Cloned from NIW9QIO8XB 1 http://feed.informer.com/digests/FYIYIZJYNA/feeder Cloned from NIW9QIO8XB 1 Respective post owners and feed distributors Tue, 02 Oct 2018 12:41:44 +0000 Feed Informer http://feed.informer.com/ Refined Kitten paws at ICS. Debunking BlueKeep rumors. FBI warns Detroit of cyber threats. The UN’s long deliberation over cybercrime. Cryptowars. 5G security and a 5G czar. Ransomware updates. http://traffic.libsyn.com/thecyberwire/CyberWire_Podcast_2019_11_21.mp3 The CyberWire - Your cyber security news connection. urn:uuid:f9131b8a-8e13-bd1f-3ec4-bf7f4e903430 Thu, 21 Nov 2019 19:24:33 +0000 <p><span style="font-weight: 400;">Refined Kitten seems to be up to something, perhaps in the control system world. Microsoft debunks claims about Teams, BlueKeep, and Doppelpaymer ransomware. The FBI warns the auto industry that it’s attracting attackers’ attention. A new attack technique, RIPlace, is described. Phineas Fisher’s bouty, considered. The UN, the AG, and the course of the cryptowars. Does America need a 5G czar? And ransomware from Baton Rouge to Rouen. Michael Sechrist from BAH on third party malware risks. Guest is Bill Connor from SonicWall with results from their Q3 Threat Data Report.</span></p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_21.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> <p>Refined Kitten seems to be up to something, perhaps in the control system world. Microsoft debunks claims about Teams, BlueKeep, and Doppelpaymer ransomware. The FBI warns the auto industry that it’s attracting attackers’ attention. A new attack technique, RIPlace, is described. Phineas Fisher’s bouty, considered. The UN, the AG, and the course of the cryptowars. Does America need a 5G czar? And ransomware from Baton Rouge to Rouen. Michael Sechrist from BAH on third party malware risks. Guest is Bill Connor from SonicWall with results from their Q3 Threat Data Report.</p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_21.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> Louisiana works to recover from Monday’s ransomware attack. Gekko Group sustains a massive data exposure. US student charged with coding for ISIS. http://traffic.libsyn.com/thecyberwire/CyberWire_Podcast_2019_11_20.mp3 The CyberWire - Your cyber security news connection. urn:uuid:04fdbaf8-0792-f02c-6178-d9e704723355 Wed, 20 Nov 2019 21:26:31 +0000 <p><span style="font-weight: 400;">Louisiana works to recover from Monday’s ransomware attack. The HydSeven criminal group is delivering Trojans via spearphishing. A hotel reservation company sustained a massive data exposure. India’s government says it’s legally permitted to surveil citizens’ devices when it’s deemed necessary. Google, Facebook, Apple, and Amazon answer questions for Congress’s antitrust inquiry. A Chicago student is charged with coding for ISIS. And the National Security Agency offers advice for implementing TLSI. David Dufour from Webroot with findings from their midyear threat report . Guest is Bill Harrod from MobileIron on biometric data in the federal space.</span></p> <p>Louisiana works to recover from Monday’s ransomware attack. The HydSeven criminal group is delivering Trojans via spearphishing. A hotel reservation company sustained a massive data exposure. India’s government says it’s legally permitted to surveil citizens’ devices when it’s deemed necessary. Google, Facebook, Apple, and Amazon answer questions for Congress’s antitrust inquiry. A Chicago student is charged with coding for ISIS. And the National Security Agency offers advice for implementing TLSI. David Dufour from Webroot with findings from their midyear threat report . Guest is Bill Harrod from MobileIron on biometric data in the federal space.</p> Ransomware recovery in Louisiana. DPRK phishing for aerospace jobseekers? Cybercrime campaigns. Notes on current legal matters. http://traffic.libsyn.com/thecyberwire/CyberWire_Podcast_2019_11_19.mp3 The CyberWire - Your cyber security news connection. urn:uuid:de9776cf-5d38-b666-287c-fa7e72602604 Tue, 19 Nov 2019 20:36:42 +0000 <p><span style="font-weight: 400;">Louisiana recovers from a ransomware attack against state servers. North Korea appears to still be interested in Indian industry--this time it’s people looking for jobs at Hindustan Aeronautics. Compromised CMS distributing info-stealing Trojans. HydSeven mounts a cross-platform spearphishing campaign. Macy’s and Magecart. Thoughts on supply chain security and cyber deterrence. And some legal updates, including some alleged academic money laundering.  Ben Yelin from UMD CHHS on your rights to images you post of yourself online. Guest is Tom Miller from ClearForce on continuous discovery of insider threats.</span></p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_19.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> <p>Louisiana recovers from a ransomware attack against state servers. North Korea appears to still be interested in Indian industry--this time it’s people looking for jobs at Hindustan Aeronautics. Compromised CMS distributing info-stealing Trojans. HydSeven mounts a cross-platform spearphishing campaign. Macy’s and Magecart. Thoughts on supply chain security and cyber deterrence. And some legal updates, including some alleged academic money laundering.  Ben Yelin from UMD CHHS on your rights to images you post of yourself online. Guest is Tom Miller from ClearForce on continuous discovery of insider threats.</p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_19.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> Disney+ credentials hacked. Kudankulam reassurance. Chinese, Iranian documents leak. Iran and Venezuela restrict Internet access. Russia proposes Internet control treaty. Hacktivist notes. http://traffic.libsyn.com/thecyberwire/CyberWire_Podcast_2019_11_18.mp3 The CyberWire - Your cyber security news connection. urn:uuid:69a2109b-63dd-06c0-f33e-d2167af6adc3 Mon, 18 Nov 2019 20:34:49 +0000 <p><span style="font-weight: 400;">Disney+ credentials already on sale in the black market souks. India reassures nuclear power partners that the Kudankulam incident didn’t compromise safety. Documents pertaining to Chinese and Iranian security operations leak. Internet restrictions go into force in Iran and Venezuela. Russia offers an Internet control treaty at the UN. The Lizard Squad might be back, and Phineas Fisher has also resurfaced. And happy birthday, CISA. Joe Carrigan from JHU ISI on the NICE conference.</span></p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_18.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> <p>Disney+ credentials already on sale in the black market souks. India reassures nuclear power partners that the Kudankulam incident didn’t compromise safety. Documents pertaining to Chinese and Iranian security operations leak. Internet restrictions go into force in Iran and Venezuela. Russia offers an Internet control treaty at the UN. The Lizard Squad might be back, and Phineas Fisher has also resurfaced. And happy birthday, CISA. Joe Carrigan from JHU ISI on the NICE conference.</p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_18.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> Sodinokibi aka REvil connections to GandCrab — Research Saturday http://traffic.libsyn.com/thecyberwire/Sodinokibi_aka_REvil_connections_to_GandCrab__Research_Saturday.mp3 The CyberWire - Your cyber security news connection. urn:uuid:ceb56f88-a4fe-01d7-adc4-abf94a0d1c07 Sat, 16 Nov 2019 06:00:00 +0000 <p>Researchers at McAfee's Advanced Threat Research Team have been analyzing Sodinokibi ransomware as a service, also known as REvil. John Fokker is head of cyber investigations for McAfee Advanced Threat Research, and he joins us to share their findings.</p> <p>The research is here:</p> <p><a href= "https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-what-the-code-tells-us/"> https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-what-the-code-tells-us/</a></p> <p>The CyberWire's Research Saturday is presented by Juniper Networks.</p> <p>Thanks to our sponsor Enveil, closing the last gap in data security.</p> <p>Researchers at McAfee's Advanced Threat Research Team have been analyzing Sodinokibi ransomware as a service, also known as REvil. John Fokker is head of cyber investigations for McAfee Advanced Threat Research, and he joins us to share their findings.</p> <p>The research is here:</p> <p><a href= "https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-what-the-code-tells-us/"> https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-what-the-code-tells-us/</a></p> <p>The CyberWire's Research Saturday is presented by Juniper Networks.</p> <p>Thanks to our sponsor Enveil, closing the last gap in data security.</p> Pemex ransomware update. Spearphishing with spoofed government phishbait. Trojan two-fer. AntiFrigus ransomware avoids C-drive files. BLE bug. DataTribe’s annual Challenge. http://traffic.libsyn.com/thecyberwire/CyberWire_Podcast_2019_11_15.mp3 The CyberWire - Your cyber security news connection. urn:uuid:13206f45-6cd9-6fe7-58d2-5490412439c8 Fri, 15 Nov 2019 21:05:03 +0000 <p><span style="font-weight: 400;">Pemex has recovered from the ransomware attack it sustained...or has it? TA2101 is spoofing German, Italian, and US government agencies in its phishing emails. A dropper in the wild is delivering a Trojan two-fer. AntiFrigus ransomware is avoiding C-drives for some reason. Ohio State researchers find a Bluetooth vulnerability. And the results of the annual DataTribe Challenge are in--we heard the three finalists pitch yesterday, and the judges have a winner. Robert M. Lee from Dragos on purple-teaming ICS networks. Guest is David Spark from the CISO/Security Vendor Relationship Podcast on marketing to CISOs.</span></p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_15.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> <p>Pemex has recovered from the ransomware attack it sustained...or has it? TA2101 is spoofing German, Italian, and US government agencies in its phishing emails. A dropper in the wild is delivering a Trojan two-fer. AntiFrigus ransomware is avoiding C-drives for some reason. Ohio State researchers find a Bluetooth vulnerability. And the results of the annual DataTribe Challenge are in--we heard the three finalists pitch yesterday, and the judges have a winner. Robert M. Lee from Dragos on purple-teaming ICS networks. Guest is David Spark from the CISO/Security Vendor Relationship Podcast on marketing to CISOs.</p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_15.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> PureLocker ransomware. APT33 update. Hong Kong and information war, in the courts and on PornHub. Facebook content takedowns. Alleged criminals prepare to face the court. http://traffic.libsyn.com/thecyberwire/CyberWire_Podcast_2019_11_14.mp3 The CyberWire - Your cyber security news connection. urn:uuid:3ad74f0b-43b3-6fde-c50c-97cb89192061 Thu, 14 Nov 2019 19:54:37 +0000 <p><span style="font-weight: 400;">PureLocker is a new ransomware strain available in the black market. APT33 is showing a surge of activity. Lawfare and information operations in and around Hong Kong. Facebook takes down content for violating its Community Standards. And two alleged cyber criminals are facing charges: one is allegedly the former proprietor of Cardplanet, the other was selling a remote administrative tool the RCMP says was really a different kind of RAT.  Justin Harvey from Accenture on the increasing use of biometrics in security. Guest is Jennifer Ayers from Crowdstrike with the insights from their Overwatch threat hunting report.</span></p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_14.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> <p>PureLocker is a new ransomware strain available in the black market. APT33 is showing a surge of activity. Lawfare and information operations in and around Hong Kong. Facebook takes down content for violating its Community Standards. And two alleged cyber criminals are facing charges: one is allegedly the former proprietor of Cardplanet, the other was selling a remote administrative tool the RCMP says was really a different kind of RAT.  Justin Harvey from Accenture on the increasing use of biometrics in security. Guest is Jennifer Ayers from Crowdstrike with the insights from their Overwatch threat hunting report.</p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_14.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> NAM hacked during US-China trade tensions. DDoS against British political parties. Pemex recovers from ransomware. Project Nightingale gets US Federal scrutiny. Patch notes. http://traffic.libsyn.com/thecyberwire/CyberWire_Podcast_2019_11_13.mp3 The CyberWire - Your cyber security news connection. urn:uuid:064779c0-def9-9d05-09a9-af6aa5d70f22 Wed, 13 Nov 2019 17:52:29 +0000 <p><span style="font-weight: 400;">National Association of Manufacturers hacked during Sino-American trade negotiations (and tensions). Ineffectual DDoS attacks hit both of the UK’s largest political parties. Pemex says it’s completed recovery from ransomware. The US Department of Health and Human Services will investigate Google’s Project Nightingale for possible HIPAA issues. And did BlueKeep warnings scare people into patching? Apparently not.  Ben Yelin from UMD CHHS on California going after Facebook on alleged user privacy violations. Guest is Edward Roberts from Imperva on Ecommerce and bots.</span></p> <p>National Association of Manufacturers hacked during Sino-American trade negotiations (and tensions). Ineffectual DDoS attacks hit both of the UK’s largest political parties. Pemex says it’s completed recovery from ransomware. The US Department of Health and Human Services will investigate Google’s Project Nightingale for possible HIPAA issues. And did BlueKeep warnings scare people into patching? Apparently not.  Ben Yelin from UMD CHHS on California going after Facebook on alleged user privacy violations. Guest is Edward Roberts from Imperva on Ecommerce and bots.</p> Labour Party reports a cyberattack. What the Lazarus Group is up to. Platinum adds a quiet backdoor. Buran competes on price. PCI DSS compliance falling. Ahoy, Yantar. http://traffic.libsyn.com/thecyberwire/CyberWire_Podcast_2019_11_12.mp3 The CyberWire - Your cyber security news connection. urn:uuid:468f9868-5c2f-ca94-867e-54f6f6c6d262 Tue, 12 Nov 2019 20:27:23 +0000 <p><span style="font-weight: 400;">The UK’s Labour Party says it was hacked, but unsuccessfully. The Lazarus Group seems to be back out and about, and apparently interested in India. The Platinum threat actor continues to prospect Southeast Asian targets with stealthy malware, and a new backdoor. Buran tries to take black market share in the ransomware-as-a-service souk. Paycard standard compliance is down. And is that a spy ship we see, or are you just looking at the seabed, all for science? Joe Carrigan from JHU ISI with browser vulnerabilities in Chrome and Firefox.</span></p> <p>The UK’s Labour Party says it was hacked, but unsuccessfully. The Lazarus Group seems to be back out and about, and apparently interested in India. The Platinum threat actor continues to prospect Southeast Asian targets with stealthy malware, and a new backdoor. Buran tries to take black market share in the ransomware-as-a-service souk. Paycard standard compliance is down. And is that a spy ship we see, or are you just looking at the seabed, all for science? Joe Carrigan from JHU ISI with browser vulnerabilities in Chrome and Firefox.</p> Special Edition — Andy Greenberg from WIRED on his book "Sandworm." http://traffic.libsyn.com/thecyberwire/Special_Edition__Andy_Greenberg_from_WIRED_on_Sandworm.mp3 The CyberWire - Your cyber security news connection. urn:uuid:05745d09-ef61-04d8-da7a-f435e04e60ee Mon, 11 Nov 2019 06:00:00 +0000 <p>In this CyberWire special edition, a conversation with Andy Greenberg, senior writer at WIRED and author of the new book "Sandworm -  A New Era of CyberWar and the Hunt for the Kremlin’s Most Dangerous Hackers." It’s a thrilling investigation of the Olympic Destroyer malware, and an accounting of the new era in which we find ourselves, where nation states can target their adversaries critical infrastructure, and the often unintended consequences that follow.</p> <p>Thanks to our sponsors <a href= "http://mcafee.com/Insights">McAfee, the device-to-cloud cybersecurity company. </a></p> <p>In this CyberWire special edition, a conversation with Andy Greenberg, senior writer at WIRED and author of the new book "Sandworm -  A New Era of CyberWar and the Hunt for the Kremlin’s Most Dangerous Hackers." It’s a thrilling investigation of the Olympic Destroyer malware, and an accounting of the new era in which we find ourselves, where nation states can target their adversaries critical infrastructure, and the often unintended consequences that follow.</p> <p>Thanks to our sponsors <a href= "http://mcafee.com/Insights">McAfee, the device-to-cloud cybersecurity company. </a></p> Monitoring the growing sophistication of PKPLUG — Research Saturday http://traffic.libsyn.com/thecyberwire/Monitoring_the_growing_sophistication_of_PKPLUG__Research_Saturday.mp3 The CyberWire - Your cyber security news connection. urn:uuid:985b9ad7-140c-932a-34f3-f96b068b5a89 Sat, 09 Nov 2019 06:00:00 +0000 <p>Researchers from Palo Alto Networks' Unit 42 have been tracking a Chinese cyber espionage group they've named PKPLUG. The group mainly targets victims in the Southeast Asia region. Ryan Olson is VP of threat intelligence at Palo Alto Networks, and he joins us to share their findings.</p> <p>The original research is here:</p> <p><a href= "https://unit42.paloaltonetworks.com/pkplug_chinese_cyber_espionage_group_attacking_asia/"> https://unit42.paloaltonetworks.com/pkplug_chinese_cyber_espionage_group_attacking_asia/</a></p> <p>The CyberWire's Research Saturday is presented by Juniper Networks.</p> <p>Thanks to our sponsor Enveil, closing the last gap in data security.</p> <p>Researchers from Palo Alto Networks' Unit 42 have been tracking a Chinese cyber espionage group they've named PKPLUG. The group mainly targets victims in the Southeast Asia region. Ryan Olson is VP of threat intelligence at Palo Alto Networks, and he joins us to share their findings.</p> <p>The original research is here:</p> <p><a href= "https://unit42.paloaltonetworks.com/pkplug_chinese_cyber_espionage_group_attacking_asia/"> https://unit42.paloaltonetworks.com/pkplug_chinese_cyber_espionage_group_attacking_asia/</a></p> <p>The CyberWire's Research Saturday is presented by Juniper Networks.</p> <p>Thanks to our sponsor Enveil, closing the last gap in data security.</p> Warnings about Emotet and BlueKeep. Crooks test their stolen cards before the holiday shopping season. Amazon fixes Ring. Chinese security gear allegedly sold as made-in-USA. http://traffic.libsyn.com/thecyberwire/CyberWire_Podcast_2019_11_08_1.mp3 The CyberWire - Your cyber security news connection. urn:uuid:6366d112-b4d3-1873-459c-091f7552e955 Fri, 08 Nov 2019 21:09:43 +0000 <p><span style="font-weight: 400;">Warnings and advice about Emotet and BlueKeep, both being actively used or exploited in the wild. Two new carding bots are in circulation against e-commerce sites. Expect more of this as criminals test stolen credentials in advance of the holiday shopping season. Amazon fixes a security flaw in its Ring doorbell. A Long Island company is charged with selling bad Chinese security systems as good made-in-USA articles. Michael Sechrist from BAH on preventing supply chain attacks. Guest is Andy Greenberg, senior writer at Wired an author of the book Sandworm — A new era of cyberwar and the hunt for the Kremlin’s most dangerous hackers.</span></p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_08.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> <p>Warnings and advice about Emotet and BlueKeep, both being actively used or exploited in the wild. Two new carding bots are in circulation against e-commerce sites. Expect more of this as criminals test stolen credentials in advance of the holiday shopping season. Amazon fixes a security flaw in its Ring doorbell. A Long Island company is charged with selling bad Chinese security systems as good made-in-USA articles. Michael Sechrist from BAH on preventing supply chain attacks. Guest is Andy Greenberg, senior writer at Wired an author of the book Sandworm — A new era of cyberwar and the hunt for the Kremlin’s most dangerous hackers.</p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_08.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> US off-off-year elections go off OK, but don’t get cocky, kids. US charges three in Saudi spy case. Adware dropping apps removed from Google Play. Patch Confluence. http://traffic.libsyn.com/thecyberwire/CyberWire_Podcast_2019_11_07.mp3 The CyberWire - Your cyber security news connection. urn:uuid:5f51679d-9215-3d42-a8d6-250ee7e1293f Thu, 07 Nov 2019 20:46:45 +0000 <p><span style="font-weight: 400;">The US off-off-year elections seem to have gone off largely free of interference, but officials caution that major foreign influence campaigns can be expected in 2020. Three former Twitter employees are charged with spying for Saudi Arabia. The website defacement campaign in Georgia remains unattributed. Google boots seven adware droppers from the Play Store. Phishers are using web analytics for better hauls. And nation-states are targeting unpatched Confluence. Johannes Ullrich from the SANS Technology Institute on encrypted SNI in TLS 1.3 and how that can be used for domain fronting. Guest is Kevin O’Brien from GreatHorn on managing email threats.</span></p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_07.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> <p>The US off-off-year elections seem to have gone off largely free of interference, but officials caution that major foreign influence campaigns can be expected in 2020. Three former Twitter employees are charged with spying for Saudi Arabia. The website defacement campaign in Georgia remains unattributed. Google boots seven adware droppers from the Play Store. Phishers are using web analytics for better hauls. And nation-states are targeting unpatched Confluence. Johannes Ullrich from the SANS Technology Institute on encrypted SNI in TLS 1.3 and how that can be used for domain fronting. Guest is Kevin O’Brien from GreatHorn on managing email threats.</p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_07.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> App developers had access to more Facebook Group data than intended. Election security and disinformation. DarkUniverse described. Millions lost to business email compromise. http://traffic.libsyn.com/thecyberwire/CyberWire_Podcast_2019_11_06.mp3 The CyberWire - Your cyber security news connection. urn:uuid:6d5e9f9b-82ee-5e4e-8d10-e4feea503ee7 Wed, 06 Nov 2019 20:53:35 +0000 <p><span style="font-weight: 400;">Facebook closes a hole in Group data access. US authorities seek to reassure Congress and the public concerning the security of election infrastructure. Disinformation remains a challenge, however, as the US prepares for the 2020 elections. Criminals catch Potomac fever as they use politicians’ names and likenesses as an aid to distributing malware. Kaspersky outlines the now-shuttered DarkUniverse campaign. And Nikkei America loses millions to a BEC scam. Justin Harvey from Accenture on automated incident response. Carole Theriault speaks with Kristen Coulson from Tripwire on protecting the IoT.</span></p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_06.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> <p>Facebook closes a hole in Group data access. US authorities seek to reassure Congress and the public concerning the security of election infrastructure. Disinformation remains a challenge, however, as the US prepares for the 2020 elections. Criminals catch Potomac fever as they use politicians’ names and likenesses as an aid to distributing malware. Kaspersky outlines the now-shuttered DarkUniverse campaign. And Nikkei America loses millions to a BEC scam. Justin Harvey from Accenture on automated incident response. Carole Theriault speaks with Kristen Coulson from Tripwire on protecting the IoT.</p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_06.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> Ransomware in Spain. Pegasus in India. TikTok on the Huawei highway? Booz Allen predicts! And good dogs sniff out bad data. http://traffic.libsyn.com/thecyberwire/CyberWire_Podcast_2019_11_05.mp3 The CyberWire - Your cyber security news connection. urn:uuid:15ed0342-95b3-60de-978a-3adb7d5074b4 Tue, 05 Nov 2019 20:47:37 +0000 <p><span style="font-weight: 400;">Ransomware hits Spanish companies. Pegasus continues to excite controversy in India. TikTok applies for Big Tech’s good-citizen club, but has apparently so far been blackballed. Booz Allen offers nine predictions for 2020: balkanization, supply chain threats, automotive data theft, war-droning, satellite hacks, tougher attribution, election interference, missiles against malware, and Olympic interference. And good dogs go after bad guys’ data storage devices. Ben Yelin from UMD CHHS on AT&T’s claims that they cannot be sued for selling location data to bounty hunters.</span></p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_05.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> <p>Ransomware hits Spanish companies. Pegasus continues to excite controversy in India. TikTok applies for Big Tech’s good-citizen club, but has apparently so far been blackballed. Booz Allen offers nine predictions for 2020: balkanization, supply chain threats, automotive data theft, war-droning, satellite hacks, tougher attribution, election interference, missiles against malware, and Olympic interference. And good dogs go after bad guys’ data storage devices. Ben Yelin from UMD CHHS on AT&T’s claims that they cannot be sued for selling location data to bounty hunters.</p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_05.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> BlueKeep is exploited for cryptojacking. Ransomware hits Canadian provincial government. Pegasus lands in India. Magecart, GandCrab updates. US Cyber Command deploys to Montenegro. http://traffic.libsyn.com/thecyberwire/CyberWire_Podcast_2019_11_04.mp3 The CyberWire - Your cyber security news connection. urn:uuid:ff2c475f-9b5a-2bdb-feea-3179729864da Mon, 04 Nov 2019 20:53:56 +0000 <p><span style="font-weight: 400;">BlueKeep is being exploited in the wild, not too seriously, yet, but you should still patch. Nunavut’s government is recovering from a ransomware attack is sustained Saturday morning. The NSO Group controversy spreads into an Indian politcal dust-up. Different Magecart groups are found to be be independently hitting the same victims. GandCrab provided a new template for the cyber underworld. And US Cyber Command deploys to Montenegro. Joe Carrigan with thoughts on the Coalfire pentesters criminal case.</span></p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_04.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> <p>BlueKeep is being exploited in the wild, not too seriously, yet, but you should still patch. Nunavut’s government is recovering from a ransomware attack is sustained Saturday morning. The NSO Group controversy spreads into an Indian politcal dust-up. Different Magecart groups are found to be be independently hitting the same victims. GandCrab provided a new template for the cyber underworld. And US Cyber Command deploys to Montenegro. Joe Carrigan with thoughts on the Coalfire pentesters criminal case.</p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_04.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> Special Edition — Insider Threats http://traffic.libsyn.com/thecyberwire/Insider_Threats__Special_Edition.mp3 The CyberWire - Your cyber security news connection. urn:uuid:f53368b3-bbae-c007-8413-bd4794c21463 Sun, 03 Nov 2019 05:00:00 +0000 <p>What’s an insider threat? Loosely, it’s a threat that operates from within your organization. In this CyberWire special edition, our UK correspondent Carole Theriault soeak with experts who’ll talk us through the different ways insider threats manifest themselves. </p> <p>Thanks to our special edition sponsor, Okta. </p> <p>What’s an insider threat? Loosely, it’s a threat that operates from within your organization. In this CyberWire special edition, our UK correspondent Carole Theriault soeak with experts who’ll talk us through the different ways insider threats manifest themselves. </p> <p>Thanks to our special edition sponsor, Okta. </p> Usable security is a delicate balance. — Research Saturday http://traffic.libsyn.com/thecyberwire/Usable_security_is_a_delicate_balance.__Research_Saturday.mp3 The CyberWire - Your cyber security news connection. urn:uuid:37ac72fd-7294-ab79-5592-776626b936ac Sat, 02 Nov 2019 05:00:00 +0000 <p>Until recently, usability was often an afterthought when developing security tools. These days there's growing realization that usability is a fundamental part of security. Lorrie Cranor is director of the CyLab Usable Privacy and Security lab (CUPS) at Carnegie Mellon University. She shares the work she's been doing with her colleagues and students to improve security through usability.</p> <p>The research can be found here:</p> <p><a href= "https://www.cylab.cmu.edu/news/2019/07/29-usability-history.html">https://www.cylab.cmu.edu/news/2019/07/29-usability-history.html</a></p> <p>The CyberWire's Research Saturday is presented by Juniper Networks.</p> <p>Thanks to our sponsor Enveil, closing the last gap in data security.</p> <p>Until recently, usability was often an afterthought when developing security tools. These days there's growing realization that usability is a fundamental part of security. Lorrie Cranor is director of the CyLab Usable Privacy and Security lab (CUPS) at Carnegie Mellon University. She shares the work she's been doing with her colleagues and students to improve security through usability.</p> <p>The research can be found here:</p> <p><a href= "https://www.cylab.cmu.edu/news/2019/07/29-usability-history.html">https://www.cylab.cmu.edu/news/2019/07/29-usability-history.html</a></p> <p>The CyberWire's Research Saturday is presented by Juniper Networks.</p> <p>Thanks to our sponsor Enveil, closing the last gap in data security.</p> Cyber espionage. Russia tries Web autarky. The US will investigate TikTok. A bad keyboard app is out of Google Play but still in circulation. Crime comes to e-sports. Happy hundredth, GCHQ. http://traffic.libsyn.com/thecyberwire/CyberWire_Podcast_2019_11_01.mp3 The CyberWire - Your cyber security news connection. urn:uuid:4bc0b22f-e65f-b2bd-0650-c711eafa1c6f Fri, 01 Nov 2019 19:34:02 +0000 <p><span style="font-weight: 400;">FireEye warns of Messagetap malware and its spying on SMS. NSO Group’s Pegasus troubles seem to be expanding. Russia prepares to disconnect its Internet. The US opens a national security investigation into TikTok. An Android keyboard app is making bogus purchases and doing other adware stuff. E-sports draw criminal attention. And happy birthday, GCHQ. Robert M. Lee from Dragos on why it’s important for him to set aside time for teaching. Guest is Phil Quade from Fortinet on his recently published book, The Digital Big Bang, which makes an analogy between the Big Bang that created our Universe, and the explosion of bits & chaos in humankind’s age of cyber.</span></p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_01.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> <p>FireEye warns of Messagetap malware and its spying on SMS. NSO Group’s Pegasus troubles seem to be expanding. Russia prepares to disconnect its Internet. The US opens a national security investigation into TikTok. An Android keyboard app is making bogus purchases and doing other adware stuff. E-sports draw criminal attention. And happy birthday, GCHQ. Robert M. Lee from Dragos on why it’s important for him to set aside time for teaching. Guest is Phil Quade from Fortinet on his recently published book, The Digital Big Bang, which makes an analogy between the Big Bang that created our Universe, and the explosion of bits & chaos in humankind’s age of cyber.</p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_01.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> Malware in nuclear plant business system, but not in control systems. Facebook versus inauthenticity and spyware. Twitter refuses political ads. NIST wants comments. Cyber risk a factor in credit ratings. http://traffic.libsyn.com/thecyberwire/CyberWire_Podcast_2019_10_31.mp3 The CyberWire - Your cyber security news connection. urn:uuid:2b57a6d7-060b-c5f0-d985-f965f0eb7dcc Thu, 31 Oct 2019 18:27:55 +0000 <p><span style="font-weight: 400;">The Kudankulam Nuclear Power Plant confirms it had malware in a business system, but that control systems were unaffected. Franchising coordinated inauthenticity. Facebook deletes NSO Group employees. Twitter says it will no longer accept political ads. NIST wants your comments. And Moody’s appears ready to consider cyber risk in its credit ratings. Ben Yelin from UMD CHHS on Europeans' right to repair. Guest is part two of my interview with Tanya Janca from Security Sidekick on web application inventory and vulnerability discovery.</span></p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_31.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> <p>The Kudankulam Nuclear Power Plant confirms it had malware in a business system, but that control systems were unaffected. Franchising coordinated inauthenticity. Facebook deletes NSO Group employees. Twitter says it will no longer accept political ads. NIST wants your comments. And Moody’s appears ready to consider cyber risk in its credit ratings. Ben Yelin from UMD CHHS on Europeans' right to repair. Guest is part two of my interview with Tanya Janca from Security Sidekick on web application inventory and vulnerability discovery.</p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_31.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> The Malware Mash http://traffic.libsyn.com/thecyberwire/CyberWire-Malware-Mash-Parody.mp3 The CyberWire - Your cyber security news connection. urn:uuid:7daf0a5d-2ce3-b810-cf45-0f15bdf3ab93 Thu, 31 Oct 2019 12:00:01 +0000 <p>Enjoy this rerun of our Halloween musical parody, The Malware Mash!</p> <p>Enjoy this rerun of our Halloween musical parody, The Malware Mash!</p> Caveat Ep 2 — Privacy and biometric data. http://traffic.libsyn.com/thecyberwire/Caveat_Ep_2__Privacy_and_biometric_data..mp3 The CyberWire - Your cyber security news connection. urn:uuid:d45abb9c-132c-4fa3-c221-d45c69391a2a Wed, 30 Oct 2019 21:50:44 +0000 <div id="ext-gen688" class= "comment _ngcontent-koa-58 comment-text comment-hasactions" data-application="sfR0yraaALYy"> <div class="comment-wrap _ngcontent-koa-58"> <div class="details _ngcontent-koa-58"> <div id="ext-gen691" class="change-wrapper _ngcontent-koa-58"> <div id="ext-gen690" class="changes-item _ngcontent-koa-128"> <span id="ext-gen689" class="text-entry _ngcontent-koa-128" data-entrytype="comment" data-entryid="167276386">Ben wonders if the NSA's authority to collect metadata will be renewed. Dave describes an expensive case of mobile device snooping. Our listener on the line wonders if the feds can monitor his laptop. Our guest is Elizabeth Wharton from Prevalion on biometric data security. <br /> <br /> Thanks to our sponsors KnowBe4, who's KCM GRC platform helps you get audits done in half the time, is easy to use, and is surprisingly affordable.</span></div> </div> </div> </div> </div> <div id="ext-gen693" class= "comment _ngcontent-koa-58 comment-text comment-hasactions" data-application="sfR0yraaALYy"> <div class="comment-wrap _ngcontent-koa-58"> <div class="details _ngcontent-koa-58"> <div class="change-wrapper _ngcontent-koa-58"> <div class="action-wrapper"> </div> <div class="changes-item _ngcontent-koa-128"><span id="ext-gen694" class="text-entry _ngcontent-koa-128" data-entrytype="comment" data-entryid="167277225">Ben’s Story - <a href= "https://www.lawfareblog.com/house-judiciary-committees-fisa-oversight-hearing-overview" target="_blank" rel= "nofollow noreferrer noopener">https://www.lawfareblog.com/house-judiciary-committees-fisa-oversight-hearing-overview</a><br /> <br /> Dave’s Story - <br /> <a href= "https://www.thedailybeast.com/husband-ordered-to-pay-almost-dollar500k-after-bugging-tobacco-heiress-wifes-iphone?via=twitter_page" target="_blank" rel= "nofollow noreferrer noopener">https://www.thedailybeast.com/husband-ordered-to-pay-almost-dollar500k-after-bugging-tobacco-heiress-wifes-iphone?via=twitter_page</a></span></div> </div> </div> </div> </div> Ben wonders if the NSA's authority to collect metadata will be renewed. Dave describes an expensive case of mobile device snooping. Our listener on the line wonders if the feds can monitor his laptop. Our guest is Elizabeth Wharton from Prevalion on biometric data security.  Thanks to our sponsors KnowBe4, who's KCM GRC platform helps you get audits done in half the time, is easy to use, and is surprisingly affordable.   Ben’s Story - <a href= "https://www.lawfareblog.com/house-judiciary-committees-fisa-oversight-hearing-overview" target="_blank" rel= "nofollow noreferrer noopener">https://www.lawfareblog.com/house-judiciary-committees-fisa-oversight-hearing-overview</a> Dave’s Story -  <a href= "https://www.thedailybeast.com/husband-ordered-to-pay-almost-dollar500k-after-bugging-tobacco-heiress-wifes-iphone?via=twitter_page" target="_blank" rel= "nofollow noreferrer noopener">https://www.thedailybeast.com/husband-ordered-to-pay-almost-dollar500k-after-bugging-tobacco-heiress-wifes-iphone?via=twitter_page</a> WhatsApp sues NSO Group over Pegasus distribution. Georgia continues its recovery, as does Johannesburg. Facebook stops more inauthentic action. A Bed, Bath, and Beyond breach. http://traffic.libsyn.com/thecyberwire/CyberWire_Podcast_2019_10_30.mp3 The CyberWire - Your cyber security news connection. urn:uuid:822a30de-dcd1-d360-c543-22a2cc73f1d3 Wed, 30 Oct 2019 19:35:23 +0000 <p><span style="font-weight: 400;">WhatsApp sues NSO Group for spreading Pegasus intercept software through WhatsApp’s service. Georgia continues its recovery from the large website defacement campaign it suffered at the beginning of the week. Facebook ejects more inauthenticity. Johannesburg hangs tough on cyber extortion. Money laundering finds its way into online games. Norsk Hydro’s insurance claim. An update on pentesting in Iowa. And Bed, Bath, and Beyond sustains a data breach.  Awais Rashid from Bristol University on securing large scale infrastructure. Guest is Tanya Janca from Security Sidekick on finding mentors and starting her own company.</span></p> <p>WhatsApp sues NSO Group for spreading Pegasus intercept software through WhatsApp’s service. Georgia continues its recovery from the large website defacement campaign it suffered at the beginning of the week. Facebook ejects more inauthenticity. Johannesburg hangs tough on cyber extortion. Money laundering finds its way into online games. Norsk Hydro’s insurance claim. An update on pentesting in Iowa. And Bed, Bath, and Beyond sustains a data breach.  Awais Rashid from Bristol University on securing large scale infrastructure. Guest is Tanya Janca from Security Sidekick on finding mentors and starting her own company.</p> Fancy Bear paws at anti-doping agencies. Johannesburg says no to the Shadow Kill Hackers. Adwind jRAT’s new misdirection. US FCC versus Huawei, ZTE. Georgia hacked. http://traffic.libsyn.com/thecyberwire/CyberWire_Podcast_2019_10_29.mp3 The CyberWire - Your cyber security news connection. urn:uuid:d38bc2ac-437c-f075-46d1-e6e142333b0b Tue, 29 Oct 2019 19:47:56 +0000 <p><span style="font-weight: 400;">Fancy Bear is pawing at anti-doping agencies, again, suggesting more to come for the 2020 Tokyo Olympics. Johannesburg has declined to pay the Shadow Kill Hackers the money they demanded. Adwind jRAT has gotten a bit harder to detect. The US FCC is considering a measure that would prevent certain funds from being used to purchase Huawei or ZTE gear. Pwn2Own goes ICS. Georgia is hit by unknown hackers, and Magecart appears in an American Cancer Society website. Daniel Prince from Lancaster University on risk management and uncertainty. Guest is Robb Reck from Ping Identity with their research, 5 Steps to Improve API Security.</span></p> <p>Fancy Bear is pawing at anti-doping agencies, again, suggesting more to come for the 2020 Tokyo Olympics. Johannesburg has declined to pay the Shadow Kill Hackers the money they demanded. Adwind jRAT has gotten a bit harder to detect. The US FCC is considering a measure that would prevent certain funds from being used to purchase Huawei or ZTE gear. Pwn2Own goes ICS. Georgia is hit by unknown hackers, and Magecart appears in an American Cancer Society website. Daniel Prince from Lancaster University on risk management and uncertainty. Guest is Robb Reck from Ping Identity with their research, 5 Steps to Improve API Security.</p> Actionable intelligence, and the difficulty of cutting through noise. Extortion hits Johannesburg. Criminal-to-criminal markets. Who’s more vulnerable to phishing, the old or the young? http://traffic.libsyn.com/thecyberwire/CyberWire_Podcast_2019_10_28.mp3 The CyberWire - Your cyber security news connection. urn:uuid:b67df207-3d73-1fe6-8674-ea68559f4c00 Mon, 28 Oct 2019 19:12:16 +0000 <p><span style="font-weight: 400;">Actionable intelligence, culling signal from noise, and the online resilience of threat groups. Ransomware hits a legal case management system. The city of Johannesburg continues its recovery from an online extortion attempt. The Raccoon information stealer looks like a disruptive product in the criminal-to-criminal market: not the best, but good enough, and cheaper than the high-end alternatives. And who’s more vulnerable to scams: seniors or young adults? It’s complicated.  Joe Carrigan from JHU ISI on Metasploit as a tool for good or bad.</span></p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_28.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> <p>Actionable intelligence, culling signal from noise, and the online resilience of threat groups. Ransomware hits a legal case management system. The city of Johannesburg continues its recovery from an online extortion attempt. The Raccoon information stealer looks like a disruptive product in the criminal-to-criminal market: not the best, but good enough, and cheaper than the high-end alternatives. And who’s more vulnerable to scams: seniors or young adults? It’s complicated.  Joe Carrigan from JHU ISI on Metasploit as a tool for good or bad.</p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_28.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> Masad Steals via Social Media. — Research Saturday http://traffic.libsyn.com/thecyberwire/Masad_Stealer_taps_Telegram__Research_Saturday.mp3 The CyberWire - Your cyber security news connection. urn:uuid:f3d8b500-4fc1-75f4-cdd4-e5c48e2e1d7d Sat, 26 Oct 2019 05:00:00 +0000 <p>Researchers at Juniper Networks have been tracking a trojan they call Masad Stealer, which uses the Telegram instant messaging platform for part it its command and control infrastructure. (Telegram wasn't hacked; it's the innocent conduit.) Mounir Hahad is head of Juniper Threat Labs at Juniper Networks and he joins us to share their findings</p> <p>The original research is here:</p> <p><a href= "https://forums.juniper.net/t5/Threat-Research/Masad-Stealer-Exfiltrating-using-Telegram/ba-p/468559"> https://forums.juniper.net/t5/Threat-Research/Masad-Stealer-Exfiltrating-using-Telegram/ba-p/468559</a></p> <p>The CyberWire's Research Saturday is presented by Juniper Networks.</p> <p>Thanks to our sponsor Enveil, closing the last gap in data security.</p> <p>Researchers at Juniper Networks have been tracking a trojan they call Masad Stealer, which uses the Telegram instant messaging platform for part it its command and control infrastructure. (Telegram wasn't hacked; it's the innocent conduit.) Mounir Hahad is head of Juniper Threat Labs at Juniper Networks and he joins us to share their findings</p> <p>The original research is here:</p> <p><a href= "https://forums.juniper.net/t5/Threat-Research/Masad-Stealer-Exfiltrating-using-Telegram/ba-p/468559"> https://forums.juniper.net/t5/Threat-Research/Masad-Stealer-Exfiltrating-using-Telegram/ba-p/468559</a></p> <p>The CyberWire's Research Saturday is presented by Juniper Networks.</p> <p>Thanks to our sponsor Enveil, closing the last gap in data security.</p> Spearphishing the UN and NGOs. Clickware kicked out of app stores. ICS security notes. Close-reading the Turla false-flag reports. A good use for the dark web. Senators call for investigations. http://traffic.libsyn.com/thecyberwire/CyberWire_Podcast_2019_10_25.mp3 The CyberWire - Your cyber security news connection. urn:uuid:a03d48b6-55a4-f65e-574a-68684e83129a Fri, 25 Oct 2019 19:51:40 +0000 <p><span style="font-weight: 400;">A spearphishing campaign is found targeting humanitarian, aid, and policy organizaitons. Google and Apple remove clickfraud-infested apps from their stores. A last look back at SecurityWeek’s 2019 ICS Cyber Security Conference, which wrapped up in Atlanta yesterday afternoon. Close- reading GCHQ and NSA advisories. The BBC takes to the dark web, in a good way. And Senators call for investigations of Amazon and TikTok. David Dufour from Webroot with research on phishing. Guest is Jeremy N. Smith, author and host of The Hacker Next Door podcast.</span></p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p><a href= "https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_25"> https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_25</a></p> <p>.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> <p>A spearphishing campaign is found targeting humanitarian, aid, and policy organizaitons. Google and Apple remove clickfraud-infested apps from their stores. A last look back at SecurityWeek’s 2019 ICS Cyber Security Conference, which wrapped up in Atlanta yesterday afternoon. Close- reading GCHQ and NSA advisories. The BBC takes to the dark web, in a good way. And Senators call for investigations of Amazon and TikTok. David Dufour from Webroot with research on phishing. Guest is Jeremy N. Smith, author and host of The Hacker Next Door podcast.</p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p><a href= "https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_25"> https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_25</a></p> <p>.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> Clouds are back after being out. Bitpaymer hits German manufacturer. Cross-plaform mobile malware. SecurityWeek’s 2019 ICS Cyber Security Conference. http://traffic.libsyn.com/thecyberwire/CyberWire_Podcast_2019_10_24.mp3 The CyberWire - Your cyber security news connection. urn:uuid:de75ba7a-42e6-48cb-e062-e071bb6ae0b3 Thu, 24 Oct 2019 18:34:43 +0000 <p><span style="font-weight: 400;">AWS and Google Cloud are back up after early week unrelated outages. A German automation tool manufacturer discloses a ransomware infestation. Mobile malware in the spies’ toolkit. The FBI’s Protected Voices share election secuirty informaiton. Notes from SecurityWeek’s 2019 ICS Cyber Security Conference. NCSC’s annual report. And people have things to say about backdoors, bribes, and those aliens at Area 51. (Chemtrails, too.) Craig Williams from Cisco Talos with an update on Emotet. Guest is Dave Weinstein from Claroty discussing threats to critical infrastructure.</span></p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_24.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> <p>AWS and Google Cloud are back up after early week unrelated outages. A German automation tool manufacturer discloses a ransomware infestation. Mobile malware in the spies’ toolkit. The FBI’s Protected Voices share election secuirty informaiton. Notes from SecurityWeek’s 2019 ICS Cyber Security Conference. NCSC’s annual report. And people have things to say about backdoors, bribes, and those aliens at Area 51. (Chemtrails, too.) Craig Williams from Cisco Talos with an update on Emotet. Guest is Dave Weinstein from Claroty discussing threats to critical infrastructure.</p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_24.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> Caveat — Crowdsourced private surveillance. http://traffic.libsyn.com/thecyberwire/Caveat__Crowdsourced_private_surveillance_-_CW_feed.mp3 The CyberWire - Your cyber security news connection. urn:uuid:a47490e8-3dca-fbc6-2c4c-24e273205d18 Thu, 24 Oct 2019 14:45:34 +0000 <p>Dave shares a candidate's plan to make personal data private property. Ben describes a system of crowdsourced private surveillance. The listener on the line has a question about expectations of privacy in places like shopping malls. Our guest is Kim Phan from the law firm Ballard Spahr, here to discuss new privacy legislation going into effect in Nevada.</p> <p>Thanks to our sponsors <a href= "https://www.knowbe4.com/products/kcm-grc-platform">KnowBe4</a>, who's KCM GRC platform helps you get audits done in half the time, is easy to use, and is surprisingly affordable.</p> <p>Dave shares a candidate's plan to make personal data private property. Ben describes a system of crowdsourced private surveillance. The listener on the line has a question about expectations of privacy in places like shopping malls. Our guest is Kim Phan from the law firm Ballard Spahr, here to discuss new privacy legislation going into effect in Nevada.</p> <p>Thanks to our sponsors <a href= "https://www.knowbe4.com/products/kcm-grc-platform">KnowBe4</a>, who's KCM GRC platform helps you get audits done in half the time, is easy to use, and is surprisingly affordable.</p> Criminal connections. The risky business of acquisition. Joker is back, and it’s not funny. Most dangerous celebrities. Notes from SecurityWeek’s ICS Cyber Security Conference. http://traffic.libsyn.com/thecyberwire/CyberWire_Podcast_2019_10_23.mp3 The CyberWire - Your cyber security news connection. urn:uuid:b9dc4227-0669-7713-464d-f73836283587 Wed, 23 Oct 2019 20:05:46 +0000 <p><span style="font-weight: 400;">Magecart Group 5 is linked to the Carbanak gang. Another recently acquired reservation systems brings a headache to hospitality. Another app is found to carry the Joker malware. Some more notes from SecurityWeek’s ICS Cyber Security Conference in Atlanta, where the emphasis remains on attention to detail and taking care of first things first. And a list of the most dangerous celebrities offers a peek into the bad actors’ tackle box. Ben Yelin from UMD CHHS on a federal injunction against a company scraping user profiles from LinkedIn. Guest is Mandy Rogers from Northrop Grumman, on her own professional journey and the importance of diversity.</span></p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_23.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> <p>Magecart Group 5 is linked to the Carbanak gang. Another recently acquired reservation systems brings a headache to hospitality. Another app is found to carry the Joker malware. Some more notes from SecurityWeek’s ICS Cyber Security Conference in Atlanta, where the emphasis remains on attention to detail and taking care of first things first. And a list of the most dangerous celebrities offers a peek into the bad actors’ tackle box. Ben Yelin from UMD CHHS on a federal injunction against a company scraping user profiles from LinkedIn. Guest is Mandy Rogers from Northrop Grumman, on her own professional journey and the importance of diversity.</p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_23.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> More coordinated inauthenticity taken down. The Westphalian system and cyber conflict. VPNs and an AV company sustain incidents. Assange and extradition. http://traffic.libsyn.com/thecyberwire/CyberWire_Podcast_2019_10_22.mp3 The CyberWire - Your cyber security news connection. urn:uuid:93e450ac-982e-6ece-ab19-3da87d1f9597 Tue, 22 Oct 2019 20:09:19 +0000 <p><span style="font-weight: 400;">Facebook takes down more coordinated inauthenticity from Iran and Russia, and announces a new transparency policy about news sources. The former NSA Director schools an ICS security audience on the Westphalian system. Three VPNs and one antivirus provider sustain breaches that may be contained, but that may also derive from exploitation of phantom accounts. Microsoft gets more EU scrutiny. And Mr. Assange gets another day in court.  Johannes Ullrich from the SANS Technology Institute on phishing targeting the financial industry. Guest is Ori Eisen from Trusona on moving beyond phone numbers, usernames and passwords online.</span></p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_22.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> <p>Facebook takes down more coordinated inauthenticity from Iran and Russia, and announces a new transparency policy about news sources. The former NSA Director schools an ICS security audience on the Westphalian system. Three VPNs and one antivirus provider sustain breaches that may be contained, but that may also derive from exploitation of phantom accounts. Microsoft gets more EU scrutiny. And Mr. Assange gets another day in court.  Johannes Ullrich from the SANS Technology Institute on phishing targeting the financial industry. Guest is Ori Eisen from Trusona on moving beyond phone numbers, usernames and passwords online.</p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_22.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> Not every incident is necessarily an attack. Not everything that purrs is a kitten (sometimes it’s a bear that would like you to think it’s a kitten). ICS security notes. http://traffic.libsyn.com/thecyberwire/CyberWire_Podcast_2019_10_21.mp3 The CyberWire - Your cyber security news connection. urn:uuid:645c91a1-c49e-c7d7-e42f-28ea84dcd467 Mon, 21 Oct 2019 19:52:19 +0000 <p><span style="font-weight: 400;">Some notes on not jumping to conclusions that incidents are cyber attacks. A false flag operation shows the difficulty of attribution: not everything that purrs is a kitten, because sometimes it’s a bear. Notes from the ISC Security Conference in Atlanta, including some reflections on the criminal market’s business cycle, the dangers of social engineering, and the importance of attending to the fundamentals. And the Vatican fixes a bug. Joe Carrigan from JHU ISI on the ease with which one’s identity can be determined using previously anonymized data sets.</span></p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_21.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> <p>Some notes on not jumping to conclusions that incidents are cyber attacks. A false flag operation shows the difficulty of attribution: not everything that purrs is a kitten, because sometimes it’s a bear. Notes from the ISC Security Conference in Atlanta, including some reflections on the criminal market’s business cycle, the dangers of social engineering, and the importance of attending to the fundamentals. And the Vatican fixes a bug. Joe Carrigan from JHU ISI on the ease with which one’s identity can be determined using previously anonymized data sets.</p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_21.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> Hoping for SOHO security — Research Saturday http://traffic.libsyn.com/thecyberwire/Hoping_for_SOHO_security__Research_Saturday.mp3 The CyberWire - Your cyber security news connection. urn:uuid:77ea73a6-3de9-1bac-c113-488bf2bbec84 Sat, 19 Oct 2019 05:00:00 +0000 <p>Researchers at Independent Security Evaluators (ISE) recently published a report titled SOHOpelessly Broken 2.0, Security Vulnerabilities in Network Accessible Services. This publication continues and expands previous work they did examining small office/home office (SOHO) routers, network-attached storage devices (NAS), and IP cameras. </p> <p>Shaun Mirani is a security analyst at ISE, and he joins us to share their findings. <br /> <br /> The original research is here:<br /> <a href= "https://www.ise.io/whitepaper/sohopelessly-broken-2/">https://www.ise.io/whitepaper/sohopelessly-broken-2/</a></p> <p>The CyberWire's Research Saturday is presented by Juniper Networks.</p> <p>Thanks to our sponsor Enveil, closing the last gap in data security.</p> <p>Researchers at Independent Security Evaluators (ISE) recently published a report titled SOHOpelessly Broken 2.0, Security Vulnerabilities in Network Accessible Services. This publication continues and expands previous work they did examining small office/home office (SOHO) routers, network-attached storage devices (NAS), and IP cameras. </p> <p>Shaun Mirani is a security analyst at ISE, and he joins us to share their findings.  The original research is here: <a href= "https://www.ise.io/whitepaper/sohopelessly-broken-2/">https://www.ise.io/whitepaper/sohopelessly-broken-2/</a></p> <p>The CyberWire's Research Saturday is presented by Juniper Networks.</p> <p>Thanks to our sponsor Enveil, closing the last gap in data security.</p> Clickfraud and third-parties (both SDKs and stores). Trojanized TOR browser steals from Russian users. WiFi bugs. Sketchy jailbreak. Big Tech on free speech. Cooperation against terrorism. http://traffic.libsyn.com/thecyberwire/CyberWire_Podcast_2019_10_18.mp3 The CyberWire - Your cyber security news connection. urn:uuid:273aa566-ba97-5bd8-86a3-02ca03508e1d Fri, 18 Oct 2019 19:46:15 +0000 <p><span style="font-weight: 400;">Clickfraud arrives via a third-party SDK, and the app developers who used it say they didn’t know nuthin’. Maybe they didn’t. A Trojanized TOR browser warns its bro’s that, whoa, you’re out of date and the police might see you, but it’s really just stealing the bros’ alt-coin. WiFi bugs are fixed in Kindle and Alexa. Don’t try to jailbreak your iPhone from a sketchy Checkrain site. Two Big Tech companies take different directions on free speech. And Russia gets an assist from Uncle Sam. Craig Williams from Cisco Talos on a Tortoiseshell creating a fake veteran’s job site. Guest is Caleb Barlow from Cynergistek on the challenges of securing medical records.</span></p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_18.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> <p>Clickfraud arrives via a third-party SDK, and the app developers who used it say they didn’t know nuthin’. Maybe they didn’t. A Trojanized TOR browser warns its bro’s that, whoa, you’re out of date and the police might see you, but it’s really just stealing the bros’ alt-coin. WiFi bugs are fixed in Kindle and Alexa. Don’t try to jailbreak your iPhone from a sketchy Checkrain site. Two Big Tech companies take different directions on free speech. And Russia gets an assist from Uncle Sam. Craig Williams from Cisco Talos on a Tortoiseshell creating a fake veteran’s job site. Guest is Caleb Barlow from Cynergistek on the challenges of securing medical records.</p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_18.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> Cozy Bear never really left. Iran denies it suffered a US cyberattack. Malicious WAV files. Darknet dragnet hauls in child exploitation ring. Graboid infests Docker hosts. http://traffic.libsyn.com/thecyberwire/CyberWire_Podcast_2019_10_17.mp3 The CyberWire - Your cyber security news connection. urn:uuid:9fdde052-a641-b163-77df-729aa3b04770 Thu, 17 Oct 2019 19:32:58 +0000 <p><span style="font-weight: 400;">Cozy Bear isn’t back--Cozy Bear never really left at all. Iran says the Americans are dreaming: there was no cyberattack in retaliation for Iran’s implausibly deniable missile strikes on Saudi oil fields last month. Malicious audio files are dropping cryptominers and reverse shells into victim systems. An international dragnet collars hundreds in a darknet child exploitation sweep. And Graboid is out there, worming its cryptojacker into susceptible Docker hosts. Robert M. Lee from Dragos on their contribution to the Splunk Boss of the SOC (BOTS) capture-the-flag (CTF) competition. Guest is Chris Hickman from Keyfactor on Public Key Infrastructure.</span></p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_17.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> <p>Cozy Bear isn’t back--Cozy Bear never really left at all. Iran says the Americans are dreaming: there was no cyberattack in retaliation for Iran’s implausibly deniable missile strikes on Saudi oil fields last month. Malicious audio files are dropping cryptominers and reverse shells into victim systems. An international dragnet collars hundreds in a darknet child exploitation sweep. And Graboid is out there, worming its cryptojacker into susceptible Docker hosts. Robert M. Lee from Dragos on their contribution to the Splunk Boss of the SOC (BOTS) capture-the-flag (CTF) competition. Guest is Chris Hickman from Keyfactor on Public Key Infrastructure.</p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_17.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> Cyber retaliation for a kinetic attack, again. Industrial espionage from China. Botnet does sextortion. Typosquatting the other candidate. A poor approach to reputation management. http://traffic.libsyn.com/thecyberwire/CyberWire_Podcast_2019_10_16.mp3 The CyberWire - Your cyber security news connection. urn:uuid:e71ed199-9026-83b2-cac7-fd5f8ab2e28b Wed, 16 Oct 2019 20:01:11 +0000 <p><span style="font-weight: 400;">The US may have retaliated in cyberspace for Iran’s strikes against Saudi oil fields. China’s new C919 airliner seems to have benefited greatly from industrial espionage. An old botnet learns new tricks. Typosquatting as an election influence trick. A look at price lists in the Criminal-to-Criminal marketplace. Recovering from ransomware. And when it comes to reputation management, there’s not so much a right to be forgotten as there is a right to fuggeddaboutit, if your get what we mean. Justin Harvey from Accenture on ESports gaining popularity in cyber security.  Guest is Aashka, a high school junior who helped plan the Raytheon Girl Scouts National Cyber Challenge.</span></p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_16.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> <p>The US may have retaliated in cyberspace for Iran’s strikes against Saudi oil fields. China’s new C919 airliner seems to have benefited greatly from industrial espionage. An old botnet learns new tricks. Typosquatting as an election influence trick. A look at price lists in the Criminal-to-Criminal marketplace. Recovering from ransomware. And when it comes to reputation management, there’s not so much a right to be forgotten as there is a right to fuggeddaboutit, if your get what we mean. Justin Harvey from Accenture on ESports gaining popularity in cyber security.  Guest is Aashka, a high school junior who helped plan the Raytheon Girl Scouts National Cyber Challenge.</p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_16.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> Ransomware hits US, French companies. ISPs as combat support arms. Lawful intercept gone rogue? Lazarus Group is back and in GitHub. China’s security laws and security risks. http://traffic.libsyn.com/thecyberwire/CyberWire_Podcast_2019_10_15.mp3 The CyberWire - Your cyber security news connection. urn:uuid:43df8f54-b69b-d069-ca23-cfd6a33bb8d8 Tue, 15 Oct 2019 20:00:07 +0000 <p><span style="font-weight: 400;">Ransomware hits companies in France and the US. A Finnish energy company sustains a suspicious IT incident. Turkey jams social media as it rolls tanks against the Kurds. Pegasus spyware said to be in use against Moroccan activists. Silent Librarian is still making noise. The Lazarus Group is back with a malign crypto-trading app. China tightens its cyber laws, and the EU privately warns itself that, yes, companies like Huawei are a security risk. Joe Carrigan from JHU ISI, responding to a listener question about training new employees. Carole Theriault interviews Dirk Schrader from Greenbone Networks on the security of medical data.</span></p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_15.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> <p>Ransomware hits companies in France and the US. A Finnish energy company sustains a suspicious IT incident. Turkey jams social media as it rolls tanks against the Kurds. Pegasus spyware said to be in use against Moroccan activists. Silent Librarian is still making noise. The Lazarus Group is back with a malign crypto-trading app. China tightens its cyber laws, and the EU privately warns itself that, yes, companies like Huawei are a security risk. Joe Carrigan from JHU ISI, responding to a listener question about training new employees. Carole Theriault interviews Dirk Schrader from Greenbone Networks on the security of medical data.</p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_15.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> Decrypting ransomware for good. — Research Saturday http://traffic.libsyn.com/thecyberwire/Decrypting_ransomware_for_good.__Research_Saturday.mp3 The CyberWire - Your cyber security news connection. urn:uuid:ba593bd4-55e7-e39a-5205-09ded70e15ce Sat, 12 Oct 2019 05:00:00 +0000 <p>Michael Gillespie is a programmer at Emsisoft, as well as a host of the popular ID Ransomware web site that helps victims identify what strain of ransomware they may have been infected with, and what decryptors may be available. He's written many decryptors himself, most recently for the Syrk strain of ransomware. </p> <p>Links to the research and Michael's work:<br /> <a href= "https://blog.emsisoft.com/en/33885/emsisoft-releases-a-free-decryptor-for-the-syrk-ransomware/"> https://blog.emsisoft.com/en/33885/emsisoft-releases-a-free-decryptor-for-the-syrk-ransomware/</a><br /> <a href= "https://id-ransomware.malwarehunterteam.com/">https://id-ransomware.malwarehunterteam.com/</a></p> <p><a href= "https://www.youtube.com/user/Demonslay335">https://www.youtube.com/user/Demonslay335</a></p> <p>The CyberWire's Research Saturday is presented by Juniper Networks.</p> <p>Thanks to our sponsor Enveil, closing the last gap in data security.</p> <p>Michael Gillespie is a programmer at Emsisoft, as well as a host of the popular ID Ransomware web site that helps victims identify what strain of ransomware they may have been infected with, and what decryptors may be available. He's written many decryptors himself, most recently for the Syrk strain of ransomware. </p> <p>Links to the research and Michael's work: <a href= "https://blog.emsisoft.com/en/33885/emsisoft-releases-a-free-decryptor-for-the-syrk-ransomware/"> https://blog.emsisoft.com/en/33885/emsisoft-releases-a-free-decryptor-for-the-syrk-ransomware/</a> <a href= "https://id-ransomware.malwarehunterteam.com/">https://id-ransomware.malwarehunterteam.com/</a></p> <p><a href= "https://www.youtube.com/user/Demonslay335">https://www.youtube.com/user/Demonslay335</a></p> <p>The CyberWire's Research Saturday is presented by Juniper Networks.</p> <p>Thanks to our sponsor Enveil, closing the last gap in data security.</p> Ransomware and a zero-day. A newly discovered espionage platform. FIN7’s new tricks. Beijing speaks and Apple listens. A visit to NSA’s Cybersecurity Directorate. http://traffic.libsyn.com/thecyberwire/CyberWire_Podcast_2019_10_11.mp3 The CyberWire - Your cyber security news connection. urn:uuid:9bce38ee-ca30-6546-8ab4-1d29bd510a55 Fri, 11 Oct 2019 19:19:59 +0000 <p><span style="font-weight: 400;">BitPaymer ransomware is exploiting an Apple zero-day. “Attor” isn’t your ordinary malign faerie: it’s also an espionage platform that’s been carefully deployed against Russian and Eastern European targets. FIN7 upgrades its toolkit. Apple does what the Chinese government asks it to do, blocking a mapping and a news app from users in China. And a look inside the black box, as we visit NSA’s Cybersecurity Directorate. Awais Rashid from Bristol University on the need for real-world experimentation. Guest is Kumar Saurabh from LogicHub on the importance of making breach forensics public.</span></p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_11.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> <p>BitPaymer ransomware is exploiting an Apple zero-day. “Attor” isn’t your ordinary malign faerie: it’s also an espionage platform that’s been carefully deployed against Russian and Eastern European targets. FIN7 upgrades its toolkit. Apple does what the Chinese government asks it to do, blocking a mapping and a news app from users in China. And a look inside the black box, as we visit NSA’s Cybersecurity Directorate. Awais Rashid from Bristol University on the need for real-world experimentation. Guest is Kumar Saurabh from LogicHub on the importance of making breach forensics public.</p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_11.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> Alleged DIA leaker. Europol cybergang study. Protecting the DIB. Chinese information operations. http://traffic.libsyn.com/thecyberwire/CyberWire_Podcast_2019_10_10.mp3 The CyberWire - Your cyber security news connection. urn:uuid:f11f095a-c7cd-8ea7-01c6-bd8aaeb291ef Thu, 10 Oct 2019 19:55:41 +0000 <p><span style="font-weight: 400;">A US Defense Intelligence Agency analyst has been charged with leaking national defense information. Europol releases its 2019 Internet Organized Crime Threat Assessment. NSA Director Nakasone says the Agency’s Cybersecurity Directorate will first focus on protecting the Defense Industrial Base from intellectual property theft. CISA wants subpoena power over ISPs. And US companies are criticised for caving to Beijing's demands. Robert M. Lee from Dragos on regulations vs incentives when securing the electrical grid. Guest is Robb Reck from Ping Identity with results from their CISO Advisory Council’s new research on Securing Customer Identity.</span></p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_10.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> <p>A US Defense Intelligence Agency analyst has been charged with leaking national defense information. Europol releases its 2019 Internet Organized Crime Threat Assessment. NSA Director Nakasone says the Agency’s Cybersecurity Directorate will first focus on protecting the Defense Industrial Base from intellectual property theft. CISA wants subpoena power over ISPs. And US companies are criticised for caving to Beijing's demands. Robert M. Lee from Dragos on regulations vs incentives when securing the electrical grid. Guest is Robb Reck from Ping Identity with results from their CISO Advisory Council’s new research on Securing Customer Identity.</p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_10.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> Twitter and two-factor authentication. Privacy concerns. The US Senate Intelligence Committee reports on Russian troll farms. Turla is back with some new tricks. http://traffic.libsyn.com/thecyberwire/CyberWire_Podcast_2019_10_09.mp3 The CyberWire - Your cyber security news connection. urn:uuid:6bd90d65-efa2-3484-4981-a492d6208a18 Wed, 09 Oct 2019 19:06:11 +0000 <p><span style="font-weight: 400;">Twitter says it’s sorry is anything might have inadvertently happened with users’ email addresses and phone numbers, and that it’s taking steps to stop whatever might have happened from happening again. If anything actually happened. Other concerns about privacy surface elsewhere. The US  Senate Intelligence Committee issues its report on influence operations in the 2016 elections. Kaspersky ties a sophisticated malware campaign to Turla. Ben Yelin from UMD CHHS on a DARPA program exploring the possibility of using predictive technology to identify dangerous individuals. Guest is Neill Sciarrone from Trinity Cyber, discussing her career and the importance of attracting women to cyber.</span></p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_09.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> <p>Twitter says it’s sorry is anything might have inadvertently happened with users’ email addresses and phone numbers, and that it’s taking steps to stop whatever might have happened from happening again. If anything actually happened. Other concerns about privacy surface elsewhere. The US  Senate Intelligence Committee issues its report on influence operations in the 2016 elections. Kaspersky ties a sophisticated malware campaign to Turla. Ben Yelin from UMD CHHS on a DARPA program exploring the possibility of using predictive technology to identify dangerous individuals. Guest is Neill Sciarrone from Trinity Cyber, discussing her career and the importance of attracting women to cyber.</p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_09.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> Riding herd on Mustang Panda. Drupalgeddon2 is out in the wild. VPN warnings and mitigations. Patch notes. An offer to share intelligence about Huawei. Presidential sites get low privacy grades. http://traffic.libsyn.com/thecyberwire/CyberWire_Podcast_2019_10_08.mp3 The CyberWire - Your cyber security news connection. urn:uuid:5c6613a4-9887-96ae-9b10-3511f595989b Tue, 08 Oct 2019 19:48:45 +0000 <p><span style="font-weight: 400;">An update on Mustang Panda, and its pursuit of the goals outlined in the Thirteenth Five Year Plan. Unpatched Drupal instances are being hit as targets of opportunity. NSA adds its warnings to those of CISA and NCSC concering widely used VPNs: if you use them, patch them. (And change your credentials). Five Senators tell Microsoft, nicely, that Redmond is naive about Huawei. Patch Tuesday is here. And US Presidential campaign websites get privacy grades. Johannes Ullrich from the SANS Technology Institute on server side request forging. Guest is Jadee Hanson from Code42 with the results of their 2019 Global Data Exposure Report.</span></p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_08.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> <p>An update on Mustang Panda, and its pursuit of the goals outlined in the Thirteenth Five Year Plan. Unpatched Drupal instances are being hit as targets of opportunity. NSA adds its warnings to those of CISA and NCSC concering widely used VPNs: if you use them, patch them. (And change your credentials). Five Senators tell Microsoft, nicely, that Redmond is naive about Huawei. Patch Tuesday is here. And US Presidential campaign websites get privacy grades. Johannes Ullrich from the SANS Technology Institute on server side request forging. Guest is Jadee Hanson from Code42 with the results of their 2019 Global Data Exposure Report.</p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_08.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> Iran hacks for influence. Brazilian PII up for auction. Prince Harry vs. Fleet Street. Electrical infrastructure cyber risk. Paying ransom. HildaCrypt developers say they’re going straight. http://traffic.libsyn.com/thecyberwire/CyberWire_Podcast_2019_10_07.mp3 The CyberWire - Your cyber security news connection. urn:uuid:d0a1302e-dd4d-12ef-fc26-8dfc720bea58 Mon, 07 Oct 2019 19:25:09 +0000 <p><span style="font-weight: 400;">Iranian threat group Phosphorus (or Charming Kitten) has been found active against US elections and other targets. A big database of PII on Brazilians is up for auction in the dark web souks. Prince Harry takes a legal whack at Fleet Street. An Atlantic Council session takes a look at electrical infrastructure cyber risk. An Alabama medical system pays the ransom to get its files back. And HildaCrypt’s developers say it was all in fun, and release their own keys. Joe Carrigan from JHU ISI on the wider availability of malicious lightning charging cables.</span></p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_07.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> <p>Iranian threat group Phosphorus (or Charming Kitten) has been found active against US elections and other targets. A big database of PII on Brazilians is up for auction in the dark web souks. Prince Harry takes a legal whack at Fleet Street. An Atlantic Council session takes a look at electrical infrastructure cyber risk. An Alabama medical system pays the ransom to get its files back. And HildaCrypt’s developers say it was all in fun, and release their own keys. Joe Carrigan from JHU ISI on the wider availability of malicious lightning charging cables.</p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_07.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> The fuzzy boundaries of APT41. — Research Saturday http://traffic.libsyn.com/thecyberwire/The_fuzzy_boundaries_of_APT41.__Research_Saturday.mp3 The CyberWire - Your cyber security news connection. urn:uuid:935dd306-11b3-3b4d-0a67-cd5aed7f3207 Sat, 05 Oct 2019 05:00:00 +0000 <p>Researchers at FireEye recently released a report detailing the activities of APT41, a Chinese cyber threat group notable for the range of tools they use, their origins in the world of video gaming, and their willingness to shift from seemingly state-sponsored activity to hacking for personal gain. </p> <p>Nalani Fraser and Fred Plan contributed to the report, and they join us to share their findings.</p> <p>The original research is here:</p> <p><a href= "https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html"> https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html</a></p> <p>The CyberWire's Research Saturday is presented by Juniper Networks.</p> <p>Thanks to our sponsor Enveil, closing the last gap in data security.</p> <p>Researchers at FireEye recently released a report detailing the activities of APT41, a Chinese cyber threat group notable for the range of tools they use, their origins in the world of video gaming, and their willingness to shift from seemingly state-sponsored activity to hacking for personal gain. </p> <p>Nalani Fraser and Fred Plan contributed to the report, and they join us to share their findings.</p> <p>The original research is here:</p> <p><a href= "https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html"> https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html</a></p> <p>The CyberWire's Research Saturday is presented by Juniper Networks.</p> <p>Thanks to our sponsor Enveil, closing the last gap in data security.</p> Android vulnerability exploited in the wild. Careless spycraft. The Eye on the Nile. A new Chinese threat actor. A spoiling attack in the CryptoWars. Take election interference, please. http://traffic.libsyn.com/thecyberwire/CyberWire_Podcast_2019_10_04.mp3 The CyberWire - Your cyber security news connection. urn:uuid:518b48d8-32f0-21b8-f28f-ff6a850e5cff Fri, 04 Oct 2019 19:52:39 +0000 <p><span style="font-weight: 400;">Project Zero warns that a use-after-free vulnerability in widely used Android devices is being exploited in the wild. Uzbekistan’s National Security Service continues to get stick in the court of public opinion for sloppy opsec. Check Point reports on what appears to be an Egyptian domestic surveillance operation. Palo Alto reports on a newly discovered Chinese state threat actor. A new volley in the Cryptowars. And Vlad gets out the rubber chicken. Guest is Paige Schaffer, CEO of Generali Global Assistance’s Identity and Digital Protection Services Global Unit, on the University of Texas ITAP report.</span></p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_04.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> <p>Project Zero warns that a use-after-free vulnerability in widely used Android devices is being exploited in the wild. Uzbekistan’s National Security Service continues to get stick in the court of public opinion for sloppy opsec. Check Point reports on what appears to be an Egyptian domestic surveillance operation. Palo Alto reports on a newly discovered Chinese state threat actor. A new volley in the Cryptowars. And Vlad gets out the rubber chicken. Guest is Paige Schaffer, CEO of Generali Global Assistance’s Identity and Digital Protection Services Global Unit, on the University of Texas ITAP report.</p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_04.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> A new threat group, Avivore, is called out in the Airbus hack. Ransomware and VPN exploit warnings. EU tells Facebook to take down some content, everywhere. Spearphishing ANU. SandCat’s bad opsec. http://traffic.libsyn.com/thecyberwire/CyberWire_Podcast_2019_10_03.mp3 The CyberWire - Your cyber security news connection. urn:uuid:0dc339cc-00e7-a69f-95c5-8f7392d5554f Thu, 03 Oct 2019 20:04:21 +0000 <p><span style="font-weight: 400;">Who’s been hacking aerospace firms? Context Security suggests it’s a new Chinese threat actor, “Avivore.” The FBI issues a ransomware alert. The NCSC warns of active exploitation of vulnerable VPNs. The EU issues a sweeping takedown order to Facebook. US Senators ask Facebook about deep fakes. Spearphishing at the Australian National University. FireEye may be for sale. And the SandCat threat group shows poor opsec. Craig Williams from Cisco Talos on maliciously crafted ODT files. Guest is Yoav Leitersdof of YL Ventures with insights on the VC market in Israel.</span></p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_03.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> <p>Who’s been hacking aerospace firms? Context Security suggests it’s a new Chinese threat actor, “Avivore.” The FBI issues a ransomware alert. The NCSC warns of active exploitation of vulnerable VPNs. The EU issues a sweeping takedown order to Facebook. US Senators ask Facebook about deep fakes. Spearphishing at the Australian National University. FireEye may be for sale. And the SandCat threat group shows poor opsec. Craig Williams from Cisco Talos on maliciously crafted ODT files. Guest is Yoav Leitersdof of YL Ventures with insights on the VC market in Israel.</p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_03.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> RATs, ransomware, payloads, and unsecured data: a look at the cybercriminal underground. http://traffic.libsyn.com/thecyberwire/CyberWire_Podcast_2019_10_02.mp3 The CyberWire - Your cyber security news connection. urn:uuid:74cded60-68f2-e417-8319-5d94083750bc Wed, 02 Oct 2019 19:59:50 +0000 <p><span style="font-weight: 400;">Sobinokibi ransomware looks more like the child of GandCrab, and McAfee has some thoughts on how ransomware-as-a-service operates. FakeUpdates are back, and they’re installing ransomware, too. The Adwind RAT is back and infesting a new set of targets: it’s moved on from hospitality and retail and into the oil industry. Maliciously crafted ODT files are appearing in the wild. And a big database about Russian taxpayers has appeared in an unsecured Elasticsearch cluster. Ben Yelin from UMD CHHS on a California town implementing a robot police patrol unit. Guest is Daniel Garrie from Law & Forensics on eDiscovery.</span></p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_02.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> <p>Sobinokibi ransomware looks more like the child of GandCrab, and McAfee has some thoughts on how ransomware-as-a-service operates. FakeUpdates are back, and they’re installing ransomware, too. The Adwind RAT is back and infesting a new set of targets: it’s moved on from hospitality and retail and into the oil industry. Maliciously crafted ODT files are appearing in the wild. And a big database about Russian taxpayers has appeared in an unsecured Elasticsearch cluster. Ben Yelin from UMD CHHS on a California town implementing a robot police patrol unit. Guest is Daniel Garrie from Law & Forensics on eDiscovery.</p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_02.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> Piling on sanctions. The disinformation-as-a-service black market. Technological sovereignty through R&D investment? Ransomware continues to rise. NSA’s new Cybersecurity Directorate. http://traffic.libsyn.com/thecyberwire/CyberWire_Podcast_2019_10_01.mp3 The CyberWire - Your cyber security news connection. urn:uuid:cd068164-680b-cdb2-982d-f9cc651e51d2 Tue, 01 Oct 2019 19:34:34 +0000 <p><span style="font-weight: 400;">The oligarch behind the St. Petersburg troll farm is sanctioned, again. Recorded Future looks at disinformation and finds there’s a functioning private sector market for it. The European Union seems likely to pursue technological sovereignty, at least to the tune of some R&D investment. Ransomware attacks against US state and local governments have been trending up, and that trend is likely to continue. And NSA has its new Cybersecurity Directorate.  Joe Carrigan from JHU ISI on Microsoft no longer trusting built-in encryption on hard drives. Carole Theriault speaks with Simon Rodway from Entersekt about Facebook’s Libra and how it may effect traditional banks.</span></p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_01.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> <p>The oligarch behind the St. Petersburg troll farm is sanctioned, again. Recorded Future looks at disinformation and finds there’s a functioning private sector market for it. The European Union seems likely to pursue technological sovereignty, at least to the tune of some R&D investment. Ransomware attacks against US state and local governments have been trending up, and that trend is likely to continue. And NSA has its new Cybersecurity Directorate.  Joe Carrigan from JHU ISI on Microsoft no longer trusting built-in encryption on hard drives. Carole Theriault speaks with Simon Rodway from Entersekt about Facebook’s Libra and how it may effect traditional banks.</p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_01.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> Industrial firms disclose cyber incidents. US DHS to check airliner cybersecurity. RCMP security case update. Bulletproof host taken down. Gnosticplayers. Royal phish. http://traffic.libsyn.com/thecyberwire/CyberWire_Podcast_2019_09_30.mp3 The CyberWire - Your cyber security news connection. urn:uuid:2ab250d7-fcf1-e02a-8026-c89d90f49c98 Mon, 30 Sep 2019 19:36:07 +0000 <p><span style="font-weight: 400;">Rheinmetall and DCC have disclosed sustaining cyber attacks. The US Government is looking at airliner cyber vulnerabilities. SimJacker is real, but recent phones seem unaffected. RCMP data misappropriation case update. German police raid a bulletproof host. Gnosticplayers may be back. And someone is sending phishing snail mail that claims the British Crown needs your help to ease the economic fallout of Brexit--a Bitcoin wallet is helpfully made available. Malek Ben Salem from Accenture labs with an overview of five threat factors influencing the cyber security landscape.</span></p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_30.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> <p>Rheinmetall and DCC have disclosed sustaining cyber attacks. The US Government is looking at airliner cyber vulnerabilities. SimJacker is real, but recent phones seem unaffected. RCMP data misappropriation case update. German police raid a bulletproof host. Gnosticplayers may be back. And someone is sending phishing snail mail that claims the British Crown needs your help to ease the economic fallout of Brexit--a Bitcoin wallet is helpfully made available. Malek Ben Salem from Accenture labs with an overview of five threat factors influencing the cyber security landscape.</p> <p>For links to all of today's stories check our our CyberWire daily news brief:</p> <p> https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_30.html </p> <p><a href="https://www.patreon.com/thecyberwire" rel="payment">Support our show</a></p> Focusing on Autumn Aperture. — Research Saturday http://traffic.libsyn.com/thecyberwire/Focusing_on_Autumn_Aperture.__Research_Saturday.mp3 The CyberWire - Your cyber security news connection. urn:uuid:7ac0b931-f347-22f9-0ab2-06df4b7416f3 Sat, 28 Sep 2019 05:00:00 +0000 <p>Researchers at Prevalion have been tracking a malware campaign making use of antiquated file formats and social engineering to target specific groups. <br /> <br /> Danny Adamitis and Elizabeth Wharton are coauthors of the report, and they join us to share their findings.</p> <p>The research can be found here:</p> <p><a href= "https://blog.prevailion.com/2019/09/autumn-aperture-report.html">https://blog.prevailion.com/2019/09/autumn-aperture-report.html</a></p> <p>The CyberWire's Research Saturday is presented by Juniper Networks.</p> <p>Thanks to our sponsor Enveil, closing the last gap in data security.</p> <p>Researchers at Prevalion have been tracking a malware campaign making use of antiquated file formats and social engineering to target specific groups.  Danny Adamitis and Elizabeth Wharton are coauthors of the report, and they join us to share their findings.</p> <p>The research can be found here:</p> <p><a href= "https://blog.prevailion.com/2019/09/autumn-aperture-report.html">https://blog.prevailion.com/2019/09/autumn-aperture-report.html</a></p> <p>The CyberWire's Research Saturday is presented by Juniper Networks.</p> <p>Thanks to our sponsor Enveil, closing the last gap in data security.</p>