CyberWire Daily

NSA and CISA agree: take Palo Alto’s advisory about its PAN-OS operating system seriously. StrongPity is back and active against targets in Turkey and Syria. A big Bitcoin scam is using spoofed news outlets and bogus celebrity endorsements to lure victims. A large trove of PII has appeared in the dark web. Ben Yelin from UMD CHHS on whether or not the EARN IT Act violates the constitution, our guest is Brad Stone with Booz Allen Hamilton on how technology is changing the battlefield and why cyber is becoming so important in the DoD space. Finally, both Australia and India look to shore up their defenses against cyber threats from China. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/126 Learn more about your ad choices. Visit megaphone.fm/adchoices

The University of California San Francisco pays Netwalker extortionists nearly a million and a half to recover its data. A Kashmir utility restores business systems after last week’s cyberattack. The website defacements in Ethiopia continue to look more like hacktivism than state-sponsored activity. Our own Rick Howard talks about wrapping up his first season of CSO Perspectives. Our guest is Sanjay Gupta from Mitek discussing how online marketplaces can balance security with biometrics. Data are exposed at an e-learning platform. Three prominent cyber-hoods go down in US Federal courts. And Lion says the beer is flowing, post ransomware. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/125 Learn more about your ad choices. Visit megaphone.fm/adchoices

Vice President of Marketing, Kathleen Booth, shares her career path from political science and international development to marketing for a cybersecurity company. Early dreams of acting morphed into goals of making the world a better place. Chief marketer and podcaster Kathleen is doing just that. She shares how proving your worth can lead to success. Listen for Kathleen's advice on getting your foot in the door. Our thanks to Kathleen for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

A new report examines how five related APT groups operating in the interest of the Chinese government have systematically targeted Linux servers, Windows systems and Android mobile devices while remaining undetected for nearly a decade. The report comes on the heels of the U.S. Department of Justice announcing several high-profile indictments from over 1,000 open FBI investigations into economic espionage as part of the DOJ’s China Initiative. Joining us in this week's Research Saturday to discuss the report is Eric Cornelius of Blackberry. The research can be found here: Decade of the RATs: Novel APT Attacks Targeting Linux, Windows and Android Learn more about your ad choices. Visit megaphone.fm/adchoices

Microsoft urges Exchange server patching. Sure it does your taxes, but it’s got another agenda, too: the GoldenSpy backdoor may be in your tax software if you do business in China. Magecart ups its game. DDoSecrets says they’re not going to roll over for Twitter’s “Nixonian” schtick. Camille Stewart from Google and Lauren Zabierek from Harvard’s Belfer Center on the #Sharethemicincyber event and why systemic racism is a threat to cybersecurity. Rick Howard wraps up cybersecurity canon week with guests Richard Clarke and Robert Knake, authors of The Fifth Domain. And there’s another unsecured Amazon S3 bucket, and this exposure could present a serious risk to some people who already have trouble enough. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/124 - More info on the #Sharethemicincyber event. - Camille Stewart's essay on systemic racism in cyber. Learn more about your ad choices. Visit megaphone.fm/adchoices

Akamai’s report on the record-setting DDoS attack it stopped this week. Glupteba GLOOP-tib-yeh and Lucifer malware strains described. Apple and Google move their defaults in the direction of greater privacy. The US designates Huawei and Hikvision as controlled by China’s military. A superseding indictment in Julian Assange’s case. The EU looks at GDPR and likes what it sees. REvil gets ready to sell stolen data. David Dufour from Webroot with tips on navigating new workplace realities. Our guest is David Sanger, author of The Perfect Weapon - War, Sabotage, and Fear in the Cyber Age. And the Navy recruiting campaign that wasn’t. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/123 Learn more about your ad choices. Visit megaphone.fm/adchoices

Twitter permanently suspends DDoSecrets for violating its policy with respect to hacked material. DDoSecrets explains its thinking with respect to BlueLeaks. A quick look at a Hidden Cobra hunt. Sino-Australian dispute over hacking may be moving into a trade war phase. Lessons on election management. What do cybercriminals watch when they binge-watch? Joe Carrigan explains the Ripple 20 vulnerabilities. Cybersecurity Canon week continues with Joseph Menn, author of Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World. And some notes on the most malware-infested movie and television fan communities. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/122 Learn more about your ad choices. Visit megaphone.fm/adchoices

International conflicts and disputes are attended by hacking in South Asia, Australia, and Africa. The US designates four Chinese media outlets as foreign missions, that is, propaganda outfits. Sodinokibi ransomware sniffs at paycard and point-of-sale systems. Ben Yelin on TSA’s facial recognition program. Cybersecurity Canon Week continues with our guest is Bill Bonney, Co-Author of CISO Desk Reference Guide. And Evil Corp is back, apparently because you just can’t keep a bad man down. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/121 Learn more about your ad choices. Visit megaphone.fm/adchoices

BlueLeaks dumps stolen police files online. A report of spyware delivered via network injection. COVID-19 apps and databases are reported to have indifferent privacy safeguards, and there’s been one big recent leak. India and Australia both on alert for Chinese cyberattacks. Our own Rick Howard on intelligence operations. It’s cybersecurity Canon Week, our guest is Todd Fitzgerald, author of CISO Compass. And New Zealand piles on in the case of a Russian alt-coin baron. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/120 Learn more about your ad choices. Visit megaphone.fm/adchoices

Dean of Research, Johannes Ullrich, relays his experiences from studying the hard sciences to his career shift to cybersecurity. Basic principles, superhero origin stories, physics labs and radiation all figure in. And there’s a lot in common with network security best practices. Have a listen to what Johannes has learned and what he hopes to impart on his students. Our thanks to Johannes for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Slack is a cloud-based messaging platform that is commonly used in workplace communications. Slack Incoming Webhooks allow you to post messages from your applications to Slack. Generally, Slack webhooks are considered a low risk integration. A deeper dive into webhooks shows that this is not entirely accurate. Joining us in this week's Research Saturday is Ashley Graves from AT&T Cybersecurity's Alien Labs to discuss her research. The research can be found here: Slack phishing attacks using webhooks Learn more about your ad choices. Visit megaphone.fm/adchoices

A look at the “state-based cyber actor” the Australian government is concerned about. Some signs of Chinese retaliation for Five Eyes’ skepticism of Huawei. Johannes Ullrich explains malware triggering multiple signatures in anti-malware products. Our guest is Geoff White, author of Crime Dot Com, on how he tracked down the creator of the Love Bug. And an alert about the possibility of some COVID-19-themed fraud from the Lazarus Group. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/119 Learn more about your ad choices. Visit megaphone.fm/adchoices

Sino-Indian conflict extends to cyberspace. InvisiMole connected to Gamaredon. Spyware found in Chrome extensions. Phishing around technical defenses (and some criminal use of captchas). The US Justice Department releases its study of Section 230 of the Communications Decency Act. Zully Ramzan from RSA on privacy and security in a post-COVID world. Our guest is Michael Powell from NCTA on the importance of the UK cybersecurity sector. And Zoom decides to make end-to-end encryption generally available. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/118 Learn more about your ad choices. Visit megaphone.fm/adchoices

Ripple20 vulnerabilities are reported in the IoT software supply chain. North Korean operators go for intelligence, but also for cash, and they’re phishing in LinkedIn’s pond. Sino-Indian tensions find expression in cyberspace. A long look at the Russian influence operation, Secondary Infektion. Joe Carrigan from JHU ISI on why older adults share more misinformation online. Our guest Will LaSala from OneSpan tracks the increase in online banking fraud during COVID-19. And the strange case of the bloggers who angered eBay may have more indictments on the way. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/117 Learn more about your ad choices. Visit megaphone.fm/adchoices

What does Beijing want to know about US Presidential campaigns? Position papers, mostly. A redacted version of the CIA’s inquiry into the WikiLeaks Vault 7 material is out. That DDoS attack you read about on Twitter? Never happened. Former eBay employees face Federal charges of conspiracy to commit cyberstalking and witness tampering. Ben Yelin explains a judge refusing to sign off on a potential Facebook facial recognition settlement. Our guest is Randy Vanderhoof from the Secure Technology Alliance on mobile drivers licenses. And where would you store “niche” dating app material? In a misconfigured AWS S3 bucket. Where else? For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/116 Learn more about your ad choices. Visit megaphone.fm/adchoices

A new Android spyware tool is deployed against China’s Uyghur minority. Anonymous claims it disrupted the Atlanta Police Department’s website yesterday to protest a police shooting. An apparently legitimate security firm has apparently been selling malware to criminals. Breachstortion joins sextortion as a criminal tactic. Craig Williams from Cisco Talos on Astaroth, an information-stealer that has been targeting Brazil, Our own Rick Howard on risk assessments. And why spelling always counts. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/115 Learn more about your ad choices. Visit megaphone.fm/adchoices

Financial firm CISO, Tom Quinn, takes us from his first experience with modern computers in the military to his current role as a Chief Information Security Officer. It's important to understand how the technology works, but it's also important to understand how people work. And, to make a difference. Our thanks to Tom for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Proactive, efficient threat mitigation and risk management require understanding adversaries’ fundamental thought processes, not just their tools and methods. Cyber threat intelligence analysts combed through 15 years (2004 to 2019) of public sources that have documented the activities of one prolific threat actor, Russia’s military intelligence agency, the GRU. Analysis shows that the timing, targets, and impacts of this activity mirrored Russian strategic concerns about specific events and developments. Joining us in this week's Research Saturday are Brad Stone & Nate Beach-Westmoreland from Booz Allen Hamilton to discuss their report and some of the 33 case studies presented in it. The research can be found here: Bearing Witness: Uncovering the Logic Behind Russian Military Cyber Operations Learn more about your ad choices. Visit megaphone.fm/adchoices

Twitter’s transparency efforts see through accounts being run by Chinese, Russian, and Turkish actors. Zoom is working to both comply with Chinese law and contain the reputational damage involved in doing so. Industrial firms recover from Ekans infestations. Caleb Barlow from CynergisTek on how hospital CISOs are dealing with the COVID-19 situation. Our guest is Ronald Eddings from Palo Alto Networks and the Hacker Valley Studio Podcast on strategies for finding and managing security architects. And it’s not Posh Spice who’s got the attention of Maze; it’s just her M&A advisors. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/114 Learn more about your ad choices. Visit megaphone.fm/adchoices

The Gamaredon Group is back, and what’s their secret? Like Crazy Eddie’s, it’s volume! Doxing during times of unrest. Phoney contact-tracing apps are snooping on personal information in at least ten countries. Thanos is a criminal favorite in the ransomware-as-a-service market. Another skirmish in the Crypto Wars is brewing up on Capitol Hill. David Dufour from Webroot on how organizations can successfully navigate their new workplace realities. Our guest is Chester Wisniewski from Sophos on fleeceware apps found in the Apple app store. And no, really, Elon Musk is not on YouTube offering you Bitcoin. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/113 Learn more about your ad choices. Visit megaphone.fm/adchoices

Notes on Patch Tuesday--it was a fairly big one this time. Honda continues its investigation of the incident it sustained over the weekend, and outsiders see it as a ransomware attack. Facebook is said to have developed a Tails zero-day to help the FBI with a notorious case. Crooks are turning to search engine optimization. IBM and Google cloud services recovered quickly from outages. You’re unlikely to get rich from a breach settlement. Joe Carrigan describes free online courseware aimed at Community College students. Our guest is Dennis Toomey from BAE on how financial institutions need to enact stronger cyber protocols as employees migrate to working from home. And BellTroX says, hey, it was just helping some private eyes. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/112 Learn more about your ad choices. Visit megaphone.fm/adchoices

Commercialized hacking-for-hire is traced to an Indian firm, but it’s probably not an isolated problem. Ransomware shuts down Honda production lines in three continents. Criminals develop and distribute an anti-DDoS tool to help keep the dark web souks responsive and available. Ben Yelin revisits Twitter’s flagging or removing the U.S. President’s tweets. Our guest is Jeremy Oddo from The Third Floor to discuss cybersecurity in Hollywood during COVID-19. And researchers compile a menu of cyber contraband. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/111 Learn more about your ad choices. Visit megaphone.fm/adchoices

South and Southwest Asian regional rivalries play out in cyberspace. Election interference could move from disruptive influence operations to actual vote manipulation. Someone is spearphishing leaders in Germany’s PPE task force. Nations move to restrict dependence on foreign companies in their infrastructure. Justin Harvey from Accenture on the train of thought behind breach disclosure. Our own Rick Howard on DevSecOps. And Washington State recovers some, but not all, of the unemployment funds lost to fraud. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/110 Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber analyst, Tracy Maleeff, shares her unexpected journey from the library to cybersecurity and offers advice for those both seeking to make a change and those doing the hiring. It's not just about the invitation, it's more than that. Our thanks to Tracy for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Earlier this year, a Virgin Media database containing the personal details of 900,000 people was discovered to be unsecured and accessible online for 10 months. The breach was discovered by researchers at the security firm TurgenSec. This breach had major implications under GDPR. Joining us in this week's Research Saturday are George Punter and Peter Hansen from TurgenSec to talk about the discovery of the breach. The research can be found here: Virgin Media Disclosure Statement & Resources Learn more about your ad choices. Visit megaphone.fm/adchoices

It’s mostly cyberespionage today, with an admixture of influence operations. Google has warned both major US Presidential campaigns that Chinese and Iranian intelligence services are after their staffers’ email accounts, so far apparently without much success. Russia, China, and Iran devote some purposive media attention to US civil unrest. Johannes Ullrich from SANS on malicious PowerPoint add-ins. Our guest is Bil Harmer from SecureAuth on credential carelessness. And Qatar’s rivals in the Gulf continue their information campaign against Doha: this time it’s bogus news of a coup. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/109 Learn more about your ad choices. Visit megaphone.fm/adchoices

Nuisance-level hacktivism continues to surround US protests. The Higaisa APT is active in Southeast Asia. Goblin Panda is back, with USB-borne malware. A new strain of ransomware is described: “Tycoon.” The EU considers whether to sanction Russia over the GRU’s hack of Germany’s Bundestag. CISA launches a new public resource for cybersecurity. Zulfikar Ramzan from RSA on cybersecurity and digital risk in the context of pandemics. Our guest is Grant Goodes from GuardSquare on security of mobile app voting. And a Texas man pleads guilty to conspiracy to commit money-laundering in the course of a BEC scam. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/108 Learn more about your ad choices. Visit megaphone.fm/adchoices

Protest groups sustain DDoS attacks, too. Old school denial-of-service afflicts police radio networks in Chicago: they’re being jammed with talk, music, and other noise. Influencers and wannabes continue to use unrest as an occasion for on-line branding. The Sodinokibi gang is selling data stolen in ransomware attacks, and Maze seems to be establishing a criminal cartel. Is email to voting what shadow IT is to the enterprise? Ben Yelin describes a federal case involving police screenshots of a suspects’ phone as evidence. Our guest is Steve Durbin from the Information Security Forum on the Threat Horizon 2022 report. And cybercrime for dummies. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/107 Learn more about your ad choices. Visit megaphone.fm/adchoices

Unrest accompanied by misinformation, disinformation, and Anonymous theater. Booter hacktivism. Extremist inauthenticity. The Cyberspace Solarium Commission releases its white paper on the pandemic’s lessons for cybersecurity. Joe Carrigan unpacks Casio executing a DMCA takedown on a hardware hack. Our guest is Herb Stapleton from the FBI on the 20 year anniversary of the IC3. And the UK’s Test and Trace system is expected to be accompanied by a wave of fraud. Actually, that fraud has already begun. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/106 Learn more about your ad choices. Visit megaphone.fm/adchoices

Hacking, and more claims of hacking, surround the unrest in Minnesota. Data breach at Amtrak Guest Rewards. More companies found port scanning. Four cybersecurity lessons from the pandemic. David Dufour from Webroot with an overview of online scams his team is tracking during COVID-19, Our own Rick Howard compares resiliency with business continuity. And a new 5G device is not only holographic, but quantum oscillatin’ too. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/105 Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode of CyberWire-X, Rick Howard, the CyberWire’s Chief Analyst, interviews security thought leaders on the strategy and tactics to extend the security controls we’ve typically used to protect our handful of remote employees in the past to today, during the pandemic, that requires us to deploy flexible but equivalent controls at scale to everybody in the organization. Joining us is Bob Turner, CISO of the University of Wisconsin at Madison. Later in the program, we will hear from Mounir Hahad, the head of Threat Labs, and Mike Spanbauer, a security evangelist, at Juniper Networks, the sponsor of the show. Thanks to our sponsor, Juniper Networks. Learn more about your ad choices. Visit megaphone.fm/adchoices

Working with many different honeypot implementations, a security researcher did an experiment expanding on that setting up a simple docker image with SSH, running a guessable root password. The catch? What happened in the next 24 hours was unexpected. Joining us in this week's Research Saturday to talk about his experiment is Larry Cashdollar of Akamai. The research can be found here: A Brief History of a Rootable Docker Image Learn more about your ad choices. Visit megaphone.fm/adchoices

NSA warns that the GRU’s Sandworm outfit has been actively exploiting a known vulnerability in Exim. Someone is attacking industrial targets in Japan and Europe using steganography and other evasive tactics. NTT Communications is breached, and Michigan State University sustains a ransomware attack. Ben Yelin unpacks the President’s executive order aimed at social media companies. Our guest is Vik Arora of the Hospital for Special Surgery on protecting health care organizations during COVID-19. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/104 Learn more about your ad choices. Visit megaphone.fm/adchoices

Hackers-for-hire find criminal work during the pandemic. The US Department of Energy is said to have taken possession of a Chinese-manufactured transformer. US President Trump may be considering an Executive Order about the legal status of social media. Contact-tracing apps in France and the UK are scrutinized for privacy. Ben Yelin from with the latest iPhone cracking case between the FBI and Apple. Our guest is retired CIA master of disguise Jonna Mendez on her book The Moscow Rules. Canada’s Centre for Cyber Security assesses current risks, and Huawei’s CFO loses a round in a Vancouver court. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/103 Learn more about your ad choices. Visit megaphone.fm/adchoices

Berserk Bear is back, and snuffling around Germany’s infrastructure. Two new Android issues surface. India opens up the source code for its COVID-19 contact-tracing app as such technological adjuncts to public health continue to arouse privacy concerns. [F]Unicorn poses as Italy’s Immuni app. An alleged FIN7 gangster is arrested. Australia’s Data61 urges companies not to scrimp on R&D. Joe Carrigan on Android mobile malware getting new features. Our guest is Frederick “Flee” Lee from Gusto on CCPA. And does your underwear come with a Faraday cage? We thought it might. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/102 Learn more about your ad choices. Visit megaphone.fm/adchoices

Turla tunes its tools. The commodity Trojan AnarchyGrabber is now stealing passwords. A new iOS jailbreak has been released. The UK reconsiders its decision to allow Huawei into its 5G networks. A tech group lobbies the US House against warrantless inspection of searches. Remote work’s regulatory risk. COVID-19 conspiracy theories. Hackers say they’re vigilantes. Our own Rick Howard on intrusion kill chains, his latest episode of CSO Perspectives. Our guest is Nico Fischbach from Forcepoint on deepfakes expanding outside of disinformation campaigns to the enterprise. And too many remote workers appear to have too much time on their hands. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/101 Learn more about your ad choices. Visit megaphone.fm/adchoices

In December 2019, the GOLD VILLAGE threat group that operates the Maze ransomware created a public website to name and shame victims. The threat actors used the website to dump data they exfiltrated from victims' networks before they deployed the ransomware. Secureworks Counter Threat Unit (CTU) researchers have observed several ransomware operators following suit. Joining us in this week's Research Saturday is Alex Tilley of SecureWorks' Counter Threat Unit. Learn more about your ad choices. Visit megaphone.fm/adchoices

Indonesia’s election database has leaked, and PII is for sale in the dark web. Phishing campaigns abuse Firebase. The Shiny Hunters are selling Mathway user records. US agencies warn of COVID-19-themed criminal campaigns. Contact tracing technology hits a rough patch. Johannes Ullrich from SANS on phishing PDFs with incremental updates. Our guest is author Peter Singer on his new book, Burn-In. And what are you going to do when you return to the workplace? If, that is, you’ve left the workplace at all, and if you’re in fact ever going to return? For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/100 Learn more about your ad choices. Visit megaphone.fm/adchoices

Website defacements in Israel may be hacktivist work. Iranian cyberespionage against Saudi Arabia and Kuwait. The latest evolution of ZeuS. The Winnti Group is still hacking, and it still likes stealing in-game commodities. Contact tracing during the pandemic proves harder than many thought it would be. Economic trends for the security sector as it prepares to emerge from the general state of emergency. Caleb Barlow wonders if GDPR may have unintended consequences for stopping COVID-19 scammers. Gabriel Bassett from Verizon on the 2020 DBIR. And if you’re looking for qualified workers, follow the layoff news. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/98 Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber spies steal prototype missile data. Others hack into South Asian telecoms, and still others go after easyJet passengers’ travel data. Cyberattacks, misinformation, and cyber fraud continue to follow the COVID-19 pandemic. Joe Carrigan weighs in on the Thunderspy vulnerability. Our guest is James Dawson with insights on DMARK threats and why it’s worse during COVID-19. And think twice before you post, no matter how good or bad you think the beer is. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/98 Learn more about your ad choices. Visit megaphone.fm/adchoices

Foreign intelligence services attribute a recent cyberattack on an Iranian port to Israeli operators. EasyJet discloses a breach of passenger information. Verizon’s annual Data Breach Report is out, and it finds more errors than it does exploits. A look at the Dark Web during the pandemic. US authorities warn local law enforcement to watch for misinformation-driven telecom vandalism. Ben Yelin explains why the ACLU is suing Baltimore over a surveillance plane. Our guest is Robb Reck from Ping Identity on a recent CISO Advisory Council meeting regarding the sudden shift to working from home. And REvil is still offering celebrity dirt for sale...if they’ve actually got any. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/97 Learn more about your ad choices. Visit megaphone.fm/adchoices

European supercomputers were hacked by cryptominers. UK electrical power distributor recovers from its cyberattack. A database containing personal data related to the EU Parliament is found exposed. REvil says it’s got the celebrity goods, but has yet to show its hand. The US and China move into a new round of trade and security conflict. Justin Harvey shares insights on how companies are adjusting to the new remote working environment and the impacts to their security posture. Our guest is Ehsan Foroughi from SecurityCompass on compliance issues. And catphishing with some pretty implausible impersonations of US Army generals. For links to all of today's stories check out our CyberWire daily news brief: https://thecyberwire.com/newsletters/daily-briefing/9/96 Learn more about your ad choices. Visit megaphone.fm/adchoices

Section 52, CyberX’s threat intelligence team, has uncovered an ongoing industrial cyberespionage campaign targeting hundreds of manufacturing and other industrial firms primarily located in South Korea. CyberX has identified more than 200 compromised systems from this campaign, including one belonging to a multi-billion dollar Korean conglomerate that manufactures critical infrastructure equipment such as heavy equipment for power transmission and distribution facilities, renewable energy, chemical plants, welding, and construction. Joining us in this week's Research Saturday is Phil Neray, one of the authors of this report. The research can be found here: Gangnam Industrial Style: APT Campaign Targets Korean Industrial Companies Learn more about your ad choices. Visit megaphone.fm/adchoices

More malware designed for air-gapped systems. A British utility sustains a ransomware attack. The US Cyberspace Solarium Commission sees lessons in the pandemic for cybersecurity. Contact-tracing technologies take a step back,maybe a step or two forward. Rob Lee from Dragos comparing the state of ICS security around the world, our guest is Ian Pitt from LogMeIn on lessons learned working remotely during COVID-19. Criminals increase ransomware attacks on hospitals, and swap templates to impersonate government relief agencies. For links to all of today's stories check out our CyberWire daily news brief: https://thecyberwire.com/newsletters/daily-briefing/9/95 Learn more about your ad choices. Visit megaphone.fm/adchoices

ARCHER goes offline after a security incident. Scammers smish victims with bogus contact-tracing messages. Ramsay malware goes after air-gapped systems. Ako ransomware now places a surcharge on deletion of stolen data. Google boots creepware apps with the help of the CreepRank algorithm. Johannes Ullrich explains that when it comes to malicious binaries bypassing anti-malware filters, size matters. Our guest is Pat Craven, Director of the Center for Cyber Safety and Education on the security social media apps. And kooky 5G conspiracists go after cell towers in the US. For links to all of today's stories check out our CyberWire daily news brief: https://thecyberwire.com/newsletters/daily-briefing/9/93 Learn more about your ad choices. Visit megaphone.fm/adchoices

Ransomware continues to steal personal information. Notes on Patch Tuesday--and please, by all means patch. The FBI says it’s investigating cyberespionage directed against COVID-19 researchers (and US officials see direct data corruption in espionage). And the AI doesn’t really know what to make of us any more. Joe Carrigan from JHU ISI on Twitter’s response to 5G related Coronavirus conspiracy theories, our guest is Chris Cochran from Netflix on the importance of personal health and safety. For links to all of today's stories check out our CyberWire daily news brief: https://thecyberwire.com/newsletters/daily-briefing/9/93 Learn more about your ad choices. Visit megaphone.fm/adchoices

Unattributed cyberattacks in an Iranian port prompt speculation that a broader cyberwar in the Middle East may be in the offing. CISA releases malware analysis reports on North Korea’s Hidden Cobra. Astaroth malware grows more evasive (and it was already pretty good at hiding). Texas courts sustain a ransomware attack. COVID-19 espionage warnings are on the way. Twitter’s misinformation warning system. Ben Yelin describes a Fourth Amendment case on automated license plate reader (ALPR) databases. Our guest is Brian Dye from Corelight on dealing with encrypted traffic without compromising privacy. And taking down Plandemic’s trailer. For links to all of today's stories check out our CyberWire daily news brief: https://thecyberwire.com/newsletters/daily-briefing/9/92 Learn more about your ad choices. Visit megaphone.fm/adchoices

A cyberattack with kinetic effect. Shiny Hunters post more stolen wares online. Thunderspy and evil maids. Some developing background to the US bulk power state-of-emergency Executive Order. Contact tracing apps: reliability, privacy, security, familiarity, and rates of adoption all raise questions. The economic consequences of the pandemic emergency. Caleb Barlow from CynergisTek on Alan Brunacini’s concept of an Incident Action Plan, our guest is James Yeager from CrowdStrike on their Global Threat Report. And the reappearance of the yellow press in social media. For links to all of today's stories check out our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/May/CyberWire_2020_05_11.html Learn more about your ad choices. Visit megaphone.fm/adchoices

Multiple media reports have indicated that the United States’ (U.S.) 2020 general election could be targeted by foreign and domestic actors after the successful cyber and misinformation attacks during the 2016 general election. The responsibility of secure and ethical online campaigning has become a central issue in the 2020 election. In some cases, it has become part of candidate platforms. Joining us in this week's Research Saturday is Paul Gagliardi from Security Scorecard, discussing their recent report detailing the cybersecurity of the 2020 Presidential race. The research can be found here: 2020 Democratic Presidential Candidates Get Smart to Cybersecurity Report Learn more about your ad choices. Visit megaphone.fm/adchoices

Naikon has returned from four years in the shadows to snoop around the shores of the South China Sea. Tencent trains censorship algorithms on WeChat. Snake ransomware is back, making its way through the healthcare sector. Seeing Charming Kitten's pawprints in World Health Organization networks. Voting security during (or even after) a pandemic. Malek Ben Salem from Accenture on their Technology Vision report, our guest is Thomas Rid from Johns Hopkins University on his book, Active Measures. And unemployed workers are offered gigs as money mules. For links to all of today's stories check out our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/May/CyberWire_2020_05_08.html Learn more about your ad choices. Visit megaphone.fm/adchoices