apologies and resolution to sin no more. Tariffs against IP theft. Best Buy shows Huawei the highway.

Mar 22, 2018 19:14

Description:

In today's podcast, we learn that Kaspersky Lab appears to have burned a US operation. Facebook has some other governments to answer to, now. Facebook CEO Zuckerberg finally discusses the Cambridge Analytics affair in public. Lawsuits and calls for regulation are shouted up. Best Buy shows Huawei the highway. And we have a brief wrap-up of the Billington International CyberSecurity Summit. Joe Carrigan from JHU ISI responding to a listener inquiry about job hunting. Guests are Chad Seaman: Senior Engineer, Security Intelligence Response Team and Lisa Beegle: Senior Manager, Security Intelligence, Akamai, describing the record-setting DDoD attack they recently experienced and helped mitigate. 

Preparing for grid attacks. Notes on breaches, crime, and punishment. And Facebook's no-good, bad, awful week.

Mar 21, 2018 18:45

Description:

In today's podcast we hear that the US Department of Energy says the power grid is preparing for Russian attacks. Teenager finds flaw in hardware wallet. Travel service Orbit suffers a data breach. Laurie Love won't be extradited to the US. Notes from today's Billington International CyberSecurity Summit. And Facebook's truly awful week continues: the Silicon Age is looking right now a lot like the end stages of the Gilded Age. Jonathan Katz from UMD on the security of e-passports. Guest is J.R. Cunningham from Optiv, with advice to not get carried away with GDPR. 

Power grid threats coming through the router. Cambridge Analytica and Facebook face tough questions.

Mar 20, 2018 19:27

Description:

In today's podcast, we hear that ICS experts continue to warn of grid vulnerability to hacking. AMD chip flaws called real, but not very serious. Cambridge Analytica under investigation in the UK. Facebook tries without much success so far to disentangle itself from Cambridge Analytica's use of Facebook data. President Putin wins reelection amid accusations of voting fraud. Former French President Sarkozy is in police custody over Libyan campaign contributions. (The Libyans want their money back, too.) Chris Poulin from BAH on malware evolution. Guest is Patrick Craven from the Center for Cyber Safety and Education, a nonprofit that has scholarships available. 

Power grid hacking fears running high. Social media problems. Election DDoS reported in Russia. FTC and SEC cyber enforcement actions. NSA hoarder case update.

Mar 19, 2018 19:07

Description:

In today's podcast, we hear that tensions between Britain and Russia remain high, as the UK fears a cyberattack. US power utilities are also on alert to an ongoing Russian cyber campaign. Despite a claimed DDoS attack, President Putin is re-elected in Russia. Facebook under fire for Cambridge Analytica data incident. More political bots in Twitter. YouTube tries content moderation. FTC takes on an alt-coin Ponzi scheme. SEC has "dozens" of ICO investigations in progress. Notes on the Hal Martin alleged NSA-hoarder case. Malek Ben Salem from Accenture Labs with tips on cryptography deployment. Guest is Paul Brigner from the Security and Software Engineering Research Center (S2ERC) at Georgetown University, discussing their research on Virtual Browsers. 

Cryptojacking injections heat up - Research Saturday

Mar 17, 2018 22:00

Description:

There's been an epidemic of cryptojacking code injections recently, as bad actors attempt to cash in on the cryptocurrency craze through unauthorized cryptomining operations on unsuspecting users. 

Marcelle Lee is a threat researcher at LookingGlass, and she takes us through her recently published research, Cryptojacking — Coming to a Server Near You. 

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative. Learn more at https://www.hewlett.org/cyber/

NATO-Russian cyber tensions high. They're also high between Saudi Arabia and Iran. Updates on AMD vulnerability report. Another exposed AWS S3 bucket?

Mar 16, 2018 23:53

Description:

In today's podcast we hear that NATO has condemned Russia for a chemical attack in England. The US sanctions Russia for NotPetya and election meddling, and warns of Russian preparations for an attack against US infrastructure. Chinese cyber operations support that country's claims to the South China Sea. Iran shows increased cyber espionage activity. Observers fear a return of Triton/Trisis ICS malware. Another unsecured AWS bucket may have been found. Johannes Ullrich from SANS and the Internet Storm Center podcast, discussing credential stuffing. Guest is Rico Chandra from Arktis Radiation Detectors on securing radiation detectors.  

Chip vulnerability disclosure controversial. Black market and point-of-sale malware. SEC charges ex-Equifax exec with breach-related insider trading. Tensions over Salisbury nerve agent attack.

Mar 15, 2018 19:17

Description:

In today's podcast, we hear that AMD continues its investigation of the backdoors and other vulnerabilities CTS Labs publicly disclosed. That disclosure remains controversial. BlackTDS offers malware distribution as-a-service on the black market. PinkKite is a small but persistent point-of-sale threat. The SEC charges a former Equifax exec with trading on non-public information of the credit bureau's data breach. Germany, France, and the United States join the United Kingdom in denouncing Russia for the Salisbury nerve agent attack. Rick Howard from Palo Alto Networks, with this year’s Cyber Cannon nominees. Guest is Ted Bardusch from Usermind on data-rich marketing and GDPR. 

AMD investigates report of processor flaws. A look at OceanLotus. Patch Tuesday. Russo-British tensions high. MuddyWater threatens researchers.

Mar 14, 2018 19:44

Description:

In today's podcast, we hear that AMD is investigating a report of exploitable flaws in its processors. Vietnamese threat actor OceanLotus gets a look from researchers. Patch Tuesday notes. Britain expels Russian diplomats in retaliation for a nerve agent attack. Russia demands to know what these cyberattacks are that the UK is said to be threatening. A brief history of Russo-British Twenty-first Century espionage and cyber tensions. Iranian threat actor MuddyWaters threatens researchers.  Justin Harvey from Accenture on the importance of the first 48 hours following a breach. Guest is Patrick Sullivan from Akamai on VPNs and the notion of “verify and never trust.” 

May hands Putin an ultimatum (and cyber conflict is expected). HenBox spies on Uyghurs. Vixen Panda creeps in UK targets by backdoors. Changes at US State Department, CIA. SINET ITSEF notes.

Mar 13, 2018 19:55

Description:

In today's podcast we hear that Britain has given Russia an ultimatum: explain by midnight how your nerve agent got to Salisbury or face the consequences. Russia calls it nonsense. Cyber conflict between the two countries is widely expected. Palo Alto's Unit 42 finds HenBox Android spyware. NCC Labs describes Chinese backdoors used against UK Government and industry targets. President Trump replaces Secretary of State Tillerson with DCI Pompeo. Gina Haspel is tapped as next DCI. Awais Rashid from University of Bristol on cyber physical systems. Guest is Tom Badders from Telos on obfuscation as applied to threat intelligence. And a wrap-up of SINET ITSEF. 

Iran grows more capable and assertive in cyberspace. Bots have nothing on humans when it comes to peddling disinformation. Chinese influence ops. Fancy Bear, Slingshot updates.

Mar 12, 2018 18:39

Description:

In today's podcasts, we hear that security firms are warning of Iran's growing cyber capabilities, and Tehran's disposition to use them. Gossips and activists far outdo bots in spreading disinformation. Memcache kill-switch should be approached with legal caution. Slingshot espionage tools active quietly in the Middle East and Africa for six years. Fancy Bear sniffs at Asia. Australia is concerned about Chinese espionage and influence operations. Jonathan Katz from UMD with his thoughts on Spectre and Meltdown. Guest is Christopher Pierson from Binary Sun Cyber Risk Advisors, with an update on SEC cyber security guidance. 

Dark Caracal APT steals out of Lebanon — Research Saturday

Mar 10, 2018 36:40

Description:

Researcher from Lookout and the EFF have discovered an APT group operating out of Lebanon they've named Dark Caracal. The group is running a global espionage campaign, targeting journalists, military personnel, activists, lawyers, medical professionals and educational institutions. 

Mike Murray is VP of Security Intelligence at Lookout, and he's our guide through their research.

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative. Learn more at https://www.hewlett.org/cyber/

 

Cyber reconnaissance. Vulnerability database misdirection. Cryptoming attempts. New Memcrash DDoS. Policy changes in the US coming as agencies report?

Mar 9, 2018 21:35

Description:

In today's podcast, we hear reports of cyber reconnaissance of Turkish financial institutions: Hidden Cobra is the suspect. The Chinese government appears to have finagled its national vulnerability database to afford misdirection to cyber operations. Cryptomining attempts hit Windows endpoints. Other cryptojacking campaigns afflict vulnerable servers. Memcrash DDoS hits new targets. The US Administration hints at possible cyber policy changes. Emily Wilson from Terbium Labs, on the issue of trying to spend our way to security. Guest is Priscilla Moriuchi from Recorded Future, with research documenting a backdating issue in the CNNVD, China’s National Vulnerability Database. 

A Memcrash kill-switch. Shadow Brokers' leaked "Territorial Dispute" tools. Dutch DDoS, Indian hacks. FBI and backdoors. Notes from SINET ITSEF.

Mar 9, 2018 16:07

Description:

In today's podcast, we hear that a kill-switch for Memcrash may have been found (and Memcrash may be dangerous for other purposes than denial-of-service). Researchers in Hungary take a look at the Shadow Brokers' dumps and speculate about the purpose of the "Territorial Dispute" module. The Dutch Tax Authority sustained another DDoS attack last night. India's CERT renders a troubling report to Parliament. The FBI still wants a non-backdoor backdoor. David Dufour from Webroot on vulnerabilities in cryptocurrency markets. Guest is Richard Henderson from Absolute Software on protecting against insider threats. And some notes from SINET ITSEF. 

Patchable vulnerabilities in Apache Struts and Exim. CombJack malware. DPRK vs. UN Panel of Experts. Cyberwar and legal limits. Espionage Act prosecution. Infowars turn grimly kinetic.

Mar 8, 2018 18:07

Description:

In today's podcast, we hear that spies like Apache Struts exploits. Server vulnerabilities described. A new cryptojacker steals at least four varieties of cryptocurrency. North Korea may have hacked UN sanctions enforcers. Dutch Intelligence (and Microsoft) warn of cyberwar, but it's not a declared war, which makes response harder. Update to the pack rat defense, with considerations of mens rea. ISIS terror inspiration. And a possible assassination attempt. Chris Poulin from BAH on next generation IoT devices, like security robots. Guest is Sylvain Gil from Exabeam on business by design, and the importance of the design process in security solutions. 

Cyber espionage in Central and Eastern Europe. Cyber deterrence. Notes from Matrosskaya Tishina. Exabeam describes what crooks can get from your browser.

Mar 7, 2018 18:10

Description:

In today's podcast we hear that Fancy Bear sightings continue—Fancy seems to have settled down in Montenegro, and Germany is seeing bears and snakes. Cyber deterrence is much desired but difficult to achieve. Notes from a Russian jail. Reddit purges influence ops trolls. What criminals can learn from your browser. CFIUS puts hold on Broadcom's bid for Qualcomm. The US FDA wants to block its people from looking at adult content at work. Daniel Prince, Senior Lecturer in Cyber Security at Lancaster University, introduces himself as our newest academic research partner. Guest is Jeremy Wittkop from InteliSecure with a call for participants in their Critical Data Protection Benchmark Survey. 

Humanitarian organizations targeted. Memcrash extortion. Spring Break bug. Equifax breach update. Russian influence operations (and American "yelling and hollering").

Mar 6, 2018 16:15

Description:

In today's podcast, we hear about a new campaign that targets humanitarian organizations with North Korean phishbait. Memcrash is now being exploited by criminal extortionists. Equifax losses from last year's breach are said to mount. Germany says it detected the compromise of a secure government network before too much damage was done. They don't offer official attribution, but everyone else says it was the Russians. The Russians say they didn't do it. President Putin deplores "yelling and hollering" in the US Congress. Ben Yelin from UMD CHHS on section 702 reauthorization. 

Lebal malware phishes for victims — Research Saturday

Mar 3, 2018 14:08

Description:

Researchers at Comodo Security Solutions have been tracking a recently discovered strain of malware named Lebal. The malware uses several clever techniques to attempt to hide itself, and once installed targets credentials and cryptocurrency wallets. 

Fatih Orhan is VP of Threat Labs at Comodo, and he takes us through their research.

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative. Learn more at https://www.hewlett.org/cyber/

 

Memcrashing no longer just a theoretical possibility. Fancy Bear's pawprints in German networks and other peoples' embassies. Deterrence in cyberspace. High-profile fraud victims.

Mar 3, 2018 21:16

Description:

In today's podcast, we hear that a Memcrash amplification attack took GitHub offline, but only briefly, thanks to Akamai mitigation. Germany continues to fight off ongoing attacks on sensitive government networks. Germany hasn't said so, but everyone else sees Fancy Bears pawprints over this one. Fancy Bear is also said to be snuffling around embassies and other diplomatic targets. Capitol Hill mulls cyber deterrence. Equifax breach looks worse. Robert M. Lee from Dragos on ICS in advanced manufacturing. Guest is Marcus Harris from Saul Ewing Arnstein & Lehr LLP, discussing the decision by companies like McAfee and Symantec to allow the Russians to look at their source code. Two high-profile fraud victims. 

Fancy Bear finds Berlin just right. RedDrop Android blackmail malware. Another AWS S3 exposure. FTC settles; SEC investigates. Blockchain radix malorum?

Mar 2, 2018 17:17

Description:

In today's podcast, we hear that Fancy Bear has been busy in a sensitive German government network. RedDrop Android malware is built for blackmail. Another exposed AWS S3 bucket is disclosed. Intel issues another Spectre fix. The FTC reaches a settlement with Venmo over privacy, security, and availability of funds. The SEC is investigating a number of initial coin offerings. Johannes Ullrich from SANS and the ICS Stormcast podcast, with information on the Memcache DOS issue. Guest is Rami Sass from WhiteSource on open source software.  And Mr. Gates is no fan of cryptocurrencies (and it seems cryptocurrency mavens are no fan of Mr. Gates). 

Memcrash and amplification attacks. SAML vulnerabilities. Thanatos ransomware. Petya returns (so does Marcher). Deterrence and election security.

Mar 1, 2018 18:03

Description:

In today's podcast, we hear that Memcrash threatens big DDoS events. Problems with single-sign-on solutions. Thanatos ransomware looks like its masters botched it, but that's not necessarily good news. The Marcher banking Trojan is back and bigger than ever. A new variant of Petya ransomware may be in circulation. What's the point of a false flag if no one's fooled? Dale Drew from CenturyLink on collaboration trends. Guest is Eric Cole, author of Online Danger. And the US Senate asks, how do you solve a problem like Vladimir? 

Cryptojacking through an AWS S3 bucket. Threats, risk, and unintentional mistakes. Crime and punishment. Industry notes. Alien hackers?

Feb 28, 2018 18:35

Description:

In today's podcast, we hear that CoinHive was installed via a misconfigured AWS S3 bucket. Unintentional password collection. Threat and risk trends for 2018. Avalanche phisher king rearrested in Kiev. Huawei says it's being picked on. Apple makes nice with Beijing. Industry notes—controlling interests and an ICS security Series B round. Reality Winner wants her confession suppressed. Hal Martin's packrat defense may have received an unexpected boost. Johannes Ullrich from SANS and the Internet Stormcast podcast, on hacked third-party cables. Guest is Terry Dunlap from Refirm Labs on firmware vulnerabilities. And could alien signals be alien hacks? 

Olympic hacking—false flags and attack infrastructure. Cryptojacking. Smartphone security bans. Heraldic animals of hacking.

Feb 27, 2018 19:36

Description:

In today's podcast, we hear that anonymous US Intelligence sources call the Olympic hacks a Russian false flag operation. More cyberattacks are expected from the infrastructure set up to hit the Games. Calls for international norms for cyber conflict rise. CrowdStrike's Global Threat Report sees proliferation and commodification of attack tools. Ad network serves cryptojacker. Malicious smartphones or just a trade war?  Joe Carrigan from JHU on securing AWS buckets. Guest is Randall Murch from VA Tech on cyber bio security. And a scorecard for hacking heraldry.  

Phishing for holiday winnings — Research Saturday

Feb 24, 2018 19:53

Description:

Or Katz is principal lead security researcher for Akamai's Enterprise Security Business Unit, and the research he’s sharing today is a widespread phishing campaign targeting users using an advertising tactic. The research is titled, “Gone Phishing for the Holidays."

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative. Learn more at https://www.hewlett.org/cyber/

Mirai variant establishes proxies. Buggy smart contracts. Banking glitch. Studies from Verizon, Thales. FTC addresses credential stuffing.

Feb 24, 2018 22:07

Description:

In today's podcast we hear, OMG, that Mirai is out in a new and improved form. Researchers find buggy smart contracts on Ethereum. A Chase glitch briefly exposed banking customers' information to other banking customers. Hacktivists continue to hit spyware companies. Verizon's Mobile Index warns that mobile security is being traded for business efficiencies. Thales looks at data security and finds that data breaches seem to have risen with cloud migration. The FTC doesn't like credential stuffing. Emily Wilson from Terbium Labs with an update on Dark Web markets after last year’s Alpha Bay takedown.  Guest is Andrea Little Limbago from Endgame, discussing her blog post, “The March Toward Data Localization.” 

Code signing certificates for sale. Impact of cybercrime on the world economy. Reaper out from under Lazarus's shadow. Catphishing. Cyber intelligence against terror. Ransomware and other hacks.

Feb 23, 2018 18:16

Description:

In today's podcast, we hear that counterfeit certificates are on sale in criminal souks. Cybercrime is said to cost $600 billion globally every year. Russia objects to being called a bad actor in cyberspace. North Korea's Reaper threat actor steps out from the shadow of its big brother, the Lazarus Group. Catphish from Lebanon spread spyware through Facebook. Israel says it gave Australia a cyber assist against ISIS terror last summer. Ransomware notes. Prof. Awais Rashid from University of Bristol on what students should be learning about cyber security. Guest is Martijn Grooten from Virus Bulletin on security product testing and the changes they’ve seen over time in the products they test.  Harper's was hacked, and so was Allentown, Pennsylvania.  

SWIFT phishbait. DPRK hacking gets better; GRU hacking looks east. Coldroot RAT. Cryptojacking. Election cybersecurity.

Feb 22, 2018 19:36

Description:

In today's podcast, we hear that SWIFT phishbait is hitting inboxes. North Korean hackers show fresh sophistication and new ambitions. Fancy Bear seems to be snuffling east. Monero miners in Word, and why cryptojacking for Bitcoin is harder than it is for other currencies. The Coldroot RAT hides in plain sight. The US Departments of Justice and Homeland Security undertake new approaches to election security. Justin Harvey from Accenture on data-centric security. Guest is Scott Totzke from ISARA on the threat to encrypted data by quantum computing. And Facebook has a new verification mode: send in a postcard. 

SWIFT fraud in India. DPRK hacking updates. Notes on Russian influence ops, both indictments and continuing activity. Alleged Florida gunman may have been an Internet known wolf.

Feb 21, 2018 17:56

Description:

In today's podcast we hear that SWIFT fraud has hit an Indian lender. North Korean hacking continues, even during the DPRK's Winter Olympics charm offensive. US indicts Russian influence operators—the Internet Research Agency is the leading defendant. Russian trolling continues, exploiting the Florida school shooting. (And the alleged shooter apparently expressed his intentions online.) Rick Howard from Palo Alto Networks, on the importance of partnering with universities to improve the quantity and diversity of people coming through the STEM pipeline.  All Five Eyes see Fancy Bear behind NotPetya. 

The uncanny HEX men — Research Saturday

Feb 17, 2018 22:03

Description:

The research we’re discussing today is called, “Beware the Hex Men”, and it tracks multiple attack campaigns conducted by a Chinese threat actor. The GuardiCore Labs team identified three attack variants that they named Hex, Hanako and Taylor, targeting SQL servers.

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative. Learn more at https://www.hewlett.org/cyber/

The complexities of Olympic Destroyer. More blame for Russia in the matter of NotPetya. Congress mulls election security. New York cyber milestone. Ed Snowden as phishbait.

Feb 17, 2018 22:45

Description:

In today's podcast, we hear more about Olympic Destroyer: its relationship status with known threat actors is "complicated." The US joins the UK in blaming Russia for NotPetya, and seems to be considering sanctions. The US Congress considers election security, and considers a state-level option: let governors call in the National Guard. New York cyber law reaches its second milestone. Zulfikar Ramzan from RSA, discussing the hype around blockchain technology. Guest is Jack Rhysider, producer and host of the Darknet Diaries podcast.  And no, Edward Snowden has not moved in down the block and bought a two-terabyte iCloud storage plan. 

Olympic Destroyer took its time, compromised the IT supply chain. NotPetya attribution. Coin scams. Coin miners. Botnets old and new.

Feb 16, 2018 18:57

Description:

In today's podcast we hear that Olympic Destroyer may have started with a supply-chain compromise back in December. The British Foreign Office blames Russia for NotPetya pseudoransomware, and the Russian Foreign Ministry says they didn't do anything. Trend Micro researchers find a new Monero cryptomining campaign underway. Coinherder phishes in alt-coin wallets. The Satori botnet has expanded its target list. A new IoT botnet, DoubleDoor, gets into routers with a one-two punch. Ben Yelin from UMD CHHS, on New Jersey taking on the FCC and net neutrality.  Guest is Scott Register from Ixia on security issues with the coming 5G cellular rollout. And the LoopX ICO vanishes into thin air. 

Olympic Destroyer updates. Cyber forecasts from the US Intelligence Community. Patch notes. Cryptojacking and coinming. Ad blockers (also an incentive to coin mining).

Feb 15, 2018 18:58

Description:

In today's podcast, we hear that Olympic Destroyer exploits EternalRomance and morphs as it moves from machine to machine. Other Olympic hacks are out there, too. The US Intelligence Community tells Congress to expect a more assertive Iran, Russia, and North Korea in cyberspace. They also forecast more election influence operations. General Nakasone has been nominated to succeed Admiral Rogers at NSA and US Cyber Command. Yossi Oren from BGU on two-factor authentication for the disabled. Guest is John Kuhn from IBM X-Force Iris on the uptick in spam around the Valentine’s Day holiday.Coin mining continues to make a nuisance of itself. 

Patch Tuesday notes. Skype DLL hijacking vulnerability. Olympic Destroyer malware described. Lazarus Group newly active. BitGrail heist? Cyber Valentine.

Feb 14, 2018 18:17

Description:

In today's podcast, we hear that Patch Tuesday will not include a Skype fix—that one will take some time and attention. Olympic Destroyer is the malware thought to be infesting the Winter Games. Attribution remains unclear, but a lot of suspicious eyes are looking at you, Mr. Putin.  The Lazarus Group is stepping up its cryptocurrency stealing game. Questions swirl around the alleged BitGrail cryptocurrency exchange losses. David Dufour from Webroot on Mac vulnerabilities. Guest is Mark Loveless from Duo security, looking at IoT personal safety devices.  And, hey—Valentine's Day is tomorrow. 

Olympic hacking, cryptojacking and other illicit coin mining. Ransomware updates. The curious case of an alleged kompromat buy. Bots turn to ticket scalping.

Feb 13, 2018 14:25

Description:

In today's podcast we hear that the the Winter Olympics report ongoing hacking. Cryptojacker hits government websites in the UK, Australia, and the US. Engineers use a research institute's supercomputer to mine Bitcoin in Sarov, Russia. The Equifax breach may be bigger and worse than hitherto believed. The Sacramento Bee deletes encrypted database rather than pay ransom. IBM patches Spectre and Meltdown. Emily Wilson from Terbium Labs offers a dark web scorecard on the 2018 Olympics and the 2018 elections, specifically addressing how matters stand in comparison with the last round of games and voting. The CIA says it was no way bilked by a proffered sale of kompromat. And bots scalp airline seats. 

IcedID banking trojan — Research Saturday

Feb 10, 2018 20:35

Description:

IcedID is a banking trojan recently discovered and tracked by IBM's X-Force research team, targeting banks, payment card providers, mobile services providers, payroll, webmail and e-commerce sites in the U.S. 

Limor Kessem is an executive security advisor with IBM Security. She returns to Research Saturday to describe what she and her team found.

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative. Learn more at https://www.hewlett.org/cyber/

Trends in phishing. Olympic hacking. Cryptojacking spreads. Litecoin gains black market share. Influence operations. Can Strava be exploited by bicycle thieves?

Feb 10, 2018 22:28

Description:

In today's podcast we hear that phishing has gotten more personal with conversation hijacking and attempts on direct deposit instructions. The Olympics have opened: do you know where your hackers are? Apple finds leaked iOS source code on Github. Cryptominers found in hospital systems. Litecoin picks up black market share. Notes on recent patches. Concerns about Russian influence operations continue as US midterm elections approach. Dale Drew from CenturyLink on victim notification. Guest is Deidre Diamond from #brainbabe. They are a nonprofit working to replace “booth babes” at trade shows with students. And are bicycle thieves going online?  

Operation Shadow Web rolls up carding gang. Fancy Bear sightings. DPRK buying zero-days? Cryptojacking ICS. Huawei, ZTE get Congressional razzing. Jita scams.

Feb 9, 2018 18:50

Description:

In today's podcast we hear that Operation Shadow Web has tken down the Infraud criminal carding gang. Two more Fancy Bear sightings—one in voter databases, one in Defense contractor emails. North Korea may have purchased its Flash Player zero-day from a third-party. Cryptojacking hits a European water utility. US Senate considers banning Huawei and ZTE from Federal use. Johannes Ullrich on cryptocurrency theft, and advice for protecting your virtual currency. Guest is Christopher Doman from AlienVault on their discovery of a Monero cryptocurrency miner linked to North Korea. And no, Messrs. McAfee and Musk aren't Nigerian princes, and they're not giving away Bitcoin. 

Dutch DDoS arrest. Pyongyang is interested in cryptocurrency. So is the US SEC (in a different way). Uber explains its breach disclosure. New wrinkle in the "Microsoft" Help Desk scam.

Feb 8, 2018 19:24

Description:

In today's podcast we hear that Dutch police have made an arrest in last week's financial sector DDoS case: it's a teenager. North Korean interest in stealing cryptocurrency remains high. Adobe patches the zero-day Pyongyang had exploited against Seoul. Hardware wallets found vulnerable to man-in-the-middle attacks. Crytpojacking trends. US regulators take a hard look at alt-coins and how they're traded. Uber says it regrets not coming clean sooner about its breach. Justin Harvey from Accenture on ransomware, to pay or not to pay. Guest is Yassir Abousselham from Okta on their 2018 Business at Work report. New trends in an old help desk scam. 

More Eternal exploits found more troublesome. Cryptominer updates. NIST SP 800-171. Paycard skimmers. Tsunami false alarm.

Feb 7, 2018 17:03

Description:

In today's podcast, we hear that the Shadow Broker exploits have now been found to be more exploitable. Cryptocurrency miners are recognized as a problem: MacUpdate sustained a brief infestation late last week, and a new Android mining campaign takes a page from Mirai's playbook. Smominru botnet rakes in $3.6 million. T-Mobile warns of SIM-hijacking. Comment period extended for NIST Special Publication 800-171. New paycard skimmer found in Pennsylvania stores. Emily Wilson from Terbium Labs on tax fraud issues. Guest is Woody Shea from Covata on S3 bucket leaks. And a tsunami false alarm on the US East Coast. 

DPRK exploiting Flash Player zero-day. ISIS wants hacking help. JenX DDoS, Scrareby ransomware updates. Crime and punishment.

Feb 6, 2018 16:07

Description:

In today's podcast, we hear that Flash Player is being exploited by DPRK's TEMP.Reaper, also known as Group 123. ISIS may have a hacker help-wanted sign out. JenX botnet update. Scareby ransomware tells victims it will shred their files if they don't pay up. The Nunes Memo remains a political Rohrschach Test. A Japanese teenager is arrested for writing cryptocurrency-stealing code. Lauri Love will not be extradited to the US. Peter Levashov is not so lucky.  Joe Carrigan from JHU responds to listener mail on passwords. And the FBI is not emailing you to say you may be entitled to compensation.  

Advanced adware with nation-state tactics — Research Saturday

Feb 3, 2018 16:02

Description:

Adware is generally considered unsophisticated, and because of its low perceived threat level it's often ignored. Researchers at the Booz Allen Dark Labs' Advanced Threat Hunt Team have recently published research describing a more advanced type of adware, using infection techniques usually attributed to nation-state actors. 

Jay Novak is a threat hunter and tech lead at Booz Allen, and he takes us through their research.

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative. Learn more at https://www.hewlett.org/cyber/

JenX botnet and DDoS-for-hire. RoK CERT warns of Flash Player zero-day. Cryptocurrency mining and scamming. ICS security trends. Twitter cleared in terror trial. The Nunes Memo is out.

Feb 3, 2018 24:18

Description:

In today's podcast, we hear that the JenX botnet will conduct DDoS-for-hire, if you've got twenty bucks. South Korea's CERT warns of an Adobe Flash Player zero-day being exploited in the wild. Bitcoin's price drops below $9000, but miners and scammers are still after this and other cryptocurrencies. BeeToken's ICO is used to phish for Ethereum. ICS security reflections in the wake of the Triton/Trisis attack. The 9th Circuit rules that Twitter didn't provide material support to ISIS killers. Rob Lee from Dragos on the security of wind power systems. Guest is Dana Simberkoff from AvePoint, with a discussion on women working in privacy, and why it’s one area where we are doing well at getting and equal number of women engaged. And the Nunes Memo is out, declassified and unredacted. 

ISIS war on families. Cryptomining botnets. The weaponization of Spectre and Meltdown. Phishig with bogus emails spoofing Google, Microsoft. Apps that know too much.

Feb 2, 2018 18:32

Description:

In today's podcast, we hear that ISIS inspiration is increasingly directed at children. Cryptomining botnets use same EternalBlue exploit as WannaCry. Criminals experiment to weaponize Spectre and Meltdown vulnerabilities. Phishing campaigns exploit well-known services including Google Docs and Outlook. Patch notes. Ben Yelin from UMD CHHS on the National Association of Insurance Commissioners adopting a model data cyber security law. Guest is Shashi Kiran from Quali on cyber ranges and cloud sandboxes. Geolocation and other app-collected info raise OPSEC concerns. 

Phishing campaign targets Israeli scientists. Low-level contract phishing in China's hinterlands? Apps with privacy flaws. Cisco patches ASA products. Cryptocurrency speculation and fraud.

Feb 1, 2018 18:40

Description:

In today's podcast we hear about a possible Charming Kitten sighting. Phishing in Tibet shows just how successful cheap skid labor can be. Cisco patches a serious flaw in VPN products. Fitness app Strava says it will work to close privacy holes. Experts say you're just a tap away from giving yourself away, and it's not just Strava, not by a long shot. South Korea considers how cryptocurrency might be regulated. The US SEC shuts down an allegedly fraudulent ICO. Yossi Oren from BGU on insecure mobile device cases. Guest is JT Keating from Zimperium on the effects of Meltdown and Spectre on mobile devices. And what do you call an ICO that steals the price of a cheap seat? 

Netherlands financial sector recovers from DDoS. Lizard Squad, Mirai, and coin mining. IOTA wallets emptied. Snooper's Charter loses in court. US House may release surveillance memos. Strava OPSEC.

Jan 31, 2018 18:08

Description:

In today's podcast we hear that the Dutch financial sector is well on its way to recovering from the recent DDoS wave, which could be the work of anyone from teenaged skids to some nation's intelligence service. Lizard Squad may have a connection to Mirai. The reptiles are also getting into the coin mining business. Patient phishing relieves IOTA cryptocurrency users of the contents of their wallets. UK's Snooper's Charter smacked down by High Court. US House Intelligence Committee votes to release classified memo on surveillance. Jonathan Katz from UMD on the “fuzzing” of private healthcare information. Guest is Michael Simon from Cryptonite with results from their 2018 Health Care Cyber Report. US military personnel get an OPSEC lesson on Strava. 

Coincheck cryptocurrency heist. ICO phishing. Jackpotting comes to America. Dridex and FriedEx. Transduction attack threat to IoT sensors. Jihadist steganography. Oversharing with Strava?

Jan 30, 2018 14:20

Description:

In today's podcast, we hear that hackers have looted cryptocurrency exchange Coincheck to the tune of about $530 million. Experty's ICO speculators get phished by crooks. Jackpotting hits American ATMs. The Dridex banking Trojan apparently has a ransomware sibling: FriedEx. Transduction attacks could hit IoT sensors. Steganographic app "Muslim Crypt" is designed for jihadist communication. North Korea tells Britain to mind its own business about WannaCry. Zulfikar Ramzan from RSA with his perspective on Spectre and Meltdown. Strava fitness app reveals locations of user activity. 

Targeting Olympic organizations — Research Saturday

Jan 27, 2018 18:25

Description:

This week we’re discussing the a campaign the McAfee Advanced Threat Research team recently discovered, one that’s targeting organizations involved with the upcoming Pyeongchang Winter Olympics.
Raj Samani is chief scientist at McAfee, and he shares the campaign's clever details.

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative. Learn more at https://www.hewlett.org/cyber/

Lebal's layered approach to infection. Crytominers are becoming a big problem. Tracking influence ops. Dutch intelligence spotted Cozy Bear early. Exploiting password recovery.

Jan 27, 2018 22:45

Description:

In today's podcast, we hear how Lebal malware steps its way through layered defenses. Cryptocurrency mining campaigns go after Monero with XMRig, WannaMine, and other toolkits. It's not a victimless crime, either—CPUs can be rendered effectively unusable. Influence operations are tracked in Twitter and Facebook. Dutch intelligence services penetrated Cozy Bear and shared warnings with allied services. Russia demanded, and got, source code access as a condition of doing business. Dale Drew from CenturyLink shares his outlook on 2018. Stacey Higginbotham, host of the Internet of Things Podcast, chats about IoT security. A creep exploits password recovery utilities. 

2018 forecast — CyberWire Special Edition

Jan 27, 2018 32:39

Description:

It’s fair to say that 2017 was a busy year when it came to cyber security, and as we head into 2018 there’s certainly no sign of things slowing down. Days into the new year the news of serious vulnerabilities like Meltdown and Spectre, the ongoing threat of ransomware, major data and privacy breaches, and political unrest around the world, well, hold onto your hats, it looks like we may be in for a bumpy ride.

In this CyberWire special edition, we’ve gathered a group of seasoned cyber security experts to share their views on what we might expect over the coming year.

 Nate Beach-Westmoreland is Head of Strategic Threat Intelligence at Booz Allen's Cyber4Sight.

https://www.linkedin.com/in/natebeachw/

 

Christopher Porter is Chief Intelligence Strategist at FireEye.

https://www.linkedin.com/in/christopher-porter-039620112/

 

Caleb Barlow is Vice President Threat Intelligence at IBM Security.

https://www.linkedin.com/in/calebbarlow/

Patriotic hacktivism. HNS botnet spreads P2P. Electron vulnerabilities found, mitigated, Criminals target ICOs. Ransomware-as-a-service. Cryptowars. Fancy Bear doxes luge.

Jan 26, 2018 19:04

Description:

In today's podcast, we hear about how patriotic hacktivists are talking turkey to high-profile Twitter accounts. The Hide 'N' Seek IoT botnet spreads swiftly through specially crafted peer-to-peer communications. Vulnerabilities found in the Electron developers framework. ICOs are heavily targeted by criminals. Bell Canada was breached, and the Mounties are on the case. Ontario transit operator Metrolinx is asked how it knows North Korea hacked it. British Prime Minister May takes a swing at secure messaging and tech companies generally. Fancy Bear doesn't like Olympic luge. David DuFour from WebRoot with his outlook on ransomware for the coming year. Guest is Malcolm Harkins from Cylance with thoughts on the Aadhaar data breach. And what's the significance of a values statement? 

Satori variants. Hacking in Anatolia. Lazarus Group improves its tradecraft. Tindr vulnerabilties. UK's new office to combat disinformation. Pirated pdfs hold malware.

Jan 25, 2018 17:37

Description:

In today's podcast, we hear that new Satori variants are out. Turkish hacktivists use Twitter for social engineering. Parties unknown are conducting an espionage campaign against Turkish defense contractors. North Korea's Lazarus Group improves its cryptocurrency theft tradecraft. Dating app vulnerabilities are a cyber-stalker's dream date. Britain will combat disinformation with a national office of rumor control. Justin Harvey from Accenture addressing the cyber skills shortage. Guest is Jon Condra from Flashpoint, reviewing their Business Risk Intelligence Decision Report. Plus, say phooey to pirated copies of Fire and Fury. 

ISIS messaging. Intel will roll out new Spectre/Meltdown patches. Identities for sale on the dark web. IDN spoofing. SpriteCoin ransomware, with a malware chaser. Three Sonic games may be trouble.

Jan 24, 2018 17:23

Description:

In today's podcast we hear that ISIS is howling "we are in your home" as they lose their own home. Intel says a new patch for Spectre and Meltdown is coming to fix instability problems. Babies' social security numbers and other data are for sale on the dark web. So are email credentials from top-500 British law firms. Look closely at urls—IDN spoofing is out and about. Satori expands the reach of its botnets. New ransomware strains surface. SpriteCoin is no coin at all. Joe Carrigan from JHU responding to listener mail about disabling links in email. Chris Webber from SafeBreach on using simulations to test for Meltdown and Spectre vulnerabilities. And Sonic the Hedgehog fans watch out: three popular games may expose you to hacking. 

Evrial and the Clipboard threat. SamSam ransomware recovery. Olympic hacking? Russian bots. Crime and punishment. Speculated origins of Bitcoin.

Jan 23, 2018 15:43

Description:

In today's podcast, we learn that the Evrial Trojan is interested in what's on your Windows Clipboard. The healthcare sector continues its struggle to recover from SamSam ransomware. People raise the possibility that Olympic timekeeping could be hacked. They're not saying it was, just that it might be. Russian troll farms are barking at the US House Intelligence Committee and the Czech Presidential run-off election. Some notes on crime and possible punishment. Malek Ben Salem from Accenture Labs on the challenges of deploying next-generation cryptography. And there are two new theories about Satoshi Nakamoto. 

Fancy Bear Duping Doping Domains — Research Saturday

Jan 20, 2018 13:22

Description:

Researchers at ThreatConnect have discovered evidence that Fancy Bear, a cyber espionage group generally associated with Russia's military agency GRU, may be spoofing domains belonging to the World Anti-Doping Agency (WADA), the US Anti-Doping Agency (USADA), and the Olympic Council of Asia.

Kyle Ehmke is a threat intelligence researcher with ThreatConnect, and he takes us through their work.  

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative. Learn more at https://www.hewlett.org/cyber/

AllScripts works to remediate ransomware in medical apps. Group 123 hits ROK targets. Triton/Trisis zero-day. Dark Caracal espionage op. Section 702 renewed. GhostTeam ejected from Play Store.

Jan 20, 2018 25:11

Description:

In today's podcast we hear about ransomware afflicting a healthcare IT provider. Group 123 phishes in South Korean waters. Schneider Electric describes the zero-day Triton/Trisis exploited. The Dark Caracal spyware campaign is attributed to Lebanon's intelligence service. The US Congress will extend Section 702 surveillance authority for six years. GhostTeam-infected apps are booted from the Play Store. Jonathan Katz from the University of Maryland ponders "uncrackable" quantum encryption. Graham Cluley from the Smashing Security podcast drops by for a chat about the state of the industry. And is there ever a good reason to write down a password? 

Big healthcare data breach. False civil defense alerts. Davos will take up cyber next week (among other topics). Exobot on the block. Satori in your wallet? Ponzi scheme or pump-and-dump?

Jan 19, 2018 17:08

Description:

In today's podcast we hear that Norway's Southern and Eastern Regional Health Authority has suffered a breach. False civil defense alerts are mistakes, not hacks, but they're worth some attention. Davos will take up international conflict and cybersecurity next week. Banking Trojan Exobot holds a going-out-of-business sale. Satori botnet rifles cryptocurrency wallets. Emily Wilson from Terbium Labs, looking at the upcoming Olympics and midterm elections. Guest is Nadav Avital from Imperva on web application vulnerabilities. And was Bitconnect's collapse a Ponzi scheme, a pump and dump, or something else? 

Section 702 update. Kaspersky reports on Skygofree—dangerous Android spyware. Recorded Future on DPRK spearphishing. Healthcare hacks. Bogus patches. VR game could expose users.

Jan 18, 2018 16:42

Description:

In today's podcast, we hear that the US Senate is ready, after a successful cloture motion, to vote on Section 702 surveillance reauthorization. Bipartisan Congressional support for election security bill. Skygofree is an unusually capable variety of Android spyware. More evidence ties North Korea's Lazarus Group to a Bitcoin spearphishing campaign. German users lured by fake Spectre/Meltdown patch sites. Healthcare organizations hit with a variety of attacks. Zulfikar Ramzan, CTO at RSA, introduces himself as we welcome him to the show. Guest is Mark Orlando from Raytheon Cyber on the Korean Olympics phishing campaigns. Thinking of VR adult content? Think twice. No, better, think thrice. 

New Mirai variant forming. Meltdown and Spectre remediation updates. Notes on Russian hacking. Charges in swatting death.

Jan 17, 2018 20:00

Description:

In today's podcast, we hear that a new Mirai variant, Okiru, is forming botnets of ARC-based IoT devices. Meltdown and Spectre remediation continues. CIA is said to have confirmed that NotPetya was a GRU operation. Suspicions rise that the Shadow Brokers used security tools to scan for classified documents. US and Canadian officials raise alarms about election influence operations. Wichita swatter charged with involuntary manslaughter. Malicious Chrome extensions spotted. Robert M. Lee from Dragos on the security of petroleum ICS. Guest is Lance Cottrell from Ntrepid on the importance of net neutrality for security. And USB drives contain the darndest things. 

Shake Your MoneyTaker — Research Saturday

Jan 13, 2018 18:14

Description:

A group of Russian-speaking hackers have stolen nearly $10 million from banks around the world. Group-IB, a company with expertise in computer forensics, information security and, specifically, Russian‑speaking criminal groups, have named these thieves MoneyTaker. Nicholas Palmer is the director of international business development at Group-IB, and he's joined by their head of threat intelligence, Dmitry Volkob to explain the MoneyTaker group's schemes.

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative. Learn more at https://www.hewlett.org/cyber/

Spectre and Meltdown patches may be messy, but not as performance-killing as feared. AMT exploit. Mobile ICS apps. Monero mining. Badness in the Play Store. Huawei ban? Droning while drunk.

Jan 13, 2018 24:50

Description:

In today's podcast, we hear that Spectre and Meltdown have continued to receive patches, and they may not be as performance-killing as feared. F-Secure says if you leave your laptop alone it could be pwned in 30 seconds. Mobile ICS apps seem to be getting less, not more, secure. Google boots more bad stuff from the Play Store. Monero miners afflict unpatched Oracle WebLogic servers (so patch). The US Congress considers a Huawei ban. Johannes Ullrich from SANS and the Internet Stormcast podcast on IoT gifts. Guest is Phil Reitinger from the Global Cyber Alliance, an international, non-profit organization headquartered in New York City and London that is focused on eradicating systemic cybersecurity risks. And New Jersey is considering solving one of its biggest problems: droning under the influence. Sprung from cages on Highway 9 or not, don't try that on the turnpike, kids. 

Aadhaar updates. Fancy Bear doxes the Olympics. WhatsApp snooping vulnerability discussed. Spectre and Meltdown patching. US House reauthorizes Section 702. Bitcoin isn't Bitcoin Cash.

Jan 12, 2018 19:23

Description:

In today's podcast we hear that the Government of India is working on Aadhaar security, suspending many officials' access. Fancy Bear doxes the IOC. WhatsApp snooping proof-of-concept revealed. Spectre and Meltdown patching continues. The US House voted to reauthorize Section 702 surveillance (the Senate is considering its own version). On the FBI's unwanted list: jerks and evil geniuses (and they're scowling in the direction of Cupertino). Rick Howard from Palo Alto Networks on AI and ML in cyber security. Guest is Shelley Westman from EY, with the results from their Global Information Security Survey. Conflating Bitcoin with Bitcoin cash could have been an e-commerce issue. 

Turla returns. Moscow interested in Mexican elections? FakeBank mobile Trojan hits Russian banks. Phishing the Olympics. Patch Tuesday. Bad flashlights, nice doggie.

Jan 11, 2018 15:46

Description:

In today's podcast, we hear that Turla's back, with a depressingly nifty man-in-the-middle campaign. The US thinks it sees Russia trying to influence Mexico's national elections. Russian banks are hit with a new mobile Trojan. Iran continues its Internet crackdown, and conducts more domestic surveillance and hacking. Winter Olympics-themed cyberattacks rely on well-crafted social engineering. Patch Tuesday addressed Spectre, Meltdown, Flash, and an Office zero-day. Yossi Oren from BGU on vulnerabilities in mobile device replacement touchscreens. Stay away from flashlight apps. (And take a look at your dog-walker's app, too, while you're at it.) 

Spectre and Meltdown mitigations. Psiphon and Iran's unrest. Olympic phishing. Mobil pop-up redirection. Alt-coin speculation.

Jan 10, 2018 17:04

Description:

In today's podcast, we hear about how Spectre and Meltdown mitigations are proceeding, with many successes (but some blue-screen-of-death failures, too). Psiphon looks like the souped-up VPN of choice for Iranian dissidents, as that country's Internet crackdown continues. Pop-up ads infest mobile devices as an old tactic finds new scope for its misapplication. Olympic phishing targets South Korean companies. China moves to stop illicit cryptocurrency miners. Jonathan Katz from UMD on bitcoin mining power use. Guest is Udi Yavo from Ensilo on Process Doppelganging. Is there an alt-coin bubble? Sure looks like it. 

Korean-language phishing targets interest in the Winter Olympics. Unrest continues in Iran. Meltdown and Spectre updates. Aadhaar security. Admiral Rogers will retire this spring from NSA.

Jan 9, 2018 16:03

Description:

In today's podcast we hear that someone is phishing for hockey enthusiasts during the run-up to the Winter Olympics. Continued unrest in Iran, with more arrests. More on Meltdown and Spectre, as most experts agree you should apply the mitigations being offered. Intel receives much hostile scrutiny over the chip bugs, but other vendor's processes are affected, too. India says Aadhaar is secure, but many aren't so sure. Admiral Rogers will retire as NSA Director this spring. Ben Yelin from UMD CHHS on legislation to enable hacking back, ACDC, the Active Cyber Defense Certainty act. Marcus Hutchins' attorneys want his confession to involvement with Kronos thrown out. 

TRISIS Malware: Fail-safe fail — Research Saturday

Jan 6, 2018 35:18

Description:

Robert M. Lee. is CEO of Dragos Security, a company that specializes in the protection of industrial control systems. He’s describing his team's research on TRISIS, tailored ICS malware infecting safety instrumented systems (SIS), so far found only in the middle east. It's only the fifth known incident of malware targeting ICS systems. 

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative. Learn more at https://www.hewlett.org/cyber/

Meltdown and Spectre, risks and mitigations. Aadhaar compromised. Blockchain bubbles.

Jan 6, 2018 21:38

Description:

In today's podcast we hear how Meltdown and Spectre have put the fear of hardware flaws into enterprises everywhere. No family of systems can be safely assumed to be immune. Most are positively identified as vulnerable. Proofs-of-concept show that remote attacks exploiting chips' speculative execution features are feasible. India's Aadhaar national identification database is compromised. Justin Harvey from Accenture with his outlook on 2018. Guest is Dinah Davis from Code.likeagirl.io and Arctic Wolf Networks. We’re discussing trade shows and conferences, and the importance of having diverse panels. Cryptocurrency speculative mania continues. 

Meltdown and Spectre arose from engineering for speed—most chips are affected. Bogus security apps kicked out of Google Play. Iran's Internet crackdown. Indications of a guilty plea in NSA leak case.

Jan 5, 2018 16:40

Description:

In today's podcast we follow the story of Meltdown and Spectre, which pose kernel-level security issues: speed was inadvertently purchased at the price of insecurity. Spectre affects most chips, not just those from Intel. Mitigations are on the way. Bogus security apps booted from Google Play. Be on the lookout for phony Android Uber apps. Iran's Internet crackdown continues. Michael Daly from Raytheon and David DuFour from Webroot share their views on Meltdown and Spectre. And former NSA contractor Hal Martin may plea to taking one classified document home with him. 

Iranian dissent takes to Tor. Iran cracks down on Internet services (and Infy gets busy). Kernel memory issue in Intel processors. macOS bug published. "Trackmageddon." Curating YouTube. Condolences to a SWATTING victim's family.

Jan 4, 2018 17:57

Description:

In today's podcast we hear that Iran's crackdown on Internet channels of dissent continues. Intel processors are determined to have a deep security flaw: cloud users are likely to be affected. A macOS local privilege escalation vulnerability is published. The "Trackmageddon" location service vulnerability seems to originate in a buggy API. The suicide forest video appears to have passed through YouTube's human curators. The man arrested in the Wichita police shooting may have been a serial SWATTER. Joe Carrigan from JHU on holiday IoT devices. Guest is Thomas Jones from Bay Dynamics on updated NIST rules for DOD contractors. 

ISIS claims responsibility for bombing in Russia. Iranian unrest involves Telegram, Instagram. Proposed FERC reporting standards. YouTube gone bad, and an arrest in a horrific swatting prank.

Jan 3, 2018 13:58

Description:

In today's podcast we hear that ISIS has claimed responsibility for the December 27th St. Petersburg shopping center bombing. UK authorities seek to think ahead about cyber terror. US standards bodies propose more stringent mandatory reporting of cyber incidents at electrical utilities. Unrest in Iran prompts a government crackdown on the Internet. We meet our newest academic & research partner, Dr. Yossi Oren from Ben Gurion University. A YouTube celebrity learns something of the limits of the funny, and a Los Angeles man is arrested in a horrifying SWATTING attack that killed an utterly uninvolved bystander. 

Hunting the Sowbug — Research Saturday

Dec 30, 2017 17:05

Description:

Alan Neville is a senior threat intelligence analyst at Symantec located in Dublin. He is responsible for leading and documenting investigations into high priority attacks.

He recently published research on the Sowbug cyber espionage group targeting South American and Southeast Asian governments.


https://www.symantec.com/connect/blogs/sowbug-cyber-espionage-group-targets-south-american-and-southeast-asian-governments

The German Cybersecurity Market with Gerald Hahn

Dec 30, 2017 12:33

Description:

Gerald Hahn is CEO of Softshell ag, a German cybersecurity company. He shares his insights into the market for cybersecurity products in the German market, and how US companies can best prepare themselves to do business, there. 

The CISO's changing role with Andrew Wild

Dec 29, 2017 14:48

Description:

Andrew Wild is CISO at QTS Data Centers. He shares his insights into the changing role of the Chief Information Security Officer, as businesses shift their focus toward risk.

"Hacked Again" author Scott Schober

Dec 28, 2017 18:08

Description:

Cybersecurity expert and author Scott Schober shares his personal story of being hacked, and how it set him on a mission to help prevent it from happening to others.

Active defense and “hacking back" with Johnathan Braverman from Cymmetria

Dec 27, 2017 14:26

Description:

Jonathan is Cymmetria's General Counsel. A former trial attorney, Mr. Braverman is an expert in cyber-security law, policy and regulation. He has written policy papers on export controls over cyber technology, active defense and "hacking back."

Keyboys back in town — Research Saturday

Dec 23, 2017 18:13

Description:

In this edition of the CyberWire Research Saturday, we'll take a look at a more recent intrusion PwC has uncovered, named KeyBoy and highly likely a China-based threat actor. It uses compromised Word documents to gain access.

Bart Parys is a lead researcher in PwC's cyber threat intelligence team, responsible for tracking cyber threat actors, their latest toolsets and methodologies. 


https://www.pwc.co.uk/issues/cyber-security-data-privacy/research/the-keyboys-are-back-in-town.html

Updates on Triton ICS malware attack. DPRK and WannaCry. Cryptocurrency crime and an alt-coin market correction. Fancy Bear sightings.

Dec 23, 2017 23:39

Description:

In today's podcast we hear some updates on the Triton ICS malware campaign. North Korea amplifies its denials of responsibility for WannaCry. Cryptocurrency markets undergo a strong correction. "Blockchain" remains a word to conjure with. Citing a potential risk to national security, Lithuania's government bans Kaspersky software. ESET thinks Fancy Bear is growing more cunning and evasive. Chris Poulin from BAH on the transition to self driving cars, and the problem with selling fear and uncertainty. Guest is Kim DeCarlis from Gigamon on marketing cyber security. And how does Siri handle various linguistic challenges? 

More data found exposed in an AWS S3 bucket. EtherDelta's DNS impersonation issue. DPRK says it doesn't hack. FISA Section 702 nears sunset. Wassenaar updated. Kaspersky says its due process rights have been violated.

Dec 22, 2017 19:40

Description:

In today's podcast, we suggest a new year's resolution all organizations should make: resolve to configure your cloud services for privacy and security. Another cryptocurrency exchange gets hacked, this one by DNS hijacking. North Korea finally says it had nothing to do with WannaCry, but few are convinced. The Lazarus Group continues to be a prime suspect in cryptocurrency theft. Section 702 nears sunset. Wassenaar seems to have become friendlier to researchers.  David DuFour from Webroot on quantum computing and AI. Guest is Joseph Carson from Thycotic on stolen passwords on the black market. And Kaspersky Lab wants redress in court. 

Pyongyang's snarling through cyberspace, and what others are doing about it. Coppersmith espionage campaign in the Middle East. GDPR approaches. Giving your kid a smartphone?

Dec 21, 2017 18:26

Description:

In today's podcast, we talk about what the Five Eyes see. Implications of North Korean responsibility for WannaCry. Defense and deterrence go with naming and shaming. The Lazarus Group looks to cryptocurrency theft to redress North Korean financial shortfalls. Copperfield cyber espionage campaign in the Middle East. GDPR approaches, and organizations look to get their data houses in order (and buy insurance). Justin Harvey from Accenture on choosing threat intelligence. Guest is Stan Engelbrecht from D3 Security on the vulnerabilities in public transportation. And what to do if your child gets a phone from Santa. 

North Korea officially blamed for WannaCry. US National Security Strategy and cyber. Hex Men are up to no good. Cryptocurrency crimes. Cyberespionage. Misconfigured printers. Bad passwords.

Dec 20, 2017 19:05

Description:

In today's podcast, we hear that the Five Eyes look at WannaCry and officially see Pyongyang. New US National Security Strategy emphasizes economic power and cybersecurity (and names the adversaries). Hex Men are no super heroes. More Bitcoin theft bankrupts an alt-currency exchange. Android Monero miner can basically melt your phone, it's working so hard. Users leave Lexmark printers open to the Internet. AnubisSpy peeks at Arabic-speaking Android users. Joe Carrigan from JHU on holiday IoT devices. Guest is Chris Webber from SafeBreach, reviewing the third edition of their Hacker’s Playbook. And guess the two worst passwords of 2017. 

Zealot and Monero mining. Bitfinex DDoS. Triton/Trisis shows risks of committing safety and control to the same systems. Bitcoin crime. M&A news. Hair of the dog.

Dec 19, 2017 14:18

Description:

In today's podcast, we hear how the Zealot campaign uses ShadowBrokers' exploits to install a Monero miner on victim systems. Bitfinex suffers another DDoS attack as Bitcoin valuations remain high. Triton attack on industrial safety systems shows the risk of mixing control with safety. Exposed database of California voters investigated. Thales will buy Gemalto. Johannes Ullrich from SANS and the Internet Storm Center podcast, on scammers profiteering from natural disasters. And suffering from social media hangover? Try a little hair of the dog that bit you (say social media vendors). 

The unique culture of the Middle Eastern and North African underground — Research Saturday

Dec 16, 2017 22:04

Description:

Online underground markets thrive across the globe, with the Middle East and North Africa being no exception. Researchers at Trend Micro recently too a look inside these digital souks, and while much of what they discovered matches similar online marketplaces, there are unique cultural elements that set these regional trading posts apart.

Jon Clay is a cyber security expert from Trend Micro, and he takes us through their research paper, "Digital Souks: A Glimpse into the Middle East and North African Underground."

Internet shut down in Ethiopia. TRITON ICS malware updates. Security products patched. Cryptocurrency capers.

Dec 16, 2017 22:48

Description:

In today's podcast, we hear that Ethiopia's government has shut down the country's Internet during a period of unrest. TRITON ICS malware update. The FCC moves away from net neutrality. UK warnings about cable vulnerabilities. When a keylogger isn’t a keylogger. Security companies patch some products. Pyongyang likes Bitcoin. More on the NiceHash Bitcoin caper. Emily Wilson from Terbium Labs on breach fatigue. Colleen Huber from MediaPro on their 2017 State of Privacy and Security Awareness Report.  And, stick 'em up: your Ether or your life. 

Hacktivism threatened over embassy move. Significant probe of an industrial plant. That was no BGP error. TV blues.

Dec 15, 2017 16:44

Description:

In today's podcast we hear that Anonymous has called for action against US and Israeli government sites. FireEye reports a significant attack against an industrial plant, possibly involving nation-state reconnaissance. A lot of Internet traffic was briefly rerouted through Russia yesterday, possibly deliberately, for unclear reasons. TV troubles. Dale Drew from CenturyLink on measuring against standards and certs. Torsten Mayer from FICO on using AI to help protect nonprofits online.  And if toys are getting too connected, consider a puppy—very interactive. 

A look back at Patch Tuesday. Classic games on Android serve malware. Cryptocurrency speculation. Info ops updates. Phony hitmen. Guilty pleas in Mirai case.

Dec 14, 2017 19:02

Description:

In today's podcast we hear a reminder about yesterday's Patch Tuesday. Classic Android games are serving malware. Crytpocurrency speculative fever continues to rise. More unwelcome miners are pulling Monero out of streaming video services. Ransomware extortionists are finding Bitcoin prices sometimes rise too fast for comfort. False hit-man spam. A Russian hacking defendant, in Russia, says Putin made him do it. Robert M. Lee from Dragos on the security of the water supply. Guest is Evan Dornbush from point3 security on the disconnect between employers and educational institutions. Guilty pleas in the Mirai case. 

Catphishing for spies. Banking Trojans. Spider ransomware. CoinHive comes to Starbucks. SEC stops another ICO. BrickerBot retired?

Dec 13, 2017 19:03

Description:

In today's podcast, we hear that Berlin says Beijing's been catphishing, and that Beijing says no way. Banking Trojans in Google Play look for Polish accounts. Spider malware spins out of the Balkans. Transferring risk doesn't mean you can ignore it. The SEC calls cease-and-desist on another ICO. That venti in Buenos Aires may have come with a CoinHive miner. Rick Howard from Palo Alto Networks on DevOps vs. site reliability engineers. Marcelle Lee from LookingGlass on the Bad Rabbit ransomware. The Doctor puts down his tools and closes BrickerBot. 

Al Qaeda tries its hand at inspiration. MoneyTaker cyber bank robbers. Dark web database holds a billion credentials. Bitcoin speculation and Bitcoin fraud.

Dec 12, 2017 13:35

Description:

In today's podcast, we hear that al Qaeda is working on ISIS-style inspiration. The MoneyTaker gang has been raiding banks quietly for about a year and a half. HP fixes an inadvertent keylogger in its laptops. 4iQ finds a huge database of aggregated credentials from many breaches for sale on the dark web. Bitcoin and other cryptocurrencies attract scams and hackers. Why? That's where the money is. Ben Yelin from UMD CHHS on the proposed Cybersecurity Improvement Act of 2017 legislation. An ICO scam artist is in the SEC's crosshairs, but they'll have to wait until Québec is through with him. 

Stealthy Zberp Banking Trojan — Research Saturday

Dec 9, 2017 23:07

Description:

Zberp is a stealthy banking trojan with an unconventional process injection technique. A hybrid of the ZeusVM and Carberp malware, Zberp uses a variety of techniques to prevent detection while it gathers information from infected systems. 

Limor Kessem is an executive security advisor for IBM, and she's our guide.

Iranian reconnaissance of critical infrastructure? Leaky banking apps. Microsoft's emergency patch. Ghosts of the Caliphate threaten, but have yet to deliver. New horizons in biometrics.

Dec 9, 2017 21:09

Description:

In today's podcast we learn that FireEye is warning of patient reconnaissance on the part of the (probably) Iranian APT34. The Electronic Ghosts of the Caliphate have so far failed to say "boo," except maybe in South Jersey. Flaws discovered in mobile banking apps. Bike-sharing service leaked data. Bitcoin's bubble. Microsoft patches its Malware Protection Engine. Chris Poulin from BAH on closing the gap between IT and OT people in ICS. Adam Segal from the Council on Foreign Relations on the rollout of their cyber operations tracker. And biometrics have come to the beagles: your pet door can now recognize Rover or Boots, and let them on in. Their raccoon pals stay outside. 

Hamas calls for intifada; hacktivism expected. Ethiopian government surveillance ops. Crime and cryptocurrency. Keylogger in the wild. Fixes to MacOS, Android app development tools. Uber hack and bug bounties.

Dec 8, 2017 16:54

Description:

In today's podcast we consider warnings of a hacktivist intifada as the US prepares to recognize Jerusalem as Israel's capital. How Ethiopia's surveillance was discovered. Criminals flock to cryptocurrency sites with everything from DDoS to miners to theft. Keylogger found infesting WordPress sites. Android app development tools get quick fixes. Apple updates MacOS High Sierra again. What Uber may have thought it was doing when it paid off its hackers. Section 702 surveillance authority update. Jonathan Katz from UMD on NIST’s call for algorithms for post-quantum computing. Drew Cohen from MasterPeace Solutions on drawing government talent to the private sector. A jeopardy champ faces hacking charges, and Kromtech warns about Ashley Madison (on grounds of security, not propriety). 

Satori botnet is awake (and it's not engaged in enlightenment). State-sponsored spyware campaigns. ISIS threatens cyberattacks.

Dec 7, 2017 19:09

Description:

In today's podcast, we learn that the Satori botnet flashed into existence yesterday with 280,000 bots. Is there a router zero-day out there? Insecure cryptocurrency apps aren't deterring speculators. How much energy does Bitcoin use? About as much as Denmark. Ethiopia's government is said to be using spyware against journalists. Iran's Charming Kitty espionage group is looking at media, academics, activists, and political advisors. ISIS threatens cyber havoc this Friday. Joe Carrigan from JHU on breach fatigue. Cat Coode from Binary Tattoo on social media safety. And the IOC takes a poke at Russia. Expect Fancy and Cozy Bear to poke right back. 

Andromeda takedown (with an arrest in Belarus). Mirai is back; Reaper still threatens. PayPal phishing. Tech support scam evolves. Cryptowars notes. SEC goes after an ICO.

Dec 6, 2017 17:35

Description:

In today's podcast, we hear how an international police operation took down Andromeda, and possibly the criminal mastermind known as Ar3s. Mirai is back, and so are warnings about Reaper. There's a PayPal phishing expedition in progress (don't let yourself be a wild-caught sucker). A new variant of the familiar tech support scam features a bogus blue screen of death. Germany's Interior Minister considers backdooring the IoT. The US Securities and Exchange Commission is going after dodgy ICOs. Justin Harvey from Accenture on cyber ranges. Adam Meyers from CrowdStrike on supply chain attacks. And we're not going to talk about the Internet of Those Kinds of Things. (Don't act so innocent—you know who you are.) 

Nghia Hoang Pho charged with mishandling classified NSA material. A review of other recent leaks. Kaspersky under fire in the UK. More Uber executives depart.

Dec 5, 2017 13:58

Description:

In today's podcast, we hear about an NSA employee who was charged Friday with "willful retention of national defense information." This appears to be the individual whose computer was equipped with Kaspersky security software, and scanned either by that security product or by a backdoor, depending on whom you believe. A look back at the other three alleged NSA leakers: Snowden, Martin, and Winner. Johannes Ullrich from SANS and the ISC Stormcast podcast, talking about the Kaspersky data exfiltration accusations. The UK expresses official misgivings about Kaspersky products. More Uber executives depart the company. 

Staying ahead of Fast Flux Networks — Research Saturday

Dec 2, 2017 17:08

Description:

Bad actors are using Fast Flux Networks with quickly-changing IP addresses and domain names to help hide their activities.
Or Katz, Principal Lead Security Researcher at Akamai, takes us through their recently-published white paper, "Digging Deeper — An In-Depth Analysis of a Fast Flux Network."

Flynn pleads guilty in Mueller probe. Misconfigured AWS S3 buckets, again. Election trolling and spy versus oligarch. Black Friday fraud down. Crime and punishment.

Dec 2, 2017 19:46

Description:

In today's podcast, we hear that former National Security Advisor Flynn pleads guilty to lying to the FBI. Another misconfigured AWS account is found. Cobalt is either careless or engaged in misdirection. Election trolling and mutual suspicion between Russia and the US. Kaspersky says his company didn't, doesn't, and won't spy for the Russian government as US agencies begin to purge their systems of his security software. Black Friday fraud seems to be down this year. South Korea's investigation of domestic election meddling by its cyber command sharpens. Malek Ben Salem from Accenture Labs with thoughts on GDPR. Gary Golomb from Awake Security with thoughts on properly setting priorities. And Roman Seleznev gets another fourteen years on carding charges. 

Breaches, extortion, and insider threats. Credit bureaus and GDPR. HP addresses spyware allegations. When is a snack bag more than a snack bag?

Dec 1, 2017 16:28

Description:

In today's podcast we learn that British shipping giant Clarksons was breached but refuses to pay hackers extortion. The US House may be reaching consensus on surveillance authorities. INSCOM mops up Red Disk leak. The US Defense Department may have more work to do countering insider threats. HP denies reports of spyware in its PCs. Apple fixes High Sierra. Credit services think through the implications of GDPR. Robert M. Lee from Dragos, reviewing ICS and natural gas. Shaun Walsh from Cylance on AI. And snack foods, mens rea, Faraday cages, and employment law. 

Building your cyber security career — CyberWire Special Edition

Dec 1, 2017 32:32

Description:

In this CyberWire special edition, we take a closer look at finding your career in cyber security. Just how important is that degree? Does it make sense to invest in certifications? What are employers really looking for when they’re searching for qualified cyber security talent? And why is it critical that you not just hunt down a sexy, high paying job, but build yourself a fulfilling career?

Sharing their insights and expertise are Kathleen Smith, CMO from Clearedjobs.net and cybersecjobs.com, and Robert M. Lee, CEO of Dragos.

Another misconfigured AWS S3 bucket, this one with US Army INSCOM files. Apple fixes a major issue in MacOS. Influence ops and autarky. Boyusec disbanded.

Nov 30, 2017 19:51

Description:

In today's podcast we hear that another misconfigured AWS S3 bucket has turned up. This one holds sensitive US Army files. Apple fixes a big flaw in the latest MacOS High Sierra version—the password is…"root." Russia says American aggression in cyberspace is moving it to create its own DNS. Russia and Venezuela exploit the Catalan independence movement for disruptive information operations. Boyusec, mentioned in recent US indictment, has been disbanded.  Dale Drew from CenturyLink with lessons on consolidation. Jason McGee from IBM on software containers. 

Who's the third man in the Shadow Brokers leaks? ISIS diaspora means more ISIS online. Monero miner identified. Tizi backdoored apps booted from Google Play. Scarab ransomware. M&A notes. Indictments in IP theft.

Nov 29, 2017 17:07

Description:

In today's podcast we hear rumors that the third-man in the Shadow Brokers leak might soon become publicly known. ISIS enters its diaspora phase. Monero miner targets Macs. Google Play ejects apps with the Tizi [tizzy] backdoor. Scarab ransomware blasted out in spam campaign. Uber's value takes a hit, post-breach-disclosure. Barracuda Networks taken private. Trend Micro buys Immunio.  Emily Wilson from Terbium Labs on the privacy of children online. Bryan Ware from Haystax on analyzing incoming data streams. And the Pittsburgh FBI office takes another whack at Chinese industrial espionage. 

Breach disclosure: fast and slow. Mirai's minor comeback. Anti-ISIS Hacktivsts strike Amaq. North Koreans studying blockchain. Alleged Game of Thrones hacker indicted.

Nov 28, 2017 14:23

Description:

In today's podcast, we hear that image-sharing service Imgur disclosed a data breach. It happened sometime ago, but they were quick to get the word out once they were aware of it. Uber faces regulatory attention and possible post-hack headwinds for its aniticipated IPO. Mozilla's working on a Firefox add-on to warn you that a site you're visiting has been breached. There's a minor resurgence of Mirai, mostly from routers in Argentina. Anti-ISIS hacktivists school the Caliphate in information operations. What did the FBI know about Fancy Bear? North Koreans study blockchain. Ben Yelin from UMD CHHS on President Trump’s recently signed Cyber Crime Fighting Act. And winter is coming for an Iranian hacker. 

Waiting for Terdot, a sneaky banking Trojan — Research Saturday

Nov 25, 2017 17:31

Description:

The Terdot Banker Trojan is a descendant of the Zeus family of malware, and has evolved to feature serious espionage capabilities. It can compromise transactions, steal accounts and credit card information, and can eavesdrop on and modify traffic on social media and email platforms. While not yet widely spread, it's a threat to consumers and businesses alike.

Bogdan Botezatu is a senior e-threat analyst at Bitdefender, and he takes us through their recently published whitepaper.

The Right to Be Forgotten with Yale Law School's Tiffany Li

Nov 23, 2017 18:31

Description:

Our guest today is Tiffany Li. She’s an attorney and Resident Fellow at Yale Law School’s Information Society Project. She's an expert on privacy, intellectual property, and law and policy, and her research includes legal issues involving online speech, access to information, and Internet freedom. She’s coauthor of the paper, Humans Forget, Machines Remember: Artificial Intelligence and the Right to Be Forgotten, which will be published soon in Computer Security & Law Review.

Cyberspace in Peace and War author Martin C. Libicki

Nov 22, 2017 26:49

Description:

Today's show features an extended interview with Martin C. Libicki. He holds the Maryellen and Richard Keyser chair of cybersecurity studies at the U.S. Naval Academy. His most recent book is Cyberspace in Peace and War. Topics include the differences between cyber war and cyber espionage, the possibilities of a cyber Pearl Harbor or Cyber 9/11, and the risk of nations overreacting to cyber attacks.

PwC Principal Jocelyn Aqua on Earning Consumer Trust and Business

Nov 21, 2017 20:20

Description:

Our guest today is Jocelyn Aqua. She’s a principal at PwC, where her specialty is regulatory privacy and cybersecurity. Our conversation centers on a recently published report from PWC called Protect Me, what they describe as an in-depth look at what consumers want, what worries them, and what companies can do to earn their trust and their business.

Dark Net Pricing with Flashpoint's Liv Rowley — Research Saturday

Nov 18, 2017 19:06

Description:

Cybercriminals offer all sorts of illicit goods for sale on Deep and Dark Web markets. In this episode, Liv Rowley, cybercrime intelligence analyst at Flashpoint, takes us through her team's research into the pricing of certain illegal goods online, including "Fullz", exploit kits, DDoS for hire, RDP servers, card data, bank logs and passports. Supply meets demand in this shady underground ecosystem.

AWS S3 misconfigurations. Kaspersky's report on the Equation Group affair. Cybercrime notes. DPRK cyber campaigns. The VEP reviews continue positive. Amazon Key has issues.

Nov 18, 2017 20:46

Description:

In today's podcast, we hear about more misconfigured S3 buckets (these in Australia). Kaspersky Lab protests its innocence as it releases a study of Equation Group leaks. Notes from the world of crime: dual-purpose Trojans, fake-news-as-a-service, and how the cops are keeping the robbers hopping. Some thoughts on Hidden Cobra, and what it means for ICS operators in particular. More positive notices for the VEP. Chris Poulin from BAH on AI ethical conundrums with self-driving cars. Jeremy Wittkop from InteliSecure on the trouble with Social Security Numbers. And Amazon Key may unlock more than one would like.  

Revisions to the US VEP (and comparisons to China's). DPRK hacking. Laurel mole hunt. BlueBorne is back. Snakes in the Play Store. Can you sound like a child?

Nov 17, 2017 18:22

Description:

In today's podcast, we get an update on the US Vulnerabilities Equities Process, which now promises more transparency, accountability, and stakeholder representation in handling zero-days. A look at China's equivalent…doesn't. Worries about North Korean hacking. Mole hunting at Fort Meade. BlueBorne bugs in home assistants. More malware in Google Play. David DuFour from Webroot on the importance of communication with the board of directors. Roy Katmor from Ensilo on attacks using social engineering. And how to get around that pesky voice recognition software. 

Hidden Cobra's RATs. IoT bugs. Patch Tuesday notes. Backdoored smartphones. Russian trolling, propaganda. DPRK short wave hacked?

Nov 16, 2017 18:52

Description:

In today's podcast, we hear that the DHS and FBI have warned that two North Korean malware campaigns are active in the wild. IoT vulnerabilities are disclosed. :Smartphones ship with apparently inadvertent backdoors. Patch Tuesday was a big one, this month. Russian trolls took both sides in the Brexit vote. A pro-tip from the squints: a screenshot from a video game isn't, you know, actually gun-camera footage. Ben Yelin from UMD CHHS on the possible expiration of section 702 of the FISA act. Orion Hindawi, CEO of Tanium, with insights gathered from their annual Converge conference. And North Korean shortwave gets hacked to play Eighties rock. 

Influence operations in Catalonia? IcedID banking Trojan. The Shadow Brokers: an intelligence service or a bunch of moles? Patch notes.

Nov 15, 2017 18:55

Description:

In today's podcast, we hear that Spain sees foreign influence operations in Catalonia. IBM's X-Force warns of a new banking Trojan. There may be a mole hunt going on in NSA—and somewhere the Shadow Brokers are smiling. Anti-virus companies fix the AVGater vulnerability. Firefox and Google both commit to security upgrades. Johannes Ullrich from SANS Technology Institute and the ISC Stormcast podcast on the challenges of random number generation. Steve McGregory from Ixia on the challenges of dealing with the virtually infinite computing power and bandwidth of cloud computing. Tenable urges people to avoid breaches through good hygiene, and Carbon Black wishes we'd stop calling attackers "hackers." 

Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. We read Recorded Future’s free intel daily, you might find it valuable, too.

Cylance is revolutionizing cybersecurity with products and services that proactively prevent, rather than reactively detect the execution of advanced persistent threats and malware. Learn more at cylance.com.

Dragos is leading a webinar on November 21st that will help enable industrial control system (#ICS) security teams to defend their environments appropriately. Check it out at thecyberwire.com/dragos.

Vault 8 and false-flag allegations. Mole hunting. Equifax breach costs. ISIS returns to WordPress defacements. RoK domestic political influence scandal.

Nov 14, 2017 15:35

Description:

In today's podcast, we hear how Vault 8 has succeeded Vault 7 among WikiLeaks dumps (but it's still all CIA all the time from Mr. Assange and company). GCHQ expresses concerns about Kaspersky anti-virus products. Media reports suggest that NSA is in the middle of a big mole hunt. Equifax begins to tally up the costs of its breach. The US Intelligence Community reiterates its conclusion that dog bites man, or rather, that Russia wants to work mischief with the United States. ISIS defaces school websites. Bin Laden fils [feess] takes up his late father's mantle online. Some notes on South Korea's domestic influence investigations. A look back at the SINET showcase. Rick Howard from Palo Alto networks discussing “vendor in depth” and “best of breed” strategies. 

Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. We read Recorded Future’s free intel daily, you might find it valuable, too.

Cylance is revolutionizing cybersecurity with products and services that proactively prevent, rather than reactively detect the execution of advanced persistent threats and malware. Learn more at cylance.com.

Dragos is leading a webinar on November 21st that will help enable industrial control system (#ICS) security teams to defend their environments appropriately. Check it out at thecyberwire.com/dragos.

Podcast sponsor 1-Recorded Future: http://goo.gl/wphZ1z
Podcast sponsor 2- Cylance: https://goo.gl/fHR65L
Friday sponsor- Dragos: https://goo.gl/nqR2yq

Taiwan Bank Heist and Lazurus Group with BAE's Adrian Nish — Research Saturday

Nov 11, 2017 13:22

Description:

Dr. Adrian Nish is head of cyber threat intelligence at BAE Systems. His team has been tracking a new cyber-enabled bank heist in Asia. Some of the tools used are reminiscent of the Bangladesh Bank attack from February 2016.

The full report can be found here.

Macro-less malware. Metacriminals and botnet herders. Hacking ships and airliners. Cryptocurrency glitch. Congratulations to the SINET 16.

Nov 10, 2017 20:34

Description:

In today's podcast, we hear that there's no honor among thieves, or botnet herders, either. Reaper still seems quiet. Macro-less malware is a problem, Microsoft warns. Researchers show you can hack an airliner's avionics. The maritime shipping sector worries that Maerk's experience with NotPetya isn't just a one-off. Ether—the cryptocurrency—is disappearing into the aether (at least this once). Justin Harvey from Accenture on the importance of not failing the basics. Guest is David Barzilai from Karamba Security on the security of embedded systems in automated cars. And we congratulate this year's SINET 16. 

Fancy Bear's new moves. OceanLotus and Sowbug cyber espionage groups active. Notes from CyCon, and a look at industry news.

Nov 9, 2017 18:27

Description:

In today's podcast we hear some industry news today, briefly, before we get to the cloak-and-keyboard stuff. Fancy Bear has some new dance steps. OceanLotus and Sowbug, threat actors, not plants or insects, as you might be forgiven for thinking, snoop on ASEAN and Latin America, respectively. Notes on international law and the future of cyberwar from CyCon. Joe Carrigan from JHU on the difficulties in reporting vulnerabilities. Robert Rodriguez from SINET on the trends he sees from the companies winning the SINET 16. And Appleby insists the Paradise Papers were not an inside job. 

Stolen Paradise Papers aren't making people or companies look good. Off-year election security. Trollhunting. Notes on the future of cyber conflict from CyCon 2017.

Nov 8, 2017 19:15

Description:

In today's podcast we hear more on the Paradise Papers, where the optics are looking more Inferno than Paradiso. Off-year elections in the US are on today amid general concerns about, well, somebody doing something to them. Trollhunting sometimes brings down the wrong targets. Notes on the future of cyber conflict from CyCon 2017. The Internet's co-inventor says it's time to hold coders accountable for buggy software. Emily Wilson from Terbium Labs with thoughts from a conference in the Netherlands. Wesley Simpson from (ISC)2 making the case that security is a people problem. And Facebook will keep your naughty selfies off the Internet. Really—just upload them to the right place. 

The Paradise Papers, tax avoidance, and quiet investments. Kaspersky affair updates. Retaliation against influence operations?

Nov 7, 2017 13:09

Description:

In today's podcast, we hear about the Paradise Papers, a trove of documents obtained from a Bermuda law firm thatcontain details not only about wealthy tax avoiders, but about investments as well. Kaspersky says that its antivirus software did, after all, copy files that weren't viruses. (But they were still bad files.) US Senate Majority Leader McConnell says tech companies should help the US retaliate against nation-states' cyberattacks. Dale Drew from CenturyLink with a call for introspection when considering cyber defenses. 

Exploring Phishing Kits with Duo Security's Jordan Wright — Research Saturday

Nov 4, 2017 29:45

Description:

In this episode of the CyberWire’s Research Saturday we are joined by Jordan Wright, Senior Research and Development Engineer at Duo Security. He’s the author of the research report, “Phish in a Barrel,” which describes his work gathering and examining thousands of phishing kits from around the web.

BadRabbit misdirection? Fancy Bear's wish list. AWS misconfigurations. Data breach notes.

Nov 4, 2017 20:46

Description:

In today's podcast, we hear that BadRabbit looks like misdirection. Fancy Bear's wish list is out, and it's very long, and very global. US prosecutors may be preparing to indict half-a-dozen Russian officials in the DNC hack. Malaysia continues to recover from a major series of data breaches. GhostWriter poses a man-in-the-middle threat to AWS users who misconfigure their accounts. And it was Halloween, but the ShadowBrokers weren't much in evidence. Perhaps they were unrecognizable in their Wonder Woman and Mighty Thor costumes? David DuFour from Webroot on recent ransomware trends. 
Guests are Sherrie Caltagirone, founder and executive director of the Global Emancipation Network (GEN), and Andrew Lewman, SVP of DarkOwl. They are using the tools of cyber security to help stop human trafficking online. 

The Manhattan terror suspect claims allegiance to ISIS, but ISIS hasn't claimed him. Crimeware notes. Patching news. Crypto wars update. What the Senate learned about info ops.

Nov 3, 2017 17:30

Description:

In today's podcast, we hear that, while the Manhattan truck-ramming terrorist claims ISIS, ISIS hasn't claimed him. Notes on conventional cybercrime, with some resurgent banking Trojans and mobile malware. Apple patches iOS against KRACK vulnerabilities. WordPress issues another fix for SQL injection bugs. US Deputy Attorney General Rosenstein takes up the pro-access banner in the crypto wars, but few from the tech sector are rallying to him. Senate hearings on Russian influence operations continue. Chris Poulin from BAH on augmenting human capabilities. Robert Knapp from CyberGhost on employers raising awareness of cyber security within their organizations.  

Ransomware old and ransomware new, but can you distinguish it from a wiper? Influence operations hearings on Capitol Hill.

Nov 2, 2017 17:36

Description:

In today's podcast, we hear about ONI ansomware in Japan that may prove to be a wiper. Ukraine blames NotPetya operators Black Energy for BadRabbit. Pyongyang feels London is picking on it. Fishing Facebook in Nordic nations. Security firms sell certificate authority business. Twitter won't sell any more ads to RT or Sputnik. Johannes Ullrich from SANS Technology Institute and the ISC Stormcast podcast on honeypots. Russell Jones from Deloitte with the results from a recent medical security poll.During hearings on influence operations, Senators wonder why Facebook wasn't suspicious when people paid for their advertising in rubles. 

A BadRabbit and Reaper update. EU and cyberwar. DPRK denies WannaCry responsibility. China's cyber espionage shifts. Oracle emergency patch. Buganizer wide open. Influence ops. Heathrow security.

Nov 1, 2017 16:16

Description:

In today's podcast, we hear about the state of BadRabbit and Reaper. The EU drafts a diplomatic framework for self-defense in cyberspace. Pyongyang denies UK attribution of WannaCry to North Korea. Threat intelligence types suspect the Sino-US cyber modus vivendi might not be the unqualified success it's been taken to be. Oracle issues an emergency patch. A researcher gets an unauthorized peek at Google's Buganizer. Congress will hear testimony about influence operations in Twitter, Google, and Facebook. Rick Howard from Palo Alto Networks warns that board members might be targets. And USB sticks contain the darndest things.

Plus, the Malware Mash.

Reaper looks like a criminal booter on the Chinese black market. BadRabbit shows some moves. Catch-All malicious Chrome extension. Android currency miners in Google Play. Indictments in Russia probe.

Oct 31, 2017 13:38

Description:

In today's podcast, we hear that the Reaper botnet is still quiet, and looking like a booter-for-hire. BadRabbit shows some odd stealth, and some interesting strategic selectivity. A malicious Chrome extension steals everything you put on a website. Currency miners on phones seem to be the kind of crime that doesn't pay, but that's not stopping crooks from stuffing them into Google Play. First indictments in the US probe of Russian election influence operations are out.  Emily Wilson from Terbium Labs on third party breaches, what she describes as “Not your breach, still your problem.” And a class action suit is filed over the Equifax breach.

Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors.

We read Recorded Future’s free intel daily, you might find it valuable, too. If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper. Interested in the latest research in cyber security? Cylance is revolutionizing cybersecurity with products and services that proactively prevent, rather than reactively detect the execution of advanced persistent threats and malware. Learn more at cylance.com.

Podcast sponsor 1-Recorded Future: http://goo.gl/wphZ1z
Podcast sponsor 2- E8 Security: https://goo.gl/yBBx55
Friday sponsor- Cylance: https://goo.gl/fHR65L

Tracking a Trojan: KHRAT on Research Saturday

Oct 29, 2017 17:00

Description:

The moniker KHRAT came about because of the identification of a Remote Access Trojan (RAT) with command and control infrastructure found in Cambodia (KH). In the most recent episode of the CyberWire's Research Saturday, Ryan Olson, Director of Threat Intelligence at Palo Alto Networks, talks with us about the capabilities of KHRAT and shares details the feature set it provides to threat actors that use it.

https://researchcenter.paloaltonetworks.com/2017/08/unit42-updated-khrat-malware-used-in-cambodia-attacks/

BadRabbit ransomware and Reaper botnet updates. SATCOM bugs. ICS cybersecurity notes. Moscow's free commercial speech piety. Anonymous is back.

Oct 28, 2017 21:24

Description:

In today's podcast, we hear that BadRabbit, still quiet, looks like a TeleBots product. Reaper is still locked and loaded, but is also still quiet. Maritime SATCOM system found to be buggy, and the worse news is that it's beyond its end-of-life. A look back at the annual ICS Cybersecurity Summit that wrapped yesterday in Atlanta. Moscow tells Twitter buying ads is a free speech issue. Justin Harvey from Accenture on monitoring cloud infrastructure. Guest is Michael Sulmeyer, Director of the Cyber Security Project at the Harvard Kennedy School’s Belfer Center for Science and International Affairs. Anonymous is back and poking at the Spanish government. 

Dogs that haven't barked. Surveillance authority reauthorization advances in the US Senate. Notes on ICS cybersecurity.

Oct 27, 2017 18:28

Description:

In today's podcast, we hear that there's still no sign of the Reaper botnet doing anything. An update on BadRabbit—which for some reason seems to have hopped quietly away from its infrastructure. Other forms of more conventional ransomware, however, remain in circulation, in the wild. It looks as if Kaspersky software might have stumbled across NSA files after all. The US Senate Intelligence Committee has voted to reauthorize Section 702 surveillance authorities through the end of 2025. Ben Yelin from UMD CHHS on states' funding challenges when trying to sure up the security of their voting systems. Bob Ackerman and Dave DeWalt from AllegisCyber, on the occasion of their business announcements, discussing the investment climate for cyber security. And we have notes on ICS from Atlanta. 

BadRabbit hopping though Eastern and Central Europe, and Southwest Asia. DUHK risks. Kaspersky on how a laptop was backdoored. Notes from Atlanta's ICS Cybersecurity Conference.

Oct 26, 2017 18:43

Description:

In today's podcast, we hear about BadRabbit, a new strain of ransomware that's hopped out of Petya's hutch. The Lazarus Group is said to have taken control of some servers in India. DUHK [duck] warnings. Are industrial control system operators paying sufficient attention to Level 1 and Level 0 threats? Next May will see not only GDPR, but also NIS. Joe Carrigan from JHU reviews a list of security tips suggested by IBM. Guest is Scott Kaine, CEO of Delta Risk on cloud migration security issues.And Kapersky continues to protest its innocence of spying, and offers an explanation of what really happened with NSA leaks. 

Reaper botnet update, Election hacking in Kenya, Czech Republic. M&A notes. APT28's phishing. Kaspersky's offer of code review. FBI shots in the crypto wars.

Oct 25, 2017 18:56

Description:

In today's podcast, we learn that Hurricane Reaper, the big IoT botnet, remains a digital tropical depression, but plenty of people are warning everyone to stock up on the cyber equivalents of flashlight batteries and bottled water. Czech parliament sites hacked in apparent election-related mischief. Kenya's contentious re-vote approaches. APT28 gets a Bronx cheer for lame CyCon phishing, but don't get cocky, kid. KnowBe4 and Cisco announce acquisitions. Kaspersky seeks to undo reputational damage inflicted by US Government ban. The FBI re-engages in the crypto wars. David DuFour from Webroot on phishing trends. Phil Neray from CyberX reviewing their Global ICS & IIoT Risk Report. If you had a nose job at London Bridge Plastic Surgery, someone's got your before and after pix. 

Reaper botnet looming, but not yet landed. CyCon phishing. How to troll for influence.

Oct 24, 2017 14:42

Description:

In today's podcast, we share some notes on active malware campaigns, and a warning to be on the lookout for the Reaper botnet, which hasn't yet realized its disruptive potential. Kaspersky opens its source code to independent review, to show it's got nothing to hide. Fancy Bear is phishing for you if you plan to attend CyCon. The difficulty of recognizing trolls, and the dangers of innocent posts getting badly lost in translation. A quick note about the ICS Security Conference. Dale Drew from Level 3 Communications on managing the security of the supply chain. And looking for lulz in all the wrong places. 

WireX BotNet with Justin Paine from Cloudflare — Research Saturday

Oct 21, 2017 23:18

Description:

In August 2017, multiple Content Delivery Networks (CDNs) and content providers were subject to significant attacks from a botnet dubbed WireX. (The botnet is named for an anagram for one of the delimiter strings in its command and control protocol.) The WireX botnet is primarily made up of Android devices running malicious applications and is designed to create DDoS traffic. The botnet is sometimes associated with ransom notes to targets.

Justin Paine is Head of Trust and Safety at Cloudflare, and he joins us to share the WireX story. 

https://blog.cloudflare.com/the-wirex-botnet/

 

IoT DDoS hurricane forming? Sofacy exploits patched Flash bug. NotPetya continues to impose costs. Snooping with mobile app ads.

Oct 21, 2017 22:27

Description:

In today's podcast we hear that an IoT botnet hurricane may be forming among IP cameras. (IP cameras are to DDoS what the West African coast is to Atlantic tropical depressions.) Sofacy rushes to exploit a patched Flash bug in a use-it-or-lose-it espionage race. Want to spy on someone? Go buy an ad. Cisco patches the wi-fi KRACK. NotPetya's still costing manufacturers and their insurers a lot of money. MalwareTech, a.k.a. Emily Wilson from Terbium Labs responding to post-Equifax breach credit agency claims that they can scan the Dark Web. Michael Sutton, CISO at Zscaler on zero-day hoarding. Marcus Hutchins, gets to take off that GPS and stay out late, since the judge decided his pre-trial behavior has been pretty good.

Leviathan group exploits patched .NET flaw. North Korean cyber ops. Russian suspicions. Cutlet Maker ATM malware, Sockbot Minecraft malware. Ransomware and backups.

Oct 20, 2017 15:40

Description:

In today's podcast, we hear about how a cyber espionage campaign exploits a recently patched .NET vulnerability as Leviathan phishes with torpedo recovery programs. What does Pyongyang want in cyberspace? Apparently a lot of the same things it wants in physical space. Some observers think Putin thinks the Americans started that whole destabilization and delegitimation influence ops struggle. He's probably wrong, but there you go. Cutlet Maker malware jackpots ATMs. BoundHook stealth tool demonstrated. Minecraft malware got into Google Play. Ben Yelin from UMD CHHS with a follow up on President Trump’s executive orders. Guest is Dinah Davis from Code.Likeagirl.io with an update on their activities. Ransomware's still a threat, and a New York judge thinks the NYPD didn't get the memo about the importance of backup.

Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors.

We read Recorded Future’s free intel daily, and we think you'll find it valuable, too.

If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper.

Interested in the latest research in cyber security? Our new Research Saturday podcast highlights research being done in industry, universities, and governments. Hear from people who are discovering threats, uncovering vulnerabilities, and devising the security measures to keep cyberspace as safe as it can be. Check it out.

DPRK returns to bank robbery. Ransomware updates. Patches from Oracle, Lenovo, BlackBerry. Criminal coin miners.

Oct 19, 2017 16:20

Description:

In today's podcast we hear that the Lazarus Group is back at it with SWIFT. Maniber ransomware hits South Korea. Researchers cast the first KRACK-related stone at IEEE. Oracle, BlackBerry, and Lenovo patch. A study finds criminals turning to cryptominers. Awais Rashid from Lancaster University on securing critical infrastructure. Aaron Higbee, CTO of PhishMe, on the human factors in phishing. And one cryptominer seems to be tugging on Superman's cape—OPSEC isn't their strong suit, to say the least.

Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors.

We read Recorded Future’s free intel daily, and we think you'll find it valuable, too.

If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper.

Interested in the latest research in cyber security? Our new Research Saturday podcast highlights research being done in industry, universities, and governments. Hear from people who are discovering threats, uncovering vulnerabilities, and devising the security measures to keep cyberspace as safe as it can be. Check it out.

Panama Papers assassination? Black Oasis exploits Flash Player. DPRK hacked TV show. Patching KRACK and ROCA. WikiLeaks prepping something? DHS BOD 18-01. SCOTUS to rule on data warrants.

Oct 18, 2017 18:02

Description:

In today's podcast, we hear about the assassination of a reporter who covered the Panama Papers. The Black Oasis threat group is found distributing FinFisher by exploitation of a bug in Flash Player. North Korean hacking is said to have been responsible for cancellation of a projected television show. Infineon patches a firmware flaw that could be exploited in a Coppersmith's attack. Vendors work to close the KRACK in their wi-fi products. WikiLeaks appears to be preparing for a large dump. The US Department of Homeland Security mandates improved email and website security across the Federal Government. David DuFour from Webroot discussing Bluetooth vulnerabilities. Neil Murray from Mimecast on cyber resilience. The US Supreme Court will review a significant cloud data decision.

Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors.

We read Recorded Future’s free intel daily, and we think you'll find it valuable, too.

If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper.

Interested in the latest research in cyber security? Our new Research Saturday podcast highlights research being done in industry, universities, and governments. Hear from people who are discovering threats, uncovering vulnerabilities, and devising the security measures to keep cyberspace as safe as it can be. Check it out.

KRACK attacks. Iran's growing capability in cyberspace. Swedish and Polish targets probed by state-directed cyber ops. QR code security issues. Russia to introduce official cryptocurrency.

Oct 17, 2017 15:06

Description:

In today's podcast, we hear about how KRACK attacks get past secure wi-fi protocols. Probes and distributed denial-of-service incidents in Poland and Sweden have the look of state operations. East Asian threat actors moving on from cyber espionage to supply chain attacks. Iran blamed for June's hack of UK Parliamentary email. QR codes may pose security issues. Do FSB social media trolls really train against US targets by watching House of Cards? Johannes Ullrich from SANS Technology Institute and the ISC Stormcast podcast on scammers taking advantage of disaster. And can the CryptoRuble really complete with VopperCoin? Investors want to know.

Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors.

We read Recorded Future’s free intel daily, and we think you'll find it valuable, too.

If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper.

Interested in the latest research in cyber security? Our new Research Saturday podcast highlights research being done in industry, universities, and governments. Hear from people who are discovering threats, uncovering vulnerabilities, and devising the security measures to keep cyberspace as safe as it can be. Check it out.

Synthesized DNA Malware with Peter Ney — Research Saturday

Oct 14, 2017 20:25

Description:

Peter Ney is a PhD candidate in the Allen School of Computer Science and Engineering at the University of Washington where he is advised by Professor Tadayoshi Kohno. His current research is focused on understanding computer security risks in emerging technologies like DNA synthesis and sequencing and the new threats posed by maliciously crafted, synthetic DNA. He and his team found that security of DNA processing programs is poor and show with a proof-of-concept that it is possible to attack computer systems with adversarial synthetic DNA.

 

Germany's BSI sees no problem in Kasperky software. Equifax, TransUnion, suffer from third-party malvertizing code. ISIS expected to change its inspiration. Notes on the dark web.

Oct 14, 2017 21:15

Description:

In today's podcast, we hear that German authorities say they see nothing bad up with Kaspersky software, but they're in the Western minority on this one. ISIS messaging looks as if it's shifting toward a hejira narrative. Hyatt discloses a significant credit card breach. Equifax and its competitor TransUnion both remove third-party malvertizing code from their websites. Malek Ben Salem from Accenture Labs with a new vulnerability in software defined networks. Guest is Jeff Schilling, CSO of Armor Cloud Security with insights on Russian state actors. And the dark web is in many ways a lot like the regular web, down to seasonal sales, customer reviews, and cat pictures. 

Panama Papers pinch. North Korean spearphishing against ICS. CyberMaryland notes. Google Home Mini was tale-bearing (but now it's better).

Oct 13, 2017 18:04

Description:

In today's podcast, we hear that German police raid a Panama Papers connected slush fund. North Korea spearphishes in the North American power grid. Security tools can be dual-use, too. Notes on CyberMaryland, where we heard about business climates, the Baltimore-to-Birmingham cyber connection, the Red Queen's race, and the curmudgeonly demeanor too many security types cop. Rick Howard from Palo Alto Networks with an update on the Cyber Canon suggested reading list and a call to vote for the nominated books. Guest is John Morello from Twistlock on securing container environments.  And Google Home's Mini speakers were apparently listening and tattling as well as speaking. 

Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors.

If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper.

Cylance uses cutting edge artificial intelligence to help protect your systems.

If you are a woman in cyber security and want make connections with others in the field, check out our own Women in Cyber Security event.

Israel said to have tipped the US off concerning Kaspersky risks. Accenture databases exposed. Deloitte breach may be worse than initially thought.

Oct 12, 2017 16:12

Description:

In today's CyberWire, we discuss why the US Intelligence Community got prickly about Kaspersky: their Israeli colleagues tipped them off that something was fishy in the software's use. UpGuard says Accenture left some AWS data buckets exposed. Accenture says they were associated with decommissioned systems, but exposed they seem to have been. Sources say Deloitte's breach is worse than hitherto disclosed, with more than three-hundred clients exposed. Joe Carrigan from JHU ISI with some follow-up from a listener on password security when using password managers. Brian NeSmith from Arctic Wolf with results from an IoT ransomware survey.  

Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors.

If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper.

Cylance uses cutting edge artificial intelligence to help protect your systems.

If you are a woman in cyber security and want make connections with others in the field, check out our own Women in Cyber Security event.

Cyberespionage in the Korean peninsula. Russian influence operators bought Facebook, Google ads. Forrester hacked. Kovter, OilRig get upgrades. US CYBERCOM CSM notes.

Oct 11, 2017 16:31

Description:

In today's podcast, we hear that North Korea may have hacked into South Korean defense plans. Facebook and Google receive increasing scrutiny for Russian ad buys during 2016 US election season. A dissident Chinese billionaire, exiled to New York, says he's been under cyberattack from Shanghai. OilRig is back, with new and improved cyberespionage. Forrester market research reports accessed by hackers. Kovter malware gets an upgrade. Chris Poulin from BAH on medical device safety. Yassir Abousselham from Okta on challenges establishing and managing identity.  And we offer some observations from the Cyber Pavilion at the Association of the United States Army meetings. 

Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors.

If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper.

Cylance uses cutting edge artificial intelligence to help protect your systems.

If you are a woman in cyber security and want make connections with others in the field, check out our own Women in Cyber Security event.

GDPR: Privacy from Across the Pond - Special Edition

Oct 10, 2017 29:36

Description:

Following major breach revelations from Equifax, Yahoo!, Deloitte and the US Securities and Exchange commission, there have been many calls in the US for increased legislation and regulation that would force better privacy and identity management practices.

In this CyberWire special edition, we’ll ask some cyber security experts about GDPR, what it means for privacy and data use, the right to be forgotten, the penalties for noncompliance, and what it means for organizations outside the EU.

Joining us are Steve Durbin, Managing Director of the Information Security Forum,  a not-for-profit organization providing its members with guidance on cyber, information security and risk management, Brett Hansen, Vice President of data security solutions at Dell, one of the largest suppliers of computer hardware, software and services in the world, and Darron Gibbard, CTSO at Qualys, a global provider of cloud-based security and compliance solutions.

Android Toast Overlay: Ryan Olson from Palo Alto Networks - Research Saturday

Oct 7, 2017 16:07

Description:

Android Toast Overlay enables attackers to trick Android users into enabling permissions on infected devices by making them think they are clicking on benign buttons superimposed over the user interface.

Ryan Olson is Director of Threat Intelligence at Palo Alto Networks' Unity 42, and he joins us to share their research.

FSB got NSA with an assist (witting or unwitting) from Kaspersky? Germany calls off mass surveillance investigation. Reality Winner stays in jail.

Oct 7, 2017 19:34

Description:

In today's podcast, we hear more on what happened with NSA material at (allegedly) Russian hands. Kaspersky security software alleged to have been exploited for intelligence service reconnaissance of contractor machine. Germany cancels post-Snowden surveillance investigation. Reality Winner will not be released on bail. Awais Rashid from Lancaster University on securing the supply chain. Guest is Timothy H. Edgar, author of “Beyond Snowden: Privacy, Mass Surveillance, and the Struggle to Reform the NSA.” 

NSA breach announced today (occurred in 2015, discovered in 2016) may be final nail in Kaspersky Lab's coffin.

Oct 6, 2017 18:53

Description:

In today's podcast we hear that sensitive NSA files appear to have been obtained by Russian intelligence services, and there are claims Kaspersky software was the gateway to compromise. Las Vegas massacre investigation expands to consider possibility of accomplices. A new password stealer is out in the wild. NFL Players Association data exposed. Justin Harvey from Accenture on insider threats. Guest Joe Coleman, cyber threat intelligence analyst from PepsiCo.The FCC was mostly advised by bots on net neutrality (and bots who haven't benefited from DeepMind's ethics class). 

No insight yet into Las Vegas gunman's motive as ISIS inspiration generally discounted. Yahoo! breach affected 3, not 1, billion user accounts. Equifax updates.

Oct 5, 2017 16:42

Description:

In today's podcast, we hear that ISIS claims of responsibility for Las Vegas murders continue to lose plausibility, but the shooter's motives remain a mystery. Yahoo!'s epic breach just got even more epic. Equifax looks little better in the wake of its CEO's Congressional testimony. A major breach seems to be unfolding in India.  Jonathan Katz from UMD on the importance of random numbers for cryptography. Guest is Dave Mahon from Century Link on the importance of diversity and opportunities for women in cyber security. And does Star Fleet still run Windows XP? Who's responsible for information security on that bridge anyway? 

Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors.

If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper.

Delta Risk put together an infographic full of tips for Cyber Security Awareness Month. 

If you are a woman in cyber security and want make connections with others in the field, check out our own Women in Cyber Security event.

Fake news and information operations with no obvious solution. Equifax update. US Cyber Command vs. DPRK

Oct 4, 2017 17:10

Description:

 

In today's podcast, we consider the bogus rumors and highly questionable claims of responsibility circulating online after the Las Vegas massacre. ISIS is especially keen to make inspirational capital out of senseless killing and suffering. Google and Facebook come under pressure to moderate the content they carry. The UK prepares to pass tougher restrictions on viewing radical content. The Equifax breach gets two-and-a-half-million people bigger. Ben Yelin from UMD CHHS on Yahoo! data breach victims’ right to sue. Tony Gauda, CEO of ThinAir on dealing with insider threats. And US Cyber Command is said to have disrupted North Korean intelligence networks. 

Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors.

If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper.

Delta Risk put together an infographic full of tips for Cyber Security Awareness Month. 

If you are a woman in cyber security and want make connections with others in the field, check out our own Women in Cyber Security event.

Bots, sockpuppets, and trolls. Facebook talks to Congress. Some suggest China hacked Equifax. DPRK gets more Internet. ISIS inspiration. Section 702 authority in doubt.

Oct 3, 2017 12:51

Description:

In today's podcast, it's bots, sockpuppets, and trolls, oh my. Mr. Zuckerberg goes to Washington. Equifax sources suggest China hacked it. Credit bureau phishbait chums the Internet. Pyongyang gets a new Internet connection, and observers bet it's not for checking Mr. Kim's fantasy sports leagues (anyway he could get all that from Mr. Rodman). ISIS posts more inspiration, and warnings. NSA prepares to wind down Section 702 operations. Johannes Ullrich from SANS Technology Institute and the ISC Stormcast podcast on malware using malicious DLL files. US and Russia seem to agree on one thing at least: Bitcoin fraud is bad. 

 

APT 33: FireEye's John Hultquist on an Iranian Cyber Espionage Group - Research Saturday

Sep 30, 2017 14:30

Description:

APT 33 is an Iranian cyber espionage group that targets aerospace and energy sectors and has ties to destructive malware. John Hultquist is Director of Intelligence Analysis at FireEye, and he takes us through their research.

Whole Foods breached. Illusion gap and Windows Defender. Exposed AWS S3 buckets. Equifax incident response. Reality Winner proceedings.

Sep 30, 2017 20:16

Description:

In today's podcast, we hear that Whole Foods has been breached—if you've been to the taproom, look to your credit cards. An illusion gap could help bypass Windows Defender, says Cyber Ark. Microsoft says don't sweat the small stuff. A Mac firmware issue may be giving users a false sense of security. Equifax is offering a lifetime of free credit freezing, but observers are dubious. A study suggests there are still a lot of improperly secured clouds out there. ISIS and the Taliban resume their inspiration operations online. David DuFour from Webroot on the difference between Artificial Intelligence and Machine Learning. Guest is R.P. Eddy, coauthor with Richard Clarke of the book Warnings: Finding Cassandras to Stop Catastrophes. And alleged NSA leaker Reality Winner remains in custody, at least for now. 

Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors.

Recorded Future's user conference RFUN 2017 comes to Washington, D.C. , October 4th and 5th, 2017, bringing together the people who put the act in actionable intelligence.

If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper

If you want to execute at machine speed, doesn’t make sense to see what the algorithms a good machine runs on can do for you? Check out sponsor Cylance .

Deloitte and Equifax under the microscope. Congress grills the SEC. Credential theft trends.

Sep 29, 2017 17:34

Description:

Deloitte and Equifax continue to find themselves under scrutiny, but we should all resist the urge to chase Ambulances. The SEC commissioner gets a grilling form congress, and we can't help wonder if his Spidey sense was tingling. Chances are your credentials aren't as secure as you'd like them. Dale Drew from Level 3 Communications on attack patterns and lulls. Trip Nine from Comodo on credential theft trends. And Pyongyang is perched on a pile of coal. 

Comments on the Deloitte breach. SEC Commissioner talks to the Senate. Sonic breached. Vulnerable stock-trading apps. Russian influence operations shift their focus.

Sep 28, 2017 17:30

Description:

In today's podcast, we hear more about the Deloitte breach. Deloitte's stil saying little, but other people are talking. The SEC tells the Senate it's "deeply concerned" about its own breach. Popular iOS and Android stock-trading apps are found vulnerable. Sonic drive-ins have sustained what looks like a pretty big breach. Ben Yelin discusses a bipartisan bill to improve IoT security. Isaac Kohen from Teramind on detecting employees involved in radical political activities on company time. Russian influence operations against the US are turning toward local government, religious groups, civic associations and others at the grassroots. 

Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors.

Recorded Future's user conference RFUN 2017 comes to Washington, D.C. , October 4th and 5th, 2017, bringing together the people who put the act in actionable intelligence.

If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper

If you want to execute at machine speed, doesn’t make sense to see what the algorithms a good machine runs on can do for you? Check out sponsor Cylance .

 

Equifax C-suite retirements continue. Deloitte still has little to say about its breach. Mac OS zero-day goes unpatched. Russian influence operations.

Sep 27, 2017 17:47

Description:

In today's podcast we hear that Equifax CEO Smith has joined the company's CSO and CIO in retirement, apparent expiation for the credit bureau's breacn. Deloitte remains tight-lipped. Suggestions about how to handle identity and investigate breaches. Mac OS High Sierra suffers from a password exfiltration zero-day. Joe Carrigan discusses Dave's skepticism of password managers. Stephen Moore from Exabeam on post-breach cleanup.  Two days after Germany's elections and the Russian dog hasn't barked (or the Bears growled) but there are plenty of 2016 paw prints over US opinion. 

Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors.

Recorded Future's user conference RFUN 2017 comes to Washington, D.C. , October 4th and 5th, 2017, bringing together the people who put the act in actionable intelligence.

If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper

If you want to execute at machine speed, doesn’t make sense to see what the algorithms a good machine runs on can do for you? Check out sponsor Cylance .

 

Deloitte hacked. Verizon AWS S3 exposure. Phantom Squad's protection racket. Nuclear tension expected to spawn cyberattacks. Updates on CCleaner backdoor and FinFisher distro. Carlos Danger goes to jail.

Sep 26, 2017 15:13

Description:

In today's podcast, we review reports saying that Deloitte has been hacked. Details are sparse but the story is developing. A Verizon AWS S3 bucket is found exposed online. Locky is being spammed out in quantity. Phantom Squad hoods run a DDoS protection racket. Kinetic tensions the US, Tehran, and North Korea raise expectations of cyber offensives. Chinese intelligence thought behind CCleaner backdoor. Unnamed ISPs accused of FinFisher spyware campaign complicity. Chris Poulin from BAH on vulnerabilities in connected cars. And Carlos Danger will go to the Big House. 

Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors.

Recorded Future's user conference RFUN 2017 comes to Washington, D.C. , October 4th and 5th, 2017, bringing together the people who put the act in actionable intelligence.

If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper

If you want to execute at machine speed, doesn’t make sense to see what the algorithms a good machine runs on can do for you? Check out sponsor Cylance .

 

Pacifier APT : Bitdefender's Liviu Arsene describes a sophisticated, multifaceted malware campaign - Research Saturday

Sep 23, 2017 21:48

Description:

In 2016 Bitdefender uncovered a new advanced persistent threat dubbed Pacifier, targeting government institutions starting in 2014. Using malicious .doc documents and .zip files distributed via spear phishing e-mails, attackers would lure victims with invitations to social functions or conferences into executing the attachments. It’s capable of dropping multi-stage backdoors.

Liviu Arsene is a senior e-threat analyst at BitDefender, and he's our guide to the complex components of Pacifier APT.

Hacks shake confidence in financial system. FinFisher using MitM. CCleaner backdoor had specific targets in mind? US Forces Korea debunks bogus NEO warning. Locky masters like Game of Thrones. nRansomware asks for a different kind of payout.

Sep 23, 2017 20:16

Description:

In today's podcast, we hear that the EDGAR breach is being seen as a blow to confidence in financial system. Credit bureaus continue to receive heightened scrutiny after the Equifax breach. FinFisher campaign suggests ISPs may have been compromised. The backdoor in CCleaner seems to have targeted specific companies. US Forces Korea personnel receive a bogus noncombatant evacuation order. Someone behind Locky watches a lot of Game of Thrones. Malek Ben Salem from Accenture Labs with a new attack vector that uses power management systems. Guest is Robert Sell sharing his experience participating in a DEFCON capture the flag. And Thomas the Tank Engine would never do what some skids show him doing. 

EDGAR hack enabled illicit stock trades? Equifax tweets phishing url to troubled inquirers. Kaspersky ban clarified.

Sep 22, 2017 17:24

Description:

In today's podcast, we hear that the SEC was hacked, and someone might have made a lot of money from the incident. Equifax tweets send inquirers to a phishing site. Investigation into the Avast caper suggests a state intelligence service's hand. The Department of Homeland Security clarifies its ban on Kaspersky products. Emily Wilson from Terbium Labs, cautioning us to not be so distracted by big shiny objects like "taking down the power grid" that we forget the basics, like enabling two-factor authentication. Richard Henderson, global security strategist at Absolute, commenting on the Equifax breach and the challenges of keeping up with patching. And chatbots turn spiritual. 

Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. Recorded Future's user conference RFUN 2017 comes to Washington, D.C. , October 4th and 5th, 2017, bringing together the people who put the act in actionable intelligence. If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper.

German election update: nichts neues. Equifax breach. Viacom dodges a bad bucket. Like Sandworm, but from Tehran. Less than fully successful criminals.

Sep 21, 2017 17:49

Description:

In today's podcast we learn that so far Russian influence seems not to be operating in Germany's election. Iran's APT33 turns from spying to sabotage. Equifax woes continue, but don't appear to include cover-up of an earlier breach. UpGuard helps Viacom dodge a cyber bullet. You may be party to a contract you didn’t know about. Criminal boneheads again more common than criminal geniuses. Ben Yelin from UMD CHHS with a story of the FBI raiding the wrong home based on WiFi router information. Guest is Eddie Habibi from PAS, debunking some ICS myths. And don't be a gazelle. 

Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. Recorded Future's user conference RFUN 2017 comes to Washington, D.C. , October 4th and 5th, 2017, bringing together the people who put the act in actionable intelligence. If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper.

Russia Spy Files from WikiLeaks. Disinformation and influence operations. Equifax sustained a breach in March. Software supply chain issues.

Sep 20, 2017 17:43

Description:

In today's podcast, we hear that WikiLeaks is shocked, shocked, to learn that there's gambling…uh, we mean, Russian surveillance going on. Advice from Ukraine about influence operations. The Equifax story may have gotten worse—there may have been an earlier breach in March. Software supply chain issues come up in an Avast backdoor. Awais Rashid from Lancaster University on security being the responsibility of everyone in an organization, not just the IT folks. Mike Kail from Cybric on the DevSecOps trend. Industry notes, and the "Unlucky 13,' presented by Johns Hopkins. 

Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. Recorded Future's user conference RFUN 2017 comes to Washington, D.C. , October 4th and 5th, 2017, bringing together the people who put the act in actionable intelligence. If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper.

Russian dogs not yet barking in German elections. ISIS is doing a lot of howling at lone wolves. Equifax updates. CCleaner found unclean. OurMine hacks Vevo to avenge its honor.

Sep 19, 2017 15:43

Description:

In today's podcast, we note reports that, while Germany will hold elections Sunday, Russian cyber operators seem quiet. Too quiet? Switzerland and Singapore both report sustaining state-sponsored cyber espionage attempts. ISIS howls for its lone wolves to hit soft targets. The Equifax breach news isn't getting any better. Cisco finds a backdoor in an Avast security product. Chris Poulin from Booz Allen Hamilton, our newest industry partner, introduces himself. He leads the Internet of Things security strategy in Booz Allen’s Dark Labs, as well as dabbles in Machine Intelligence. He joins BAH from IBM, where he lead their X-Force research teams and built the first prototype Watson for cybersecurity.OurMine hackers hit Vevo to redress an insult delivered over LinkedIn. 

Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. Recorded Future's user conference RFUN 2017 comes to Washington, D.C. , October 4th and 5th, 2017, bringing together the people who put the act in actionable intelligence. If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper.

Research Saturday— Cobian RAT: Zscaler’s Deepen Desai describes some clever malware

Sep 16, 2017 15:11

Description:

Deepen Desai, senior director of security research and operations at Zscaler, describes research he and his team have been doing since discovered a clever bit of malware they’ve named Cobian RAT. (RAT stands for Remote Access Trojan.) It’s available for free, but contains a back door that allows the original author to access and control the RAT remotely.

Equifax agonistes. Kaspersky denies his company's a security risk. Political database for sale found exposed. Trolling the DCI.

Sep 16, 2017 19:49

Description:

In today's podcast, we hear about how Equifax continues to struggle in the quicksand of wayward patching and clumsy incident response. Congress, the FTC, the CFPB, and DoNotPay are all taking an interest. Another unsecured database—this one for sale to political campaigns—is found (Alaska voters are affected). Kaspersky says his company is a bystander that's been hit in the Russo-American political crossfire. The US Navy continues to investigate the USS McCain collision. Justin Harvey from Accenture on what it’s like to be on an incident response team. Luke Beeson from BT on the challenges such a large organization faces protecting themselves and their clients. And Harvard decides Manning won't be a Kennedy School Fellow after all. 

Binding Operational Directive 17-01 hits Kaspersky. Point-of-sale malware found in some ElastiSearch servers. BlueBorne proves widespread. Equifax breach updates, industry notes, a look at the Billington Summit.

Sep 15, 2017 18:09

Description:

In today's podcast, we hear that DHS tells the US Executive Branch to stop using Kaspersky security software. Kromtech finds ElastiSearch servers hosting point-of-sale malware. BlueBorne bugs buzz billions of boxes. Equifax says that its breach was accomplished via the Apache Struts flaw patched in April. Industry notes include both venture funding and acquisition news. We take a quick look back at the Billington CyberSecurity Summit. Johannes Ulrich with an update on the Mirai botnet. Renato Marinho, Chief Research Officer at Morphus Labs, on a bad Chrome browser extension that can steal banking credentials. And robo-lawyers come to small claims court. 

Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors.

We read Recorded Future’s free intel daily, you might find it valuable, too.

If you’d like to protect your endpoints against advanced threats, check out Cylance.

JHUISI & partner COMPASS Cyber present Cyber Security Conference for Executives on September 19th in Baltimore. Register for the event.

North Korea turns to cryptocurrency theft. Equifax breach gets worse. Patch Tuesday. Duma says US election hacked

Sep 14, 2017 16:49

Description:

In today's podcast, we hear that North Korea's stealing all the Bitcoins it can find. The Equifax breach continues to spread: countries other than the US are increasingly involved. Patch Tuesday notes. The US Director of National Intelligence addresses the Billington CyberSecurity Summit. Joe Carrigan from JHU on VPN companies collecting private user data. Dr. Richard Ford, Chief Scientist, Forcepoint, on the Equifax breach. And did a Russian lawmaker just cop to the influence ops President Putin has so piously denied? 

Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors.

We read Recorded Future’s free intel daily, you might find it valuable, too.

If you’d like to protect your endpoints against advanced threats, check out Cylance.

JHUISI & partner COMPASS Cyber present Cyber Security Conference for Executives on September 19th in Baltimore. Register for the event.

Equifax breach news. Unsecured admin accounts. BlueBorne via Bluetooth. Hackable medical devices. Bots convince. A guilty plea draws a long sentence.

Sep 13, 2017 16:29

Description:

In today's podcast, we hear about how Equifax has attracted more attention from plaintiffs, AGs, and Congress. Everyone else is on heightened alert for fraud and identity theft. MongoDB says users of its database process were not assigning passwords to administrative accounts. A Bluetooth-based attack vector, "BlueBorne," is described. Syringe pumps are found to be hackable. Bots serve more effective social media clickbait than human operators can. Robert M. Lee from Dragos on deterrence.  Myke Cole, cyber security analyst and fantasy writer discussing the importance of empathy when considering your adversaries. And Roman Seleznev gets 27 years after he cops a plea to hacking.

Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors.

We read Recorded Future’s free intel daily, you might find it valuable, too.

If you’d like to protect your endpoints against advanced threats, check out Cylance.

JHUISI & partner COMPASS Cyber present Cyber Security Conference for Executives on September 19th in Baltimore. Register for the event.

Everything Equifax, with some notes on German election vulnerabilities and an update on the Crackas With Attitude.

Sep 12, 2017 13:46

Description:

Today's podcast features all things Equifax, as the credit bureau deals with its breach (and the lawyers and Wall Street wind up to deal with the credit bureau). The Chaos Computer Club says it's found major flaws in German election software. Moscow seems to have done a lot of catphishing in social media during the last US campaign season. Best Buy boots Kaspersky security products from its big box stores. Dale Drew from Level 3 Communications with some sobering statistics on attack trends. And a Cracka with Attitude gets five years in Club Fed.

 

Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors.

We read Recorded Future’s free intel daily, you might find it valuable, too.

If you’d like to protect your endpoints against advanced threats, check out Cylance.

JHUISI & partner COMPASS Cyber present Cyber Security Conference for Executives on September 19th in Baltimore. Register for the event.

Equifax decides to tell people it's been breached. Notes from the Intelligence and National Security Summit. WikiLeaks dumps missile guidance documents from Vault7. The ShadowBrokers are back, with a new offer.

Sep 9, 2017 21:28

Description:

In today's podcast we hear that credit bureau Equifax had disclosed a massive data breach it discovered on July 29th. Does that mean they're about a month delinquent? WikiLeaks weekly Vault7 dump departs from past practice with respect to content. The ShadowBrokers are back, and offering a twice monthly twofer. Emily Wilson from Terbium Labs with her thoughts on the encryption debate. Alexander Klimburg, author of The Darkening Web. And Intelligence Community leaders agree on at least three things: they need a better security clearance process, they need Section 702, and nowadays all intelligence involves cyber intelligence.

Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors.

To learn about combining threat intelligence, analytics, and orchestration, check out ThreatConnect’s webinar.

If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper.

JHUISI & partner COMPASS Cyber present Cyber Security Conference for Executives on September 19th in Baltimore. Register for the event.

DragonFly 2.0 in power grids. Cyberespionage in the South China Sea. Russian Facebook ads. "Fake News" survey.

Sep 8, 2017 15:59

Description:

DragonFly 2.0 is up to some very bad things in several nations' power grids. China ramps up cyberespionage against South China Sea rivals. Facebook finds that a Russian front company bought more than $100,000 in influence-ops ads on its service over the last two years. US info ops stumble over a dog. Jonathan Katz on encryption bit depth. Kyle Wilhoit from Domain Tools with the results of a Black Hat survey on "fake news." And a Japanese 13-year-old is in hot water for trying to sell malware.

Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors.

To learn about combining threat intelligence, analytics, and orchestration, check out ThreatConnect’s webinar.

If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper.

JHUISI & partner COMPASS Cyber present Cyber Security Conference for Executives on September 19th in Baltimore. Register for the event.

Apache Struts patched. Dragonfly is in the power grid. Ransomware notes. Taringa breached. Cryptocurrencies in China and Russia. Signal stealing that's not SIGINT.

Sep 7, 2017 17:33

Description:

In today's podcast we hear about a critical vulnerability in Apache Struts. It's been patched—enterprises are advised to apply it as soon as possible. Dragonfly poses a clear and present danger to European and US power grids. Ransomware continues rampant. Latin American social media platform Taringa suffers a breach. Notes from the Intelligence and National Security Summit. Cryptocurrencies in China and Russia. Ben Yelin from UMD CHHS on the resignation of many of President Trump’s cyber security advisors. Guest is Tom Billington promoting the upcoming Billington Cybersecurity event. And say it ain't so, Joe—are the Red Sox stealing signals with an Apple Watch?

Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors.

To learn about combining threat intelligence, analytics, and orchestration, check out ThreatConnect’s webinar.

If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper.

JHUISI & partner COMPASS Cyber present Cyber Security Conference for Executives on September 19th in Baltimore. Register for the event.

Influence operations in Germany. More Turla. KHRAT looks like political spying. Exposed AWS S3 and MongoDB databases hit. Ransomware notes. Cyber gangland rumbles.

Sep 6, 2017 14:48

Description:

In today's podcast, we hear that election influence operations appear to have begun in Germany. Turla's spoor tracked to the Pacifier APT. Cambodia takes an authoritarian turn, possibly extending to domestic spying via RAT. Rival jihadists remain active online; US Cyber Command working to deny them cyberspace safe havens. More exposed AWS S3 databases. MongoDB databases hit with ransom wiper. PrincessLocker and Locky ransomware continue to romp in the wild. Free RAT backdoors criminals. Johannes Ulrich from SANS Technology Institute and the ISC Stormcast podcast on DDoS extortion emails. Disgruntled customer doxes booter service.

Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors.

To learn about combining threat intelligence, analytics, and orchestration, check out ThreatConnect’s webinar.

If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper.

JHUISI & partner COMPASS Cyber present Cyber Security Conference for Executives on September 19th in Baltimore. Register for the event.

Kenyan election nullified over electronic irregularities. South China Sea cyber espionage. WikiLeaks' Vault7 dumps Angelfire. Accused leaker wants her statements excluded. DPRK raids ROK Bitcoin. WhopperCoin is here.

Sep 2, 2017 20:20

Description:

In today's podcast, we hear that Kenya's Supreme Court has nullified that country's presidential election results over electronic irregularities in the balloting. Chinese steps up cyber espionage against Vietnam during South China Sea disputes. Ransomware continued to surge this week. WikiLeaks dumps "Angelfire" documents from Vault7. Reality Winner says she wasn't properly Mirandized by the FBI. North Korea raids South Korean Bitcoin exchanges. Joe Carrigan from JHU on security issues with fitness apps. Charles Henderson from IBM’s X-Force Red group on automotive security.  And get ready for WhopperCoin.

Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. Check out & subscribe to Recorded Future’s free intel daily. We read it every day. If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper. JHUISI & partner COMPASS Cyber present Cyber Security Conference for Executives on September 19th in Baltimore. Register for the event.

Turla's Gazer backdoor. OurMine vs. WikiLeaks; WikiLeaks vs. CIA. Reality Winner trial. House of Cards material leaks. Patching notes. Insecure APIs.

Sep 1, 2017 17:29

Description:

In today's podcast we hear that Turla's using some sophisticated code against diplomatic and defense industry targets. OurMine hackers use DNS poisoning against WikiLeaks, but WikiLeaks opens up Vault7 anyway: this week it's "Angelfire." Accused US Intelligence Community leaker Reality Winner wants her initial statements to investigators suppressed at trial. House of Cards leaks stories and other material related to the TV show. A quick patching update. Insecure APIs take a toll on Instagram and the FCC. Emily Wilson from Terbium Labs with her thoughts on the closure of Alpha Bay. Mike Kearney from Deloitte on predictive reputation protection. And what's up with Rick and Morty?

Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. Check out & subscribe to Recorded Future’s free intel daily. We read it every day. If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper. JHUISI & partner COMPASS Cyber present Cyber Security Conference for Executives on September 19th in Baltimore. Register for the event.

Phishing and watering hole alerts. Is DPRK stealing Bitcoin? NHS Lanarkshire ransomware identified as Bit Paymer. Onliner spambot has hundreds of millions of email addresses. St. Jude pacemaker patch.

Aug 31, 2017 16:15

Description:

In today's podcast, we hear warnings against taking the Hurricane Harvey phishbait. The IRS says that email telling you to download a questionnaire and return it to the FBI isn't from them. Why you really don't want that tutorial in tumbling Bitcoin. Sources accuse North Korea of stealing cryptocurrency. Trickbot is back, and it's swiping Bitcoin. The ransomware strain in Scottish hospitals was Bit Paymer. More than 700 million email addresses found in the Onliner spambot. UK retailer suffers breach. St. Jude pacemakers get a firmware patch. Robert M Lee from Dragos on cutting through the hype. Joseph Loomis, promoting the upcoming IR17 event. And some industry notes.

Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. Check out & subscribe to Recorded Future’s free intel daily. We read it every day. If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper. JHUISI & partner COMPASS Cyber present Cyber Security Conference for Executives on September 19th in Baltimore. Register for the event.

NIST Cybersecurity Framework - A CyberWire Special Edition

Aug 30, 2017 26:36

Description:

Having a set of standards by which to measure your security organization, being able to compare your security posture to other organizations, and being able to justify your choices to investors and insurance firms are all worthwhile goals? It’s beneficial to have widely agreed upon standards of care and measurement in cyber security, to help know where you stand, where there’s room for improvement, and what’s important to you.

That’s where frameworks come in, and the NIST cybersecurity framework is one of the most popular in the cybersecurity industry. In this CyberWire special edition, we’ll examine frameworks in general and the NIST cybersecurity framework specifically, to see if adopting them is worth the time, energy and expense it takes.

Joining us are Rick Tracy, Chief Security Officer for Telos corporation, Rafal Los, Managing Director of the Solutions and Programs insight group at Optiv Security, and Matt Barrett, Program Manager for the Cyber Security Framework at NIST. Stay with us.

Cyberespionage in South Asia. NHS hack confirmed as ransomare. Notes on Hancitor. WireX Android botnet taken down. Fat-fingering BGP. Topical phishbait.

Aug 30, 2017 15:10

Description:

In today's podcast, we hear reports of cyberespionage against both India and Pakistan—some unknown third nation-state is said to be responsible. NHS Lanarkshire hack confirmed as ransomware. Notes on Hancitor malware, WireX Android DDoS botnet discovered and taken down by an industry consortium. BGP fumble hit Japan's Internet, not hackers. Hurricane Harvey and Game of Thrones phishbait in circulation. Justin Harvey from Accenture on open source threat intelligence. Avi Reichental from XponentialWorks on security issues with implantable data devices. And no, not that GPS.

Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. Check out & subscribe to Recorded Future’s free intel daily. We read it every day. If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper. JHUISI & partner COMPASS Cyber present Cyber Security Conference for Executives on September 19th in Baltimore. Register for the event.

Maritime cybersecurity concerns. ExpressLane dump stirs up international trouble. IoT botnet threat addressed. Defray ransomware. Cyberattack in Scotland. Tehran's info-ops rapper.

Aug 29, 2017 14:31

Description:

In today's podcast, we hear that the USS McCain collision appears to unrelated to any cyberattack, but observers warn of ICS security issues as maritime cyber concerns rise. WikiLeaks' ExpressLane Vault7 dump raises concerns in India. Telnet credentials for Internet-of-things devices exposed; security experts work to close this DDoS risk. "Defray" ransomware being distributed with unusually precise and plausible spearphishing. A ransomware attack disrupts some healthcare services in Scotland. Acquisition news in the cyber sector. Ben Yelin from UMD CHHS on web sites logging form submissions even before you hit the “submit” button. And Iranian information operations seem to be piping the devil's tune (more or less literally, from Tehran's official point-of-view).

Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. Check out & subscribe to Recorded Future’s free intel daily. We read it every day. If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper. JHUISI & partner COMPASS Cyber present Cyber Security Conference for Executives on September 19th in Baltimore. Register for the event.

Clouds, crooks, cheats, and cryptocurrencies. Vault7 leaks liaisonware. Rumors about FSB officers charged with treason. FBI arrests Chinese national in OPM hack. Extremism online flows more than it ebbs.

Aug 26, 2017 22:04

Description:

In today's podcast we hear about how the four C's have come together: clouds, crooks, cheats, and crypotcurrencies. Locky continues to circulate in evolved forms. WikiLeaks dumps some curious alleged liaisonware documents from Vault7. Russian sources report that FSB officers facing treason charges in Moscow may have given up some connected hackers to the Americans. The FBI makes an arrest in the OPM breach. The Daily Stormer is way offline, but ISIS and its parasitic slave-trading gangs are decidedly online. Dale Drew from Level 3 Communications with some threat intelligence on phishing and malware. Guest is Nicole Eagan, CEO of Darktrace. And another consequence of NotPetya seems to be a pet food shortage.

Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors.

If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper.

Your patient data depends on incident response plans. Prepare with DeltaRisk's webinar.

JHUISI & partner COMPASS Cyber present Cyber Security Conference for Executives on September 19th in Baltimore. Register for the event.

Cyberattacks that may not have been. Ropemaker corrupts email after delivery. Concerns about companies working for intelligence services.

Aug 25, 2017 16:17

Description:

In today's podcast we consider the way in which two potential state cyberattacks are now looking more like, respectively, an accident and a conventional crime. US Government officials double-down on warnings of Kaspersky connection to the Kremlin, and Australia's Government isn't buying Huawei's protests that it's not working for the PLA, either. Ropemaker attacks could inject malicious code into email after it's been delivered. Joe Carrigan from JHU on medical device security legislation. Christopher Pierson from Viewpost with observations from DEFCON. Some teasers on the Chertoff Group's Security Series.

Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors.

If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper.

Your patient data depends on incident response plans. Prepare with DeltaRisk's webinar.

JHUISI & partner COMPASS Cyber present Cyber Security Conference for Executives on September 19th in Baltimore. Register for the event.

 

Independence day cyberattack worries in Ukraine. US Navy eliminating possibility of cyberattack on USS McCain. More malicious apps in Google Play. US state cyber regs. ISIS still works to inspire online.

Aug 24, 2017 16:08

Description:

In today's podcast, we hear that Ukraine is worried about cyberattacks in conjunction with tomorrow's independence day holiday. The US Navy investigates the possibility of cyberattack in this week's Malacca Straits collision, but that possibility may be fading. Zscaler finds more malicious apps in Google Play. New York State's Department of Financial Services' cyber regulations begin to take effect Monday. Delaware is also stepping up data security regulations. Johannes Ulrich from the SANS Technology Institute and the ISC Stormcast podcast on hacks to Uber driver accounts. Tony Dahbura from JHU promotes their upcoming Cyber Security Conference for Executives. And ISIS continues its inspiration online as police in many countries scramble to follow the Caliphate's messaging.

Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors.

If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper.

Your patient data depends on incident response plans. Prepare with DeltaRisk's webinar.

JHUISI & partner COMPASS Cyber present Cyber Security Conference for Executives on September 19th in Baltimore. Register for the event.

 

Cyber concerns about naval and maritime shipping operations. AWS S3 data exposure. Game of Thrones hack. NHS breach? Killer robots. Scareware.

Aug 23, 2017 16:44

Description:

In today's podcast, we hear about maritime hacking worries, with potential risks to navigation, cargo handling, and manifest data. Another misconfigured AWS S3 bucket exposes business data. "Mr. Smith" says he's going to release the Game of Thrones season finale. The UK's NHS may have been breached. Google pulls 500 backdoored apps from the Play store. Fear of robots. Fileless cryptocurrency miner installed through EternalBlue. Jonathan Katz from UMD on separating science from snake oil. Dan Larson from CrowdStrike on incident response for zero-days. Scareware scares web surfers.

 Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors.

If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper.

Your patient data depends on incident response plans. Prepare with DeltaRisk's webinar.

JHUISI & partner COMPASS Cyber present Cyber Security Conference for Executives on September 19th in Baltimore. Register for the event.

GCHQ and MalwareTech's arrest. Chinese oilfield sustains malware infestation. US Cyber Command now a UCC. Ukraine fears another cyber campaign. Turla returns. GPS spoofing. Extremism online. ICO hack.

Aug 22, 2017 14:43

Description:

In today's podcast, we hear that GCHQ may have known about the FBI's intentions to arrest Marcus Hutchins even before Hutchins departed England for Black Hat. A Chinese oil production field is thought to have sustained some sort of cyber incident similar to those involving NotPetya. US Cyber Command receives elevated status—it's now the tenth Unified Combatant Command. Ukrainian authorities warn that country's financial sector to expect a new wave of cyberattacks. Turla is back, inviting you to the G20 meetings. GPS spoofing fears rise. Dealing with extremism online. Palo Alto Networks' Rick Howard on the fading popularity of the Rig exploit kit. And another initial coin offering is hacked.

 Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors.

If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper.

Your patient data depends on incident response plans. Prepare with DeltaRisk's webinar.

JHUISI & partner COMPASS Cyber present Cyber Security Conference for Executives on September 19th in Baltimore. Register for the event.

Ransomware updates. ShadowPad backdoor may have got into the supply chain from a Chinese APT group. Apple Secure Enclave decryption key released. Profexor and Fancy Bear. Misconfigured AWS S3 exposes voter data. Countering extremism online. FBI continues

Aug 19, 2017 22:23

Description:

In today's podcast, we hear that ransomware strains, old and new, are circulating in the wild. ShadowPad backdoors are tentatively attributed to Chinese espionage operations in the supply chain. A hacker releases the decryption key for Apple's Secure Enclave. Profexor may actually not know much about Fancy Bear's romp through the DNC. Another misconfigured AWS bucket exposes data on voters in Chicago. The difficulties of countering extremism online. Malek Ben Salem from Accenture Labs on the cloud security maturity model. Joseph Carson from Thycotic on the evolution of phishing campaigns. The FBI has a roadshow warning companies of the risks of using Kaspersky security products.

Email brute-forcing. Aadhaar woes. Leaked Equation Group exploits remain a problem. Hijacked Chrome extensions. Pulse wave DDoS. FBI interviews "Profexor." Extremism and vigilantism. OurMine hacks HBO Twitter, Facebook.

Aug 18, 2017 16:31

Description:

In today's podcast, we hear that Holyrood is defending itself with some success against email brute-forcing. India's national ID system compromised, again. ShadowBroker-leaked exploits continue to do damage. Hijacked Chrome extensions prove difficult to eradicate. New variants of Locky and other ransomware are out. "Pulse wave" DDoS attacks are observed. Researchers find DDoS-as-a-service for sale in Chinese online souks. Governments express suspicion of foreign IT. Extremist site loses hosts, but its content will go on, even as opposing vigilantes mistakenly dox innocent targets. Emily Wilson from Terbium Labs with thoughts from Black Hat and shifting awareness of the dark web.  Brad Stone from Booz Allen on a recently released report on NotPetya. And OurMine hijacks HBO social media accounts.

Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors.

If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper.

Your patient data depends on incident response plans. Prepare with DeltaRisk's webinar.

Domain Tools leverages both human and machine intelligence to expose malicious infrastructure. Learn more in their white paper.

NIST SP 800-53 updated. Attack on Scotland Parliament's email system. Consequences of Equation Group leaks. "Mr. Smith" and HBO. Attacks of note: Trickbot, OLE exploits, NetSarang backdoor. Extremist inspiration. BEC.

Aug 17, 2017 16:45

Description:

In today's podcast, we hear about a new draft of NIST SP 800-53. There's been an attempt to brute-force email credentials in Scotland's Parliament. Fancy Bear's romp through high-end hotel Wi-Fi suggests the Equation Group leaks will be with us for some time. "Mr. Smith" remains at large, and still wants to be paid. Trickbot uses unusually convincing counterfeit sites. PowerPoint malware vectors may be part of a criminal test. NetSarang urges swift patching of a backdoor in its software. Extremist inspiration persists.  Ben Yelin from UMD CHHS on privacy concerns with robot vacuum cleaners. Guest is Jeff Pederson from Kroll Ontrack, a data recovery firm, with tips on data recovery.And some guy in Nigeria with more moxie than skills is behind a big business email compromise campaign.

Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors.

If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper.

Your patient data depends on incident response plans. Prepare with DeltaRisk's webinar.

Domain Tools leverages both human and machine intelligence to expose malicious infrastructure. Learn more in their white paper.

 

Lazarus Group is back, phishing in English. Extremist content online. Google cleans up SonicSpy. Arrests for HBO hacking are unrelated to "Mr. Smith." Marcus Hutchins is out on. DJI drones get a security makeover. Help desk scams.

Aug 16, 2017 16:54

Description:

In today's podcast, we hear that the Lazarus Group is back, and now they're phishing in English. The Daily Stormer gets the boot, but companies and governments continue to struggle with developing appropriate responses to extremist content. Google has swiftly cleaned up SonicSpy, but the malware is still circulating outside the Play store. Indian police make four arrests for HBO hacking, but none of them are related to "Mr. Smith." Marcus Hutchins is out on bail and preparing for an October trial. DJI drones get a peacemaking makeover. Justin Harvey from Accenture on prepping for destructive attacks. Jeff Schumann CEO of Wiretap on vulnerabilities in messaging technologies like Slack and Yammer. And one weird trick to recognizing that a call is a help desk scam. Ready? It's this: they called you.

Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors.

If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper.

Your patient data depends on incident response plans. Prepare with DeltaRisk's webinar.

Domain Tools leverages both human and machine intelligence to expose malicious infrastructure. Learn more in their white paper.

 

 

Charlottesville hacking. Operation #LeakTheAnalyst. Dissatisfied customer calls ShadowBrokers a "ripoff." More HBO leaks. Google purging SonicSpy. Collusion attacks. Marcus Hutchins in court.

Aug 15, 2017 12:57

Description:

In today's podcast, we hear about online reactions and hacks in response to the Charlottesville rioting and homicide. Operation #LeakTheAnalyst releases another, smaller, set of documents. The ShadowBrokers get some poor customer reviews for their Exploit-of-the-Month Club. Reputation matters in the dark web souks. More HBO leaks (but no new messages). Google ejects SonicSpy-infected apps from the Playstore. Oxford researchers describe Android library collusion attacks. Robert M. Lee from Dragos on recent incursions into the Irish and UK power grids. And fellow security researchers can't believe Marcus Hutchins would wittingly do what the Feds accuse him of.

Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors.

If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper.

Your patient data depends on incident response plans. Prepare with DeltaRisk's webinar.

Domain Tools leverages both human and machine intelligence to expose malicious infrastructure. Learn more in their white paper.

 

HBO offered Mr. Smith a bug bounty, but no takers. Fancy Bear's in hotel Wi-Fi. DNC leak argument resumes. Locky and Mamba ransomware are back. ISIS on eBay. NotPetya arrest. WikiLeaks dumps more from Vault7.

Aug 12, 2017 21:05

Description:

In today's podcast, we hear that Mr. Smith turned down HBO's offer of a $250,000 bug bounty. Fancy Bear uses EternalBlue tools against hotel Wi-Fi networks. Argument over who leaked DNC emails last year flares again. New versions of Locky and Mamba ransomware circulate in the wild. The US Department of Defense is ready to use rapid acquisition to buy cyber tools and services. The FBI says a Maryland man used eBay and PayPal to receive ISIS funds for possible terror activity. Ukraine makes an arrest in the NotPetya case. David Dufour from Webroot on basic cyber hygiene. Barmak Meftah, President & CEO at AlienVault, with his thoughts on the state of the industry. And WikiLeaks dumps video intercept tool CouchPotato.

 

Supported by E8 SecurityJohns Hopkins University, and Domain Tools.

Kenyan elections, not hacked? Someone's poking into DPRK systems. DDoS in Ukraine. Pseudoransomware protection. Spyware in Play Store. HBO hack.

Aug 11, 2017 16:26

Description:

In today's podcast, we learn that EU election monitors say Kenyan presidential voting went off without hacking (the losing opposition disagrees). Germany looks toward securing September's vote. North Korea receives cyber attention from somewhere in the civilized world. Ukraine's postal service sustains a two-day DDoS attack. WannaCry and NotPetya pseudoransomware fallout. Spyware-infected apps found in the Google Play Store. Jonathan Katz from UMD on a RSA 2048 encryption hack. Markus Jakobsson from Agari on a proposed cyber threat classification system. "Mr. Smith" comes to Midtown, and he wants a raise from Richard.

 

Supported by E8 SecurityJohns Hopkins University, and Domain Tools.

Patches, passwords, wipers, and pseudoransomware. New fronts in hybrid war? KONNI, OnionDog, and Israbye.

Aug 10, 2017 15:46

Description:

In today's podcast, we hear that Patch Tuesday saw Windows and Adobe fixes. Venezuela's civil conflict gets a hacktivist dimension. Anti-Israeli wiper malware is circulating in the wild, unpolished by nasty. Kaspersky Lab expects to see more pseudoransomware, especially when disruption and not profit is the goal. The KONNI RAT, of unknown origin sniffs at sites associated with North Korea. The HBO hack remains under investigation. Putin turns his attentions to Georgia. Johannes Ulrich from the SANS Technology Institute and the ISC Stormcast podcast on weak two-factor authentications systems. Tim Erlin from Tripwire on their Infosecurity Europe 2017 survey. And familiar password advice gets jettisoned.

 

Supported by E8 SecurityJohns Hopkins University, and Domain Tools.

Power grid risks. Update on the Mandiant employee hack. "Mr. Smith" holds HBO for ransom. Shipping industry looks for GPS backup. DHL sees a NotPetya windfall. Google patches ten Android remote-code execution vulnerabilities. NIST issues a Cybersecurity W

Aug 9, 2017 16:10

Description:

In today's podcast, we hear about a security incident at EirGrid, a misconfigured server in Texas, and a demonstration of photovoltaic system hacking prompt power grid security concerns. Update on the Mandiant employee hack. "Mr. Smith" holds HBO for ransom (but says, no, he's really a good guy). Shipping industry looks for GPS backup capability, and shippers not hit by NotPetya enjoy an increase in business. Google patches ten Android remote-code execution vulnerabilities. Joe Carrigan from JHU on Facebook and Google eavesdropping conspiracy theories.  Juan Perez-Etchegoyen from Onapsis on Oracle business app vulnerabilities . NIST issues a Cybersecurity Workforce Framework.

Supported by E8 Security, Johns Hopkins University, and Domain Tools.

US Army bans DJI COTS drones. Amazon will scan AWS customers' S3 buckets for public accessibility. Recommendations for election security. Marcus Huchins pleads not guilty to Kronos-related charges.

Aug 8, 2017 14:14

Description:

In today's podcast, we hear that the US Army bans, immediately, all use of DJI commercial-off-the-shelf drones. We discuss two known unknowns and offer some background on Defense acquisition practices. Amazon will begin scanning AWS customers' buckets for publicly accessible data. Dale Drew from Level 3 Communications offers his view on hacking back. White hat hackers offer recommendations for election security. And Marcus Huchins, a.k.a. MalwareTech, pleads not guilty to Kronos-related charges and makes bail.

Supported by E8 Security, Johns Hopkins University, and Domain Tools.

 

MalwareTech arrested over Kronos banking Trojan. "Bateleur" in the wild. Long DDoS hits Chinese telco. Russian influence operations no longer novel? FBI investigates HBO hack.

Aug 5, 2017 19:25

Description:

In today's podcast, we hear that security researcher MalwareTech has been arrested as the alleged author of the Kronos banking Trojan. Carbanak hoods release "Bateleur" into the wild, phishing in chain restaurant waters. A long DDoS attack in China seems aimed at extortion. German elections prepare for Russian influence operations, but the novelty may have worn off Moscow's line. US states and DHS work toward cooperative cybersecurity. Emily Wilson from Terbium Labs on dark web gun sales. William Saito on Japan’s cyber security preparations for the upcoming Olympics. The FBI is investigating the HBO hack.

WikiLeaks dumps Dumbo dox. HBO's hack gets bigger. Group IB outs the United Islamic Cyber Force. Cerber goes after Bitcoin. Lawsuits over NotPetya; more companies warn. Election fraud in Venezuela.

Aug 4, 2017 16:24

Description:

In today's podcast, we hear that WikiLeaks has dumped "Dumbo" project documents. Separation of agencies as a way of rendering leaks less likely. HBO's hack is getting bigger, apparently. Group IB outs members of the United Islamic Cyber Force to Interpol. Cerber goes after Bitcoin. WannaCry ransom payments are being moved, perhaps laundered. Lawsuits loom over NotPetya as more companies warn the malware had a material effect. The FBI says you can't exercise your right to be forgotten by DDoS. Election fraud in Venezuela. Markus Rauschecker from UMD CHHS on large companies like FaceBook and Google being vulnerable to privacy and antitrust concerns. Jim Pflaging from the Chertoff Group, promoting their upcoming Security in the Boardroom event, speaking to the role of the board director when it comes to cyber security.And your guests can eavesdrop on you through your Amazon Echo. (But why would you have those people over anyway?)

Following up on security scrambles in Sweden and Ukraine. #LeakTheAnalyst. Blu Product phones booted by Amazon. BitCoin's hard fork. The Internet of Things Cybersecurity Improvement Act of 2017.

Aug 3, 2017 16:25

Description:

In today's podcast we following up on some of the stories we've been tracking: the latest on Operation #LeakTheAnalyst, firmware spyware in down-market phones, Sweden's big breach, and Ukraine's new cyber friends. BrickerBot is back, offering Indian routers and modems unwelcome help. The US Senate considers IoT security legislation, and the US Justice Department issues a framework with guidelines for bug-hunting programs. Bitcoin's hard fork occurred yesterday. Robert M. Lee from Dragos, on ICS attack basics. David Murray from Corvil on security in the financial markets. And why people care about the HBO hack.

HBO hacked. Operation #LeakTheAnalyst targets individual security researchers. Election hacking notes. UK's Home Secretary opposes strong encryption. Russia bans VPNs. Bitcoin, crime, and punishment.

Aug 2, 2017 16:39

Description:

In today's podcast, we hear about the HBO hack, and the exposure of episodes and scripts Operation #LeakTheAnalyst targets individual security researchers. Election hacking: machines, databases, and public opinion are all targets. The UK's Home Secretary wants Silicon Valley to rethink strong encryption. Russia, like China, is clamping down on virtual private networks. The BTC-e Bitcoin exchange is shut down amid allegations of money laundering. Awais Rashid from Lancaster University on developing a security culture. Michael Janke from Data Tribe on his efforts to stand up the National Institute of Digital Security. And write this 500 times: "I will not mine Bitcoin on my school computer."

Black Hat 2017 - Research and Investment - CyberWire Special Edition

Aug 1, 2017 39:54

Description:

Black Hat 2017 has wrapped up, and by all accounts it was another successful conference, with an active trade show floor, exciting keynotes and engaging, informative educational sessions on a variety of topics. There was business being done, with hopeful entrepreneurs and investors alike looking to identify the next big thing in cyber security.  In this CyberWire special edition, we’ve rounded up a handful of presenters and one investor for a taste of Black Hat, to help give you a sense of the event. 

 

Patrick Wardle is Chief Security Researcher at Synack, and creator of objective-see, an online site where he publishes the personal tools he’s created to help protect Mac OS computers. He’ll be telling us about his research on the FruitFly malware recently discovered on Mac OS. 

https://objective-see.com/

 

Hyrum Anderson is technical director of data science at Endgame, he will discuss research he released on stage at Black Hat showing the pros and cons of using machine learning from both a defender and attacker perspective. 

https://www.endgame.com/our-experts/hyrum-anderson

 

Zack Allen, Manager of Threat Operations, and Chaim Sanders, Security Lead, of ZeroFOX will be speaking about their Black Hat presentation on finding regressions in web application firewall (WAF) deployments. 

https://www.linkedin.com/in/zack-allen-12749a76

https://www.linkedin.com/in/chaim-sanders-a7a23713/

 

And we’ll wrap it up with some insights from Alberto Yepez, founder and managing director of Trident Cybersecurity, on the investment environment and the changes he’s seen in the market in the last year. 

https://www.linkedin.com/in/albertoyepez/

Investigation into ShadowBrokers focuses on former insiders. Threat analyst doxed. Trickbot and NotPetya updates. Sweden's big breach. DPRK hacks online gaming for revenue.

Aug 1, 2017 14:05

Description:

In today's podcast we hear that US investigators are looking for a disgruntled former insider in the ShadowBrokers case. Operation #HackTheAnalyst claims to have doxed a threat intelligence analyst. Electrical utilities look to their defenses. Trickbot gets wormy. NotPetya continues to have material effect on its corporate victims' earnings. Sweden's government shaken by its data breach. ISIS loses brick-and-mortar presence; may be moving online. Ransomware's lethality to small businesses may be exaggerated. And how do you fund a nuclear program? Malek Ben Salem from Accenture Labs, on their work developing a global ID system for refugees. From Pyongyang, Texas Hold 'Em looks like a good bet.

WikiLeaks and the ShadowBrokers are both back. Catphishing the French elections. Pyongyang's Bitcoin miners. Malware notes, industry news, and a rundown of the Pwnie Awards.

Jul 29, 2017 21:31

Description:

In today's podcast, we learn that WikiLeaks has dumped Vault7 documents attributed to the CIA. Russian catphish are said to have nibbled at French President Macron's campaign. North Korea mines Bitcoin. Malware warnings include a banking Trojan and two malicious Android apps. NotPetya's effect on TNT is said to have hit small businesses hard. MedSec has no regrets, and says it would short St. Jude again. The Pwnie Awards have been given at Black Hat. Justin Harvey from Accenture on recent waves of auto-propagating malware. Edna Conway from Cisco on third party risks. And the ShadowBrokers are back.

"Mia Ash" is an Iranian catphish. WikiLeaks dumps UMBRAGE from Vault7. Germany braces for hacking by Russia, China, and Iran. Google kicks unwelcome intercept tool Lipizzan out of the PlayStore. WhatsApp scammers phish for banking credentials. Anti-drone

Jul 28, 2017 16:30

Description:

In today's podcast we hear there's a new catphish out in the wild: meet Mia Ash. WikiLeaks throws shade by dumping UMBRAGE from Vault7. Germany braces for hacking by Russia, China, and Iran—especially by Russia. Google kicks unwelcome intercept tool Lipizzan out of the PlayStore. WhatsApp scammers phish for banking credentials. Business disruption kills small businesses in ransomware attacks, not the ransom itself. Facebook makes a plea for culture change. Ben Yelin from UMD CHHS on allegations the FBI was paying the Geek Squad to ferret out illegal content on computers brought in for service. Neill Feather from SiteLock dispells the notion that small businesses can rely on security by obscurity. And there are enough anti-drone products out there to make Wyle E. Coyote max out his Acme loyalty card.

Counterattackers' advantage? Juche no competition for cat videos, next-day delivery. CopyKitten crude but effective. FBI investigated Fruitfly Mac malware. Adobe will retire Flash in 2020. BSides notes.

Jul 27, 2017 15:13

Description:

In today's podcast we hear about a Symantec study that shows APTs use some pretty buggy tools. Juche may not extend to the Internet, at least for Pyongyang's leaders. Iran's CopyKitten is characterized as unsophisticated but nonetheless effective. Mac users awakened by Fruitfly—the FBI is investigating. Adobe tells us to begin saying our goodbyes to Flash. Jonathan Katz from UMD on recent experiments with quantum cryptography. Stewart Kantor from Full Spectrum on protecting utility companies by using private RF (radio frequency) networks. And some notes from Vegas, because what goes on in Vegas doesn't stay there.

Google Groups oversharing. E-discovery don'ts. Energetic Bear may be back. The CopyKittens seem to be Persian cats. Ethereum hacks (and white hats).

Jul 26, 2017 16:15

Description:

In today's podcast, we hear that hundreds of enterprises may be oversharing on Google Groups. Wells Fargo works to recover from botched e-discovery. Energetic Bear may be back, with some cunning phishbait. Pravda says Russians feel strange new respect in cyberspace. The CopyKittens appear to be Persian cats. Another Ethereum ICO is pilfered, but, contrary to expectations, the White Hat Group looks like a genuine group of white hats. Emily Wilson from Terbium Labs wonder what qualifies at personal information on the Dark Web. FICO's Doug Clare outlines scoring your cyber security posture. And some notes from Vegas.

Buckets leak, but so do CDs. NotPetya and Sandworm. Fruitfly versus Macs. ISIS strained in cyberspace. A look at dark web souks. Hacked fish tank.

Jul 25, 2017 15:37

Description:

In today's podcast, we hear about the wisdom of attending to your AWS Access Control Lists. Wells Fargo data leaked in the course of e-discovery. NotPetya fallout and investigation. The Islamic State's presence in cyberspace is getting a bit threadbare. Fruitfly has been buzzing through Macs, quietly, for a decade. Palo Alto Networks' Rick Howard describes a new security framework. Other dark web souks are poised to take the place of Alpha Bay and Hansa Market. And Ocean's 11 meet the IoT.

Hansa Market takedown. Recovery from EternalBlue exploits is a long slog. Banking malware rising. Power grid vulnerabilities. Devil's Ivy and the IoT. A look at criminal markets.

Jul 22, 2017 21:45

Description:

In today's podcast we hear about an international raid that took down the illicit Hansa Market—which, it turns out, the Dutch National Police had covertly taken over for about a week. Recovery from WannaCry and NotPetya continues its long slog. Banking malware is on the rise in the wild. Studies warn of power grid vulnerabilities. Devil's Ivy infests security cameras in the IoT. Digital Shadows offers a look at hackers' black markets and see similarities to the drug trade. Our newest partner Robert M. Lee from Dragos introduces himself and the ICS work he does. Guests are Leslie P. Francis and John G. Francis, coauthors of the book, “Privacy - What Everyone Needs to Know.”And our congratulations to Dr. Whitfielf Diffie, the newest Fellow of the Royal Society.

Configuring AWS buckets. New threats and vulnerabilities. Apple and Oracle patch.

Jul 21, 2017 16:05

Description:

In today's podcast, we discuss a reminder from Amazon Web Services is timely: check your cloud's configuration. Hacks now seem to affect revenue for years. A rundown of some new threats and vulnerabilities. Apple issues security patches for iOS, MacOS, and Safari. Oracle fixes more than 300 bugs. Dale Drew from Level 3 Communications on the responsibilities of ISPs. Chris Ensey from Dunbar Cyber Security, on the roles states play in creating an environment for innovation and success in cyber security. And forget Mayweather-Macgregor—the pay per view we'd sign up for is Putin-Wittes.

Dow Jones AWS S3 bucket exposed. FedEx 10-K and NotPetya. Game of Thrones torrent virus. Securing voting. Botnet defense research. M&A and VC notes. Initial coin offering hacked.

Jul 20, 2017 15:58

Description:

In today's podcast, we hear about how another tippy AWS S3 bucket spills its contents over the Web. The FedEx 10-K report indicates it may never fully recover systems and data hit by NotPetya. Virus hides in Game of Thrones torrent. Harvard's Belfer Center wants to secure electronic voting. Departments of Commerce and Homeland Security consider moonshot research to take out botnets. M&A and venture funding notes. Justin Harvey from Accenture on fileless malware. Robert Hamilton from Imperva Incapsula on DDoS attacks on video game servers. And an initial coin offering gets hacked.

Qatar and the United Arab Emirates at loggerheads over hacking. Commonly used gSOAP IoT code vulnerable to exploitation. A data exposure risk in connected toys. And what could be in that EULA.

Jul 19, 2017 15:51

Description:

In today's podcast we hear more on how Qatar has accused the UAE of hacking, and vows legal retribution—all on the strength of a Washington Post story. UAE says it didn't do it. Warnings about vulnerabilities in commonly used IoT code. Markus Rauschecker from UMD CHHS on Facebook running afoul of European privacy laws. Tina Ladabouche, NSA GenCyber Program Manager, on the NSA’s GenCyber program, supporting summer camp programs. FBI warns of risks inherent in Internet-connected toys. And people really, really don't read those EULAs.

Qatar accuses UAE of disinformation, hacking campaign. Other international cyberconflict. Ransomware and clickfraud in one campaign. Banking credential-stealing malware vs. Macs.

Jul 18, 2017 13:42

Description:

In today's podcast we hear that Qatar has accused the United Arab Emirates of a hacking and disinformation campaign—the UAE deny it. Russia's Foreign Ministry says it was hacked. Russia-experts in the US said to be receiving unwelcome attention from possible state intelligence services. Deterrence and confidence building measures remain works in progress in cyberspace. Ransomware and click-fraud combined in a single criminal campaign. Macs attacked by banking credential stealing malware. Johns Hopkins' Joe Carrigan reviews educational options for aspiring cyber security pros. Twitter bots driving traffic to dodgy adult sites. And Ashley Madison proposes a settlement for its 2015 breach.

More from WikiLeaks' Vault7. Cyber ops and national policy. NotPetya's costs. Clouds of misconfiguration. Chasing innovation. AlphaBay takedown. Phishbait.

Jul 15, 2017 21:44

Description:

In today's podcast, we hear that WikiLeaks dumps another alleged CIA cyber manual from Vault7. Cyberwar is the continuation of war (and therefore policy) by other means. Counting the cost of NotPetya. AWS S3 misconfigurations could happen to the best of us (but need not). Chasing innovation in the UK and the US. AlphaBay taken down in international police operation. Rick Howard from Palo Alto Networks on their new initiative with the Girl Scouts for cyber security merit badges. Raj Samani, chief scientist from McAfee, on NotPetya. And what kind of bait is best for phishing?

Motives behind NotPetya, other operations. Verizon customer data exposed. Industry notes. Licensing hackers in Singapore.

Jul 14, 2017 15:25

Description:

In today's podcast, we hear about signs that NotPetya was covering up a broad espionage campaign. State-sponsored hacking seems, when not simple spying, to aim at eroding trust. Verizon suffers a major customer data breach said to derive from a vendor's misconfiguration of an Amazon S3 bucket. Industry notes—venture funding and an acquisition. David Dufour from Webroot on homoglyph attacks. Thomas Jones from Bay Dynamics on federal agencies being required to submit a Framework Implementation Action Plan. Singapore will license white hats. And Russia wants you properly signed into adult sites. Or, at least, one of them, anyway.

Patch Tuesday. Infrastructure hacking and hackers. Industry notes. Influence operations. Jamming a radio station.

Jul 13, 2017 18:07

Description:

In today's podcast we share some Patch Tuesday notes: Microsoft and Adobe both offer updates. Kremlinology goes cyber as infrastructure attacks remain under investigation. A cyber company emerges from stealth. The US General Services Administration removes Kaspersky Lab from Schedule 70. Election influence investigations turn to the question of Russian opposition research. Jonathan Katz from the University of Maryland explains a side-channel attack on 1024-bit encryption. Cisco's Jennie Kay wants to ease your trade show anxiety with a helpful webinar. And, Sheriff of Nottingham, call your office, because Robin Hood was no winker.

Russia's phishing for nuclear power plants. NATO offers aid to Ukraine. Election hacking updates. M&A and venture news. Crime, punishment, and cryptocurrency.

Jul 12, 2017 20:24

Description:

In today's podcast we hear about how Russia has apparently been phishing in the North American and European power grid. NATO has had about enough of that. There will be no US-Russian joint cybersecurity effort. The Adwin RAT is back, and seeking to socially engineer its way into aerospace company networks. Election hacking investigation updates. Industry notes, including both venture and M&A news. Level 3 Communications' Dale Drew provides an update on botnets. Ntrepid's Lance Cottrell describes online ad tracking technology. And BYOD can pose a threat, especially when the device your rogue employees are bringing is an off-the-books server.

Infrastructure hacking. No Russo-American agreement in cyberspace. Android malware infestations. Misspelling as OPSEC

Jul 11, 2017 14:51

Description:

In today's podcast we discuss some answers to two Russian claims. No, Russia and America won't be linking up in a cyber alliance. And no, no one at the G20 meetings actually bought the line about election hacking retailed there by President Putin and Foreign Minister Lavrov. NotPetya recovery continues. Android infestations in the wild. US power plants warned to be alert for cyberattack. Criminals compromise self-service food kiosks; others phish with official-looking Australian emails as bait. Ben Yelin from UMD CHHS reviews license plate reader laws. ISIS adopts misspelling as a form of OPSEC.

NotPetya still looks like an act of state; intended result or not, companies warn of possible material effect from the attack. Another S3 database found exposed.

Jul 8, 2017 21:13

Description:

In today's podcast, we hear that NotPetya still looks like a Russian campaign to Ukrainian authorities, and experts remain skeptical that affected data can be recovered. Companies warn that NotPetya may have a material effect on earnings. WikiLeaks dumps Gyrfalcon and BothanSpy documents from Vault7.  Johannes Ulrich from SANS and the ISC Stormcast Podcast on no SQL database security. Andy Greenberg, senior writer at WIRED, on his July 2017 issue cover story on Ukraine cyberwar. And pro wrestling fans now have something in common with registered voters, data.gov.uk, and the National Geospatial Agency.

Ukraine says it blocked a second wave of NotPetya attacks. Notes on hybrid warfare and the challenges of sharing data. Will the EU get a right to repair?

Jul 7, 2017 15:40

Description:

In today's podcast we hear about the Ukrainian police raid on Intellect Service and their seizure of M.E. Doc servers. Ukraine's Interior Ministry says this stopped a second wave of NotPetya. Affected companies continue to recover from the NotPetya infestation. US Cyber Command prepares to parry hybrid warfare. Spyware campaign hits Chinese-language news services. The EU considers adopting a "right to repair." Joe Carrigan from the Johns Hopkins University ponders always-on cameras.  Dan Larson from CrowdStrike on fileless attacks. Medical information-sharing runs into problems in the UK. 

Recovering from NotPetya. State-actor seen behind wiper attack. Ukraine mulls criminal negligence charges. Documents behind US Congressional wariness of Kaspersky.

Jul 6, 2017 16:25

Description:

In today's podcast, we hear how affected enterprises are restoring services after last week's NotPetya pandemic. Maersk's experience prompts some introspection in the logistics sector. Ukraine prepares to charge ME Doc's maker with criminal negligence for allowing the infection to take hold. NotPetya tied to BlackEnergy and thence to a "state actor" (NATO's not saying it's Russia, but Ukraine is). Awais Rashid from Lancaster University looks at the anatomy of recent attacks. Haiyan Song from Splunk on a recent IDC report, “Investigation or Exasperation? The State of Security Operations.” FSB certificates allegedly express links between FSB and Kaspersky.

Recovery and attribution: Petya/Nyetya/NotPetya. Cyber conflict and collective defense. Online inspiration and online censorship. The EU's regulatory big stick. Vishing Parliament.

Jul 4, 2017 14:16

Description:

In today's podcast, we hear that recovery from Petya/Nyetya/NotPetya proceeds—and it's not ransomware. Ukraine says Russia's responsible. US warnings of cyberattacks on nuclear power plants may have been premature. NATO members consider when to invoke Article 5 in cyberspace. Islamist inspiration and other political discontents continue to prompt content screening in Europe. Europe is also in punitive mood with respect to regulation. Kaspersky says it will show the US its source code if that's the cost of doing business. Markus Rauschecker from UMD CHHS describes a novel use of kidnapping insurance. And, hey, Lords and Commons: that's not really Windows support asking for your password.

What's up with Petya/Nyetya/NotPetya? It's a wiper—the extortion is just misdirection. WikiLeaks dumps "OutlawCountry" from Vault7. The ShadowBrokers raise prices. Russia says boo to cybercrime.

Jul 1, 2017 20:51

Description:

In today's podcast we hear that Petya/Nyetya/NotPetya is almost certainly a wiper, and not ransomware after all. Ukraine blames Russia, but whoever did it had EternalBlue before the ShadowBrokers leaked it. WikiLeaks Vault7 disgorges OutlawCountry, a Linux attack tool. The ShadowBrokers raise their rates. Emily Wilson from Terbium Labs with research on fraud guides on the dark web. Guests are Drew Gidwani, Director of Analytics at ThreatConnect, and Andy Pendergast, VP of Product & Co-Founder at ThreatConnect, speaking about the findings of a recent SANS Survey on Security Optimization. Russia calls for international cooperation to stamp out cybercrime. 

Ransomware, nyet; wiper, da. Shipping, manufacturing, and Big Law may share some common risks. WikiLeaks and the ShadowBrokers are back again.

Jun 30, 2017 14:15

Description:

In today's podcast we hear that the current Petya/Nyetya/NotPetya outbreak down deep doesn't look like ransomware, but a wiper, and a nasty one at that—probably a cyber warfare campaign. How are these three things alike: shipping, manufacturing, and Big Law? The ShadowBrokers are back, and WikiLeaks' Vault7 disgorges what looks like a creepy stalking tool. Other non-Petya ransomware attacks. Rick Howard from Palo Alto Networks explains the importance of capture-the-flag competitions. And officialdom seems to cling bitterly to Windows XP.

IoT 2017 – Securing the Things: A CyberWire Special Edition

Jun 29, 2017 34:02

Description:

The IoT, or Internet of Things, broadly defined is the collection of physical objects with IP addresses, connected to the internet. From consumer devices like security cameras, DVRs, and smart thermostats to industrial control systems and autonomous cars, the IoT offers potential for both opportunity and vulnerability. 

In the first half of this CyberWire Special Edition, we speak with IoT experts Katie Curtin, director of IoT cyber security product management for AT&T, and Chris Poulin,  Principal at Booz Allen Hamilton, where he leads internet of things security strategy for their strategic innovation group, as well as their industrial control group. 

They provide their take on the current state of the internet of things for consumers, enterprise, industrial control and even self-driving cars.

In the second part of our program, we examine third party risk. Ponemon Institute recently released an independent research report titled, “The Internet of Things - a New Era of Third Party Risk.” Dr. Larry Ponemon is the chairman and founder of Ponemon Institute, and he’s going to take us through some of the report’s findings, but first we’ll hear from Gary Roboff, a senior advisor at Shared Assessments and their Santa Fey group, who were the sponsors of the report.

Petya/PetrWrap/Goldeneye updates.

Jun 29, 2017 16:18

Description:

Today we speak at length with Tanium's Chief Security Architect on tracking the Petya ransomware pandemic.

Petya goes WannaCry one better. Westminster email hack. ISIS in Maryland and Ohio websites.

Jun 28, 2017 16:58

Description:

In today's podcast we hear that another ransomware pandemic has broken out—this one looks more sophisticated and dangerous than WannaCry. Ukraine is again the center, but it's moving out fast. Notes on the Parliament email hack in the UK. Accenture's Justin Harvey explains destructive malware. IBM's David Jarvis advocates an adoption of a "new collar" recruiting strategy. And ISIS isn't doing much cyber damage, but its hacktivist sympathizers are really tugging on Superman's cape.

Brute-forcing Parliament. Election hacking retaliation? Cyberspies hunt IP in East Asia. Microsoft security issues. ISIS hacktivists deface Ohio websites. 

Jun 27, 2017 13:31

Description:

In today's podcast, we hear that the UK's Parliament recovers from a brute-force attack. Reports on election hacking in the US suggest there was some American cyber retaliation last year against Russian influence operations. BlackTech goes after intellectual property in East Asia. Windows Defender gets a patch, but Windows 10 source code leaks. Fireball malware's extent is disputed. ISIS hacktivists deface websites associated with the government of the State of Ohio. Webroot's David Dufour offers thoughts on phishing. And how much can we count on common sense?

Vault7 leak: Brutal Kangaroo toolkit. Data breach and ransomware updates. Notes on code audit requirements.

Jun 24, 2017 20:01

Description:

In today's podcast we hear about how Brutal Kangaroo has hopped out of Vault 7—don't let it poke your device with a thumb drive. Big data leaks wind up being traded on the black market. The dangers of careless configuration of an S3 bucket. Ransomware remains pricey. It can also serve as misdirection. Dale Drew from Level 3 Communications shares lessons from WannaCry. Darron Gibbard from Qaulys offer his take on the EU's GDPR. Software companies receive and respond to code audit requirements as a condition of doing business in Russia.

WannaCry's back and the industrial IoT's got it. Business email scams hit the unwary (and most of would count as unwary). Testimony on Russian election influence operations. Grid security.

Jun 23, 2017 15:59

Description:

In today's podcast we hear that WannaCry's still here—just ask Honda and the Australian state of Victoria. North America and Europe work to secure their grids against CrashOverride. The US Congress hears testimony about Russian election influence ops: they didn't change the vote, but did they ever shake people up. Business email compromise scams hook sophisticated victims. The Queen's Speech says that, whatever else Brexit may mean, it won't mean a GDPR exit. Johns Hopkins University's Joe Carrigan review the ease of listening in on RF traffic. Asaf Cidon from Barracuda Networks on the increased threat from ransomware. And what's all this about CISOs and root canals? We didn't know that was an alternative to bearing bad news to the Board.

Investigation, introspection, watchdogs, and leakers. The risk of collecting and storing data. 

Jun 22, 2017 16:00

Description:

In today's podcast, we hear that nation-state influence operations against elections prompt investigation, introspection, and policy studies. We also hear about the implications of a major voter database exposure in the US, and about what might be done to mitigate such risks. Lancaster University's Awais Rashid shares research on security stakeholder biases. Arlen Frew from Nominum on small business vulnerabilities. Leaks from intelligence services seem to be inflicting collateral damage on Internet users as they find their way into criminal hands.

Who's behind the Android malware infestations? Mirai and Erbus updates. Industry notes. Brussels takes the pro-crypto side in the crypto wars. CrashOverride as a weapon. IG report on NSA insider threat management.

Jun 21, 2017 15:31

Description:

In today's podcast, we hear that some believe they've seen the Professor Moriarity behind 2017's Android malware outbreak. Erebus is back, and this time it's in Linux. Mirai may be about to become more resistant to cleaning. Crytpo wars flare in the UK and EU as terror investigations proceed. A quick look at SINET's Innovation Summit. Raytheon's DHS cyber contract survives challenge. CrashOverride looks to a lot of experts like a proven cyber weapon. Ben Yelin from UMD CHHS discusses a "right to know" privacy law. Perspectives on attribution from John Brick of the DNG-ISAC. And did the dog eat the Fort's homework, or did some Bear feed said homework to the dog?

Bouncing bad adware apps from Google Play. More on WannaCry attribution. Voter data exposed on an Amazon S3 account. Assessment of Russian influence on UK elections: they didn't do it. (Didn't need to?) Hackers sentenced.

Jun 20, 2017 14:59

Description:

In today's podcast, we hear that Google is in an "uphill battle" against adware infestation of the PlayStore. GCHQ seems to agree with NSA, which seems to think WannaCry was a North Korean caper. Big data firm leaves voter data exposed on an Amazon S3 account. GCHQ says the Russians didn't disrupt the recent UK elections. Dr. Charles Clancy from VA Tech's Hume Center describes methods for preventing another Dyn-style attack. Two hackers sentenced, one in Pennsylvania, the other in East Anglia, one for the vengeance and one for the lulz.

More from Vault7. How and why the DPRK hacks. FIN10 hits North American businesses with extortion demands. UK unis sustain ransomware infestation. Free decryptors are out, and ISACs seem to be working.

Jun 17, 2017 19:58

Description:

In today's podcast, we hear that WikiLeaks has dumped more of Vault7. More attribution of WannaCry to North Korea, where Hidden Cobra and the Lazarus Group appear to be one and the same. FIN10 cybercriminals are asking US and Canadian businesses for a big payoff to head off a big doxing. Conventional ransomware hits British universities. Kasperky and Avast release free decryptors for Jaff and EncrypTile. Markus Rauschecker from UMD CHHS reviews China's new cyber laws. Jocelyn Aqua from PwC describes attitudes toward AI. The ISAC process seems to be working. And patch early, patch often.

Hidden Cobra strikes from Pyongyang. Microsoft patches last of ShadowBrokers' leaked exploits. Sanctions coming over Russian election influence operations. Electrical and natural gas sectors brace for CrashOverride.

Jun 16, 2017 15:39

Description:

In today's podcast, we hear that the FBI and the Department of Homeland Security have warned that Hidden Cobra actively pursuing DDoS campaigns. Microsoft patches remaining ShadowBrokers' exploits, even in deprecated systems. The US Congress votes to sanction Russia for election influence operations. Those operations have a long, long history, going back to the 1930s at least. Electrical and natural gas sectors work to protect themselves against CrashOverride. Emily Wilson from Terbium Labs reminds us not to forget the basics. Michael Callahan from Firemon shares survey data suggesting that IT pros spend too much time fixing their coworkers personal devices. Mergers and acquisitions seem to be followed by layoffs—Hexadite is said to be the latest case.

A CrashOverride update from Robert M. Lee. Patch news. Terrorist funding goes cyber. Cozy and Fancy Bear were more active than earlier believed.

Jun 15, 2017 19:04

Description:

Robert M Lee from Dragos provides an overview of CrashOverride. A quick look at yesterday's Patch Tuesday. Some of the fixes even reached back into Windows XP's unquiet grave. Terrorist information operations are increasingly sustained by cryptocurrency funding. Accenture's Justin Harvey reviews automation and orchestration. Russian intelligence may have been more active probing US state election systems than previously thought. Fake-news-as-a-service is now a black-market offering.

CrashOverride update. Influence ops harder to disrupt than infrastructure. Samba exploited for cryptocurrency mining. NSO Group for sale. Botnets and fake news. Airliner laptop bans.

Jun 14, 2017 15:00

Description:

In today's podcast, we hear that CrashOverride looks like a power grid threat, and industry and government are taking it seriously. Cyber operations against ISIS are proving better at collection than disruption. Criminals are exploiting vulnerable Samba instances to spread cryptocurrency mining software. NSO Group has put itself up for sale, valued at more than a billion dollars. Well-informed observers of a civil libertarian bent think botnets don't have First Amendment rights.  Johannes Ulrich from from SANS and the ISC Stormcast Podcast on IPV6 security. Kirsten Bay from Cyber adAPT on Wannacry and the importance of a detection-led approach. And if you wondered about that airport laptop ban, here's the rest of the story.

CrashOverride implicated in Ukraine grid hack—possibly as a proof-of-concept. Hack-induced Gulf diplomatic troubles continue. New malware strains, exploits appear.

Jun 13, 2017 15:17

Description:

In today's podcast, we hear that Dragos and ESET are bringing some clarity—and some bad news—to investigation of December 2016's Ukrainian power-grid hack. Qatar and its neighbors try to sort out hack-induced diplomatic troubles. DoubleSwitch social media malware hijacks dissidents' accounts. CertLock impedes removal of unwanted programs by security software. MacSpy and MacRansom appear as malware-as-a-service offerings. AMT vulnerability exploited in the wild. David Dufour from Webroot explains why attribution is so difficult. Robert Rodriguez from SINET describes the upcoming Innovation Summit 2017. China arrests twenty-two for trading in stolen iOS user data.

Comey's testimony calls Russian election influence operations massive and ongoing. New Android malware. Malicious hyperlinks infect with a mouse-over. Data privacy issues.

Jun 10, 2017 20:00

Description:

In today's podcast we hear that whatever else former FBI Director Comey told the Senate, one thing is clear: he's convinced the Russian are fully committed to influence operations, and that they'll be back. More on disinformation and hacking in Qatar. Fresh malware surfaces in the Android ecosystem—some but not all has been booted from the PlayStore. Mousing over a malicious hyperlink can now be an infection vector. Cryptocurrencies, money transfer, and money laundering. Ben Yelin explains Florida money laundering legislation aimed at Bitcoin. Will Ackerly from Virtru discusses privacy and the right to be forgotten, online. GDPR and some thoughts on the distinctions among anonymity, privacy, and security.

Qatar—provocation, and disinformation online. Influence operations move from doxing to disinformation. 2FA still a good idea. Former FBI Director Comey testifies. And assume the boss is watching.

Jun 9, 2017 14:58

Description:

In today's podcast, we hear that Qatar remains in bad odor with its neighbors over a recent online provocation. (Russia denies any involvement.) Anomali talks about influence operations, especially with respect to elections, where they may be moving from doxing to disinformation. Leaks about election hacking shouldn't turn you off to multifactor authentication—it's not the technology; it's us. Former FBI Director Comey testifies before the Senate Intelligence Committee. Level 3 Communications' Dale Drew review health care security stats. Drew Paik from Authentic8 shares vacation traveling tips. And a lesson from the NSA leak arrest: assume the boss is watching.

Farewell to Jean Sammet, co-developer of COBOL. Remembering Midway. NSA leak investigation. Signs of Russian disinformation in the Gulf. Data breaches, script kiddies, EternalBlue, and Turla.

Jun 8, 2017 14:22

Description:

In today's podcast, we say farewell to a legendary coder, and we also remember the Battle of Midway. Influence operations in the Gulf may have been Russian. Alleged leak of NSA report on election hacking proceeds. Two new data breaches are disclosed. A script kiddy is arrested in Japan for writing and distributing ransomware. EternalBlue remains a risk. Johns Hopkins' Joe Carrigan reviews research on cracking mobile device passwords using accelerometers. Eliana Schwartz describes the Cybertech Fairfax conference. Turla resurfaces, and they've new backdoors and everything. But what's their thing with Britney Spears?

Report leaked on Russian influence operations (alleged leaker in custody). ISIS continues inspiration; anarchist groups said to follow same playbook. The DarkOverlord is back.

Jun 7, 2017 14:48

Description:

In today's podcast we hear about a leaked report describing eleventh-hour Russian influence operations during last year's US elections. An alleged leaker is already charged and in custody. The UK's investigation into last weekend's terror attacks continues, online as well as in physical space. Apple hints it's helping out. The attackers seem to have been known to authorities. In its continuing campaign of online inspiration, ISIS claims responsibility for the destruction of a church in the Philippines and a lethal standoff in Australia. Violent anarchist groups seem to be following the ISIS playbook in cyberspace. Some thoughts on wolves.  Rick Howard from Palo Alto Networks on government cloud deployment. Andrea Little Limbago from Endgame has results from a survey on Americans’ perceptions of the US government’s cybersecurity capabilities. And the DarkOverlord is back.

ISIS claims responsibility for inspiring attacks in London. More are expected during Ramadan. Hacks roil Middle Eastern diplomatic waters. Ransomware updates. Indian investigates possible aircraft hacking.

Jun 6, 2017 14:12

Description:

In today's podcast, we hear that ISIS has claimed responsibility for Saturday's terror attacks in London. The UK reacts with strong words against terrorist safe spaces online. The Prime Minister wants restrictions on end-to-end encryption and a very hard line against extremist messaging. Hacking has diplomatic consequences for Bahrain, Qatar, and the United Arab Emirates. India investigates a possible cyberattack against a fighter aircraft. Dr. Charles Clancy from VA Tech's Hume Center on the FCC's approach to consumer privacy. Ransomware purveyors also selling stolen data. EternalBlue exploits remain active.

Patriotic and free-spirited hacking? WikiLeaks has a new Vault7 dump. Cyber conflict over the South China Sea. Fireball malware infests more than 250 million devices. Trident security. Kmart breach. Bikers turn hackers.

Jun 3, 2017 19:41

Description:

In today's podcast we hear, second-hand but ultimately from Vladimir Vladimirovich himself, that Russian hackers are free-spirited, patriotic artists, and maybe he'd be in a position to know. WikiLeaks dumps more Vault7 documents. White hats reconsider crowdsourcing membership in the exploit-of-the-month club. OceanLotus may be weaponizing a ShadowBrokers' leak. Fireball malware used for ad fraud. A think tank warns of Royal Navy submarine cyber vulnerabilities. Kmart discloses a point-of-sale breach.  Jonathan Katz from UMD on undetectable backdoors. Leo Taddeo from Cyxtera Technologies on what the Comey firing means for encryption and cyber security. And a motorcycle gang is hacking cars. Why? Because that's the way they roll.

It's the first of June, and the ShadowBrokers' exploit-of-the-month club is open for business (exploits to be delivered to subscribers in July).

Jun 2, 2017 14:00

Description:

In today's podcast we discuss the ShadowBrokers and their new exploit-of-the-month club, now open for subscription. We get some industry reaction, and it seems unlikely that the ShadowBrokers should be taken at face value. Plus, Webroot's David Dufour give us the dirt on worms. 

Exploit-of-the-month club open for business. Disinformation technology. Lazarus Group tied to North Korean intelligence (again). Extortion is big, but carding is still with us. Spammy apps in Google Play.

Jun 1, 2017 14:49

Description:

In today's podcast, we hear that the ShadowBrokers open their exploit-of-the-month club at the low, low price of $22,000 in Zcash. Group-IB finds more evidence that the Lazarus Group is a North Korean intelligence unit. Extortion, both real and bluffing, grows in underworld popularity, but carders are with us still, alas. President Macron tells President Putin everyone's on to his use of Russia Today and Sputnik News for disinformation. Accenture's Justin Harvey explains red-teaming. Ely Kahn from Sqrrl outlines NIST's call for comments on their cybersecurity framework. And if you're a regular Joe or Jane looking for some Android action, take this advice straight from the shoulder: steer clear of Star Hop and Candy Link.

Implications of Manchester bombing investigation on policy, Five Eyes relations. British Airways IT outage. Fancy Bear and Malta? ShadowBrokers prep exploit-of-the-month club. Google deals with Chrome, PlayStore issues. Mall boards and ricrolling.

May 31, 2017 12:46

Description:

In today's podcast, we hear that British Airways suffered a glitch, not a hack, but whichever it was, it amounted to an infrastructure takedown. Fancy Bears may be snuffling at the Government of Malta. The ShadowBrokers may be cashing out. Google kicks Judy adware out of the PlayStore. Researchers find another Android vulnerability, "Cloak-and-Dagger." Anonymous is working on the Houdini RAT. Mall hackers in Liverpool mind their manners. Johannes Ulrich from SANS and the ISC Stormcast podcast on DNS security. And security researchers get rickrolled.

WannaCry aftershocks. Influence ops and data corruption. Samba patched. Biometrics and impersonation. GDPR approaches. US legislation update.

May 27, 2017 20:00

Description:

In today's podcast we hear that bogus WannaCry remediation apps are cumbering the PlayStore—don't be taken in. More on the complexities of WannaCry attribution. An EternalRocks worm may have been withdrawn by its authors. Citizen Lab finds evidence that influence operations against targets in almost forty countries are now corrupting data. Vietnam does some cyber snarling at the Philippines over the South China Sea. Samba gets a patch as observers fear emergence of a worm. Biometrics and impersonation—experts advise complexity. GDPR is just one year away, but preparation still lags. Dinah Davis from Arctic Wolf shares her story of founding Code Like a Girl. Malek Ben Salem from Accenture Labs describes self sustaining enterprises. And two noteworthy pieces of legislation are introduced into the US House and Senate.

Worm alert. Stumblebums or masterminds? Widia commodity ransomware in its early stages. Taking the fight to ISIS in cyberspace.

May 26, 2017 14:53

Description:

In today's podcast, we hear about a vulnerability in widely used networking software leaves it open to a worm infestation. Were the WannaCry hackers annoying stumblebums, or are there deeper games afoot? Help desk scammers say they'll rid you of ransomware—they won't. Researchers watch "Widia," commodity ransomware that's still an early stage work-in-progress. The Manchester terrorist looks more like a known wolf than a lone wolf. Ben Yelin reviews the Supreme Court's consideration of a cell site privacy case. Yong-Gon Chon from Focal Point Data Risk discusses their Cyber Balance Sheet Report. And US Cyber Command would like ISIS to know that they're in the Fort's crosshairs.

Manchester bombing investigators look at bomber's network. EnSilo patches ESTEEMAUDIT. Cron cyber gangsters arrested. What we hear at the Cyber Investing Summit.

May 25, 2017 15:01

Description:

In today's podcast we hear that the Manchester bombing investigation is looking closely at the bomber's networks, with international cooperation. NSA says it's waging cyber war against ISIS. EnSilo patches ESTEEMAUDIT, one of the vulnerabilities set up for exploitation by EternalBlue. Russian police arrest members of the Cron cyber gang. Ben Read from FireEye describes recently discovered zero-days. Jonathan Katz outlines some Bitcoin vulnerabilities. And the Cyber Investing Summit opened with some demonstrations of the use and abuse of misdirection in hacking.

ISIS claims Manchester concert bombing. The case for a North Korean Wannacry. US lawmakers consider cyber legislation.

May 24, 2017 14:26

Description:

In today's podcast, ISIS claims responsibility for the Manchester concert bombing. Security companies make their case for pinning Wannacry on North Korea. US legislators consider bills to upgrade equipment and permit limited hacking back. Emily Wilson from Terbium Labs considers coming European privacy regulations. Doug Depeppe from the Cyber Resiliency Project describes a community based approach to cyber resiliency.

How were US agents in China compromised between 2010 and 2012? EternalBlue updates (including notes on WannaCry and EternalRock).

May 23, 2017 13:08

Description:

In today's podcast, the FBI and CIA are reported to be looking for the source of a compromise that shut down CIA agents in China between 2010 and 2012: hackers or moles, no one knows. Or was it just a tradecraft mismatch? WannaCry has been slowed, at least temporarily. Observers speculate the ransomware may have been a probe. Other uses of EternalBlue exploits look more focused and more disciplined, and arguably more serious. WikiLeaks dumps another leaked implant. Johns Hopkins' Joe Carrigan gives us the VPN basics. And the ShadowBrokers are expected to open their Leak-of-the-Month Club in June (subscription only).

WannaCry wraps up its first week. No patches for Marshmallow. Women in Cybersecurity survey results.

May 20, 2017 19:58

Description:

In today's podcast we learn that crooks are interested in home IoT. Twitter outages aren't just you. Android Marshmallow won't be getting a patch, just a replacement. WannaCry observers focus on North Korea as a possible source. Palo Alto Networks' Rick Howard has research on Shamoon. Joyce Brocaglia from Alta Associates and the Executive Women's Forum shares results from the 2017 Women in Cyber Security Survey. And no one, yet, knows who the ShadowBrokers are with any certainty. (Or it they do, they're not talking.)

OilRig hires the Russian cyber-mob. WannaCry updates. Other EternalBlue exploits surface in the wild. Pending legislation in the US Congress. NIST issues guidelines for Executive Order compliance.

May 19, 2017 14:55

Description:

In today's podcast, we hear that Iran's OilRig cyberespionage campaign seems to employing Russian hoods, and BlackEnergy. WannaCry recovery continues, but there may be worse to come. Still talking funny, the ShadowBrokers say you'll be able to subscribe to an Equation Group leak service next month. The US Senate considers putting the Vulnerability Equities Process on a legal foundation. NIST issues draft guidance on cyber Executive Order implementation. Level 3 Communications' Dale Drew predicts there's more ransomware in our futures. Mandeep Khera from Arxan Technologies outines vulnerabilities in mobile apps. And political parties in Western Europe still stink at email security, for all their worries about Fancy Bear.

Gothic Panda seems to have a government job. Not all extortion is ransomware (ask Disney). WannaCry update. The ShadowBrokers are back. So is WikiLeaks

May 18, 2017 15:01

Description:

In today's podcast, we hear that APT3, also known as Gothic Panda, has been fingered as an agent of China's Ministry of State Security. An unreleased Disney flick is held for ransom: Disney doesn’t pay, movies goes up on Pirate Bay. WannaCry may be sloppy but it's still dangerous. OT has a harder time patching against WannaCry than IT does. Dr. Charles Clancy from VA Tech's Hume Center contracts the Shadowbrokers vs Vault 7. Area 1's Oren Falkowitz describes innovative ways to prevent phishing. The ShadowBrokers are back and still talking crocodile. And WikiLeaks releases more of Vault7.

WannaCry, worm wars, ransomware pandemics, and a place for kill switches. And what might a cyber Pearl Harbor look like?

May 17, 2017 14:51

Description:

In today's podcast we follow the developing story of the WannaCry pandemic as it continues to unfold, with speculation about attribution focusing on the Lazarus Group. Why malware would have a kill switch. Throwbacks to the worm wars. The risks of unpatched, superannuated, or pirated software. Litigation exposure in the WannaCry affair. David Dufour from Webroot on the basics of exploits and scripts. Paige Schaffer from Generali Global Assistance reviews the Identity Theft Assessment and Prediction Report published by the University of Texas at Austin Center for Identity. Cyber Pearl Harbors, again—what might one actually look like?

WannaCry ransomware—a pandemic. Baijiu spyware in East Asia. APT32 seems to be spying for Vietnam. Al Qaeda calls to lone wolves. Influence operations and tactical operations. The long arm of the law reaches out to tech-support scammers.

May 16, 2017 15:02

Description:

In today's podcast we hear how WannaCry ransomware became a pandemic over the weekend. Johannes Ulrich joins us to help sort it out. A temporary lull is feared likely to be more temporary than most would like. Baijiu espionage malware is spreading through GeoCities. Another APT—APT32—is also devoted to espionage, apparently in alignment with the government of Vietnam. Bin Laden's son is working to inspire lone wolves. National authorities seek to draw influence operations lessons from the concluded French presidential campaign. Armies make tactical use of cyber operations. And there's a dragnet out for tech-support scammers.

WannaCry ransomware spreads via ShadowBrokers' dumped exploit. Necurs delivers Jaff ransomware. Fancy Bear spoofs NATO emails. President Trump's Executive Order on cybersecurity.

May 13, 2017 20:02

Description:

In today's podcast, we hear about the long-expected US Executive Order, with commentary from Politico's Eric Geller. It was signed yesterday, and gives prominence to the NIST Framework, DHS,and OMB. Eternal Blue is used to spread WannaCry ransomware, and the UK's NHS is hard hit. Fancy Bear prances in NATO costume. US Intelligence Community leaders warn the Senate that the Russian cyber threat is large, growing, and not going away. The University of Maryland's Jonathan Katz explains some potential browser protocol vulnerabilities. And spamming celebrates its thirty-ninth birthday—no happy returns for you, spammers.

French media recover from DDoS. XaverAd infests Android ecosystem. Zero-days patched, but exploited in the wild. Mother's day giftcard hacking. Telephonic harassment.

May 12, 2017 14:58

Description:

In today's podcast, we hear that French media sites are recovering from a massive, successful DDoS attack whose source is still under investigation. Android adware harvests and reports PII. Microsoft's quick patching of zero-days included three that are being exploited in the wild by state and criminal actors.  Ben Yelin from UMD CHHS reviews the first 100 (cyber) days of President Trump. Ken Spinner from Varonis on their latest data risk report. Advice on Mother's Day gift cards, and some news about skids and harassing phone calls.

NSA says it warned France of election influence ops. Deterrence and retaliatory capability. SLocky ransomware rising. Patch Tuesday. FBI Director Comey dismissed.

May 11, 2017 14:06

Description:

In today's podcast, we hear that NSA says it warned its French counterparts about Russian cyber ops targeting France's elections. Next up for Fancy Bear? Probably German elections, but in the meantime there's also some phishing with zero-days. The NSA Director also advocates calling out Russia for bad behavior in cyberspace, and says that US Cyber Command is ready and able to hold targets at risk, so deterrence and retaliation are available options. Microsoft, Adobe, and Cisco issued significant patches yesterday. Accenture Labs' Malek Ben Salem shares results from their security survey. Rohit Sethi from Security Compass outlines managing application security. And President Trump has told the FBI Director, "you're fired."

Metadata signs point to St. Petersburg in l'affaire Macron. UK, Germany, US expect more Russian election influence ops. New IoT botnet appears. US FCC sustains DDoS. Microsoft fixes MsMpEngine. SS7 weakness and 2FA.

May 10, 2017 15:01

Description:

In today's podcast, we hear that haste may make for, not exactly waste, but at least brazen and ineffectual influence operations. Metadata evidence of Fancy Bears paws in En Marche! emails. Moscow snorts "false flags," but UK, German, and US officials say the Bears are there and up to no good. ISIS posts another bit of depravity as inspiration. North Korea is thought to be paying for its advanced weapons programs with cyber bank heists. Persirai joins Mirai in the IoT botnet world. The US FCC sustains a DDoS attack. Joe Carrigan from JHU explains the benefits of segmenting your home network. Andrew Blaich from Lookout on finding the Pegasus lawful intercept tool on Android devices. Microsoft patches an RCE flaw in its Malware Protection Engine. SS7 protocol weakness permits defeat of two-factor authentication.

Election cyber-influence campaign in France. (Will UK and Germany follow?) AMT bug to be fixed. HandBrake compromised. Kazuar upgrade for Snake. Ransomware black market.

May 9, 2017 13:34

Description:

In today's podcast, we discuss Emmanuel Macron's victory in France's presidential election despite last-minute hacking and leaked emails. (Hacked emails seem not particularly scandalous as the story develops.) Germany and the UK brace for cyberespionage in their own upcoming elections. Intel AMT flaw more serious than expected, will get fixes this week. HandBrake download server proved RAT-infested. Kazuar looks like an Uroburos upgrade. Emily Wilson from Terbium Labs weighs in on Op Israel. Ransomware market features FrozrLock and Fatboy.

Influence operations and elections, and the difficulty of doing anything about them. Dynamite phishing investigation. Snake hisses at Macs. Fatboy at your (criminal) service.

May 6, 2017 20:02

Description:

In today's podcast we hear about elections and election influence operations in Europe, and the difficulty of taming Fancy Bear. Some weekend reading. The Google Docs worm and dynamite phishing incident takes an odd (but implausible) turn. Snake malware seems poised to strike at Mac users. We welcome Johannes Ulrich from SANS and the Internet Stormcenter Podcast. Allan Liska outlines his book on ransomware. And there's a new product in the crimeware-as-a-service souk: it's called "Fatboy," it speaks Russian, and yes, it's ransomware.

Phishing with a big worm (and other lures). Botnet mining cryptocurrency. Blackmoon upgraded. Aadhaar troubles in India. Passwords, security questions, and Grand Moff Tarkin's CISO.

May 5, 2017 15:38

Description:

In today's podcast, we hear about how OAuth abuse rushed a worm around Google Docs, and how the good guys swiftly contained the attack. Bondnet discovered mining cryptocurrency. The Blackmoon financial malware gets an upgrade. Carbanak is still out there, trickier than ever. No-phishing season at Gannett. India's national biometric ID system runs into security and legal trouble. Rick Howard from Palo Alto Networks previews the Cyber Canon awards ceremony. Andrew Chanin describes the upcoming Cyber Investing Summit. And reflections on passwords yesterday, today, and tomorrow, both here on earth and in a galaxy far, far away.

Shamoon update. Sabre discloses possible breach to SEC. Mobile device and VPN threats and vulnerabilities. Information operations and cyberespionage.

May 4, 2017 14:49

Description:

In today's podcast we hear that Shamoon's Trojan servant seems to have got a new comms channel. Sabre discloses possible breach: hospitality and travel sectors affected. Some more things to worry about: ultrasonic beaconing, SIM card fraud, VPN privilege escalation, and another bad app in the PlayStore. (But you can fix all these.) Governments look to social media restrictions to control hate speech and fake news. (Social media providers look to human curation and the blockchain for help.) Level 3's Dale Drew describes the evolution they're seeing in botnets. Tripwire's Craig Young shares his research on hacking smart TVs. Cyberespionage and influence updates, from Washington to Seoul.

IBM, Apple, and Intel all fix vulnerabilities and block threats. Neustar's DDoS report. Updates on the DarkOverlord and (separately) LizardSquad. Info ops and what they're after.

May 3, 2017 15:01

Description:

In today's podcast we hear that Trojanized USB sticks are out in the wild. So are phishing emails complete with backdoors and spyware payloads. Intel reports (and mitigates) a major firmware vulnerability in Core processors. The DarkOverlord and third-party risk. ShadowWali backdoors afflict Japanese enterprises. The LizardSquad may be back, but you still shouldn't listen to them, still less pay them protection. Neustar looks at DDoS trends. Ben Yelin from the UMD Center for Health and Homeland Security explains tractor hacking. Nehemiah Security's Paul Farrell thinks we need to mind the security basics. And do info ops heighten the contradictions? 

NSA changes collection policy in a privacy-friendly direction. Latest Vault7 leaks look anodyne. Election influence concerns in Europe and the US. Blocking social media. DarkOverlord returns with extortion caper.

May 2, 2017 13:33

Description:

In today's podcast, we hear how the NSA is revising its interpretation of Section 702 collection, to the general approval of privacy advocates. WikiLeaks drops another alleged tool from Vault7—this one looks like garden-variety data-loss-prevention beaconing. The UK and France are on alert for influence operations, and the US Congress takes testimony on such marketing-in-battledress. South and Southwest Asian governments move to block or censor social media. Prof. Awais Rashid from Lancaster University describes some of the risks of the cloud. The DarkOverlord returns, extorting TV and movie content owners over shows stolen from a third-party post-production company.

OilRig fingered as Iranian state-sponsored group behind attempted hacks of Israeli targets. Shamoon still under the same management. Botnet wars in the IoT. Countermessaging, hopes of missile hacks, and more. 

Apr 29, 2017 18:48

Description:

In today's podcast, we hear that researchers have named the hitherto unnamed country that attempted to hack Israeli targets. Other researchers conclude Shamoon is still under the same management. Roles and missions dispute among Israeli security organizations. Peter Galvin from Thales takes a look at data security in the US Federal sector. VA Tech's Dr. Charles Clancy explains the pros and cons of 5G mobile technology. Financial malware vector startles phishing victims into clicking. Vigilante botnets are not helping the IoT. Countermessaging is still not as easy as it looks. And there's a lot of thinly sourced hope about hacking North Korean missiles.

Fancy Bear in France (and in Germany, too). Israel debates Cyber Authority's charter. Sudan says its using Electronic Jihad against ISIS. Verizon, Symantec threat reports out. Adware campaigns.

Apr 28, 2017 14:35

Description:

In today's podcast, we hear about the bear tracks analysts are seeing  in Macron's campaign for France's presidency. (They're also appearing in German political parties' think tanks.) Cyber gangs continue to pore over ShadowBrokers' leaks. Verizon and Samsung threat reports see ransomware and nation-state espionage as the trending issues. Amid debate over cyber authorities, Israel says it detected and stopped a major attack. Palo Alto Networks' Rick Howard outlines a new white paper on credential theft. Ellison Anne Williams from Enveil describes their innovation in encryption. Adware infests online markets through spam and Trojanized apps.

Elections, influence operations, and hacking. How clever phishing succeeds. Chipotle's point-of-sale breach. Hacking in Fast and Furious 8.

Apr 27, 2017 14:29

Description:

In today's podcast, we follow the story of Fancy Bear (a.k.a. Pawn Storm, a.k.a. APT28) and France's elections. Why clever phishing continues to succeed, and what's up with 0Auth abuse. Information operations distinguished from simple "hacking." Another point-of-sale compromise suggests identity management issues. The University of Maryland's Jonathan Katz explains a JSON encryption vulnerability. Stan Black from Citrix explains the pros and cons of the IoT. And can hackers really blow up a submarine by driving their car fast and furiously? You be the judge.

Fancy Bear spotted in France, Denmark, and maybe Bulgaria. Tensions mount around North Korean weapon programs. Power grid fragility. Milkydoor in the PlayStore. AV misunderstanding. Kelihos indictment. Ashley Madison blackmail.

Apr 26, 2017 14:54

Description:

In today's podcast, we hear that Fancy Bear has as expected been spotted snuffling around the French Presidential election. Denmark and Bulgaria also report bearish activity. Sino-US pressure on North Korea may foreshadow an uptick in the cyber op-tempo. Power failures prompt worries about the grid's fragility. Milkydoor's Trojanized Android apps pose a BYOD threat to businesses. Webroot is fixing its AV misunderstanding with Windows. Alleged Kelihos botnet master indicted. Webroot's David Dufour discusses IoT supply chain challenges. Eric Burger describes the 2017 Borderless Cyber conference. And another Ashley Madison extortion caper surfaces.

Nation-state tensions in cyberspace over North Korean threats and presumably Russian cyberespionage. Locky returns. More pharma spam. Seleznev gets 27 years for carding.

Apr 25, 2017 15:00

Description:

In today's podcast we hear that cyberattack worries mount with international tensions over North Korea. France's first-round presidential elections conclude with two outsiders headed for the finals. WikiLeaks' and ShadowBrokers' leaks find their way into the criminal wild. US shows renewed interest in prosecuting WikiLeaks' Assange. Locky ransomware is back from the dead. SMSVova spyware kicked out of the PlayStore. More Canadian pharma spam. Emily Wilson from Terbium labs describes the unintended consequences of "spectacle" attacks. Seleznev gets 27 years for carding. And notes on some less-than-fully-successful criminals.

States and gangs. Insider threats and mole hunts. The misguided vigilante behind BrikerBot. Hollywood hacks. Not a Nigerian prince this time, just the Director General of the National Intelligence Agency.

Apr 22, 2017 19:59

Description:

In today's podcast we hear that cyber gangs are busily at work reverse-engineering the last ShadowBrokers' document dump. But the Russian ones at least are probably getting some state help. Insider threats and mole hunts. BrickerBot's author plays a dangerous vigilante game—operating technology may be particularly at risk. Hollywood's best depictions of hacking. Ben Yelin describes a weaponized animated GIF. Carson Sweet from CloudPassage on government requests that providers turn over emails and lagging legislation. And there are forty-three million dollars in a Nigerian apartment. No, really—forty-three million in cash.

Trojanized apps in the PlayStore. How cybergangs talk, cooperate, and improve their game. More troubles reported for Tanium.  A Chicago lawsuit brings privacy issues to the fore.

Apr 21, 2017 14:56

Description:

In today's podcast we hear about snakes in the PlayStore's walled garden (one of them with a helpful flashlight, and another one with a plumber's cap and a mustache, which must look pretty odd on a serpent). A look at how cyber gangs communicate—they do it a lot like the rest of us. Source code distribution and the jokers who make annoying use of it. More troubling reports about an IPO-ready unicorn. The Johns Hopkins University’s Joe Carrigan explains limitations of fingerprint scanners. Amit Rahav from Secret Double Octopus describes innovations in authentication. Plus, what information do your products collect about you? And how do you know what the vendors are doing with it?

Vigilantes in the IoT. Bad actors find a friend in the ShadowBrokers. BankBot is back in the PlayStore. Pixel-tracking for target recon. A very big Oracle patch.

Apr 20, 2017 14:56

Description:

In today's podcast we hear about a new vigilante in the IoT—Hajime—and learn that the security industry doesn't think much of vigilantes. Observers pore over the most recent ShadowBrokers' files and don't like what they see, even though most of the more dangerous exploits have been patched. Still no word on how the ShadowBrokers got their wares, or where WikiLeaks got the contents of Vault 7. BankBot is back in the PlayStore with Trojanized video apps. Attackers are seen using pixel-tracking for target recon. AsTech’s Greg Reber outlines cyber M&A due diligence. Lancaster University’s Awais Rashid describes their effort to assemble a cyber security body of knowledge. And Oracle issues a very big patch.

Karmen in the black market. Homograph vulnerabilities. Vault 7 and ShadowBrokers updates. Hacks and missiles. Competing for botnets.

Apr 19, 2017 14:58

Description:

In today's podcast, we hear about a newish ransomware strain, Karmen, hitting the low-end ransomware-as-a-service market. Homograph vulnerability proof-of-concept revealed. Jihadist infosec service advises good cyber hygiene for terrorists post-Vault 7. The ShadowBrokers try to drag a red herring—actually a bad frog—across their tracks. Hopeful speculation continues that the US hacked North Korea's missile test last weekend. Hajime malware is competing with MIrai for bots, although to what end is unclear. Dr. Charles Clancy from VA Tech’s Hume Center contrasts Vault-7 vs. the Shadowbrokers. Bill Anderson from OptioLabs outlines battlefield mobile device security. And you're not going to get rich by using security cameras to mine Bitcoin.

Missiles and malware? ShadowBrokers' leaks examined. Syrian info ops. ISIS recruits women for martyrdom. Ransomware, medical device vulnerability updates. Troubled unicorn?

Apr 18, 2017 14:09

Description:

In today's podcast, we hear about a big missile fizzle on Pyongyang's Day of the Sun yesterday—there's hopeful but a priori speculation of a cyber op against North Korea's nuclear strike R&D program. Friday's ShadowBrokers' leaks suggest financial service, industrial IoT vulnerabilities. Syrian regime calls hoax on nerve gas attack claims (informed observers are unconvinced). How ISIS recruits women for martyrdom operations. Ransomware update. Medical device makers might learn from mobile device makers. Rick Howard from Palo Alto Networks ponders the first principle of automotive security. And clouds gather over a security unicorn.

ShadowBrokers frustrated with the peoples. Callisto Group was active against UK Foreign Office. US DCI denounces WikiLeaks as a hostile intelligence service. Surveillance vendors said willing to deal with pariah regimes. Weaponized memes.

Apr 15, 2017 19:55

Description:

In today's podcast, we hear that the ShadowBrokers are fed up with all of you peoples. The Callisto Group spearphised the UK's Foreign Office last year. The US DCI calls out WikiLeaks as a hostile intelligence service. Lawful intercept shops alleged to be willing to deal with pariah regimes. University of Maryland’s Jonathan Katz discusses Google’s unfulfilled promise of end-to-end encryption in gmail. Ajit Sancheti from Preempt Security explains the tension between security and human nature.  NATO insiders would like to see the Atlantic Alliance weaponized memes.

Ewind adware infesting Android third-party app stores. Influence operations. Russian state use of organized crime. Finspy a payload in Word zero-day exploits. 

Apr 14, 2017 14:33

Description:

In today's podcast we hear about how Ewind adware infests cloned apps in the Android ecosystem. Influence operations rise to prominence amid increased Russian and Islamist activity against Western targets. Accused Russian traitor makes jailhouse denunciation of Russia's coziness with cyber organized crime. Finspy found distributed via Word zero-day. And suppose you're doing a nickel in Ossining or San Q (not that you would be). Webroot’s David Dufour warns of tax-season phishing. Fred Wilmot from PacketSled explains the convergence of OT, IT and IoT. And, how do you stay connected in the big house?

Patch Tuesday notes. Cyber threats to healthcare, New Helsinki information operations center forming. Updates on WikiLeaks and the ShadowBrokers

Apr 13, 2017 13:53

Description:

In today's podcast, we discuss April's Patch Tuesday, with news and tasks for Windows, Adobe, and SAP admins. Cyber threats to healthcare include ransomware, breaches, and device hacking. NATO and non-NATO partners establish an information operations center in Helsinki to contest Russian influence in cyberspace. Analysts continue to pick over the latest from the ShadowBrokers. Emily Wilson from Terbium Labs describes the Dark Web ecosystem. And WikiLeaks Vault 7 seems to out cyber operators as fans of Star Trek, anime, and Ape Escape. No surprises there, eh?

Women in Cybersecurity 2017: A CyberWire Special Edition

Apr 12, 2017 23:50

Description:

The 2017 Women in Cybersecurity conference was held in Tucson Arizona, and the CyberWire was on hand to cover the event. We spoke with a variety of cyber security professionals, at different stages of their careers. We covered some of their career journeys and professional insights on our daily podcast, and in this special edition learn why a women in cybersecurity conference is more important than ever, what they wish they knew when they were starting out, as well as some advice for the men in the industry.

Word zero-day spreading Dridex. Password reuse bites Amazon third-party sellers. Mirai now mines Bitcoin. WikiLeaks, the ShadowBrokers, and war in Syria. Cyber first use. Crypto wars in Europe. APT10 in India. Penn State prof takes  Gödel Prize

Apr 12, 2017 14:54

Description:

In today's podcast, we hear about how a Word zero-day is spreading the Dridex banking Trojan. Amazon third-party sellers bitten by reused passwords. IBM catches Mirai mining Bitcoins. Symantec discerns Longhorn tools in WikiLeaks' Vault 7. Tensions over Syria's civil war seem to be behind the Shadow Brokers' return. ISIS is now attempting to recruit women to the Caliphate. Germany considers a cyber first-use doctrine. Crypto wars flare in Europe as French Presidential candidate Macron takes a strong anti-encryption line. The University of Maryland Center for Health and Homeland Security’s Ben Yelin weighs in on the FCC’s rollback of ISP privacy rules. Dario Forte from DF Labs cautions against AI hype. A Penn State professor takes the 2017 Gödel Prize for his work on differential privacy.

Information operations respond to kinetic strikes. Dallas emergency sirens hacked. Alleged spam king arrested. Okta files its IPO.

Apr 11, 2017 15:22

Description:

In today's podcast, we hear that US strikes against Syrian targets and harsh words for Assad are followed by apparent Russian information operations as bilateral tensions mount. Both WikiLeaks and the Shadow Brokers resurfaced late last week. A light Patch Tuesday is foreseen, but observers expect a fix for a Microsoft Office zero-day being actively exploited. Okta files its anticipated IPO. Dallas emergency sirens were hacked early Saturday. The Johns Hopkins University’s Joe Carrigan discusses upcoming updates to the Waze GPS app. Kathleen Smith from cybersecjobs.com and clearedjobs.net joins us from the Women in Cybersecurity Conference. Spanish police collar the alleged "spam king."

APT10's Operation TradeSecret. BrickerBot may be vigilante PDoS. Amnesia and Sathurbot exploit known vulnerabilities in, respectively, DVRs and WordPress. Ransomware, surveillance, and info ops updates.

Apr 8, 2017 19:48

Description:

In today's podcast, we hear about how Operation TradeSecret collected intelligence on US trade policy during the run-up to the Sino-American summit at Mar a Lago. BrickerBot is out, a PDoS campaign that looks like nasty vigilante work, so close your Telnet ports and change your IoT device default passwords. The Amnesia campaign is after unpatched DVRs. Sathurbot exploits unpatched WordPress instances and infects Torrent users. Lancaster University’s Awais Rashid has concerns over IoT devices limited interfaces. Endgame’s Andrea Little Limbago shares her story from the Women in Cybersecurity Conference. Surveillance and influence operations allegations in the last US Presidential campaign have their counterparts in the current French one.

Operations TradeSecret and Cloudhopper attributed to APT10. Third party risks. Lazarus Group update. US investigation of Russian influence operations and US surveillance allegations proceeds.

Apr 7, 2017 14:58

Description:

In today's podcast we hear about Operation TradeSecret, which joins Operation Cloudhopper: both appear to be facets of a Chinese cyberespionage campaign. 20,000 loan applications are exposed by a third-party IT vendor. North Korea's Lazarus Group still has banks in its crosshairs. A study shows that mobile users are in a complicated relationship with their apps. US Congressional hearings into Russian influence operations and allegations of US surveillance continue. IBM’s Wendi Whitmore joins us from the 2017 Women in Cybersecurity Conference. Palo Alto Networks’ Rick Howard describes the cloud paradigm shift. And tomorrow is OpIsrael; Israeli enterprises say they're prepared.

Operation Cloudhopper. Chrysaor spyware. Microsoft to upgrade Office security. Notes from SeaAirSpace. High school hacking.

Apr 6, 2017 15:01

Description:

In today's podcast, we hear about how Operation Cloudhopper gets to its espionage targets via their cloud and managed service providers. Details are out on the Android version of the Pegasus spyware. Microsoft will upgrade Office security. Notes on the annual SeaAirSpace expo, including an excursus on cyber Marines. Cisco’s Chief Privacy Officer Michelle Dennedy joins us from the Women in Cybersecurity Conference. Dale Drew from Level 3 describes the security ecosystem disruption. And what is going on in Bedford County, Pennsylvania, a place where the laws of physics may not apply?

Pegasus version now affects Android. UK on alert for ISIS infrastructure cyberattack. DPRK tied, again, to Bangladesh Bank heist. Fancy Bear and Turla updates. Samsung Tizen 0-day. Tax season security. 

Apr 5, 2017 14:55

Description:

In today's podcast, we hear that Pegasus is now in the Android ecosystem. British authorities warn of possible ISIS cyberattacks on infrastructure. Russia investigates the St. Petersburg metro bombing. New evidence connects North Korea with the Lazarus group. Fancy Bear continues to romp unabated, and Turla seems to have remained quietly active for about twenty years. Zero-days reported for Samsung's Tizen. Our coverage of the Women in Cybersecurity Conference continues, featuring a conversation with Endgame malware researcher Amanda Rousseau. Virgina Tech’s Hume Center’s Dr. Charles Clancy describes telephony DDOS. Apple issues an emergency iOS patch. Industry notes, and tax season security advice.

WikiLeaks dumps alleged CIA obfuscation code. Attribution skeptics speculate about Russian ops (or the lack thereof). ISIS information operations manual revealed. RATs in the wild.

Apr 4, 2017 15:01

Description:

In today's podcast, we hear that WikiLeaks has dumped what it claims are CIA source code files. The leak seems to aim at raising suspicion that attacks attributed to foreign governments are in fact false-flag operations. The International Association of Athletics Federations says it was hacked by Fancy Bear. Two new RATs—remote access Trojans—are discovered in the wild. ISIS takes some cyber hits, and an investigator outlines the group's information operations manual. At the annual Women in Cyber Security Conference we catch up with US Naval Academy Midshipmen Svetla Walsh and Deja Baker. David Dufour from Webroot reviews their latest threat report.

Fancy Bear's phishing expeditions. Cryptowars and privacy regs in the EU. Is that really you, Dr. Niebuhr? 

Apr 1, 2017 19:53

Description:

In today's podcast, we hear about how Fancy Bear left tracks in Bitly, and Fancy Bear did an awful lot of phishing going back to March 2015. Experts take a look at Russian espionage and influence operations, and they draw some disturbing conclusions. The EU seems ready to go anti-encryption—how that will work with the EU's regulatory emphasis on privacy is anyone's guess. The University of Maryland's Jonathan Katz explains the recent Z-Coin crypto-currency bug. Bob Ackerman from Allegis Captical and DataTribe offers insights on the investment environment for cyber. And no, that's not a famous theologian tweeting: it's the head G-Man.

Apple patched this week—how are your systems? Lastpass working on a patch for an undescribed bug (said to be complex). What IT staff actually work on. And a long talk about emerging Administration cyber policy.

Mar 31, 2017 14:53

Description:

In today's podcast, we hear about Apple's patches issued this week—how are your systems? Lastpass is working on a patch for an undescribed bug (said to be a complicated one). What IT staff actually work on. Politico's Eric Geller discusses emerging Trump Administration cyber policy. Emily Wilson from Terbium Labs outlines the data breach timeline. 

Hybrid warfare objectives and tactics. Physical threats, lost and found. Vulnerability and threat recap.

Mar 30, 2017 14:42

Description:

In today's podcast, we pass on what we've heard at ITSEF about Russian hybrid warfare: it aims, experts say, at redressing the loss of the Cold War. Microsoft Internet Information Services (IIS) 6.0 found vulnerable to a buffer overflow attack. Cerber ransomware evolves to evade detection. Bugs found in Siemens ICS products. VMWare patches vulnerabilities. Laptops with sensitive information lost in Hong Kong and New York. Joe Carrigan from the Johns Hopkins University Information Security Institute reviews a teddy bear who can’t keep a secret. Peak10’s David Kidd outlines compliance advantages of the cloud. Malicious USB sticks strewn around a Canadian university campus.

Updates on Cozy Bear and Shamoon tradecraft. Crypto wars flare in the UK. FBI warns of attacks against FTP servers. Typosquatting, scareware, and other problems.

Mar 29, 2017 15:01

Description:

In today's podcast, we hear how Cozy Bear slips through with domain fronting. Shamoon's infection methods are revealed. The crypto wars flare over not-so-lone wolves, but there are some genuine lone wolves out there as well. Medical and dental practices warned against attacks on FTP servers. A networked sterilizer is, well, digitally unhygienic. Docs dot com search functionality temporarily disabled. Remember, if you want to reach the G-men, it's FBI dot GOV, not dot com. The UMD Center for Health and Homeland Security's Ben Yelin examines a case where a defendant's expertise is being held against him. Brian Brunetti from Route1 warns about VPN insecurity. Scareware hits iOS users. And a Brooklyn prosecutor gets bad advice from the old heart.

Lone wolves howl to each other over WhatsApp? Industry yawns at WikiLeaks zero-days. How online gamers cheat. America's JobLink breach update. Ukrainian artillery hack notes. April 7 deadlines.

Mar 28, 2017 14:39