The CyberWire

By The CyberWire

Listen to a podcast, please open Podcast Republic app. Available on Google Play Store.


Category: Tech News

Open in Apple Podcasts


Open RSS feed


Open Website


Rate for this podcast

Subscribers: 844
Reviews: 4

Matt Aguirre
 Mar 10, 2019


 Jan 16, 2019

Average Joe
 Dec 12, 2018
This is a great source for a daily overview of what happened in Cyber Security and IT!

Mikey
 Nov 11, 2018
Although I enjoy listening, it's like a new language which I'm slowly learning. I wish some more time was given to background regarding malware.

Description

The daily cyber security news and insights leaders depend on.

Episode Date
EvilQuest ransomware identified. Out-of-band patches. The scope of Chinese surveillance of Uighurs. Hong Kong and the National Security Law. FCC finds against Huawei, ZTE.
21:00

EvilQuest ransomware found in pirated versions of Little Snitch app. Out-of-band patches from Microsoft and Oracle. Extensive Chinese surveillance of Uighurs described. Hong Kong and the world react to China’s new National Security Law. The US FCC finds both Huawei and ZTE are threats to national security. Joe Carrigan on password stealers that target gaming. Our guest is Kiersten Todt from the Cyber Readiness Institute on how COVID-19 has changed small business security and what to expect going forward. And Britain rethinks its position on Huawei and 5G infrastructure.

For slinks to all of today's stories check out our CyberWire daily news brief:

https://www.thecyberwire.com/newsletters/daily-briefing/9/127

Jul 01, 2020
Critical bug disclosed in Palo Alto products (a fix is available). StronPity (a.k.a. Promethium) is back. A big Bitcoin scam. Lots of PII newly offered in the dark web. Australia and India look to their defenses.
21:14

NSA and CISA agree: take Palo Alto’s advisory about its PAN-OS operating system seriously. StrongPity is back and active against targets in Turkey and Syria. A big Bitcoin scam is using spoofed news outlets and bogus celebrity endorsements to lure victims. A large trove of PII has appeared in the dark web. Ben Yelin from UMD CHHS on whether or not the EARN IT Act violates the constitution, our guest is Brad Stone with Booz Allen Hamilton on how technology is changing the battlefield and why cyber is becoming so important in the DoD space. Finally, both Australia and India look to shore up their defenses against cyber threats from China.

For slinks to all of today's stories check out our CyberWire daily news brief:

https://www.thecyberwire.com/newsletters/daily-briefing/9/126

Jun 30, 2020
Ransomware pays, in California. Kashmir utility recovers from cyberattack. Update on hacktivism vs. Ethiopia. Another misconfigured AWS account. Guilt and sentencing in high-profile cybercrime.
20:48

The University of California San Francisco pays Netwalker extortionists nearly a million and a half to recover its data. A Kashmir utility restores business systems after last week’s cyberattack. The website defacements in Ethiopia continue to look more like hacktivism than state-sponsored activity. Our own Rick Howard talks about wrapping up his first season of CSO Perspectives. Our guest is Sanjay Gupta from Mitek discussing how online marketplaces can balance security with biometrics. Data are exposed at an e-learning platform. Three prominent cyber-hoods go down in US Federal courts. And Lion says the beer is flowing, post ransomware.

For slinks to all of today's stories check out our CyberWire daily news brief:

https://www.thecyberwire.com/newsletters/daily-briefing/9/125

Jun 29, 2020
Get your foot in the door and prove your worth.
06:32

Vice President of Marketing, Kathleen Booth, shares her career path from political science and international development to marketing for a cybersecurity company. Early dreams of acting morphed into goals of making the world a better place. Chief marketer and podcaster Kathleen is doing just that. She shares how proving your worth can lead to success. Listen for Kathleen's advice on getting your foot in the door. Our thanks to Kathleen for sharing her story with us.

Jun 28, 2020
Enter the RAT
21:32

A new report examines how five related APT groups operating in the interest of the Chinese government have systematically targeted Linux servers, Windows systems and Android mobile devices while remaining undetected for nearly a decade.

The report comes on the heels of the U.S. Department of Justice announcing several high-profile indictments from over 1,000 open FBI investigations into economic espionage as part of the DOJ’s China Initiative.

Joining us in this week's Research Saturday to discuss the report is Eric Cornelius of Blackberry. 

The research can be found here: 

Decade of the RATs: Novel APT Attacks Targeting Linux, Windows and Android

Thanks to our sponsor, Reservoir Labs

Jun 27, 2020
Camille Stewart from Google and Lauren Zabierek from Harvard's Belfer Center on the Sharethemicincyber event.
24:24

This is an extended interview of our conversation with Camille Stewart and Lauren Zabierek originally aired in our daily podcast 06/26/2020. 

In response to anti-black racism and the deaths of countless black people, the country and the world are standing up against systemic racism in response. Many in the cybersecurity community have been searching for ways to amplify the voices of black and brown practitioners in the national security/foreign policy space. Inspired by the ShareTheMic campaign on Instagram, Camille Stewart  (@CamilleEsq on Twitter) and Lauren Zabierek (@LZXDC on Twitter)  have teamed up to launch the ShareTheMicInCyber Twitter campaign. On June 26, 2020, prominent members of the cybersecurity community will spend the day tweeting about a Black cybersecurity practitioner. 

More info on Sharethemicincyber 

Camille Stewart's essay 

Jun 26, 2020
Patch Exchange already, will ya? GoldenSpy lurks in tax software Chinese banks prefer their foreign clients to use. Magecart gets cleverer. Another unsecured AWS S3 bucket, and this one’s not funny.
25:29

Microsoft urges Exchange server patching. Sure it does your taxes, but it’s got another agenda, too: the GoldenSpy backdoor may be in your tax software if you do business in China. Magecart ups its game. DDoSecrets says they’re not going to roll over for Twitter’s “Nixonian” schtick. Camille Stewart from Google and Lauren Zabierek from Harvard’s Belfer Center on the #Sharethemicincyber event and why systemic racism is a threat to cybersecurity. Rick Howard wraps up cybersecurity canon week with guests Richard Clarke and Robert Knake, authors of The Fifth Domain. And there’s another unsecured Amazon S3 bucket, and this exposure could present a serious risk to some people who already have trouble enough.

For slinks to all of today's stories check out our CyberWire daily news brief:

https://www.thecyberwire.com/newsletters/daily-briefing/9/124

- More info on the #Sharethemicincyber event.

- Camille Stewart's essay on systemic racism in cyber.

Jun 26, 2020
Big big DDoS. Evolving malware families. (More) privacy by default. A superseding indictment in the US case against Julian Assange. The EU reviews two years of GDPR.
19:56

Akamai’s report on the record-setting DDoS attack it stopped this week. Glupteba GLOOP-tib-yeh and Lucifer malware strains described. Apple and Google move their defaults in the direction of greater privacy. The US designates Huawei and Hikvision as controlled by China’s military. A superseding indictment in Julian Assange’s case. The EU looks at GDPR and likes what it sees. REvil gets ready to sell stolen data. David Dufour from Webroot with tips on navigating new workplace realities. Our guest is David Sanger, author of The Perfect Weapon - War, Sabotage, and Fear in the Cyber Age. And the Navy recruiting campaign that wasn’t.

For slinks to all of today's stories check out our CyberWire daily news brief:

https://www.thecyberwire.com/newsletters/daily-briefing/9/123

Jun 25, 2020
BlueLeaks updates and fallout. Hidden Cobra hunt. Hacking leads to trade wars. What the crooks are watching, from their home and yours.
22:02

Twitter permanently suspends DDoSecrets for violating its policy with respect to hacked material. DDoSecrets explains its thinking with respect to BlueLeaks. A quick look at a Hidden Cobra hunt. Sino-Australian dispute over hacking may be moving into a trade war phase. Lessons on election management. What do cybercriminals watch when they binge-watch? Joe Carrigan explains the Ripple 20 vulnerabilities. Cybersecurity Canon week continues with Joseph Menn, author of Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World. And some notes on the most malware-infested movie and television fan communities.

For slinks to all of today's stories check out our CyberWire daily news brief:

https://www.thecyberwire.com/newsletters/daily-briefing/9/122

Jun 24, 2020
Hacking attends international conflicts and disputes in India, Australia, and Ethiopia. US designates four Chinese media outlets foreign missions. Sodinokibi evolves; Evil Corps rises from its virtual grave.
20:49

International conflicts and disputes are attended by hacking in South Asia, Australia, and Africa. The US designates four Chinese media outlets as foreign missions, that is, propaganda outfits. Sodinokibi ransomware sniffs at paycard and point-of-sale systems. Ben Yelin on TSA’s facial recognition program. Cybersecurity Canon Week continues with our guest is Bill Bonney, Co-Author of CISO Desk Reference Guide. And Evil Corp is back, apparently because you just can’t keep a bad man down.

For slinks to all of today's stories check out our CyberWire daily news brief:

https://www.thecyberwire.com/newsletters/daily-briefing/9/121

Jun 23, 2020
BlueLeaks hacktivists dump police files online. NSO Group back in the news. COVID-19 apps and databases versus privacy. Cyber conflict: China versus India and Australia. An alt-coin baron’s story.
20:46

BlueLeaks dumps stolen police files online. A report of spyware delivered via network injection. COVID-19 apps and databases are reported to have indifferent privacy safeguards, and there’s been one big recent leak. India and Australia both on alert for Chinese cyberattacks. Our own Rick Howard on intelligence operations. It’s cybersecurity Canon Week, our guest is Todd Fitzgerald, author of CISO Compass. And New Zealand piles on in the case of a Russian alt-coin baron.

For slinks to all of today's stories check out our CyberWire daily news brief:

https://www.thecyberwire.com/newsletters/daily-briefing/9/120

Jun 22, 2020
Superhero origin stories and lessons that last.
06:50

Johannes Ullrich relays his experiences from studying the hard sciences to his career shift to cybersecurity. Basic principles, superhero origin stories, physics labs and radiation all figure in. And there’s a lot in common with network security best practices. Have a listen to what Johannes has learned and what he hopes to impart on his students. 

Our thanks to Johannes for sharing his story with us. 

Jun 21, 2020
Click here to update your webhook.
16:28

Slack is a cloud-based messaging platform that is commonly used in workplace communications. Slack Incoming Webhooks allow you to post messages from your applications to Slack. Generally, Slack webhooks are considered a low risk integration. A deeper dive into webhooks shows that this is not entirely accurate. 

Joining us in this week's Research Saturday is Ashley Graves from AT&T Cybersecurity's Alien Labs to discuss her research. 

The research can be found here: 
Slack phishing attacks using webhooks

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Jun 20, 2020
Australia warns of a large-scale espionage campaign. China indicts two long-detained Canadians. And the Lazarus Group may be about to undertake a widespread COVID-19-themed fraud effort.
23:40

A look at the “state-based cyber actor” the Australian government is concerned about. Some signs of Chinese retaliation for Five Eyes’ skepticism of Huawei. Johannes Ullrich explains malware triggering multiple signatures in anti-malware products. Our guest is Geoff White, author of Crime Dot Com, on how he tracked down the creator of the Love Bug. And an alert about the possibility of some COVID-19-themed fraud from the Lazarus Group.

For slinks to all of today's stories check out our CyberWire daily news brief:

https://www.thecyberwire.com/newsletters/daily-briefing/9/119

Jun 19, 2020
Cyber support for a kinetic conflict. Cyberespionage. Spyware in Chrome extensions. Criminal phishing bypasses defenses. Proposed revisions to Section 230. Zoom and encryption.
20:51

Sino-Indian conflict extends to cyberspace. InvisiMole connected to Gamaredon. Spyware found in Chrome extensions. Phishing around technical defenses (and some criminal use of captchas). The US Justice Department releases its study of Section 230 of the Communications Decency Act. Zully Ramzan from RSA on privacy and security in a post-COVID world. Our guest is Michael Powell from NCTA on the importance of the UK cybersecurity sector. And Zoom decides to make end-to-end encryption generally available.

For slinks to all of today's stories check out our CyberWire daily news brief:

https://www.thecyberwire.com/newsletters/daily-briefing/9/118

Jun 18, 2020
Ripple20 flaws in the IoT supply chain. Operation In(ter)ception looks for intelligence, and cash, too. Sino-Indian tensions. A look at Secondary Infektion. How not to influence reviewers.
21:51

Ripple20 vulnerabilities are reported in the IoT software supply chain. North Korean operators go for intelligence, but also for cash, and they’re phishing in LinkedIn’s pond. Sino-Indian tensions find expression in cyberspace. A long look at the Russian influence operation, Secondary Infektion. Joe Carrigan from JHU ISI on why older adults share more misinformation online. Our guest Will LaSala from OneSpan tracks the increase in online banking fraud during COVID-19. And the strange case of the bloggers who angered eBay may have more indictments on the way.

For slinks to all of today's stories check out our CyberWire daily news brief:

https://www.thecyberwire.com/newsletters/daily-briefing/9/117

Jun 17, 2020
Cyberespionage and counterespionage. The DDoS that never was. A very strange case of cyberstalking. And leaky niche dating sites.
20:56

What does Beijing want to know about US Presidential campaigns? Position papers, mostly. A redacted version of the CIA’s inquiry into the WikiLeaks Vault 7 material is out. That DDoS attack you read about on Twitter? Never happened. Former eBay employees face Federal charges of conspiracy to commit cyberstalking and witness tampering. Ben Yelin explains a judge refusing to sign off on a potential Facebook facial recognition settlement. Our guest is Randy Vanderhoof from the Secure Technology Alliance on mobile drivers licenses. And where would you store “niche” dating app material? In a misconfigured AWS S3 bucket. Where else?

For slinks to all of today's stories check out our CyberWire daily news brief:

https://www.thecyberwire.com/newsletters/daily-briefing/9/116

Jun 16, 2020
ActionSpy Android spyware deployed against Uyghurs in Tibet. Anonymous claims an action against Atlanta PD. Security vendor or malware purveyor? Spelling counts.
19:43

A new Android spyware tool is deployed against China’s Uyghur minority. Anonymous claims it disrupted the Atlanta Police Department’s website yesterday to protest a police shooting. An apparently legitimate security firm has apparently been selling malware to criminals. Breachstortion joins sextortion as a criminal tactic. Craig Williams from Cisco Talos on Astaroth, an information-stealer that has been targeting Brazil, Our own Rick Howard on risk assessments. And why spelling always counts.

For slinks to all of today's stories check out our CyberWire daily news brief:

https://www.thecyberwire.com/newsletters/daily-briefing/9/115

Jun 15, 2020
The mark of making a difference.
06:26

Each week we step inside the diverse and fascinating worlds of cybersecurity professionals around the globe and hear their personal stories in their own words. This will be a regular feature in our daily feed, but it will also have it's own feed wherever all the fine podcasts can be found. 

This week, we hear from Tom Quinn as he takes us from his first experience with modern computers in the military to his current role as a CISO. It's important to understand how the technology works, but it's also important to understand how people work. And, to make a difference.

Our thanks to Tom for sharing his story with us. 

Jun 14, 2020
The value of the why and the who.
24:47

Proactive, efficient threat mitigation and risk management require understanding adversaries’ fundamental thought processes, not just their tools and methods. Cyber threat intelligence analysts combed through 15 years (2004 to 2019) of public sources that have documented the activities of one prolific threat actor, Russia’s military intelligence agency, the GRU. Analysis shows that the timing, targets, and impacts of this activity mirrored Russian strategic concerns about specific events and developments. 

Joining us in this week's Research Saturday are Brad Stone & Nate Beach-Westmoreland from Booz Allen Hamilton to discuss their report and some of the 33 case studies presented in it.

The research can be found here: 
Bearing Witness: Uncovering the Logic Behind Russian Military Cyber Operations

The CyberWire's Research Saturday is presented by GDIT.

Thanks to our sponsor, Reservoir Labs

Jun 13, 2020
Chinese, Russian, and Turkish domestic influence campaigns. Zoom’s China troubles. Honda, Enil recover from Ekans. Ransomware attacks against a city and an M&A consultancy.
26:18

Twitter’s transparency efforts see through accounts being run by Chinese, Russian, and Turkish actors. Zoom is working to both comply with Chinese law and contain the reputational damage involved in doing so. Industrial firms recover from Ekans infestations. Caleb Barlow from CynergisTek on how hospital CISOs are dealing with the COVID-19 situation. Our guest is Ronald Eddings from Palo Alto Networks and the Hacker Valley Studio Podcast on strategies for finding and managing security architects. And it’s not Posh Spice who’s got the attention of Maze; it’s just her M&A advisors.

For slinks to all of today's stories check out our CyberWire daily news brief:

https://www.thecyberwire.com/newsletters/daily-briefing/9/114

Jun 12, 2020
Gamaredon ups its crazy game. Doxing during unrest. Bogus contact-tracing apps spread spyware. Thanos in the ransomware market. Crypto Wars notes. Another 419 scam.
20:14

The Gamaredon Group is back, and what’s their secret? Like Crazy Eddie’s, it’s volume! Doxing during times of unrest. Phoney contact-tracing apps are snooping on personal information in at least ten countries. Thanos is a criminal favorite in the ransomware-as-a-service market. Another skirmish in the Crypto Wars is brewing up on Capitol Hill. David Dufour from Webroot on how organizations can successfully navigate their new workplace realities. Our guest is Chester Wisniewski from Sophos on fleeceware apps found in the Apple app store. And no, really, Elon Musk is not on YouTube offering you Bitcoin.

For slinks to all of today's stories check out our CyberWire daily news brief:

https://www.thecyberwire.com/newsletters/daily-briefing/9/113

Jun 11, 2020
A big Patch Tuesday. Honda ransomware update. Facebook helped the FBI with a zero-day. Cloud service outages. Breach settlements. BellTroX explains itself, sort of.
20:30

Notes on Patch Tuesday--it was a fairly big one this time. Honda continues its investigation of the incident it sustained over the weekend, and outsiders see it as a ransomware attack. Facebook is said to have developed a Tails zero-day to help the FBI with a notorious case. Crooks are turning to search engine optimization. IBM and Google cloud services recovered quickly from outages. You’re unlikely to get rich from a breach settlement. Joe Carrigan describes free online courseware aimed at Community College students. Our guest is Dennis Toomey from BAE on how financial institutions need to enact stronger cyber protocols as employees migrate to working from home. And BellTroX says, hey, it was just helping some private eyes.

For slinks to all of today's stories check out our CyberWire daily news brief:

https://www.thecyberwire.com/newsletters/daily-briefing/9/112

Jun 10, 2020
Tracking down hackers-for-hire. SNAKE ransomware bites Honda. Anti-DDoS for criminal markets. And a menu for cyber contraband.
21:54

Commercialized hacking-for-hire is traced to an Indian firm, but it’s probably not an isolated problem. Ransomware shuts down Honda production lines in three continents. Criminals develop and distribute an anti-DDoS tool to help keep the dark web souks responsive and available. Ben Yelin revisits Twitter’s flagging or removing the U.S. President’s tweets. Our guest is Jeremy Oddo from The Third Floor to discuss cybersecurity in Hollywood during COVID-19. And researchers compile a menu of cyber contraband.

For slinks to all of today's stories check out our CyberWire daily news brief:

https://www.thecyberwire.com/newsletters/daily-briefing/9/111

Jun 09, 2020
Regional rivals jostle in cyberspace. Election interference and vulnerable online voting. Phishing for a competitive advantage. Reducing dependence on foreign companies for infrastructure.
20:52

South and Southwest Asian regional rivalries play out in cyberspace. Election interference could move from disruptive influence operations to actual vote manipulation. Someone is spearphishing leaders in Germany’s PPE task force. Nations move to restrict dependence on foreign companies in their infrastructure. Justin Harvey from Accenture on the train of thought behind breach disclosure. Our own Rick Howard on DevSecOps. And Washington State recovers some, but not all, of the unemployment funds lost to fraud.

For slinks to all of today's stories check out our CyberWire daily news brief:

https://www.thecyberwire.com/newsletters/daily-briefing/9/110

Jun 08, 2020
Ask more people to dance.
05:49

Introducing the newest podcast in the CyberWire family - Career Notes. 

Each week we’re going to step inside the diverse and fascinating worlds of cybersecurity professionals around the globe and hear their personal stories in their own words. This will be a regular feature in our daily feed, but it will also have it's own feed wherever all the fine podcasts can be found. 

Our thanks to Tracy Maleeff for sharing her story with us. 

Jun 07, 2020
Due diligence cannot be done as a one-off.
17:46

Earlier this year, a Virgin Media database containing the personal details of 900,000 people was discovered to be unsecured and accessible online for 10 months. The breach was discovered by researchers at the security firm TurgenSec. This breach had major implications under GDPR. 

Joining us in this week's Research Saturday are George Punter and Peter Hansen from TurgenSec to talk about the discovery of the breach. 

The research can be found here: 
Virgin Media Disclosure Statement & Resources

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Jun 06, 2020
Hurricane Panda and Charming Kitten paw at, respectively, the campaigns of Mr. Biden and Mr. Trump. Lies’ bodyguard of truth. Information warfare in the Gulf.
23:34

It’s mostly cyberespionage today, with an admixture of influence operations. Google has warned both major US Presidential campaigns that Chinese and Iranian intelligence services are after their staffers’ email accounts, so far apparently without much success. Russia, China, and Iran devote some purposive media attention to US civil unrest. Johannes Ullrich from SANS on malicious PowerPoint add-ins. Our guest is Bil Harmer from SecureAuth on credential carelessness. And Qatar’s rivals in the Gulf continue their information campaign against Doha: this time it’s bogus news of a coup.

For slinks to all of today's stories check out our CyberWire daily news brief:

https://www.thecyberwire.com/newsletters/daily-briefing/9/109

Jun 05, 2020
Nuisance-level hacktivism. Ongoing cyberespionage and cybercriminal campaigns. EU unhappy with Russia’s hacking the Bundestag. CISA has a new cybersecurity resource.
20:37

Nuisance-level hacktivism continues to surround US protests. The Higaisa APT is active in Southeast Asia. Goblin Panda is back, with USB-borne malware. A new strain of ransomware is described: “Tycoon.” The EU considers whether to sanction Russia over the GRU’s hack of Germany’s Bundestag. CISA launches a new public resource for cybersecurity. Zulfikar Ramzan from RSA on cybersecurity and digital risk in the context of pandemics. Our guest is Grant Goodes from GuardSquare on security of mobile app voting. And a Texas man pleads guilty to conspiracy to commit money-laundering in the course of a BEC scam.

For slinks to all of today's stories check out our CyberWire daily news brief:

https://www.thecyberwire.com/newsletters/daily-briefing/9/108

Jun 04, 2020
Slacktivism and vandalism in a time of unrest. Ransomware operators continue to evolve. Email voting. Looking up how-to-guides to cybercrime during social isolation.
20:40

Protest groups sustain DDoS attacks, too. Old school denial-of-service afflicts police radio networks in Chicago: they’re being jammed with talk, music, and other noise. Influencers and wannabes continue to use unrest as an occasion for on-line branding. The Sodinokibi gang is selling data stolen in ransomware attacks, and Maze seems to be establishing a criminal cartel. Is email to voting what shadow IT is to the enterprise? Ben Yelin describes a federal case involving police screenshots of a suspects’ phone as evidence. Our guest is Steve Durbin from the Information Security Forum on the Threat Horizon 2022 report. And cybercrime for dummies.

For slinks to all of today's stories check out our CyberWire daily news brief:

https://www.thecyberwire.com/newsletters/daily-briefing/9/107

Jun 03, 2020
Current forms of hacktivism, misinformation, and disinformation. More recommendations from the Cyberspace Solarium. Fraud accompanies Test and Trace.
21:29

Unrest accompanied by misinformation, disinformation, and Anonymous theater. Booter hacktivism. Extremist inauthenticity. The Cyberspace Solarium Commission releases its white paper on the pandemic’s lessons for cybersecurity. Joe Carrigan unpacks Casio executing a DMCA takedown on a hardware hack. Our guest is Herb Stapleton from the FBI on the 20 year anniversary of the IC3. And the UK’s Test and Trace system is expected to be accompanied by a wave of fraud. Actually, that fraud has already begun.

For slinks to all of today's stories check out our CyberWire daily news brief:

https://www.thecyberwire.com/newsletters/daily-briefing/9/106

Jun 02, 2020
Cyberattacks and hacktivism around Minnesota’s unrest. Amtrak breach. Port scanning. Some lessons from the pandemic.
20:37

Hacking, and more claims of hacking, surround the unrest in Minnesota. Data breach at Amtrak Guest Rewards. More companies found port scanning. Four cybersecurity lessons from the pandemic. David Dufour from Webroot with an overview of online scams his team is tracking during COVID-19, Our own Rick Howard compares resiliency with business continuity. And a new 5G device is not only holographic, but quantum oscillatin’ too.

For links to all of today's stories check out our CyberWire daily news brief:

https://www.thecyberwire.com/newsletters/daily-briefing/9/105

Jun 01, 2020
Extending security tools to the at home workforce during the pandemic.
29:23
In this episode of CyberWire-X, Rick Howard, the CyberWire’s Chief Analyst, interviews security thought leaders on the strategy and tactics to extend the security controls we’ve typically used to protect our handful of remote employees in the past to today, during the pandemic, that requires us to deploy flexible but equivalent controls at scale to everybody in the organization. Joining us is Bob Turner, CISO of the University of Wisconsin at Madison. Later in the program, we will hear from Mounir Hahad, the head of Threat Labs, and Mike Spanbauer, a security evangelist, at Juniper Networks, the sponsor of the show.
 
Thanks to our sponsor, Juniper Networks
May 31, 2020
Twofold snooping venture.
18:03

Working with many different honeypot implementations, a security researcher did an experiment expanding on that setting up a simple docker image with SSH, running a guessable root password. The catch? What happened in the next 24 hours was unexpected.

Joining us in this week's Research Saturday to talk about his experiment is Larry Cashdollar of Akamai. 

The research can be found here: 

A Brief History of a Rootable Docker Image

Thanks to our sponsor, Reservoir Labs

May 30, 2020
Sandworm is out and about, so patch already. Steganography used in attacks on industrial targets. An Executive Order on Preventing Online Censorship. Breaches, ransomware, and lessons.
25:02

NSA warns that the GRU’s Sandworm outfit has been actively exploiting a known vulnerability in Exim. Someone is attacking industrial targets in Japan and Europe using steganography and other evasive tactics. NTT Communications is breached, and Michigan State University sustains a ransomware attack. Ben Yelin unpacks the President’s executive order aimed at social media companies. Our guest is Vik Arora of the Hospital for Special Surgery on protecting health care organizations during COVID-19.

For links to all of today's stories check out our CyberWire daily news brief:

https://www.thecyberwire.com/newsletters/daily-briefing/9/104

May 29, 2020
Hackers for hire. A bulk power distribution risk? An Executive Order on social media is under consideration. COVID-19 and cybersecurity.
21:46

Hackers-for-hire find criminal work during the pandemic. The US Department of Energy is said to have taken possession of a Chinese-manufactured transformer. US President Trump may be considering an Executive Order about the legal status of social media. Contact-tracing apps in France and the UK are scrutinized for privacy. Ben Yelin from with the latest iPhone cracking case between the FBI and Apple. Our guest is retired CIA master of disguise Jonna Mendez on her book The Moscow Rules. Canada’s Centre for Cyber Security assesses current risks, and Huawei’s CFO loses a round in a Vancouver court.

For links to all of today's stories check out our CyberWire daily news brief:

https://www.thecyberwire.com/newsletters/daily-briefing/9/103

May 28, 2020
Berserk Bear is back, and still loves that critical infrastructure honey. COVID-19 apps: good, bad, and bogus. Android issues discovered. A FIN7 arrest. Mr. Faraday’s underwear.
20:24

Berserk Bear is back, and snuffling around Germany’s infrastructure. Two new Android issues surface. India opens up the source code for its COVID-19 contact-tracing app as such technological adjuncts to public health continue to arouse privacy concerns. [F]Unicorn poses as Italy’s Immuni app. An alleged FIN7 gangster is arrested. Australia’s Data61 urges companies not to scrimp on R&D. Joe Carrigan on Android mobile malware getting new features. Our guest is Frederick “Flee” Lee from Gusto on CCPA. And does your underwear come with a Faraday cage? We thought it might.

For links to all of today's stories check out our CyberWire daily news brief:

https://www.thecyberwire.com/newsletters/daily-briefing/9/102

May 27, 2020
The evolution of malware, both criminal and state-run.
20:33

Turla tunes its tools. The commodity Trojan AnarchyGrabber is now stealing passwords. A new iOS jailbreak has been released. The UK reconsiders its decision to allow Huawei into its 5G networks. A tech group lobbies the US House against warrantless inspection of searches. Remote work’s regulatory risk. COVID-19 conspiracy theories. Hackers say they’re vigilantes. Our own Rick Howard on intrusion kill chains, his latest episode of CSO Perspectives. Our guest is Nico Fischbach from Forcepoint on deepfakes expanding outside of disinformation campaigns to the enterprise. And too many remote workers appear to have too much time on their hands.

For links to all of today's stories check out our CyberWire daily news brief:

https://www.thecyberwire.com/newsletters/daily-briefing/9/101

May 26, 2020
Naming and shaming is the worst thing we can do.
23:45

In December 2019, the GOLD VILLAGE threat group that operates the Maze ransomware created a public website to name and shame victims. The threat actors used the website to dump data they exfiltrated from victims' networks before they deployed the ransomware. Secureworks Counter Threat Unit (CTU) researchers have observed several ransomware operators following suit.

Joining us in this week's Research Saturday is Alex Tilley of SecureWorks' Counter Threat Unit. 

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

May 23, 2020
An election database leaks. Phishing from Firebase. Shiny Hunters sell Mathway user records. COVID-19-themed scams. On that return to the office thing...
25:49

Indonesia’s election database has leaked, and PII is for sale in the dark web. Phishing campaigns abuse Firebase. The Shiny Hunters are selling Mathway user records. US agencies warn of COVID-19-themed criminal campaigns. Contact tracing technology hits a rough patch. Johannes Ullrich from SANS on phishing PDFs with incremental updates. Our guest is author Peter Singer on his new book, Burn-In. And what are you going to do when you return to the workplace? If, that is, you’ve left the workplace at all, and if you’re in fact ever going to return?

For links to all of today's stories check out our CyberWire daily news brief:

https://www.thecyberwire.com/newsletters/daily-briefing/9/100

May 22, 2020
Cyberwar, cybercrime, and hacktivism: updates on all three. Contact tracing and its discontents. Cybersecurity economic trends during the pandemic.
21:05

Website defacements in Israel may be hacktivist work. Iranian cyberespionage against Saudi Arabia and Kuwait. The latest evolution of ZeuS. The Winnti Group is still hacking, and it still likes stealing in-game commodities. Contact tracing during the pandemic proves harder than many thought it would be. Economic trends for the security sector as it prepares to emerge from the general state of emergency. Caleb Barlow wonders if GDPR may have unintended consequences for stopping COVID-19 scammers. Gabriel Bassett from Verizon on the 2020 DBIR. And if you’re looking for qualified workers, follow the layoff news.

For links to all of today's stories check out our CyberWire daily news brief:

https://www.thecyberwire.com/newsletters/daily-briefing/9/98

May 21, 2020
Cyber espionage: many operations and many targets. Misinformation and online fraud during the pandemic. Beer and conviviality versus operational security.
20:52

Cyber spies steal prototype missile data. Others hack into South Asian telecoms, and still others go after easyJet passengers’ travel data. Cyberattacks, misinformation, and cyber fraud continue to follow the COVID-19 pandemic. Joe Carrigan weighs in on the Thunderspy vulnerability. Our guest is James Dawson with insights on DMARK threats and why it’s worse during COVID-19. And think twice before you post, no matter how good or bad you think the beer is.

For links to all of today's stories check out our CyberWire daily news brief:

https://www.thecyberwire.com/newsletters/daily-briefing/9/98

May 20, 2020
Cyber conflict in the Middle East. EasyJet breached. More errors than exploits. The Dark Web during the pandemic. 5G misinformation. REvil updates.
21:29

Foreign intelligence services attribute a recent cyberattack on an Iranian port to Israeli operators. EasyJet discloses a breach of passenger information. Verizon’s annual Data Breach Report is out, and it finds more errors than it does exploits. A look at the Dark Web during the pandemic. US authorities warn local law enforcement to watch for misinformation-driven telecom vandalism. Ben Yelin explains why the ACLU is suing Baltimore over a surveillance plane. Our guest is Robb Reck from Ping Identity on a recent CISO Advisory Council meeting regarding the sudden shift to working from home. And REvil is still offering celebrity dirt for sale...if they’ve actually got any.

For links to all of today's stories check out our CyberWire daily news brief:

https://www.thecyberwire.com/newsletters/daily-briefing/9/97

May 19, 2020
Supercomputers as cryptomining rigs. UK grid operator recovers from hack. EU Parliament data exposure. REvil ransomware gang promises dirty laundry. US-China conflict. Catphishing.
20:43

European supercomputers were hacked by cryptominers. UK electrical power distributor recovers from its cyberattack. A database containing personal data related to the EU Parliament is found exposed. REvil says it’s got the celebrity goods, but has yet to show its hand. The US and China move into a new round of trade and security conflict. Justin Harvey shares insights on how companies are adjusting to the new remote working environment and the impacts to their security posture. Our guest is Ehsan Foroughi from SecurityCompass on compliance issues. And catphishing with some pretty implausible impersonations of US Army generals.

For links to all of today's stories check out our CyberWire daily news brief:

https://thecyberwire.com/newsletters/daily-briefing/9/96

May 18, 2020
Gangnam Industrial Style APT campaign targets South Korea.
17:43

Section 52, CyberX’s threat intelligence team, has uncovered an ongoing industrial cyberespionage campaign targeting hundreds of manufacturing and other industrial firms primarily located in South Korea. CyberX has identified more than 200 compromised systems from this campaign, including one belonging to a multi-billion dollar Korean conglomerate that manufactures critical infrastructure equipment such as heavy equipment for power transmission and distribution facilities, renewable energy, chemical plants, welding, and construction.

Joining us in this week's Research Saturday is Phil Neray, one of the authors of this report. 

The research can be found here:

Gangnam Industrial Style: APT Campaign Targets Korean Industrial Companies

Thanks to our sponsor, Reservoir Labs

May 16, 2020
Malware versus air-gapped systems. Ransomware against utilities and hospitals. Lessons for cybersecurity from the pandemic response. Outlaw blues.
25:02

More malware designed for air-gapped systems. A British utility sustains a ransomware attack. The US Cyberspace Solarium Commission sees lessons in the pandemic for cybersecurity. Contact-tracing technologies take a step back,maybe a step or two forward. Rob Lee from Dragos comparing the state of ICS security around the world, our guest is Ian Pitt from LogMeIn on lessons learned working remotely during COVID-19. Criminals increase ransomware attacks on hospitals, and swap templates to impersonate government relief agencies.

For links to all of today's stories check out our CyberWire daily news brief:

https://thecyberwire.com/newsletters/daily-briefing/9/95

May 15, 2020
ARCHER incident. Contact tracing smishing. Malware vs. air gaps. A surcharge for deletion. Anti-creepware. 5G coronavirus delusions.
20:11

ARCHER goes offline after a security incident. Scammers smish victims with bogus contact-tracing messages. Ramsay malware goes after air-gapped systems. Ako ransomware now places a surcharge on deletion of stolen data. Google boots creepware apps with the help of the CreepRank algorithm. Johannes Ullrich explains that when it comes to malicious binaries bypassing anti-malware filters, size matters. Our guest is Pat Craven, Director of the Center for Cyber Safety and Education on the security social media apps. And kooky 5G conspiracists go after cell towers in the US.

For links to all of today's stories check out our CyberWire daily news brief:

https://thecyberwire.com/newsletters/daily-briefing/9/93

May 14, 2020
More data theft by ransomware. Patch Tuesday notes. Espionage and possible data corruption against COVID-19 researchers. Be a role model for your AI.
20:48

Ransomware continues to steal personal information. Notes on Patch Tuesday--and please, by all means patch. The FBI says it’s investigating cyberespionage directed against COVID-19 researchers (and US officials see direct data corruption in espionage). And the AI doesn’t really know what to make of us any more. Joe Carrigan from JHU ISI on Twitter’s response to 5G related Coronavirus conspiracy theories, our guest is Chris Cochran from Netflix on the importance of personal health and safety.

For links to all of today's stories check out our CyberWire daily news brief:

https://thecyberwire.com/newsletters/daily-briefing/9/93

May 13, 2020
Cyberwar looms in the Middle East? Hidden Cobra’s fangs described. Evasive Astaroth. Ransomware in Texas courts. COVID-19 espionage. Content moderation.
20:44

Unattributed cyberattacks in an Iranian port prompt speculation that a broader cyberwar in the Middle East may be in the offing. CISA releases malware analysis reports on North Korea’s Hidden Cobra. Astaroth malware grows more evasive (and it was already pretty good at hiding). Texas courts sustain a ransomware attack. COVID-19 espionage warnings are on the way. Twitter’s misinformation warning system. Ben Yelin describes a Fourth Amendment case on automated license plate reader (ALPR) databases. Our guest is Brian Dye from Corelight on dealing with encrypted traffic without compromising privacy. And taking down Plandemic’s trailer.

For links to all of today's stories check out our CyberWire daily news brief:

https://thecyberwire.com/newsletters/daily-briefing/9/92

May 12, 2020
Cyberattacks with kinetic consequences. Thunderspy and evil maids. Developing background to the US bulk power security executive order. Conspiracy theories and the culture of social media.
20:58

A cyberattack with kinetic effect. Shiny Hunters post more stolen wares online. Thunderspy and evil maids. Some developing background to the US bulk power state-of-emergency Executive Order. Contact tracing apps: reliability, privacy, security, familiarity, and rates of adoption all raise questions. The economic consequences of the pandemic emergency. Caleb Barlow from CynergisTek on Alan Brunacini’s concept of an Incident Action Plan, our guest is James Yeager from CrowdStrike on their Global Threat Report. And the reappearance of the yellow press in social media.

For links to all of today's stories check out our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/May/CyberWire_2020_05_11.html

May 11, 2020
Cybersecurity First Principles
17:48

This week's CSO Perspectives is the first in a series of shows about cybersecurity strategy. Rick Howard discusses the concept of first principles as an organizing principle and how the technique can be applied to cybersecurity to build a foundational wall of infosec practices that are so fundamental as to be self-evident; so elementary that no expert in the field can argue against them; so crucial to our understanding that without them, the infrastructure that holds our accepted best practice disintegrates like sand castles against the watery tide.

May 11, 2020
The U.S. campaign trail is actually quite secure.
19:17

Multiple media reports have indicated that the United States’ (U.S.) 2020 general election could be targeted by foreign and domestic actors after the successful cyber and misinformation attacks during the 2016 general election. The responsibility of secure and ethical online campaigning has become a central issue in the 2020 election. In some cases, it has become part of candidate platforms.

Joining us in this week's Research Saturday is Paul Gagliardi from Security Scorecard, discussing their recent report detailing the cybersecurity of the 2020 Presidential race. 

The research can be found here:

2020 Democratic Presidential Candidates Get Smart to Cybersecurity Report

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

May 09, 2020
PLA cyber espionage, and training WeChat censorship algorithms against the Chinese diaspora. Snake is back, and so is Charming Kitten. Election security. Recruiting money mules.
24:27

Naikon has returned from four years in the shadows to snoop around the shores of the South China Sea. Tencent trains censorship algorithms on WeChat. Snake ransomware is back, making its way through the healthcare sector. Seeing Charming Kitten's pawprints in World Health Organization networks. Voting security during (or even after) a pandemic. Malek Ben Salem from Accenture on their Technology Vision report, our guest is Thomas Rid from Johns Hopkins University on his book, Active Measures. And unemployed workers are offered gigs as money mules.

For links to all of today's stories check out our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/May/CyberWire_2020_05_08.html

May 08, 2020
Mining Monero. A RAT in a 2FA app. The decline of the Cereal botnet. Markets during the pandemic. Ransomware in Taiwan. Twitter appeals to reason.
19:47

A new Monero miner is out and about. Hidden Cobra is pushing a RAT through a Trojanized two-factor authentication app. The rise and fall of a botnet. Markets, criminal and legitimate, react to the pandemic. Ransomware hits Taiwan. Remcos is resurgent. Michael Sechrist from BAH on where things are headed with ransomware, our guest is Rachael Stockton from LastPass on their Psychology of Passwords report. And, despite what you saw on Twitter when you were “doing your own research,” 5G does not cause COVID-19, and telecom repair crews are not agents of the Illuminati.

For links to all of today's stories check out our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/May/CyberWire_2020_05_07.html

May 07, 2020
Taking down coordinated inauthenticity. Contact tracing and other COVID-19 notes. BlackInfinity taken down.
20:32

Facebook reports on the coordinated inauthenticity it took down in April. Investigations into COVID-19’s origins continue, as does medical espionage. Contact tracing’s challenges. Joe Carrigan from JHU ISI on recent flaws in antivirus products, our guests are Laura Deimling and Courtney Wandeloski from Down To Staff on interviewing tips for employees and hiring managers. And European police take down the BlackInfinity credential traffickers.

For links to all of today's stories check out our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/May/CyberWire_2020_05_06.html

May 06, 2020
Bear hunt in the Bundestag. Kaiji botnet described. Cryptojacking. Joint US-UK warning against attacks on COVID-19 response. Contact tracing. Puppy scams.
20:59

A pretty Fancy Bear hunt in Germany. A new IoT botnet surfaces. Cryptojackers exploit a Salt bug. Bribing an insider as a way to get personal data. The UK’s NCSC and the US CISA issue a joint warning about campaigns directed against institutions working on a response to COVID-19. Britain’s contact tracing app starts its trial on the Isle of Wight. Ben Yelin from UMD CHHS on AI inventions and their pending patents, our guest is Matt Glenn from Illumio on why companies should break up with their firewalls. And don’t get puppy scammed--you’re looking for wags in all the wrong places.

For links to all of today's stories check out our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/May/CyberWire_2020_05_05.html

May 05, 2020
A state of emergency over bulk power in the States. Beijing’s disinformation about COVID-19, and its motivation for a coverup. Hacking biomedical research. Curious Xiaomi phones.
20:46

A US Executive Order on Securing the United States Bulk-Power System declares a state of emergency in electricity generation and distribution. China’s disinformation about COVID-19 may have begun in the earliest stages of the pandemic. Someone’s hacking for information on British biomedical research. Xiaomi seems very interested in users of its phones. Andrea Little Limbago on global privacy trends, our guest is Mathew Newfield from Unisys with insights on cybersecurity breaches. And the Love Bug’s creator is found.

For links to all of today's stories check out our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/May/CyberWire_2020_05_04.html

May 04, 2020
Fingerprint authentication is not completely secure.
17:59

Passwords are the traditional authentication methods for computers and networks. But passwords can be stolen. Biometric authentication seems the perfect solution for that problem.

Our guest today is Craig Williams, director of Talos outreach at Cisco. He'll be discussing and providing insights into their report which shows that fingerprints are good enough to protect the average person's privacy if they lose their phone. However, a person that is likely to be targeted by a well-funded and motivated actor should not use fingerprint authentication.

The research can be found here:

Fingerprint cloning: Myth or reality?

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

May 02, 2020
China hacks at Vietnam over a territorial dispute. Kim’s still in charge, but could Hidden Cobra get loose if his grip slackens? COVID-19 and cybersecurity.
24:37

Tensions between China and its neighbors. ICS incursions are troubling. The US intelligence community comments on COVID 19 disinformation. The FBI tracks increased cybercrime activity during the pandemic. Johannes Ullrich explains Excel 4 Macro vulnerabilities. Our guest is Tina C. Williams-Koroma, from TCecure on the importance of strong, effective leadership in cybersecurity. And smile for the web-cam. Your boss may be watching.

For links to all of today's stories check out our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/May/CyberWire_2020_05_01.html

May 01, 2020
The persistence of ransomware. Exposure notifications and contact tracing. Doxing and conspiracy theories. More notes on the underworld.
20:58

Ransomware not only encrypts and steals data, but establishes persistence as well. Apple and Google roll out their exposure notification API. GCHQ will help secure Britain’s centralized contact tracing system. A conspiracy-minded motive for doxing. Criminal markets and criminal enterprises continue to mimic legitimate ones. And a new wrinkle in mobile ransomware. Rob Lee from Dragos with insights on a recent ransomware incident shutting down a gas pipeline, guest is Drex DeFord from Drexio on Cybersecurity in Healthcare amid COVID-19.

For links to all of today's stories check out our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/April/CyberWire_2020_04_30.html

Apr 30, 2020
Content farmers and disinformation tactics. PhantomLance: quiet, selective, and apparently effective. Lawful intercept and contact-tracing apps. A look at the black market.
21:05

Researchers see a coming shift in tactics used by Chinese “content farmers.” Amplifying disinformation through influencers and other agents of influence. PhantomLance is a quiet and selective Vietnamese cyber espionage campaign. Lawful intercept and contact tracing apps. And the black market for malware is surprisingly open, cheap, and attentive to its customers. Joe Carrigan from JHU ISI on cheating in online games, guest is Tonya Ugoretz from the FBI on engagement with public and private sector during COVID-19.

For links to all of today's stories check out our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/April/CyberWire_2020_04_29.html

Apr 29, 2020
Shade shuts down. CLOP hits pharma. Medical research firm breached. The pain caused by disinformation. Mr. Kim goes downy ocean?
20:56

Shade ransomware operators close down, or so they say. A US pharmaceutical company is the victim of CLOP ransomware, and a Chinese medical research firm is breached by cyber criminals. Centralized versus decentralized approaches to contact tracing. A GDPR assistance site proves leaky. Disinformation breeds misinformation which breeds folly that brings misery. And Mr. Kim seems to be chillin’ downy ocean. Ben Yelin from UMD CHHS on responses to the EARN IT Act, guest is Katie Arrington, CISO for Assistant Secretary for Defense Acquisition on the Cybersecurity Maturity Model (CMMC) certification.

For links to all of today's stories check out our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/April/CyberWire_2020_04_28.html

Apr 28, 2020
Where’s Kim Jong-un? Disinformation campaigns against European targets. Cyberattack against wastewater treatment plants. Hupigon RAT is back.
20:42

Reports to the contrary, as far as anyone really knows, North Korea’s Kim is still large and in charge. Poland reports Russian disinformation effort. The EU issues a controversial report on COVID-19 disinformation amid accusations that Europe is knuckling under to Chinese pressure. A cyberattack on wastewater treatment systems in Israel is reported. And the old Hupigon RAT is back, and looking for love. Caleb Barlow from CynergisTek on his responsibilities during an incident from the SOC operator to the CEO, guest is Dave Weinstein from Claroty on threats and existing security violations facing the U.S. critical infrastructure.

For links to all of today's stories check out our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/April/CyberWire_2020_04_27.html

Apr 27, 2020
Contact tracing as COVID-19 aid.
31:46

Successful containment of the Coronavirus pandemic rests on the ability to quickly and reliably identify those who have been in close proximity to a contagious individual.

Mayank Varia from Boston University describes how his team suggests an approach based on using short-range communication
mechanisms, like Bluetooth, that are available in all modern cell phones.

The research can be found here:

Anonymous Collocation Discovery:
Harnessing Privacy to Tame the Coronavirus

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Apr 25, 2020
iOS zero-days, reconsidered. Hacking during a pandemic. An old campaign connected with the ShadowBrokers comes to light. Advice on web shells. Astroturfing and influence.
25:21

An update on those iOS zero-days: they may not be as serious as assumed. Calls to take biomedical facilities off the hacking target list. Nazar and the ShadowBrokers. NSA and ASD issue joint advice on web shell malware. A report on astroturfing and influence operations. Joker’s Stash lays out more stolen cards. And Nintendo reports a problem with a legacy system. Michael Sechrist from BAH on the increase in IT/OT convergence, guest is Terence Jackson from Thycotic on HIPAA, telemedicine and the new normal of data regulation.

For links to all of today's stories check out our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/April/CyberWire_2020_04_24.html

Apr 24, 2020
APT32 activity reported. Florentine Banker’s patient BEC. iOS zero-days exploited in the wild. Sinkholing a cryptomining botnet. Intelligence services and gangs follow the news.
20:43

Someone, probably Vietnam, is trying to develop intelligence on China’s experience with the coronavirus. Florentine Banker is an example of well-organized crime. iOS zero-days have been exploited in the wild; a fix is promised. A cryptomining botnet is sinkholed. And intelligence services and criminals are tuning their phishbait to current events, as they always do. Malek Ben Salem from Accenture on encrypted DNS, guest is Russ Mohr with MobileIron on why the applications that excite us about 5G are the same applications that warrant the most concern.

For links to all of today's stories check out our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/April/CyberWire_2020_04_23.html

Apr 23, 2020
COVID-19 relief. Data exposure at the SBA. Ransomware gangland. The CTL-League’s volunteer defenders. Active measures, disinformation, and cyber deterrence.
21:00

The US Senate authorizes more COVID-19 small business relief. A data exposure at the US Small Business Administration. The CTL-League looks like a model for cyber volunteer organizations. The US Senate reports its evaluation of the Intelligence Community’s look at Russian active measures in 2016. Calls for deterrence amid a converged campaign of disinformation. Joe Carrigan from JHU ISI on Microsoft zero-days, guest is Chris Chiles from OST on what companies need to consider before implementing 5G.

For links to all of today's stories check out our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/April/CyberWire_2020_04_22.html

Apr 22, 2020
DPRK leadership crisis? Probably not. Economic espionage in the oil patch. COVID-19 relief fraud. US Supreme Court will take up CFAA. Virtual proctoring.
20:57

Fears about North Korean instability can wait until it’s determined that there’s actually instability. An economic espionage campaign targeted the oil and gas sector. Much phishing surrounds government COVID-19 economic relief programs around the world. The US Supreme Court will hear a case involving the Computer Fraud and Abuse Act. And if you’re studying from home, don’t cheat. And teacher, maybe don’t spy. Ben Yelin from UMD CHHS on training facial recognition software to recognize medical masks, guest is Gonda Lamberink from UL on making product security transparent and accessible to consumers.

For links to all of today's stories check out our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/April/CyberWire_2020_04_21.html

Apr 21, 2020
Update on threats to Czech infrastructure. Relief funds looted. PoetRAT vs. ICS. CISA updates essential workforce guidelines. Data breaches. Zoom-bombing.
20:40

A wave of attacks against hospitals and infrastructure in the Czech Republic seems to have been largely unsuccessful, but more may be on their way. German relief funds earmarked for small business are looted by cybercrooks. PoetRAT is active against ICS targets in Azerbaijan. CISA updates its Guidance on the Essential Critical Infrastructure Workforce. Breaches at Cognizant, Aptoide, and Webkinz World. And more Zoom-bombing. David Dufour from Webroot on AI and machine learning, guest is Kelly White of Mastercard’s RiskRecon on how one of their healthcare customers is tracking COVID-19 infections.

For links to all of today's stories check out our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/April/CyberWire_2020_04_20.html

Apr 20, 2020
Four cybersecurity novels to distract you from the current zombie apocalypse.
22:48

Rick Howard, the CyberWire’s Chief Analyst, CSO, and Senior Fellow discusses his favorite cyber novels to distract us from our current emergency situation: "Threat Vector” by Tom Clancy and Mark Greaney, “Neuromancer,” by William Gibson, “Breakpoint,” by Richard A. Clarke, and his favorite hacker novel of all time, “Cryptonomicon,” by Neal Stephenson.

Learn more about CSO Perspectives. 

Apr 20, 2020
Complementary colors: teaming tactics in cybersecurity.
27:28

We often hear cybersecurity professionals talking about red teams, blue teams, and purple teams. In this episode of CyberWire-X, we investigate what those terms mean, how security teaming approaches have changed over time, and the value of teaming for organizations large and small. Join us for a lively conversation with our experts Austin Scott from Dragos, and Caleb Barlow, from Cynergistek in part one. In part 2, we’ll also hear from Dan DeCloss from Plextrac, the sponsor of today’s episode. 

Apr 19, 2020
How low can they go? A spike in Coronavirus phishing.
14:27

As much of the world grapples with the new coronavirus, COVID-19, and how to handle it, attackers are taking advantage of the widespread discussion of COVID-19 in emails and across the web.

Joining us today is Fleming Shi, CTO of Barracuda discussing their report on these types of attacks, which are up 667-percent since the end of February.

The research can be found here:

Threat Spotlight: Coronavirus-Related Phishing

To learn more about our Academic and Military discounts, visit The CyberWire and click on the Contact Us button in the Academic or Government & Military box. 

Apr 18, 2020
Warnings on healthcare attacks and espionage campaigns. Post-patching issues in VPNs. COVID-19 phishing. Contact tracing, for lungs and minds. Telework notes.
25:18

Czech intelligence warns of an impending cyber campaign against hospitals. The US Defense Department alerts contractors that Electric Panda is back, and after their data. Pulse Secure VPN’s post- patching issues. Google blocks COVID-19 phishing emails. Apple and Google work on tracing physical contact, but Facebook is tracing contact with misinformation. Zoom offers some fixes, gets banned in India, and receives a mashnote from Larry Ellison. And notes on HIPAA and CMMC. Johannes Ullrich from SANS on exposed RDP servers while we work from home, guest is Tia Hopkins from eSentire on STEM/cybersecurity education.

For links to all of today's stories check out our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/April/CyberWire_2020_04_17.html

Apr 17, 2020
US warns of DPRK cyber activity. Replacing Huawei. COVID-19-themed cybercrime and state-directed activity. Telework notes.
21:04

The US Government issues a major advisory warning of North Korean offensives in cyberspace, most of them financially motivated. Ericsson will provide BT the equipment to replace Huawei gear in its networks. Notes on COVID-19-themed cybercrime. Some temporary telework may become permanent. Disinformation from Tehran; domestic phishbait from Damascus. And to Zoom or not to Zoom? Rob Lee from Dragos with a summary of his RSA keynote, guest is Gregg Smith from Attila on cybersecurity concerns for employees working from home during the COVID-19 pandemic.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/April/CyberWire_2020_04_16.html

Apr 16, 2020
Energetic Bear lands at SFO. Windpower utility hit with RagnarLocker ransomware. COVID-19-themed threats. Telework advice. Zooming.
20:53

Energetic Bear’s pawprints seen at SFO. A leading windpower company is hit with ransomware. Advice for more secure telework. Why healthcare is an attractive target for cyberattack during a pandemic. ICANN pleads for action against scam domains. And the fortunes of Zoom. Joe Carrigan from JHU ISI on undocumented backdoors in Android apps, guest is Emily Mossburg from Deloitte on the geographical and cultural elements of privacy.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/April/CyberWire_2020_04_15.html

Apr 15, 2020
The online stresses of the COVID-19 pandemic. APT41’s backdoor campaign. Contact-tracking and privacy. Virtual court is now in online session. Zoom’s fortunes. And tax-season online fraud.
19:46

Demand for online services during the pandemic stresses government providers. APT41’s backdoor campaign aimed at information theft. Contact-tracking apps and privacy. Some courts move to hear cases online. Zoom’s continuing mixed success. And did you file your tax return? The crooks might have done so for you. Ben Yelin from UMD CHHS on Microsoft’s reaction to Washington State’s new facial recognition law, guest is Francis Dinha from OpenVPN on remote working during the COVID-19 pandemic.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/April/CyberWire_2020_04_14.html

Apr 14, 2020
Ill-received pranks. SFO breach. Silicon Valley cooperates on contact tracking. COVID-19 disinformation and scams. Notes on ransomware and booter services.
21:58

Vandals prank victims with security researchers’ names. San Francisco International discloses compromised networks. Google and Apple cooperate on contact tracking tech. Chinese disinformation campaigns rely on ad purchases and social media amplification. Phishing attempts and other scams. Notes on ransomware. And police in the Netherlands take down some DDoS-for-hire services. Andrea Little Limbago on government created internet blackouts, guest is Herb Stapleton from the FBI on COVID-19 scams.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/April/CyberWire_2020_04_13.html

Apr 13, 2020
Alexa, are you actually self-aware? (And, does it matter?)
15:50
Enjoy the second of three free episodes of our new CSO Perspectives podcast. 
 
Rick Howard, the CyberWire’s Chief Analyst, discusses the Artificial Intelligence hype. Listen as Rick talks about the emergence of machine learning as a key tool to the detection of cyber adversaries (and the need for big data to pursue that strategy). He also discusses the transition of SIEMS from on-prem devices to cloud-delivered services in order to facilitate the implied big data collection requirement. And, you'll hear about the emergence of XDR that may well fulfill the promise on-prem SIEMs could never deliver: real-time anomaly detection.
 
Apr 13, 2020
Profiling an audacious Nigerian cybercriminal.
20:14

By day, he is Dton, an upstanding Nigerian citizen. He believes in professionalism, hard work and excellence. He’s a leader, a content creator, an entrepreneur and an innovator; an accomplished business administrator; a renaissance man who is adored by his colleagues. But by night, he is Bill Henry, Cybercriminal Entrepreneur. We sat down with a researcher at CheckPoint for the inside scoop into this fascinating, brazen individual. 

The research can be found here:

The Inside Scoop on a Six-Figure Nigerian Fraud Campaign

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Apr 11, 2020
That odd and bogus 5G meme. Malvertising. Data breach hits Pakistani mobile users. xHelper update. Data privacy and data utility. COVID-19 and cybersecurity.
26:09

The curious history of the delusion that COVID-19 has something to do with 5G. Malvertising spoofs a security company’s website. Data breach hits Pakistani mobile users. xHelper is still in circulation. Data privacy versus data utility. COVID-19-driven patterns of cybercrime. And more on Zoom and the challenges of working remotely. Mike Benjamin from CenturyLink on ddosing, botnets and IoT news, guest is Nathalie Marcotte from Schneider Electric on the role cybersecurity plays in convergence of IT/OT.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/April/CyberWire_2020_04_10.html

Apr 10, 2020
Operation Pinball. Implausibly spoofed, not really official, COVID-19 emails. CISA updates US Federal telework guidance. ICO defers some big GDPR fines. Zoom agonistes. Fleeceware in Apple’s store.
21:03

Operation Pinball roils up Eastern Europe and the Near Abroad. Crooks who can’t write idiomatic American English are spoofing emails from the White House in a COVID-19-themed phishing campaign. CISA updates telework guidelines for Federal agencies. Some GDPR fines are deferred until after the pandemic. Zoom continues to reel from its success. And fleeceware is found in the iTunes store. Caleb Barlow from CynergisTek on OODA loops, guest is Or Katz from Akamai on how current industry (and employee) phishing defenses are being bypassed by attackers.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/April/CyberWire_2020_04_09.html

Apr 09, 2020
Joint UK-US warning on COVID-19-themed cyber threats. Disinformation in the subcontinent. Public and private apps with privacy issues. A new IoT botnet. APT notes. Frontiers in biometrics.
20:49

NCSC and CISA issue a joint warning on cyber threats during the COVID-19 pandemic. India’s government seeks to limit disinformation in social media. Zoom works on privacy issues, and government contact-tracking apps face their own problems. A new DDoS botnet, “dark_nexus,” is out. BGP hijack questions persist. Is a front company facilitating Chinese government RATs? Spies and spyware. And a biometric advance leads from the rear. Joe Carrigan from JHU ISI on how COVID-19 is reinforcing TLS 1.0, guest is Pedram Amini from InQuest on winning the Cyber Tank contest.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/April/CyberWire_2020_04_08.html

Apr 08, 2020
Trends in COVID-19-themed cybercrime. Social media seek to inhibit the misinformation pandemic. Corp[dot] off the market. BEC in cloud services. Investment notes. Big big fraud.
21:02

Criminals increase their targeting of hospitals and pharmaceutical companies. Ordinary scams proliferate worldwide, using COVID-19 as their bait. Social media seek to inhibit the flow of coronavirus misinformation. The commodification of zero-day exploits. Corp[dot]com is no longer available. FBI warns of business email compromise via cloud services. A quick look at investment, and, finally, something other than the Brooklyn Bridge is for sale. Ben Yelin from UMD CHHS on a class action lawsuit against Zoom, guest is Matt Davey from 1Password on shadow IT trends, security risks, and best practices for oversight.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/April/CyberWire_2020_04_07.html

Apr 07, 2020
COVID-19 updates: crime, propaganda, and craziness. (Also telework.) BGP hijacking. DarkHotel sighting. Apps behaving badly. And a risk of sim-swapping.
20:34

The COVID-19 pandemic continues to drive a spike in cybercrime. It’s also been the occasion for various state-operated disinformation campaigns, and for some surprisingly widespread popular delusions. Zoom’s acknowledgement that some traffic was mistakenly routed through China draws more scrutiny to the teleconferencing service. A possible BGP hijack is reported. DarkHotel is said to be back. Bad stuff in Google Play. And a sim-swapping risk. Malek Ben Salem from Accenture on CISO health concerns, guest is Dr. Celeste Paul from NSA on cognitive capacity and burnout.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/April/CyberWire_2020_04_06.html

Apr 06, 2020
Your Security Stack is Moving: SASE is Coming.
13:06

Introducing: CSO Perspectives with Rick Howard.

We are just now witnessing the beginnings of a new and disruptive way that the our organization’s CxOs will deploy software defined networking (SD-WAN) and consume cybersecurity services. It is called SASE or Secure Access Service Edge (Cloud Delivered). Rick Howard, The CyberWire’s CSO, Chief Analyst and Senior Fellow will discuss how the community got here and just why it will revolutionize digital transformation in the near future.

Each week, Rick will share his expertise to CyberWire Pro+ members through his new CSO Perspectives podcast. For the first 3 weeks, the entire CyberWire podcast audience will be able to listen to full episodes as they are published into the CyberWire Daily Podcast feed each Monday starting April 5, 2020.

Apr 06, 2020
A rough year ahead for ransomware attacks - and how to stop them.
12:04

2020 is shaping up to be a rough year. Ransomware attacks will continue to grow as cybercriminals get more sophisticated in their methods and expand their reach. Allan Liska, Senior Analyst at Recorded Future, shares their findings and predictions in a new report. 

The research can be found here:

5 Ransomware Trends to Watch in 2020

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Apr 04, 2020
Cybersecurity notes during the pandemic emergency. Twitter bots. Ransomware attack on a biotech firm. WHO updates. And how are the cyber gangs doing these days?
26:28

Geolocation in support of social distancing. Fixing vulnerabilities in a popular teleconferencing service. Twitter bots running an influence campaign against the Turkish government are taken down. A biotech firm reports a ransomware attack. More on attempts to compromise the World Health Organization. And a look at how cyber criminals are faring during the emergency. Michael Sechrist from BAH on cybercrime changes in the age of Coronavirus, guest is Admiral James Stavridis (Ret.) from Preveil on global cyber security threats and realities.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/April/CyberWire_2020_04_03.html

Apr 03, 2020
WHO email accounts prospected. Mandrake versus Android users. Vollgar versus MS-SQL servers. Ransomware and hospitals. Notes on the effects of COVID-19, and a disinformation campaign.
20:30

Attempts on World Health Organization email accounts possibly linked to Iran. Mandrake Android malware is active against carefully selected targets. Vollgar attacks Windows systems running MS-SQL Server. Hospitals remain attractive targets for ransomware gangs. Italy’s social security operations shut down by hacking. Coronavirus disinformation. The pandemic’s effects on business. And a look at the fortunes of Zoom. Andrea Little Limbago from Virtru on the global battle for information control, guest is Perry Carpenter from KnowBe4 on security awareness.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/April/CyberWire_2020_04_02.html

Apr 02, 2020
More data breaches. DPRK spearphishing. DoJ IG sees problems in FISA warrant processes. Houseparty updates. Huawei sanctions. And notes about the pandemic.
20:20

Marriott discloses a major data breach. Another insecurely configured Elasticsearch database is found, this one belonging to a secure cloud backup provider. More spearphishing from Pyongyang. The US Justice Department IG sees systemic problems in the FISA warrant process. Updates on the Houseparty affair. Huawei suggests that Beijing will retaliate against more sanctions from Washington. And more COVID-19 notes concerning the cyber sector. Joe Carrigan from JHU ISI on Safari blocking third-party cookies, guest is Monzy Merza of Splunk on becoming an InfoSec leader.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/April/CyberWire_2020_04_01.html

Apr 01, 2020
Supply chain attack warning. CFAA clarified. COVID-19 and its economic squalls.
20:55

FBI warns of another supply chain attack, this one distributing the Kwampirs RAT. More exposed databases found. The US Computer Fraud and Abuse Act gets some clarification from a Federal Court. Security and networking companies are weathering the COVID-19 economic storm, but not without squalls, some legal, some cyber, and others just reputational. Ben Yelin from UMD CHHS on ending targeted advertising, guest is Brendan O’Connor from AppOmni on the state of cloud security.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/March/CyberWire_2020_03_31.html

Support our show

Mar 31, 2020
Updates on the cyber ramifications of the coronavirus pandemic. Saudi surveillance program. Ransomware developments. Lost USB attacks are in progress.
21:27

Updates on the coronavirus and its effect on the cyber sector. Criminals spoof infection warnings from hospitals. The country of Georgia’s voter data has been exposed online. The Kingdom of Saudi Arabia seems to have conducted extensive surveillance of its subjects as they travel in the US. The Zeus Sphinx Trojan is back. Dharma ransomware’s source code is for sale in the black market. And beware teddy bears bearing USB drives. David Dufour from Webroot on differences between privacy and security, guest is Daniel dos Santos from Forescout on Ransomware, IoT, and the impact on critical infrastructure.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/March/CyberWire_2020_03_30.html

Support our show

Mar 30, 2020
Hidden dangers inside Windows and LINUX computers.
20:28

Eclypsium has issued a study that suggests the prevalence of “unsigned firmware in WiFi adapters, USB hubs, trackpads, and cameras used in computers from Lenovo, Dell, HP and other major manufacturers.” Here to discuss their findings is Rick Altherr, a Principle Engineer at Eclypsium.

The research can be found here:

Perilous Peripherals: The Hidden Dangers Inside Windows and LINUX Computers. 

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Mar 28, 2020
Some notes on cyber gangland. South Koren APT using zero days against North Koreans? USB attacks. Telework challenges. CMMC remains on schedule.
25:19

Ransomware gangs don’t seem to be trimming their activities for the greater good. TA505 and Silence identified as the groups behind recent attacks on European companies. An APT possibly connected to South Korea is linked to attacks on North Korean professionals. A criminal campaign of USB attacks is reported. Problems with VPNs and teleconferencing. The Pentagon’s CMMC will move forward on schedule. Rob Lee from Dragos on ICS resiliency in the face of Coronavirus, guest is James Dawson from Danske Bank on the unique challenges of IT Risk & Controls in global banking.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/March/CyberWire_2020_03_27.html

Support our show

Mar 27, 2020
Advice on secure telework. Magecart infestations. DNS hijacking with a COVID-19 twist and an info-stealer hook. Patch notes. The US 5G security strategy.
19:11

NIST offers advice on telework, as does Microsoft. Things to do for your professional growth while you’re in your bunker. Magecart hits Tupperware, and they won’t be the last as e-commerce targeting spikes. DNS hijacking contributes to an info-stealing campaign. Apple and Adobe both patch. The US publishes its 5G security strategy. And some thoughts on the value of work, as brought into relief by a pandemic. Thomas Etheridge from Crowdstrike on their 2020 Cyber Front Lines Report, guest is Michelle Koblas from AppDynamics on third-party risk management.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/March/CyberWire_2020_03_26.html

Support our show

Mar 26, 2020
APT41 is back from its Lunar New Year break. Commodity attack tools for states and gangs. Russia takes down a domestic carding crew. Restricting misinformation.
20:01

APT41 is back, and throwing its weight around in about twenty verticals. States and gangs swap commodity malware. The FSB--yes, that FSB--takes down a major Russian carding gang. Coronavirus-themed attacks are likely to outlast the pandemic. Facebook Messenger considers limiting mass message forwarding as a way of slowing the spread of COVID-19 misinformation. Joe Carrigan from JHU ISI on stimulus check scams, guest is Rachael Stockton from LogMeIn (LastPass) on the future of business network access security.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/March/CyberWire_2020_03_25.html

Support our show

Mar 25, 2020
Active ICS threats. TrickBot and TrickMo. RCE vulnerability in Windows. Google ejects click-fraud malware infested apps from Play. Attackers hit WHO, hospitals, and biomedical research.
20:38

WildPressure APT targets industrial systems in the Middle East. ICS attack tools show increasing commodification. TrickMo works against secure banking. Microsoft warns of RCE vulnerability in the way Windows renders fonts. Click fraud malware found in childrens’ apps sold in Google Play. DarkHotel attacks the World Health Organization. Ransomware hits Parisian hospitals and a British biomedical research firm. More COVID-19 phishbait. Ben Yelin from UMD CHHS on Coronavirus detecting cameras, guest is Allan Liska from Recorded Future on security in the time of Coronavirus.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/March/CyberWire_2020_03_24.html

Support our show

Mar 24, 2020
Coronavirus fraud booms; prosecutors are taking note. Stolen data on the dark net. Software updates affected by pandemic. A new Mirai variant is out. A DDoS that wasn’t.
20:47

US prosecutors begin to follow through on their announced determination to pay close attention to coronavirus fraud. Data stolen from Chinese social network Weibo is now for sale on the black market--at a discount. The pandemic affects scheduled software updates and sunsets at Google and Microsoft. A new Mirai variant is out in the wild. And a DDoS attack in Australia turns out to be just a lot of Australians in need of government services. Mike Benjamin from CenturyLink on threat actors using 3rd party file hosting, guest is Andrew Peterson from Signal Sciences on top application security attacks.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/March/CyberWire_2020_03_23.html

Support our show

Mar 23, 2020
The security implications of cloud infrastructure in IoT.
27:16

Cloud computing is now at the center of nearly every business strategy. But, as with the rapid adoption of any new technology, growing pains persist. The key findings in these reports shed light on security missteps that are actually in practice by organizations across the globe.

Joining us in this special Research Saturday are Palo Alto Network's Matthew Chiodi and Ryan Olson. They discuss their findings in two different threat reports. 

The research can be found here:

Cloud Threat Report

IoT Threat Report

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Mar 21, 2020
CISA on running critical sectors during an emergency. Disinformation, phishbait, and rumor. What’s Fancy Bear up to these days? Distinguishing altruism from self-interest.
24:55

CISA describes what counts as critical infrastructure during a pandemic, and offers some advice on how to organize work during the emergency. Iran runs a disinformation campaign--apparently mostly for the benefit of a domestic audience--alleging that COVID-19 is a US biowar operation. Intelligence services, criminals, vandals, and gossips all flack coronavirus hooey in cyberspace. Fancy Bear is back. And what would provoke good behavior among thieves? (A hint: not altruism.) Malek Ben Salem from Accenture on mobile tracking and privacy, guest is Thomas Quinn from T Rowe Price on the job of protecting a financial institution.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/March/CyberWire_2020_03_20.html

Support our show

Mar 20, 2020
EU suspects Russia of disinformation. TrickBot’s latest module is a brute. Parallax RAT and the MaaS black market. Pandemic hacking trends. What to do with time on your hands.
20:42

The EU suggests that Russia’s mounting an ongoing disinformation campaign concerning COVID-19. Russia says they didn’t do nuthin’. TrickBot is back with a new module, still under development, and it seems most interested in Hong Kong and the US. The Parallax RAT is the latest offering in the malware-as-a-service market. Food delivery services are now targets of opportunity for cybercriminals. Zoom-bombing is now a thing. And some advice from an astronaut. Andrea Little Limbago from Virtru with insights into her career path, guest is Tom Creedon from LookingGlass Cyber on the Asia-Pacific Cyber Conflict.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_03_19.html

Support our show

Mar 19, 2020
Coronavirus phishing. Money mule recruiting. Remote work and behavioral baselining. HHS incident seems to have been...an incident. Advice from NIST, and from Dame Vera Lynne.
21:21

More coronavirus phishing expeditions. Don’t let idleness or desperation lead you into a money-mule scam. How do behavioral expectations change during periods of remote work? The Health and Human Services incident appears to be just that. NIST has some advice for video-conferencing and virtual meetings. And an exhortation to return to the Blitz spirit. Joe Carrigan from JHU ISI on limitations of two-factor authenticator mobile apps, guest is Johnnie Konstantas from Oracle on cloud misconfigurations and shared responsibility in the public cloud.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_03_18.html

Support our show

Mar 18, 2020
Cyberattack on US HHS probably a minor probe. Disinformation about COVID-19 continues to serve as both phishbait and disruption. US prosecutors move to stop prosecution Concord Management.
20:24

The cyberattack on the US Department of Health and Human Services seems now to have been a minor incident. Disinformation about COVID-19 and measures to contain the pandemic continues to serve as both phishbait and disruption. And US prosecutors move to stop prosecution of a Russian influence shop fingered by the Mueller investigation. Ben Yelin from UMD CHHS on HHS issuing health data rules, guest is Kevin Mitnick from KnowBe4 on the state of cybersecurity from the RSAC 2020 floor. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_03_17.html

Support our show

Mar 17, 2020
COVID-19’s effects on cyberspace: disinformation, espionage, data theft, fraud, and extortion. Also far greater remote working.
20:24

COVID-19’s effects on cyberspace: disinformation, espionage, data theft, fraud, and extortion. Also far greater remote working. David Dufour from Webroot on their 2020 Threat Report, guest is Simone Petrella from CyberVista on cybersecurity skills.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_03_16.html

Support our show

Mar 16, 2020
TLS is here to stay.
16:01

As websites and apps more widely adopt TLS (Transport Layer Security) and communicate over HTTPS connections, unencrypted traffic may draw even more attention, since it’s easier for analysts and security tools to identify malicious communication patterns in those plain HTTP sessions. Malware authors know this, and they’ve made it a priority to adopt TLS and thereby obfuscate the contents of malicious communication.

Joining us on this week's Research Saturday is Chester Wisniewski from SophosLabs discussing their research on the subject. 

The research can be found here:

Nearly a quarter of malware now communicates using TLS

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Mar 14, 2020
COVID-19 as both incentive for remote work and phishbait. Offshored trolling. A list of “digital predators.” US Senate doesn’t extend domestic surveillance authority.
24:06

COVID-19 significantly increased remote working, and the pandemic is now a favorite lure in the phishing tackle of both intelligence services and criminal gangs. Russian trolling has been off-shored, setting up shop in Ghana and Nigeria for running influence operations against the US. Microsoft issues an out-of-band patch. Reporters Without Borders publishes its list of “digital predators.” And the Senate doesn’t renew US domestic surveillance authorities. Thomas Etheridge from Crowdstrike on the impact of ransomware, guest is Josiah Dykstra from NSA on Cloud Vulnerabilities from an NSA viewpoint.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_03_13.html

Support our show

Mar 13, 2020
The return of Turla. Data exposure incidents disclosed. Beijing accuses Taipei of waging cyberwarfare against the PRC. Coronavirus disinformation.
20:49

Turla’s back, this time with watering holes in compromised Armenian websites. Data exposures are reported in the Netherlands and the United States. China accuses Taiwan of waging cyberwarfare in an attempt to disrupt Beijing’s management of the coronavirus epidemic. The US and the EU separately undertake efforts to suppress COVID-19 disinformation. And the ins-and-outs of teleworking. Mike Benjamin from CenturyLink with Emotet updates, guest is Tom Pendergast from MediaPRO on their State of Privacy and Security Awareness Report.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_03_12.html

Support our show

Mar 12, 2020
The Cyberspace Solarium reports. Coronavirus scams and coronavirus realities. Notes on March’s Patch Tuesday.
19:17

The Cyberspace Solarium has released its report, as promised, and they wish to make your flesh creep. Coronavirus scams and phishbait amount to what some are calling an “infodemic.” Some notes on Patch Tuesday, and, finally, some words on the actual coronavirus epidemic. Joe Carrigan from JHU ISI on FBI recovering stolen funds, guest is Josh Mayfield from RiskIQ on his 2020 predictions.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_03_11.html

Support our show

Mar 11, 2020
Caution in the Play store. EU power consortium’s business systems hacked. Cablegate--a look back. Schulte trial ends in minor convictions, but a hung jury on major counts. The cyber underworld.
20:11

Google removes from the Play store an app nominally designed to track COVID-19 infections. An EU power distribution consortium says its business systems were hacked. An assessment of Cablegate has been declassified. Ex-CIA employee Schulte’s trial for disclosing classified information ends in a hung jury. The alleged proprietor of a criminal market is arrested. Crooks hack rival crooks. More US primaries are held today. And a case of identity theft in North Carolina. Ben Yelin from UMD CHHS with updates on ClearView AI, guest is Kathleen Kuczma from Recorded Future on 2019 Top Vulnerabilities List.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_03_10.html

Support our show

Mar 10, 2020
Coronavirus misinformation, phishbait, and disinformation. Ransomware’s growing reach. How criminals’ desire for glory works against their desire to escape apprehension.
20:56

Coronavirus misinformation, coronavirus online scams, and coronavirus disinformation. Ransomware hits a steel plant, local government, and a defense contractor. And how criminals’ desire for glory betrays them in social media. Zulfikar Ramzan from RSA Security with three product updates, guest is Robert Waitman from Cisco on their Annual Data Privacy Benchmark study.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_03_09.html

Support our show

Mar 09, 2020
Overworked developers write vulnerable software.
14:21

Why do some developers and development teams write more secure code than others? Software is written by people, either alone or in teams. Ultimately secure code development depends on the actions and decisions taken by the people who develop the code. Understanding the human factors that influence the introduction of software vulnerabilities, and acting on that knowledge, is a definitive way to shift security to the left. 

On this Research Saturday, our conversation with Anita D’Amico from CodeDX on which developers and teams are more likely to write vulnerable software.

The research can be found here:

Which Developers and Teams Are More Likely to Write Vulnerable Software?

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Mar 07, 2020
Misconfigured databases, again. Vulnerable subdomains. Dark web search engines. Troll farming. An update on the crypto wars.
23:11

Virgin Media discloses a data exposure incident, another misconfigured database. Microsoft subdomains are reported vulnerable to takeover. A dark web search engine is gaining popularity, and black market share. Researchers find that Russian disinformation trolls have upped their game. The crypto wars have flared up as the US Senate considers the EARN IT act. Tech companies sign on to voluntary child protection principles. And Huawei talks about backdoors. Thomas Etheridge from Crowdstrike on empowering business leaders to manage cyber risk, guest is Sherri Davidoff on her book, Data Breaches: Crisis and Opportunity.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_03_06.html

Support our show

Mar 06, 2020
Credential stuffing attacks and data breaches. Coronavirus-themed phishbait is an international problem. Super Tuesday security post mortems. Huawei agonistes.
19:45

Credential stuffing affects J. Crew and Tesco customers. T-Mobile discloses a data breach. Emcor works to recover from a ransomware infestation. Coronavirus-themed emails remain common phishbait--it’s an international problem. US authorities are pleased with how election security on Super Tuesday went, but some local governments are recovering from self-inflicted tech wounds. And there’s more on official US suspicion of Huawei. Mike Benjamin from CenturyLink on Nanocore, guest is Bil Harmer from SecureAuth on nation-state attacks.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_03_05.html

Support our show

Mar 05, 2020
Election security--a look back at Super Tuesday. Cyberspace Solarium preview. Rapid Alert System engaged in EU. Cyber capability building in Ukraine. Cloud backups as attack surface.
20:28

A quick security retrospective on Super Tuesday, a day on which no dogs barked (or bears growled, or kittens yowled, or pandas did whatever it is that pandas do). The Cyberspace Solarium previewed the good-government framework it intends to recommend in next Wednesday’s final report. The EU uses its Rapid Alert System against coronavirus disinformation. US aid will go to Ukraine for cybersecurity capability building. And backups are an attack surface, too. Joe Carrigan from JHU ISI on FBI convictions of Romanian criminals, guest is Chris Kubic from Fidelis Cybersecurity with lessons learned from securing the country’s biggest and deepest secrets. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_03_04.html

Support our show

Mar 04, 2020
Vault 7, again, as Beijing names and shames. Schulte case goes to jury. Maersk to cut incident response jobs. The Cyberspace Solarium’s election security preview. Advice for intel collection.
22:30

Chinese security firm calls out the US CIA for Vault 7 campaigns against civil aviation. Meanwhile, the jury’s out in the Joshua Shulte Vault 7 case. Incident responders in the UK may be reentering the labor market. US agencies issue a joint warning to adversaries (and joint encouragement to citizens) about election interference. The Cyberspace Solarium talks about elections. And the Justice Department offers advice on cyber threat intelligence collection. Ben Yelin from UMD CHHS on telecommunications companies in hot water with the FCC, guest is Stuart Reed from Nominet with new CISO stress research.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_03_03.html

Support our show

Mar 03, 2020
Super Tuesday eve primary jitters. DoppelPaymer hits an aerospace supplier. WordPress plugins exploited in the wild. Vote for the catphish.
18:14

It’s Super Tuesday eve, and people worry about influence operations, both foreign and domestic. DoppelPaymer hits a precision manufacturer, and moves surprisingly quickly to expose stolen files. Vulnerable WordPress plugins are being exploited in the wild. And a catphish is running for Congress in Rhode Island--he’s even got the blue checkmark. Johannes Ullrich from the SANS Technology Center on the development of authentication issues in iOS, guest is Elvis Chan from the FBI on election security.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_03_02.html

Support our show

Mar 02, 2020
Application tracking in Wacom tablets.
18:28

Today's Research Saturday features our conversation with Robert Heaton, a software engineer with Stripe who penned a blog post about his disappointing discovery involving his Wacom tablet tracking his applications. The post struck a nerve and has since been widely distributed.

The research can be found here: 

Wacom drawing tablets track the name of every application that you open

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Feb 29, 2020
South Carolina primary affords the next test of US election security. Cerberus evolves. Bot-driven fraud. FCC to fine wireless carriers for location data handling. FISA changes.
25:16

South Carolina prepares for tomorrow’s primary, confident that it will be able to conduct the vote securely and without disruption. An evolved version of the Cerberus Trojan has been spotted. Bots are making fraudulent appeals for brushfire aid to the Australian Red Cross. The FCC is preparing to fine four major wireless carriers for mishandling user geolocation data. Proposed changes to FISA surveillance in the US. And farewell to RSAC 2020. Partner is Mike Benjamin from CenturyLink with observations from RSA, guests are magicians Penn and Teller with insights on deception and social engineering.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_28.html

Support our show

Feb 28, 2020
RSAC 2020. Naming and shaming. Kitty espionage update. Wi-Fi crypto flaw. Impersonating the DNC. Ransomware gets more aggressive. When is removing a GPS tracker theft?
22:50

Naming and shaming seems to work, at least against China’s Ministry of State Security. Iranian cyberespionage continues its regional focus. Wi-Fi chip flaws could expose encrypted traffic to snoopers. Someone, maybe from abroad, is pretending to be the US Democratic National Committee. Tips on backing up files. Ransomware gangs up their game. And that unmarked small box on your car? Go ahead: you can take it off. David Dufour from Webroot with trends and predictions from the floor at RSA, guest is Liesyl Franz from the Dept. of State on nation state cyber activities and deterrence in cyberspace.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_27.html

Support our show

Feb 27, 2020
Chrome zero-day patched. Ransomware against infrastructure. Notes from RSAC 2020. Julian Assange’s extradition hearing.
20:45

Google patches a Chrome zero-day. Ransomware attacks against infrastructure. DoppelPaymer prepares to dox its victims. How CISA and NSA cooperate. Dallas County, Iowa, finally drops charges against pentesters. Mr. Assange’s evolving defense against extradition to the US. Notes on RSAC 2020. And if you were a superhero, which superhero would you be? Justin Harvey from Accenture on his RSA observations, guest is Keith Mularski from EY on ransomware.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_26.html

Support our show

Feb 26, 2020
Cloud Snooper is out and about. US states’ contracts with Chinese vendors. Voatz receives more scrutiny. Facebook’s troll hunt--no joy this time. Notes from RSAC 2020.
22:59

Cloud Snooper is infesting cloud infrastructure servers. A China-skeptical advocacy group draws attention to US states’ contracts with Chinese vendors that aren’t named “Huawei.” Senator Wyden would like the security company that audited the Voatz to explain the clean bill of health it gave the voting app. Facebook’s campaign troll hunt comes up empty, so far, this time. And what we’re seeing and hearing at RSAC 2020. Our Chief Analyst Rick Howard on SASE and what he’s looking for at RSA, guest is Dr. Chenxi Wang from Rain Capital previewing her panel at RSA and discussing innovations in the industry. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_25.html

Support our show

Feb 25, 2020
Reactions to allegations in Georgia’s October cyber incidents. Commodification of spamming kit. Satellite vulnerabilities. Election security. FISA reauthorization? Mr. Assange’s extradition. RSAC 2020.
21:30

The EU condemns Russian cyberattacks on Georgia, and Russia says Russia didn’t do it--it’s all propaganda. Skids can buy spamming tools for less than twenty bucks. Satellite constellations offer an expanding attack surface. Amid continuing worries about US election security, the question of Russian trolling or home-grown American vitriol arises in Nevada (but the smart money’s on the U S of A). FISA reauthorization is coming up. And hello from RSAC 2020. Joe Carrigan from JHU ISI on SIM swappers targeting carrier employees, guest is Erez Yalon from Checkmarx on the recently published OWASP API Security Top Ten list.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_24.html

Support our show

Feb 24, 2020
Rigging the game.
40:45

*This is a rebroadcast from our Cyber Law and Policy show, Caveat.*

Ben describes a decades-long global espionage campaign alleged to have been carried out by the CIA and NSA, Dave shares a story about the feds using cell phone location data for immigration enforcement, and later in the show our conversation with Drew Harwell from the Washington Post on his article on how Colleges are turning students’ phones into surveillance machines.

Remember to subscribe to Caveat in your podcasting platform of choice. 

Links to stories:

‘The intelligence coup of the century’

RIGGING THE GAME Spy sting

Federal Agencies Use Cellphone Location Data for Immigration Enforcement

Thanks to our sponsor, KnowBe4.

Feb 23, 2020
New vulnerabilities in PC sound cards.
19:51

SafeBreach Labs discovered a new vulnerability in the Realtek HD Audio Driver Package, which is deployed on PCs containing Realtek sound cards. 

On this week's Research Saturday, our conversation with Itzik Kotler, who is Co-Founder and CTO at SafeBreach. 

The research can be found here: 

Realtek HD Audio Driver Package - DLL Preloading and Potential Abuses

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Feb 22, 2020
DISA data breach. More complaint against alleged GUR operations in Georgia. Trolls move from creation to curation. The UK deals with high-risk 5G vendors.
23:14

The US Defense Information Agency discloses a data breach affecting personal information of up to two-hundred thousand individuals. More international reprobation for the alleged GRU hack of Georgian websites. Trolls move from creation to curation. Stalkerware data exposure. And a look at how the UK might actually implement its compromise position on high-risk 5G vendors. Joining us in studio, a surprise new addition to the CyberWire team, guest is Aisling MacRunnels from Synack on women in cyber.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_21.html

Support our show

Feb 21, 2020
UK, US blame Russia for 2019 Georgia hacks. Senator Sanders thinks Russian bots could impersonate supporters. Mr. Assange’s extradition. MGM Resorts breach. Ms Winner wants a pardon.
21:26

British and American authorities blame Russia’s GRU for last October’s defacement campaign against Georgian websites. Senator Sanders thinks maybe some of his apparent supporters are Russian bots--the ones who are tweeting bad stuff in social media. Julian Assange says he was offered a pardon to say the Russians didn’t meddle with the DNC. Stolen data from MGM Resorts turns up in a hacker forum. NSA leaker Reality Winner would like a pardon. Justin Harvey from Accenture on staying prepared against potential Iranian cyberattacks, guest is Jamie Tomasello from Cisco Duo on cognitive capacity and burnout.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_20.html

Support our show

Feb 20, 2020
Ransomware hits US natural gas pipeline facility. DRBControl’s espionage campaign. Firmware signing. No bill of attainder against Huawei. A mistrial in the Vault 7 case?
20:45

CISA reports a ransomware infestation in a US natural gas compression facility--it arrived by spearphishing and there are, CISA thinks, larger lessons to be learned. A new threat actor, possibly linked to China’s government, is running an espionage campaign against gambling and betting operations in Southeast Asia. More notes on firmware signatures. Huawei loses one in US Federal Court, and the defense asks for a mistrial in the Vault 7 case. Caleb Barlow from CynergisTek on Wigle and the impact your SSID name can have on your privacy, guest is Anita D’Amico from CodeDX on which developers and teams are more likely to write vulnerable software.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_19.html

Support our show

Feb 19, 2020
Fox Kitten campaign slinked to Iran. LokiBot’s new clothes. Unsigned firmware. Iowa Democratic caucus post-mortem. SoftBank and the GRU. Hacker madness.
21:04

Fox Kitten appears to combine three APTs linked to Iran. LokiBot is masquerading as an installer for Epic Games. Unsigned firmware found in multiple devices. Extortionists threaten to flood AdSense banners with bot traffic. China says the Empire of Hackers is in Washington, not Beijing. Iowa Democratic caucus IT post-mortems continue. Japan connects SoftBank breach to GRU. And more on that hacker-madness poster from the West Midlands. Ben Yelin from UMD CHHS on wireless carriers selling location data. Guest is Kaitlin Bulavinetz from Washington Cyber Roundtable on facilitating conversations among the industry. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_18.html

Support our show

Feb 18, 2020
If you can't detect it, you can't steal it.
23:25

BGN Technologies, the technology transfer company of Ben-Gurion University (BGU) of the Negev, Israel, is introducing the first all-optical “stealth” encryption technology that will be significantly more secure and private for highly-sensitive cloud computing and data center network transmission. Joining us in this special Research Saturday is BGN's Dan Sadot who helped pioneer this technology. 

The Research can be found here:

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Feb 15, 2020
Huawei gets a RICO prosecution. Details on DPRK Hidden Cobra Trojans. Google takes down Chrome malvertising network. Run DNC. Hacker madness. Happy St. Valentine’s Day.
23:36

The US indicts Huawei for racketeering. The FBI and CISA release details on malware used by North Korea’s Hidden Cobra. Iran attributes last week’s DDoS attack to the US. Google takes down a big malvertising and click-fraud network that exploited Chrome extensions. Reports surface of DNC involvement in IowaReporterApp. Not all official advice is necessarily good advice. And if things don’t work out with your object of affection, don’t spy on their social media accounts, OK? Craig Williams from Cisco Talos with updates on JhoneRAT. Guest is Shuvo Chatterjee from Google on their Advanced Protection Program (APP).

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_14.html

Support our show

Feb 14, 2020
Internecine phishing in the Palestinian Territories. What could Iran do in cyberspace? US Census 2020 and cybersecurity. Mobile voting. How to make bigger money in sextortion.
20:55

Researchers report phishing campaigns underway in the Palestinian Territories. They appear to be a Hamas-linked effort targeting the rival Fatah organization. FireEye offers a summary of current Iranian cyber capabilities. The GAO warns that the Census Bureau still has some cyber security work to do before this year’s count. Researchers call mobile voting into question. And some observations about why some extortion brings in a bigger haul than its rivals. Johannes Ullrich from SANS Technology Center on IoT threats. Guest is Darren Van Booven from Trustwave on how to know if the CCPA applies to your organization. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_13.html

Support our show

Feb 13, 2020
Facebook takes down coordinated inauthenticity. US says it’s got the goods on Huawei. EU will leave facial recognition policy up to member states. Patch Tuesday. Counting on the caucus.
20:27

Facebook takes down coordinated inauthenticity from Myanmar, Vietnam, Iran, and Russia. The US says it’s got the goods on Huawei’s backdoors. Notes on Patch Tuesday. The EU backs away from a five-year moratorium on facial recognition software. Switzerland takes a look at Crypto AG. And the Nevada Democratic caucus a week from Saturday will use iPads, Google Forms, and some tools to process the results. That’s “tools,” Jack, not “apps.” Ben Yelin from UMD CHHS on the Senate GOP blocking election security bills. Guest is Christopher Hadnagy from Social-Engineer, LLC on social engineering trends they are tracking. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_12.html

Support our show

Feb 12, 2020
Pyongyang’s guide to hacking on behalf of rogue regimes. RATs in the supply chain? Data exposures and data breaches. Securing elections (and caucuses, too).
20:38

Pyongyang establishes a template for pariah states trying to profit in cyberspace. The FBI warns that there’s a RAT in the ICS software supply chain. The US has a new counterintelligence strategy, and cyber figures in it prominently. Likud’s exposure of Israeli voter data may benefit opposition intelligence services. Notes on the Equifax breach indictments. As New Hampshire votes in its primaries, CISA warns everyone not to get impatient. And Iowa? Still counting. Robert M. Lee from Dragos on their recent report, “Industrial Cyber Attacks: A Humanitarian Crisis in the Making.” Guest is Andrew Wajs from Scenera on the NICE Alliance and Cloud Privacy. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_11.html

Support our show

Feb 11, 2020
US indicts PLA officers in Equifax hack. Pyongyang shows pariah states how it’s done. DDoS in Iran. Updates on Democratic Party caucus IT issues. Likud has a buggy app, too.
21:14

US indicts four members of China’s People’s Liberation Army in connection with the 2017 Equifax breach. North Korea establishes an Internet template for pariah regimes’ sanctions evasion. Iran sustained a major DDoS attack Saturday. US Democratic Party seeks to avoid a repetition of the Iowa caucus in other states as the Sanders campaign asks for a partial recanvas. Israel’s Likud Party involved in a voter database exposure incident via its own app. Joe Carrigan from JHU ISI with a look back at the Clipper chip. Guest is Shannon Brewster from AT&T Cybersecurity with thoughts on election security. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_10.html

Support our show

Feb 10, 2020
The Chameleon attacks Online Social Networks
16:25

The Chameleon attack technique is a new type of OSN-based trickery where malicious posts and profiles change the way they are displayed to OSN users to conceal themselves before the attack or avoid detection. Joining us to discuss their findings in a new report entitled "The Chameleon Attack: Manipulating Content Display in Online Social Media" is Ben-Gurion University's Rami Puzis. 

The research can be found here:

The Chameleon Attack: Manipulating Content Display in Online Social Media

Demonstration video of a Chameleon Attack

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Feb 08, 2020
Chinese cyber espionage in Malaysia and Japan. Android Bluetooth bug. Google expels suspect apps from the Play store. More Iowa caucus finger-pointing. US preps indictments of Chinese nationals.
25:36

Chinese espionage groups target Malaysian officials, and two more Japanese defense contractors say they were breached, also by China. Google patches Android problems, including an unusual Bluetooth bug. Google also expels apps that wanted unreasonable permissions from the Play store. Some in Iowa say the DNC pushed an eleventh-hour security patch to IowaReporterApp. The US may indict more Chinese nationals for hacking. More Senate reporting on 2016 Russian influence. Caleb Barlow from Synergistek with more insights on hospitals and ransomware, this time from the patient’s perspective. Guest is Matt Cauthorn from ExtraHop comparing cloud platforms’ similarities and differences.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_07.html

Support our show

Feb 07, 2020
Iowa caucus problems induced by buggy counting and reporting app. Bitbucket repositories used to spread malware. Gamaredon active again against Ukraine. Charming Kitten’s phishing.
21:04

Iowa Democrats continue to count their caucus results, and blame for the mess is falling squarely on Shadow, Inc.’s IowaReporterApp. Bitbucket repositories are found spreading malware. The attack on Toll Group turns out to be Mailto ransomware. The Gamaredon Group is active, against, against Ukrainian targets. Charming Kitten’s been phishing. And there’s a new legal theory out and about: the pain-in-the-ass defense. (We know some colleagues who’d plead to that.) Justin Harvey from Accenture on DNS over HTTPS (DoH). Guest is Peter Smith from Edgewise Networks on defending against Python attacks.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_06.html

Support our show

Feb 06, 2020
Update on the Iowa Democrats’ bad app. DDoS warning for state election sites. DDoS trends. New ransomware tracked. Tehran spoofing emails? Nintendo hacker pleads guilty.
20:34

Iowa’s Democrats are still counting their caucus results, but on the other hand they weren’t hacked. A poorly built and badly tested app is still being blamed, and that judgment seems likely to hold up. The FBI warns of a DDoS attempt against a state voter registration site. Trends in DDoS. Some new strains of ransomware are out in the wild. Spoofed emails may be an Iranian espionage effort. And the confessed Ninendo hacker cops a plea. Craig Williams from Cisco Talos with updates on Emotet. Guest is Kurtis Minder from GroupSense on the Pros and Cons of notifying breached companies.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_05.html

Support our show

Feb 05, 2020
Buggy app delays count in Iowa Democratic caucus. US county election sites ill-prepared against influence ops. Twitter fixes API exploited by fake accounts. NIST on ransomware.
21:02

Iowa Democrats work to sort out app-induced confusion over Monday’s Presidential caucus. A McAfee study finds widespread susceptibility to influence operations in US county websites. Twitter fixes an API vulnerability and suspends a large network of fake accounts. NIST’s proposed ransomware defense standards are out for your review--comments are open until February 26th. Ben Yelin from UMD CHHS on rules regarding destruction of electronic evidence. Guest is Alex Burkardt from VERA on how to protect critical financial data beyond the corporate perimeter. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_04.html

Support our show

Feb 04, 2020
More on EKANS, the ransomware with an ICS kicker. Shipping company customer-facing IT disrupted in cyber incident. Coronavirus as phishbait. Election security, new DoD rules, and insider threats.
17:26

Dragos publicly releases its full report on EKANS ransomware, the first known ransomware with a real if primitive capability against industrial control systems. An Australian logistics company struggles with an unspecified malware infestation. Coronovirus fake news used as phishbait. Election security may get an early test in Iowa. The US Department of Defense issues new cybersecurity rules for contractors. And two cases of insider threats (alleged insider threats). Joe Carrigan from JHU ISI with reactions to ransomware legislation proposed in Maryland.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_03.html

Support our show

Feb 03, 2020
Eric Haseltine on his book, "The Spy in Moscow Station."
25:24

On this Special Edition, our extended conversation with Eric Haseltine on his book "The Spy in Moscow Station." The book... "tells of a time when—much like today—Russian spycraft had proven itself far beyond the best technology the U.S. had to offer. The perils of American arrogance mixed with bureaucratic infighting left the country unspeakably vulnerable to ultra-sophisticated Russian electronic surveillance and espionage." 

Thanks to our sponsor, KnowBe4.

Feb 02, 2020
Tracking one of China's hidden hacking groups - Research Saturday
17:49

Operation Wocao (我操, “Wǒ cāo”, is a Chinese curse word) is the name that Fox-IT uses to describe the hacking activities of a Chinese based hacking group.

We are joined by Fox-IT's Maarten van Dantzig who shares his insights into their new report entitled "Operation Wocao: Shining a light on one of China’s hidden hacking groups".

The Research can be found here:

Operation Wocao: Shining a light on one of China’s hidden hacking groups

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Feb 01, 2020
The Winnti Group is interested in Hong Kong protestors. The UK, the US, and the EU all look for a cooperative way forward into 5G. DDoS for hire hits an independent Serbian media outlet. Ransomware may have hit a US defense contractor. EvilCorp is back. T
23:14

The Winnti Group is interested in Hong Kong protestors. The UK, the US, and the EU all look for a cooperative way forward into 5G. DDoS for hire hits an independent Serbian media outlet. Ransomware may have hit a US defense contractor. EvilCorp is back. The Sodinokibi ransomware gang is running an essay contest. And the 2015 Ashley Madison breach keeps on giving, in the form of blackmail. Emily Wilson from Terbium Labs on the sale of “points” and “status benefits” on the dark web. Guest is Michael Sutton from Stonemill Ventures with insights from the cyber VC world.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_31.html

Support our show

Jan 31, 2020
Hacking the UN. Avast closes Jumpshot over privacy uproar. Facebook settles a biometric lawsuit. Data exposures, a LiveRamp compromise, and more newly aggressive ransomware.
22:54

UN agencies in Geneva and Vienna were successfully hacked last summer in an apparent espionage campaign. Avast shuts down its Jumpshot data analysis subsidiary and resolves to stick to its security last. Facebook reaches a preliminary, $550 million settlement in a privacy class-action lawsuit. SpiceJet and Sprint suffer data exposures. LiveRamp was compromised for ad fraud. And Russia blocks ProtonMail and StartMail. Caleb Barlow from Cynergistek on the business impact of ransomware on a hospital. Guest is Matthew Doan, cyberecurity policy fellow at New America, discussing his recent recent Harvard Business Review article “Companies Need to Rethink What Cybersecurity Leadership Is.”

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_30.html

Support our show

Jan 30, 2020
Ransomware in industrial control systems. Phone hacks, proved and unproved. Britain’s compromise decision on Huawei. Wawa cards in the Joker’s Stash. CardPlanet boss pleads guilty.
21:31

Snake ransomware appears to have hit industrial control systems, and may be connected to Iran. The verdict on the Saudi hack of Mr. Bezos’ phone seems to stand at not proven, but the Kingdom does seem to have used Pegasus intercept tools against journalists and critics of the regime. Neither the US nor China are happy with Britain’s decision on Huawei. Cards from the Wawa breach are on sale in the Joker’s Stash. And CardPlanet’s boss will do some Federal time. Ben Yelin from UMD CHHS on AOC’s comments during House hearings on facial recognition technology. Guest is Dan Conrad from One Identity on sophisticated “pass the hash” attacks.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_29.html

Support our show

Jan 29, 2020
Huawei will play in UK infrastructure, at least a little. Citizen Lab on KINGDOM, a Pegasus operator. Avast and sale of user data. Happy Data Privacy Day.
20:57

Britain decides to let Huawei into its 5G infrastructure, just a little bit, anyway. Citizen Lab reports on its investigation of Saudi use of Pegasus spyware against journalists. Avast is again collecting user data and sharing anonymized data with a subsidiary for sale to business customers. Some Data Privacy Day thoughts on agreeing to terms and conditions, with reflections on the first systematic look at End User License Agreements, found in the final chapter of Plato’s Republic. Joe Carrigan from JHU ISI on evolving ransomware business models. Guest is Dr. Christopher Pierson from BLACKCLOAK with insights on the alleged Bezos phone hack and the vulnerabilities of high-profile individuals.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_28.html

Support our show

Jan 28, 2020
A cyber espionage campaign is to use DNS hijacking. More observations on l’affaire Bezos. Operation Night Fury versus e-commerce hackers. Farewell to Clayton Christensen.
19:58

Someone has been running a DNS hijacking campaign against governments in southeast Europe and southwest Asia, and Reuters thinks that someone looks like Turkey. Experts would like to see a more thorough forensic analysis of Mr. Bezos’ iPhone: that hack may look like a Saudi job, but the evidence remains circumstantial. Interpol’s Operation Night Fury dismantles a gang that had been preying on e-commerce. And ave atque vale, Clayton Christensen, theorist of disruptive innovation. Robert M. Lee from Dragos with 2020 predictions (reluctantly).

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_27.html

Support our show

 

Jan 27, 2020
Hank Thomas and Mike Doniger, getting the specs on the cyber SPAC
32:46

In this special edition, our extended conversation with Hank Thomas and Mike Doniger from their new company SCVX. Both experienced investors, their plan is to bring a new funding mechanism known as a SPAC to cyber security which, they say, is new to the space. 

Thanks to our sponsor, The Johns Hopkins University Information Security Institute. 

Jan 26, 2020
Know Thine Enemy - Identifying North American Cyber Threats - Research Saturday
26:34

The electric utility industry is a valuable target for adversaries seeking to exploit industrial control systems (ICS) and operations technology (OT) for a variety of purposes. As adversaries and their sponsors invest more effort and money into obtaining effects-focused capabilities, the risk of a disruptive or destructive attack on the electric sector significantly increases.

Selena Larson from Dragos joins us to discuss their new report North American Electric Cyber Threat Perspective.

The report can be found here:
North American Electric Cyber Threat Perspective

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Jan 25, 2020
PupyRAT is back. So is the Konni Group. Twitter storm over claims that MBS hacked Jeff Bezos. Anti-disinformaiton laws considered. Canada is ready to impose costs on cyber attackers.
26:25

PupyRAT was found in a European energy organization: it may be associated with Iranian threat actors. Another threat actor, the Konni Group, was active against a US government agency last year. Saudi Arabia maintains it had nothing to do with hacking Jeff Bezos’s phone. The EU and Ukraine separately consider anti-disinformation regulations. Canada may be ready to “impose costs” in cyberspace. And Huawei’s a threat, but what’re you gonna do? Justin Harvey from Accenture with an outlook on 2020. Guests are Hank Thomas and Mike Doniger from SCVX, describing their plan to bring a funding mechanism know as a SPAC to cyber security.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_24.html

Support our show

Jan 24, 2020
Phishing with a RAT in the Gulf. More on how Jeff Bezos was hacked. Microsoft discloses data exposure. Ransomware continues to dump data. Windows 7, already back from the great beyond.
18:23

There’s more phishing around the Arabian Gulf, but it doesn’t look local. Reactions to Brazil’s indictment of Glenn Greenwald. The forensic report on Jeff Bezos’s smartphone has emerged, and the UN wants some investigating. Microsoft discloses an exposed database, now secured. Ransomware gets even leakier--if it hits you, assume a data breach. And Windows 7 is going to enjoy an afterlife in software Valhalla--you know, around Berlin. Tom Etheridge from CrowdStrike with thoughts on incident response plans.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_23.html

Support our show

Jan 23, 2020
The UN takes up a case of spyware; it’s slinked to an extrajudicial killing. Glenn Greenwald indicted on hacking charges in Brazil. NetWire and StarsLord are back.
20:19

UN rapporteurs say that the Saudi Crown Prince was probably involved in the installation of spyware on Amazon founder Jeff Bezos’s personal phone. Brazilian prosecutors have indicted Glenn Greenwald, co-founder of the Intercept, on hacking charges. IBM describes a renewed NetWire campaign, and Microsoft says StarsLord is back, too. And in cyberspace, there’s nothing new on the US-Iranian front. Ben Yelin from UMD CHHS on surveillance cameras hidden in gravestones. Guest is Sean Frazier from Cisco Duo on their most recent State of the Auth report. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_22.html

Support our show

Jan 22, 2020
RATs, backdoors, and a remote code execution zero-day. Hoods breach Mitsubishi Electric. Telnet credentials dumped.
20:56

A new RAT goes after Arabic-speaking targets. Updates on US-Iranian tension in cyberspace. An Internet Explorer bug is being exploited in the wild; a patch will arrive in February. A pseudo-vigilante seems to be preparing Citrix devices for future exploitation. Mitsubishi Electric discloses a breach. A booter service dumps half a million Telnet credentials online. And tomorrow is the last day to file a claim under the Equifax breach settlement. Joe Carrigan from JHU ISI with the story of a random encounter that set him on his professional path. Carole Theriault speaks with Jon Fielding from Apricorn on whether or not anything has really changed with GDPR, 18 months into it.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_21.html

Support our show

Jan 21, 2020
Clever breaches demonstrate IoT security gaps - Research Saturday
20:50

Some of our favorite and most trusted IoT devices help make us feel secure in our homes. From garage door openers to the locks on our front doors, we trust these devices to recognize and alert us when people are entering our home. It should come as no surprise that these too are subject to attack. 

Steve Povolny is head of advanced research at McAfee; we discuss a pair of research projects they recently published involving popular IoT devices. 

The research can be found here:

McAfee Advanced Threat Research demo McLear NFC Ring

McAfee Advanced Threat Research Demo Chamberlain MyQ

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Jan 18, 2020
Hacks, and rumors of hacks. Burisma incident under investigation. SharePoint exploitation. How to spark a run on a bank. WeLinkInfo taken down. Phishbait update.
25:10

Hacks and rumors of hacks surrounding US-Iranian tension. Ukrainian authorities are looking into the Burisma hack, and they’d like FBI assistance. The FBI quietly warns that two US cities were hacked by a foreign service. The New York Fed has thoughts on how a cyberattack could cascade into a run on banks. Arrests and a site takedown in the WeLeakInfo case. And a quick look at the chum being dangled in front of prospective phishing victims these days. Emily Wilson from Terbium Labs on synthetic identity detection. Guest is Eric Haseltine, author of The Spy in Moscow Station.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_17.html

Support our show

Jan 17, 2020
Curveball proofs-of-concept. CISA warns chemical industry. Military families harassed online. Phishing the UN. Fleeceware in the Play Store. Moscow says there was no Burisma hack.
21:41

Proof-of-concept exploits for the CryptoAPI vulnerability Microsoft patched this week have been released. CISA warns the chemical industry to look to its security during this period of what the agency calls “heightened geopolitical tension.” Families of deployed US soldiers receive threats via social media. Someone’s been phishing in Turtle Bay. More fleeceware turns up in the Play Store. And Moscow heaps scorn on anyone who thinks they hacked Burisma. Craig Williams from Cisco Talos on how adversaries take advantage of politics. Guest is Ron Hayman from AVANT on how companies might leverage Trusted Advisors to proactively prepare their security response.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_16.html

Support our show

Jan 16, 2020
Disclosure, patching, and warning. Norway takes on “out-of-control” data sharing by dating apps. Ransomware all-in on doxing. What to do about Huawei.
21:07

NSA gives Microsoft a heads-up about a Windows vulnerability, and CISA is right behind them with instructions for Federal civilian agencies and advice for everyone else. Norway’s Consumer Council finds that dating apps are “out of control” with the way they share data. Ransomware goes all-in for doxing. The US pushes the UK on Huawei as Washington prepares further restrictions on the Chinese companies. And think twice before you book that alt-coin conference in Pyongyang. Johannes Ullrich from SANS Technology on malicious AutoCAD files. Guest is Chris Duvall from Chertoff Group with an overview of the current state of ransomware. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_15.html

Support our show

Jan 15, 2020
Microsoft patches a vulnerability NSA disclosed. Fronting for APT40 in Hainan. Fancy Bear pawed at Burisma. The NSA Pensacola shooting and the debate over encryption.
21:36

NSA discloses a vulnerability to Microsoft so it can be patched quickly. Intrusion Truth describes thirteen front companies for China’s APT40--they’re interested in offensive cyber capabilities. Area 1 reports that Russia’s GRU conducted a focused phishing campaign against Urkraine’s Burisma Group, the energy company that figured prominently in the House’s resolution to impeach US President Trump. And the US Justice Department moves for access to encrypted communications. Joe Carrigan from JHU ISI on the security issues of Android bloatware. Guest is Haiyan Song from Splunk with 2020 predictions.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_14.html

Support our show

Jan 14, 2020
Cyber tensions and cyberwar. China’s influence ops against Taiwan apparently backfire. Maze gang goes for doxing. SIM swapping. FBI promises FISA Court it will do better.
20:16

The FBI reiterates prudent, consensus warnings about a heightened probability of cyberattacks from Iran, but so far nothing beyond credential-spraying battlespace preparation has come to notice. The US Congress mulls the definition of “act of war” in cyberspace. Taiwan’s president is re-elected amid signs that Chinese influence operations backfired on Beijing. The Maze gang doxes a victim. SIM swapping enters a new phase. And the FBI promises the FISA Court it will do better. Ben Yelin from UMD CHHS on a Washington Post story about college campuses gathering location data on their students.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_13.html

Support our show

Jan 13, 2020
Profiling the Linken Sphere anti-detection browser - Research Saturday
11:14

Multiple e-commerce and financial organizations around the world are targeted by cybercriminals attempting to bypass or disable their security mechanisms, in some cases by using tools that imitate the activities of legitimate users. Linken Sphere, an anti-detection browser, is one of the most popular tools of this kind at the moment.

Staffan Truvé is the CTO and Co-Founder of Recorded Future, he joins us to discuss their new report on the browser. 

The research can be found here:
Profiling the Linken Sphere Anti-Detection Browser

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Jan 11, 2020
Updates on US-Iranian tensions, and especially on hacktivism and possible power grid battlespace preparation. Researchers complain of preinstalled malware said to be in discount Android phones.
25:28

Amid indications that both Iran and the US would prefer to back away from open war, concerns about Iranian power grid battlespace preparation remain high. Recent website defacements, however, increasingly look more like the work of young hacktivists than a campaign run by Tehran. Phones delivered under the FCC’s Lifeliine Assistance program may come with malware preinstalled. And we’ll take Cybersecurity for six hundred, Alex. Tom Etheridge from Crowdstrike on having a board of directors’ playbook. Guest is Curtis Simpson from Armis on CISO burnout.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_10.html

Support our show

Jan 10, 2020
Cyber alert remains high as the US-Iranian confrontation cools. Information ops, wipers, and energy sector targeting.
21:36

As kinetic combat abates in Iraq, warnings of cyber threats increase. US intelligence agencies warn of heightened likelihood of Iranian cyber operations. These may be more serious than the low-grade website defacements and Twitter impersonations so far observed. One operation, “Dustman” has hit Bahrain, and it looks like an Iranian wiper. And some notes on the Lazarus Group, and a quick look at information ops across the Taiwan Strait. Emily Wilson from Terbium Labs with details from their recent report, “How Fraud Stole Christmas.” Guest is Karl Sigler from Trustwave in the risks of using Windows 7.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_09.html

Support our show

Jan 09, 2020
No major Iranian cyberattacks against the US so far, as both sides appear interested in cooling off. The Cyber Solarium offers a preview of its coming report on US cyber strategy.
21:13

Iran took some missile shots at two US air bases in Iraq last night, and President Trump barked back in a late morning press conference, but actually both sides seem inclined to move toward de-escalation. No major Iranian cyberattacks have developed, despite some low-grade skid vandalism of indifferently defended sites, but CISA’s warnings seem generally to be taken seriously. And the Cyber Solarium gave a preview of its recommendations for a US national cyber strategy. Caleb Barlow from CynergisTek with insights on potential cyber attacks from Iran.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_08.html

Support our show

Jan 08, 2020
No major Iranian cyberattacks against the US so far, as both sides appear interested in cooling off. The Cyber Solarium offers a preview of its coming report on US cyber strategy.
21:13

Iran took some missile shots at two US air bases in Iraq last night, and President Trump barked back in a late morning press conference, but actually both sides seem inclined to move toward de-escalation. No major Iranian cyberattacks have developed, despite some low-grade skid vandalism of indifferently defended sites, but CISA’s warnings seem generally to be taken seriously. And the Cyber Solarium gave a preview of its recommendations for a US national cyber strategy. Caleb Barlow from CynergisTek with insights on potential cyber attacks from Iran.

Jan 08, 2020
No more Iranian cyberattacks since the minor weekend vandalism, but the US Government advises all to look to their defenses. Fancy Bear is the usual suspect in Austria. A guilty plea by an insider threat.
21:15

The kittens haven’t scratched much so far, but the US Government and others are warning organizations to be alert to the likelihood of Iranian cyberattacks in retaliation for the combat death, by US missile, of Quds Force commander Soleimani. Fancy Bear is the usual suspect in the case of the Austrian Foreign Ministry hack. Patch your Pulse Secure VPN servers if you’ve got ‘em. ToTok is back in the Play Store. And there’s an executive who turned out to be an insider threat. Robert M. Lee from Dragos with a look back at 2019 ICS security issues. Guest is Tom Tovar from AppDome on mobile API security. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_07.html

Support our show

Jan 07, 2020
Sequelae of the US Reaper strike against the Quds Force commander. Warnings of Iranian retaliation, with an emphasis on cyberspace. Espionage in Austria, and a second look at an LSE outage.
17:52

Iran vows retribution for the US drone strike that killed the commander of the Quds Force. The US prepares for Iranian action, and the Department of Homeland Security warns that cyberattacks are particularly likely. Some low-grade Iranian cyber operations may have already taken place. Austria’s Foreign Ministry sustains an apparent state-directed cyber espionage attack, and in the UK authorities are taking a second look at the August outages at the London Stock Exchange. Joe Carrigan from JHU ISI, describing a clever defense against laptop theft. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_06.html

Support our show

Jan 06, 2020
Escalation in the Gulf as a US air strike kills Iran’s Quds commander. Travelex and RavnAir continue their recovery from cyberattacks. Taiwan’s memes against misinformation.
22:39

The US and Iran trade fire in Iraq, and a leading Iranian general is killed in a US airstrike. A corresponding escalation of cyber operations can be expected. Currency exchange Travelex continues to operate manually as it works to recover from what it calls “a software virus.” There’s speculation that the RavnAir incident may have been a ransomware attack. And Taiwan adopts an active policy against Chinese attempts to influence its elections. Johannes Ullrich from the SANS Technology Center on vulnerabilities in Citrix NetScaler installations. Guest is Derek Manky from Fortinet on what to expect in AI for 2020. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_03.html

Support our show

Jan 03, 2020
A Jira vulnerability that’s leaking data in the public cloud - Research Saturday
13:40

Unit 42 (the Palo Alto Networks threat intelligence team) released new research on a Jira vulnerability that’s leaking data of technology, industrial and media organizations in the public cloud. The vulnerability (a Server Side Request Forgery -- SSRF) is the same type that led to the Capital One data breach in July 2019.

Jen Miller-Osborn is the Deputy Director of Threat Intelligence for Unit 42 at Palo Alto Networks, and she joins us to share their findings.

The research can be found here:
https://unit42.paloaltonetworks.com/server-side-request-forgery-exposes-data-of-technology-industrial-and-media-organizations/

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Jan 02, 2020
Taking down Thallium. Cloud Hopper: bigger (and worse) than thought. US tightens screws on the supply chain. The bite of winter and the scent of plums.
20:51

Microsoft takes down bogus domains operated by North Korea’s Thallium Advanced Persistent Threat. The Cloud Hoppercyber espionage campaign turns out to have been far more extensive than hitherto believed. The US wants Huawei (and ZTE) out of contractor supply chains this year. India will test equipment before allowing it into its 5G networks. And the California Consumer Privacy Act is now in effect. Joe Carrigan from JHU ISI with the story of a financial advisor who payed the price for falling for a phishing scheme. Guest is Dave Burg from EY on the global perspective of cyber security risk.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_02.html

Support our show

Jan 02, 2020
Special Edition - Daniel Garrie from Law & Forensics on eDiscovery
16:46

In this CyberWire special edition, an extended conversation with Daniel Garrie from Law & Forensics, a global legal engineering firm, and Editor-in-Chief of the Journal of Law & Cyber Warfare. Much of the discovery that happens in litigation these days is eDiscovery - dealing with all things electronic and online. That's an area of expertise for Daniel Garrie and he shares his insights. 

Thanks to our sponsors McAfee, the device-to-cloud cybersecurity company.

Dec 31, 2019
Special Edition - Ron Gula and Mike Janke - VC pitfalls and how to avoid them
29:07

In this CyberWire special edition, advice from a pair of seasoned cyber security investors. Ron Gula caught our eye with an article he recently penned titled "Cyber entrepreneur pitfalls you can avoid." In it, he gathers a group of tech investors to get their takes on the dos and don'ts of pitching to venture capitalists. Ron runs Gula Tech Adventures along with his wife Cindi, where they aim to support the next generation of cyber technology strategy and policy. DataTribe's Mike Janke joins the conversation with his experiences guiding hopeful young entrepreneurs through the pitch process.

Thanks to our sponsors McAfee, the device-to-cloud cybersecurity company.

Dec 30, 2019
Special Edition - Mandy Rogers from Northrup Grumman on her career and diversity in cyber security
18:50

In this CyberWire special edition, an extended conversation with Mandy Rogers, Operations Manager for Engineering and Sciences at Northrup Grumman. The conversation centers around her inspirational career journey from humble beginnings on a farm in rural Virginia to leadership positions with some of the largest and most influential technology companies in the world. She shares her insights on the importance of diversity in the workplace and why she's dedicated to making sure the next generation of women in cyber security have ample opportunities to succeed. 

Thanks to our sponsors McAfee, the device-to-cloud cybersecurity company.

Dec 28, 2019
Special Edition - Phil Quade from Fortinet on his book "The Digital Big Bang"
11:45

In this CyberWire special edition, an extended conversation with Phil Quade, CISO of Fortinet and author of the book "The Digital Big Bang". The book features insights from industry security leaders from both the public and private sectors revealing the connections between fundamental and scientific principles and cybersecurity best practices to address today’s biggest security challenges. The Digital Big Bang is part how-to, part call-to-arms and provides an insider’s tour of the past, present, and rapidly intensifying imperatives of twenty-first century data protection. 

Thanks to our sponsors McAfee, the device-to-cloud cybersecurity company.

Dec 27, 2019
Special Edition - Bob Ackerman from Allegis Capital with Insights on the cyber security VC environment
10:49

In this CyberWire special edition, an extended conversation with Bob Ackerman from Allegis Capital. Cybersecurity will continue to be a major investment theme in 2020, but the maturing of the market will see a change to focus on better measurement and management of cyber risk exposure through Continuous Controls Monitoring, and preventive cyber solutions as opposed to reactive tools.

Thanks to our sponsors McAfee, the device-to-cloud cybersecurity company.

Dec 26, 2019
Special Edition - Kevin Lancaster from ID Agent on monitoring people affected by the OPM breach
19:48

In this CyberWire special edition, an extended conversation with Kevin Lancaster from Kaseya and ID Agent. In 2015, Kevin led the team responsible for restoring and protecting the identities of 4.2M gov employees in the Office of Personnel Management who were compromised in the most damaging data breach in U.S. history.

Thanks to our sponsors McAfee, the device-to-cloud cybersecurity company.

Dec 24, 2019
Special Edition - Sean O'Brien with @RISK Technologies on Election Security.
26:06

In this CyberWire special edition, a conversation with Sean O'Brien with @RISK Technologies on Election Security. Having fought both on the ground in Africa as a member of the US Intelligence Community and the Department of Defense and in cyberspace against Nation States like Russia and China, O'Brien shares his concerns for the integrity of the US election system, and even democracy itself. 

Thanks to our sponsors McAfee, the device-to-cloud cybersecurity company.

Dec 23, 2019
Inside Magecart and Genesis. — Research Saturday
17:45

Dan Woods is VP of the intelligence center and Shape Security. He shares insights on two noteworthy attacks tools, Genesis and Magecart. Before joining Shape Security Dan served as assistant chief agent of special investigations at the Arizona attorney general's office, where he investigated complex fraud. Prior to that, he spent 20 years with federal law enforcement agencies and intelligence organizations, including the CIA and FBI, where he specialized in information operations and cybercrime.

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Dec 21, 2019
Pegasus and Pakistan. What’s in Legion Loader. Threats to financial markets. Seasonal scams. What would Clippy do?
21:23

Pegasus may have appeared in Pakistan. Legion Loader packs in six bits of malware in one Hornets’ Nest campaign. Someone may have hacked Bank of England press releases to give them a few seconds’ advantage in high-speed trading. Frakfurt, in the German Land of Hessen, is clearing its networks of an Emotet infection. Some seasonal, topical scams are circulating. And what would Clippy do? Craig Williams from Cisco Talos with a look back at 2019's most serious vulnerabilities. Guest is Bob Ackerman from Allegis Capital with insights on the cyber security VC environment.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_20.html 

Support our show

Dec 20, 2019
TV program swap-out. Cyber espionage out of Beijing. US Congress in a mood to sanction. Emotet phishing spoofs Germany’s BSI. A Dark Overlord pleads not guilty.
20:50

Spanish TV is temporarily replaced by Russian programming. APT20, Violin Panda, is back, and playing a familiar tune. Rancor against Cambodia. The US Congress gets frosty with China and Russia. How Zeppelin ransomware spreads. Due diligence in M&A. Germany’s BSI warns of an Emotet campaign. A suspect in the Dark Overlord case is arraigned in St. Louis. The FBI collars a guy who ratted himself out over social media. David Dufour from Webroot with a review of their 2019 mid-year threat report. Guest is James Ritchey from GitLab with lessons learned on the one-year anniversary of their bug bounty program.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_19.html 

Support our show

 

Dec 19, 2019
Steal first, encrypt later. Cobots at risk? Gangnam Industrial Style looks for industrial info. Rancor update. FISC takes FBI to the woodshed. Vlad the Updater.
20:27

More ransomware steals first, encrypts later. Are cobots vulnerable to novel forms of ransomware? Gangnam Industrial Style--the espionage campaign, not the K-pop dance number. Rancor is a persistent, well-resourced, and creative APT, but without much success to its credit. The Foreign Intelligence Surveillance Court takes the FBI to the woodshed. And, hey, maybe he’s really Vlad the Updater? Tom Etheridge from CrowdStrike on incident response speed and the 1-10-60 concept. Guest is Eli Sugarman from the Hewlett Foundation with the results of their CyberVisuals contest. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_18.html 

Support our show

 

Dec 18, 2019
Ransomware updates. Lazarus Group’s new Trojan. IoT insecurity. Exploiting older versions of WhatsApp. Mr. Assange’s extradition. Door kick in IP beef. Someone naughty’s still running XP.
21:26

Updates on the ransomware attacks in Florida and Louisiana. North Korea’s Lazarus Group adopts a new Trojan as it shows signs of pivoting into the Linux ecosystem. Insufficient entropy in IoT key generation. Older versions of WhatsApp are vulnerable to exploitation. The state of Julian Assange’s extradition to the US. Hey--this is Moscow! Where’d you think you were, Iowa? And guess who’s still running Windows XP? Ben Yelin from UMD CHHS on Google location data being used to find a bank robber. Guest is Michael Chertoff from the Chertoff group on the 5G transition.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_17.html 

Support our show

Dec 17, 2019
Iran says it stopped a cyber espionage campaign by China’s APT27. India closes the Internet in two states. Ransomware in Louisiana and New Jersey. National Security Letters.
16:57

Iran says it’s foiled a cyber espionage campaign mounted by APT27, a Chinese threat group. The Indian government responds to protests over a citizenship law in two states by sending in troops and cutting off the Internet in those states. The City of New Orleans sustains what appears to be a ransomware attack. So does a New Jersey healthcare network. And three Senators would like credit bureaus to tell them what the FBI is asking for. Joe Carrigan from JHU ISI on Twitter’s proposal to shift to open standards. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_16.html 

Support our show

Dec 16, 2019
Special Edition — Capturing the flag at NXTWORK 2019
29:23

Capture the Flag competitions are an increasingly popular and valuable way for both cyber security students and seasoned professionals to test their skills, stay sharp and maybe even put a bit swagger on display. We set out to capture the excitement of a capture the flag event. As luck would have it, our sponsors at Juniper Networks were hosting a capture the flag hackathon at their annual NXTWork conference in Las Vegas, and they invited our CyberWire team to join them to experience it for ourselves.

Dec 15, 2019
WAV files carry malicious data payloads. — Research Saturday
16:57

Researchers at BlackBerry Cylance have been tracking ordinary WAV audio files being used to carry hidden malicious data used by threat actors. 

Eric Milam is VP of threat research and intelligence at BlackBerry Cylance, and he joins us to share their findings.

The research can be found here:
https://threatvector.cylance.com/en_us/home/malicious-payloads-hiding-beneath-the-wav.html

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

 

Dec 14, 2019
Phishing for credentials. Compromised Telegram accounts. Lateral movement. Crypto Wars updates. Data retention compliance. Iago did it for the lulz.
22:10

Parties unknown are phishing for government credentials in at least eight countries. Some other parties unknown are compromising Telegram accounts in Russia. Lateral movement is in the news, but not the good, Lamar Jackson kind. A familiar order of battle in the Crypto Wars emerges, again. NSA’s IG reports on SIGINT data retention. And a peek into what we suppose we must call the minds of some of the people hacking Ring systems. Daniel Prince from Lancaster University on Cyber security testbeds for IoT research. Guest is David Belson with Internet Society on Russian “Sovereign Internet” Law.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_13.html 

Support our show

 

Dec 13, 2019
False flags and attack kit hijacking. Maze ransomware in Pensacola. China’s own OS. Crypto Wars update. TrickBot phishing. And Krampus spoils Christmas.
19:12

Flying false flags, and borrowing someone else’s attack tools as the mast you use to run them up. The Pensacola cyber attack has been identified as involving Maze ransomware. China moves toward building its own autarkic operating system. US Senate Judiciary Committee hearings take an anti-encryption turn. TrickBot is phishing with payroll phishbait. And Krampus malware is punishing iPhone users as they shop during the holidays. Tom Etheridge VP of services from CrowdStrike, introducing himself. Guest is Dean Sysman from Axonius on S3 security flaws.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_12.html 

Support our show

Dec 12, 2019
Hacking in Iran? The Lazarus Group hires Trickbot. Election influence ops. Cryptowars updata. Ransomware in municipal and tribal governments. Patch Tuesday notes. Do it for State.
20:46

Iran says it’s stopped a cyber attack, and that an insider was responsible for a major paycard exposure. Trickbot is now working for the Lazarus Group. Influence operations both foreign and domestic concern British voters on the eve of the general election. The cryptowars are heating up again as the US Senate opens hearings on encryption. Pensacola’s cyberattack was ransomware, and so too apparently was the one that hit the Cherokee Nation. And do it for state. Emily Wilson from Terbium Labs with warnings about connected gifts for children. Guest is Kevin Lancaster from ID Agent on monitoring people affected by the OPM breach. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_11.html 

Support our show

Dec 11, 2019
Pensacola under cyberattack. Notes on ransomware. The US Justice Department IG report on Crossfire Hurricane. Who let the bots out?
19:48

The city of Pensacola is hit hard by an unspecified cyberattack. Ryuk ransomware decryptors may cause data loss. A new variant of Snatch ransomware evades anti-virus protection. The US Justice Department’s Inspector General has reported on the FBI’s Crossfire Hurricane investigation. Another unsecured database exposes PII. Keep an eye out for Patch Tuesday updates. And it’s prediction season, so CyberScoop lets the bots out. Ben Yelin from UMD CHHS on legislating the right to sue online platforms. Guest is Chris Wysopal from Veracode with findings on security debt from their State of Software Security report.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_10.html 

Support our show

Dec 10, 2019
Ocean Lotus versus car manufacturers. Ransomware versus dental practices. $5 million reward offered in Dridex case. Information operations and the UK’s general election.
14:47

Ocean Lotus puts down more roots in automobile manufacturing. Ransomware hits dentists’ IT providers as well as a Rhode Island town. The US is offering a reward of $5 million for information leading to the arrest or--and we stress “or”--conviction of Dridex proprietor Maksim Yakubets. Russian influence operations seem to be aiming at stirring things up over this week’s British election. And an awful lot of Windows 7 machines still seem to be out there. Joe Carrigan from JHU ISI on McAfee predictions of two-stage ransomware extortion. 

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_09.html 

Support our show

Dec 09, 2019
Targeting routers to hit gaming servers. — Research Saturday
16:08

Researchers at Palo Alto Networks' Unit 42 recently published research outlining attacks on home and small-business routers, taking advantage of known vulnerabilities to make the routers parts of botnets, ultimately used to attack gaming servers.

Jen Miller-Osborn is the Deputy Director of Threat Intelligence for Unit 42 at Palo Alto Networks. She joins us to share their findings.

The research can be found here:

https://unit42.paloaltonetworks.com/home-small-office-wireless-routers-exploited-to-attack-gaming-servers/

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

 

Dec 07, 2019
Facebook sues over ad fraud. Tampering with VPN connections. Russian disinformation in Lithuania.
22:07

Facebook sues a company for ad fraud. Unix-based VPN traffic is vulnerable to tampering. Russian disinformation in Lithuania. Apple explains why new iPhones say they’re using Location Services, even when Location Services are switched off. Researchers set a new record for cracking an encryption key. And ransomware hits a New Jersey theater.  David Dufour from Webroot with a look back at 2019's nastiest cyber threats. Guest is Robert Waitman from Cisco with results from their recent Consumer Privacy Survey.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_06.html 

Support our show

Dec 06, 2019
Data center ransomware. Third-party breach hits telco customers. Buran and Buer on the black market. The Great Canon opens fire. Russia trolls Lithuania. Big bad BEC.
21:35

Data center operator CyrusOne sustains a ransomware attack. Another third-party breach involves a database inadvertently left exposed on an unprotected server. Buran ransomware finds its place in the black market, as does the new loader Buer. China’s Great Cannon is back and firing DDoS all over Hong Kong. Russian trolls are newly active in Lithuania. And a business email compromise scam fleeces a Chinese venture capital firm of $1 million--enough for a nice seed round. Robert M. Lee from Dragos on the evolution of safety and security in ICS. Guest is Sean O’Brien from @RISK Technologies on how states and cities need to prepare against election-targeted cyber attacks.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_05.html 

Support our show

Dec 05, 2019
Lazarus Group interested in thorium reactors? Disinformation by phishing. ZeroCleare wiper in the wild. NATO addresses cyber conflict. NotPetya litigation. Black market takedown.
20:21

North Korea’s Lazarus Group may have been looking for Indian reactor design information. A possible case of Russian influence operations, served up by phishing, is under investigation in the UK. The ZeroCleare wiper malware is out and active in the wild. NATO’s summit addresses cyber conflict, and a big NotPetya victim challenges insurers’ contentions that the malware was an act of war. And an international police action takes down a black market spyware souk. Michael Sechrist from Booz Allen Hamilton on security concerns with messaging apps like Slack. Guest is Roger Hale from YL Ventures on the changing role of the CISO when it comes to managing risk.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_04.html 

Support our show

Dec 04, 2019
Secondary Infektion may be back, and interested in UK elections. Quantum Dragon. FaceApp risks. PyXie RAT in the wild. An Ethereum developer is charged with helping North Korea evade sanctions.
20:08

Someone believes, or would like others to believe, that Britain’s National Health Service is for sale to the US. There’s no word on whether the US has offered the Brooklyn Bridge in exchange. The “Quantum Dragon” study summarizes Chinese efforts to obtain quantum research results from Western institutions. The FBI says FaceApp is a security threat. PyXie, a Python RAT, has been quietly active in the wild since 2018. An Ethereum developer is accused with aiding Pyongyang. Ben Yelin from UMD CHHS on a bipartisan bill requiring a warrant for facial recognition use. Guest is Earl Matthews from Verodin on the importance of collaboration between state governments and technology vendors to ensure election security.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_03.html 

Support our show

Dec 03, 2019
ANSSI considering retaliation for ransomware attack. MixCloud breached. Imminent Monitor shut down.
15:20

France might go on the offensive against ransomware attackers. The UK’s NCSC has been helping an unnamed nuclear power company recover from a cyberattack. A failed cyberattack targeted the Ohio Secretary of State’s website on Election Day. MixCloud confirms data breach. The Imminent Monitor RAT is shut down by law enforcement. And a cryptocurrency exchange loses nearly fifty-million dollars. Joe Carrigan from JHU ISI on victim blaming.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_02.html 

Support our show

Dec 02, 2019
Caveat 04 — Slowly awakening to the problems we face
41:09

Ben looks at the cozy relationship between Ring and local law enforcement, Dave shares a story about a DNA tests and search warrants. Our listener on the line wonders about deleted emails. Our guest is Michael Chertoff, former US Secretary of Homeland Security, now head of the Chertoff Group.

Links to stories:

https://gizmodo.com/ring-gave-police-stats-about-users-who-said-no-to-law-e-1837713840

https://www.nytimes.com/2019/11/05/business/dna-database-search-warrant.html

Got a question you'd like us to answer on our show? Send your audio file to caveat@thecyberwire.com or leave a message at (410) 618-3720.

Thanks to our sponsors KnowBe4, who's KCM GRC platform helps you get audits done in half the time, is easy to use, and is surprisingly affordable.

Dec 01, 2019
Special Edition — Peter W. Singer author of LikeWar
31:36

In this CyberWire special edition, an extended version of our conversation from earlier this year with Peter W. Singer. We spoke not long after the publication of his book, Like War - the Weaponization of Social Media.

Thanks to our special edition sponsors, McAfee.

Nov 30, 2019
Special Edition — John Maeda author of How to Speak Machine
20:49

In this CyberWire special edition, a conversation with John Maeda. He’s a Graphic designer, visual artist, and computer scientist, and former President of the Rhode Island School of Design and founder of the SIMPLICITY Consortium at the MIT Media Lab. His newly released book is How to Speak Machine - Computational Thinking for the Rest of Us.

Thanks to our special edition sponsors, McAfee.

Nov 29, 2019
Phishing, cryptojacking, and commodity malware. New supply chain security measures. And have you heard about this Black Friday thing?
20:34

A Fullz House for Thanksgiving. Google finds that nation-state phishing continues at its customary high levels. DeathRansom, the low-end ransomware that didn’t actually encrypt files, has now begun to do so. The Stantinko botnet adds cryptomining functionality. Microsoft reflects on Dexphot, and the sophistication it brings to ordinary malware. Supply chain security rules are coming to the US. A lawsuit in Tel Aviv. And some final notes on Black Friday. Daniel Prince from Lancaster University on business innovation and cyber security. Guest is Francesca Spidalieri from Salve Regina University on the importance of collaboration from all sectors.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_27.html 

Support our show

Nov 27, 2019
Potentially malicious SDKs draw cease-and-desist letters. Nursing homes get ransom demands. A look back at the Sony Pictures hack. CISA offers advice on safe online shopping.
19:32

Twitter and Facebook warn of potentially malicious software development kits being used by app developers to, potentially, harvest and monetize users’ data. Nursing homes affected by a third-party ransomware incident receive extortion demands that amount to some $14 million. THe Hollywood Reporter retails skeptical musings about the Sony Pictures hack on the fifth anniversary of the North Korean attack. And CISA offers advice for safe holiday shopping. Justin Harvey from Accenture with thoughts on smart cities. Guest is Sam Bakken from OneSpan on mobile app developers protecting against jailbreaking.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_26.html 

Support our show

Nov 26, 2019
Arrest by algorithm. Dangers of data enrichment. Golden Falcon in Kazakhstan. FCC vs. Huawei and ZTE. Internet sovereignty. Chuckling Squad popped for Twitter caper. Other crime and punishment.
20:36

A defection and a leak expose Chinese espionage and social control operations. Data aggregation and enrichment seem to underlie a big inadvertent data exposure. Something seems to be up in Kazakhstan’s networks. The US FCC takes a swing at Huawei and ZTE. Russia moves closer to its desired Internet sovereignty. A Chuckling Squad member is in custody. A spy goes to prison, cyber hoods do time, and the rats are up to no good in Estonia. That’s the rodents, not the Trojans. Caleb Barlow from Cynergistek with insights gained from a scammer’s call.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_25.html 

Support our show

Nov 25, 2019
Mustang Panda leverages Windows shortcut files. — Research Saturday
12:10

Researchers at Anomali have been tracking China-based threat group, Mustang Panda, believing them to be responsible for attacks making clever use of Windows shortcut files. 

Parthiban is a researcher at Anomali, and he joins us to share their findings.

The research is here:
https://www.anomali.com/blog/china-based-apt-mustang-panda-targets-minority-groups-public-and-private-sector-organizations

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

 

Nov 23, 2019
Sandworm in Google Play. Internet sovereignty. Bogus accounts on LInkedIn. Pupil becomes teacher. Six-year sentence for DDoS. Big bug bounty at Google. Ransomware updates. Pegasus inquest.
25:50

Google researchers provide a Sandworm update. Internet sovereignty considered: an aid to law enforcement or a means of social control. LinkedIn reports on the 21-million bogus accounts it closed over the past year. Teacher becomes pupil as marketing learns from informaiton operators. Ohio man gets six years in Akron DDoS case. Ransomware case updates. A Parliamentary inquiry in India will look into the deployment of Pegasus against WhatsApp users. Craig Williams from Cisco Talos on the Panda cryptominer. Guest is Keenan Skelly from Circadence on getting the younger generation excited about cyber.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_22.html 

Support our show

Nov 22, 2019
Refined Kitten paws at ICS. Debunking BlueKeep rumors. FBI warns Detroit of cyber threats. The UN’s long deliberation over cybercrime. Cryptowars. 5G security and a 5G czar. Ransomware updates.
20:10

Refined Kitten seems to be up to something, perhaps in the control system world. Microsoft debunks claims about Teams, BlueKeep, and Doppelpaymer ransomware. The FBI warns the auto industry that it’s attracting attackers’ attention. A new attack technique, RIPlace, is described. Phineas Fisher’s bouty, considered. The UN, the AG, and the course of the cryptowars. Does America need a 5G czar? And ransomware from Baton Rouge to Rouen. Michael Sechrist from BAH on third party malware risks. Guest is Bill Connor from SonicWall with results from their Q3 Threat Data Report.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_21.html 

Support our show

Nov 21, 2019
Louisiana works to recover from Monday’s ransomware attack. Gekko Group sustains a massive data exposure. US student charged with coding for ISIS.
18:57

Louisiana works to recover from Monday’s ransomware attack. The HydSeven criminal group is delivering Trojans via spearphishing. A hotel reservation company sustained a massive data exposure. India’s government says it’s legally permitted to surveil citizens’ devices when it’s deemed necessary. Google, Facebook, Apple, and Amazon answer questions for Congress’s antitrust inquiry. A Chicago student is charged with coding for ISIS. And the National Security Agency offers advice for implementing TLSI. David Dufour from Webroot with findings from their midyear threat report . Guest is Bill Harrod from MobileIron on biometric data in the federal space.

Nov 20, 2019
Ransomware recovery in Louisiana. DPRK phishing for aerospace jobseekers? Cybercrime campaigns. Notes on current legal matters.
20:58

Louisiana recovers from a ransomware attack against state servers. North Korea appears to still be interested in Indian industry--this time it’s people looking for jobs at Hindustan Aeronautics. Compromised CMS distributing info-stealing Trojans. HydSeven mounts a cross-platform spearphishing campaign. Macy’s and Magecart. Thoughts on supply chain security and cyber deterrence. And some legal updates, including some alleged academic money laundering.  Ben Yelin from UMD CHHS on your rights to images you post of yourself online. Guest is Tom Miller from ClearForce on continuous discovery of insider threats.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_19.html 

Support our show

Nov 19, 2019
Disney+ credentials hacked. Kudankulam reassurance. Chinese, Iranian documents leak. Iran and Venezuela restrict Internet access. Russia proposes Internet control treaty. Hacktivist notes.
15:21

Disney+ credentials already on sale in the black market souks. India reassures nuclear power partners that the Kudankulam incident didn’t compromise safety. Documents pertaining to Chinese and Iranian security operations leak. Internet restrictions go into force in Iran and Venezuela. Russia offers an Internet control treaty at the UN. The Lizard Squad might be back, and Phineas Fisher has also resurfaced. And happy birthday, CISA. Joe Carrigan from JHU ISI on the NICE conference.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_18.html 

Support our show

Nov 18, 2019
Sodinokibi aka REvil connections to GandCrab — Research Saturday
17:21

Researchers at McAfee's Advanced Threat Research Team have been analyzing Sodinokibi ransomware as a service, also known as REvil. John Fokker is head of cyber investigations for McAfee Advanced Threat Research, and he joins us to share their findings.

The research is here:

https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-what-the-code-tells-us/

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Nov 16, 2019
Pemex ransomware update. Spearphishing with spoofed government phishbait. Trojan two-fer. AntiFrigus ransomware avoids C-drive files. BLE bug. DataTribe’s annual Challenge.
26:37

Pemex has recovered from the ransomware attack it sustained...or has it? TA2101 is spoofing German, Italian, and US government agencies in its phishing emails. A dropper in the wild is delivering a Trojan two-fer. AntiFrigus ransomware is avoiding C-drives for some reason. Ohio State researchers find a Bluetooth vulnerability. And the results of the annual DataTribe Challenge are in--we heard the three finalists pitch yesterday, and the judges have a winner. Robert M. Lee from Dragos on purple-teaming ICS networks. Guest is David Spark from the CISO/Security Vendor Relationship Podcast on marketing to CISOs.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_15.html 

Support our show

Nov 15, 2019
PureLocker ransomware. APT33 update. Hong Kong and information war, in the courts and on PornHub. Facebook content takedowns. Alleged criminals prepare to face the court.
19:43

PureLocker is a new ransomware strain available in the black market. APT33 is showing a surge of activity. Lawfare and information operations in and around Hong Kong. Facebook takes down content for violating its Community Standards. And two alleged cyber criminals are facing charges: one is allegedly the former proprietor of Cardplanet, the other was selling a remote administrative tool the RCMP says was really a different kind of RAT.  Justin Harvey from Accenture on the increasing use of biometrics in security. Guest is Jennifer Ayers from Crowdstrike with the insights from their Overwatch threat hunting report.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_14.html 

Support our show

Nov 14, 2019
NAM hacked during US-China trade tensions. DDoS against British political parties. Pemex recovers from ransomware. Project Nightingale gets US Federal scrutiny. Patch notes.
20:21

National Association of Manufacturers hacked during Sino-American trade negotiations (and tensions). Ineffectual DDoS attacks hit both of the UK’s largest political parties. Pemex says it’s completed recovery from ransomware. The US Department of Health and Human Services will investigate Google’s Project Nightingale for possible HIPAA issues. And did BlueKeep warnings scare people into patching? Apparently not.  Ben Yelin from UMD CHHS on California going after Facebook on alleged user privacy violations. Guest is Edward Roberts from Imperva on Ecommerce and bots.

Nov 13, 2019
Labour Party reports a cyberattack. What the Lazarus Group is up to. Platinum adds a quiet backdoor. Buran competes on price. PCI DSS compliance falling. Ahoy, Yantar.
15:36

The UK’s Labour Party says it was hacked, but unsuccessfully. The Lazarus Group seems to be back out and about, and apparently interested in India. The Platinum threat actor continues to prospect Southeast Asian targets with stealthy malware, and a new backdoor. Buran tries to take black market share in the ransomware-as-a-service souk. Paycard standard compliance is down. And is that a spy ship we see, or are you just looking at the seabed, all for science? Joe Carrigan from JHU ISI with browser vulnerabilities in Chrome and Firefox.

Nov 12, 2019
Special Edition — Andy Greenberg from WIRED on his book "Sandworm."
26:37

In this CyberWire special edition, a conversation with Andy Greenberg, senior writer at WIRED and author of the new book Sandworm -  A New Era of CyberWar and the Hunt for the Kremlin’s Most Dangerous Hackers. It’s a thrilling investigation of the Olympic Destroyer malware, and an accounting of the new era in which we find ourselves, where nation states can target their adversaries critical infrastructure, and the often unintended consequences that follow.

Thanks to our sponsors McAfee, the device-to-cloud cybersecurity company. 

Nov 11, 2019
Monitoring the growing sophistication of PKPLUG — Research Saturday
20:44

Researchers from Palo Alto Networks' Unit 42 have been tracking a Chinese cyber espionage group they've named PKPLUG. The group mainly targets victims in the Southeast Asia region. Ryan Olson is VP of threat intelligence at Palo Alto Networks, and he joins us to share their findings.

The original research is here:

https://unit42.paloaltonetworks.com/pkplug_chinese_cyber_espionage_group_attacking_asia/

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Nov 09, 2019
Warnings about Emotet and BlueKeep. Crooks test their stolen cards before the holiday shopping season. Amazon fixes Ring. Chinese security gear allegedly sold as made-in-USA.
24:22

Warnings and advice about Emotet and BlueKeep, both being actively used or exploited in the wild. Two new carding bots are in circulation against e-commerce sites. Expect more of this as criminals test stolen credentials in advance of the holiday shopping season. Amazon fixes a security flaw in its Ring doorbell. A Long Island company is charged with selling bad Chinese security systems as good made-in-USA articles. Michael Sechrist from BAH on preventing supply chain attacks. Guest is Andy Greenberg, senior writer at Wired an author of the book Sandworm — A new era of cyberwar and the hunt for the Kremlin’s most dangerous hackers.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_08.html 

Support our show

Nov 08, 2019
US off-off-year elections go off OK, but don’t get cocky, kids. US charges three in Saudi spy case. Adware dropping apps removed from Google Play. Patch Confluence.
20:23

The US off-off-year elections seem to have gone off largely free of interference, but officials caution that major foreign influence campaigns can be expected in 2020. Three former Twitter employees are charged with spying for Saudi Arabia. The website defacement campaign in Georgia remains unattributed. Google boots seven adware droppers from the Play Store. Phishers are using web analytics for better hauls. And nation-states are targeting unpatched Confluence. Johannes Ullrich from the SANS Technology Institute on encrypted SNI in TLS 1.3 and how that can be used for domain fronting. Guest is Kevin O’Brien from GreatHorn on managing email threats.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_07.html 

Support our show

Nov 07, 2019
App developers had access to more Facebook Group data than intended. Election security and disinformation. DarkUniverse described. Millions lost to business email compromise.
20:31

Facebook closes a hole in Group data access. US authorities seek to reassure Congress and the public concerning the security of election infrastructure. Disinformation remains a challenge, however, as the US prepares for the 2020 elections. Criminals catch Potomac fever as they use politicians’ names and likenesses as an aid to distributing malware. Kaspersky outlines the now-shuttered DarkUniverse campaign. And Nikkei America loses millions to a BEC scam. Justin Harvey from Accenture on automated incident response. Carole Theriault speaks with Kristen Coulson from Tripwire on protecting the IoT.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_06.html 

Support our show

Nov 06, 2019
Ransomware in Spain. Pegasus in India. TikTok on the Huawei highway? Booz Allen predicts! And good dogs sniff out bad data.
15:36

Ransomware hits Spanish companies. Pegasus continues to excite controversy in India. TikTok applies for Big Tech’s good-citizen club, but has apparently so far been blackballed. Booz Allen offers nine predictions for 2020: balkanization, supply chain threats, automotive data theft, war-droning, satellite hacks, tougher attribution, election interference, missiles against malware, and Olympic interference. And good dogs go after bad guys’ data storage devices. Ben Yelin from UMD CHHS on AT&T’s claims that they cannot be sued for selling location data to bounty hunters.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_05.html 

Support our show

Nov 05, 2019
BlueKeep is exploited for cryptojacking. Ransomware hits Canadian provincial government. Pegasus lands in India. Magecart, GandCrab updates. US Cyber Command deploys to Montenegro.
15:21

BlueKeep is being exploited in the wild, not too seriously, yet, but you should still patch. Nunavut’s government is recovering from a ransomware attack is sustained Saturday morning. The NSO Group controversy spreads into an Indian politcal dust-up. Different Magecart groups are found to be be independently hitting the same victims. GandCrab provided a new template for the cyber underworld. And US Cyber Command deploys to Montenegro. Joe Carrigan with thoughts on the Coalfire pentesters criminal case.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_04.html 

Support our show

Nov 04, 2019
Special Edition — Insider Threats
22:52

What’s an insider threat? Loosely, it’s a threat that operates from within your organization. In this CyberWire special edition, our UK correspondent Carole Theriault soeak with experts who’ll talk us through the different ways insider threats manifest themselves. 

Thanks to our special edition sponsor, Okta. 

Nov 03, 2019
Usable security is a delicate balance. — Research Saturday
18:09

Until recently, usability was often an afterthought when developing security tools. These days there's growing realization that usability is a fundamental part of security. Lorrie Cranor is director of the CyLab Usable Privacy and Security lab (CUPS) at Carnegie Mellon University. She shares the work she's been doing with her colleagues and students to improve security through usability.

The research can be found here:

https://www.cylab.cmu.edu/news/2019/07/29-usability-history.html

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Nov 02, 2019
Cyber espionage. Russia tries Web autarky. The US will investigate TikTok. A bad keyboard app is out of Google Play but still in circulation. Crime comes to e-sports. Happy hundredth, GCHQ.
25:03

FireEye warns of Messagetap malware and its spying on SMS. NSO Group’s Pegasus troubles seem to be expanding. Russia prepares to disconnect its Internet. The US opens a national security investigation into TikTok. An Android keyboard app is making bogus purchases and doing other adware stuff. E-sports draw criminal attention. And happy birthday, GCHQ. Robert M. Lee from Dragos on why it’s important for him to set aside time for teaching. Guest is Phil Quade from Fortinet on his recently published book, The Digital Big Bang, which makes an analogy between the Big Bang that created our Universe, and the explosion of bits & chaos in humankind’s age of cyber.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_01.html 

Support our show

Nov 01, 2019
Malware in nuclear plant business system, but not in control systems. Facebook versus inauthenticity and spyware. Twitter refuses political ads. NIST wants comments. Cyber risk a factor in credit ratings.
20:55

The Kudankulam Nuclear Power Plant confirms it had malware in a business system, but that control systems were unaffected. Franchising coordinated inauthenticity. Facebook deletes NSO Group employees. Twitter says it will no longer accept political ads. NIST wants your comments. And Moody’s appears ready to consider cyber risk in its credit ratings. Ben Yelin from UMD CHHS on Europeans' right to repair. Guest is part two of my interview with Tanya Janca from Security Sidekick on web application inventory and vulnerability discovery.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_31.html 

Support our show

Oct 31, 2019
The Malware Mash
03:07

Enjoy this rerun of our Halloween musical parody, The Malware Mash!

Oct 31, 2019
Caveat Ep 2 — Privacy and biometric data.
37:26
Ben wonders if the NSA's authority to collect metadata will be renewed. Dave describes an expensive case of mobile device snooping. Our listener on the line wonders if the feds can monitor his laptop. Our guest is Elizabeth Wharton from Prevalion on biometric data security. 

Thanks to our sponsors KnowBe4, who's KCM GRC platform helps you get audits done in half the time, is easy to use, and is surprisingly affordable.
Oct 30, 2019
WhatsApp sues NSO Group over Pegasus distribution. Georgia continues its recovery, as does Johannesburg. Facebook stops more inauthentic action. A Bed, Bath, and Beyond breach.
20:54

WhatsApp sues NSO Group for spreading Pegasus intercept software through WhatsApp’s service. Georgia continues its recovery from the large website defacement campaign it suffered at the beginning of the week. Facebook ejects more inauthenticity. Johannesburg hangs tough on cyber extortion. Money laundering finds its way into online games. Norsk Hydro’s insurance claim. An update on pentesting in Iowa. And Bed, Bath, and Beyond sustains a data breach.  Awais Rashid from Bristol University on securing large scale infrastructure. Guest is Tanya Janca from Security Sidekick on finding mentors and starting her own company.

Oct 30, 2019
Fancy Bear paws at anti-doping agencies. Johannesburg says no to the Shadow Kill Hackers. Adwind jRAT’s new misdirection. US FCC versus Huawei, ZTE. Georgia hacked.
21:39

Fancy Bear is pawing at anti-doping agencies, again, suggesting more to come for the 2020 Tokyo Olympics. Johannesburg has declined to pay the Shadow Kill Hackers the money they demanded. Adwind jRAT has gotten a bit harder to detect. The US FCC is considering a measure that would prevent certain funds from being used to purchase Huawei or ZTE gear. Pwn2Own goes ICS. Georgia is hit by unknown hackers, and Magecart appears in an American Cancer Society website. Daniel Prince from Lancaster University on risk management and uncertainty. Guest is Robb Reck from Ping Identity with their research, 5 Steps to Improve API Security.

Oct 29, 2019
Actionable intelligence, and the difficulty of cutting through noise. Extortion hits Johannesburg. Criminal-to-criminal markets. Who’s more vulnerable to phishing, the old or the young?
16:05

Actionable intelligence, culling signal from noise, and the online resilience of threat groups. Ransomware hits a legal case management system. The city of Johannesburg continues its recovery from an online extortion attempt. The Raccoon information stealer looks like a disruptive product in the criminal-to-criminal market: not the best, but good enough, and cheaper than the high-end alternatives. And who’s more vulnerable to scams: seniors or young adults? It’s complicated.  Joe Carrigan from JHU ISI on Metasploit as a tool for good or bad.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_28.html 

Support our show

Oct 28, 2019
Masad Steals via Social Media. — Research Saturday
17:43

Researchers at Juniper Networks have been tracking a trojan they call Masad Stealer, which uses the Telegram instant messaging platform for part it its command and control infrastructure. Mounir Hahad is head of Juniper Threat Labs at Juniper Networks and he joins us to share their findings. 

The original research is here:

https://forums.juniper.net/t5/Threat-Research/Masad-Stealer-Exfiltrating-using-Telegram/ba-p/468559

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Oct 26, 2019
Spearphishing the UN and NGOs. Clickware kicked out of app stores. ICS security notes. Close-reading the Turla false-flag reports. A good use for the dark web. Senators call for investigations.
26:05

A spearphishing campaign is found targeting humanitarian, aid, and policy organizaitons. Google and Apple remove clickfraud-infested apps from their stores. A last look back at SecurityWeek’s 2019 ICS Cyber Security Conference, which wrapped up in Atlanta yesterday afternoon. Close- reading GCHQ and NSA advisories. The BBC takes to the dark web, in a good way. And Senators call for investigations of Amazon and TikTok. David Dufour from Webroot with research on phishing. Guest is Jeremy N. Smith, author and host of The Hacker Next Door podcast.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_25

.html 

Support our show

Oct 25, 2019
Clouds are back after being out. Bitpaymer hits German manufacturer. Cross-plaform mobile malware. SecurityWeek’s 2019 ICS Cyber Security Conference.
20:58

AWS and Google Cloud are back up after early week unrelated outages. A German automation tool manufacturer discloses a ransomware infestation. Mobile malware in the spies’ toolkit. The FBI’s Protected Voices share election secuirty informaiton. Notes from SecurityWeek’s 2019 ICS Cyber Security Conference. NCSC’s annual report. And people have things to say about backdoors, bribes, and those aliens at Area 51. (Chemtrails, too.) Craig Williams from Cisco Talos with an update on Emotet. Guest is Dave Weinstein from Claroty discussing threats to critical infrastructure.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_24.html 

Support our show

Oct 24, 2019
Caveat — Crowdsourced private surveillance.
39:34

Dave shares a candidate's plan to make personal data private property. Ben describes a system of crowdsourced private surveillance. The listener on the line has a question about expectations of privacy in places like shopping malls. Our guest is Kim Phan from the law firm Ballard Spahr, here to discuss new privacy legislation going into effect in Nevada.

Thanks to our sponsors KnowBe4, who's KCM GRC platform helps you get audits done in half the time, is easy to use, and is surprisingly affordable.

Oct 24, 2019
Criminal connections. The risky business of acquisition. Joker is back, and it’s not funny. Most dangerous celebrities. Notes from SecurityWeek’s ICS Cyber Security Conference.
20:29

Magecart Group 5 is linked to the Carbanak gang. Another recently acquired reservation systems brings a headache to hospitality. Another app is found to carry the Joker malware. Some more notes from SecurityWeek’s ICS Cyber Security Conference in Atlanta, where the emphasis remains on attention to detail and taking care of first things first. And a list of the most dangerous celebrities offers a peek into the bad actors’ tackle box. Ben Yelin from UMD CHHS on a federal injunction against a company scraping user profiles from LinkedIn. Guest is Mandy Rogers from Northrop Grumman, on her own professional journey and the importance of diversity.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_23.html 

Support our show

Oct 23, 2019
More coordinated inauthenticity taken down. The Westphalian system and cyber conflict. VPNs and an AV company sustain incidents. Assange and extradition.
21:21

Facebook takes down more coordinated inauthenticity from Iran and Russia, and announces a new transparency policy about news sources. The former NSA Director schools an ICS security audience on the Westphalian system. Three VPNs and one antivirus provider sustain breaches that may be contained, but that may also derive from exploitation of phantom accounts. Microsoft gets more EU scrutiny. And Mr. Assange gets another day in court.  Johannes Ullrich from the SANS Technology Institute on phishing targeting the financial industry. Guest is Ori Eisen from Trusona on moving beyond phone numbers, usernames and passwords online.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_22.html 

Support our show

Oct 22, 2019
Not every incident is necessarily an attack. Not everything that purrs is a kitten (sometimes it’s a bear that would like you to think it’s a kitten). ICS security notes.
15:07

Some notes on not jumping to conclusions that incidents are cyber attacks. A false flag operation shows the difficulty of attribution: not everything that purrs is a kitten, because sometimes it’s a bear. Notes from the ISC Security Conference in Atlanta, including some reflections on the criminal market’s business cycle, the dangers of social engineering, and the importance of attending to the fundamentals. And the Vatican fixes a bug. Joe Carrigan from JHU ISI on the ease with which one’s identity can be determined using previously anonymized data sets.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_21.html 

Support our show

Oct 21, 2019
Hoping for SOHO security — Research Saturday
15:23

Researchers at Independent Security Evaluators (ISE) recently published a report titled SOHOpelessly Broken 2.0, Security Vulnerabilities in Network Accessible Services. This publication continues and expands previous work they did examining small office/home office (SOHO) routers, network-attached storage devices (NAS), and IP cameras. 

Shaun Mirani is a security analyst at ISE, and he joins us to share their findings. 

The original research is here:
https://www.ise.io/whitepaper/sohopelessly-broken-2/

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Oct 19, 2019
Clickfraud and third-parties (both SDKs and stores). Trojanized TOR browser steals from Russian users. WiFi bugs. Sketchy jailbreak. Big Tech on free speech. Cooperation against terrorism.
25:41

Clickfraud arrives via a third-party SDK, and the app developers who used it say they didn’t know nuthin’. Maybe they didn’t. A Trojanized TOR browser warns its bro’s that, whoa, you’re out of date and the police might see you, but it’s really just stealing the bros’ alt-coin. WiFi bugs are fixed in Kindle and Alexa. Don’t try to jailbreak your iPhone from a sketchy Checkrain site. Two Big Tech companies take different directions on free speech. And Russia gets an assist from Uncle Sam. Craig Williams from Cisco Talos on a Tortoiseshell creating a fake veteran’s job site. Guest is Caleb Barlow from Cynergistek on the challenges of securing medical records.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_18.html 

Support our show

Oct 18, 2019
Cozy Bear never really left. Iran denies it suffered a US cyberattack. Malicious WAV files. Darknet dragnet hauls in child exploitation ring. Graboid infests Docker hosts.
20:29

Cozy Bear isn’t back--Cozy Bear never really left at all. Iran says the Americans are dreaming: there was no cyberattack in retaliation for Iran’s implausibly deniable missile strikes on Saudi oil fields last month. Malicious audio files are dropping cryptominers and reverse shells into victim systems. An international dragnet collars hundreds in a darknet child exploitation sweep. And Graboid is out there, worming its cryptojacker into susceptible Docker hosts. Robert M. Lee from Dragos on their contribution to the Splunk Boss of the SOC (BOTS) capture-the-flag (CTF) competition. Guest is Chris Hickman from Keyfactor on Public Key Infrastructure.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_17.html 

Support our show

Oct 17, 2019
Cyber retaliation for a kinetic attack, again. Industrial espionage from China. Botnet does sextortion. Typosquatting the other candidate. A poor approach to reputation management.
19:08

The US may have retaliated in cyberspace for Iran’s strikes against Saudi oil fields. China’s new C919 airliner seems to have benefited greatly from industrial espionage. An old botnet learns new tricks. Typosquatting as an election influence trick. A look at price lists in the Criminal-to-Criminal marketplace. Recovering from ransomware. And when it comes to reputation management, there’s not so much a right to be forgotten as there is a right to fuggeddaboutit, if your get what we mean. Justin Harvey from Accenture on ESports gaining popularity in cyber security.  Guest is Aashka, a high school junior who helped plan the Raytheon Girl Scouts National Cyber Challenge.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_16.html 

Support our show

Oct 16, 2019
Ransomware hits US, French companies. ISPs as combat support arms. Lawful intercept gone rogue? Lazarus Group is back and in GitHub. China’s security laws and security risks.
20:49

Ransomware hits companies in France and the US. A Finnish energy company sustains a suspicious IT incident. Turkey jams social media as it rolls tanks against the Kurds. Pegasus spyware said to be in use against Moroccan activists. Silent Librarian is still making noise. The Lazarus Group is back with a malign crypto-trading app. China tightens its cyber laws, and the EU privately warns itself that, yes, companies like Huawei are a security risk. Joe Carrigan from JHU ISI, responding to a listener question about training new employees. Carole Theriault interviews Dirk Schrader from Greenbone Networks on the security of medical data.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_15.html 

Support our show

Oct 15, 2019
Decrypting ransomware for good. — Research Saturday
19:59

Michael Gillespie is a programmer at Emsisoft, as well as a host of the popular ID Ransomware web site that helps victims identify what strain of ransomware they may have been infected with, and what decryptors may be available. He's written many decryptors himself, most recently for the Syrk strain of ransomware. 

Links to the research and Michael's work:
https://blog.emsisoft.com/en/33885/emsisoft-releases-a-free-decryptor-for-the-syrk-ransomware/
https://id-ransomware.malwarehunterteam.com/

https://www.youtube.com/user/Demonslay335

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Oct 12, 2019
Ransomware and a zero-day. A newly discovered espionage platform. FIN7’s new tricks. Beijing speaks and Apple listens. A visit to NSA’s Cybersecurity Directorate.
22:38

BitPaymer ransomware is exploiting an Apple zero-day. “Attor” isn’t your ordinary malign faerie: it’s also an espionage platform that’s been carefully deployed against Russian and Eastern European targets. FIN7 upgrades its toolkit. Apple does what the Chinese government asks it to do, blocking a mapping and a news app from users in China. And a look inside the black box, as we visit NSA’s Cybersecurity Directorate. Awais Rashid from Bristol University on the need for real-world experimentation. Guest is Kumar Saurabh from LogicHub on the importance of making breach forensics public.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_11.html 

Support our show

Oct 11, 2019
Alleged DIA leaker. Europol cybergang study. Protecting the DIB. Chinese information operations.
19:41

A US Defense Intelligence Agency analyst has been charged with leaking national defense information. Europol releases its 2019 Internet Organized Crime Threat Assessment. NSA Director Nakasone says the Agency’s Cybersecurity Directorate will first focus on protecting the Defense Industrial Base from intellectual property theft. CISA wants subpoena power over ISPs. And US companies are criticised for caving to Beijing's demands. Robert M. Lee from Dragos on regulations vs incentives when securing the electrical grid. Guest is Robb Reck from Ping Identity with results from their CISO Advisory Council’s new research on Securing Customer Identity.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_10.html 

Support our show

Oct 10, 2019
Twitter and two-factor authentication. Privacy concerns. The US Senate Intelligence Committee reports on Russian troll farms. Turla is back with some new tricks.
20:45

Twitter says it’s sorry is anything might have inadvertently happened with users’ email addresses and phone numbers, and that it’s taking steps to stop whatever might have happened from happening again. If anything actually happened. Other concerns about privacy surface elsewhere. The US  Senate Intelligence Committee issues its report on influence operations in the 2016 elections. Kaspersky ties a sophisticated malware campaign to Turla. Ben Yelin from UMD CHHS on a DARPA program exploring the possibility of using predictive technology to identify dangerous individuals. Guest is Neill Sciarrone from Trinity Cyber, discussing her career and the importance of attracting women to cyber.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_09.html 

Support our show

Oct 09, 2019
Riding herd on Mustang Panda. Drupalgeddon2 is out in the wild. VPN warnings and mitigations. Patch notes. An offer to share intelligence about Huawei. Presidential sites get low privacy grades.
19:06

An update on Mustang Panda, and its pursuit of the goals outlined in the Thirteenth Five Year Plan. Unpatched Drupal instances are being hit as targets of opportunity. NSA adds its warnings to those of CISA and NCSC concering widely used VPNs: if you use them, patch them. (And change your credentials). Five Senators tell Microsoft, nicely, that Redmond is naive about Huawei. Patch Tuesday is here. And US Presidential campaign websites get privacy grades. Johannes Ullrich from the SANS Technology Institute on server side request forging. Guest is Jadee Hanson from Code42 with the results of their 2019 Global Data Exposure Report.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_08.html 

Support our show

Oct 08, 2019
Iran hacks for influence. Brazilian PII up for auction. Prince Harry vs. Fleet Street. Electrical infrastructure cyber risk. Paying ransom. HildaCrypt developers say they’re going straight.
17:02

Iranian threat group Phosphorus (or Charming Kitten) has been found active against US elections and other targets. A big database of PII on Brazilians is up for auction in the dark web souks. Prince Harry takes a legal whack at Fleet Street. An Atlantic Council session takes a look at electrical infrastructure cyber risk. An Alabama medical system pays the ransom to get its files back. And HildaCrypt’s developers say it was all in fun, and release their own keys. Joe Carrigan from JHU ISI on the wider availability of malicious lightning charging cables.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_07.html 

Support our show

Oct 07, 2019
The fuzzy boundaries of APT41. — Research Saturday
22:59

Researchers at FireEye recently released a report detailing the activities of APT41, a Chinese cyber threat group notable for the range of tools they use, their origins in the world of video gaming, and their willingness to shift from seemingly state-sponsored activity to hacking for personal gain. 

Nalani Fraser and Fred Plan contributed to the report, and they join us to share their findings.

The original research is here:

https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Oct 05, 2019
Android vulnerability exploited in the wild. Careless spycraft. The Eye on the Nile. A new Chinese threat actor. A spoiling attack in the CryptoWars. Take election interference, please.
25:20

Project Zero warns that a use-after-free vulnerability in widely used Android devices is being exploited in the wild. Uzbekistan’s National Security Service continues to get stick in the court of public opinion for sloppy opsec. Check Point reports on what appears to be an Egyptian domestic surveillance operation. Palo Alto reports on a newly discovered Chinese state threat actor. A new volley in the Cryptowars. And Vlad gets out the rubber chicken. Guest is Paige Schaffer, CEO of Generali Global Assistance’s Identity and Digital Protection Services Global Unit, on the University of Texas ITAP report.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_04.html 

Support our show

Oct 04, 2019
A new threat group, Avivore, is called out in the Airbus hack. Ransomware and VPN exploit warnings. EU tells Facebook to take down some content, everywhere. Spearphishing ANU. SandCat’s bad opsec.
20:02

Who’s been hacking aerospace firms? Context Security suggests it’s a new Chinese threat actor, “Avivore.” The FBI issues a ransomware alert. The NCSC warns of active exploitation of vulnerable VPNs. The EU issues a sweeping takedown order to Facebook. US Senators ask Facebook about deep fakes. Spearphishing at the Australian National University. FireEye may be for sale. And the SandCat threat group shows poor opsec. Craig Williams from Cisco Talos on maliciously crafted ODT files. Guest is Yoav Leitersdof of YL Ventures with insights on the VC market in Israel.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_03.html 

Support our show

Oct 03, 2019
RATs, ransomware, payloads, and unsecured data: a look at the cybercriminal underground.
20:24

Sobinokibi ransomware looks more like the child of GandCrab, and McAfee has some thoughts on how ransomware-as-a-service operates. FakeUpdates are back, and they’re installing ransomware, too. The Adwind RAT is back and infesting a new set of targets: it’s moved on from hospitality and retail and into the oil industry. Maliciously crafted ODT files are appearing in the wild. And a big database about Russian taxpayers has appeared in an unsecured Elasticsearch cluster. Ben Yelin from UMD CHHS on a California town implementing a robot police patrol unit. Guest is Daniel Garrie from Law & Forensics on eDiscovery.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_02.html 

Support our show

Oct 02, 2019
Piling on sanctions. The disinformation-as-a-service black market. Technological sovereignty through R&D investment? Ransomware continues to rise. NSA’s new Cybersecurity Directorate.
20:25

The oligarch behind the St. Petersburg troll farm is sanctioned, again. Recorded Future looks at disinformation and finds there’s a functioning private sector market for it. The European Union seems likely to pursue technological sovereignty, at least to the tune of some R&D investment. Ransomware attacks against US state and local governments have been trending up, and that trend is likely to continue. And NSA has its new Cybersecurity Directorate.  Joe Carrigan from JHU ISI on Microsoft no longer trusting built-in encryption on hard drives. Carole Theriault speaks with Simon Rodway from Entersekt about Facebook’s Libra and how it may effect traditional banks.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_01.html 

Support our show

Oct 01, 2019
Industrial firms disclose cyber incidents. US DHS to check airliner cybersecurity. RCMP security case update. Bulletproof host taken down. Gnosticplayers. Royal phish.
19:19

Rheinmetall and DCC have disclosed sustaining cyber attacks. The US Government is looking at airliner cyber vulnerabilities. SimJacker is real, but recent phones seem unaffected. RCMP data misappropriation case update. German police raid a bulletproof host. Gnosticplayers may be back. And someone is sending phishing snail mail that claims the British Crown needs your help to ease the economic fallout of Brexit--a Bitcoin wallet is helpfully made available. Malek Ben Salem from Accenture labs with an overview of five threat factors influencing the cyber security landscape.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_30.html 

Support our show

Sep 30, 2019
Focusing on Autumn Aperture. — Research Saturday
18:31

Researchers at Prevalion have been tracking a malware campaign making use of antiquated file formats and social engineering to target specific groups. 

Danny Adamitis and Elizabeth Wharton are coauthors of the report, and they join us to share their findings.

The research can be found here:

https://blog.prevailion.com/2019/09/autumn-aperture-report.html

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Sep 28, 2019
Supply chain hacks versus Airbus. Phishing around Google Cloud. Masad Clipper and Stealer on the criminal-to-criminal market. Quick zero-day exploitation. DoorDash hack. Inside JTF Ares.
25:58

The Airbus supply chain is reported to be under attack, possibly by Chinese industrial espionage operators. Phishing campaigns impersonate Google Cloud services. A new commodity information stealer is on offer in the black market. The vBulletin zero-day was weaponized surprisingly quickly. DoorDash discloses a hack that exposed almost five million persons’ data. And a look at JTF Ares operations against ISIS shows commendable attention to increasing the enemy’s friction.  David Dufour from Webroot on the need for a variety of areas of expertise in security. Guest is Caleb Barlow CEO and President of Cynergistek, discussing the security implications of being CEO of a public company.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_27.html 

Support our show

Sep 27, 2019
Lazarus Group in India. Suspected Chinese APT uses fake Narrator. Fleeceware. DNI testimony. TalkTalk hacker charged in US. Yahoo breach compensation. Chameleon spam campaign.
20:44

North Korea’s Lazarus Group is active against targets in India. A “suspected Chinese advanced persistent threat group” is exploiting a Windows accessibility feature. Sophos warns of “fleeceware.” US DNI testifies efore the House Intelligence Committee. The TalkTalk hacker and an alleged accomplice are indicted on US charges. What’s involved in receiving compensation in the Yahoo breach settlement. And notes on the Chameleon spam campaign. Jonathan Katz from George Mason University with an overview of salting and hashing. Guest is Greg Martin from JASK on DOJ’s efforts to improve outreach with hackers.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_26.html 

Support our show

Sep 26, 2019
Notes on Tortoiseshell. Fancy Bear snuffles around embassies and foreign ministries. Poison Carp targets Tibetan groups. GandCrab unretires. And Chameleon’s curious spam.
20:17

Tortoiseshell is trolling for military veterans. There’s been a fresh Fancy Bear sighting. The transcript of a conversation between the US and Ukrainian presidents has been released. Citizen Lab warns that Poison Carp is actively working against Tibetan groups. A zero-day afflicting vBulletin forum software is out. GandCrab comes out of retirement. And there’s an odd spam campaign in circulation that looks like phishing but seems not to be.  Ben Yelin from UMD CHHS on the White House blocking Congress from auditing its offensive hacking strategy. Guest is Tim Keeler from Remediant looking at lateral movement in the context of the NotPetya attacks.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_25.html 

Support our show

Sep 25, 2019
Utility phishing. Google wins on the right to be forgotten. Transatlantic data transfer. Responsible state behavior in cyberspace. Huawei and 5G. Permanent Record, temporarily phishbait.
19:00

APT10 has been phishing in US utilities. Google wins a big round over the EU’s right to be forgotten. European courts are also considering binding contractual clauses and Privacy Shield, which together have facilitated transatlantic data transfer. Twenty-seven nations agree on “responsible state behavior in cyberspace.” A hawkish take on Huawei’s 5G ambitions. And Edward Snowden’s book is being used as phishbait (not, we hasten to say, by Mr. Snowden). Johannes Ullrich from the SANS Technology Institute on the security issues with local host web servers. Guest is Fleming Shi from Barracuda with research on city/state ransomware attacks.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_24.html 

Support our show

Sep 24, 2019
YouTube account hijacking. Facebook finds more apps misusing data. Cyber deterrence in the Gulf region. Huawei’s CFO continues to fight extradition from Canada to the US. Pentesting blues.
16:30

YouTube creators in the “car community” get their accounts hijacked over the weekend. Facebook finds tens of thousands of apps behaving badly with respect to priority--the social network’s announcement has been cooly received in the US Senate. The Gulf region continues to be a field of cyber as well as kinetic competition. Huawei’s CFO is back in court today. And Iowa tries to sort out what it actually hired pentesters to do (and to whom they were supposed to do it.) Joe Carrigan from JHU ISI on smart TV privacy concerns.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_23.html 

Support our show

Sep 23, 2019
Leaky guest networks and covert channels. — Research Saturday
15:30

Many users of inexpensive internet routers use guest network functionality to help secure their home networks. Researchers at Ben Gurion University have discovered methods for defeating these security measures. Dr. Yossi Oren joins us to share their findings.

The original research is here:
https://www.usenix.org/system/files/woot19-paper_ovadia.pdf

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Sep 21, 2019
Coordinated inauthenticity in five countries draws action from Twitter. Cryptomining continues. Huawei fights its ban in US Federal court. Notes from CISA’s Cybersecurity Summit.
24:55

Twitter details actions against coordinated inauthenticity in Egypt, the United Arab Emirates, Ecuador, Spain, and China. Tension with Iran remain high, but cyber action hasn’t sharply spiked. The Smominru botnet installs malware, including miners, and kicks other malicious code out of infected machines. Panda cryptojackers are careless but effective. Huawei says it’s the victim of a bill of attainder. And notes from CISA’s National Cybersecurity Summit.  Malek Ben Salem from Accenture labs on the security aspects of facial recognition systems. Guest is Henry Harrison CTO of Garrison on Hardsec, a new approach to security that came out of the UK.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_20.html 

Support our show

Sep 20, 2019
Notes from the CISA Summit. New DDoS vector reported. Medical images exposed online. Huawei and US sanctions. Engaging ISIS in cyberspace.
18:31

A quick look at CISA’s National Cybersecurity Summit. A big new distributed denial-of-service vector is reported. Medical servers leave patient information exposed to the public Internet. Huawei is suspended from the FIRST group as it argues its case in a US Federal court. And one of the challenges of engaging ISIS online is that it relies so heavily on commercial infrastructure--it’s got to be targeted carefully. Ben Yelin from UMD CHHS on a case of compelled encryption which may be heading to the supreme court. Guest is David Talaga from Talend on how privacy fines have informed customers’ approach to planning around data security compliance.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_19.html 

Support our show

Sep 19, 2019
Tortoiseshell threat-actor active in the Middle East. Simjacker less dangerous than thought? Decentralizing cyber attack. The Ortis affair. Mr. Snowden’s book deal.
19:48

A newly discovered threat actor, “Tortoiseshell,” has been active against targets in the Middle East. The Simjacker vulnerability may not be as widely exploitable as early reports led many to believe. The US Army seems committed to decentralizing cyber operations along long-familiar artillery lines. Joint Task Force Ares continues to keep an eye on ISIS. Canada seeks to reassure allies over the Orts affair. And the Justice Department wants any royalties Mr. Snowden’s book might earn. Daniel Prince from Lancaster University on cyber security as a force multiplier. Guest is Brian Roddy from Cisco on securing the multi-cloud.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_18.html 

Support our show

Sep 18, 2019
More updates on the Royal Canadian Mounted Police counterintelligence case. Australian elections and China’s interests. ISIS howls to the lone wolves. Ed Snowden would prefer Paris to Moscow.
20:15

More notes on the RCMP espionage scandal. The CSE’s preliminary assessment sounds serious indeed, and Canadian intelligence services are trying to identify and contain the damage Cameron Ortis is alleged to have done. And the other Four Eyes are doing so as well. Australia considered that a hacking incident early this spring may have been a Chinese effort to compromise election systems. ISIS is back online. And Mr. Snowden wouldn’t mind asylum in France. David Dufour from Webroot with thoughts on backups. Carole Theriault interviews ethical hacker Zoe Rose, who shares insights on entering the industry.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_17.html 

Support our show

Sep 17, 2019
Espionage and counter-espionage in at least three of the FIve Eyes. New sanctions against North Korea. Password managers and flashlights.
17:20

Spy versus spy, in America, Canada, and Australia, with special guest stars from the Russian and Chinese services. The US Treasury Department issues more sanctions against North Korea’s  Reconnaissance General Bureau, better known as the Lazarus Group or Hidden Cobra. Russian election influence goes local (and domestic). Password manager security problems. And why does your flashlight want to know so much about you? Justin Harvey from Accenture with insights on HTTPS and phishing.

Sep 16, 2019
Bluetooth blues: KNOB attack explained. — Research Saturday
17:01

A team of researchers have published a report titled, "KNOB Attack.
Key Negotiation of Bluetooth Attack: Breaking Bluetooth Security." The report outlines vulnerabilities in the Bluetooth standard, along with mitigations to prevent them. 

Daniele Antonioli is from Singapore University of Technology and Design, and is one of the researchers studying KNOB. He joins us to share their findings.

The research can be found here:
https://knobattack.com

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Sep 14, 2019
CRASHOVERRIDE tried to be worse than it was. InnfiRAT scouts for wallets. Simjacker exploited in the Middle East. SINET 16 are out. Pentesting scope. Back up your files, Mayor.
25:25

The Ukrainian electrical grid hack seems, on further review, to have been designed to do far more damage than it actually accomplished. InnfiRAT is scouting for access to cryptocurrency wallets. A sophisticated threat actor is using Simjacker for surveillance on phones in the Middle East. The SINET 16 have been announced. A penetration test goes bad due to a misunderstanding of scope, and Baltimore decides, hey, it might be a good idea to back up files.  Johannes Ullrich from the SANS Technology Institute on web spam systems. Guest is Rosa Smothers from KnowBe4 discussing her career journey and the importance of diversity in tech.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_13.html 

Support our show

Sep 13, 2019
The StingRays that were n DC. Old-school file formats and attack code. Ransomware becomes spyware. Joker apps ejected from the Play store. Multifaceted deterrence. Advice on BEC.
19:17

DC StingRays alleged to be Israeli devices. North Korea is slipping malware past defenses by putting it into old, obscure file formats. Ryuk ransomware gets some spyware functionality. Google has purged Joker-infested apps from the Play store. The US Defense Department explains its “multifaceted” approach to cyber deterrence. The FBI warns that business email compromise is on the upswing, and offers some advice on staying safe. Awais Rashid from Bristol University with warnings on accepting default settings on mobile devices. Guest is Bill Conner from SonicWall on side channel attacks.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_12.html 

Support our show

Sep 12, 2019
Cobalt Dickens, coming to a university library near you. UNICEF data exposure. Election security notes. Operation reWired arrests 281 alleged BEC scammers.
20:55

Cobalt Dickens is back, and phishing in universities’ ponds. UNICEF scores a security own-goal. Patch Tuesday notes. A look at US election security offers bad news, but with some hope for improvement. The US extends its state of national emergency with respect to foreign meddling in elections. And an international police sweep draws in 281 alleged BEC scammers. Ben Yelin from UMD CHHS on the privacy implications of geofencing. Guest is Drew Kilbourne from Synopsys with result of their report, The State of Software Security in the Financial Services Industry.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_11.html 

Support our show

Sep 11, 2019
US National Security Advisor to be replaced. Stealth Falcon’s new backdoor. DDoS, social engineering investigations proceed. Exfiltrating an agent. Patch Tuesday notes.
20:47

John Bolton is out as US National Security Advisor. A new backdoor is attributed to Stealth Falcon. Wikipedia’s DDoS attack remains under investigation. So does a business email compromise at Toyota Boshoku and a raid on the Oklahoma Law Enforcement Retirement Services. Vulnerable web radios get patches. The US is said to have exfiltrated a HUMINT asset from Russia in 2017. Microsoft patches 79 vulnerabilities, 17 of them rated critical. Michael Sechrist from Booz Allen Hamilton on the spillover of geopolitical issues into cyber security. Guest is Ashish Gupta from Bugcrowd on the economics of hacking and the adoption of ethical hacking.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_010.html 

Support our show

Sep 10, 2019
BEC attack pulls millions from car parts company. Wikipedia DDoS. NERC and FERC on grid hacking. Trolling Pyongyang. Mike Hammer goes to the DMV.
15:56

A big BEC extracts more than $37 million from a major automotive parts supplier. Wikipedia suffers a DDoS attack in Europe and the Middle East. NERC and FERC get to work. Thrip may really be Billbug, and that’s attribution, not etymology. Was US Cyber Command trolling North Korea on the DPRK’s national day? And what does the Department of Motor Vehicles do with all the data they collect on drivers? In some US states, it seems, they sell it to private eyes. Joe Carrigan from JHU ISI on a GMail update for iOS which enables the blocking of tracking pixels.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_09.html 

Support our show

Sep 09, 2019
VOIP phone system harbors decade-old vulnerability. — Research Saturday
26:08

Researchers at McAfee's Advanced Threat Research Team recently published the results of their investigation into a popular VOIP system, where they discovered a well-know, decade-old vulnerability in open source software used on the platform. 

Steve Povolny serves as the Head of Advanced Threat Research at McAfee, and he joins us to share their findings.

The original research can be found here:
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/avaya-deskphone-decade-old-vulnerability-found-in-phones-firmware/

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Sep 07, 2019
China hacks to track. Turning the enemy’s weapons against them? Notes from the Billington CyberSecurity Summit. Anti-trust investigations for Facebook and, probably, Google.
25:54

Chinese intelligence and security services have been busy in cyberspace. A third-party customer leaks data it received from Monster.com. There’s a Joker in the Play Store. Some notes from the Billington CyberSecurity Summit: a military look at cyber ops, what CISA’s up to, and some advice from the NCSC. Anti-trust investigations are on the way for Facebook, and it seems likely that Google will be next. Malek Ben Salem from Accenture Labs on leveraging the blockchain for AI. Guest is Doug Grindstaff from the CMMI institute, who makes the case that CISOs need to think more like VCs.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_06.html 

Support our show

Sep 06, 2019
Scraped data found gurgling around in an unsecured third-party database. Ransomware and election security. Spy in your pocket? (Probably not.) Guilty plea in the Satori case.
19:15

A database scraped from Facebook in the bad old days before last year’s reforms holds informaiton about 419 million users. The ransomware threat to election security. Notes from the Billington CyberSecurity Summit. Is your phone reporting back to Mountain View or Cupertino? Probably not, at least not in the way the Twitterverse would have you believe. And the Feds get a guilty plea in the case of the Satori botnet. Awais Rashid from Bristol University on the notion of bystander privacy. Carole Theriault speaks with Dov Goldman, Director of Risk and Compliance at Panorays on the most noteworthy third-party breaches of 2019 so far.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_05.html 

Support our show

Sep 05, 2019
Ransomware, Bitcoin, underwriters, and the bandit economy. OTA provisioning could lead to subtle phishing. Alleged spammers indicted. ZAO flashes and flickers out, for now.
19:03

A look at the ongoing ransomware epidemic, with some speculation about its connection to the criminal economy. Over-the-air provisioning might open Android users to sophisticated phishing approaches. Alleged spammers are indicted in California. And, ZAO, we hardly knew ye. Jonathan Katz from UMD on the evolution of Rowhammer attacks. Tamika Smith speaks with Troy Gill from AppRiver about cities being hit with ransomware.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_04.html 

Support our show

Sep 04, 2019
Stuxnet’s story. Watering hole was designed to attract China’s Muslim minority. USBAnywhere affects some Supermicro servers. Twitter’s CEO has his Twitter stream hijacked.
20:00

A report on Stuxnet suggests there were at least five and probably six countries whose intelligence services cooperated in the disabling cyberattack against Iran’s nuclear enrichment program. The watering hole Project Zero reported last week seems to have affected Android and Windows as well as iOS devices, and appears directed against China’s Uyghur minority. USBAnywhere vulnerability affects servers. And no, those tweets last Friday weren’t from Mr. Dorsey. Joe Carrigan from JHU ISI with thoughts on security onboarding as the fall semester begins. Guest is Rinki Sethi from Rubrick on the cybersecurity skills gap and the importance of diversity.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_03.html 

Support our show

Sep 03, 2019
Emotet's updated business model — Research Saturday
23:07

The Emotet malware came on the scene in 2014 as a banking trojan and has since evolved in sophistication and shifted its business model. Researchers at Bromium have taken a detailed look at Emotet, and malware analyst Alex Holland joins us to share their findings.

The research can be found here:

https://www.google.com/url?q=https://www.bromium.com/resource/emotet-a-technical-analysis-of-the-destructive-polymorphic-malware

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Aug 31, 2019
Watering hole for iPhones. Dental record service hit with ransomware. Huawei reportedly under investigation for IP theft. “erratic” faces cryptojacking charges. Farewell to a Bletchley Wren.
21:30

Google’s Project Zero releases information on a long-running watering-hole campaign against iPhone users. A dental record backup service is hit by ransomware, and the decryptor the extortionists gave them may not work. Huawei may be in fresh legal hot water over alleged IP theft. Cryptojacking charges are added to those the accused Capital One hacker faces. And we say farewell to a Bletchley Park veteran. Emily Wilson from Terbium Labs on back-to-school season in the fraud markets. Guest is the one-and-only Jack Bittner, with his insights on how middle-schoolers are handling security.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/August/CyberWire_2019_08_30.html 

Support our show

Aug 30, 2019
Cyberattacks and intelligence trade-offs. TrickBot’s new interests. Fancy Bear versus machine learning. Facebook looks for more ad transparency. Retadup take-down.
19:45

Senior US officials say the June 20th attacks on Iranian networks helped stop Tehran’s attacks on tankers in the Arabian Gulf. TrickBot seems to be going after mobile users’ PINs. Fancy Bear has taken note of machine learning and modified her behavior accordingly. Facebook revises its rules to achieve greater transparency in political and issue advertising. A multinational takedown cleans up the Retadup worm infestation. Ben Yelin from UMD CHHS on the proliferation of privately owned license plate readers. Guest is Martin Zizi from Aerendir on biometric security technologies.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/August/CyberWire_2019_08_29.html 

Support our show

Aug 29, 2019
LYCEUM active against Middle Eastern energy-sector targets. LinkedIn used to recruit spies. Autonomous car expert indicted. Imperva exposure. VPN software patches. AI writes.
20:19

LYCEUM is active against the oil and gas sector in the Middle East. Leaving government service? That nice offer from the head-hunters you got on LinkedIn may be the beginning of an approach by Chinese Intelligence. Autonomous car expert indicted for alleged theft of trade secrets. Imperva discloses a possible breach. Exploitation attempts against VPNs reported. And why did the chicken cross the road? The AI’s not sure, but it thinks the chicken used LIDAR.  Joe Carrigan from JHU ISI on the federal office of the CIO’s Cyber Reskilling Academy graduating their first class. Guest is Peter Smith from Edgewise on microsegmentation.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/August/CyberWire_2019_08_28.html 

Support our show

Aug 28, 2019
Hostinger resets passwords after an intrusion. Social media fraud. Notes on RATs and ransomware. Free decryptor for Syrk. Hedge funds go bananas.
19:45

Hostinger resets passwords after a breach. Arkose finds that more than half the social media logins they investigated during the recent quarter were fraudulent. US State governors seem likely to call on the National Guard to help with cyber incidents. A new phishing campaign is distributing the Quasar RAT. A new ransomware strain, Nemty, is out in the wild. Fortnite account encrypted? Emsisoft can help. And who knew that hedge funds liked bananas. David Dufour from Webroot on company cyber security assessments. Carole Theriault speaks with Omar Yaacoubi from Barac on the growth in encrypted hacks, and how they use metadata to detect and analyze them.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/August/CyberWire_2019_08_27.html 

Support our show

Aug 27, 2019
BioWatch info potentially exposed. Scammers indicted. Ukrainian cryptojacking exposed sensitive data. Social engineering notes. Boo birds and lawsuits. Data use and privacy. Low-earth orbit hack.
19:50

BioWatch info exposed. Patched vulnerabilities are weaponized in the wild. Romance and other scam indictments name eighty defendants. Cryptomining and data exposure. Social engineering with a sheen of multi-factor authentication. Suing the boo birds and the people who let them in. The road to unhappiness is paved with mutually exclusive good intentions. And alleged identity theft from low-earth orbit. Craig Williams from Cisco Talos discussing Heaven’s Gate RAT. Guest is Mike Weber from Coalfire on their recently published Penetration Risk Report.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/August/CyberWire_2019_08_26.html 

Support our show

Aug 26, 2019
Gift card bots evolve and adapt — Research Saturday
23:29

Researchers at Distil Networks have been tracking online bots targeting ecommerce gift card systems of major online retailers. The threat actors show remarkable resourcefulness and adaptability. Jonathan Butler is technical account team manager at Distil Networks, part of Imperva, and he joins to share their findings.

The research can be found here:

https://resources.distilnetworks.com/all-blog-posts/giftghostbot-attacks-ecommerce-gift-card-systems

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Aug 24, 2019
Google takes down YouTube influence operation. Cryptomining in a nuclear plant. Spyware in the Google Play Store.
22:29

Google takes down YouTube accounts spreading disinformation about Hong Kong protests. Cryptomining gear seized at a Ukrainian nuclear plant. CISA outlines its strategic vision. Telcos and law enforcement team up to stop robocalls. Spyware makes it into the Google Play Store twice. And a man gets life in prison for installing hidden cameras. Awais Rashid from University of Bristol on cybersecurity risk decisions. Guest is Cathy Hall from Sila on Privileged Access Management.

Aug 23, 2019
North Korean and Chinese cyber espionage. Updates on Texas ransomware. Steam zero-day released.
20:05

A North Korean cyber espionage campaign targets universities, think tanks, and foreign ministries. Chinese cyber spies goes after the healthcare sector. A bug hunter discloses a zero-day for Steam. Updates on the Texas ransomware attacks. Adult sites leak user information. And Veracruz fans hack their club president’s Twitter account to express their displeasure. Guest is Stewart Kantor, CFO and co-founder of Ondas Networks, on securing licensed spectrum. Emily Wilson from Terbium Labs on Phishing Kits.

Aug 22, 2019
China criticizes Twitter and Facebook. Silence expands internationally. A popular Ruby library was backdoored.
20:39

China says Twitter and Facebook are restricting its freedom of speech. The Silence criminal gang has expanded internationally. Google, Mozilla, and Apple are blocking the Kazakh government’s root certificate. A popular Ruby library was backdoored after a developer’s account was hacked. And scammers buy ads to place their phone numbers at the top of search results. Daniel Prince from Lancaster University on cyber risk in a global economy and guest is Rick Howard Palo Alto Networks on a study revealing Americans are confused about cybersecurity.

Aug 21, 2019
Chinese information operations on Twitter and Facebook. iOS jailbreak released. Adult websites leak information.
21:10

Twitter and Facebook shut down Chinese information operations. A jailbreak for the latest version of iOS is out. Facebook may have known about the “view as” bug. Vulnerabilities in Google’s Nest cams are patched. Instagram gets a data abuse bounty program. The FCC released a report on the CenturyLink outage. And adult websites leak information. Michael Sechrist from Booz Allen Hamilton on exploits. Guest is John Bennett from LogMeIn on addressing the growing cyber threats to the SMB market.

 

Aug 20, 2019
ISIS claims Kabul massacre. Huawei gets a temporary break. Texas governments hit by ransomware. Hy-Vee warns of point-of-sale attack.
19:27

ISIS claims responsibility for Kabul massacre. Huawei gets another temporary reprieve. Local governments in Texas sustain ransomware attacks. Georgia hopes to combat cyberattacks with training. Google cuts a data sharing service. Bulletproof VPN services purchase residential IPs. Smartphones could be used to carry out acoustic side channel attacks. And Hy-Vee warns of a point-of-sale breach. Joe Carrigan from JHU ISI discusses corporate password policies. Guest is Ben Waugh from RedOx talks about bug bounties in healthcare.

Aug 19, 2019
Detecting dating profile fraud — Research Saturday
25:04

Researchers from King’s College London, University of Bristol, Boston University, and University of Melbourne recently collaborated to publish a report titled, "Automatically Dismantling Online Dating Fraud." The research outlines techniques to analyze and identify fraudulent online dating profiles with a high degree of accuracy.

Professor Awais Rashid is one of the report's authors, and he joins us to share their findings.

The original research can be found here:
https://arxiv.org/pdf/1905.12593.pdf

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Aug 17, 2019
ECB sustains an intrusion into a third-party-hosted service. Norman quietly mines Monero. MetaMorph appears in a stealthy phishing campaign. Information operations.
23:28

The European Central Bank shutters a service due to a hostile intrusion. Norman quietly mines Monero. MetaMorph passes through email security filters. Some Capital One insiders thought they saw trouble brewing. Instagram crowd-sources epistemology. Deep fakes are well and good, but the will to believe probably gets along just fine with shallow fakes. US Cyber Command posts North Korea’s Electric Fish malware to VirusTotal. Johannes Ullrich from the SANS Technology Institute on IP fragmentation in operating systems. Guest is John Smith from ExtraHop on the aftermath of an insurance claim.

Aug 16, 2019
Huawei accused of abetting domestic surveillance in Africa. Cyber gangs adapt and evolve. Prosecutors indicate they’ll add charges to “erratic.” Bluetana detects card skimmers.
18:33

Huawei accused of aiding government surveillance programs in Zambia and Uganda. Cyber gangs are adapting to law enforcement, and they’ve turned to “big game hunting.” They’re also adapting legitimate tools to criminal purposes. US Federal prosecutors indicate they intend to add charges to those Paige Thompson already faces for alleged data theft from Capital One. And there’s a new tool out there for detecting gas pump paycard skimmers. Malek Ben Salem from Accenture Labs on transparency and community standards online. Guest is Taylor Armerding from Synopsis on the projected employment shortfall in cyber security.

Aug 15, 2019
Hacking the Czech Foreign Ministry. Microsoft patches new wormable bugs. More controversial human review of AI. Insecure slinks, exposed databases, and a California vanity plate.
20:08

The Czech Senate wants action on what it describes as a foreign state’s cyberattack on the country’s Foreign Ministry. Microsoft warns against the wormable DéjaBlue set of vulnerabilities. More humans found training AI. Insecure airline check-in links. Exposed databases involve BioStar 2 and Choice Hotels--the latter was held at a third-party vendor. And the LAPD doesn’t find a vanity license plate with the letters N-U-L-L particularly funny. David Dufour from Webroot with thoughts on cyber security insurance policies. Guest is Elisa Costante from ForeScout on building automation vulnerabilities.

Aug 14, 2019
UN Security Council looks at North Korean cybercrime. Notes on PsiXBot and BITTER APT. The state of spearphishing. Election security. A final look back at Black Hat and Def Con.
20:16

More on the UN Security Council’s report on North Korean state-sponsored cyber crime. PsiXBot evolves. BITTER APT probes Chinese government networks in an apparent espionage campaign. A study looks at the state of spearphishing. It’s not just the three-letter agencies out securing US voting systems; it’s the four-letter agencies who are taking point. And a last look back at Black Hat and Def Con. Jonathan Katz from UMD on Apple’s clever new cryptographic protocol. Guest is Mike Overly from Foley and Lardner LLP on the House’s hold on the State Department’s proposal for a Bureau of Cyberspace Securities and Emerging Technologies.

Aug 13, 2019
A look back at Black Hat and Def Con. Sometimes failures that look like accidents are accidents. Russia wants better content suppression from Google. Notes on intelligence services.
20:36

A look back at Black Hat and Def Con, with notes on technology and public policy. Participants urge people to contribute their expertise to policymakers. Power failures in the UK at the end of last week are largely resolved, and authorities say they’ve ruled out cyberattack as a possible cause. Russia puts Google on notice that it had better moderate YouTube content to put an end to what Moscow considers incitement to unrest. And China says reports of criminal activity are bunkum. Joe Carrigan from JHU ISI with thoughts on corporate password policies. Guest is Ralph Russo from Tulane University on how schools like Tulane are shaping their programs to meet the needs of business and government.

Aug 12, 2019
Unpacking the Malvertising Ecosystem — Research Saturday
26:09

Researchers at Cisco's Talos Unit recently published research exploring the tactics, technics and procedures of the global malvertising ecosystem. Craig Williams is head of Talos Outreach at Cisco, and he guides us through the life cycle of malicious online ads, along with tips for protecting yourself and your organization.

The research can be found here: 

https://blog.talosintelligence.com/2019/07/malvertising-deepdive.html

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Aug 10, 2019
Voting machine security. Airliner firmware. Attribution and deterrence in cyberwar. Monitoring social media. Broadcom buys Symantec’s enterprise security business. Policing, privacy, and an IoT OS.
25:07

Are voting machines too connected for comfort? Airliner firmware security is in dispute. Attribution, deterrence, and the problem of an adversary who doesn’t have much to lose. Monitoring social media for signs of violent extremism. Broadcom will buy Symantec’s enterprise business for $10.7 billion. Amazon’s Ring and the police. A CISA update on VxWorks vulnerabilities. And human second-guessing of AI presents some surprising privacy issues.  Justin Harvey from Accenture with his insights from the Black Hat show floor. Guest is Tim Tully from Splunk on the AI race between the US and China.

Aug 09, 2019
Hacking in the Gulf region. Vulnerability research into airliner avionics. Phishing and ransomware move to the cloud. EU data responsibilities. US bans five Chinese companies.
19:43

Tensions in the Gulf are accompanied by an increase in cyber optempo. A warning about vulnerable airliner avionics. Phishing is moving to the cloud, and so is ransomware. Android’s August patches address important Wi-Fi issues. An EU court decision clarifies data responsibilities. The US bans contractors from dealing with five Chinese companies. Bogus Equifax settlement sites are established for fraud. Our guests are both offering insights and observations from this year’s Black Hat conference. Matt Aldridge is from Webroot and Bob Huber is CSO at Tenable.

Aug 08, 2019
Another speculative execution flaw. LokiBot evolves. APT41 moonlights. Scammers exploit tragedies. Black Hat notes.
20:08

A new speculative execution processor flaw is addressed with software mitigations. LokiBot gets more persistent, and it adopts steganography for better obfuscation. The cyber-spies of APT41 seem to be doing some moonlighting. An accused criminal who bribed telco workers to unlock phones is in custody. Scammers are exploiting the tragedies in El Paso and Dayton. And a call at Black Hat for the security sector to bring in some safety engineers. Ben Yelin from UMD CHHS on Virginia updating legislation to address Deep Fakes. Guest is James Plouffe from MobileIron on the challenges of authentication and the legacy of passwords.

 

Aug 07, 2019
Fancy Bear is snuffling around corporate IoT devices. Machete takes its cuts at Venezuelan military targets. What Mr. Kim is buying. MegaCortex goes for automation. Vigilantes, misconfigurations, etc.
20:44

Fancy Bear is back, and maybe in your office printer. El Machete, a cyber espionage group active at least since 2014, is currently working against the Venezuelan military. A UN report allegedly offers a look at what Mr. Kim is doing with the money his hackers raked in. MegaCortex ransomware shows growing automation. Another unsecured AWS S3 bucket is found. A bank stores some PINs in a log file. Vigilante smishing. And when popping off becomes arguably criminal. Craig Williams from Cisco Talos with updates on Sea Turtle. Guest is Chris Roberts from Attivo Networks with a preview of his Black Hat keynote, A Hacker’s Perspective, Where Do We Go From Here?

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/August/CyberWire_2019_08_06.html 

Support our show

Aug 06, 2019
Ransomware attacks in Mexico and Germany. Wipers in criminal service. Supervising Siri and Alexa. Mass shooters find inspiration and online expression.
18:28

A Mexican publisher is hit with an extortion demand. Ransomware increasingly carries a destructive, wiper component: Germany is dealing with a virulent strain right now. Apple and Amazon, after the bad optics of reports that they’re farming out Siri and Alexa recordings to human contractors for quality control, are both modifying their approaches to training the assistants. And investigators sort through mass shooters’ digital trails. Joe Carrigan from JHU ISI on the VXWorks operating system vulnerabilities. Guest is Eli Sugarman from the Hewlett Foundation on their efforts to reimagine cybersecurity visuals.

Aug 05, 2019
Package manager repository malware detection — Research Saturday
11:38

Researchers at Reversing Labs have been tracking malware hidden in software package manager repositories, and it's use as a supply chain attack vector. Robert Perica is a principal engineer at Reversing Labs, and he joins us to share their findings. 

The research can be found here:

https://blog.reversinglabs.com/blog/suppy-chain-malware-detecting-malware-in-package-manager-repositories

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

Aug 03, 2019
Spearphishing utility companies. Bellingcat as gadfly, and target. Facebook takes down more coordinated inauthenticity. Card skimming. Tech regulation. Random acts of cruelty.
24:35

LookBack malware used in spearphishing campaigns against US utilities. Phishing Bellingcat. Facebook takes down two campaigns of coordinated inauthenticity that had been active in the Middle East and North Africa. The growing problem of online card skimming. The FTC’s investigation of Facebook centers on acquisitions. The Fed visits Amazon. And followers of a YouTube streamer treat the homeless as punchlines in a big practical joke. Prof. Awais Rashid from University of Bristol on the ability to “smell” security issues in software. Guest is Matt Howard from Sonotype on their State of the Software Supply Chain report.

Aug 02, 2019
Capital One investigation update. Don’t give up on the cloud. Exposed databases and backdoors. Cybercrime as high-stakes poker. Phishing the financials. Bots on holiday.
20:43

Investigators pursue the possibility that the alleged Capital One hacker might have hit other companies’ data. An exposed ElastiSearch database, now secured, was found at Honda Motors. Data from beauty retailer Sephora are found on the dark web. Defenders are urged to think of themselves as in a poker game with the opposition. Phishing remains the biggest threat to financial services. And what vacation spots attract the eyes of bots? Emily Wilson from Terbium Labs with more details from their recent fraud and international crime report. Guest is Giovanni Vigna from Lastline with thoughts on the upcoming Black Hat conference.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/August/CyberWire_2019_08_01.html 

Support our show

Aug 01, 2019
Capital One breach update. CISA warns of avionics CAN bus vulnerabilities. More attacks on local Louisiana governments. Change at the SEC. Cyber summer school for NATO, EU diplomats.
19:49

Capital One takes a market hit from its data loss. Observers see the incident as a reminder that cloud users need to pay attention to their configurations. CISA warns of vulnerabilities in small, general aviation aircraft. Another parish in Louisiana is hit with a cyberattack. The SEC’s top cyber enforcer is moving on from the Commission. And diplomats go to cyber summer school in Estonia. It’s not a coding bootcamp, but it should give them the lay of the cyber land.  Jonathan Katz from UMD on speculation of what a quantum internet might involve. Guest is Jessica Gulick from Katzcy Consulting on the Wicked6 eSports-style cyber competition coming to Las Vegas during Black Hat & Defcon.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/July/CyberWire_2019_07_31.html 

Support our show

Jul 31, 2019
Capital One sustains a major data breach. Phishing in LinkedIn. VxWorks patches and mitigations. Brute-forcing NAS credentials. LAPD doxed?
20:22

Capital One sustains a major data breach affecting 106 million customers, and a suspect is in custody, thanks largely to her incautious online boasting. Iranian social engineers are phishing in LinkedIn, baiting the hook with a bogus job offer. WindRiver fixes VxWorks bugs. Network Attached Storage is being brute-forced. A hacker claims to have doxed members of the Los Angeles Police Department.  Ben Yelin from UMD CHHS on cities piloting aerial surveillance programs. Tamika Smith interviews Noam Cohen from the New Yorker on California’s new law regulating bots.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/July/CyberWire_2019_07_30.html 

Support our show

Jul 30, 2019
Bears sniff at Bellingcat. Magecart in spoofed domains. MyDoom is still active. Shipboard malware was Emotet. Hutchins sentenced. Digital assistants have big ears. Taxes owed on alt-coin gains.
19:54

Bellingcat gets a look-in from the Bears. Magecart card-skimming code found in bogus domains. The MyDoom worm remains active in the wild, fifteen years after it first surfaced. Election security threats. The US Coast Guard says the malware that hit a container ship off New York earlier this year was Emotet. Marcus Hutchins gets time served. Fresh concerns about digital assistants and privacy. And yes, you do owe taxes on those alt-coins. Joe Carrigan from JHU ISI on the availability of the BlueKeep vulnerability. Guest is Tom Hegel from AT&T Cybersecurity with thoughts on integrating threat intelligence.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/July/CyberWire_2019_07_29.html 

Support our show

Jul 29, 2019
Special Edition - Cult of the Dead Cow author Joseph Menn extended interview
23:18

Our guest today is Joseph Menn. He’s a longtime investigative reporter on technology issues, currently working for Reuters in San Francisco. He’s the author of several books, the latest of which is titled Cult of the Dead Cow - How the original hacking supergroup might just save the world.

This program sponsored by Proactive Risk.

Jul 28, 2019
Day to day app fraud in the Google Play store — Research Saturday
20:08

Researchers at bot mitigation firm White Ops have been tracking fraudulent apps in the Google Play store. These apps often imitate legitimate apps, even going so far as to lift code directly from them, but instead of providing true functionality they harvest user data and send it back to command and control servers.

Marcelle Lee is a principal threat intel researcher at White Ops, and she shares their findings. 

The original research can be found here —
https://www.whiteops.com/blog/another-day-another-fraudulent-app

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

 

Jul 27, 2019
Winnti and other Chinese espionage activity. Volume I of the US Senate report on election meddling is out. Ransomware from Sabine, Louisiana, to Johannesburg, South Africa.
25:36

Winnti and other Chinese threats have been active against German and French targets. The US Senate Intelligence Committee has issued the first volume of its report on Russian operations against US elections--this one deals with infrastructure. Louisiana declares a state of cyber emergency over ransomware. Johannesburg’s power utility is also hit with ransomware. And you could get up to $175 from the Equifax breach settlement. Daniel Prince from Lancaster University on experimental protocols for ICS security systems. Guest is Joseph Menn, author of The Cult of the Dead Cow.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/July/CyberWire_2019_07_26.html 

Support our show

Jul 26, 2019
News about Russian and Chinese government threat actors. Powerful crimeware active in Brazil. BlueKeep really needs to be patched. Messenger Kids issues. Dispatches from the cryptowars.
20:09

Did you know that Fancy Bear has taken to wearing a Monokle? A new Chinese cyber espionage campaign is identified. Intrusion Truth tracks APT17 to Jinan, and China’s Ministry of State Security. Guildma malware is active in Brazil, and may be spreading. BlueKeep is out in the wild, and now available to pentesters. Facebook’s Messenger Kids app has been behaving badly. And an update on the cryptowars, with some dispatches from the American front. Michael Sechrist from Booz Allen Hamilton on municipalities paying ransomware. Guest is Eric Murphy from SpyCloud on threat intelligence at scale.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/July/CyberWire_2019_07_25.html 

Support our show

Jul 25, 2019
Lancaster University breached. Kazakhstan is testing out HTTPS interception. The UK postpones its decision on Huawei’s 5G gear. The FTC is requiring Facebook to set up a privacy committee.
19:18

In today’s podcast, we hear that Lancaster University has suffered a data breach. A reportedly critical vulnerability in VLC Media Player may have already been fixed last year. Kazakhstan is testing out HTTPS interception. The UK postpones its decision on Huawei’s 5G gear. The FTC is requiring Facebook to set up a privacy committee. Attorney General Barr wants a way for law enforcement to access encrypted data. And the National Security Agency is launching a Cybersecurity Directorate. David Dufour from Webroot on security awareness training. Guest is Emily Wilson from Terbium Labs about the Federal Trade Commission’s investigation into complaints over Youtube’s improper data collection of kids online data.

Jul 24, 2019
Venezuela blames power failure on exotic sabotage, again. Huawei may have built North Korea’s 3G wireless networks. Were record privacy fines high enough? Logic bombing the customer.
19:27

Venezuela’s government says the country’s massive blackout is the work of sabotage by foreign actors (read, the Yanquis) who took down the grid with an “electromagnetic attack.” Documents leaked from Huawei indicate that the electronics giant did essential work for North Korea’s infrastructure. Both Facebook and Equifax say major fines over privacy issues, but there’s growing sentiment that the fines were on the low side. And, coders, make loyalty programs, not logic bombs. Malek Ben Salem from Accenture Labs on defending against disinformation. Guest is Robb Reck from Ping Identity on insider threat programs.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/July/CyberWire_2019_07_23.html 

Support our show

Jul 23, 2019
FSB contractor hacked. Pegasus now able to rummage clouds? Iranian cyber ops spike. Fraudulent student profiles. Judgement in Equifax FTC case. NSA hoarder gets nine years.
19:57

A contractor for Russia’s FSB security agency was apparently breached. NSO Group says its Pegasus software can now obtain access to private messages held in major cloud services. Iranian cyber operations are said to be spiking, and Tehran is paying particular attention to LinkedIn. Colleges and universities are experiencing ERP issues, and a minor wave of bogus student applications. Equifax receives its judgment. And there’s a sentence in the case of the NSA hoarder.  Joe Carrigan from JHU ISI on Android apps circumventing privacy permission settings. Guest is David Brumley from ForAllSecure on autonomous security and DevSecOps.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/July/CyberWire_2019_07_22.html 

Support our show

Jul 22, 2019
Special Edition — The Fifth Domain coauthor Richard A. Clarke
22:40

Our guest today is Richard A. Clarke, former National Coordinator for Security, Infrastructure Protection and Counter-terrorism for the United States. Under President George W. Bush he was appointed Special Advisor to the President on cybersecurity. He’s currently Chairman of Good Harbor Consulting. He’s the author or coauthor of several books, the latest of which is titled The Fifth Domain - Defending Our Country, Our Companies, and Ourselves in the Age of Cyber Threats.

This is an extended version of an interview originally aired on the July 19, 2019 edition of the CyberWire daily podcast.

Thanks to our sponsors FTI Cybersecurity.

 

Jul 21, 2019
Nansh0u not your normal cryptominer — Research Saturday
17:48

Researchers at Guardicore Labs have been tracking an unusual cryptominer that seems to be based in China and is targeting Windows MS-SQL and phpMyAdmin servers. Some elements of the exploit make use of sophisticated components previously associated with nation-state actors.

Ophir Harpaz and Daniel Goldberg are members of the Guardicore Labs team, and they join us to explain their findings.

The research can be found here - 
https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/

The CyberWire's Research Saturday is presented by Juniper Networks.

Thanks to our sponsor Enveil, closing the last gap in data security.

 

Jul 20, 2019
Following K3chang. Bulgaria’s tax agency breach. An alternative currency gets some incipient regulatory scrutiny. Why towns are hit with ransomware. A hair-care hack.
24:47

K3chang is out, about, and more evasive than ever. Data breached at Bulgaria’s National Revenue Agency has turned up online in at least one hacker forum. Facebook’s planned Libra cryptocurrency received close scrutiny and a tepid reception on Capitol Hill this week. Emsisoft offers some common-sense reflections on why local governments are attractive ransomware targets. Please patch BlueKeep. And a hair care product is vulnerable to hacking. Johannes Ullrich from the SANS Technology Institute with tips on ensuring your vulnerability scans are secure. Guest is Richard Clarke, former National Coordinator for Security, Infrastructure Protection and Counter-terrorism for the United States, and coauthor of the book The Fifth Domain.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/July/CyberWire_2019_07_19.html 

Support our show

Jul 19, 2019
TrickBot’s new tricks. Poisoning the ad supply chain. Clouds get schooled. Novel phishing tackle, but stale bait. Cyberwar powers. Election interference. FaceApp fears. Bad macro suspect arrested.
19:46

TrickBot gets some new tricks, and they’re being called Trickbooster. Poisoning the advertising supply chain. Hessian schools will shy away from American cloud services. A novel phishing campaign is technically savvy but gives itself away with broken English phishbait. Congress would like to see Presidential cyberwar instructions. Microsoft warns of foreign attacks on elections. FaceApp looks suspicious. And a suspect is collared in a malicious macro case. Jonathan Katz from UMD on random number issues in YubiKeys. Carole Theriault speaks with Michael Madon from MimeCast on email imposter scams.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/July/CyberWire_2019_07_18.html 

Support our show

Jul 18, 2019
Telco data breach. Firmware supply chain problems. Hacking BLE. Census security. Continuity of operations. Decryptor for GandCrab, NSPM 13. Bulgaria’s tax hack.
20:32

Sprint warns of data breach. Eclypsium announces discovery of server firmware supply chain problems. Bluetooth Low Energy may be less secure than thought. Congress hears about US census cybersecurity. Ransomware and continuity of operations. The FBI offers help decrypting GandCrab-affected files. Venafi on why financial services are especially affected by certificate issues. Congress asks to see NSPM 13. And an arrest is made in Bulgaria’s tax agency hack. Ben Yelin from UMD CHHS on the DOJ being required to make public attempts to break encryption in Facebook Messenger. Tamika Smith speaks with Alex Guirakhoo from Digital Shadows about scammers registering fake domains to try to capitalize on Facebook’s Libra cryptocurrency plans.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/July/CyberWire_2019_07_17.html 

Support our show

Jul 17, 2019
GandCrab hoods may be back with new ransomware. Video-on issues. Broadcom-Symantec talks are off, for now. Treason or just business? Robo-calls. A decryptor for Ims0rry ransomware.
19:47

The retirement of GandCrab’s hoods may have been exaggerated. Video conferencing tools RingCentral and Zhumu may have picked up Zoom’s issues in the tech they licensed. Broadcom’s projected acquisition of Symantec is on hold, at least for now. One Silicon Valley executive calls another company “treasonous.” The US FCC wants to reign in robo-calls. And there’s a free decryptor out for Ims0rry ransomware. Emily Wilson from Terbium Labs on recent Terbium research on transnational crime. Guest is Wim Coekaerts from Oracle on security in the age of AI.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/July/CyberWire_2019_07_16.html 

Support our show

Jul 16, 2019
Voting machine woes. Router exploits trouble Brazil, Bitpoint alt-coin exchange investigates theft. Facebook fined $5 billion. Power failures probably unrelated to cyberattacks. Amazon Prime phishing.
19:39

Upgraded voting machines may not be as secure, or as upgraded, as election officials seem to think. Criminals continue to exploit routers in Brazil. A Japanese cryptocurrency exchange shuts down while it investigates a multimillion dollar theft. The Federal Trade Commission fines Facebook $5 billion over privacy issues. Weekend power outages seem not to have been the result of cyberattacks. Another city sustains a ransomware attack. Shop carefully on Amazon Prime Day. Joe Carrigan from JHU ISI on Apple pushing an update to mitigate Zoom conferencing app vulnerabilities. Guest is Patrick Cox from TrustID on government agencies using inadequate ID authentication via phone.

For links to all of today's stories check our our CyberWire daily news brief:

https://thecyberwire.com/issues/issues2019/July/CyberWire_2019_07_15.html 

Support our show

Jul 15, 2019
Opportunistic botnets round up vulnerable routers — Research Saturday
18:04