CyberWire Daily

In today's podcast we hear about "Rasputin," a cybercriminal selling US Election Assistance Commission credentials. US investigation of Russian influence operations continues, with promises of eventual retaliation (nose-thumbing from Moscow received in response). UK and EU officials worry about Russian meddling with 2017 elections. The Yahoo! breach sinks in—some call it the "Exxon Valdez" of cyberspace. New ransomware strains and growing ransomware sector, but help in the form of an international public-private partnership. Markus Rauschecker from the University of Maryland Center for Health and Homeland Security discusses the National Cyber Incident Response Plan (NCIRP). We talk privacy and encryption policy Jacob Ginsberg from EchoWorx. with And we're closer to seeing robot drivers on the streets. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear about Yahoo's disclosure of a record-setting breach—over a billion customer accounts are affected. CyberWire editor John Petrik collects industry comments on the breach. Microsoft reports finding "FinFisher-like" spyware in the wild. US investigation of Russian election hacking continues. The case for and against Fancy Bear is being made by observers, but the Intelligence Community says it will keep its conclusions to itself until the investigation is complete. ThreatConnect describes "faketivism." And the ShadowBrokers are back, and their broken English hasn’t gotten more convincing. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we learn that Ukraine says its Defense Ministry was hacked, probably by Russia. US investigations of apparent Russian influence operations during elections continue. Venezuela talks up cyber threats as contributing to its financial crises. Dr. Web reports a new Loki Trojan variant in the wild. BugSec and Cynet disclose Facebook Messenger flaw (now patched). Level 3's Dale Drew provides insights on nation state hackers. Omri Iluz from PerimeterX warns us about gift card fraud. Colonel's Club breached. And hacktivists go after Russian consular data. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we learn that SWIFT has warned member banks of ongoing attempts at fraudulent funds transfer. US investigation of Russian influence operations continues, with bipartisan support. German fears of Russian election hacking persist. Apple iOS, McAfee VirusScan Enterprise, and AirDroid get patches. Tor releases a browser with upgraded anonymity. Kevin Bocek from Venafi reminds us of the looming SHA-1 sunsetting. Ben Yelin from the University of Maryland Center for Health and Homeland Security examines a case involving stingray devices and warrantless searches. And some guy steals a million so he can spend it on in-game purchases. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear about how an international police action swept up youths shopping for DDoS tools. Russian banks sustain a mild, easily parried DDoS attack. Mirai gets trickier. US-CERT warns against vulnerabilities in home routers. Popcorn Time ransomware says it's doing good by doing bad, but few will be deceived. US opens an investigation after the Intelligence Community concludes that Russian services tried to throw the US election away from Clinton and toward Trump. Emily Wilson from Terbium labs describes the markets for drugs and pharmaceuticals on the dark web. And North Korea says they didn't do it, you tantrum-throwing conservative puppet regime, you. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, South Korea braces for the North to take cyber advantage of a constitutional crisis, but so far all's quiet. (Or most is quiet, anyway.) Germany takes official notice that Fancy Bear is working to disrupt next year's elections. The US state of Georgia thinks DHS may have tried to penetrate its election system post-election, and it wants to know what's up. ISIS is back online, and calling for attacks against Americans and Shiites. A phishing campaign trolls customer service reps with fileless malware. Experts expect more Mirai-driven DDoS. Rick Howard from Palo Alto Networks tells about the Cybersecurity Canon. Caleb Barlow from IBM Security explains the importance of a well practiced resiliency plan. And the Avalanche criminal kingpin is on the lam after being sprung from a Ukrainian jail. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear about an industrial espionage campaign against Germany's steel industry. Turkish hacktivists' Sledgehammer gamifies DDoS (and installs backdoors in its gamers). The Floki Bot Trojan is a cheap and evasive addition to the Zeus family. Dridex is back. GPS gets a cybersecurity upgrade. Too many people are still using Windows XP. Joe Carrigan from the Johns Hopkins University Information Security Institute reports back from the Grace Hopper conference. ZScaler's Deepen Desai describes the Stampado strain of ransomware. NSA is said to be struggling to compete with the private sector for cyber talent. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that more network security cameras have been found vulnerable to bot-herding. Sony's are patched, so patch. Unpatched Flash bugs incorporated into exploit kits. New ransomware strains are out. Russia announces a new national Internet strategy as Canada and the EU grapple with the complexity and ambivalence of controlling extremist content. Steganography is back, alas, and in your banner ads. Dr. Charles Clancy from VA Tech’s Hume Center explains the challenges of developing security solutions that can function in both the federal and commercial realms. Ebba Blitz from Alertsec hasthe results of a survey on what Americans fear most when it comes to cyber security. And Tay's kid sister Zo makes her debut. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that more state-directed hacking is in the forecast for 2017 (and Pyongyang seems to have a head start). A new DDoS botnet rivals Mirai. Ransomware notes. Android users are advised to stick with Google Play (and so avoid Gooligan). Content filtering in social media. Cris Thomas from Tenable talks about their cybersecurity report card. Awais Rashid from Lancaster University outlines critical national infrastructure. And more connected toys seems to be far too curious about those who play with them. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear what the US Presidential Commission on Cybersecurity recommended in its long-anticipated report. Russia's FSB says today's the day foreign intelligence services are going to try to disrupt the Russian financial system. Ransomware author Pornpoker gets collared. Distributed guessing attacks might have been made against Tesco. Gooligan's business model is mostly advertising and garbage apps. Markus Rauschecker from University of MD's Center for Health and Homeland Security ponders IoT liability. Tenable's Global Cybersecurity Assurance Report Card tells the globe it's got room for improvement. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear about an international take down of the Avalanche cybercrime ring. (Bravo, FBI…and others.) A vulnerability in AirDroid is reported—you can find the app in the Google Play Store. Russia says there's a plot afoot to hack its banks and spread financial panic. US Senators tell the White House they want to know more about Russian attempts to influence US elections. This week has seen more Mirai DDoS, a resurgence of Shamoon, and another round of WikiLeaks doxing. There are also changes to NISPOM and Rule 41 in the US, and Ben Yelin from the University of Maryland Center for Health and Homeland Security fills us in on that. Denim Group's John Dickson helps us understand what we might expect from the coming Trump presidency. In the UK the Snooper's Charter received Royal assent. And what do pacemakers and e-cigarettes have in common? Malware. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we learn that Shamoon is back, again probably from Iran, and again hitting Saudi targets. Mirai infestations are turning up in the UK; observers see a criminal race to round up the biggest bot herd. Fancy Bear is also back, and still pawing at WADA. Good backup practices enabled San Francisco's Muni light rail to recover from ransomware. Palo Alto warns of a new Android Trojan. Facebook says there's no way ransomware was hidden in Messenger images. Firefox patches the zero-day that threatens Tor anonymity. Professor Jonathan Katz from the University of Maryland explains why ransomware crypto is hard, and Group iB's Dmitry Volkov describes ATM jacking group Colbalt. Germany mulls going for more surveillance, less privacy, as investigations of ISIS operations continue. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear about Deutsche Telekom's recovery from DDoS, and why there's probably a lot more Mirai where that came from. Omri Iluz from PerimeterX gives us the background on botnets. Germany arrests an alleged mole in the BfV. ISIS claims the Ohio State attacker as its "soldier." The Snooper's Charter becomes law in the UK. San Francisco's Muni hangs tough on ransomware. A new Android malware strain is out in the wild. We welcome Awais Rashid from Lancaster University to the show. And Ross Ulbricht's defense team say they've found a third crooked cop in the Silk Road case. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear about how ISIS sympathizers are celebrating the Ohio State slasher rampage in social media. Germany's BND warns of Russian plans to disrupt elections. Deutsche Telekom recovers from a Mirai-driven DDoS attack. San Francisco's light rail recovers from ransomware (and resumes collecting fares). Holiday retail cyber security trends. A look into the dark web. Continuing security troubles for former and prospective US Secretaries of State. Level 3's Dale Drew takes a look at critical infrastructure. The Carter Administration gets doxed, and xHamster is breached. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this CyberWire Podcast Special Edition, we examine the current state of investment in cyber security, speak to experts in the field, and learn from top cyber security-focused venture capitalists what they expect before they invest. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear about how military, law enforcement cooperation are taking a toll of ISIS cyber operators. President Obama says the US elections weren't affected by hackers. DDoS in Brussels and Ireland remain under investigation. A Mirai botnet is available for rent on the cyber black market. ATM skimmers threaten holiday users—and the new inset skimmers are tough to detect. Ransomware hits San Francisco light rail (so the Muni lets passengers ride free). Booz Allen's Brad Medairy walks us through the Ukraine grid hack. Emily Wilson from Terbium Labs describes how they celebrate the holidays in the Dark Web. And no, Anthony Bourdain's foodie show wasn't hacked to get banned in Boston Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear about how ISIS is making its way, quietly, back into the cyber news (and how the Australian Signals Directorate is on the case). The Broadband Internet Technology Advisory Group wants the IoT industry to face some unpleasant facts, and the security industry calls for standards. Europol finishes its second sweep of money mules. ATM jackpotting spreads in Europe and Asia. India suffers a wave of carding. Joe Carrigan from the Johns Hopkins University Information Security Institute reports back from the NICE Conference. BBC Journalist and Author Gordon Corera is our guest, discussing his latest book, "Cyber Spies - The secret history of surveillance, hacking and digital espionage." And security experts warn us all to be cyber savvy on Black Friday. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear about the FBI's warning that cash-spewing ATMs could be coming to a strip mall near you, courtesy of the Russian mob. Bad news and good news about ransomware. Another Android backdoor is reported. Exploitable security cameras get a patch. The Conficker worm's still crazy after all these years. Lessons for users from the Three Mobile hack. Biometrics meets the Wind in the Willows? (Fujitsu Biometrics' Derek Northrope provides a reality check.) Palo Alto's Rick Howard discusses the disconnect between the board room and the tech crew. China's new Internet law. And what have Fancy and Cozy Bear been up to? Hibernating? Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we talk about thinking twice before opening pictures received via Facebook Messenger. A recruiting site exposes GitHub profiles. Investigation of credential abuse in the Three Mobile upgrade fraud continues. Fortinet warns German users against an Android banking Trojan. Much advice on how to stay safe online during holiday shopping is out. Symantec plans to buy LifeLock, and Optiv is filing an IPO. President Obama says, while in Berlin, that he won't pardon Snowden. Rumors of DNI and SecDef discontent with Director NSA circulate. Markus Rauschecker from the University of MD Center for Health and Homeland Security reviews new automotive security guidelines from the feds. And no, Chinese cabinet ministers don't have a side gig recruiting for the Canadian Forces. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear about US DNI Clapper's long-expected resignation and his contention that attributing election hacking to Russia seems to have induced Moscow to "curtail" such operations. The UK arrests suspects in an upgrade fraud scheme suffered by Three Mobile and its customers. Updates on Android spyware and banking Trojans. Siri might be helping bypass your iPhone's lockscreen. There's good and bad news about ransomware, but, happily, more good than bad. A quick review of the week's industry news, with an emphasis on cyber security start-ups. Dr. Charles Clancy from Virginia Tech's Hume Center outlines Virginia's new Cyber Security Range initiative. Sara Sorcher from the Christian Science Monitor's Passcode provides an overview of what we might expect from the Trump presidency. And, in China, wisdom sees a passing of the Mandate of Heaven in cyberspace. Or that's what wisdom's spokesmen are saying, anyway. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear about German concerns over Russian meddling in elections. In the US, the NSA Director says a nation-state made a conscious attempt to influence American elections. Dictators can use social media, too, it seems. Huawei and ZTE reassure customers about the Adups backdoor. Holiday shopping security warnings are out, and they're not just about online purchases, either—watch out for that in-store Wi-Fi. The UK's Snooper's Charter passes the House of Lords. Ran Yahalom from Ben Gurion University describes USB hardware attacks. John LaCour, CEO of Phishlabs provides advice on avoiding (wait for it…) phishing attacks. And a Russian court tells that country's ISPs to shut down LinkedIn—it's a concern about privacy, don't you know. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear about some lawful intercept tools that have been found prospecting Android. Synack calls shenanigans on Shazam, but maybe no harm, no foul. Carbanak turns from banks to hospitality. Insider threats and how to mitigate them—if you've got a facility clearance, you've got a deadline coming up, and Steven Grossman from Bay Dynamics explains what it means. Arlington Capital merges three of its companies into a new cyber shop, Polaris Alpha. Symantec is rumored to be sniffing at LifeLock. Cyber policy discussions in Germany and the US sound a lot alike. Jonathan Katz from the University of Maryland explains the pros and cons of photonic encryption. A teenager cops to the TalkTalk hack, and, if you're asking for a friend, the tally of accounts affected by the AdultFriendFinder breach hits 412 million. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear about a backdoor Kryptowire has found preinstalled in some Android phones. We speak with Ryan Johnson, the researcher who discovered the vulnerability. The Locky ransomware takes a run at US Army Cyber Command. CrySis ransomware is decrypted. SpamTorte 2.0 is out, and it's thinking big. A Trojan may be implicated in the Tesco fraud campaign, and it may have more banks in its crosshairs. Emily Wilson from Terbium Labs shares the findings of their latest report on the Dark Web, and Ping Identity's Pamela Dingle explains the Digital Transformation Journey. And watch out for the AdultFriendFinder-themed spam that will follow in the breach's wake. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we follow up on last week's DDoS against Russian banks. Fancy Bear's been poking at think tanks, and ESET has a rundown of Fancy's fancies over the last couple of years. DDoS can be low and slow as well as high and noisy. Banks consider cyber lessons learned from Tesco heists. International recruiter Michael Page blames a third-party for data loss. Canada's Casino Rama—that's the casino's name—sustains a breach. A family of sites none of you would visit is also breached—we tell you because you're probably asking on behalf of 339 million friends. LabMD wins a stay against the FTC. Level 3's Dale Drew considers the changing nature of the IoT. And Kaspersky takes Microsoft to court in Moscow on an anti-trust beef. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we look back at election hacking concerns in the US (most of which didn't happen) and we hear from some people who offer advice for the next administration's first 100 days. Fancy Bear is phishing with Adobe and Microsoft zero-days. Investigation of the Tesco fraud continues. It looks as if the Bangladesh Bank might recover some of its losses in the SWIFT heist. There's an OPM-themed phishing campaign afoot. Server database issues point up the importance of digital hygiene. More Yahoo troubles. Markus Rauschecker from the University of Maryland Center for Health and Homeland Security explains new FCC privacy rules. Chuck Ames, Director of Cybersecurity for Maryland, describes new regulations for companies looking to do business with the government. Advice for the next US President. And, Marines, happy birthday and semper fi. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we look at Patch Tuesday: Microsoft closes thirteen vulnerabilities (five of them "critical"), Adobe fixes Flash Player, and Google addresses Android issues. "Trigger-based" mobile malware, and why it's hard to see. Why usability matters to security. Tesco continues to recover from ATM fraud. Canadian police surveillance is scrutinized. Thermostat trouble in Finland. The Johns Hopkins University's Joe Carrigan discusses privacy of medical records. Professor Gene Tsudik from University of California, Irvine, explains a potential vulnerability with typing while Skyping. And, oh, we also hear there was some election or something in the US. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear that US authorities are ready for election hacking, but assess the risk as low. (The information operations, however, seem to be another matter.) Flashpoint sees Mirai being fragmented in a black-market market correction. Users in Turkey flee censorship into Tor. Operation Hyperion shuts down a lot of dark web nastiness. Tesco fraud investigations continue. Palo Alto's Rick Howard describes a new white paper on the growing sophistication of Nigerian online scammers. CrowdStrike's Dan Larson explains the evolving motivations of threat actors. And an email spoofer tells the court there's no tort, because his email was so implausible. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we offer an Election Day Eve round-up of current cyber tensions, especially between the US and Russia: influence operations for sure, disruption possibly, vote manipulation maybe (but probably not). Ukrainian hacktivists continue to dox a major Putin consigliere. UK retail bank Tesco shuts down online operations due to a wave of fraud. Ben Yelin from the University of Maryland Center of Health and Homeland Security provides a final assessment of the US presidential candidates. And Indian police say a rival service seems responsible for a July DDoS attack in Mumbai. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear about how Liberia has sustained a significant DDoS attack (Mirai is behind it). Linux/Moose is also on the IoT loose. Hospitals in the UK continue to recover from ransomware attacks. Anonymous doesn't like ISIS, but it also doesn't like the governments who are fighting the Caliphate. Exaspy malware targets business leaders' Android phones. A new joint venture is poised to become a mid-major in the cyber security sector. Accenture Technology Labs' Malek Ben Salem explains developments in redactable blockchain. AT&T CSO Bill O'Hern provides his perspective on current and coming cyber security challenges. And an update on election hacking—it's more of the same, with more coming. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear about how fallout from the FBI investigation of former Congressman Wiener continues to drop onto the Clinton campaign. WikiLeaks' Assange says he'll continue to dox, but denies he's doing so with Russian help. Iot-driven DDoS fears continue. A new exploit kit is replacing earlier stars in the criminal firmament. Jonathan Katz from the University of Maryland describes an experiment Google ran, pitting several AIs against each other in an encryption challenge. Edward Fox from MetTel explains the role telecommunications companies play in cyber security. NIST issues a cybersecurity workforce framework, NSA promotes its Day of Cyber, and the SINET 16 are introduced in Washington. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear about the Microsoft and Google disagreement over public vulnerability disclosure (with a side of Fancy Bear). We also get some industry reactions to the dispute. Terbium takes a good look at the dark web and finds it's not as uniformly sinister as many believe. Google and Mozilla move to reject dodgy certificates. NIST releases a job map. Anonymous gets a grade of incomplete in its trolling of ISIS. Identity Guard's Jerry Thompson describes new technology for protecting your identity online. Ran Yahalom from Ben-Gurion University explains hiding data in USB devices. And the Shadow Brokers' news seems a bit old. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear that the Shadow Brokers are back, and again mangling English like a bad scriptwriter doing Ensign Chekhov fan-fiction. Russian leaders continue to scoff at American elections, and WikiLeaks continues to leak. Microsoft doesn't patch fast enough to suit Google. Researchers consider the scope, threat, and mitigation of the Mirai IoT botnet. We welcome Rick Howard from Palo Alto Networks to the show. Ferruh Matvituna explains how Content Security Policy can protect against cross site scripting. And Furby's back, but this time it's connected. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's Halloween podcast, we consider post mortems on the October IoT distributed denial-of-service attacks, which suggest there are bigger problems than just factory settings. Recalls of potentially compromised devices continue, and some think about hacking back. (A hint—think twice.) HackForums pulls down its network stressor offerings. South Korea says the North is up to more cyber badness. US election hacking concerns continue. The FBI reopens its email inquiry. Level 3's Dale Drew discusses the growing scale of online attacks. And observers wonder, what do you have to do to lose a clearance? Learn more about your ad choices. Visit megaphone.fm/adchoices

On today's podcast, we hear that ransomware is still with us. A new study of online fraud is out, and one lesson is, it's better to take some, any, precaution than to whistle and hope for the best. The Australian Red Cross suffers a data breach affecting more than a million blood donors' records. Windows seems to suffer from an exploitable vulnerability—how serious it may prove remains to be seen. Mirai botnets continue to sputter across the IoT. Signs point to a public-health approach to mitigating DDoS. Ben Yelin reports on a Maryland surveillance hearing. Duo Security's Dug Song thinks it's time to get back to basics. Not everyone believes you need to resign yourself to being hacked. And those doxed Kremlin emails? Apparently real. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this CyberWire Podcast Special Edition, we examine the current state of cyber security education, speak to experts in the field, and learn about what it’s going to take to prepare the next generation of cyber security professionals. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear more about the IoT worries people are sharing about both industrial systems and consumer-grade products. Iot device recalls continue. Analysts expect there are more, and worse, DDoS attacks to come. Cyber espionage surfaces again in the Middle East. Yisroel Mirsky from Ben-Gurion University on machine learning research. Thomas Pore from Plixer on the Mirai botnet source code. And what's sauce for the goose, is sauce for the gander. Or so we hear, at least with doxing. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that Friday's Dyn DDoS may have been the work of skids and script kiddies, not high-end Russian spies. A recall of vulnerable IoT devices proceeds. Utilities see the DDoS attacks as a warning shot—they should maybe start by getting rid of all those pagers? ISIS tweaks its online messaging to point out that the Caliphate is enduring a divinely ordained period of trial. CloudFanta malware harvests credentials via a cloud storage app. Emily Wilson from Terbium Labs weighs in on credit card fraud in the dark web. Edward Hammersla from Forcepoint reviews their study of Millennials in the federal workplace. And, fellow youths, there's some bad news and some good news about cyber Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear about some who think that IoT botnets may be best considered an instance of a more general problem with poorly secured endpoints. Good digital hygiene can be good digital citizenship. IoT device recalls follow the DDoS against Dyn. Attribution of the attacks remains up in the air—Clapper looks at "multinational hackers, Jester looks at Russia (and Russia looks at Jester and sees Vice President Biden), and yes, John McAfee is looking at North Korea. Joe Carrigan from The Johns Hopkins University's Information Security Institute inventories IoT devices, and Malcolm Harkins from Cylance shares his thoughts on taking risks. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear about how, while the Internet has recovered from Friday's DDoS attacks on DNS provider Dyn, its users are suffering a significant hangover. No attribution, but the Jester thinks he's (she's? they're) on the case. Observers see significant potential for more damaging IoT-based attacks to come. Virginia Tech's Dr. Charles Clancy weighs in on quantum computers and encryption. And Hal Martin's lawyer adumbrates his client's defense in the case of the Top Secret Collector's Collection of Top Secret documents. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we follow the developing story of intermittent DDoS attacks affecting Internet sites throughout the US East Coast. Hotspot vigilantes try to get Julian Assange reconnected inside Ecuador's London embassy. More election documents appear in WikiLeaks. Russia offers to monitor US elections. NSA's Director talks about labor force issues. The University of Maryland's Jonathan Katz explains an update to a key encryption component of the internet. Guest Kevin Green from DHS describes his work on software assurance programs. And some advice from the Cyber Security Hall of Fame: You want security, convenience, and freedom? Pick two. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear about Czech authorities' arrest of a Russian man in connection with 2012's LinkedIn hack. US response to Russian election hacking is still under preparation. IoT botnets proliferate as Mirai source code spreads through the criminal underground. Some 200 strains of ransomware are reported in the wild. Financial regulators push greater security. Muddy Waters and St. Jude continue their dispute over medical device vulnerabilities. Ran Yahalom from Ben-Gurion University discusses a group of vulnerabilities known as Bad USB. Tom Sadowski from the University of Maryland system discusses CyberMaryland and the role of the University System. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that Ecuador has told the world they cut Assange's Internet connection (but will continue his asylum), and that they did so on their own. Russia Today remains predictably unconvinced. WikiLeaks shows no signs of stopping election doxing. The US may be considering a campaign of counter-embarrassment as its response to Russian information operations. Fallout from the Yahoo! breach continues. London banks are hit with ransomware. More IoT botnets form from Mirai code. Terbium's Emily Wilson explains the weaponization of intel. Venafi's Kevin Bocek describes what their look at Yahoo!'s encryption revealed. And we take a quick look at the blockchain. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear the current skinny on hacking the US elections. WikiLeaks' Assange lives, but he seems to be offline, and RT gets dumped by its British bank. The US continues to make noises about retaliating against Russian hackers. Russia sheds crocodile tweets over American gasconade. A retired general pleads guilty to lying to the FBI. The Shadow Brokers say, really, they want someone to bid, or else. Markus Rauschecker from the University of MD Center for Health and Homeland Security explains a recent ruling involving kids' privacy online. Netskope's Ravi Balupari describes the latest behaviors of the Virlock ransomware. Level 3 keeps score on the Mirai botnet. And, fellow youths, you may after all be the weakest link. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear about Pakistani phishing in the Indian Army's pond. ISIS loses prophetically important town of Dabiq, and must adjust its messaging accordingly. WikiLeaks continues to poke at the Clinton campaign. Fancy Bear is again in the spotlight as the US preps a response to Russian election hacking. IoT malware—Mirai and LuaBot—affects networking gear. Dyre's masters are back and working on a new banking Trojan. Robert Lee from Dragos Security offers his opinion on recently nuclear power plant breach revelations. Malek Ben Salem from Accenture Technology Labs explains new research on semantic technology for security analytucs. And what, exactly, does EvilTwin think he, she, or they might be up to? Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we follow the continuing story of election hacks, and the varying but convergent motives behind them. We get a side helping of good government advice from Mr. Putin. (Thanks, Vlad!) Al Qaeda tries to reach the Millennial jihadist market with ISIS-like information operations. The Internet-of-Things enhances its reputation as an Internet-of-Trouble. Cyber stocks see turbulence as downbeat guidance spooks speculators. Pork Explosion isn't a movie from the Seventies—it's an Android backdoor. The Johns Hopkins University's Joe Carrigan responds to a listener inquiry about Amazon's recent password resets. DDoS expert Dave Larson from Corero Network Security shares his perspective on recent attacks. And please don't use a misspelled app to take selfies. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear about possible patriotic hacktivism in South Asia. IoT devices are being exploited as proxies, and exploit kits continue to serve up ransomware against poorly managed systems. Market volatility puts cyber stocks on a roller coaster. The US continues to work out its proportional response to Russian election hacking. Russia says it's willing to ride out all that domestic American messiness in the hope of better relations. We welcome our newest Academic and Research Partner, Ran Yahalom, Project Leader at the Malware Lab of the Cyber Security Research Center at Ben-Gurion University. LastPass' Amber Steel shares the results of their recent password security survey. And criminal cartels use in-game currencies for money laundering. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we take a quick look back at Patch Tuesday. Amazon gets solid reviews for a password reset campaign. A new Trojan is caught manipulating SWIFT fund transfer logs. IoT botnets worry ecommerce sites, and the EU's proposed stickers seem unlikely to allay those concerns. Australia confirms a foreign intelligence service hacked its Bureau of Meteorology, but it won't say which foreign service that was. TV5Monde offers details on its experience with a false-flag hack. Jonathan Katz from the University of Maryland describes obfuscation techniques he saw at a recent crypto conference. Quortum's Joey Alonzo provides tips on mobile device security. And, says the US to Russia, ready or not, here we come. (Maybe.) Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear about Industrial control system worries in the electrical power sector. IoT botnets spook the EU, and research into Mirai reveals some interesting features of last month's DDoS attacks. The US Intelligence Community says officially that the Russians are trying to influence US elections. The Russians say it's rubbish, and the candidates swap accusations. WikiLeaks doxes the Clinton campaign. Level 3's Dale Drew discusses the security of election systems. Smrithi Konanur from HPE Data Security explains credit card security. The FBI wants another terrorist's iPhone unlocked. Verizon mulls the price at which it might now buy Yahoo! And experts suggest best practices for Cyber Security Awareness Month. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we discuss the consensus that Guccifer 2.0 didn't actually hack the Clinton Foundation. We hear how information operations might work during an election. The arrested NSA contractor's alleged motives remain unclear. The Mirai botnet got its exploitable vulnerabilities by downstream propagation of default credentials. The US Surgeon General discloses a breach. Dr. Charles Clancy from Virginia Tech's Hume Center considers policy statements from US presidential candidates. Joyce Brocaglia tells us about the Executive Women's Forum. And if you have a hard time listening to us, you may be suffering from "security fatigue." Don't believe us—take it from NIST. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we learn about the FBIs' arrest of an NSA contract worker—classified material was found in his home and vehicle. TalkTalk gets a record fine—£400,000, which comes to a hundred thousand hackerweight—for its 2015 data breach. Yahoo! email surveillance allegations amount to a story that's still murky and anonymously sourced. The Johns Hopkins University's Joe Carrigan stops by to discuss local vs cloud storage. Peder Muller from Novetta previews his upcoming presentation on Bitcoin and Blockchain. And the AUSA Meeting and Exposition closed yesterday with a look at 2030, warnings of Russian information operations, and considerations of how the US Government can keep pace with industry innovation. Learn more about your ad choices. Visit megaphone.fm/adchoices