CyberWire Daily

In today's podcast we learn that so far Russian influence seems not to be operating in Germany's election. Iran's APT33 turns from spying to sabotage. Equifax woes continue, but don't appear to include cover-up of an earlier breach. UpGuard helps Viacom dodge a cyber bullet. You may be party to a contract you didn’t know about. Criminal boneheads again more common than criminal geniuses. Ben Yelin from UMD CHHS with a story of the FBI raiding the wrong home based on WiFi router information. Guest is Eddie Habibi from PAS, debunking some ICS myths. And don't be a gazelle. Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. Recorded Future's user conference RFUN 2017 comes to Washington, D.C. , October 4th and 5th, 2017, bringing together the people who put the act in actionable intelligence. If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that WikiLeaks is shocked, shocked, to learn that there's gambling…uh, we mean, Russian surveillance going on. Advice from Ukraine about influence operations. The Equifax story may have gotten worse—there may have been an earlier breach in March. Software supply chain issues come up in an Avast backdoor. Awais Rashid from Lancaster University on security being the responsibility of everyone in an organization, not just the IT folks. Mike Kail from Cybric on the DevSecOps trend. Industry notes, and the "Unlucky 13,' presented by Johns Hopkins. Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. Recorded Future's user conference RFUN 2017 comes to Washington, D.C. , October 4th and 5th, 2017, bringing together the people who put the act in actionable intelligence. If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we note reports that, while Germany will hold elections Sunday, Russian cyber operators seem quiet. Too quiet? Switzerland and Singapore both report sustaining state-sponsored cyber espionage attempts. ISIS howls for its lone wolves to hit soft targets. The Equifax breach news isn't getting any better. Cisco finds a backdoor in an Avast security product. Chris Poulin from Booz Allen Hamilton, our newest industry partner, introduces himself. He leads the Internet of Things security strategy in Booz Allen’s Dark Labs, as well as dabbles in Machine Intelligence. He joins BAH from IBM, where he lead their X-Force research teams and built the first prototype Watson for cybersecurity.OurMine hackers hit Vevo to redress an insult delivered over LinkedIn. Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. Recorded Future's user conference RFUN 2017 comes to Washington, D.C. , October 4th and 5th, 2017, bringing together the people who put the act in actionable intelligence. If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper. Learn more about your ad choices. Visit megaphone.fm/adchoices

Deepen Desai, senior director of security research and operations at Zscaler, describes research he and his team have been doing since discovered a clever bit of malware they’ve named Cobian RAT. (RAT stands for Remote Access Trojan.) It’s available for free, but contains a back door that allows the original author to access and control the RAT remotely. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear about how Equifax continues to struggle in the quicksand of wayward patching and clumsy incident response. Congress, the FTC, the CFPB, and DoNotPay are all taking an interest. Another unsecured database—this one for sale to political campaigns—is found (Alaska voters are affected). Kaspersky says his company is a bystander that's been hit in the Russo-American political crossfire. The US Navy continues to investigate the USS McCain collision. Justin Harvey from Accenture on what it’s like to be on an incident response team. Luke Beeson from BT on the challenges such a large organization faces protecting themselves and their clients. And Harvard decides Manning won't be a Kennedy School Fellow after all. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that DHS tells the US Executive Branch to stop using Kaspersky security software. Kromtech finds ElastiSearch servers hosting point-of-sale malware. BlueBorne bugs buzz billions of boxes. Equifax says that its breach was accomplished via the Apache Struts flaw patched in April. Industry notes include both venture funding and acquisition news. We take a quick look back at the Billington CyberSecurity Summit. Johannes Ulrich with an update on the Mirai botnet. Renato Marinho, Chief Research Officer at Morphus Labs, on a bad Chrome browser extension that can steal banking credentials. And robo-lawyers come to small claims court. Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. We read Recorded Future’s free intel daily, you might find it valuable, too. If you’d like to protect your endpoints against advanced threats, check out Cylance. JHUISI & partner COMPASS Cyber present Cyber Security Conference for Executives on September 19th in Baltimore. Register for the event. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that North Korea's stealing all the Bitcoins it can find. The Equifax breach continues to spread: countries other than the US are increasingly involved. Patch Tuesday notes. The US Director of National Intelligence addresses the Billington CyberSecurity Summit. Joe Carrigan from JHU on VPN companies collecting private user data. Dr. Richard Ford, Chief Scientist, Forcepoint, on the Equifax breach. And did a Russian lawmaker just cop to the influence ops President Putin has so piously denied? Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. We read Recorded Future’s free intel daily, you might find it valuable, too. If you’d like to protect your endpoints against advanced threats, check out Cylance. JHUISI & partner COMPASS Cyber present Cyber Security Conference for Executives on September 19th in Baltimore. Register for the event. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear about how Equifax has attracted more attention from plaintiffs, AGs, and Congress. Everyone else is on heightened alert for fraud and identity theft. MongoDB says users of its database process were not assigning passwords to administrative accounts. A Bluetooth-based attack vector, "BlueBorne," is described. Syringe pumps are found to be hackable. Bots serve more effective social media clickbait than human operators can. Robert M. Lee from Dragos on deterrence. Myke Cole, cyber security analyst and fantasy writer discussing the importance of empathy when considering your adversaries. And Roman Seleznev gets 27 years after he cops a plea to hacking. Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. We read Recorded Future’s free intel daily, you might find it valuable, too. If you’d like to protect your endpoints against advanced threats, check out Cylance. JHUISI & partner COMPASS Cyber present Cyber Security Conference for Executives on September 19th in Baltimore. Register for the event. Learn more about your ad choices. Visit megaphone.fm/adchoices

Today's podcast features all things Equifax, as the credit bureau deals with its breach (and the lawyers and Wall Street wind up to deal with the credit bureau). The Chaos Computer Club says it's found major flaws in German election software. Moscow seems to have done a lot of catphishing in social media during the last US campaign season. Best Buy boots Kaspersky security products from its big box stores. Dale Drew from Level 3 Communications with some sobering statistics on attack trends. And a Cracka with Attitude gets five years in Club Fed. Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. We read Recorded Future’s free intel daily, you might find it valuable, too. If you’d like to protect your endpoints against advanced threats, check out Cylance. JHUISI & partner COMPASS Cyber present Cyber Security Conference for Executives on September 19th in Baltimore. Register for the event. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear that credit bureau Equifax had disclosed a massive data breach it discovered on July 29th. Does that mean they're about a month delinquent? WikiLeaks weekly Vault7 dump departs from past practice with respect to content. The ShadowBrokers are back, and offering a twice monthly twofer. Emily Wilson from Terbium Labs with her thoughts on the encryption debate. Alexander Klimburg, author of The Darkening Web. And Intelligence Community leaders agree on at least three things: they need a better security clearance process, they need Section 702, and nowadays all intelligence involves cyber intelligence. Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. To learn about combining threat intelligence, analytics, and orchestration, check out ThreatConnect’s webinar. If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper. JHUISI & partner COMPASS Cyber present Cyber Security Conference for Executives on September 19th in Baltimore. Register for the event. Learn more about your ad choices. Visit megaphone.fm/adchoices

DragonFly 2.0 is up to some very bad things in several nations' power grids. China ramps up cyberespionage against South China Sea rivals. Facebook finds that a Russian front company bought more than $100,000 in influence-ops ads on its service over the last two years. US info ops stumble over a dog. Jonathan Katz on encryption bit depth. Kyle Wilhoit from Domain Tools with the results of a Black Hat survey on "fake news." And a Japanese 13-year-old is in hot water for trying to sell malware. Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. To learn about combining threat intelligence, analytics, and orchestration, check out ThreatConnect’s webinar. If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper. JHUISI & partner COMPASS Cyber present Cyber Security Conference for Executives on September 19th in Baltimore. Register for the event. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear about a critical vulnerability in Apache Struts. It's been patched—enterprises are advised to apply it as soon as possible. Dragonfly poses a clear and present danger to European and US power grids. Ransomware continues rampant. Latin American social media platform Taringa suffers a breach. Notes from the Intelligence and National Security Summit. Cryptocurrencies in China and Russia. Ben Yelin from UMD CHHS on the resignation of many of President Trump’s cyber security advisors. Guest is Tom Billington promoting the upcoming Billington Cybersecurity event. And say it ain't so, Joe—are the Red Sox stealing signals with an Apple Watch? Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. To learn about combining threat intelligence, analytics, and orchestration, check out ThreatConnect’s webinar. If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper. JHUISI & partner COMPASS Cyber present Cyber Security Conference for Executives on September 19th in Baltimore. Register for the event. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that election influence operations appear to have begun in Germany. Turla's spoor tracked to the Pacifier APT. Cambodia takes an authoritarian turn, possibly extending to domestic spying via RAT. Rival jihadists remain active online; US Cyber Command working to deny them cyberspace safe havens. More exposed AWS S3 databases. MongoDB databases hit with ransom wiper. PrincessLocker and Locky ransomware continue to romp in the wild. Free RAT backdoors criminals. Johannes Ulrich from SANS Technology Institute and the ISC Stormcast podcast on DDoS extortion emails. Disgruntled customer doxes booter service. Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. To learn about combining threat intelligence, analytics, and orchestration, check out ThreatConnect’s webinar. If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper. JHUISI & partner COMPASS Cyber present Cyber Security Conference for Executives on September 19th in Baltimore. Register for the event. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that Kenya's Supreme Court has nullified that country's presidential election results over electronic irregularities in the balloting. Chinese steps up cyber espionage against Vietnam during South China Sea disputes. Ransomware continued to surge this week. WikiLeaks dumps "Angelfire" documents from Vault7. Reality Winner says she wasn't properly Mirandized by the FBI. North Korea raids South Korean Bitcoin exchanges. Joe Carrigan from JHU on security issues with fitness apps. Charles Henderson from IBM’s X-Force Red group on automotive security. And get ready for WhopperCoin. Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. Check out & subscribe to Recorded Future’s free intel daily. We read it every day. If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper. JHUISI & partner COMPASS Cyber present Cyber Security Conference for Executives on September 19th in Baltimore. Register for the event. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear that Turla's using some sophisticated code against diplomatic and defense industry targets. OurMine hackers use DNS poisoning against WikiLeaks, but WikiLeaks opens up Vault7 anyway: this week it's "Angelfire." Accused US Intelligence Community leaker Reality Winner wants her initial statements to investigators suppressed at trial. House of Cards leaks stories and other material related to the TV show. A quick patching update. Insecure APIs take a toll on Instagram and the FCC. Emily Wilson from Terbium Labs with her thoughts on the closure of Alpha Bay. Mike Kearney from Deloitte on predictive reputation protection. And what's up with Rick and Morty? Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. Check out & subscribe to Recorded Future’s free intel daily. We read it every day. If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper. JHUISI & partner COMPASS Cyber present Cyber Security Conference for Executives on September 19th in Baltimore. Register for the event. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear warnings against taking the Hurricane Harvey phishbait. The IRS says that email telling you to download a questionnaire and return it to the FBI isn't from them. Why you really don't want that tutorial in tumbling Bitcoin. Sources accuse North Korea of stealing cryptocurrency. Trickbot is back, and it's swiping Bitcoin. The ransomware strain in Scottish hospitals was Bit Paymer. More than 700 million email addresses found in the Onliner spambot. UK retailer suffers breach. St. Jude pacemakers get a firmware patch. Robert M Lee from Dragos on cutting through the hype. Joseph Loomis, promoting the upcoming IR17 event. And some industry notes. Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. Check out & subscribe to Recorded Future’s free intel daily. We read it every day. If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper. JHUISI & partner COMPASS Cyber present Cyber Security Conference for Executives on September 19th in Baltimore. Register for the event. Learn more about your ad choices. Visit megaphone.fm/adchoices

Having a set of standards by which to measure your security organization, being able to compare your security posture to other organizations, and being able to justify your choices to investors and insurance firms are all worthwhile goals? It’s beneficial to have widely agreed upon standards of care and measurement in cyber security, to help know where you stand, where there’s room for improvement, and what’s important to you. That’s where frameworks come in, and the NIST cybersecurity framework is one of the most popular in the cybersecurity industry. In this CyberWire special edition, we’ll examine frameworks in general and the NIST cybersecurity framework specifically, to see if adopting them is worth the time, energy and expense it takes. Joining us are Rick Tracy, Chief Security Officer for Telos corporation, Rafal Los, Managing Director of the Solutions and Programs insight group at Optiv Security, and Matt Barrett, Program Manager for the Cyber Security Framework at NIST. Stay with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear reports of cyberespionage against both India and Pakistan—some unknown third nation-state is said to be responsible. NHS Lanarkshire hack confirmed as ransomware. Notes on Hancitor malware, WireX Android DDoS botnet discovered and taken down by an industry consortium. BGP fumble hit Japan's Internet, not hackers. Hurricane Harvey and Game of Thrones phishbait in circulation. Justin Harvey from Accenture on open source threat intelligence. Avi Reichental from XponentialWorks on security issues with implantable data devices. And no, not that GPS. Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. Check out & subscribe to Recorded Future’s free intel daily. We read it every day. If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper. JHUISI & partner COMPASS Cyber present Cyber Security Conference for Executives on September 19th in Baltimore. Register for the event. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that the USS McCain collision appears to unrelated to any cyberattack, but observers warn of ICS security issues as maritime cyber concerns rise. WikiLeaks' ExpressLane Vault7 dump raises concerns in India. Telnet credentials for Internet-of-things devices exposed; security experts work to close this DDoS risk. "Defray" ransomware being distributed with unusually precise and plausible spearphishing. A ransomware attack disrupts some healthcare services in Scotland. Acquisition news in the cyber sector. Ben Yelin from UMD CHHS on web sites logging form submissions even before you hit the “submit” button. And Iranian information operations seem to be piping the devil's tune (more or less literally, from Tehran's official point-of-view). Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. Check out & subscribe to Recorded Future’s free intel daily. We read it every day. If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper. JHUISI & partner COMPASS Cyber present Cyber Security Conference for Executives on September 19th in Baltimore. Register for the event. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear about how the four C's have come together: clouds, crooks, cheats, and crypotcurrencies. Locky continues to circulate in evolved forms. WikiLeaks dumps some curious alleged liaisonware documents from Vault7. Russian sources report that FSB officers facing treason charges in Moscow may have given up some connected hackers to the Americans. The FBI makes an arrest in the OPM breach. The Daily Stormer is way offline, but ISIS and its parasitic slave-trading gangs are decidedly online. Dale Drew from Level 3 Communications with some threat intelligence on phishing and malware. Guest is Nicole Eagan, CEO of Darktrace. And another consequence of NotPetya seems to be a pet food shortage. Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper. Your patient data depends on incident response plans. Prepare with DeltaRisk's webinar. JHUISI & partner COMPASS Cyber present Cyber Security Conference for Executives on September 19th in Baltimore. Register for the event. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we consider the way in which two potential state cyberattacks are now looking more like, respectively, an accident and a conventional crime. US Government officials double-down on warnings of Kaspersky connection to the Kremlin, and Australia's Government isn't buying Huawei's protests that it's not working for the PLA, either. Ropemaker attacks could inject malicious code into email after it's been delivered. Joe Carrigan from JHU on medical device security legislation. Christopher Pierson from Viewpost with observations from DEFCON. Some teasers on the Chertoff Group's Security Series. Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper. Your patient data depends on incident response plans. Prepare with DeltaRisk's webinar. JHUISI & partner COMPASS Cyber present Cyber Security Conference for Executives on September 19th in Baltimore. Register for the event. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that Ukraine is worried about cyberattacks in conjunction with tomorrow's independence day holiday. The US Navy investigates the possibility of cyberattack in this week's Malacca Straits collision, but that possibility may be fading. Zscaler finds more malicious apps in Google Play. New York State's Department of Financial Services' cyber regulations begin to take effect Monday. Delaware is also stepping up data security regulations. Johannes Ulrich from the SANS Technology Institute and the ISC Stormcast podcast on hacks to Uber driver accounts. Tony Dahbura from JHU promotes their upcoming Cyber Security Conference for Executives. And ISIS continues its inspiration online as police in many countries scramble to follow the Caliphate's messaging. Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper. Your patient data depends on incident response plans. Prepare with DeltaRisk's webinar. JHUISI & partner COMPASS Cyber present Cyber Security Conference for Executives on September 19th in Baltimore. Register for the event. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear about maritime hacking worries, with potential risks to navigation, cargo handling, and manifest data. Another misconfigured AWS S3 bucket exposes business data. "Mr. Smith" says he's going to release the Game of Thrones season finale. The UK's NHS may have been breached. Google pulls 500 backdoored apps from the Play store. Fear of robots. Fileless cryptocurrency miner installed through EternalBlue. Jonathan Katz from UMD on separating science from snake oil. Dan Larson from CrowdStrike on incident response for zero-days. Scareware scares web surfers. Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper. Your patient data depends on incident response plans. Prepare with DeltaRisk's webinar. JHUISI & partner COMPASS Cyber present Cyber Security Conference for Executives on September 19th in Baltimore. Register for the event. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that GCHQ may have known about the FBI's intentions to arrest Marcus Hutchins even before Hutchins departed England for Black Hat. A Chinese oil production field is thought to have sustained some sort of cyber incident similar to those involving NotPetya. US Cyber Command receives elevated status—it's now the tenth Unified Combatant Command. Ukrainian authorities warn that country's financial sector to expect a new wave of cyberattacks. Turla is back, inviting you to the G20 meetings. GPS spoofing fears rise. Dealing with extremism online. Palo Alto Networks' Rick Howard on the fading popularity of the Rig exploit kit. And another initial coin offering is hacked. Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper. Your patient data depends on incident response plans. Prepare with DeltaRisk's webinar. JHUISI & partner COMPASS Cyber present Cyber Security Conference for Executives on September 19th in Baltimore. Register for the event. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that ransomware strains, old and new, are circulating in the wild. ShadowPad backdoors are tentatively attributed to Chinese espionage operations in the supply chain. A hacker releases the decryption key for Apple's Secure Enclave. Profexor may actually not know much about Fancy Bear's romp through the DNC. Another misconfigured AWS bucket exposes data on voters in Chicago. The difficulties of countering extremism online. Malek Ben Salem from Accenture Labs on the cloud security maturity model. Joseph Carson from Thycotic on the evolution of phishing campaigns. The FBI has a roadshow warning companies of the risks of using Kaspersky security products. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that Holyrood is defending itself with some success against email brute-forcing. India's national ID system compromised, again. ShadowBroker-leaked exploits continue to do damage. Hijacked Chrome extensions prove difficult to eradicate. New variants of Locky and other ransomware are out. "Pulse wave" DDoS attacks are observed. Researchers find DDoS-as-a-service for sale in Chinese online souks. Governments express suspicion of foreign IT. Extremist site loses hosts, but its content will go on, even as opposing vigilantes mistakenly dox innocent targets. Emily Wilson from Terbium Labs with thoughts from Black Hat and shifting awareness of the dark web. Brad Stone from Booz Allen on a recently released report on NotPetya. And OurMine hijacks HBO social media accounts. Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper. Your patient data depends on incident response plans. Prepare with DeltaRisk's webinar. Domain Tools leverages both human and machine intelligence to expose malicious infrastructure. Learn more in their white paper. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear about a new draft of NIST SP 800-53. There's been an attempt to brute-force email credentials in Scotland's Parliament. Fancy Bear's romp through high-end hotel Wi-Fi suggests the Equation Group leaks will be with us for some time. "Mr. Smith" remains at large, and still wants to be paid. Trickbot uses unusually convincing counterfeit sites. PowerPoint malware vectors may be part of a criminal test. NetSarang urges swift patching of a backdoor in its software. Extremist inspiration persists. Ben Yelin from UMD CHHS on privacy concerns with robot vacuum cleaners. Guest is Jeff Pederson from Kroll Ontrack, a data recovery firm, with tips on data recovery.And some guy in Nigeria with more moxie than skills is behind a big business email compromise campaign. Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper. Your patient data depends on incident response plans. Prepare with DeltaRisk's webinar. Domain Tools leverages both human and machine intelligence to expose malicious infrastructure. Learn more in their white paper. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that the Lazarus Group is back, and now they're phishing in English. The Daily Stormer gets the boot, but companies and governments continue to struggle with developing appropriate responses to extremist content. Google has swiftly cleaned up SonicSpy, but the malware is still circulating outside the Play store. Indian police make four arrests for HBO hacking, but none of them are related to "Mr. Smith." Marcus Hutchins is out on bail and preparing for an October trial. DJI drones get a peacemaking makeover. Justin Harvey from Accenture on prepping for destructive attacks. Jeff Schumann CEO of Wiretap on vulnerabilities in messaging technologies like Slack and Yammer. And one weird trick to recognizing that a call is a help desk scam. Ready? It's this: they called you. Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper. Your patient data depends on incident response plans. Prepare with DeltaRisk's webinar. Domain Tools leverages both human and machine intelligence to expose malicious infrastructure. Learn more in their white paper. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear about online reactions and hacks in response to the Charlottesville rioting and homicide. Operation #LeakTheAnalyst releases another, smaller, set of documents. The ShadowBrokers get some poor customer reviews for their Exploit-of-the-Month Club. Reputation matters in the dark web souks. More HBO leaks (but no new messages). Google ejects SonicSpy-infected apps from the Playstore. Oxford researchers describe Android library collusion attacks. Robert M. Lee from Dragos on recent incursions into the Irish and UK power grids. And fellow security researchers can't believe Marcus Hutchins would wittingly do what the Feds accuse him of. Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper. Your patient data depends on incident response plans. Prepare with DeltaRisk's webinar. Domain Tools leverages both human and machine intelligence to expose malicious infrastructure. Learn more in their white paper. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that Mr. Smith turned down HBO's offer of a $250,000 bug bounty. Fancy Bear uses EternalBlue tools against hotel Wi-Fi networks. Argument over who leaked DNC emails last year flares again. New versions of Locky and Mamba ransomware circulate in the wild. The US Department of Defense is ready to use rapid acquisition to buy cyber tools and services. The FBI says a Maryland man used eBay and PayPal to receive ISIS funds for possible terror activity. Ukraine makes an arrest in the NotPetya case. David Dufour from Webroot on basic cyber hygiene. Barmak Meftah, President & CEO at AlienVault, with his thoughts on the state of the industry. And WikiLeaks dumps video intercept tool CouchPotato. Supported by E8 Security, Johns Hopkins University, and Domain Tools. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we learn that EU election monitors say Kenyan presidential voting went off without hacking (the losing opposition disagrees). Germany looks toward securing September's vote. North Korea receives cyber attention from somewhere in the civilized world. Ukraine's postal service sustains a two-day DDoS attack. WannaCry and NotPetya pseudoransomware fallout. Spyware-infected apps found in the Google Play Store. Jonathan Katz from UMD on a RSA 2048 encryption hack. Markus Jakobsson from Agari on a proposed cyber threat classification system. "Mr. Smith" comes to Midtown, and he wants a raise from Richard. Supported by E8 Security, Johns Hopkins University, and Domain Tools. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that Patch Tuesday saw Windows and Adobe fixes. Venezuela's civil conflict gets a hacktivist dimension. Anti-Israeli wiper malware is circulating in the wild, unpolished by nasty. Kaspersky Lab expects to see more pseudoransomware, especially when disruption and not profit is the goal. The KONNI RAT, of unknown origin sniffs at sites associated with North Korea. The HBO hack remains under investigation. Putin turns his attentions to Georgia. Johannes Ulrich from the SANS Technology Institute and the ISC Stormcast podcast on weak two-factor authentications systems. Tim Erlin from Tripwire on their Infosecurity Europe 2017 survey. And familiar password advice gets jettisoned. Supported by E8 Security, Johns Hopkins University, and Domain Tools. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear about a security incident at EirGrid, a misconfigured server in Texas, and a demonstration of photovoltaic system hacking prompt power grid security concerns. Update on the Mandiant employee hack. "Mr. Smith" holds HBO for ransom (but says, no, he's really a good guy). Shipping industry looks for GPS backup capability, and shippers not hit by NotPetya enjoy an increase in business. Google patches ten Android remote-code execution vulnerabilities. Joe Carrigan from JHU on Facebook and Google eavesdropping conspiracy theories. Juan Perez-Etchegoyen from Onapsis on Oracle business app vulnerabilities . NIST issues a Cybersecurity Workforce Framework. Supported by E8 Security, Johns Hopkins University, and Domain Tools. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that the US Army bans, immediately, all use of DJI commercial-off-the-shelf drones. We discuss two known unknowns and offer some background on Defense acquisition practices. Amazon will begin scanning AWS customers' buckets for publicly accessible data. Dale Drew from Level 3 Communications offers his view on hacking back. White hat hackers offer recommendations for election security. And Marcus Huchins, a.k.a. MalwareTech, pleads not guilty to Kronos-related charges and makes bail. Supported by E8 Security, Johns Hopkins University, and Domain Tools. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that security researcher MalwareTech has been arrested as the alleged author of the Kronos banking Trojan. Carbanak hoods release "Bateleur" into the wild, phishing in chain restaurant waters. A long DDoS attack in China seems aimed at extortion. German elections prepare for Russian influence operations, but the novelty may have worn off Moscow's line. US states and DHS work toward cooperative cybersecurity. Emily Wilson from Terbium Labs on dark web gun sales. William Saito on Japan’s cyber security preparations for the upcoming Olympics. The FBI is investigating the HBO hack. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that WikiLeaks has dumped "Dumbo" project documents. Separation of agencies as a way of rendering leaks less likely. HBO's hack is getting bigger, apparently. Group IB outs members of the United Islamic Cyber Force to Interpol. Cerber goes after Bitcoin. WannaCry ransom payments are being moved, perhaps laundered. Lawsuits loom over NotPetya as more companies warn the malware had a material effect. The FBI says you can't exercise your right to be forgotten by DDoS. Election fraud in Venezuela. Markus Rauschecker from UMD CHHS on large companies like FaceBook and Google being vulnerable to privacy and antitrust concerns. Jim Pflaging from the Chertoff Group, promoting their upcoming Security in the Boardroom event, speaking to the role of the board director when it comes to cyber security.And your guests can eavesdrop on you through your Amazon Echo. (But why would you have those people over anyway?) Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we following up on some of the stories we've been tracking: the latest on Operation #LeakTheAnalyst, firmware spyware in down-market phones, Sweden's big breach, and Ukraine's new cyber friends. BrickerBot is back, offering Indian routers and modems unwelcome help. The US Senate considers IoT security legislation, and the US Justice Department issues a framework with guidelines for bug-hunting programs. Bitcoin's hard fork occurred yesterday. Robert M. Lee from Dragos, on ICS attack basics. David Murray from Corvil on security in the financial markets. And why people care about the HBO hack. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear about the HBO hack, and the exposure of episodes and scripts Operation #LeakTheAnalyst targets individual security researchers. Election hacking: machines, databases, and public opinion are all targets. The UK's Home Secretary wants Silicon Valley to rethink strong encryption. Russia, like China, is clamping down on virtual private networks. The BTC-e Bitcoin exchange is shut down amid allegations of money laundering. Awais Rashid from Lancaster University on developing a security culture. Michael Janke from Data Tribe on his efforts to stand up the National Institute of Digital Security. And write this 500 times: "I will not mine Bitcoin on my school computer." Learn more about your ad choices. Visit megaphone.fm/adchoices

Black Hat 2017 has wrapped up, and by all accounts it was another successful conference, with an active trade show floor, exciting keynotes and engaging, informative educational sessions on a variety of topics. There was business being done, with hopeful entrepreneurs and investors alike looking to identify the next big thing in cyber security. In this CyberWire special edition, we’ve rounded up a handful of presenters and one investor for a taste of Black Hat, to help give you a sense of the event. Patrick Wardle is Chief Security Researcher at Synack, and creator of objective-see, an online site where he publishes the personal tools he’s created to help protect Mac OS computers. He’ll be telling us about his research on the FruitFly malware recently discovered on Mac OS. https://objective-see.com/ Hyrum Anderson is technical director of data science at Endgame, he will discuss research he released on stage at Black Hat showing the pros and cons of using machine learning from both a defender and attacker perspective. https://www.endgame.com/our-experts/hyrum-anderson Zack Allen, Manager of Threat Operations, and Chaim Sanders, Security Lead, of ZeroFOX will be speaking about their Black Hat presentation on finding regressions in web application firewall (WAF) deployments. https://www.linkedin.com/in/zack-allen-12749a76 https://www.linkedin.com/in/chaim-sanders-a7a23713/ And we’ll wrap it up with some insights from Alberto Yepez, founder and managing director of Trident Cybersecurity, on the investment environment and the changes he’s seen in the market in the last year. https://www.linkedin.com/in/albertoyepez/ Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear that US investigators are looking for a disgruntled former insider in the ShadowBrokers case. Operation #HackTheAnalyst claims to have doxed a threat intelligence analyst. Electrical utilities look to their defenses. Trickbot gets wormy. NotPetya continues to have material effect on its corporate victims' earnings. Sweden's government shaken by its data breach. ISIS loses brick-and-mortar presence; may be moving online. Ransomware's lethality to small businesses may be exaggerated. And how do you fund a nuclear program? Malek Ben Salem from Accenture Labs, on their work developing a global ID system for refugees. From Pyongyang, Texas Hold 'Em looks like a good bet. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we learn that WikiLeaks has dumped Vault7 documents attributed to the CIA. Russian catphish are said to have nibbled at French President Macron's campaign. North Korea mines Bitcoin. Malware warnings include a banking Trojan and two malicious Android apps. NotPetya's effect on TNT is said to have hit small businesses hard. MedSec has no regrets, and says it would short St. Jude again. The Pwnie Awards have been given at Black Hat. Justin Harvey from Accenture on recent waves of auto-propagating malware. Edna Conway from Cisco on third party risks. And the ShadowBrokers are back. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear there's a new catphish out in the wild: meet Mia Ash. WikiLeaks throws shade by dumping UMBRAGE from Vault7. Germany braces for hacking by Russia, China, and Iran—especially by Russia. Google kicks unwelcome intercept tool Lipizzan out of the PlayStore. WhatsApp scammers phish for banking credentials. Business disruption kills small businesses in ransomware attacks, not the ransom itself. Facebook makes a plea for culture change. Ben Yelin from UMD CHHS on allegations the FBI was paying the Geek Squad to ferret out illegal content on computers brought in for service. Neill Feather from SiteLock dispells the notion that small businesses can rely on security by obscurity. And there are enough anti-drone products out there to make Wyle E. Coyote max out his Acme loyalty card. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear about a Symantec study that shows APTs use some pretty buggy tools. Juche may not extend to the Internet, at least for Pyongyang's leaders. Iran's CopyKitten is characterized as unsophisticated but nonetheless effective. Mac users awakened by Fruitfly—the FBI is investigating. Adobe tells us to begin saying our goodbyes to Flash. Jonathan Katz from UMD on recent experiments with quantum cryptography. Stewart Kantor from Full Spectrum on protecting utility companies by using private RF (radio frequency) networks. And some notes from Vegas, because what goes on in Vegas doesn't stay there. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that hundreds of enterprises may be oversharing on Google Groups. Wells Fargo works to recover from botched e-discovery. Energetic Bear may be back, with some cunning phishbait. Pravda says Russians feel strange new respect in cyberspace. The CopyKittens appear to be Persian cats. Another Ethereum ICO is pilfered, but, contrary to expectations, the White Hat Group looks like a genuine group of white hats. Emily Wilson from Terbium Labs wonder what qualifies at personal information on the Dark Web. FICO's Doug Clare outlines scoring your cyber security posture. And some notes from Vegas. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear about the wisdom of attending to your AWS Access Control Lists. Wells Fargo data leaked in the course of e-discovery. NotPetya fallout and investigation. The Islamic State's presence in cyberspace is getting a bit threadbare. Fruitfly has been buzzing through Macs, quietly, for a decade. Palo Alto Networks' Rick Howard describes a new security framework. Other dark web souks are poised to take the place of Alpha Bay and Hansa Market. And Ocean's 11 meet the IoT. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear about an international raid that took down the illicit Hansa Market—which, it turns out, the Dutch National Police had covertly taken over for about a week. Recovery from WannaCry and NotPetya continues its long slog. Banking malware is on the rise in the wild. Studies warn of power grid vulnerabilities. Devil's Ivy infests security cameras in the IoT. Digital Shadows offers a look at hackers' black markets and see similarities to the drug trade. Our newest partner Robert M. Lee from Dragos introduces himself and the ICS work he does. Guests are Leslie P. Francis and John G. Francis, coauthors of the book, “Privacy - What Everyone Needs to Know.”And our congratulations to Dr. Whitfielf Diffie, the newest Fellow of the Royal Society. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we discuss a reminder from Amazon Web Services is timely: check your cloud's configuration. Hacks now seem to affect revenue for years. A rundown of some new threats and vulnerabilities. Apple issues security patches for iOS, MacOS, and Safari. Oracle fixes more than 300 bugs. Dale Drew from Level 3 Communications on the responsibilities of ISPs. Chris Ensey from Dunbar Cyber Security, on the roles states play in creating an environment for innovation and success in cyber security. And forget Mayweather-Macgregor—the pay per view we'd sign up for is Putin-Wittes. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear about how another tippy AWS S3 bucket spills its contents over the Web. The FedEx 10-K report indicates it may never fully recover systems and data hit by NotPetya. Virus hides in Game of Thrones torrent. Harvard's Belfer Center wants to secure electronic voting. Departments of Commerce and Homeland Security consider moonshot research to take out botnets. M&A and venture funding notes. Justin Harvey from Accenture on fileless malware. Robert Hamilton from Imperva Incapsula on DDoS attacks on video game servers. And an initial coin offering gets hacked. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear more on how Qatar has accused the UAE of hacking, and vows legal retribution—all on the strength of a Washington Post story. UAE says it didn't do it. Warnings about vulnerabilities in commonly used IoT code. Markus Rauschecker from UMD CHHS on Facebook running afoul of European privacy laws. Tina Ladabouche, NSA GenCyber Program Manager, on the NSA’s GenCyber program, supporting summer camp programs. FBI warns of risks inherent in Internet-connected toys. And people really, really don't read those EULAs. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear that Qatar has accused the United Arab Emirates of a hacking and disinformation campaign—the UAE deny it. Russia's Foreign Ministry says it was hacked. Russia-experts in the US said to be receiving unwelcome attention from possible state intelligence services. Deterrence and confidence building measures remain works in progress in cyberspace. Ransomware and click-fraud combined in a single criminal campaign. Macs attacked by banking credential stealing malware. Johns Hopkins' Joe Carrigan reviews educational options for aspiring cyber security pros. Twitter bots driving traffic to dodgy adult sites. And Ashley Madison proposes a settlement for its 2015 breach. Learn more about your ad choices. Visit megaphone.fm/adchoices