CyberWire Daily

In today’s podcast, we hear that Huawei has fired the sales manager arrested for espionage in Poland, and says that if he was spying, he was freelancing. Ryuk ransomware now looks more like a criminal than a state-sponsored operation. And its “big-game hunting” has pulled in almost four million dollars since August. Access control system zero-days found. And a lawsuit is likely to set some precedents concerning what counts as cyberwar. Joe Carrigan from JHU ISI on updated NIST password guidelines. Guest is Vijaya Kaza from Lookout on the shifting role of privacy in infosec. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_14.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers at RiskIQ have been tracking a series of web-based credit card skimmers known as Magecart. We take a closer look at attacks on Ticketmaster, British Airways, NewEgg and Shopper Approved payment card pages. Yonathan Klijnsma is lead of threat research at RiskIQ, and he guides us through what they've learned. Links to RiskIQ research: https://www.riskiq.com/blog/labs/magecart-ticketmaster-breach/ https://www.riskiq.com/blog/labs/magecart-british-airways-breach/ https://www.riskiq.com/blog/labs/magecart-newegg/ https://www.riskiq.com/blog/labs/magecart-shopper-approved/ Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that FireEye has called out Iran “with moderate confidence” for a long-running DNS-hijacking campaign. Smart doorbells may not be smart enough for their users’ comfort, if reports of video sharing are to be credited. Crooks are finding Fuze cards as handy as good-guy consumers do. Poland makes two arrests in an espionage case linked to Huawei. And the Russian media are happy to offer sympathy to NSA for some alleged security lapses at Fort Meade. Craig Williams from Cisco Talos with details on Persian Stalker targeting secure messaging apps. Guest is Rajiv Dholakia from Nok Nok Labs on the security pros and cons of biometrics. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_11.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that Proofpoint researchers are tracking the latest developments from the unusually diligent cyber criminals fo TA505. ISIS turns to newer, less closely monitored and moderated apps as it’s pushed out of larger social networks. Reddit asks users to reset their passwords, and to make them good ones. Google seems to have made strides against expansive interpretation of the EU’s right to be forgotten. And the curious tweets of @HAL999999999. Jonathan Katz from UMD on updated WiFi security. Guest is Ameesh Divatia from Baffle on the growing frustration with how companies handle our private information. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_10.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that ICEPick-3PC is out in the wild and scooping up Android IP addresses. Shin Bet warns of influence operations threatening Israel’s April election—much predictable yelling and finger-pointing ensues. German authorities are pretty convinced Hackerangriff is the work of a lone, disgruntled student. OXO may have suffered a Magecart infestation. Dark Overlord’s labor market play. Facebook sharing. Internet autarky. And did Kaspersky finger an NSA contractor to NSA for mishandling secrets? Dr. Charles Clancy from VA Tech on security gaps in the 5G specification. Guest is Denis Cosgrove from Booz Allen Hamilton on the growing connectivity and autonomy in motor vehicles. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_09.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, an arrest has been made in #hackerangriff: a student in the German state of Hessen. The US begins a campaign to heighten businesses’ awareness of cyber espionage. Observers see a coming “cyber cold war,” with China on one side and a large number of other countries on the other. Facebook is following a widening investigation into the use of inauthentic accounts, ads, and sites in recent US elections. WikiLeaks’ lawyers tell news media to stop defaming the organization and its founder. Emily Wilson from Terbium Labs on the nine lives of a credit card. Guest is Robb Reck from Ping Identity on NIST password guidance. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2019_01_08.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that investigation into the doxing campaign German political leaders suffered continues, and the Interior Minister promises a transparent inquiry. Attribution remains unsettled, but a lot of people are looking toward Russia. Marriott thinks fewer guests were affected by its Starwood breach than initially feared. Online gamers affected by breaches. The Dark Overlord continues to make a pest of itself. And can alt-coin production become less of an energy hog? Awais Rashid from Bristol University on securing large-scale infrastructure. Guests are Karen Waltermire and Harry Perper from NIST, discussing the NIST National Cybersecurity Center of Excellence (NCCoE). For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2019_01_07.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers from Unit 42 at Palo Alto Networks have discovered an interesting relationship between the NOKKI and DOGCALL malware families, as well as a new RAT being used to deploy the malware. Jen Miller-Osborn is Deputy Director of Threat Intelligence with Unit 42, and she joins us to share their findings. The original research can be found here: https://unit42.paloaltonetworks.com/unit42-nokki-almost-ties-the-knot-with-dogcall-reaper-group-uses-new-malware-to-deploy-rat/ Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that German politicians, celebrities, and journalists have been doxed by parties unknown. ESET describes the workings of Lojax malware. Google ejects spyware-infested apps from the Play Store. ISIS returns online to inspire, via some hijacked dormant Twitter accounts. Updates on the arrest of a dual US-UK citizen on spying charges in Moscow. And some PewDiePie followers sort of say they’re sorry for hacking Chromecasts. Sort of. Justin Harvey from Accenture with his outlook toward 2019. Guest is Ken Modeste from UL (Underwriters Laboratories) on their evolution as a safety certification organization. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2019_01_04.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that prize for first big breach of 2019 goes to Australia, but the year is young. Ryuk “artisanal” malware implicated in newspaper print-plant hacks. reCAPTCHA gets captchu’d, again. The Dark Overlord teases some pretty dull stuff, a step ahead of the law and Pastebin content moderators. PewDiePie followers continue to pester Internet users. And there’s a new play about Reality Winner, the alleged NSA leaker. Johannes Ullrich from SANS and the ISC Stormcast podcast on cold boot attacks on laptops. Guest is Sarah Squire from Ping Identity with results from a survey on consumer response to breaches. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2019_01_03.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that US newspapers sustained a major cyberattack—possibly ransomware—over the weekend that disrupted printing. The attack is said to have originated overseas, but attribution so far is preliminary, murky, and circumstantial. Home security video system is found to have hard-coded credentials. Changes in US Defense leadership. An American is arrested in Mosow on espionage charges. And alleged NSA leaker Hal Martin wins one and loses two in court. Ben Yelin from UMD CHHS on whether remotely wiping a mobile device could be considered destruction of evidence. Guest is Steve Durbin from the ISF on using a human-centered approach to building security teams. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2019_01_02.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers at Duo Security have been looking into Apple's Device Enrollment Program (DEM) and have discovered vulnerabilities that could expose users of the service to potential issues from social engineering and rogue devices. James Barclay is Senior R&D Engineer at Duo Security, and he joins us to share what they've found. The original research can be found here: https://duo.com/blog/weak-apple-dep-authentication-leaves-enterprises-vulnerable-to-social-engineering-attacks-and-rogue-devices Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that the Five Eyes have had quite enough of Stone Panda’s Cloudhopping, thank you very much, and they want Beijing to put a stop to it. Beijing says it’s all slander, and that the Yankees are probably just as bad. Blind turns out not to be as blind as its users thought. Reputation jacking comes to business email compromise. Alexa complies with GDPR, but goes a little overboard. And no, a hitman has not been hired to get you, no matter what that email says. Joe Carrigan from JHU ISI on hackers bypassing GMail two-factor authentication. Guest is Brian McCullough, host of the TechMeme Ride Home podcast and author of the book How the Internet Happened. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_21.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In the third episode of our four-part series, called “Ground Truth or Consequences: the challenges and opportunities of regulation in cyberspace,” we take at risk and regulation in the financial sector, specifically how it intersects with cyber security. How do organizations operate in a heavily regulated global financial environment, while protecting their employees, their customers, and the integrity of a system largely built on trust? Joining us are Valerie Abend from Accenture and Josh Magri from the Bank Policy Institute. Later in the program we'll hear from Jason Hart, CTO for enterprise and cybersecurity at Gemalto. They're the sponsors of this show. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that the US has indicted two hackers working for China’s Ministry of State Security. US and allies are said to be planning a joint response to China’s industrial espionage. Twitter sees suspicious customer support traffic. Microsoft issues an emergency patch for Internet Explorer. Facebook continues to struggle with transparency. New Knowledge CEO acknowledges a questionable experiment in social media manipulation. And, flash: Russian embassy hack was “brutal.” Rick Howard from Palo Alto Networks with some holiday reading suggestions. Guest is Sarah Tennant from the Michigan Economic Development Corporation describing new cyber security initiatives at Michigan universities. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_20.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast we hear of more international skittishness about Chinese hardware manufacturers. Information operations in Taiwan’s elections. EU diplomatic cables hacked, rehacked, and published. Dumbing down cyber craft as a form of misdirection. More Facebook data-sharing practices come under scrutiny. NASA PII exposed; investigation continues. And did you hear the one about the parrot, Alexa, Amazon orders, and sappy dance tunes? Jonathan Katz from UMD describing security improvements in the Signal messaging app. Guest Michael Doran from Optiv with tips on protecting your organization from ransomware. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_19.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that Shamoon 3 and the renewed activity of Charming Kitty strike observers as the long-expected Iranian cyber retaliation for reimposition of sanctions. The Czech CERT says Huawei and ZTE both represent a threat. Huawei insists it didn’t do nuthin’. Facebook faces a boycott in the wake of Senate commissioned reports on Russian trolling. And PewDiePie’s followers deface a Wall Street Journal page. Craig Williams from Cisco Talos with a look back at 2018. Carole Thieriault speaks with Rapid7's Tod Beardsley about their Industry Cyber Exposure report. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that the Five Eyes agreed to contain Huawei’s potential for espionage. Huawei and ZTE both continue their charm offensive to convince international customers it’s safe to use their gear. Senate commissioned report on Russian influence operations finds the St. Petersburg troll farmers “fluent in American trolling.” Boomstortion scammers now threaten acid attacks. PewDiePie followers—again—hack printers, but this time they say it’s for the public good. Justin Harvey from Accenture on M&A targets and resilience. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_17.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers at Risk Based Security took a detailed look back at the 2014 Sony hack, comparing analysis that occurred while the facts were still unfolding with what we know, today. There are interesting lessons to be learned, especially when it comes to attribution. Brian Martin is V.P. of vulnerability intelligence at Risk Based Security, and he shares their findings. The research can be found here: https://www.riskbasedsecurity.com/2018/09/you-didnt-think-the-sony-saga-was-over-did-you/ Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear about false flag cyberattacks that mimic state actors, especially Chinese state actors. Chinese intelligence services are prospecting US Navy contractors. Russia’s Fancy Bear continues its worldwide phishing campaign. ISIS claims the career criminal responsible for the Strasbourg Christmas market killings as one of its soldiers. And a bogus bomb threat is being circulated by email—call the technique “boomstortion.” Malek Ben Salem from Accenture Labs on smart speaker vulnerabilities. Guest is Laura Noren from Obsidian Security on data science ethics. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_14.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast we hear that the Saipem hack looks like a new Shamoon variant. Charming Kitten started prowling through relevant places after the Iran sanctions became more serious. US authorities denounce Chinese espionage, especially industrial espionage, but there are as yet no new indictments or sanctions. Concerns mount over Chinese influence operations. Another Canadian may be in Chinese custody—possibly in retaliation for the detention of Huawei’s CFO. Ben Yelin from UMD CHHS on how password policies align with the 5th amendment. Guest is Liz Rice from Aqua Security on the notion of security teams “shifting left.” For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_13.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear some of McAfee’s description of Operation Sharpshooter, an ambitious cyber reconnaissance campaign. Huawei’s CFO Meng makes bail in Vancouver, and China reacts sharply to the arrest. The US is said to be preparing sanctions and indictments in response to various Chinese hacking activities. A no-confidence vote is called in the UK. In France, President Macron makes concessions to the Yellow Vests. Google skates through its interrogation by Congress. And bad passwords get rated. Johannes Ullrich from SANs and the ISC Stormcast Podcast with holiday tips on securing new devices. Guest is Ali Golshan from StackRox on the shift toward DevOps. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_12.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Audit finds no “Chinese spy chips” on Supermicro motherboards. Huawei CFO Meng’s hearing continues. Oil services firm’s servers attacked. Seedworm shows some new tricks. Secure instant messaging apps may be less secure than hoped. A new adware strain reported. Mr. Pichai goes to Washington, and Uncle Pennybags puts in an appearance. The US House Oversight and Government Reform Committee reports on the Equifax breach. Prof. Awais Rashid from Bristol University on risk management in a data-intensive world. Guest is Barry Hensley from Secureworks on supply chain risks. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_11.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that Huawei’s CFO awaits her immediate fate in a Vancouver detention facility, where she faces possible extradition to the US on a sanctions-violation beef. Huawei itself receives hostile scrutiny from the Five Eyes, the EU, and Japan. US indictments are expected soon in other IP theft cases involving China. Upgrade Kubernetes. Russia and Ukraine swap cyberattacks in their ongoing hybrid war. An advance fee scam promises not only money, but maybe love, too. Emily Wilson from Terbium labs, on why she feels the Lesbians Who Tech conference gets diversity right. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_10.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers at Trend Micro uncovered a supply chain attack targeting organizations in South Korea. With the goal of information theft, attackers compromised the update server of a third party support provider, resulting in the installation of a RAT, or remote access trojan. Rik Ferguson is Vice President of Security Research at Trend Micro, and he guides us through their discoveries. The research can be found here: https://blog.trendmicro.com/trendlabs-security-intelligence/supply-chain-attack-operation-red-signature-targets-south-korean-organizations/ Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast we hear that Huawei’s CFO remains in Canadian custody, perhaps facing extradition to the US. All Five Eyes have now expressed strong reservations about Huawei on security grounds. They’ve been joined in this by Japan and the European Union. Proofpoint sees a shift in cybercrime toward more carefully targeted and thoughtful social engineering. Kaspersky describes “DarkVishnaya,” a criminal campaign using surreptitiously planted hardware to loot Eastern European banks. Justin Harvey from Accenture discussing what should be in your incident response “go bag.” Guest is New York Times national security correspondent David E. Sanger, discussing his latest book The Perfect Weapon. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_07.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that Huawei’s CFO was arrested in Vancouver on a US sanctions beef. Anonymous sources tell Reuters Chinese intelligence was behind the Marriott hack. A Flash zero-day is used in an attack against a Russian hospital. SamSam warnings and new US indictments. In the UK, Parliament releases internal Facebook emails that suggest discreditable data-use practices. Facebook says the emails are being taken out of context. And DDoS downs Illinois homework. Dr. Charles Clancy from VA Tech’s Hume Center on the ban of specific 5G hardware around the world. Guest is Tom Bonner from Cylance on the SpyRATs of Ocean Lotus. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_06.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that CoAp-based DDoS attacks are on the rise. A Nigerian gang has done some industrial-scale work on business email compromise. Ukraine says it stopped a major Russian cyber attack. The EU looks toward its May elections and determines to do something about disinformation. The US National Republican Congressional Committee sustains an email compromise. Attribtution of a phishing expedition to Cozy Bear grows dubious. And Westminster doxes Facebook. Joe Carrigan from JHU ISI explaining the National Centers for Academic Excellence. Carole Theriault interviews SANS’ James Lyne explains the Cyber Discovery program which aims bolster the security workforce. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_05.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast we hear how Fancy Bears and free-range catphish have been disporting themselves in the Czech Republic. China reported to have used watering hole attacks to gain entry into Australian institutions. Quora suffers a data breach. Marriott’s breach response earns mediocre marks. A Kubernetes privilege escalation flaw is found and patched. Two scammy apps are ejected from Apple’s App Store. An object lesson in the difficulty of controlling fake news—or at least fake op-eds. Jonathan Katz from UMD on SSD drive encryption security woes. Guest is Brian Egenrieder from SyncDog on the challenges of commingling work and personal mobile devices. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_04.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that senior US and UK officials have harsh words for Russian actions in cyberspace even as President Putin undertakes a charm offensive at the G20 meetings. (In fairness to the US and UK officials, it’s a pretty dour charm offensive.) Iran ups its influence operations game. Legal investigations and legislative responses to the Marriott breach begin. A US Court upholds the Government’s ban on Kaspersky products. And paying ransom to cyber extortionists could violate US sanctions. Daniel Prince from Lancaster University discussing growth, innovation and productivity within cyber security. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_13_03.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In the second episode of our new, four-part series, called “Ground Truth or Consequences: the challenges and opportunities of regulation in cyberspace,” we take a look at the impact GDPR has had since it's implementation in May 2018. Joining us are Emily Mossburg from Deloitte, Caleb Barlow from IBM and Steve Durbin from ISF. Later in the program we'll hear from Jason Hart, CTO for enterprise and cybersecurity at Gemalto. They're the sponsors of this show. Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers from Secureworks' Counter Threat Unit have been tracking a threat group spoofing login pages for universities. Evidence suggests the Iranian group Cobalt Dickens is likely responsible. Allison Wikoff is a senior researcher at Secureworks, and she joins us to share what they've found. The original research is here: https://www.secureworks.com/blog/back-to-school-cobalt-dickens-targets-universities Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast we hear about Marriott’s big breach. And Dunkin’ Donuts big breach. And, and, Urban Massage’s embarrassing exposure. Lessons are drawn about third-party risk, password reuse, and the importance of being less creepy to the people you do business with. Fancy Bear shows up to paw at the phish swimming in Germany’s government. And how much did SamSam really cost people? FBI? DoJ? Is it millions or billions? In either case you’re talking about real money. Robert M. Lee from Dragos discussing the notion of IoT hot water heaters taking down the power grid. Guest is Michelle Guel from Cisco, discussing smart cities and her perspective as a pioneering woman in the industry. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_30.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear warnings of Russian recon “degradation” of the North American power grid. Information operations in Russia’s hybrid war against Ukraine. Factions in Yemen’s civil war contest cyberspace (and fiber optic cables). Eternal Silence exploits systems not patched against EternalBlue and EternalRed. Dell tells its customers to reset their passwords. And the US indicts two Iranians for deploying the SamSam ransomware. Emily Wilson from Terbium labs with unintended consequences of GDPR. Guest is Francis Dinha, founder and CEO of OpenVPN, discussing the VPN landscape. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_29.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that DNSpionage espionage tools are hitting Middle Eastern targets. Iran’s Cobalt Dickens returns to pester universities. Lawful intercept vendors receive more scrutiny, and that scrutiny suggests iOS might not have escaped their attention as much as many had assumed. Facebook gets grilled in London. Nine Western countries issue a joint communique resolving to control “false and misleading” content on the Internet. And lessons from small towns. Ben Yelin from UMD CHHS reviewing government requests of Google’s Nest to turn over user information. UK correspondent Carole Theriault speaks with Graham Cluley about police monitoring criminals using the Ironchat secure messaging service. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_28.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast we hear that the Rotexy Trojan has evolved into phishing and ransomware. Bad apps found in Google Play. An open source library used in cryptocurrency wallets had a wide-open backdoor. Facebook goes before Parliament, which seems in a pretty feisty mood. Pegasus spyware found to have been deployed against journalists in Mexico and elsewhere. Russia escalates its hybrid war against Ukraine. Do people care if their smart speakers eavesdrop? How about their smart lightbulbs? Johannes Ullrich from SANs and the ISC Stormcast podcast on DNS over HTTPS and network visibility. Guest is Shaun Bierweiler from Hortonworks on the use of open source software in the federal space. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_27.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast we hear that Emotet ramped up for Black Friday—beware of the spam. Social engineering and the power grid. Industrial espionage resurfaces as an issue in Sino-American relations. Huawei remains unforgiven in Washington. China’s emerging social credit system. Bottom-up social control in the US: first they came for the dogwalkers. Making a Dutch book on social media. Russia tightens Internet laws. The US Army learns some lessons, in a good way, from Joint Task Force Ares. Joe Carrigan from JHU ISI, wondering if we have a cyber skills gap or a shortage of courage. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_26.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that Amazon has offered customers a modified, limited hangout on some kind of data exposure. The online retailer says everything’s OK, but it hasn’t said much else. Facebook is back online—yesterday’s outage attributed to a server misconfiguration. Shoppers and retailers prepare for Cyber Weekend. Tessa88, the dark web data hawker, may have been identified. Cyber espionage continues. And there’s been another breach in what we’ve curiously agreed to call an “adult” site. David Dufour from Webroot on the pros and cons of open source code. Guest is Andrew Kling from Schneider Electric with an update on Triton malware. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_21.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear about nations behaving badly (but from the point-of-view of cyberespionage they’re doing, unfortunately, well). The Lazarus Group is back robbing banks in Asia and Latin America. Russia’s Hades Group, known for Olympic Destroyer, is back, too. Gamaredon and Cozy Bear have returned, respectively pestering Ukraine and the US. Iran’s OilRig is upping its game with just-in-time malicious phishbait. And it’s not you: Facebook has been down. Malek Ben Salem from Accenture Labs on skills squatting with Amazon’s Alexa. Guest is Ronnie Tokazowski from Flashpoint on his work with the business email compromise working group. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that CISA is now an agency within DHS. Cozy Bear is back, and spearphishing in American civilian waters. Ukrainian authorities say they’ve detected and blocked a malware campaign that appears targeted against former Soviet Republics. A reported Gmail issue may make for more plausible social engineering. The Outlaw criminal group expands into cryptojacking. Infrastructure, financial, and data corruption attacks discussed as possible “cyber 9/11s”. Rick Howard from Palo Alto Networks with a book recommendation from the Cybersecurity Canon project. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_19.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

The NETSCOUT Arbor ASERT team has been tracking Cobalt Group campaigns targeting financial institutions. Richard Hummel is manager of threat intelligence with ASERT, and he joins us to share his team's findings. The research can be found here: https://asert.arbornetworks.com/double-the-infection-double-the-fun/ Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we ask a question: when does a military exercise become hybrid warfare? Answer: when it affects civilian safety. Like with GPS jamming. Russian banks are sustaining a major, and well-crafted, phishing campaign. An unprotected server exposes SMS messages. China tightens laws enabling censorship and social control. It also helps Venezuela to do likewise. And did the US indict Julian Assange, or is it just a cut-and-paste error? Craig Williams from Cisco Talos with info on the sextortion scams they’ve been tracking. Guest is Christopher Porter from FireEye on threats in the aviation sector. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_16.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that tRAT indicates a criminal shift to a longer game. Chinese industrial espionage copies Russian services’ tricks. Dharma ransomware evolves. Bitcoin’s price may be tanking, but Bitcoin-based advance-fee scams are still all over Twitter, with bogus big brands’ blue checks all over them. Nigeria plans to go after cyber gangs. Fancy Bear says it can’t be sued, even if it did anything. And why a password manager is better than an infernal machine. Jonathan Katz from UMD describing a side channel attack on mobile device encryption. Guest is Mike McKee from ObserveIT on nation state attacks. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_15.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that Monday’s BGP hijacking wasn’t hijacking at all, but rather a fumbled upgrade in an ISP. The White Company’s Operation Shaheen is a nation-state espionage campaign directed against Pakistan’s military. Sleazy gamer and hacker SWAuTistic pleads guilty to Wichita swatting charges, and to bomb threats just about everywhere else. And the NPPD will soon become CISA, and the lead US civilian cybersecurity agency. Emily Wilson from Terbium Labs on their recent Truth About Dark Web Pricing white paper. Guest is Gregory Garrett from BDO on their telecommunications risk report. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_14.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that Finland is investigating GPS signal jamming during NATO exercises. Russia’s the usual suspect, as usual Russia feels picked on and ill-used. Jihadists seem to be feeling the effects of social media screening, and may turn to account hijacking. Indian intelligence services look at ISIS use of Wickr. A look at Magecart. Cathay Pacific’s breach now believed to be worse than originally thought. The “Paris Call for Trust and Security in Cyberspace” expresses eight aspirations. Joe Carrigan from JHU ISI with a report on the NICE conference, and a presentation on including psychologists in cyber security decision making. Guest is Rich Bolstridge from Akamai with credential stuffing info from their latest State of Internet Security report. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_13.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In this premier episode of our new, four-part series, called “Ground Truth or Consequences: the challenges and opportunities of regulation in cyberspace,” we take a closer look at cyber security regulation in the U.S. Joining us are Dr. Christopher Pierson from BlackCloak and Randy Sabett from Cooley LLC. Later in the program we'll hear from Jason Hart, CTO for enterprise and cybersecurity at Gemalto. They're the sponsors of this show. Learn more about your ad choices. Visit megaphone.fm/adchoices

Joseph Nye is former dean of the Harvard Kennedy School of Government. He served as Chair of the National Intelligence Council, and as Assistant Secretary of Defense for International Security Affairs under President Clinton. He serves as a Commissioner for the Global Commission on Internet Governance, and is the author of over a dozen books, including, “Soft Power: The means to success in work politics,” and “The future of power.” Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast we hear that Britain’s NCSC has warned, again, that the UK is likely to face a Category One cyberattack within the next few years. In the US, Government-industry-academic partnerships work toward making critical infrastructure more resilient to cyberattack. Pyongyang’s Lazarus Group continues to rob ATMs using malware. US officials complain that China is in violation of 2015’s agreement to avoid industrial espionage. Any Russian observers give the US a passing grade for fair midterm elections. Awais Rashid from Bristol University with thoughts on placing trust in blockchain systems. Guest is Bruce Schneier, discussing his latest book, “Click here to kill everybody.” For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_09.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that, while election hacking seems not have happened in the US this week, that hasn’t stopped the IRA and its mouthpieces in Sputnik, RT, and elsewhere from loudly claiming it has. Election influence operations continue long after the election. VirtualBox zero-day disclosed to everyone. USCYBERCOM posts Lojack to VirusTotal. FCC vs. robocalls. US Postal Services’ Informed Delivery exploited. Canada Post slips to reveal cannabis customers. Dr. Charles Clancy from the Hume Center at VA Tech on in-car cell phone jammers. Guest is Ian Paterson from Plurilock Security Solutions on behavioral biometrics. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_08.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast we take a quick look back at the US midterm elections, and at what did and didn’t happen. Is Iran looking at waging cyber-enabled economic warfare? If you use Apache Struts, update now to avoid remote code execution. A spyware-delivering app is used to smish Spanish-speaking users of the Play Store. And, once again, people really seem to think that Elon Musk will return them their Bitcoin donations tenfold. (Enough people to make crime pay, anyway.) Justin Harvey from Accenture on notification laws and incident response. Guest is Christian Lees from InfoArmor with thoughts on what they’re seeing trafficked on the dark web. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_07.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices