CyberWire Daily

In today's podcast, we hear that WikiLeaks dumps another alleged CIA cyber manual from Vault7. Cyberwar is the continuation of war (and therefore policy) by other means. Counting the cost of NotPetya. AWS S3 misconfigurations could happen to the best of us (but need not). Chasing innovation in the UK and the US. AlphaBay taken down in international police operation. Rick Howard from Palo Alto Networks on their new initiative with the Girl Scouts for cyber security merit badges. Raj Samani, chief scientist from McAfee, on NotPetya. And what kind of bait is best for phishing? Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear about signs that NotPetya was covering up a broad espionage campaign. State-sponsored hacking seems, when not simple spying, to aim at eroding trust. Verizon suffers a major customer data breach said to derive from a vendor's misconfiguration of an Amazon S3 bucket. Industry notes—venture funding and an acquisition. David Dufour from Webroot on homoglyph attacks. Thomas Jones from Bay Dynamics on federal agencies being required to submit a Framework Implementation Action Plan. Singapore will license white hats. And Russia wants you properly signed into adult sites. Or, at least, one of them, anyway. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we share some Patch Tuesday notes: Microsoft and Adobe both offer updates. Kremlinology goes cyber as infrastructure attacks remain under investigation. A cyber company emerges from stealth. The US General Services Administration removes Kaspersky Lab from Schedule 70. Election influence investigations turn to the question of Russian opposition research. Jonathan Katz from the University of Maryland explains a side-channel attack on 1024-bit encryption. Cisco's Jennie Kay wants to ease your trade show anxiety with a helpful webinar. And, Sheriff of Nottingham, call your office, because Robin Hood was no winker. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear about how Russia has apparently been phishing in the North American and European power grid. NATO has had about enough of that. There will be no US-Russian joint cybersecurity effort. The Adwin RAT is back, and seeking to socially engineer its way into aerospace company networks. Election hacking investigation updates. Industry notes, including both venture and M&A news. Level 3 Communications' Dale Drew provides an update on botnets. Ntrepid's Lance Cottrell describes online ad tracking technology. And BYOD can pose a threat, especially when the device your rogue employees are bringing is an off-the-books server. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we discuss some answers to two Russian claims. No, Russia and America won't be linking up in a cyber alliance. And no, no one at the G20 meetings actually bought the line about election hacking retailed there by President Putin and Foreign Minister Lavrov. NotPetya recovery continues. Android infestations in the wild. US power plants warned to be alert for cyberattack. Criminals compromise self-service food kiosks; others phish with official-looking Australian emails as bait. Ben Yelin from UMD CHHS reviews license plate reader laws. ISIS adopts misspelling as a form of OPSEC. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that NotPetya still looks like a Russian campaign to Ukrainian authorities, and experts remain skeptical that affected data can be recovered. Companies warn that NotPetya may have a material effect on earnings. WikiLeaks dumps Gyrfalcon and BothanSpy documents from Vault7. Johannes Ulrich from SANS and the ISC Stormcast Podcast on no SQL database security. Andy Greenberg, senior writer at WIRED, on his July 2017 issue cover story on Ukraine cyberwar. And pro wrestling fans now have something in common with registered voters, data.gov.uk, and the National Geospatial Agency. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear about the Ukrainian police raid on Intellect Service and their seizure of M.E. Doc servers. Ukraine's Interior Ministry says this stopped a second wave of NotPetya. Affected companies continue to recover from the NotPetya infestation. US Cyber Command prepares to parry hybrid warfare. Spyware campaign hits Chinese-language news services. The EU considers adopting a "right to repair." Joe Carrigan from the Johns Hopkins University ponders always-on cameras. Dan Larson from CrowdStrike on fileless attacks. Medical information-sharing runs into problems in the UK. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear how affected enterprises are restoring services after last week's NotPetya pandemic. Maersk's experience prompts some introspection in the logistics sector. Ukraine prepares to charge ME Doc's maker with criminal negligence for allowing the infection to take hold. NotPetya tied to BlackEnergy and thence to a "state actor" (NATO's not saying it's Russia, but Ukraine is). Awais Rashid from Lancaster University looks at the anatomy of recent attacks. Haiyan Song from Splunk on a recent IDC report, “Investigation or Exasperation? The State of Security Operations.” FSB certificates allegedly express links between FSB and Kaspersky. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that recovery from Petya/Nyetya/NotPetya proceeds—and it's not ransomware. Ukraine says Russia's responsible. US warnings of cyberattacks on nuclear power plants may have been premature. NATO members consider when to invoke Article 5 in cyberspace. Islamist inspiration and other political discontents continue to prompt content screening in Europe. Europe is also in punitive mood with respect to regulation. Kaspersky says it will show the US its source code if that's the cost of doing business. Markus Rauschecker from UMD CHHS describes a novel use of kidnapping insurance. And, hey, Lords and Commons: that's not really Windows support asking for your password. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear that Petya/Nyetya/NotPetya is almost certainly a wiper, and not ransomware after all. Ukraine blames Russia, but whoever did it had EternalBlue before the ShadowBrokers leaked it. WikiLeaks Vault7 disgorges OutlawCountry, a Linux attack tool. The ShadowBrokers raise their rates. Emily Wilson from Terbium Labs with research on fraud guides on the dark web. Guests are Drew Gidwani, Director of Analytics at ThreatConnect, and Andy Pendergast, VP of Product & Co-Founder at ThreatConnect, speaking about the findings of a recent SANS Survey on Security Optimization. Russia calls for international cooperation to stamp out cybercrime. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear that the current Petya/Nyetya/NotPetya outbreak down deep doesn't look like ransomware, but a wiper, and a nasty one at that—probably a cyber warfare campaign. How are these three things alike: shipping, manufacturing, and Big Law? The ShadowBrokers are back, and WikiLeaks' Vault7 disgorges what looks like a creepy stalking tool. Other non-Petya ransomware attacks. Rick Howard from Palo Alto Networks explains the importance of capture-the-flag competitions. And officialdom seems to cling bitterly to Windows XP. Learn more about your ad choices. Visit megaphone.fm/adchoices

The IoT, or Internet of Things, broadly defined is the collection of physical objects with IP addresses, connected to the internet. From consumer devices like security cameras, DVRs, and smart thermostats to industrial control systems and autonomous cars, the IoT offers potential for both opportunity and vulnerability. In the first half of this CyberWire Special Edition, we speak with IoT experts Katie Curtin, director of IoT cyber security product management for AT&T, and Chris Poulin, Principal at Booz Allen Hamilton, where he leads internet of things security strategy for their strategic innovation group, as well as their industrial control group. They provide their take on the current state of the internet of things for consumers, enterprise, industrial control and even self-driving cars. In the second part of our program, we examine third party risk. Ponemon Institute recently released an independent research report titled, “The Internet of Things - a New Era of Third Party Risk.” Dr. Larry Ponemon is the chairman and founder of Ponemon Institute, and he’s going to take us through some of the report’s findings, but first we’ll hear from Gary Roboff, a senior advisor at Shared Assessments and their Santa Fey group, who were the sponsors of the report. Learn more about your ad choices. Visit megaphone.fm/adchoices

Today we speak at length with Tanium's Chief Security Architect on tracking the Petya ransomware pandemic. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear that another ransomware pandemic has broken out—this one looks more sophisticated and dangerous than WannaCry. Ukraine is again the center, but it's moving out fast. Notes on the Parliament email hack in the UK. Accenture's Justin Harvey explains destructive malware. IBM's David Jarvis advocates an adoption of a "new collar" recruiting strategy. And ISIS isn't doing much cyber damage, but its hacktivist sympathizers are really tugging on Superman's cape. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that the UK's Parliament recovers from a brute-force attack. Reports on election hacking in the US suggest there was some American cyber retaliation last year against Russian influence operations. BlackTech goes after intellectual property in East Asia. Windows Defender gets a patch, but Windows 10 source code leaks. Fireball malware's extent is disputed. ISIS hacktivists deface websites associated with the government of the State of Ohio. Webroot's David Dufour offers thoughts on phishing. And how much can we count on common sense? Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear about how Brutal Kangaroo has hopped out of Vault 7—don't let it poke your device with a thumb drive. Big data leaks wind up being traded on the black market. The dangers of careless configuration of an S3 bucket. Ransomware remains pricey. It can also serve as misdirection. Dale Drew from Level 3 Communications shares lessons from WannaCry. Darron Gibbard from Qaulys offer his take on the EU's GDPR. Software companies receive and respond to code audit requirements as a condition of doing business in Russia. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear that WannaCry's still here—just ask Honda and the Australian state of Victoria. North America and Europe work to secure their grids against CrashOverride. The US Congress hears testimony about Russian election influence ops: they didn't change the vote, but did they ever shake people up. Business email compromise scams hook sophisticated victims. The Queen's Speech says that, whatever else Brexit may mean, it won't mean a GDPR exit. Johns Hopkins University's Joe Carrigan review the ease of listening in on RF traffic. Asaf Cidon from Barracuda Networks on the increased threat from ransomware. And what's all this about CISOs and root canals? We didn't know that was an alternative to bearing bad news to the Board. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that nation-state influence operations against elections prompt investigation, introspection, and policy studies. We also hear about the implications of a major voter database exposure in the US, and about what might be done to mitigate such risks. Lancaster University's Awais Rashid shares research on security stakeholder biases. Arlen Frew from Nominum on small business vulnerabilities. Leaks from intelligence services seem to be inflicting collateral damage on Internet users as they find their way into criminal hands. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that some believe they've seen the Professor Moriarity behind 2017's Android malware outbreak. Erebus is back, and this time it's in Linux. Mirai may be about to become more resistant to cleaning. Crytpo wars flare in the UK and EU as terror investigations proceed. A quick look at SINET's Innovation Summit. Raytheon's DHS cyber contract survives challenge. CrashOverride looks to a lot of experts like a proven cyber weapon. Ben Yelin from UMD CHHS discusses a "right to know" privacy law. Perspectives on attribution from John Brick of the DNG-ISAC. And did the dog eat the Fort's homework, or did some Bear feed said homework to the dog? Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that Google is in an "uphill battle" against adware infestation of the PlayStore. GCHQ seems to agree with NSA, which seems to think WannaCry was a North Korean caper. Big data firm leaves voter data exposed on an Amazon S3 account. GCHQ says the Russians didn't disrupt the recent UK elections. Dr. Charles Clancy from VA Tech's Hume Center describes methods for preventing another Dyn-style attack. Two hackers sentenced, one in Pennsylvania, the other in East Anglia, one for the vengeance and one for the lulz. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that WikiLeaks has dumped more of Vault7. More attribution of WannaCry to North Korea, where Hidden Cobra and the Lazarus Group appear to be one and the same. FIN10 cybercriminals are asking US and Canadian businesses for a big payoff to head off a big doxing. Conventional ransomware hits British universities. Kasperky and Avast release free decryptors for Jaff and EncrypTile. Markus Rauschecker from UMD CHHS reviews China's new cyber laws. Jocelyn Aqua from PwC describes attitudes toward AI. The ISAC process seems to be working. And patch early, patch often. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that the FBI and the Department of Homeland Security have warned that Hidden Cobra actively pursuing DDoS campaigns. Microsoft patches remaining ShadowBrokers' exploits, even in deprecated systems. The US Congress votes to sanction Russia for election influence operations. Those operations have a long, long history, going back to the 1930s at least. Electrical and natural gas sectors work to protect themselves against CrashOverride. Emily Wilson from Terbium Labs reminds us not to forget the basics. Michael Callahan from Firemon shares survey data suggesting that IT pros spend too much time fixing their coworkers personal devices. Mergers and acquisitions seem to be followed by layoffs—Hexadite is said to be the latest case. Learn more about your ad choices. Visit megaphone.fm/adchoices

Robert M Lee from Dragos provides an overview of CrashOverride. A quick look at yesterday's Patch Tuesday. Some of the fixes even reached back into Windows XP's unquiet grave. Terrorist information operations are increasingly sustained by cryptocurrency funding. Accenture's Justin Harvey reviews automation and orchestration. Russian intelligence may have been more active probing US state election systems than previously thought. Fake-news-as-a-service is now a black-market offering. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that CrashOverride looks like a power grid threat, and industry and government are taking it seriously. Cyber operations against ISIS are proving better at collection than disruption. Criminals are exploiting vulnerable Samba instances to spread cryptocurrency mining software. NSO Group has put itself up for sale, valued at more than a billion dollars. Well-informed observers of a civil libertarian bent think botnets don't have First Amendment rights. Johannes Ulrich from from SANS and the ISC Stormcast Podcast on IPV6 security. Kirsten Bay from Cyber adAPT on Wannacry and the importance of a detection-led approach. And if you wondered about that airport laptop ban, here's the rest of the story. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that Dragos and ESET are bringing some clarity—and some bad news—to investigation of December 2016's Ukrainian power-grid hack. Qatar and its neighbors try to sort out hack-induced diplomatic troubles. DoubleSwitch social media malware hijacks dissidents' accounts. CertLock impedes removal of unwanted programs by security software. MacSpy and MacRansom appear as malware-as-a-service offerings. AMT vulnerability exploited in the wild. David Dufour from Webroot explains why attribution is so difficult. Robert Rodriguez from SINET describes the upcoming Innovation Summit 2017. China arrests twenty-two for trading in stolen iOS user data. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear that whatever else former FBI Director Comey told the Senate, one thing is clear: he's convinced the Russian are fully committed to influence operations, and that they'll be back. More on disinformation and hacking in Qatar. Fresh malware surfaces in the Android ecosystem—some but not all has been booted from the PlayStore. Mousing over a malicious hyperlink can now be an infection vector. Cryptocurrencies, money transfer, and money laundering. Ben Yelin explains Florida money laundering legislation aimed at Bitcoin. Will Ackerly from Virtru discusses privacy and the right to be forgotten, online. GDPR and some thoughts on the distinctions among anonymity, privacy, and security. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that Qatar remains in bad odor with its neighbors over a recent online provocation. (Russia denies any involvement.) Anomali talks about influence operations, especially with respect to elections, where they may be moving from doxing to disinformation. Leaks about election hacking shouldn't turn you off to multifactor authentication—it's not the technology; it's us. Former FBI Director Comey testifies before the Senate Intelligence Committee. Level 3 Communications' Dale Drew review health care security stats. Drew Paik from Authentic8 shares vacation traveling tips. And a lesson from the NSA leak arrest: assume the boss is watching. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we say farewell to a legendary coder, and we also remember the Battle of Midway. Influence operations in the Gulf may have been Russian. Alleged leak of NSA report on election hacking proceeds. Two new data breaches are disclosed. A script kiddy is arrested in Japan for writing and distributing ransomware. EternalBlue remains a risk. Johns Hopkins' Joe Carrigan reviews research on cracking mobile device passwords using accelerometers. Eliana Schwartz describes the Cybertech Fairfax conference. Turla resurfaces, and they've new backdoors and everything. But what's their thing with Britney Spears? Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear about a leaked report describing eleventh-hour Russian influence operations during last year's US elections. An alleged leaker is already charged and in custody. The UK's investigation into last weekend's terror attacks continues, online as well as in physical space. Apple hints it's helping out. The attackers seem to have been known to authorities. In its continuing campaign of online inspiration, ISIS claims responsibility for the destruction of a church in the Philippines and a lethal standoff in Australia. Violent anarchist groups seem to be following the ISIS playbook in cyberspace. Some thoughts on wolves. Rick Howard from Palo Alto Networks on government cloud deployment. Andrea Little Limbago from Endgame has results from a survey on Americans’ perceptions of the US government’s cybersecurity capabilities. And the DarkOverlord is back. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that ISIS has claimed responsibility for Saturday's terror attacks in London. The UK reacts with strong words against terrorist safe spaces online. The Prime Minister wants restrictions on end-to-end encryption and a very hard line against extremist messaging. Hacking has diplomatic consequences for Bahrain, Qatar, and the United Arab Emirates. India investigates a possible cyberattack against a fighter aircraft. Dr. Charles Clancy from VA Tech's Hume Center on the FCC's approach to consumer privacy. Ransomware purveyors also selling stolen data. EternalBlue exploits remain active. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear, second-hand but ultimately from Vladimir Vladimirovich himself, that Russian hackers are free-spirited, patriotic artists, and maybe he'd be in a position to know. WikiLeaks dumps more Vault7 documents. White hats reconsider crowdsourcing membership in the exploit-of-the-month club. OceanLotus may be weaponizing a ShadowBrokers' leak. Fireball malware used for ad fraud. A think tank warns of Royal Navy submarine cyber vulnerabilities. Kmart discloses a point-of-sale breach. Jonathan Katz from UMD on undetectable backdoors. Leo Taddeo from Cyxtera Technologies on what the Comey firing means for encryption and cyber security. And a motorcycle gang is hacking cars. Why? Because that's the way they roll. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we discuss the ShadowBrokers and their new exploit-of-the-month club, now open for subscription. We get some industry reaction, and it seems unlikely that the ShadowBrokers should be taken at face value. Plus, Webroot's David Dufour give us the dirt on worms. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that the ShadowBrokers open their exploit-of-the-month club at the low, low price of $22,000 in Zcash. Group-IB finds more evidence that the Lazarus Group is a North Korean intelligence unit. Extortion, both real and bluffing, grows in underworld popularity, but carders are with us still, alas. President Macron tells President Putin everyone's on to his use of Russia Today and Sputnik News for disinformation. Accenture's Justin Harvey explains red-teaming. Ely Kahn from Sqrrl outlines NIST's call for comments on their cybersecurity framework. And if you're a regular Joe or Jane looking for some Android action, take this advice straight from the shoulder: steer clear of Star Hop and Candy Link. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that British Airways suffered a glitch, not a hack, but whichever it was, it amounted to an infrastructure takedown. Fancy Bears may be snuffling at the Government of Malta. The ShadowBrokers may be cashing out. Google kicks Judy adware out of the PlayStore. Researchers find another Android vulnerability, "Cloak-and-Dagger." Anonymous is working on the Houdini RAT. Mall hackers in Liverpool mind their manners. Johannes Ulrich from SANS and the ISC Stormcast podcast on DNS security. And security researchers get rickrolled. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear that bogus WannaCry remediation apps are cumbering the PlayStore—don't be taken in. More on the complexities of WannaCry attribution. An EternalRocks worm may have been withdrawn by its authors. Citizen Lab finds evidence that influence operations against targets in almost forty countries are now corrupting data. Vietnam does some cyber snarling at the Philippines over the South China Sea. Samba gets a patch as observers fear emergence of a worm. Biometrics and impersonation—experts advise complexity. GDPR is just one year away, but preparation still lags. Dinah Davis from Arctic Wolf shares her story of founding Code Like a Girl. Malek Ben Salem from Accenture Labs describes self sustaining enterprises. And two noteworthy pieces of legislation are introduced into the US House and Senate. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear about a vulnerability in widely used networking software leaves it open to a worm infestation. Were the WannaCry hackers annoying stumblebums, or are there deeper games afoot? Help desk scammers say they'll rid you of ransomware—they won't. Researchers watch "Widia," commodity ransomware that's still an early stage work-in-progress. The Manchester terrorist looks more like a known wolf than a lone wolf. Ben Yelin reviews the Supreme Court's consideration of a cell site privacy case. Yong-Gon Chon from Focal Point Data Risk discusses their Cyber Balance Sheet Report. And US Cyber Command would like ISIS to know that they're in the Fort's crosshairs. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear that the Manchester bombing investigation is looking closely at the bomber's networks, with international cooperation. NSA says it's waging cyber war against ISIS. EnSilo patches ESTEEMAUDIT, one of the vulnerabilities set up for exploitation by EternalBlue. Russian police arrest members of the Cron cyber gang. Ben Read from FireEye describes recently discovered zero-days. Jonathan Katz outlines some Bitcoin vulnerabilities. And the Cyber Investing Summit opened with some demonstrations of the use and abuse of misdirection in hacking. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, ISIS claims responsibility for the Manchester concert bombing. Security companies make their case for pinning Wannacry on North Korea. US legislators consider bills to upgrade equipment and permit limited hacking back. Emily Wilson from Terbium Labs considers coming European privacy regulations. Doug Depeppe from the Cyber Resiliency Project describes a community based approach to cyber resiliency. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, the FBI and CIA are reported to be looking for the source of a compromise that shut down CIA agents in China between 2010 and 2012: hackers or moles, no one knows. Or was it just a tradecraft mismatch? WannaCry has been slowed, at least temporarily. Observers speculate the ransomware may have been a probe. Other uses of EternalBlue exploits look more focused and more disciplined, and arguably more serious. WikiLeaks dumps another leaked implant. Johns Hopkins' Joe Carrigan gives us the VPN basics. And the ShadowBrokers are expected to open their Leak-of-the-Month Club in June (subscription only). Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we learn that crooks are interested in home IoT. Twitter outages aren't just you. Android Marshmallow won't be getting a patch, just a replacement. WannaCry observers focus on North Korea as a possible source. Palo Alto Networks' Rick Howard has research on Shamoon. Joyce Brocaglia from Alta Associates and the Executive Women's Forum shares results from the 2017 Women in Cyber Security Survey. And no one, yet, knows who the ShadowBrokers are with any certainty. (Or it they do, they're not talking.) Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that Iran's OilRig cyberespionage campaign seems to employing Russian hoods, and BlackEnergy. WannaCry recovery continues, but there may be worse to come. Still talking funny, the ShadowBrokers say you'll be able to subscribe to an Equation Group leak service next month. The US Senate considers putting the Vulnerability Equities Process on a legal foundation. NIST issues draft guidance on cyber Executive Order implementation. Level 3 Communications' Dale Drew predicts there's more ransomware in our futures. Mandeep Khera from Arxan Technologies outines vulnerabilities in mobile apps. And political parties in Western Europe still stink at email security, for all their worries about Fancy Bear. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that APT3, also known as Gothic Panda, has been fingered as an agent of China's Ministry of State Security. An unreleased Disney flick is held for ransom: Disney doesn’t pay, movies goes up on Pirate Bay. WannaCry may be sloppy but it's still dangerous. OT has a harder time patching against WannaCry than IT does. Dr. Charles Clancy from VA Tech's Hume Center contracts the Shadowbrokers vs Vault 7. Area 1's Oren Falkowitz describes innovative ways to prevent phishing. The ShadowBrokers are back and still talking crocodile. And WikiLeaks releases more of Vault7. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we follow the developing story of the WannaCry pandemic as it continues to unfold, with speculation about attribution focusing on the Lazarus Group. Why malware would have a kill switch. Throwbacks to the worm wars. The risks of unpatched, superannuated, or pirated software. Litigation exposure in the WannaCry affair. David Dufour from Webroot on the basics of exploits and scripts. Paige Schaffer from Generali Global Assistance reviews the Identity Theft Assessment and Prediction Report published by the University of Texas at Austin Center for Identity. Cyber Pearl Harbors, again—what might one actually look like? Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear how WannaCry ransomware became a pandemic over the weekend. Johannes Ulrich joins us to help sort it out. A temporary lull is feared likely to be more temporary than most would like. Baijiu espionage malware is spreading through GeoCities. Another APT—APT32—is also devoted to espionage, apparently in alignment with the government of Vietnam. Bin Laden's son is working to inspire lone wolves. National authorities seek to draw influence operations lessons from the concluded French presidential campaign. Armies make tactical use of cyber operations. And there's a dragnet out for tech-support scammers. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear about the long-expected US Executive Order, with commentary from Politico's Eric Geller. It was signed yesterday, and gives prominence to the NIST Framework, DHS,and OMB. Eternal Blue is used to spread WannaCry ransomware, and the UK's NHS is hard hit. Fancy Bear prances in NATO costume. US Intelligence Community leaders warn the Senate that the Russian cyber threat is large, growing, and not going away. The University of Maryland's Jonathan Katz explains some potential browser protocol vulnerabilities. And spamming celebrates its thirty-ninth birthday—no happy returns for you, spammers. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that French media sites are recovering from a massive, successful DDoS attack whose source is still under investigation. Android adware harvests and reports PII. Microsoft's quick patching of zero-days included three that are being exploited in the wild by state and criminal actors. Ben Yelin from UMD CHHS reviews the first 100 (cyber) days of President Trump. Ken Spinner from Varonis on their latest data risk report. Advice on Mother's Day gift cards, and some news about skids and harassing phone calls. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that NSA says it warned its French counterparts about Russian cyber ops targeting France's elections. Next up for Fancy Bear? Probably German elections, but in the meantime there's also some phishing with zero-days. The NSA Director also advocates calling out Russia for bad behavior in cyberspace, and says that US Cyber Command is ready and able to hold targets at risk, so deterrence and retaliation are available options. Microsoft, Adobe, and Cisco issued significant patches yesterday. Accenture Labs' Malek Ben Salem shares results from their security survey. Rohit Sethi from Security Compass outlines managing application security. And President Trump has told the FBI Director, "you're fired." Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that haste may make for, not exactly waste, but at least brazen and ineffectual influence operations. Metadata evidence of Fancy Bears paws in En Marche! emails. Moscow snorts "false flags," but UK, German, and US officials say the Bears are there and up to no good. ISIS posts another bit of depravity as inspiration. North Korea is thought to be paying for its advanced weapons programs with cyber bank heists. Persirai joins Mirai in the IoT botnet world. The US FCC sustains a DDoS attack. Joe Carrigan from JHU explains the benefits of segmenting your home network. Andrew Blaich from Lookout on finding the Pegasus lawful intercept tool on Android devices. Microsoft patches an RCE flaw in its Malware Protection Engine. SS7 protocol weakness permits defeat of two-factor authentication. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we discuss Emmanuel Macron's victory in France's presidential election despite last-minute hacking and leaked emails. (Hacked emails seem not particularly scandalous as the story develops.) Germany and the UK brace for cyberespionage in their own upcoming elections. Intel AMT flaw more serious than expected, will get fixes this week. HandBrake download server proved RAT-infested. Kazuar looks like an Uroburos upgrade. Emily Wilson from Terbium Labs weighs in on Op Israel. Ransomware market features FrozrLock and Fatboy. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear about elections and election influence operations in Europe, and the difficulty of taming Fancy Bear. Some weekend reading. The Google Docs worm and dynamite phishing incident takes an odd (but implausible) turn. Snake malware seems poised to strike at Mac users. We welcome Johannes Ulrich from SANS and the Internet Stormcenter Podcast. Allan Liska outlines his book on ransomware. And there's a new product in the crimeware-as-a-service souk: it's called "Fatboy," it speaks Russian, and yes, it's ransomware. Learn more about your ad choices. Visit megaphone.fm/adchoices