CyberWire Daily

Ransomware hits Spanish companies. Pegasus continues to excite controversy in India. TikTok applies for Big Tech’s good-citizen club, but has apparently so far been blackballed. Booz Allen offers nine predictions for 2020: balkanization, supply chain threats, automotive data theft, war-droning, satellite hacks, tougher attribution, election interference, missiles against malware, and Olympic interference. And good dogs go after bad guys’ data storage devices. Ben Yelin from UMD CHHS on AT&T’s claims that they cannot be sued for selling location data to bounty hunters. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_05.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

BlueKeep is being exploited in the wild, not too seriously, yet, but you should still patch. Nunavut’s government is recovering from a ransomware attack is sustained Saturday morning. The NSO Group controversy spreads into an Indian politcal dust-up. Different Magecart groups are found to be be independently hitting the same victims. GandCrab provided a new template for the cyber underworld. And US Cyber Command deploys to Montenegro. Joe Carrigan with thoughts on the Coalfire pentesters criminal case. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_04.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

What’s an insider threat? Loosely, it’s a threat that operates from within your organization. In this CyberWire special edition, our UK correspondent Carole Theriault speaks with experts who’ll talk us through the different ways insider threats manifest themselves. A quick note - when Carole interviewed Dr. Richard Ford he was with Forcepoint. He’s since moved on to Cyren. Learn more about your ad choices. Visit megaphone.fm/adchoices

Until recently, usability was often an afterthought when developing security tools. These days there's growing realization that usability is a fundamental part of security. Lorrie Cranor is director of the CyLab Usable Privacy and Security lab (CUPS) at Carnegie Mellon University. She shares the work she's been doing with her colleagues and students to improve security through usability. The research can be found here: https://www.cylab.cmu.edu/news/2019/07/29-usability-history.html Learn more about your ad choices. Visit megaphone.fm/adchoices

FireEye warns of Messagetap malware and its spying on SMS. NSO Group’s Pegasus troubles seem to be expanding. Russia prepares to disconnect its Internet. The US opens a national security investigation into TikTok. An Android keyboard app is making bogus purchases and doing other adware stuff. E-sports draw criminal attention. And happy birthday, GCHQ. Robert M. Lee from Dragos on why it’s important for him to set aside time for teaching. Guest is Phil Quade from Fortinet on his recently published book, The Digital Big Bang, which makes an analogy between the Big Bang that created our Universe, and the explosion of bits & chaos in humankind’s age of cyber. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_01.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

The Kudankulam Nuclear Power Plant confirms it had malware in a business system, but that control systems were unaffected. Franchising coordinated inauthenticity. Facebook deletes NSO Group employees. Twitter says it will no longer accept political ads. NIST wants your comments. And Moody’s appears ready to consider cyber risk in its credit ratings. Ben Yelin from UMD CHHS on Europeans' right to repair. Guest is part two of my interview with Tanya Janca from Security Sidekick on web application inventory and vulnerability discovery. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_31.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

WhatsApp sues NSO Group for spreading Pegasus intercept software through WhatsApp’s service. Georgia continues its recovery from the large website defacement campaign it suffered at the beginning of the week. Facebook ejects more inauthenticity. Johannesburg hangs tough on cyber extortion. Money laundering finds its way into online games. Norsk Hydro’s insurance claim. An update on pentesting in Iowa. And Bed, Bath, and Beyond sustains a data breach. Awais Rashid from Bristol University on securing large scale infrastructure. Guest is Tanya Janca from Security Sidekick on finding mentors and starting her own company. Learn more about your ad choices. Visit megaphone.fm/adchoices

Fancy Bear is pawing at anti-doping agencies, again, suggesting more to come for the 2020 Tokyo Olympics. Johannesburg has declined to pay the Shadow Kill Hackers the money they demanded. Adwind jRAT has gotten a bit harder to detect. The US FCC is considering a measure that would prevent certain funds from being used to purchase Huawei or ZTE gear. Pwn2Own goes ICS. Georgia is hit by unknown hackers, and Magecart appears in an American Cancer Society website. Daniel Prince from Lancaster University on risk management and uncertainty. Guest is Robb Reck from Ping Identity with their research, 5 Steps to Improve API Security. Learn more about your ad choices. Visit megaphone.fm/adchoices

Actionable intelligence, culling signal from noise, and the online resilience of threat groups. Ransomware hits a legal case management system. The city of Johannesburg continues its recovery from an online extortion attempt. The Raccoon information stealer looks like a disruptive product in the criminal-to-criminal market: not the best, but good enough, and cheaper than the high-end alternatives. And who’s more vulnerable to scams: seniors or young adults? It’s complicated. Joe Carrigan from JHU ISI on Metasploit as a tool for good or bad. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_28.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers at Juniper Networks have been tracking a trojan they call Masad Stealer, which uses the Telegram instant messaging platform for part it its command and control infrastructure. (Telegram wasn't hacked; it's the innocent conduit.) Mounir Hahad is head of Juniper Threat Labs at Juniper Networks and he joins us to share their findings The original research is here: https://forums.juniper.net/t5/Threat-Research/Masad-Stealer-Exfiltrating-using-Telegram/ba-p/468559 Learn more about your ad choices. Visit megaphone.fm/adchoices

A spearphishing campaign is found targeting humanitarian, aid, and policy organizaitons. Google and Apple remove clickfraud-infested apps from their stores. A last look back at SecurityWeek’s 2019 ICS Cyber Security Conference, which wrapped up in Atlanta yesterday afternoon. Close- reading GCHQ and NSA advisories. The BBC takes to the dark web, in a good way. And Senators call for investigations of Amazon and TikTok. David Dufour from Webroot with research on phishing. Guest is Jeremy N. Smith, author and host of The Hacker Next Door podcast. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_25 .html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

AWS and Google Cloud are back up after early week unrelated outages. A German automation tool manufacturer discloses a ransomware infestation. Mobile malware in the spies’ toolkit. The FBI’s Protected Voices share election secuirty informaiton. Notes from SecurityWeek’s 2019 ICS Cyber Security Conference. NCSC’s annual report. And people have things to say about backdoors, bribes, and those aliens at Area 51. (Chemtrails, too.) Craig Williams from Cisco Talos with an update on Emotet. Guest is Dave Weinstein from Claroty discussing threats to critical infrastructure. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_24.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Magecart Group 5 is linked to the Carbanak gang. Another recently acquired reservation systems brings a headache to hospitality. Another app is found to carry the Joker malware. Some more notes from SecurityWeek’s ICS Cyber Security Conference in Atlanta, where the emphasis remains on attention to detail and taking care of first things first. And a list of the most dangerous celebrities offers a peek into the bad actors’ tackle box. Ben Yelin from UMD CHHS on a federal injunction against a company scraping user profiles from LinkedIn. Guest is Mandy Rogers from Northrop Grumman, on her own professional journey and the importance of diversity. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_23.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Facebook takes down more coordinated inauthenticity from Iran and Russia, and announces a new transparency policy about news sources. The former NSA Director schools an ICS security audience on the Westphalian system. Three VPNs and one antivirus provider sustain breaches that may be contained, but that may also derive from exploitation of phantom accounts. Microsoft gets more EU scrutiny. And Mr. Assange gets another day in court. Johannes Ullrich from the SANS Technology Institute on phishing targeting the financial industry. Guest is Ori Eisen from Trusona on moving beyond phone numbers, usernames and passwords online. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_22.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Some notes on not jumping to conclusions that incidents are cyber attacks. A false flag operation shows the difficulty of attribution: not everything that purrs is a kitten, because sometimes it’s a bear. Notes from the ISC Security Conference in Atlanta, including some reflections on the criminal market’s business cycle, the dangers of social engineering, and the importance of attending to the fundamentals. And the Vatican fixes a bug. Joe Carrigan from JHU ISI on the ease with which one’s identity can be determined using previously anonymized data sets. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_21.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers at Independent Security Evaluators (ISE) recently published a report titled SOHOpelessly Broken 2.0, Security Vulnerabilities in Network Accessible Services. This publication continues and expands previous work they did examining small office/home office (SOHO) routers, network-attached storage devices (NAS), and IP cameras. Shaun Mirani is a security analyst at ISE, and he joins us to share their findings. The original research is here: https://www.ise.io/whitepaper/sohopelessly-broken-2/ Learn more about your ad choices. Visit megaphone.fm/adchoices

Clickfraud arrives via a third-party SDK, and the app developers who used it say they didn’t know nuthin’. Maybe they didn’t. A Trojanized TOR browser warns its bro’s that, whoa, you’re out of date and the police might see you, but it’s really just stealing the bros’ alt-coin. WiFi bugs are fixed in Kindle and Alexa. Don’t try to jailbreak your iPhone from a sketchy Checkrain site. Two Big Tech companies take different directions on free speech. And Russia gets an assist from Uncle Sam. Craig Williams from Cisco Talos on a Tortoiseshell creating a fake veteran’s job site. Guest is Caleb Barlow from Cynergistek on the challenges of securing medical records. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_18.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Cozy Bear isn’t back--Cozy Bear never really left at all. Iran says the Americans are dreaming: there was no cyberattack in retaliation for Iran’s implausibly deniable missile strikes on Saudi oil fields last month. Malicious audio files are dropping cryptominers and reverse shells into victim systems. An international dragnet collars hundreds in a darknet child exploitation sweep. And Graboid is out there, worming its cryptojacker into susceptible Docker hosts. Robert M. Lee from Dragos on their contribution to the Splunk Boss of the SOC (BOTS) capture-the-flag (CTF) competition. Guest is Chris Hickman from Keyfactor on Public Key Infrastructure. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_17.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

The US may have retaliated in cyberspace for Iran’s strikes against Saudi oil fields. China’s new C919 airliner seems to have benefited greatly from industrial espionage. An old botnet learns new tricks. Typosquatting as an election influence trick. A look at price lists in the Criminal-to-Criminal marketplace. Recovering from ransomware. And when it comes to reputation management, there’s not so much a right to be forgotten as there is a right to fuggeddaboutit, if your get what we mean. Justin Harvey from Accenture on ESports gaining popularity in cyber security. Guest is Aashka, a high school junior who helped plan the Raytheon Girl Scouts National Cyber Challenge. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_16.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Ransomware hits companies in France and the US. A Finnish energy company sustains a suspicious IT incident. Turkey jams social media as it rolls tanks against the Kurds. Pegasus spyware said to be in use against Moroccan activists. Silent Librarian is still making noise. The Lazarus Group is back with a malign crypto-trading app. China tightens its cyber laws, and the EU privately warns itself that, yes, companies like Huawei are a security risk. Joe Carrigan from JHU ISI, responding to a listener question about training new employees. Carole Theriault interviews Dirk Schrader from Greenbone Networks on the security of medical data. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_15.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Michael Gillespie is a programmer at Emsisoft, as well as a host of the popular ID Ransomware web site that helps victims identify what strain of ransomware they may have been infected with, and what decryptors may be available. He's written many decryptors himself, most recently for the Syrk strain of ransomware. Links to the research and Michael's work: https://blog.emsisoft.com/en/33885/emsisoft-releases-a-free-decryptor-for-the-syrk-ransomware/ https://id-ransomware.malwarehunterteam.com/ https://www.youtube.com/user/Demonslay335 Learn more about your ad choices. Visit megaphone.fm/adchoices

BitPaymer ransomware is exploiting an Apple zero-day. “Attor” isn’t your ordinary malign faerie: it’s also an espionage platform that’s been carefully deployed against Russian and Eastern European targets. FIN7 upgrades its toolkit. Apple does what the Chinese government asks it to do, blocking a mapping and a news app from users in China. And a look inside the black box, as we visit NSA’s Cybersecurity Directorate. Awais Rashid from Bristol University on the need for real-world experimentation. Guest is Kumar Saurabh from LogicHub on the importance of making breach forensics public. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_11.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

A US Defense Intelligence Agency analyst has been charged with leaking national defense information. Europol releases its 2019 Internet Organized Crime Threat Assessment. NSA Director Nakasone says the Agency’s Cybersecurity Directorate will first focus on protecting the Defense Industrial Base from intellectual property theft. CISA wants subpoena power over ISPs. And US companies are criticised for caving to Beijing's demands. Robert M. Lee from Dragos on regulations vs incentives when securing the electrical grid. Guest is Robb Reck from Ping Identity with results from their CISO Advisory Council’s new research on Securing Customer Identity. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_10.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Twitter says it’s sorry is anything might have inadvertently happened with users’ email addresses and phone numbers, and that it’s taking steps to stop whatever might have happened from happening again. If anything actually happened. Other concerns about privacy surface elsewhere. The US Senate Intelligence Committee issues its report on influence operations in the 2016 elections. Kaspersky ties a sophisticated malware campaign to Turla. Ben Yelin from UMD CHHS on a DARPA-inspired program exploring the possibility of using predictive technology to identify dangerous individuals. Guest is Neill Sciarrone from Trinity Cyber, discussing her career and the importance of attracting women to cyber. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_09.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

An update on Mustang Panda, and its pursuit of the goals outlined in the Thirteenth Five Year Plan. Unpatched Drupal instances are being hit as targets of opportunity. NSA adds its warnings to those of CISA and NCSC concering widely used VPNs: if you use them, patch them. (And change your credentials). Five Senators tell Microsoft, nicely, that Redmond is naive about Huawei. Patch Tuesday is here. And US Presidential campaign websites get privacy grades. Johannes Ullrich from the SANS Technology Institute on server side request forging. Guest is Jadee Hanson from Code42 with the results of their 2019 Global Data Exposure Report. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_08.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Iranian threat group Phosphorus (or Charming Kitten) has been found active against US elections and other targets. A big database of PII on Brazilians is up for auction in the dark web souks. Prince Harry takes a legal whack at Fleet Street. An Atlantic Council session takes a look at electrical infrastructure cyber risk. An Alabama medical system pays the ransom to get its files back. And HildaCrypt’s developers say it was all in fun, and release their own keys. Joe Carrigan from JHU ISI on the wider availability of malicious lightning charging cables. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_07.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers at FireEye recently released a report detailing the activities of APT41, a Chinese cyber threat group notable for the range of tools they use, their origins in the world of video gaming, and their willingness to shift from seemingly state-sponsored activity to hacking for personal gain. Nalani Fraser and Fred Plan contributed to the report, and they join us to share their findings. The original research is here: https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html Learn more about your ad choices. Visit megaphone.fm/adchoices

Project Zero warns that a use-after-free vulnerability in widely used Android devices is being exploited in the wild. Uzbekistan’s National Security Service continues to get stick in the court of public opinion for sloppy opsec. Check Point reports on what appears to be an Egyptian domestic surveillance operation. Palo Alto reports on a newly discovered Chinese state threat actor. A new volley in the Cryptowars. And Vlad gets out the rubber chicken. Guest is Paige Schaffer, CEO of Generali Global Assistance’s Identity and Digital Protection Services Global Unit, on the University of Texas ITAP report. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_04.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Who’s been hacking aerospace firms? Context Security suggests it’s a new Chinese threat actor, “Avivore.” The FBI issues a ransomware alert. The NCSC warns of active exploitation of vulnerable VPNs. The EU issues a sweeping takedown order to Facebook. US Senators ask Facebook about deep fakes. Spearphishing at the Australian National University. FireEye may be for sale. And the SandCat threat group shows poor opsec. Craig Williams from Cisco Talos on maliciously crafted ODT files. Guest is Yoav Leitersdof of YL Ventures with insights on the VC market in Israel. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_03.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Sobinokibi ransomware looks more like the child of GandCrab, and McAfee has some thoughts on how ransomware-as-a-service operates. FakeUpdates are back, and they’re installing ransomware, too. The Adwind RAT is back and infesting a new set of targets: it’s moved on from hospitality and retail and into the oil industry. Maliciously crafted ODT files are appearing in the wild. And a big database about Russian taxpayers has appeared in an unsecured Elasticsearch cluster. Ben Yelin from UMD CHHS on a California town implementing a robot police patrol unit. Guest is Daniel Garrie from Law & Forensics on eDiscovery. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_02.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

The oligarch behind the St. Petersburg troll farm is sanctioned, again. Recorded Future looks at disinformation and finds there’s a functioning private sector market for it. The European Union seems likely to pursue technological sovereignty, at least to the tune of some R&D investment. Ransomware attacks against US state and local governments have been trending up, and that trend is likely to continue. And NSA has its new Cybersecurity Directorate. Joe Carrigan from JHU ISI on Microsoft no longer trusting built-in encryption on hard drives. Carole Theriault speaks with Simon Rodway from Entersekt about Facebook’s Libra and how it may effect traditional banks. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_01.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Rheinmetall and DCC have disclosed sustaining cyber attacks. The US Government is looking at airliner cyber vulnerabilities. SimJacker is real, but recent phones seem unaffected. RCMP data misappropriation case update. German police raid a bulletproof host. Gnosticplayers may be back. And someone is sending phishing snail mail that claims the British Crown needs your help to ease the economic fallout of Brexit--a Bitcoin wallet is helpfully made available. Malek Ben Salem from Accenture labs with an overview of five threat factors influencing the cyber security landscape. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_30.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers at Prevalion have been tracking a malware campaign making use of antiquated file formats and social engineering to target specific groups. Danny Adamitis and Elizabeth Wharton are coauthors of the report, and they join us to share their findings. The research can be found here: https://blog.prevailion.com/2019/09/autumn-aperture-report.html Learn more about your ad choices. Visit megaphone.fm/adchoices

The Airbus supply chain is reported to be under attack, possibly by Chinese industrial espionage operators. Phishing campaigns impersonate Google Cloud services. A new commodity information stealer is on offer in the black market. The vBulletin zero-day was weaponized surprisingly quickly. DoorDash discloses a hack that exposed almost five million persons’ data. And a look at JTF Ares operations against ISIS shows commendable attention to increasing the enemy’s friction. David Dufour from Webroot on the need for a variety of areas of expertise in security. Guest is Caleb Barlow CEO and President of Cynergistek, discussing the security implications of being CEO of a public company. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_27.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

North Korea’s Lazarus Group is active against targets in India. A “suspected Chinese advanced persistent threat group” is exploiting a Windows accessibility feature. Sophos warns of “fleeceware.” US DNI testifies efore the House Intelligence Committee. The TalkTalk hacker and an alleged accomplice are indicted on US charges. What’s involved in receiving compensation in the Yahoo breach settlement. And notes on the Chameleon spam campaign. Jonathan Katz from George Mason University with an overview of salting and hashing. Guest is Greg Martin from JASK on DOJ’s efforts to improve outreach with hackers. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_26.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Tortoiseshell is trolling for military veterans. There’s been a fresh Fancy Bear sighting. The transcript of a conversation between the US and Ukrainian presidents has been released. Citizen Lab warns that Poison Carp is actively working against Tibetan groups. A zero-day afflicting vBulletin forum software is out. GandCrab comes out of retirement. And there’s an odd spam campaign in circulation that looks like phishing but seems not to be. Ben Yelin from UMD CHHS on the White House blocking Congress from auditing its offensive hacking strategy. Guest is Tim Keeler from Remediant looking at lateral movement in the context of the NotPetya attacks. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_25.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

APT10 has been phishing in US utilities. Google wins a big round over the EU’s right to be forgotten. European courts are also considering binding contractual clauses and Privacy Shield, which together have facilitated transatlantic data transfer. Twenty-seven nations agree on “responsible state behavior in cyberspace.” A hawkish take on Huawei’s 5G ambitions. And Edward Snowden’s book is being used as phishbait (not, we hasten to say, by Mr. Snowden). Johannes Ullrich from the SANS Technology Institute on the security issues with local host web servers. Guest is Fleming Shi from Barracuda with research on city/state ransomware attacks. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_24.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

YouTube creators in the “car community” get their accounts hijacked over the weekend. Facebook finds tens of thousands of apps behaving badly with respect to priority--the social network’s announcement has been cooly received in the US Senate. The Gulf region continues to be a field of cyber as well as kinetic competition. Huawei’s CFO is back in court today. And Iowa tries to sort out what it actually hired pentesters to do (and to whom they were supposed to do it.) Joe Carrigan from JHU ISI on smart TV privacy concerns. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_23.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Many users of inexpensive internet routers use guest network functionality to help secure their home networks. Researchers at Ben Gurion University have discovered methods for defeating these security measures. Dr. Yossi Oren joins us to share their findings. The original research is here: https://www.usenix.org/system/files/woot19-paper_ovadia.pdf Learn more about your ad choices. Visit megaphone.fm/adchoices

Twitter details actions against coordinated inauthenticity in Egypt, the United Arab Emirates, Ecuador, Spain, and China. Tension with Iran remain high, but cyber action hasn’t sharply spiked. The Smominru botnet installs malware, including miners, and kicks other malicious code out of infected machines. Panda cryptojackers are careless but effective. Huawei says it’s the victim of a bill of attainder. And notes from CISA’s National Cybersecurity Summit. Malek Ben Salem from Accenture labs on the security aspects of facial recognition systems. Guest is Henry Harrison CTO of Garrison on Hardsec, a new approach to security that came out of the UK. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_20.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

A quick look at CISA’s National Cybersecurity Summit. A big new distributed denial-of-service vector is reported. Medical servers leave patient information exposed to the public Internet. Huawei is suspended from the FIRST group as it argues its case in a US Federal court. And one of the challenges of engaging ISIS online is that it relies so heavily on commercial infrastructure--it’s got to be targeted carefully. Ben Yelin from UMD CHHS on a case of compelled encryption which may be heading to the supreme court. Guest is David Talaga from Talend on how privacy fines have informed customers’ approach to planning around data security compliance. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_19.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

A newly discovered threat actor, “Tortoiseshell,” has been active against targets in the Middle East. The Simjacker vulnerability may not be as widely exploitable as early reports led many to believe. The US Army seems committed to decentralizing cyber operations along long-familiar artillery lines. Joint Task Force Ares continues to keep an eye on ISIS. Canada seeks to reassure allies over the Orts affair. And the Justice Department wants any royalties Mr. Snowden’s book might earn. Daniel Prince from Lancaster University on cyber security as a force multiplier. Guest is Brian Roddy from Cisco on securing the multi-cloud. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_18.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

More notes on the RCMP espionage scandal. The CSE’s preliminary assessment sounds serious indeed, and Canadian intelligence services are trying to identify and contain the damage Cameron Ortis is alleged to have done. And the other Four Eyes are doing so as well. Australia considered that a hacking incident early this spring may have been a Chinese effort to compromise election systems. ISIS is back online. And Mr. Snowden wouldn’t mind asylum in France. David Dufour from Webroot with thoughts on backups. Carole Theriault interviews ethical hacker Zoe Rose, who shares insights on entering the industry. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_17.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Spy versus spy, in America, Canada, and Australia, with special guest stars from the Russian and Chinese services. The US Treasury Department issues more sanctions against North Korea’s Reconnaissance General Bureau, better known as the Lazarus Group or Hidden Cobra. Russian election influence goes local (and domestic). Password manager security problems. And why does your flashlight want to know so much about you? Justin Harvey from Accenture with insights on HTTPS and phishing. Learn more about your ad choices. Visit megaphone.fm/adchoices

A team of researchers have published a report titled, "KNOB Attack. Key Negotiation of Bluetooth Attack: Breaking Bluetooth Security." The report outlines vulnerabilities in the Bluetooth standard, along with mitigations to prevent them. Daniele Antonioli is from Singapore University of Technology and Design, and is one of the researchers studying KNOB. He joins us to share their findings. The research can be found here: https://knobattack.com Learn more about your ad choices. Visit megaphone.fm/adchoices

The Ukrainian electrical grid hack seems, on further review, to have been designed to do far more damage than it actually accomplished. InnfiRAT is scouting for access to cryptocurrency wallets. A sophisticated threat actor is using Simjacker for surveillance on phones in the Middle East. The SINET 16 have been announced. A penetration test goes bad due to a misunderstanding of scope, and Baltimore decides, hey, it might be a good idea to back up files. Johannes Ullrich from the SANS Technology Institute on web spam systems. Guest is Rosa Smothers from KnowBe4 discussing her career journey and the importance of diversity in tech. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_13.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

DC StingRays alleged to be Israeli devices. North Korea is slipping malware past defenses by putting it into old, obscure file formats. Ryuk ransomware gets some spyware functionality. Google has purged Joker-infested apps from the Play store. The US Defense Department explains its “multifaceted” approach to cyber deterrence. The FBI warns that business email compromise is on the upswing, and offers some advice on staying safe. Awais Rashid from Bristol University with warnings on accepting default settings on mobile devices. Guest is Bill Conner from SonicWall on side channel attacks. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_12.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Cobalt Dickens is back, and phishing in universities’ ponds. UNICEF scores a security own-goal. Patch Tuesday notes. A look at US election security offers bad news, but with some hope for improvement. The US extends its state of national emergency with respect to foreign meddling in elections. And an international police sweep draws in 281 alleged BEC scammers. Ben Yelin from UMD CHHS on the privacy implications of geofencing. Guest is Drew Kilbourne from Synopsys with result of their report, The State of Software Security in the Financial Services Industry. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_11.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

John Bolton is out as US National Security Advisor. A new backdoor is attributed to Stealth Falcon. Wikipedia’s DDoS attack remains under investigation. So does a business email compromise at Toyota Boshoku and a raid on the Oklahoma Law Enforcement Retirement Services. Vulnerable web radios get patches. The US is said to have exfiltrated a HUMINT asset from Russia in 2017. Microsoft patches 79 vulnerabilities, 17 of them rated critical. Michael Sechrist from Booz Allen Hamilton on the spillover of geopolitical issues into cyber security. Guest is Ashish Gupta from Bugcrowd on the economics of hacking and the adoption of ethical hacking. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_010.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

A big BEC extracts more than $37 million from a major automotive parts supplier. Wikipedia suffers a DDoS attack in Europe and the Middle East. NERC and FERC get to work. Thrip may really be Billbug, and that’s attribution, not etymology. Was US Cyber Command trolling North Korea on the DPRK’s national day? And what does the Department of Motor Vehicles do with all the data they collect on drivers? In some US states, it seems, they sell it to private eyes. Joe Carrigan from JHU ISI on a GMail update for iOS which enables the blocking of tracking pixels. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_09.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices