CyberWire Daily

In today's podcast, we hear about foreign information operations surrounding elections in Israel and Sweden. Domestic information operations surround local elections in Russia. Apple purges questionable security apps from its store. Are the Silence cyber criminals security industry veterans? British Airways continues to recover from its data breach. What a "cyber moonshot" might actually mean. And ProtonMail says the coppers have collared an Apophis Squad member. Zulfikar Ramzan from RSA with a reality check on blockchain hype . Guest is Yehuda Lindell from Unbound Tech on the Foreshadow vulnerability. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/September/CyberWire_2018_09_10.html Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers at Symantec recently published their findings on an active attack group named Leafminer that's targeting government organizations and businesses in the Middle East region. Vikram Thakur is a technical director at Symantec, and he joins us to share what they've found. The research can be found here: https://www.symantec.com/blogs/threat-intelligence/leafminer-espionage-middle-east Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear that Russia says it had nothing to do with the Salisbury nerve agent attacks, but no one really seems to be buying the denial. The US indicts a North Korean hacker in matters pertaining to the Lazarus Group. FOIA.gov overshares. British Airways sustains a data breach. The "Silence" gang makes some noise in the underworld. Notes from yesterday's Billington Cybersecurity Summit. And Twitter bans a grandstander…for life. Dr. Charles Clancy from VA Tech’s Hume Center describes the Virginia Commonwealth Cyber Initiative. Guest is Rich Baich, CISO at Wells Fargo with insights on protecting a major financial institution. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that the Novichok attacks have brought Britain and Russia to the brink of cyberwar. The UK will take its case to the UN Security Council. Twitter and Facebook have completed their testimony on Capitol Hill, but investigation of tech's role in influence operations and public discourse continue. So do concerns about election security. Unpatched MikroTik routers are being exploited in the wild. OilRig shows some new tricks. Joe Carrigan from JHU ISI on biometric scanners tagging travelers at the border. Guest is Robert Anderson from the Chertoff Group with insights on the encryption debate. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/September/CyberWire_2018_09_06.html Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that German security authorities warn about the possibility of sleeper sabotage malware. A botnet to rival Satori, this one called Hakai, continues to spread to new classes of router. SamSam ransomware remains dishearteningly successful. The US Director of National Intelligence warns against foreign influence in elections. Facebook's former security chief says the midterms could be the World Cup of information Warfare. Silicon Valley comes to Capitol Hill, but without Google. Craig Williams from Talos at Cisco with an update on the Remcos RAT. Guest is Robert Holmes from Proofpoint on the DHS’s Binding Operational Directive (BOD) 18-01 mandate to secure their email systems. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/September/CyberWire_2018_09_05.html Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that Intrusion Truth seems to have Stone Panda dead to rights. Chinese intelligence increases targeting of expatriate Uyghurs. Zscaler warns that an ad-fraud campaign is making use of the Tokelau top-level domain. Check Point has a decryptor for RansomWarrior. The US House and Senate will hear from Facebook, Twitter, and Google this week about influence operations, content moderation, and alleged monopolistic practices. And no, Pope Francis isn't giving away Bitcoin, nor did former President Obama encrypt your files. Emily Wilson from Terbium Labs with a look back at the effects of last year’s Alpha Bay takedown. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/September/CyberWire_2018_09_04.html Learn more about your ad choices. Visit megaphone.fm/adchoices

Threat researcher Marcelle Lee from LookingGlass Cyber Solutions joins us to share her research on the growing threat of ATM hacks in the U.S. The research can be found here: https://www.lookingglasscyber.com/blog/atm-hacking-you-dont-have-to-pay-to-play/ Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear that the US Intelligence Community says that China is actively trying to recruit spies over LinkedIn. Britain and Germany had earlier issued similar warnings. WindShift espionage group is active in the Gulf. GlobeImposter ransomware continues its evolution and spread. The Five Eyes issue some communiques about cooperation in cyberspace. Russia would like to block Telegram if it could do so without too much collateral traffic damage. Supply chain questions about Google's Titan. Johannes Ullrich from SANS and the ICS Stormcast podcast, with iPhone unlocking techniques. Guest is Andy Greenberg from WIRED discussing his recent article on NotPetya. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_31.html Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that Twitter bots have shown up in Sweden's political discourse. Not so much Chinese hacking for influence: Beijing seems to prefer funding sympathetic cultural and research centers. 130 million hotel guests have their PII offered for sale on the dark web. Medical device vulnerabilities are disclosed, and hospitals are urged to patch. Nexus Zeta faces charges in a US Federal Court, apparently in connection with the Satori botnet. Mike Benjamin from CenturyLink with an update on the Necurs botnet. Guest is Gilad Peleg from SecBI on the challenges of secure BYOD policies. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_30.html 1 Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear that the Apache Struts vulnerability, patched last week, is being actively exploited by cryptojackers. Microsoft works on a fix for local privilege escalation flaw in Windows. Trend Micro sees similarities among Urpage, Confucius, Patchwork, and Bahamut campaigns. Air Canada suffers a breach. Criminal threats to power grids. And searching for search engine optimization in all the wrong places. Jonathan Katz from UMD on flaws in Intel processors’ secure enclave. Guest is Fred Kneip from CyberGRX on third party risk. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_29.html Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that Twitter has suspended more accounts for "divisive social commentary" and "coordinated manipulation." Facebook blocks accounts belonging to Myanmar leaders over Rohingya persecution. US Senators are unconvinced by claims that it's dangerous to research voting-machine vulnerabilities. The House takes a look at the CVE database. Australia's new government reorganizes its cybersecurity portfolio. Justin Harvey from Accenture with details from their mid-year cyber threatscape report. Guest is Sean Tierney from Infoblox with their shadow IoT report. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_28.html Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we discuss reports that suggest US HUMINT collection in Russia has dried up. Russian intelligence services are showing an interest in disrupting a grant of autonomy to the Ukrainian Orthodox Church by the Ecumenical Patriarch. Turkish hacktivism shows up in the US, as journalists' social media accounts are hijacked. A look at Iranian information operations. ISIS limps back into cyberspace. A new point-of-sale malware family is discovered. David Dufour from Webroot on the role of engineers in securing an organization. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_27.html Learn more about your ad choices. Visit megaphone.fm/adchoices

Threat intelligence firm Recorded Future recently published research describing espionage activities originating from servers at a major Chinese university, coinciding with international economic development efforts. Winnona DeSombre and Sanil Chohan are authors of the report, Chinese Cyberespionage Originating from Tsinghua University Infrastructure, along with their colleague Justin Grosfelt. The research can be found here: https://www.recordedfuture.com/chinese-cyberespionage-operations/ Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that Google has put the cats out. Secureworks describes an Iranian cyberespionage campaign targeting universities. That DNC phishing campaign is confirmed to be a false alarm caused by a Michigan misstep, but almost fifteen million voter records appear to have been inadvertently exposed in Texas. The US tells Russia to knock off the influence operations, and some suggest a counter-value deterrent strategy to tame the Bears. China warns Australia its new government will face trade retaliation for banning ZTE and Huawei. Reality Winner gets five years, and two Minnesota lawyers go away, too. Ben Yelin From UMD CHHS on attempts by the State Department to establish international norms for behavior for cyber. Guest is Theresa Payton from Fortalice Solutions, addressing hype vs reality when it comes to blockchain, AI, and the IoT. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_24.html Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that a phishing attempt against the Democratic National Committee turned out to have been a poorly coordinated red-team exercise. Apache patches a remote code execution vulnerability in Struts. Another exposed AWS bucket. Remcos remote administration tool is being abused by black hats. Dark Tequila goes after customers of Mexican financial institutions. The Lazarus Group is back, and it's getting into Macs for the first time. Joe Carrigan from JHU ISI on Android vs. iOS data privacy. Guest is Oren Falkowitz from Area 1 Security on protection against phishing attempts. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_23.html Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear that Facebook has taken down more inauthentic pages—some are Russian, but others are Iranian. Twitter blocks Iranian accounts for being bogus. Russia denies, again, any involvement in information operations against the US. US Army Cyber Command's boss wonders if his job isn't more "information ops" than "cyber." Bitdefender describes Triout, an Android spyware framework. And some in industry caution the Senate not to expect them to get frisky hacking back. Craig Williams from Cisco’s Talos team, discussing MDM (mobile device management) vulnerabilities. Guest is James Burns from CFC Underwriting on cyber security insurance. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_22.html Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that Microsoft has sprung its bear trap, again, and caught Fancy Bear. This time the targets are more to the right than the left. The US Senate holds hearings on cybersecurity—hacking back is expected to be on the table. The UK wants more sanctions on Russia. US Senators are looking into reducing sanctions' collateral economic damage. Operation Red Signature pokes at South Korean supply chains. Intrusion Truth doxes Chinese intelligence officers. Medical device bugs. Rick Howard from Palo Alto Networks with tips buying cybersecurity products. Guest is Travis Rosiek from BluVector on fileless attacks. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_21.html Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that an evolved DarkHotel campaign is under way. A new malware dropper is out and about thanks to the Necurs botnet. Researchers demonstrate proof-of-concept exploits. Cyber espionage follows trade. Notes on election meddling. Google and Facebook encounter some regulatory and legal headwinds over data collection. Connected cars know a lot about their drivers, and there's money in those data. Robert M. Lee from Dragos on the notion of cyber attacks as a distraction. For links to all today's stories, check out our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_20.html Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers at Bitdefender have been tracking a bit of complex rootkit malware called Zacinlo that they suspect has been operating virtually undetected for over six years. Bogdan Botezatu is a senior cyber security analyst with Bitdefender, and he describes what they've found. Research link: https://labs.bitdefender.com/2018/06/six-years-and-counting-inside-the-complex-zacinlo-ad-fraud-operation/ Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we run through a brief guide to election risks, and the difference between hacking and influence operations. An Alaskan trade mission prompts a wave of Chinese industrial espionage. Misconfigured project management pages may have exposed Canadian and British Government information. Necurs flared up in a short-lived spam campaign against banks this week. Crooks use bogus Fortnite download pages. Final briefs are submitted in Kaspersky's court challenge to its US ban. Emily Wilson from Terbium Labs on her experience getting certified as a fraud examiner. Guest is Marco Rubin from the Center for Innovative Technology, on the security of UAVs and drones. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_17.html Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear that cyber threats to river traffic have intermodal implications. Nation state hacking, Presidential Policy Directive 20, and international norms of cyber conflict. The tragic consequences of overconfidence concerning communications security. Australia's new cyber laws are more legal hammer than required backdoor. A campaign of ATM robbery nets millions worldwide. A cryptocurrency speculator sues the phone company, a spyware firm sues a former employee, and the Dread Pirate Roberts would like a pardon. Johannes Ullrich from SANS and the ICS Stormcast Podcast, on lingering legacy passwords in Office documents. Guest is Phil Neray from CyberX on the National Risk Management Center being spun up by DHS. For links to all today's stories, check out our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_16.html Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear some Patch Tuesday notes—both Microsoft and Adobe were busy yesterday. Foreshadow, a new speculative execution vulnerability, is reported. Malaysia gets attention from Chinese espionage services. Competition for jihadist mindshare. Influence operations as marketing. The US FBI gets a new cyber boss. The Kremlin thinks the BBC is biased in the crypto-wars. And laptop stickers: are they good, bad, or ugly? Zulfikar Ramzan from RSA on SOCs and IoT. Guest is Dimitris Maniatis from Upstream on Android ad fraud malware. For links to all of today's stories check out the CyberWire daily briefing: https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_15.html Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear about the cryptowars down under. Major DDoS incident in Finland. Bears in the home routers, and concerns about IoT and power grid security prompt a US Senator to demand answers. Smart cities present big attack surfaces. Preliminary notes on patches. ZTE and Huawei devices formally disinvited from US Government networks. Cyber retaliation expected from Russia and Iran over sanctions. And locking people in a room to teach them good cyber hygiene. Justin Harvey from Accenture on threat hunting. Guest is Bob Stevens from Lookout discussing app-based malware on mobile devices. For links to all of today's stories check out our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_14.html Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear about spyware in the guise of a missile attack warning app. New Dharma variant out. Android.Clipper redirects transactions to crooks' cryptowallets. DLink exploits rob Brazilian banking customers. Utilities prepare for grid hacks, but researchers say an appliance botnet could cycle demand enough to induce blackouts. Vulnerabilities in airline Wi-Fi and SATCOM connectivity. Election hacking demos may or may not be realistic. Family spy ware proves vulnerable to data exfiltration. Ben Yelin from UMD CHHS on police using facial recognition software to nab a suspect. Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers at Symantec have been tracking a wide-ranging espionage operation that's targeting satellite, telecom and defense companies. Jon DiMaggio is a senior cyber intelligence analyst at Symantec, and he takes us through what they've discovered. The research can be found here: https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear that US-CERT is warning of a North Korean RAT. Researchers find vulnerable WPA2 handshake implementations. A sales call results in inadvertent data exposure. Notes on Black Hat: circumspection, hype, barkers, and artificial intelligence. Russia braces for US sanctions and promises retaliation. South Korea will reorganize its Cyber Command. The PGA is hit with ransomware. Guests are Andrei Soldatov and Irina Borogan, authors of the book The Red Web. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear that Tehran seems ready to follow Pyongyang into state-sponsored theft to redress financial shortfalls: cryptocurrency ransomware looks like Iran's preferred approach. DarkHydrus uses commodity tool Phishery in Middle Eastern campaign. Jackpotting cryptocurrency ATMs. The US imposes sanctions on Russia. Reality Winner's sentencing date announced. IBM looks at artificially intelligent malware. The mob's role in the cyber black market. What's the bigger gaming threat, sideloading apps or the Fortnite dance? We're asking for a friend. Awais Rashid from Bristol University on issues with software warranties. Guest is Cheryl Biswas from the Diana Initiative, a conference in Las Vegas celebrating diversity, women in security, and how to pursue a career in information security and technology. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hare that Oracle has warned of BGP exploits against payment processors. Check Point says it's found vulnerabilities in WhatsApp that could enable chat sessions to be intercepted and manipulated. Germany, Ukraine, and the US independently mull responses to hacking and influence operations. Anonymous announces it wants to take its shots at QAnon. Notes from Black Hat, including observations on grid hacks, AI, and the gray hat phenomenon. David Dufour from Webroot with a look at the year in review. Guest is Travis Moore from TechCongress describing their fellowship programs. For links to all of today's stories check out our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_08.html Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear that chipmaker TSMC says the virus that shut it down in Taiwan was WannaCry. It appears to have been an incidental infection enabled by inattentive installation of software. OpenEMR fixes bugs that could have exposed millions of patient records. British authorities are said to be readying an extradition request for GRU operators they hold responsible for the Novichok attack in Salisbury—the incident has prompted Russian hacking and disinformation. Mike Benjamin from CenturyLink on DDoS attack trends. Casey Ellis from Bugcrowd with an overview of bug bounty programs. Learn more about your ad choices. Visit megaphone.fm/adchoices

Leaky API may have exposed Salesforce customers' data, TSMC reports a virus in its semiconductor plants. TCM Bank discloses a paycard application leak. Ransomware in Hong Kong. The US Census Bureau prepares to secure its 2020 "fully digital" census. The unbearable, irresistible urge to monetize data. Notes on automotive cybersecurity. Depending on whom you ask, the Bitfi wallet was either hacked, or not. And a new goodwill ambassador seeks to repair US-Russian relations. Rick Howard from Palo Alto Networks exploring the notion of superforecasting. For links to all of today's stories check out our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_06.html Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers at McAfee recently discovered code execution vulnerabilities in the default settings of the Cortana voice-activated digital assistant in Windows 10 systems. Steve Povolny is head of advanced threat research at McAfee and he shares their findings. The research can be found here: https://securingtomorrow.mcafee.com/mcafee-labs/want-to-break-into-a-locked-windows-10-device-ask-cortana-cve-2018-8140 Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear that the US Intelligence Community warns of Russian threats, again. A criminal spearphishing campaign hits Russian industrial companies. A cryptojacking wave is installing CoinHive in MicroTik routers. Speakers at the Billington Automotive CyberSecuirty Summit stress collaboration, design for security, and the convergence of cyber and safety. Autonomy and connectivity make these imperative for the next generation of vehicles. Municipalities hit by malware feel the pain. Ben Yelin from UMD CHHS on a NYT story on records being seized from a reporter. Guest is David Spark, cohost of the CISO Security Vendor Relationship podcast. For links to all of today's stories check out our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_03.html Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that Cisco plans to buy Duo Security. Dragos warns of the RASPITE adversary actor. Russia's Sandworm group is phishing people connected with a Swiss chemical forensics lab. How influence operations can be a no-lose proposition. A cryptojacking campaign is discovered and stopped. Malspam is using gifs to carry a keylogger payload. And Facebook CSO Alex Stamos has fixed a date for his departure for Stanford. Robert M. Lee from Dragos with thoughts on categorizing threat actors. Guest is Wendi Whitmore from IBM with their 2018 Cost of a Data Breach study. For links to all of today's stories check out our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_02.html Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear that a Swiss chemical agent forensic lab has seen Sandworm phishing attempts. Facebook kicks thirty-one "inauthentic" accounts from its platform: they seem to have been engaged in influence operations, possibly Russian. Attribution remains difficult. NSO Group's Pegasus spyware found in Amnesty International phone. SamSam ransomware exacts a high cost. Yale realizes it was breached about ten years ago. Google allegedly prepares a censor-engine for Chinese web searchers. Craig Williams from Cisco’s Talos unit, describing his team and the work they do. Guest is Thomas Hofmann from Flashpoint on ransomware and online extortion. For links to all of today's stories check out out Cyberwire daily news brief: https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_01.html Learn more about your ad choices. Visit megaphone.fm/adchoices

In this CyberWire special edition, we take a look at data-centric security, focusing on the security of the data itself, rather than the surrounding networks, application or servers. To help us on our journey of understanding we’ve lined up a number of industry experts. Ellison Anne Williams is CEO of Enveil, a company that’s developed cutting edge encryption techniques. Adam Nichols is principle of software security at Grimm, a cybersecurity engineering and consulting firm. Mark Forrest is CEO of Cryptshare, maker of secure electronic communication technologies for the exchange of business sensitive information. And John Prisco is CEO at QuantumXchange, a provider of what they claim is unbreakable quantum-safe encryption. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear more warnings about Russian cyber operators in the North American power grid. The US Department of Homeland Security announces formation of a National Risk Management Center. Cosco's preparation may have rendered the shipper more resilient to the cyberattack it sustained. Congress worries over election hacking and deep fakes. Electronic warfare is back. An alt-coin platform is hacked, a carder goes to jail, an alleged sim-swapper is arrested, and coaches behave badly. Johannes Ullrich from SANS and the ISC Stormcast podcast on TLS 1.3 implementation. Guest is Mark Orlando from Raytheon on critical infrastructure security. For links to all of today's stories check out our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/July/CyberWire_2018_07_31.html Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear about NetSpectre, a new speculative execution proof-of-concept. Australia's Electoral Commission says there were no signs of hacking recent by-elections. US states remain concerned about election hacking. Missouri Senator McCaskill confirms that Fancy Bear made an unsuccessful attempt to access her staff's network. Russian threats to power grids. Industrial espionage continues to go after corporate IP. And news you can use about JPay (we know: you're asking for a friend). Jonathan Katz from UMD on the timeline for practical quantum computers. For links to all of these stories check out our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/July/CyberWire_2018_07_30.html Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers at Defiant recently analyzed a malware family they named "BabaYaga," which has the curious behavior of clearing out other malware and keeping infected sites up to date. Brad Hass is a senior security analyst at Defiant, and he guides us through their findings. The research can be found here: https://www.wordfence.com/blog/2018/06/babayaga-wordpress-malware/ Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we learn that Fancy Bear is said to be snuffling around at least one US Senatorial office. The US National Security Council meets to consider Russian election interference. Notes on Chinese and Iranian cyberespionage. New malware loaders are offered on the black market. Smart home hubs are shown to be hackable. Tenable enjoys a good IPO. A burglar in Silicon Valley didn't say, your money or your life, but rather, dude I'm outta data—can I have your WiFi password? Dr. Charles Clancy from VA Tech on the security aspects of digital vs analog RF spectrum. Guest is Lisa Beegle from Akamai with info from their State of Internet Security report. For link to all of today's stories check out the CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/July/CyberWire_2018_07_27.html Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear that LifeLock gets locked down—probably no harm done, maybe. US-CERT warns of active campaigns against ERP applications. Ad blockers may be doubling as spyware. A new RAT gnaws away at corporate HR departments. Underminer shows that exploit kits aren't obsolete after all. NSA gets a bad report from its IG. Congress worries over Russian infrastructure reconnaissance and influence operations. Iran's OilRig and Leafminer remain active regional threats. Joe Carrigan from JHU ISI on infosec pros reusing passwords. Guest is Jessica Ortega from SiteLock, discussing how having social media icons on your website increases the odds of falling victim to attacks. For links to stories in today's podcast check out our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/July/CyberWire_2018_07_26.html Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that Leafminer is infesting networks in the Middle East. Red Alert, Kronos, Mirai, and Gafgyt make their reappearance in new forms. Shipping firm Cosco is dealing with a cyberattack. US officials raise warnings about Russian threats to the power grid and elections. Congress considers cyber retaliation. A dispute over cyber insurance coverage lands the insured and the insurer in court. Awais Rashid from Bristol University on IoT and OT convergence. Guest is Jason Morgan from Wiretap on their Human Behavior Risk Analysis Report. For links to all of today's stories check out our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/July/CyberWire_2018_07_25.html Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that warnings of Russian prep for an attack on power grids become more pointed. Phishing and impersonation attacks continue to rise. Microsoft patches a patch. The SingHealth breach remains under investigation. The Satori botnet may be taking another run at Android devices. Bluetooth vulnerabilities render paired devices susceptible to man-in-the-middle attacks. And evil maid attacks may be less difficult than you thought. Emily Wilson from Terbium Labs, sharing her experience attending a conference for professionals working to fight fraud. Guest is Brian Martin from Risk Based Security with their research on vulnerabilities they discovered with the Click2Gov service. For links to all of today's stories check out our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/July/CyberWire_2018_07_24.html Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear that Singapore's SingHealth has sustained a major data breach: authorities speculate it may have been the work of a nation-state yet to be determined (or at least named). A third-party data exposure affects major manufacturers, including car makers. The Aspen Security Forum concludes with sobering warnings from senior US Government officials and the private sector of election interference and the prospects of a "cyber 9/11." Ecuador may be tiring of Mr. Assange. Rick Howard from Palo Alto Networks revisiting the notion of a metaphorical cyber moon-shot. For links to all of today's stories check out our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/July/CyberWire_2018_07_23.html Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers Gang Wang and Hang Hu from Virginia Tech recently conducted an end-to-end measurement on 35 popular email providers and examining user reactions to spoofing through a real-world spoofing/phishing test. Gang Wang joins us to share the sobering results. End-to-End Measurements of Email Spoofing Attacks https://people.cs.vt.edu/gangwang/usenix-draft.pdf Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear that the US Intelligence Community remains convinced the Bears are up to no good. Finland experienced elevated rates of cyberattack during the Helsinki summit, mostly Chinese espionage. The hacker "Anarchy" assembled an 18,000-member botnet in less than a day, using known vulnerabilities. Crooks monetize stolen credit cards through online games. Amazon works to induce better AWS configurations. Annual UK report on Huawei is out. Phishing campaign notes. Zulfikar Ranzan from RSA on cyber risk quantification. Guest is Mark Peters II, author of the book Cashing in on Cyber Power. For links to all of today's stories, check out our CyberWire daily news brief. https://thecyberwire.com/issues/issues2018/July/CyberWire_2018_07_20.html Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that Fancy Bear has taken a Roman Holiday, and the Italian Navy may be taking note. A criminal espionage campaign is underway, with Ukraine's government as its target. An exposed AWS S3 bucket leaks voter information. A security firm and a vendor dispute whether an issue is a vulnerability or a case of user abuse. NIST announces its intention of withdrawing some obsolete cybersecurity publications. Congress presses tech companies about content moderation. Daniel Prince from Lancaster University on rewriting digital histories. Guest is Matt Cauthorn from ExtraHop on a new worm spreading through Android devices. For links to all of today's stories, check out the CyberWire daily news brief - https://thecyberwire.com/issues/issues2018/July/CyberWire_2018_07_19.html Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear about the spread of Magnibur ransomware. LabCorp discloses "suspicious activity" on its networks. The Pentagon will add cybersecurity checks to its test and evaluation process. Siemens updates customers on Spectre and Meltdown. Oracle's quarterly patch bulletin is out. Fallout, clarifications, and more fallout from the Helsinki summit. US agencies continue preparations to secure elections and infrastructure. Robert M. Lee from Dragos on the Electrum threat group. Guest is Jonathan Couch from Threat Quotient on Dark Web markets. For links to stories in today's CyberWire podcast, check out our daily news brief. https://thecyberwire.com/issues/issues2018/July/CyberWire_2018_07_18.html Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we review fallout from the Trump-Putin summit. Cyberespionage campaigns resurface in East Asia—at least one of them originates in North Korea. Telefonica sustains a major data breach of Spanish customers' details. Passwords to DVRs are found cached in an IoT search engine. Those DVRs' firmware is also vulnerable to exploitation. The US Census Bureau is asked to provide an overview of measures being taken to secure the 2020 census. David Dufour from Webroot on ransomware in the UK. Guest is James Tabor from MEDIA Protocol on using blockchain technology with online advertising. For links to all of the stories mentioned in today's podcast, check out our CyberWire daily news brief - https://thecyberwire.com/issues/issues2018/July/CyberWire_2018_07_17.html Learn more about your ad choices. Visit megaphone.fm/adchoices

DNI says "warning lights are blinking red" over cyber threats. Election interference remains a risk despite lower than expected levels of threat activity. Presidents Trump and Putin meet in Helsinki. Notes on the Mueller investigation and the GRU indictments. Huawei, under suspicion over African cyberespionage, is said to be excluded from participation in Australian 5G buildout. Congress may reimpose ban on ZTE. Kaspersky fails to win emergency injunction against US sanctions. Ben Yelin from UMD CHHS, weighing in on the indictments of the Russians. For links to all of the stories mentioned in this podcast, visit our daily news brief on our web page. https://thecyberwire.com/issues/issues2018/July/CyberWire_2018_07_16.html Learn more about your ad choices. Visit megaphone.fm/adchoices

Andy Bochman is senior grid strategist for Idaho National Lab’s National and Homeland Security directorate. Today we’re discussing the research the INL has been doing, developing new approaches to protecting mission critical systems. Learn more about your ad choices. Visit megaphone.fm/adchoices