CyberWire Daily

In today’s podcast we hear some preliminary news about ISIS information operations as expressed in captured files. Hacktivists experience remorse and debate doxing ethics. We review the speculation about the DNC hack and note that another Democratic Party campaign organization may also have been compromised. State-sponsored hacking is driving enterprises to seek help from security companies. The University of Maryland's Jonathan Katz tells us about post-quantum encryption, and Daniel Ennis, former NTOC Director at NSA and currently Executive Director of the University of Maryland Global initiative on Cyber, shares his thoughts on his time with the agency, and the need for cooperation in cybersecurity by government, universities, and industry. Pokémon trainers are still going where they shouldn’t. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast we hear about how ISIS continues to pursue its strategy of using information operations to inspire lone wolves, and what investigators in France, Germany, and the United States are seeing as they look at jihadist social media. We learn about advances in facial recognition software. WikiLeaks releases audio files culled from DNC email hacks. More releases are expected, and evidence continues to point (circumstantially but substantially) toward Russian services as the hackers. Trump suggests Russian intelligence would do everyone a favor if it releases the 30,000 deleted Clinton emails many think the Russians have. Gigamon's Shezad Merchant tells us all about metadata, and Marcus Rauschecker explains the privacy implications of facial recognition software. We take a stroll through the crimeware souk (just looking, thanks). Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast we discuss ISIS terror and online inspiration. We learn that experts are reaching consensus that Russia hacked the US Democratic National Committee, and we hear some steps that might be taken to protect email. We speak with the company that provided cyber security for the Republican National Convention. New vulnerabilities are discovered in wireless keyboards and smart lightbulbs. Ransomware persists, and the numner of DDoS attacks seems to be spiking, recently. The White House issues PPD-41, “Cyber Incident Coordination.” Level 3's Dale Drew speaks to the uptick in DDoS attacks, and Vince Crisler from Dark Cubed shares his experiences protection the RNC national convention from cyber threats. And people are still catching Pokémon in places they shouldn’t. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast we catch up on the big story in cyberspace—the expanding scope of the Democratic National Committee email hack. Most observers continue to see a Russian hand behind it, but some point out that the evidence remains circumstantial. Experts see the hack as a cautionary tale in the importance of authentication and encryption. Stu Sjouwerman is the founder and CEO of KnowBe4, and he provides his take on the possible Russian hack. ISIS continues its attempts online to inspire lone-wolf jihadists. A young cyber start-up emerges from stealth, and we get an update on cybersecurity in the automobile industry from CyberWire editor John Petrik. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast we take a look at the doxing of the DNC, a story which will have, as they say, “legs,” if only because essentially everyone now sees Russian intelligence behind the hack. ISIS and al Qaeda continue their competition to inspire lone-wolf jihad. Turkey’s crackdown on would-be putschists continues. Anonymous goes after targets in Turkey. Cyber M&A notes. Dr. Charles Clancy from the Hume Center at Virginia Tech tells us about the challenges and opportunities coming with Smart Cities. And a look back at Friday’s inaugural Billington Global Automotive Cybersecurity Summit. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, Hacktivists return to DDoS—the Library of Congress is hit. AKP emails continue to receive scrutiny. A look at the jihadists' toolbox. Some quick takes on automotive cyber security, as the industry moves toward fully autonomous cars. Wassenaar and the DCMA still aren't getting much industry love. And we talk to attorney Tom Coale about security clearances and Ben Yelin on the constitutionality of Stingrays. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear about patched vulnerabilities in widely used products—the consensus among experts is that you should patch without delay. A new ransomware variant—“HolyCrypt”-is discovered in development. OurMine hacks the Playstation boss’s Twitter account. Hackers get ready to go after US Presidential campaigns (and some have already started). ISIS information ops continue to concentrate on recruiting and inspiration. Pokemon-GO is too Darwinian for some. The University of Maryland's Jonathan Katz describes a TOR alternative. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast we review some of the cyber implications and sequelae of the apparent failed coup d’état in Turkey. Signs in the Shumukh al Islam leaks suggest ISIS is making inroads among China’s Uighur minority. A Brazilian jihadist group pledges allegiance to ISIS online, adding to Brazil’s cybersecurity (and more importantly, physical security) concerns for the Rio Olympics. enSilo reports widespread code-hooking issues in security software. A look at ransomware, and an actual sockpuppet surfaces in Canada. Morphisec's Ronen Yehoshua describes a technique they call moving target defense, and Markus Raushecker shares his take on the sentencing of a swatter who targeted Brian Krebs. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast we hear about the doxing of a major ISIS forum, and we take a look at the state of play with respect to online information operations in the war with ISIS. We ask whether jihad and kawaii offer contrasting case studies of inspiration. In Turkey, did coup plotters (who might have known better) overlook the Internet? DDoS campaigns rise against governments, companies, and games. A researcher shows how 2FA and account recovery capabilities can be subverted for fraud. Malicious Excel macros are out in the wild. So are the Cknife web shell, as described to us by Recorded Future's Levi Gundert, and the venerable Enfal malware family. Joe Carrigan reminds us why we she be using two-factor authentication. We look at some recent venture investments. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber security comes down to risk management, and it’s hard to manage what can’t be measured. How can cyber risk be credibly quantified and communicated? We’ll talk to companies developing technology solutions aimed at quantifying cyber risk and hear from insurance experts and other industry stakeholders grappling with this important new challenge facing businesses today. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear about social media’s role in the suppression of the coup d’ état in Turkey. The United Cyber Caliphate and the competing “Peace Brigades” release overlapping and competing target lists. Ukrainian nationalist hacktivists hit Poland’s Ministry of Defense. “Delilah” is a backdoor Trojan built for blackmail, and “Wildfire” is a new strain of ransomware. Some databases for sale on the Dark Web look like junk. Deloitte's Emily Mossberg shares insights from their latest report, and John Leiseboer from Quintessence Labs explains the security benefits of interoperability. Pokémon Go looks like the biggest mania since the 17th Century’s tulip craze. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast we hear about ISIS and its response to pressure from its enemies—the news is decidedly mixed, especially given the tragedy in France. Familiar banking Trojans, exploit kits, and ransomware pick up some new functionality. Someone’s jackpotting ATMs in Taiwan. SAP and Cisco patch. US court rulings have privacy and liability implications. Venture capital investments and M&A news. Ben Yelin tells us about a 4th Amendment case involving privacy on your home computer, and Eli Sugarman from the Hewlett Foundation's Cyber Initiative shares their grant making story. And Pokemon-Go continues its irresistible rise—don’t slip into any augmented reality pitfalls. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear about some expansive court decisions that may make you uneasy. Chinese spies get into the FDIC, and the victim may have covered it up. Start-ups attract fresh investment. New exploit kits jockey for position. Securing your Bitcoin wallet. What to make of Pokemon's security issues. Dale Drew from Level 3 Communications gives us the low-down on some cyber security lingo, and Darin Stanchfield from KeepKey explains options for securing your Bitcoin. And, in California, an alleged violation of Asimov's First Law of Robotics. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we go over some of the highlights of this week's patches, including fixes from Microsoft, Abode, Drupal, and Niantic. We discuss the security of the industrial Internet-of-things and critical infrastructure, especially the power grid. We hear about the current state of ransomware play, and note the return of xDedic, the hacker server hawker, to the dark web souk. Industry news includes coming cyber upgrades to SWIFT, VC updates, and notes on the markets. The University of Maryland's Jonathan Katz tells us about "fansmitters", and Booz Allen's Scott Stables shares threat data from their latest ICS report. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear some reports that ISIS may be losing some social media ground. NATO agrees to increase cyber cooperation. A newly described malware dropper is apparently tailored to work against specific European energy companies. 600,000 patient records are breached in the US. There's a decryptor out for Jigsaw ransomware, but not for the newly introduced "Alfa" or "Ranscam" (and Ranscam doesn't even bother to decrypt in the first place). Markus Rauschecker highlights some of the challenges with information sharing. Google and Niantic deal with Pokémon Go security issues. And don't enter some strangers' home, even if you see Reshirom EX on their sofa. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear about possible hacks of NATO websites during last week's Alliance meetings. South Asia's scissors-and-paste cyber espionage campaign is surprisingly effective. ISIS and al Qaeda vie for jihadist mindshare, and Anonymous hits government sites in Zimbabwe and South Africa. A hacker/hacktivist dumps what he claims to be Kindle credentials, but analysts are dubious about their provenance. Eleanor Mac malware targets webcams. State Department emails remain under investigation. Chris Gerritz from Infocyte tells us about threat hunting, and Charles Clancy from the Hume Center at Virginia Tech shares concerns about data privacy. Plus, Pokémon Go seems to be catching 'em all—Ash Ketcham, call your office. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we talk through the ramifications of Android encryption issues. Experts consider the implications of D-Link vulnerabilities for IoT security. The Wendy’s paycard breach has gotten much bigger. Familiar exploits circulate in the wild, and Mac backdoors make a comeback. CryptXXX is joined by a new ransomware variant, Cryptobit, and DedCryptor continues to play the Grinch. Avast’s purchase of AVG encourages the markets. The EU adopts new data regulations aimed at improving resilience. The FBI explains what it found in its investigation of Hillary Clinton’s emails, and defense attorneys find new lines of defense. Accenture's Malek Ben Salem shares how big data can help wth analytics, and we learn about early-stage startup accelerators from Mach 37's Bob Stratton. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear about Cymmetria's discovery of a major threat actor in South Asia, Patchwork, which assembles attack code by cutting and pasting from the Internet. HummingBad adware infests Android, and Pirrit (affecting Macs) is attributed to a marketer. D-Link routers may be vulnerable to remote-code execution. Google patches more than 100 Android issues. Symantec works on AV product problems. Avast buys AVG. Blockchain's potential. Cyber workforce development. FBI offers explanations to the House. Cyber crooks go after freelancers. Jonathan Katz explains the many uses for blockchain crypto technology, and Chris Key from Verodin has some advice for those entering the cybersecurity workforce. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear about Yingmob's HummingBad Android malware, what it's up to and where it might be headed. We also learn about Eleanor, a Mac OS-X backdoor masquerading as a document conversion app, and we hear about the shifting form of the pseudo-DarkLeech ransomware campaign. The ThinkPwn zero-day may have a wider scope than originally thought. Observers wonder whether ISIS may be overplaying its bloody hand, and, of course, we find out what the FBI concluded in its investigation of former Secretary of State Clinton's emails. Joe Carrigan, from the Johns Hopkins University Information Security Institute, reminds us to take care when setting up a new router. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we look at ISIS's shifting tactics in cyberspace, and the civilized world's response to them. OurMine continues to market its "services" by compromising celebrity accounts through recycled credentials. Two new ransomware varieties--"Satana" and "Zepto"--make their appearance, and researchers track (without attribution) the spoor of MNKit and SBDH malware. A researcher releases, without prior disclosure, a ThinkPad zero-day. The FBI investigation into State Department email issues warms up. Ben Yelin from the University of Maryland Center for Health and Homeland Security tells us about a Florida man in trouble for hacking an election site, and Michael Jacobs brings us the National Cybersecurity Hall of Fame. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we discuss Internet-of-things threats, not only botnets assembled from compromised security cameras, but also medical device hacking (with Conficker) as a way of stealing patient information. More insurance sector breaches appear to be in progress, too. The Sprashivai social network is compromised. The Infy espionage infrastructure is taken down (but may return—they often do). NERC standards for power grid cyber security take effect today. John Leisebeor from Quintessence Labs explains key management within a security framework, and we learn about DevOps from Cybric's Mike Kail and eGlobalTech's Branko Primetica. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear about DarkOverlord and the data he's selling online. Guccifer 2.0 returns to blogging, and says he's not working for the Russians, but CrowdStrike, ThreatConnect, and SecureWorks present evidence to suggest otherwise. Thompson-Reuters says it's contained the World-Check database leak. Oculus' Twitter account is briefly hijacked (now restored to company control). Point-of-sale breach disclosures are confirmed. Why hackers hack when they do. Some governments' efforts to control information online seem to be having greater than expected success. Level 3's Dale Drew explains the season nature of cyber attacks, and Cytegic's Dan Pastor offers his view on the recent SWIFT banking attacks. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we note that in the wake of the ISIS bombings in Istanbul, security services around the world are looking for online intelligence that might help prevent future terror attacks. Another wave of SWIFT fraud appears to have hit--this time the victims are banks in Ukraine and Russia. Ransomware updates (including the unwelcome return of Locky), notes on smishing, and a review of some questionable PlayStore apps. Apple's iPhone turns 9 and The University of Maryland's Jonathan Katz explains that company's move toward "differential privacy." Jon Allen from Booze Allen Hamilton talks about the Automotive ISAC and previews the upcoming Billington Cybersecurity Global Automotive Cybersecurity Summit. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we get an update on the Russian threat group that hit the DNC. A hacker claims to have nine million health insurance records for sale on the dark web. Too many medical devices are vulnerable to Windows 7 and XP exploits. What scared the Nuclear exploit kit's operators. The IRS takes down its e-filing PIN system, and OPM acknowledges its breach affected tens of millions more than just those seeking clearances. We hear some merger and acquisition news, catch up on some workforce training initiatives, and hear about some black hats who'd like their celebrity victims to think of them as white hats. Law expert Ben Yelin from the Center for Health and Homeland Security tells the tale of a well-intentioned security researcher raider by the FBI. Cisco's Tejas Vashi outlines their $10 million cyber security scholarship program. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we offer a quick survey of the vast and spreading Ransomware landscape. (And talk about some other bits of cybercrime as well, but if Willie Sutton were alive today, and had an Internet connection, he'd be into ransomware.) Brexit's implications remain under study and speculation, but many see a shift in the tech startup scene in the general direction of Berlin. Most observers have now concluded that the DNC hack was a Russian job (and not the work of a lone hacktivist). Joe Carrigan from the Johns Hopkins University Information Security Institute reminds us why we shouldn't reuse passwords. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we discuss the implications of Brexit, and we talk with someone whose researchers predicted it from social media analytics. GhostSquad strikes, apparently, for ISIS, and LizardSquad DDoSes Overwatch for the lulz. Some old threats come back (some never really left). US Cyber Command is operational against ISIS. The importance of low-power WAN for the IoT. State Department email investigation continues. Malek Ben Salem from Accenture Technology Labs tells us about Software Defined Security. Daniel Mayer from Expert System explains how they predicted the UK vote, and Matthew Knight from Bastille Networks shares his research into low-power wide area networks. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear that Brexit's trending in Twitter as British voters go to the polls—the results will have interesting implications for security and the security industry. Tech support scammers put down their phones and pick-up their pop-ups. Some mixed news on ransomware. Markus Rauschecker from the Center for Health and Homeland Security mulls laws of war for cyberspace. ZScaler's Deepen Desai reports on new MS Office macro malware. US voter information leaks onto the Internet. More skepticism about Guccifer 2.0. And did we just hear a non-denial denial about the DNC hack? Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we talk about Android malware loose in the wild, crimeware-as-a-service (both ransomware and banking Trojans). We hear about the growing consensus that Russian intelligence services were responsible for the DNC hack, and we note the latest report: those services also seem to have pwned the Clinton Foundation. Critical infrastructure jitters persist. Analysts look at cyber insurance markets, bellwether security stocks, and a new VC investment. Dr. Charles Clancy from the Hume Center at Virginia Tech discusses the cyber challenges faces the transportation industry, and Ayse Kaya Firat from Cloudlock shares key points from their recent report on the dangers of third party apps. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear about trends in cyber espionage and ransomware. We also learn more about the DNC hack, which looks more like a Russian operation (and Guccifer 2.0 goes a little bit public and looks a lot less plausible as a lone hacktivist). XDedic looks bigger (but may be out of its stolen server-time business). GSA has a new cyber SIN, and the US Secret Service wants cyber triage tools. Israel relaxes its cyber export controls, and Wassenaar reconvenes to rework its cyber arms export control regime. Fidelis Vice President of Cybersecurity Services Mike Buratowski shares their research into the DNC hack, and CyberWire editor John Petrick explains false flags. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we review the bidding over responsibility for the DNC hack—most observers still think signs point toward Moscow. Wikileaks promises more DNC documents to come. Suspicions revive that the Cyber Caliphate may be a false-flag operation and other notes on the difficulty of attribution. Dridex may be present in some SWIFT-related bank fraud. Angler seems gone for good (but replaced by other exploit kits). UK MPs suggest holding CEO's responsible for breaches by hitting their pay. Tanium and FireEye and their rejected suitors. DoJ responds to the Silk Road appeal. Jonathan Katz from the University of Maryland explains the Etherium/DAO cryptocurrency heist, and Ryan Stolte from Bay Dynamics share results from a report on board room engagement with cyber. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we continue to follow the developing story of the Democratic National Committee hack (Russia denies responsibility, but CrowdStrike stands by its attribution). DNC chair Wasserman Schultz says no financial information was lost, and on cue Guccifer 2.0 produces some. The FBI continues its probe of possible ISIS connections to the Orlando killings. Researchers describe an approach to developing intelligence from social media. FireEye is said to be uninterested in being acquired. Tanium's not interested, either. Some serious bugs are addressed this week. Dale Drew from Level 3 compares honey pots to live data and Craig Smith from Open Garages takes us on the road to car hacking. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we look at developments in the Panama Papers case. A "lone hacker" going by "Guccifer 2.0" claims the DNC hack, but CrowdStrike stands by its attribution to Russian intelligence. Investigators look at Orlando shooter Mateen's online history. Anonymous hits ISIS in cyberspace, and so does US JTF-Ares. xDedic is the latest black market: it deals in server access. Telegram denies being vulnerable. Admins complain about one of Microsoft's June patches. Quintessence Lab's Vikram Sharma tells us about quantum key encryption. And we hear from Wandera's Michael Covington about the true cost of buying cheap sunglasses online. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we follow up on Russian intelligence services' hacks of the US Democratic National Committee, and their connection with other cyber espionage campaigns. We hear about more Chinese government industrial spying. ISIS claims to the Orlando shooter as one of its own as the civilized world continues to grope toward an understanding of ISIS information operations. More breaches add more credentials (and server access) to the black market. We take a quick look at Patch Tuesday. Charles Clancy from the Hume Center at Virginia Tech gives us a lesson in information sharing, and Vinny D'Agostino from K2 Intelligence shares how they're helping NFL players stay safe on social media. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we talk about the breaking news concerning Russia's hack of the DNC, with insights from STEALTHbits Technologies' Adam Laub. We discuss the state of the investigation into what, if any, role online inspiration played in the Orlando gunman's massacre. North Korea appears to have engaged in a long-running campaign of cyber espionage against the South. The Molerats' failure to clear document information may have unmasked them. The Vawtrak banking Trojan gets more evasive. Shadow apps place enterprises at risk, and application collusion disturbs mobile users. The Angler exploit kit has practically vanished, replaced for the most part by Neutrino. Symantec's acquisition of Blue Coat fuels M&A speculation. And the price of that Windows LPE zero day keeps dropping. Ben Yelin reviews a judge's ruling that restricts the FBI's use of hacking. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we recap what's known publicly about ISIS inspiration of the apparent jihadist massacre at an Orlando gay club, and consider speculation about ISIS's and its rivals' information operations as ISIS loses territory on the ground. Social media security concerns persist, ransomware's criminal market sees some ups and downs, and we learn about encryption keys from Quintessence Labs. M&A activity sees Symantec buy Blue Coat, and Microsoft pick up LinkedIn. India worries about China's cyber activities. John Leiseboer from Quintessense Labs outlines the importance of key management in cryptography. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear from the experts on how old data breaches can cross-contaminate users' other accounts. Point-of-sale problems seem ready to grow in the recent Wendy's incident. Ransomware's shifting landscape sees Locky's distribution botnet vanish (for unclear reasons), Crysis replace TeslaCrypt, and CryptXXX jump exploit kits. Some startups get some nice VC rounds. We hear about the law surrounding mobile location data, and we're reminded of cyber-physical threats to security systems and critical infrastucture. Markus Rauschecker from the University of Maryland Center for Health and Homeland Security reviews an important circuit court privacy decision, and researcher Wesley Wineberg warns us about embedded security cameras. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we follow the latest news and trends with respect to ransomware, now the hottest commodity on the black market, and still able to fetch between $15,000 and $20,000 an extortion. Twitter credentials join VK's in the criminal souk; both sets may have been harvested via earlier breaches in other social media sites. NATO looks into cyber collaboration, workforce development, innovation (Estonia hints low budgets can drive creativity), and the risk of strategic surprise in hybrid warfare. Cylance becomes the industry's latest unicorn with a big Series D funding round. The Johns Hopkins University's Joe Carrigan help us plan our backup strategy, and Scott Petry from Authentic8 offers suggestions for safe browsing while traveling. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear about trends in phishing, ransomware, and distributed denial-of-service—and none of those trends are particularly good. We hear why some ransomware may keep coming back after it's been removed. US bank regulators warn financial institutions to mind their security manners in the wake of the SWIFT-related fraudulent transfers, and investigation into the Bangladesh Bank hack still point toward Pyongyang (with a slight nod in the direction of Shanghai. The FBI is actively stinging potential jihadists, and Singapore gets ready to wean its civil servants from the Internet at work. And we welcome our newest research partner, Dr. Charles Clancy from Virginia Tech's Hume Center. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we discuss another in the long-running series of big social media breaches, this one in VK. Password re-users are advised to change not only their credentials, but their ways. Vulnerabilities are reported in Facebook features, and in Ubee VoIP routers. Dale Drew from Level 3 Communications explains that cyber attack traffic in Latin America is up. Raytheon's Dave Amsler shares the findings of a new survey on how companies interact with MSSPs. Al Qaeda makes its way back to Twitter (from Syria). As the US seeks expanded warrantless electronic search authority in terrorism and espionage investigations, observers find themselves thinking that maybe Snowden actually did the NSA some favors. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we follow developments in the SWIFT-related Bangladesh Bank fraud case—more observers buy into the view that North Korea was involved. Many see anti-racketeering measures being adapted to cyberspace, with businesses improving their security by reducing their attackers' return-on-investment. Pakistani hackers spearphish Indian civil servants and install espionage backdoors. Anti-ISIS measures seem to have heightened ISIS's internal mistrust. Irongate and other IoT threats are discussed, as is a rise in hacker attention to Android. Malek Ben Salem speaks to the challenges of identity in the IoT. Zack Schuler from Ninjio makes the case for entertaining training. And OurMine tweets dadada... Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we review some notes on alleged North Korean involvement in fraudulent SWIFT transfers, and on new US sanctions. We take a look at various corners of the cyber criminal underground, including commodification of both malware and stolen data. Big claims for artificial intelligence are going to involve some big litigation, too. And we hear, again, about the vulnerability of data-at-rest and the importance of encrypting your devices. Ben Yelin from the University of Maryland Center for Health and Homeland security discusses the potential legal ramifications of a Facebook privacy suit, and Joseph Billingsley tells us about the Military Cyber Professionals Association. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear about online censorship in China, and an espionage campaign directed against Taiwan. RiskIQ finds that many large companies are riding for the same fall Mossac Fonseca took with the Panama Papers. We talk to Trustwave about that alleged Windows zero-day being sold by cyber criminals, and we hear about some smaller potatoes in the ransomware market. Industry news highlights US Federal contract wins and recent M&A activity. The University of Maryland's Jonathan Katz highlight some new research in random number generation. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's Podcast, we hear about Citizen Lab's discovery of an apparent cyber espionage campaign operating under journalistic cover (and targeting journalists). We discuss the state of the black market for both zero-days and stolen data, and get some recommendations for identity protection from the experts. Venafi talks about the implications of the coming SHA-1 expiration, Joe Carrigan from Johns Hopkins tells us what's wrong with public photo-printing kiosks, and some University of Michigan researchers have a clever, insidious hardware backdoor proof-of-concept. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear about the ways in which some old breaches are resurfacing to trouble major social media platforms. Those old breaches are also looking far larger than initially suspected. We learn about "sandjacking" and "bug poaching" as new additions to the lexicon of cyber crime. Analysts continue to think threats will drive cyber industry growth, and venture capital interest seems high, but more selective. Dr. Vikram Sharma from Quintessence explains One Time Pads, and Threat Quotient's Ryan Trost shares the pros and cons of attribution. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we discuss the SWIFT transfer issues now under investigation in a dozen more banks. SWIFT announces a five-point security strategy. Attacks on the private sector are seen as having national security implications. Other cyber threats to business--DDoS and ransomware--place availability of data and networks at risk. We take a look at investor interest in cyber stocks, and we talk with experts on artificial intelligence and encryption. And, as far as nation-state attacks are concerned, again, signs point to Pyongyang. (As they so often do.) Malek Ben Salem from Accenture Labs explains AI and Machine Learning, and Brent Waters, of the University of Texas at Austin, who's recently been honored with an early career award from the Association of Computing Machinery for his contributions to encryption. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear about security in international banking, some developments in the world of malware, and how presidential impersonation and a big loss cost a CEO his job. Analysts like some of the bigger cyber players (and they're waiting for Palo Alto's results tonight). VCs back three security companies with new funding. The State Department IG's report on email retention and security is out. DARPA wants to secure legacy IT systems, and US SOCOM wants innovative cyber tools. Dale Drew from Level 3 Communications walks us through the negotiations of ransomware, and Danny Rogers from Terbium Labs explains how to search for something when you don't know what that something is. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear about the current state of ransomware, why criminals like it, and what can be done about it. Keyloggers are being distributed by malicious USB charging devices. Blue Coat may be headed for an IPO. US cyber operations have been called "cyber bombs," but they may be a lot more like battlespace preparation (and so traditional EW and intelligence). Microsoft Azure Active Directory does something about bad passwords. And Markus Rauschecker from the University of Maryland Center for Health and Homeland Security explains why the FCC and FTC are holding back on IoT regulation. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear about Turla's return, this time in an espionage campaign against Switzerland's RUAG. The Panama Papers and other hacks prompt reiteration of lots of good, if familiar advice, some of it directed at the US Congress and other small businesses. The TeslaCrypt proprietors seem less remorseful than resourceful, as they shift to CryptXXX. SWIFT plans to announce a security upgrade today. US Cyber Command announces the winners of its $460 million IDIQ. Guccifer prepares to cop a plea, and the Scunthorpe Problem surfaces in Oxfordshire. We also hear about cloud storage security from Quintessence Labs, and Protemus talks to us about medical records' privacy. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear about attempts by SWIFT to work toward upgraded security with clients. Japan sustains a coordinated looting of ATMs (to the tune of ¥1.44 billion). Operation Ke3chang returns to snoop on Indian diplomatic missions. ISIS returns to inspiration. Business gives advice to government in the UK and the US, and investors see recent cyber stock price corrections as, maybe, a buying opportunity. We learn about monitoring your wireless attack surface from Pwnie Express' Paul Paget. And Joe Carrigan from Johns Hopkins Information Security Institute shares how they keep Mom safe online, Baltimore style. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we follow moves to upgrade US Cyber Command to a Unified Combatant Command. We follow developments in Operation Groundbait, Phineas Phisher's latest, and the discovery of China's 50-cent-ers. Conficker is still out and active eight years after patching We take a look at industry news, and hear about how TeslaCrypt may be closing up shop. Our expert today is Accenture Labs' Malek Ben Salem who discusses semantic technology for cyber defense. We'll also hear from historian and author Abby Smith Rumsey who'll talk about her book, “When We are No More: How Digital Memory Memory Will Shape Our Future." Learn more about your ad choices. Visit megaphone.fm/adchoices