CyberWire Daily

In today’s podcast, we hear that a terror attack against two New Zealand mosques is announced on Twitter and live-streamed on Facebook. A new, unobtrusive JavaScript sniffer infests some e-commerce sites in the UK and the US. Cryptojacking finds its way into the cloud. A look at the consequences of regulation, both good and bad. How CISOs will have to grapple with the increasingly pervasive Internet-of-things. And China’s National People’s Congress makes a gesture toward respecting IP, but the world remains skeptical. Craig Williams from Cisco Talos with an update of crypto miners. Guest is Nirmal John, author of the book, “Breach: Remarkable Stories of Espionage and Data Theft and the Fight to Keep Secrets Safe.” For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_15.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that Indonesia says it’s got its voting security under control, and a lot of the problems sound like good old familiar fraud and dirty campaigning. Trustwave warns of a watering hole on a Pakistani government site. Recorded Future goes RAT hunting. Proofpoint offers a look at “intelligent brute-forcing.” Kaspersky reports on two espionage APTs exploiting a just-patched Microsoft zero-day. Flashpoint describes an unusual point-of-sale attack, and Check Point find Trojanized Android apps. Germany’s BND warns against Huawei. Robert M. Lee from Dragos with thoughts on the Venezuelan power outages. Guest is Jeremy Tillman from Ghostery on the California Consumer Privacy Act. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_14.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that election interference concerns persist around the world. Governments seek to address them with a mix of threat intelligence and attention to security basics. A US Navy report says the Fleet’s supply chain is well on the way to being pwned by Chinese intelligence. Undersea cables are a center of Sino-US competition. The European Parliament warns about the Chinese threat to 5G infrastructure. More calls to rein in Big Tech. And the UN looks at North Korea and sees massive cyber crime. Emily Wilson from Terbium Labs with a look back at the Equifax breach. Guest is Dr. Wenliang (Kevin) Du from Syracuse University on his SEED labs and the importance of hands-on training in cyber security. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_13.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear an update on Venezuela and its power outages. Amplification of social media posts as a form of mass persuasion. A look at how control of the Internet has replaced control of the radio station as a move in civil war and coup or counter-coup planning. Asian game makers get backdoored out of China. Decryptors are out for BigBobRoss ransomware. Senator Warren versus Facebook, and Facebook versus itself. And Sir Tim Berners-Lee on the Web’s 30th birthday. Joe Carrigan from JHU ISI with an early look at NSA’s Ghidra reverse engineering tool. Guest is Dr. Phyllis Schneck from Promontory Financial Group (an IBM company) on regulation in cyber security, a preview of her talk at the upcoming JHU Annual Cybersecurity Conference for Executives. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_12.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Venezuela sustains power outages, and the regime blames hackers and wreckers. The opposition says it’s all due to the regime’s corruption, incompetence, and neglect. Citrix loses business documents in what might have been an Iranian espionage operation. Huawei’s suit against the US gets some official cheering from Beijing. The US warns against Chinese information operations. And Russian troll farmers turn to amplification. Daniel Prince from Lancaster University on the importance of Cyber Design. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_11.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Vitali Kremez is a Director of Research at Flashpoint. His team discovered that the recently disclosed intrusion suffered in December 2018 by Chilean interbank network Redbanc involved PowerRatankba, a malware toolkit with ties to North Korea-linked group Lazarus. The intrusion represents the latest known example of Lazarus-affiliated tools being deployed within financially motivated activity targeted toward financial institutions in Latin America. The original research can be found here: https://www.flashpoint-intel.com/blog/disclosure-chilean-redbanc-intrusion-lazarus-ties/ Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that Chinese information operations on US social media are widespread. The Egyptian government launches spear phishing attacks against activists. Hundreds of millions of email records were found online. Chelsea Manning is back in jail. The US is retaliating for Chinese cyberespionage. And Facebook wants to change its image. Ben Yelin from UMD CHHS on a PA supreme court ruling on protection of employee’s personal information. Guest is Scott Shackelford from Indiana University on the Paris call for trust and security. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_08.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

The scope of Iran-linked APT33 cyberattacks has been revealed. GandCrab criminals are using more sophisticated tactics. A new type of malware was using Slack to communicate. Chrome gets an important update. Huawei sues the US, and Germany sets tougher security rules for telecom companies. And people who invest in cryptocurrency often don't know what they're getting into. David Dufour from Webroot with his thoughts on RSA Conference. Guest is Asaf Cidon from Barracuda Networks on account takeover vulnerabilities. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_07.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that Australia's former prime minister warns Britain about Chinese tech companies. Symantec says Whitefly was behind SingHealth's massive data breach. Iranian hackers show code overlap. Intel CPUs are vulnerable to another speculative execution flaw. The NSA hasn't been using its domestic phone surveillance program lately. Sharing code presents dangers. And Google will ban political ads in Canada. Justin Harvey from Accenture with results from their Costs of Crime report, as well as observations from RSAC. Guest is Gerald Beuchelt from LogMeIn with info from their latest password survey. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_06.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that India went on the offensive when its government websites were attacked by hackers from Pakistan. Rob Joyce, Senior Advisor for Cybersecurity Strategy to the Director of the US National Security Agency, discusses trends in cyber conflict. A Chinese cyberespionage group hacks for maritime technologies. Facebook lets people look you up by your two-factor authentication phone number. And Google researchers disclose a vulnerability in macOS. CyberWire Editor John Petrik with results from the RSA Conference Innovation Sandbox. Guest Balaji Parimi from CloudKnox weighs the pros and cons of various authorization schemes. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_05.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that Operation Sharpshooter is linked to North Korea. Canada begins the extradition process for Meng Wanzhou. Huawei is planning to sue the US for banning its equipment from government use. Facebook may have used questionable tactics to lobby against stricter data protection laws. Thailand passes a controversial cybersecurity law. And IBM interns discover a host of vulnerabilities in visitor management systems. Joe Carrigan from JHU ISI with details on a Ring Doorbell vulnerability. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_04.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers at Zscaler have been tracking a variety fake versions of the popular Fortnite game on the Google Play store, along with associated scams. Deepen Desai is head of security research at Zscaler, and he joins us to share their findings. The original research can be found here: https://www.zscaler.com/blogs/research/fake-fortnite-apps-scamming-and-spying-android-gamers Learn more about your ad choices. Visit megaphone.fm/adchoices

Qbot infections are spreading. The bounty-hunting gig economy apparently has its first millionaire. Observers are liking what they see in US Cyber Command’s “persistent engagement.” Canada mulls the extradition of Huawei’s CFO to the US. The US continues to call Huawei a security risk, and Huawei has some things to say back. The Momo Challenge is a viral online craze, but not the way you may have heard. Awais Rashid from Bristol University with thoughts on edge computing. Guest is Dr. Dena Haritos Tsamitis from Carnegie Mellon University on improving the culture of infosec, as well as her thoughts on the upcoming RSA conference. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_01.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast we hear that a misconfigured Amazon Web Services database has exposed a risk screening database--and it seems the exposure itself was an instance of third-party risk. Farewell to Coinhive, long a favorite of cryptominers everywhere. Intel pulls back from a 5G project with a Chinese partner. A quick look at Bronze Union, and what the threat actor’s up to. Facebook will soon help you clear your data. And if you have a lawful intercept tool you no longer need, please don’t sell it on eBay. Malek Ben Salem from Accenture Labs on the commoditization of malware. Guest is Michelle Dennedy from Cisco with results from their most recent Data Privacy Benchmark Study. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_28.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that Nokia routers have been found vulnerable to man-in-the-middle and denial-of-service attacks. As one would expect, the US and North Korean summit in Hanoi this week summons up some hacking. Ukraine accuses Russia of DDoS attacks in the service of election disruption. US Cyber Command played some chin music for St. Petersburg during US midterm elections. And if you’re going to hack into an embassy, wouldn’t you want to do more than install a cryptojacker? David Dufour from Webroot with insights on their pending purchase by Carbonite. Guest is Randy Vanderhoof from the Secure Technology Alliance on managing identity and fraud in the payment space. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_27.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear updates on suspicions of Chinese operators. Some trend reports from IBM and NETSCOUT. Bare-metal cloud services get reflashed. USB-C ports may be more vulnerable than thought to direct memory access attacks. Credential-stuffing attacks hit users of online tax-preparation services. And that missile attack on Tampa was not a drill—in fact, it never happened at all—and congratulations to the citizens of Florida for recognizing a hack and a hoax when they see one. Justin Harvey from Accenture on the types of vulnerabilities adversaries target. Guest is Guarav Tuli from F-Prime Capital on the current venture capital environment for cyber. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_26.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that ICANN has warned of a DNS hijacking wave, and is urging widespread DNSSEC adoption. Security firms see Iran as a particularly active DNS hijacker. A B0r0nt0k ransomware outbreak infests Linux servers, but Windows users might be at risk as well. A request for whitelisting in the Firefox certificate store arouses controversy. Technology Review raises questions about blockchain security. Bots keep people from getting consular appointments, and people don’t like it. And telling minotaurs from unicorns. Rick Howard from Palo Alto Networks with tips on moving data to the cloud. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_25.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers at security firm Cylance have been tracking a threat group targeting the Rosneft Russian oil company. As Cylance uncovered details, suspicions shifted from state-sponsored espionage to business email compromise. Kevin Livelli is director of threat intelligence at Cylance, and he joins us to share what they found. The original research can be found here: https://threatvector.cylance.com/en_us/home/poking-the-bear-three-year-campaign-targets-russian-critical-infrastructure.html Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that Kiev says it’s found complex, large-scale Russian influence operations in Ukraine’s presidential election. Australian investigators are said to be closer to concluding that recent hacking attempts were the work of Chinese intelligence services. There’s also plenty of ordinary crime to go around. Huawei continues its charm and affordability offensive. User comments drive advertisers away from YouTube. DrainerBot sucks power from phones. And Russia outlaws soldier-selfies. Ben Yelin from UMD CHHS about a lawsuit involving a man refusing to unlock his phone at the U.S. border. Guest is Linda Burger from NSA with information on their Technology Transfer Program. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_22.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast we hear about a test of influencing soldiers through their social media: Instagram works best, Twitter not so much. Separ credential-stealing malware successfully lives off the land. NoRelationship attacks get past some email filters. Spamming users to get your point across may not be the best form of disclosure. University researchers find a man-in-the-room bug. Other researchers think they could capsize a ship. Britain’s NCSC continues its dance with Huawei. Password managers remain a good idea. Emily Wilson from Terbium Labs discussing law enforcement on the dark web. UK correspondent Carole Theriault returns with the story of surveillance and facial recognition in London. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_21.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that Microsoft has disclosed a Fancy Bear sighting, snuffling around Atlanticist think tanks in Europe. Ukraine says, in effect, see, we told you so. Speaking of bears, it seems that North Korea’s Hidden Cobra may be striking at the biggest bear of them all, going after Russian targets. There’s new decryptor available for GandCrab ransomware. Citizen Lab and NSO Group’s new partial owner exchange notes. A look at a ransomware help desk. Mike Benjamin from CenturyLink with an update on the Necurs botnet. Guest is Tommy McDowell from the R-CISC (the retail ISAC) on the importance of sharing threat data. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear of a small flare in cyber conflict between India and Pakistan. Australian political parties as well as Parliament subjected to attempted cyberattacks. A new strain of malware is being distributed through messaging apps. Microsoft pulls cryptojacking Windows 10 apps from its store. Britain’s NCSC is rumored to have concluded that it can mitigate Huawei risks. Facebook gets a harsh report from Westminster. And a hacker claims a higher motive for his breach (but still wants Bitcoin). Joe Carrigan from JHU ISI on Apple requiring two-factor authentication for developers. Guest is Igal Gofman from XM Cyber on network compromise through email. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_18.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers at Symantec have been tracking Seedworm, a cyber espionage group targeting the Middle East as well as Europe and North America. The threat group targets government agencies, oil & gas facilities, NGOs, telecoms and IT firms. Al Cooley is director of product management at Symantec, and he joins us to share their findings. The original research can be found here: https://www.symantec.com/blogs/threat-intelligence/seedworm-espionage-group Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that GandCrab has been scuttling through unpatched holes. Independent testing as an alternative to banning specific vendors as security risks. Big Tech gets some Congressional scrutiny over content moderation. Facebook takes down inauthentic accounts working to influence the Moldovan elections. The Federal Trade Commission is rumored to be queuing up a record privacy fine. Defending forward from disillusioned Bears. And happy birthday, GCHQ. Craig Williams from Cisco Talos on router vulnerabilities. Guest is Amanda Berlin, founder of Mental Health Hackers on her efforts to address mental health issues in infosec. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_15.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast we hear that US prosecutors have unsealed the indictment of a former US Air Force counterintelligence specialist on charges she conspired to commit espionage on behalf of Iran. The US Treasury Department announces further sanctions on Iranian individuals and one organization named in that indictment. Two alleged members of Apophis Squad are indicted. Whatever became of the all the data stolen from Equifax? That information’s apparently not for sale on the dark web. Malek Ben Salem from Accenture Labs on reducing the attack surface of containers. Guest is Kevin McNamee from Nokia with results from their recent threat intelligence report. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_14.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that China has denied involvement in the Australian Parliament hack. Patch Tuesday notes. A new strain of Shlayer malware is out. A look at GreyEnergy. Reactions to the destructive VFEmail attack. And thoughts on St. Valentine’s Day, with advice, admonition, and an excursus on credential-stuffing and holiday doughnuts. Dr. Charles Clancy from VA Tech’s Hume Center on the Pentagon’s use of AI for RF spectrum management. Guest is Matt Cauthorn from ExtraHop on malicious Chrome extensions. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_13.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that VFEmail has sustained a devastating, data-destroying attack. The EU considers whether it should, can, or will make a coordinated response to China’s APT10. A US Executive Order outlines a strategy to maintain superiority in artificial intelligence. Norway warns, again, of the risk of GPS jamming. US Army Stryker vehicles were hacked during testing last year. And some Marines are getting ahead of themselves, downloading close air support control apps to personal tablets. Johannes Ullrich from SANS and the ISC Stormcast podcast on using hardware flaws for network access. Guest is Shane Harris from the Washington Post with an update on the Paul Whelan case in Russia. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_12.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that clipper malware has been ejected from Google Play. A different cryptojacker is kicking its competitors out of infected machines. Australian authorities continue to investigate the attempted hack of Parliament, with Chinese intelligence services as the prime suspects. How do you solve a problem like Huawei? Russia prepares to test its ability to disconnect from the Internet in the event of war. Prosecutors investigate alleged blackmail by below-the-belt selfie. Ben Yelin from UMD CHHS on politicians blocking citizens on social media. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_11.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

The team at Palo Alto Networks' Unit 42 recently published research tracking trends in how organizations are addressing cloud security, along with tips for improvement. Ryan Olson is VP of threat intelligence at Palo Alto Networks, and he joins us to share their findings. The original research can be found here: https://unit42.paloaltonetworks.com/unit-42-cloud-security-trends-tips/ Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that Australia is investigating an attempted hack of its Federal Parliament. The US Department of Homeland Security warns that spies are working through third parties to get to their targets. Spyware is bundled in a legitimate privacy app. Credit unions get spearphished. Mr. Bezos says, “No thanks, Mr. Pecker.” Apple will pay a FaceTime bug bounty. Microsoft says don’t use IE as a browser. And what they found in that seal scat. Justin Harvey from Accenture on credential stuffing. Guest is Sandi Roddy from Johns Hopkins APL on secure key management. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_08.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear about social engineering, with a few new twists. Some airlines may be exposing passenger data with insecure check-in links. APT10 may be lying low, for now, but the US Department of Homeland Security expects the cyber spies to be back. A researcher finds a macOS Keychain bug, but would rather not tell Apple about it. Governments in Europe and North America continue to assess risks associated with Huawei and ZTE. And a Trojan hides in The Sims 4. Awais Rashid from Bristol University with thoughts on the challenges of securing smart phones. Carole Theriault explores recent concerns over popular video app VLC Player security issues with Sophos’ Paul Ducklin. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_07.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that Chinese threat group APT10 seems to have been busy lately, and up to its familiar industrial espionage. More governments express skepticism about Chinese manufacturers. The US report on election security is out: influence ops were found to have had no material effect on the midterms. Lithuania worries about Russian election meddling. A reverse RDP attack risk is reported. An industrial IoT remote code flaw. And congratulations to the finalists in RSA’s Innovation Sandbox. Emily Wilson from Terbium Labs on biometrics for sale on the dark web. Guest is Katie Nickels from MITRE on the ATT&CK knowledge base. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_06.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that ExileRAT is targeting Tibet’s government-in-exile. The SpeakUp backdoor afflicts many varieties of Linux systems. Facebook bans ethnic militias in Myanmar from its platform. Norway’s PST intelligence service says that Huawei constitutes a security risk, and China says that’s nonsense. Someone seems to be hacking contact lists belonging to UK Members of Parliament. Bangladesh Bank is suing to recover the $81 million missing from its 2016 SWIFT heist. Joe Carrigan from JHU ISI on Facebook’s password flexibility on mobile devices. Guest is Josef Williamson from EclecticIQ on cyber espionage and nation state threats. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_05.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that Collection#1 looks like the work of an aggregator who goes by the name of “C0rpz.” OceanLotus is working with a new downloader. CookieMiner malware is poking around in Macs. Huawei continues to receive harsh security scrutiny internationally even as it seeks to position itself as a 5G leader. Russian influencers begin to attend to Venezuela. And if someone says they’ve got video of you looking at things you shouldn’t, they probably don’t. Rick Howard from Palo Alto Networks on Australia’s controversial encryption legislation. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_04.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers at Trend Micro recently published their look inside online underground marketplaces in the Middle East and North Africa, where criminals are buying and selling malware, laundering money and event booking their next discount vacation. Jon Clay is director of global threat communications at Trend Micro, and he joins us with their findings. The original research can be found here: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/cash-and-communication-new-trends-in-the-middle-east-and-north-africa-underground Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that Apple has let Facebook and Google out of time-out. Russia decides it would like access to Apple data because, you know, its Russian law. Social networks take down large numbers of inauthentic accounts. Fancy Bear is snuffling around Washington again, already, with some spoofed think-tank sites. Shape shifting campaign afflicts ads. China sees CoAPP DDoS attacks. An Aadhaar breach hits an Indian state as the SBI bank recovers from a data exposure incident. Johannes Ullrich from SANS and the ISC Stormcast Podcast on the effectiveness of blocklists. Guest is Daniel Faggella from Emerj Artificial Intelligence Research on the future of AI and security. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_01.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that Collections #2 through #5 have joined Collection #1 in hacker fora. Google is found to be collecting data from devices in much the same way its advertising peer Facebook was. Russian trolls seek to discredit the Special Counsel’s investigation of influence ops. New York State opens an investigation into Apple’s response to the FaceTIme bug. The US Department of Justice aims to disrupt a North Korean botnet. And a rundown of some current online scams. Mike Benjamin from Century Link with information on TheMoon botnet and how it targets websites. Guest is Lewie Dunsworth, CISO & Executive Vice President of Technical Operations at Herjavec Group on projected increases in ransomware aimed at hospitals. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_31.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s CyberWire, we hear that US Intelligence Community leaders testify that the major cyber threat comes from Russia, China, North Korea, and Iran. Iran’s APT39 takes an interest in PII. A UAE surveillance program is revealed. Hackers scanning for unpatched Cisco routers. What Huawei faces, in addition to fines. The FaceTime bug and responsible disclosure. Facebook was paying people to pwn their phones. Scam artists exploit a small disabled girl. And the Government shutdown’s mixed effect on cybersecurity. Craig Williams from Cisco Talos on Pylocky, a ransomware strain they’ve been tracking. Guest is Mark Orlando from Raytheon on safeguarding online information. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_30.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In the final episode of our four-part series, called “Ground Truth or Consequences: the challenges and opportunities of regulation in cyberspace,” we examine some of the game changing high profile breaches like Yahoo, Equifax and OPM, along with their impacts and lessons learned. Our guest is Dr. Christopher Pierson, CEO and founder of BlackCloak. Later in the program we'll hear from Jason Hart, CTO for enterprise and cybersecurity at Gemalto. They're the sponsors of this show. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that a FaceTime bug lets you listen to someone’s phone before they’ve even picked up. FormBook malware’s surge is abetted by a new hosting service. Compromised server market xDedic has been taken down. Europol is looking for Webstressor users. Huawei faces new US criminal charges. Kim’s ambitious economic plan may augur ambitious North Korean hacking. EU foretells a surge in Iranian cyberattacks. Waiting for information operations around the Venezuelan crisis. Joe Carrigan from JHU ISI on legacy Twitter location data privacy issues. Guest is Jamil Jaffer from IronNet Cybersecurity with highlights from his recent Capital Hill briefing, “Nation-State Threats, Collective Defense, and Strategic Deterrence in Cyberspace: (How) Can We Get Better Fast?” For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_29.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear about some Spy vs. Spy at Citizen Lab, but who the spies were working for isn’t clear. Ukraine’s cyber police accuse Russia of phishing for election influence. As Fortuna’s wheel turns, Russian bigwigs get doxed by transparency hacktivists. Great power tension over Venezuela bears watching in cyberspace. Alleged swatters indicted and arrested. Happy National Privacy Day. Emily Wilson from Terbium Labs on “fullz” records of children being sold on the dark web. Guest is Sean Lyngaas from CyberScoop with his insights on the DNS hijacking threat. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_28.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers from Duo Security have been analyzing the behavior of Twitter bots in a series of posts on their web site. Their most recent dive into the subject explores amplification bots, which boost the impact of tweets through likes and retweets. Jordan Wright is a principal R&D engineer at Duo Security, and he joins us to share their findings. Link to the original research - https://duo.com/labs/research/anatomy-of-twitter-bots-amplification-bots Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that two potential cyberattacks now look like glitches. Gray Energy and Zebrocy look as if they’re close enough to be, if not the same threat actor, at least first cousins. The US Army pushes significant cyber capability to a tactical level. Venezuela’s crisis may provide the next occasion for Russian information operations. How Bellingcat exposes info operations. Special Counsel Mueller secures the indictment and arrest of Roger Stone. And leave the Nest alone. Dr. Charles Clancy from the Hume Center at VA Tech on confusing marketing claims from AT&T with regard to 5G cellular technology. Guest is P. W. Singer, author of the book LikeWar, the Weaponization of Social Media. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_25.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that the US House would like some more information from DHS about what prompted its emergency directive about DNS hijacking. More skepticism about Huawei from various governments. A British think tank has been hacked—observers think Russia’s GRU is good for it, but Russia says no, hey, it was Anonymous, and they did a good job. Exposed database leaves financial information out for the taking. Creeps take over a family’s Nest. Ben Yelin from UMD CHHS with a 4th amendment personal privacy case out of Alaska. Guest is Kathleen Smith from CybersecJobs.com and ClearedJobs.net on the career benefits of volunteering. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_24.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that Emergency Directive 19-01 has told US Federal civilian agencies to take steps to stop an ongoing DNS-hijacking campaign. The US National Intelligence Strategy is out, and it prominently features cyber as a “topical mission objective.” France says that war has begun in cyberspace, and that the enemy should be en garde. British barristers scramble to restore secure email. A metals firm sustains an attack on business systems. And some clown cuts Australian telecoms cables. Justin Harvey from Accenture on blocking incoming threats. Guest is Tom Huckle from Crucial on closing the skills gap. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_23.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that the WordPress Multilingual Plugin was compromised by a disgruntled ex-employee. Stealthy DDoS might escape notice. Anubis droppers wait for the phone to move before executing. EU works against influence in its May elections. France fines Google for lack of transparency under GDPR. Facebook may face FTC action. And more emerges on the curious case of the American/Canadian/Irish/British citizen arrested in Moscow for spying. Johannes Ullrich from SANS and the ISC Stormcast podcast on gift card scams. Carole Theriault speaks with guest Maria Varmazis about Fortnite vulnerabilities. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_22.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers from Netscout's ASERT team have been making use of honeypots to gather information on rapidly evolving IoT botnets that take advantage of default usernames and passwords to gain access and take control of unprotected devices. Matt Bing is a security research analyst with Netscout, and he guides us through their findings. The original research can be found here: https://asert.arbornetworks.com/dipping-into-the-honeypot/ Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast we hear that Collection #1 is big but not the end-of-the-world. Still, be on the lookout for credential stuffing attacks. Rocke cryptojacker can disable some cloud security services. Beware of Telegram bots. Facebook shuts down a few hundred inauthentic Russian pages, and Sputnik shows up as either a free-speech paladin or another troll farm—take your pick. Epic Games closes a vulnerability that exposed data of Fortnite players. Malek Ben Salem from Accenture Labs on power grid vulnerabilities to botnets. Guest is former U.S. Secretary of Homeland Security Michael Chertoff discussing his book Exploding Data. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_18.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that South Korea’s Defense Ministry has disclosed a cyber espionage incident. Fancy Bear sticks to its old tricks with Lojax. The US Justice Department is rumored not to be done with Huawei—this time an IP theft beef is believed to be coming. A big database exposure case in Oklahoma. And an update on yesterday's bogus Washington Post edition: it was a prank by the Yes Men. Mike Benjamin from Century Link with an update on the Mylobot botnet. Guest is Angie White from Iovation on PSD2, the payment services directive update. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_17.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that the SEC and the Department of Justice are going after EDGAR hackers for securities fraud. Flashpoint sees the Lazarus Group in an attack on Chile’s Redbanc. Recorded Future shares notes on Iran’s Ashiyane Forum. Crytpomix ransomware is being distributed by fraudulent charitable appeals. Organized gangs are using Fortnite in-game currency for money laundering. A slickly done bogus edition of the Washington Post was being handed out in DC this morning. Ben Yelin from UMD CHHS on a recent ruling regarding 5th amendment protections for biometrics. Guest is Kevin O’Brien from GreatHorn on techniques to improve email security. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_16.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices