CyberWire Daily

Multiple e-commerce and financial organizations around the world are targeted by cybercriminals attempting to bypass or disable their security mechanisms, in some cases by using tools that imitate the activities of legitimate users. Linken Sphere, an anti-detection browser, is one of the most popular tools of this kind at the moment. Staffan Truvé is the CTO and Co-Founder of Recorded Future, he joins us to discuss their new report on the browser. The research can be found here: Profiling the Linken Sphere Anti-Detection Browser Learn more about your ad choices. Visit megaphone.fm/adchoices

Amid indications that both Iran and the US would prefer to back away from open war, concerns about Iranian power grid battlespace preparation remain high. Recent website defacements, however, increasingly look more like the work of young hacktivists than a campaign run by Tehran. Phones delivered under the FCC’s Lifeliine Assistance program may come with malware preinstalled. And we’ll take Cybersecurity for six hundred, Alex. Tom Etheridge from Crowdstrike on having a board of directors’ playbook. Guest is Curtis Simpson from Armis on CISO burnout. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_10.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

As kinetic combat abates in Iraq, warnings of cyber threats increase. US intelligence agencies warn of heightened likelihood of Iranian cyber operations. These may be more serious than the low-grade website defacements and Twitter impersonations so far observed. One operation, “Dustman” has hit Bahrain, and it looks like an Iranian wiper. And some notes on the Lazarus Group, and a quick look at information ops across the Taiwan Strait. Emily Wilson from Terbium Labs with details from their recent report, “How Fraud Stole Christmas.” Guest is Karl Sigler from Trustwave in the risks of using Windows 7. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_09.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Iran took some missile shots at two US air bases in Iraq last night, and President Trump barked back in a late morning press conference, but actually both sides seem inclined to move toward de-escalation. No major Iranian cyberattacks have developed, despite some low-grade skid vandalism of indifferently defended sites, but CISA’s warnings seem generally to be taken seriously. And the Cyber Solarium gave a preview of its recommendations for a US national cyber strategy. Caleb Barlow from CynergisTek with insights on potential cyber attacks from Iran. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_08.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

The kittens haven’t scratched much so far, but the US Government and others are warning organizations to be alert to the likelihood of Iranian cyberattacks in retaliation for the combat death, by US missile, of Quds Force commander Soleimani. Fancy Bear is the usual suspect in the case of the Austrian Foreign Ministry hack. Patch your Pulse Secure VPN servers if you’ve got ‘em. ToTok is back in the Play Store. And there’s an executive who turned out to be an insider threat. Robert M. Lee from Dragos with a look back at 2019 ICS security issues. Guest is Tom Tovar from AppDome on mobile API security. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_08.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Iran vows retribution for the US drone strike that killed the commander of the Quds Force. The US prepares for Iranian action, and the Department of Homeland Security warns that cyberattacks are particularly likely. Some low-grade Iranian cyber operations may have already taken place. Austria’s Foreign Ministry sustains an apparent state-directed cyber espionage attack, and in the UK authorities are taking a second look at the August outages at the London Stock Exchange. Joe Carrigan from JHU ISI, describing a clever defense against laptop theft. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_06.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

The US and Iran trade fire in Iraq, and a leading Iranian general is killed in a US airstrike. A corresponding escalation of cyber operations can be expected. Currency exchange Travelex continues to operate manually as it works to recover from what it calls “a software virus.” There’s speculation that the RavnAir incident may have been a ransomware attack. And Taiwan adopts an active policy against Chinese attempts to influence its elections. Johannes Ullrich from the SANS Technology Center on vulnerabilities in Citrix NetScaler installations. Guest is Derek Manky from Fortinet on what to expect in AI for 2020. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_03.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Unit 42 (the Palo Alto Networks threat intelligence team) released new research on a Jira vulnerability that’s leaking data of technology, industrial and media organizations in the public cloud. The vulnerability (a Server Side Request Forgery -- SSRF) is the same type that led to the Capital One data breach in July 2019. Jen Miller-Osborn is the Deputy Director of Threat Intelligence for Unit 42 at Palo Alto Networks, and she joins us to share their findings. The research can be found here: https://unit42.paloaltonetworks.com/server-side-request-forgery-exposes-data-of-technology-industrial-and-media-organizations/ Learn more about your ad choices. Visit megaphone.fm/adchoices

Microsoft takes down bogus domains operated by North Korea’s Thallium Advanced Persistent Threat. The Cloud Hoppercyber espionage campaign turns out to have been far more extensive than hitherto believed. The US wants Huawei (and ZTE) out of contractor supply chains this year. India will test equipment before allowing it into its 5G networks. And the California Consumer Privacy Act is now in effect. Joe Carrigan from JHU ISI with the story of a financial advisor who payed the price for falling for a phishing scheme. Guest is Dave Burg from EY on the global perspective of cyber security risk. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_02.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In this CyberWire special edition, advice from a pair of seasoned cyber security investors. Ron Gula caught our eye with an article he recently penned titled "Cyber entrepreneur pitfalls you can avoid." In it, he gathers a group of tech investors to get their takes on the dos and don'ts of pitching to venture capitalists. Ron runs Gula Tech Adventures along with his wife Cindi, where they aim to support the next generation of cyber technology strategy and policy. DataTribe's Mike Janke joins the conversation with his experiences guiding hopeful young entrepreneurs through the pitch process. Learn more about your ad choices. Visit megaphone.fm/adchoices

Dan Woods is VP of the intelligence center and Shape Security. He shares insights on two noteworthy attacks tools, Genesis and Magecart. Before joining Shape Security Dan served as assistant chief agent of special investigations at the Arizona attorney general's office, where he investigated complex fraud. Prior to that, he spent 20 years with federal law enforcement agencies and intelligence organizations, including the CIA and FBI, where he specialized in information operations and cybercrime. Learn more about your ad choices. Visit megaphone.fm/adchoices

Pegasus may have appeared in Pakistan. Legion Loader packs in six bits of malware in one Hornets’ Nest campaign. Someone may have hacked Bank of England press releases to give them a few seconds’ advantage in high-speed trading. Frakfurt, in the German Land of Hessen, is clearing its networks of an Emotet infection. Some seasonal, topical scams are circulating. And what would Clippy do? Craig Williams from Cisco Talos with a look back at 2019's most serious vulnerabilities. Guest is Bob Ackerman from Allegis Capital with insights on the cyber security VC environment. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_20.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Spanish TV is temporarily replaced by Russian programming. APT20, Violin Panda, is back, and playing a familiar tune. Rancor against Cambodia. The US Congress gets frosty with China and Russia. How Zeppelin ransomware spreads. Due diligence in M&A. Germany’s BSI warns of an Emotet campaign. A suspect in the Dark Overlord case is arraigned in St. Louis. The FBI collars a guy who ratted himself out over social media. David Dufour from Webroot with a review of their 2019 mid-year threat report. Guest is James Ritchey from GitLab with lessons learned on the one-year anniversary of their bug bounty program. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_19.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

More ransomware steals first, encrypts later. Are cobots vulnerable to novel forms of ransomware? Gangnam Industrial Style--the espionage campaign, not the K-pop dance number. Rancor is a persistent, well-resourced, and creative APT, but without much success to its credit. The Foreign Intelligence Surveillance Court takes the FBI to the woodshed. And, hey, maybe he’s really Vlad the Updater? Tom Etheridge from CrowdStrike on incident response speed and the 1-10-60 concept. Guest is Eli Sugarman from the Hewlett Foundation with the results of their CyberVisuals contest. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_18.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Updates on the ransomware attacks in Florida and Louisiana. North Korea’s Lazarus Group adopts a new Trojan as it shows signs of pivoting into the Linux ecosystem. Insufficient entropy in IoT key generation. Older versions of WhatsApp are vulnerable to exploitation. The state of Julian Assange’s extradition to the US. Hey--this is Moscow! Where’d you think you were, Iowa? And guess who’s still running Windows XP? Ben Yelin from UMD CHHS on Google location data being used to find a bank robber. Guest is Michael Chertoff from the Chertoff group on the 5G transition. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_17.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Iran says it’s foiled a cyber espionage campaign mounted by APT27, a Chinese threat group. The Indian government responds to protests over a citizenship law in two states by sending in troops and cutting off the Internet in those states. The City of New Orleans sustains what appears to be a ransomware attack. So does a New Jersey healthcare network. And three Senators would like credit bureaus to tell them what the FBI is asking for. Joe Carrigan from JHU ISI on Twitter’s proposal to shift to open standards. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_16.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Capture the Flag competitions are an increasingly popular and valuable way for both cyber security students and seasoned professionals to test their skills, stay sharp and maybe even put a bit swagger on display. We set out to capture the excitement of a capture the flag event. As luck would have it, our sponsors at Juniper Networks were hosting a capture the flag hackathon at their annual NXTWork conference in Las Vegas, and they invited our CyberWire team to join them to experience it for ourselves. Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers at BlackBerry Cylance have been tracking ordinary WAV audio files being used to carry hidden malicious data used by threat actors. Eric Milam is VP of threat research and intelligence at BlackBerry Cylance, and he joins us to share their findings. The research can be found here: https://threatvector.cylance.com/en_us/home/malicious-payloads-hiding-beneath-the-wav.html Learn more about your ad choices. Visit megaphone.fm/adchoices

Parties unknown are phishing for government credentials in at least eight countries. Some other parties unknown are compromising Telegram accounts in Russia. Lateral movement is in the news, but not the good, Lamar Jackson kind. A familiar order of battle in the Crypto Wars emerges, again. NSA’s IG reports on SIGINT data retention. And a peek into what we suppose we must call the minds of some of the people hacking Ring systems. Daniel Prince from Lancaster University on Cyber security testbeds for IoT research. Guest is David Belson with Internet Society on Russian “Sovereign Internet” Law. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_13.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Flying false flags, and borrowing someone else’s attack tools as the mast you use to run them up. The Pensacola cyber attack has been identified as involving Maze ransomware. China moves toward building its own autarkic operating system. US Senate Judiciary Committee hearings take an anti-encryption turn. TrickBot is phishing with payroll phishbait. And Krampus malware is punishing iPhone users as they shop during the holidays. Tom Etheridge VP of services from CrowdStrike, introducing himself. Guest is Dean Sysman from Axonius on S3 security flaws. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_12.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Iran says it’s stopped a cyber attack, and that an insider was responsible for a major paycard exposure. Trickbot is now working for the Lazarus Group. Influence operations both foreign and domestic concern British voters on the eve of the general election. The cryptowars are heating up again as the US Senate opens hearings on encryption. Pensacola’s cyberattack was ransomware, and so too apparently was the one that hit the Cherokee Nation. And do it for state. Emily Wilson from Terbium Labs with warnings about connected gifts for children. Guest is Kevin Lancaster from ID Agent on monitoring people affected by the OPM breach. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_11.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

The city of Pensacola is hit hard by an unspecified cyberattack. Ryuk ransomware decryptors may cause data loss. A new variant of Snatch ransomware evades anti-virus protection. The US Justice Department’s Inspector General has reported on the FBI’s Crossfire Hurricane investigation. Another unsecured database exposes PII. Keep an eye out for Patch Tuesday updates. And it’s prediction season, so CyberScoop lets the bots out. Ben Yelin from UMD CHHS on legislating the right to sue online platforms. Guest is Chris Wysopal from Veracode with findings on security debt from their State of Software Security report. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_10.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Ocean Lotus puts down more roots in automobile manufacturing. Ransomware hits dentists’ IT providers as well as a Rhode Island town. The US is offering a reward of $5 million for information leading to the arrest or--and we stress “or”--conviction of Dridex proprietor Maksim Yakubets. Russian influence operations seem to be aiming at stirring things up over this week’s British election. And an awful lot of Windows 7 machines still seem to be out there. Joe Carrigan from JHU ISI on McAfee predictions of two-stage ransomware extortion. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_09.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers at Palo Alto Networks' Unit 42 recently published research outlining attacks on home and small-business routers, taking advantage of known vulnerabilities to make the routers parts of botnets, ultimately used to attack gaming servers. Jen Miller-Osborn is the Deputy Director of Threat Intelligence for Unit 42 at Palo Alto Networks. She joins us to share their findings. The research can be found here: https://unit42.paloaltonetworks.com/home-small-office-wireless-routers-exploited-to-attack-gaming-servers/ Learn more about your ad choices. Visit megaphone.fm/adchoices

Facebook sues a company for ad fraud. Unix-based VPN traffic is vulnerable to tampering. Russian disinformation in Lithuania. Apple explains why new iPhones say they’re using Location Services, even when Location Services are switched off. Researchers set a new record for cracking an encryption key. And ransomware hits a New Jersey theater. David Dufour from Webroot with a look back at 2019's nastiest cyber threats. Guest is Robert Waitman from Cisco with results from their recent Consumer Privacy Survey. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_06.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Data center operator CyrusOne sustains a ransomware attack. Another third-party breach involves a database inadvertently left exposed on an unprotected server. Buran ransomware finds its place in the black market, as does the new loader Buer. China’s Great Cannon is back and firing DDoS all over Hong Kong. Russian trolls are newly active in Lithuania. And a business email compromise scam fleeces a Chinese venture capital firm of $1 million--enough for a nice seed round. Robert M. Lee from Dragos on the evolution of safety and security in ICS. Guest is Sean O’Brien from @RISK Technologies on how states and cities need to prepare against election-targeted cyber attacks. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_05.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

North Korea’s Lazarus Group may have been looking for Indian reactor design information. A possible case of Russian influence operations, served up by phishing, is under investigation in the UK. The ZeroCleare wiper malware is out and active in the wild. NATO’s summit addresses cyber conflict, and a big NotPetya victim challenges insurers’ contentions that the malware was an act of war. And an international police action takes down a black market spyware souk. Michael Sechrist from Booz Allen Hamilton on security concerns with messaging apps like Slack. Guest is Roger Hale from YL Ventures on the changing role of the CISO when it comes to managing risk. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_04.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Someone believes, or would like others to believe, that Britain’s National Health Service is for sale to the US. There’s no word on whether the US has offered the Brooklyn Bridge in exchange. The “Quantum Dragon” study summarizes Chinese efforts to obtain quantum research results from Western institutions. The FBI says FaceApp is a security threat. PyXie, a Python RAT, has been quietly active in the wild since 2018. An Ethereum developer is accused with aiding Pyongyang. Ben Yelin from UMD CHHS on a bipartisan bill requiring a warrant for facial recognition use. Guest is Earl Matthews from Verodin on the importance of collaboration between state governments and technology vendors to ensure election security. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_03.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

France might go on the offensive against ransomware attackers. The UK’s NCSC has been helping an unnamed nuclear power company recover from a cyberattack. A failed cyberattack targeted the Ohio Secretary of State’s website on Election Day. MixCloud confirms data breach. The Imminent Monitor RAT is shut down by law enforcement. And a cryptocurrency exchange loses nearly fifty-million dollars. Joe Carrigan from JHU ISI on victim blaming. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_02.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In this CyberWire special edition, an extended version of our conversation from earlier this year with Peter W. Singer. We spoke not long after the publication of his book, Like War - the Weaponization of Social Media. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this CyberWire special edition, a conversation with John Maeda. He’s a Graphic designer, visual artist, and computer scientist, and former President of the Rhode Island School of Design and founder of the SIMPLICITY Consortium at the MIT Media Lab. His newly released book is How to Speak Machine - Computational Thinking for the Rest of Us. Learn more about your ad choices. Visit megaphone.fm/adchoices

A Fullz House for Thanksgiving. Google finds that nation-state phishing continues at its customary high levels. DeathRansom, the low-end ransomware that didn’t actually encrypt files, has now begun to do so. The Stantinko botnet adds cryptomining functionality. Microsoft reflects on Dexphot, and the sophistication it brings to ordinary malware. Supply chain security rules are coming to the US. A lawsuit in Tel Aviv. And some final notes on Black Friday. Daniel Prince from Lancaster University on business innovation and cyber security. Guest is Francesca Spidalieri from Salve Regina University on the importance of collaboration from all sectors. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_27.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Twitter and Facebook warn of potentially malicious software development kits being used by app developers to, potentially, harvest and monetize users’ data. Nursing homes affected by a third-party ransomware incident receive extortion demands that amount to some $14 million. THe Hollywood Reporter retails skeptical musings about the Sony Pictures hack on the fifth anniversary of the North Korean attack. And CISA offers advice for safe holiday shopping. Justin Harvey from Accenture with thoughts on smart cities. Guest is Sam Bakken from OneSpan on mobile app developers protecting against jailbreaking. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_26.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

A defection and a leak expose Chinese espionage and social control operations. Data aggregation and enrichment seem to underlie a big inadvertent data exposure. Something seems to be up in Kazakhstan’s networks. The US FCC takes a swing at Huawei and ZTE. Russia moves closer to its desired Internet sovereignty. A Chuckling Squad member is in custody. A spy goes to prison, cyber hoods do time, and the rats are up to no good in Estonia. That’s the rodents, not the Trojans. Caleb Barlow from Cynergistek with insights gained from a scammer’s call. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_25.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers at Anomali have been tracking China-based threat group, Mustang Panda, believing them to be responsible for attacks making clever use of Windows shortcut files. Parthiban is a researcher at Anomali, and he joins us to share their findings. The research is here: https://www.anomali.com/blog/china-based-apt-mustang-panda-targets-minority-groups-public-and-private-sector-organizations Learn more about your ad choices. Visit megaphone.fm/adchoices

Google researchers provide a Sandworm update. Internet sovereignty considered: an aid to law enforcement or a means of social control. LinkedIn reports on the 21-million bogus accounts it closed over the past year. Teacher becomes pupil as marketing learns from informaiton operators. Ohio man gets six years in Akron DDoS case. Ransomware case updates. A Parliamentary inquiry in India will look into the deployment of Pegasus against WhatsApp users. Craig Williams from Cisco Talos on the Panda cryptominer. Guest is Keenan Skelly from Circadence on getting the younger generation excited about cyber. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_22.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Refined Kitten seems to be up to something, perhaps in the control system world. Microsoft debunks claims about Teams, BlueKeep, and Doppelpaymer ransomware. The FBI warns the auto industry that it’s attracting attackers’ attention. A new attack technique, RIPlace, is described. Phineas Fisher’s bouty, considered. The UN, the AG, and the course of the cryptowars. Does America need a 5G czar? And ransomware from Baton Rouge to Rouen. Michael Sechrist from BAH on third party malware risks. Guest is Bill Connor from SonicWall with results from their Q3 Threat Data Report. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_21.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Louisiana works to recover from Monday’s ransomware attack. The HydSeven criminal group is delivering Trojans via spearphishing. A hotel reservation company sustained a massive data exposure. India’s government says it’s legally permitted to surveil citizens’ devices when it’s deemed necessary. Google, Facebook, Apple, and Amazon answer questions for Congress’s antitrust inquiry. A Chicago student is charged with coding for ISIS. And the National Security Agency offers advice for implementing TLSI. David Dufour from Webroot with findings from their midyear threat report . Guest is Bill Harrod from MobileIron on biometric data in the federal space. Learn more about your ad choices. Visit megaphone.fm/adchoices

Louisiana recovers from a ransomware attack against state servers. North Korea appears to still be interested in Indian industry--this time it’s people looking for jobs at Hindustan Aeronautics. Compromised CMS distributing info-stealing Trojans. HydSeven mounts a cross-platform spearphishing campaign. Macy’s and Magecart. Thoughts on supply chain security and cyber deterrence. And some legal updates, including some alleged academic money laundering. Ben Yelin from UMD CHHS on your rights to images you post of yourself online. Guest is Tom Miller from ClearForce on continuous discovery of insider threats. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_19.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Disney+ credentials already on sale in the black market souks. India reassures nuclear power partners that the Kudankulam incident didn’t compromise safety. Documents pertaining to Chinese and Iranian security operations leak. Internet restrictions go into force in Iran and Venezuela. Russia offers an Internet control treaty at the UN. The Lizard Squad might be back, and Phineas Fisher has also resurfaced. And happy birthday, CISA. Joe Carrigan from JHU ISI on the NICE conference. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_18.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers at McAfee's Advanced Threat Research Team have been analyzing Sodinokibi ransomware as a service, also known as REvil. John Fokker is head of cyber investigations for McAfee Advanced Threat Research, and he joins us to share their findings. The research is here: https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-what-the-code-tells-us/ Learn more about your ad choices. Visit megaphone.fm/adchoices

Pemex has recovered from the ransomware attack it sustained...or has it? TA2101 is spoofing German, Italian, and US government agencies in its phishing emails. A dropper in the wild is delivering a Trojan two-fer. AntiFrigus ransomware is avoiding C-drives for some reason. Ohio State researchers find a Bluetooth vulnerability. And the results of the annual DataTribe Challenge are in--we heard the three finalists pitch yesterday, and the judges have a winner. Robert M. Lee from Dragos on purple-teaming ICS networks. Guest is David Spark from the CISO/Security Vendor Relationship Podcast on marketing to CISOs. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_15.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

PureLocker is a new ransomware strain available in the black market. APT33 is showing a surge of activity. Lawfare and information operations in and around Hong Kong. Facebook takes down content for violating its Community Standards. And two alleged cyber criminals are facing charges: one is allegedly the former proprietor of Cardplanet, the other was selling a remote administrative tool the RCMP says was really a different kind of RAT. Justin Harvey from Accenture on the increasing use of biometrics in security. Guest is Jennifer Ayers from Crowdstrike with the insights from their Overwatch threat hunting report. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_14.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

National Association of Manufacturers hacked during Sino-American trade negotiations (and tensions). Ineffectual DDoS attacks hit both of the UK’s largest political parties. Pemex says it’s completed recovery from ransomware. The US Department of Health and Human Services will investigate Google’s Project Nightingale for possible HIPAA issues. And did BlueKeep warnings scare people into patching? Apparently not. Ben Yelin from UMD CHHS on California going after Facebook on alleged user privacy violations. Guest is Edward Roberts from Imperva on Ecommerce and bots. Learn more about your ad choices. Visit megaphone.fm/adchoices

The UK’s Labour Party says it was hacked, but unsuccessfully. The Lazarus Group seems to be back out and about, and apparently interested in India. The Platinum threat actor continues to prospect Southeast Asian targets with stealthy malware, and a new backdoor. Buran tries to take black market share in the ransomware-as-a-service souk. Paycard standard compliance is down. And is that a spy ship we see, or are you just looking at the seabed, all for science? Joe Carrigan from JHU ISI with browser vulnerabilities in Chrome and Firefox. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this CyberWire special edition, a conversation with Andy Greenberg, senior writer at WIRED and author of the new book "Sandworm - A New Era of CyberWar and the Hunt for the Kremlin’s Most Dangerous Hackers." It’s a thrilling investigation of the Olympic Destroyer malware, and an accounting of the new era in which we find ourselves, where nation states can target their adversaries critical infrastructure, and the often unintended consequences that follow. Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers from Palo Alto Networks' Unit 42 have been tracking a Chinese cyber espionage group they've named PKPLUG. The group mainly targets victims in the Southeast Asia region. Ryan Olson is VP of threat intelligence at Palo Alto Networks, and he joins us to share their findings. The original research is here: https://unit42.paloaltonetworks.com/pkplug_chinese_cyber_espionage_group_attacking_asia/ Learn more about your ad choices. Visit megaphone.fm/adchoices

Warnings and advice about Emotet and BlueKeep, both being actively used or exploited in the wild. Two new carding bots are in circulation against e-commerce sites. Expect more of this as criminals test stolen credentials in advance of the holiday shopping season. Amazon fixes a security flaw in its Ring doorbell. A Long Island company is charged with selling bad Chinese security systems as good made-in-USA articles. Michael Sechrist from BAH on preventing supply chain attacks. Guest is Andy Greenberg, senior writer at Wired an author of the book Sandworm — A new era of cyberwar and the hunt for the Kremlin’s most dangerous hackers. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_08.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

The US off-off-year elections seem to have gone off largely free of interference, but officials caution that major foreign influence campaigns can be expected in 2020. Three former Twitter employees are charged with spying for Saudi Arabia. The website defacement campaign in Georgia remains unattributed. Google boots seven adware droppers from the Play Store. Phishers are using web analytics for better hauls. And nation-states are targeting unpatched Confluence. Johannes Ullrich from the SANS Technology Institute on encrypted SNI in TLS 1.3 and how that can be used for domain fronting. Guest is Kevin O’Brien from GreatHorn on managing email threats. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_07.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Facebook closes a hole in Group data access. US authorities seek to reassure Congress and the public concerning the security of election infrastructure. Disinformation remains a challenge, however, as the US prepares for the 2020 elections. Criminals catch Potomac fever as they use politicians’ names and likenesses as an aid to distributing malware. Kaspersky outlines the now-shuttered DarkUniverse campaign. And Nikkei America loses millions to a BEC scam. Justin Harvey from Accenture on automated incident response. Carole Theriault speaks with Kristen Poulos from Tripwire on protecting the IoT. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_06.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices