RASPITE noses around the US power grid. Cisco will buy Duo Security. Sandworm afflicts lab investigating Novichok attack. Influence ops can be no-lose proposition.Crytpojacking and malspam.

August 2, 2018, 12:31 pm

≫ Next: Russian threats and threats to Russia. Cryptojacking wave spreads out from Brazil. Recovering from malware in Alaska and Atlanta. Notes on automotive cybersecurity.

≪ Previous: Reddit Hacked. Ukrainians nabbed. Facebook boots "inauthentic" accounts for malign influence. Pegasus spyware found in Amnesty phone. Yale's old breach. Google and censorship.

$

0

0

In today's podcast, we hear that Cisco plans to buy Duo Security. Dragos warns of the RASPITE adversary actor. Russia's Sandworm group is phishing people connected with a Swiss chemical forensics lab. How influence operations can be a no-lose proposition. A cryptojacking campaign is discovered and stopped. Malspam is using gifs to carry a keylogger payload. And Facebook CSO Alex Stamos has fixed a date for his departure for Stanford. Robert M. Lee from Dragos with thoughts on categorizing threat actors. Guest is Wendi Whitmore from IBM with their 2018 Cost of a Data Breach study. 

For links to all of today's stories check out our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_02.html

---

Russian threats and threats to Russia. Cryptojacking wave spreads out from Brazil. Recovering from malware in Alaska and Atlanta. Notes on automotive cybersecurity.

August 3, 2018, 1:00 pm

≫ Next: Cortana voice assistant lets you in. — Research Saturday

≪ Previous: RASPITE noses around the US power grid. Cisco will buy Duo Security. Sandworm afflicts lab investigating Novichok attack. Influence ops can be no-lose proposition.Crytpojacking and malspam.

$

0

0

In today's podcast we hear that the US Intelligence Community warns of Russian threats, again. A criminal spearphishing campaign hits Russian industrial companies. A cryptojacking wave is installing CoinHive in MicroTik routers. Speakers at the Billington Automotive CyberSecuirty Summit stress collaboration, design for security, and the convergence of cyber and safety. Autonomy and connectivity make these imperative for the next generation of vehicles. Municipalities hit by malware feel the pain.  Ben Yelin from UMD CHHS on a NYT story on records being seized from a reporter. Guest is David Spark, cohost of the CISO Security Vendor Relationship podcast.  

For links to all of today's stories check out our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_03.html

 

Cortana voice assistant lets you in. — Research Saturday

August 4, 2018, 4:00 am

≫ Next: More data exposures, from banks and a major CRM provider. Ransomware strikes back. The irresistibility of data. An unhackable wallet gets hacked…maybe. Spreading goodwill through Akido?

≪ Previous: Russian threats and threats to Russia. Cryptojacking wave spreads out from Brazil. Recovering from malware in Alaska and Atlanta. Notes on automotive cybersecurity.

$

0

0

Researchers at McAfee recently discovered code execution vulnerabilities in the default settings of the Cortana voice-activated digital assistant in Windows 10 systems. 

Steve Povolny is head of advanced threat research at McAfee and he shares their findings.

The research can be found here:

https://securingtomorrow.mcafee.com/mcafee-labs/want-to-break-into-a-locked-windows-10-device-ask-cortana-cve-2018-8140

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

More data exposures, from banks and a major CRM provider. Ransomware strikes back. The irresistibility of data. An unhackable wallet gets hacked…maybe. Spreading goodwill through Akido?

August 6, 2018, 11:03 am

≫ Next: TSMC recovers from WannaCry infection. OpenEMR fixes 30 bugs. UK will ask Russia to extradite two GRU operators for Novichok attacks. Twitterbots flourish.

≪ Previous: Cortana voice assistant lets you in. — Research Saturday

$

0

0

Leaky API may have exposed Salesforce customers' data, TSMC reports a virus in its semiconductor plants. TCM Bank discloses a paycard application leak. Ransomware in Hong Kong. The US Census Bureau prepares to secure its 2020 "fully digital" census. The unbearable, irresistible urge to monetize data. Notes on automotive cybersecurity. Depending on whom you ask, the Bitfi wallet was either hacked, or not. And a new goodwill ambassador seeks to repair US-Russian relations. Rick Howard from Palo Alto Networks exploring the notion of superforecasting. 

For links to all of today's stories check out our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_06.html

TSMC recovers from WannaCry infection. OpenEMR fixes 30 bugs. UK will ask Russia to extradite two GRU operators for Novichok attacks. Twitterbots flourish.

August 7, 2018, 1:53 pm

≫ Next: Payment processors probed with BGP exploits for redirection attacks. WhatsApp vulnerable to manipulation? Deterrence and retaliation. Anonymous vs. QAnon. Notes from Black Hat.

≪ Previous: More data exposures, from banks and a major CRM provider. Ransomware strikes back. The irresistibility of data. An unhackable wallet gets hacked…maybe. Spreading goodwill through Akido?

$

0

0

In today's podcast we hear that chipmaker TSMC says the virus that shut it down in Taiwan was WannaCry. It appears to have been an incidental infection enabled by inattentive installation of software. OpenEMR fixes bugs that could have exposed millions of patient records. British authorities are said to be readying an extradition request for GRU operators they hold responsible for the Novichok attack in Salisbury—the incident has prompted Russian hacking and disinformation. Mike Benjamin from CenturyLink on DDoS attack trends. Casey Ellis from Bugcrowd with an overview of bug bounty programs. 

Payment processors probed with BGP exploits for redirection attacks. WhatsApp vulnerable to manipulation? Deterrence and retaliation. Anonymous vs. QAnon. Notes from Black Hat.

August 8, 2018, 9:44 am

≫ Next: State-sponsored ransomware campaigns coming? DarkHydrus and Phishery. Hitting ATMs for alt-coin. US sanctions Russia. IBM looks at artificially intelligent malware. Black Hat notes.

≪ Previous: TSMC recovers from WannaCry infection. OpenEMR fixes 30 bugs. UK will ask Russia to extradite two GRU operators for Novichok attacks. Twitterbots flourish.

$

0

0

In today's podcast we hare that Oracle has warned of BGP exploits against payment processors. Check Point says it's found vulnerabilities in WhatsApp that could enable chat sessions to be intercepted and manipulated. Germany, Ukraine, and the US independently mull responses to hacking and influence operations. Anonymous announces it wants to take its shots at QAnon. Notes from Black Hat, including observations on grid hacks, AI, and the gray hat phenomenon. David Dufour from Webroot with a look at the year in review. Guest is Travis Moore from TechCongress describing their fellowship programs. 

For links to all of today's stories check out our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_08.html

State-sponsored ransomware campaigns coming? DarkHydrus and Phishery. Hitting ATMs for alt-coin. US sanctions Russia. IBM looks at artificially intelligent malware. Black Hat notes.

August 9, 2018, 12:57 pm

≫ Next: DPRK RAT in the wild. Vulnerable WPA2 4-way handshake implementations. Black Hat notes. Sanctions and retaliation. RoK to reorganize Cyber Command. PGA and ransomware.

≪ Previous: Payment processors probed with BGP exploits for redirection attacks. WhatsApp vulnerable to manipulation? Deterrence and retaliation. Anonymous vs. QAnon. Notes from Black Hat.

$

0

0

In today's podcast we hear that Tehran seems ready to follow Pyongyang into state-sponsored theft to redress financial shortfalls: cryptocurrency ransomware looks like Iran's preferred approach. DarkHydrus uses commodity tool Phishery in Middle Eastern campaign. Jackpotting cryptocurrency ATMs. The US imposes sanctions on Russia. Reality Winner's sentencing date announced. IBM looks at artificially intelligent malware. The mob's role in the cyber black market. What's the bigger gaming threat, sideloading apps or the Fortnite dance? We're asking for a friend. Awais Rashid from Bristol University on issues with software warranties. Guest is Cheryl Biswas from the Diana Initiative, a conference in Las Vegas celebrating diversity, women in security, and how to pursue a career in information security and technology. 

DPRK RAT in the wild. Vulnerable WPA2 4-way handshake implementations. Black Hat notes. Sanctions and retaliation. RoK to reorganize Cyber Command. PGA and ransomware.

August 10, 2018, 10:25 am

≫ Next: Thrip espionage group lives off the land. — Research Saturday

≪ Previous: State-sponsored ransomware campaigns coming? DarkHydrus and Phishery. Hitting ATMs for alt-coin. US sanctions Russia. IBM looks at artificially intelligent malware. Black Hat notes.

$

0

0

In today's podcast we hear that US-CERT is warning of a North Korean RAT. Researchers find vulnerable WPA2 handshake implementations. A sales call results in inadvertent data exposure. Notes on Black Hat: circumspection, hype, barkers, and artificial intelligence. Russia braces for US sanctions and promises retaliation. South Korea will reorganize its Cyber Command. The PGA is hit with ransomware. Guests are Andrei Soldatov and Irina Borogan, authors of the book The Red Web. 

---

Thrip espionage group lives off the land. — Research Saturday

August 11, 2018, 3:00 am

≫ Next: Spyware for states and spouses. Election hacking demos. New ransomware strains, and a clipper for Android. Airline Wi-Fi is not only irritating, but insecure as well.

≪ Previous: DPRK RAT in the wild. Vulnerable WPA2 4-way handshake implementations. Black Hat notes. Sanctions and retaliation. RoK to reorganize Cyber Command. PGA and ransomware.

$

0

0

Researchers at Symantec have been tracking a wide-ranging espionage operation that's targeting satellite, telecom and defense companies. 
Jon DiMaggio is a senior cyber intelligence analyst at Symantec, and he takes us through what they've discovered.

The research can be found here:
https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets

 

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

Spyware for states and spouses. Election hacking demos. New ransomware strains, and a clipper for Android. Airline Wi-Fi is not only irritating, but insecure as well.

August 13, 2018, 12:36 pm

≫ Next: Cryptowars notes. DDoS in Finland. Bears aren't under the beds; they're in the routers. Smart city attack surfaces. Sanction notes. Training through puzzle-solving .

≪ Previous: Thrip espionage group lives off the land. — Research Saturday

$

0

0

In today's podcast, we hear about spyware in the guise of a missile attack warning app. New Dharma variant out. Android.Clipper redirects transactions to crooks' cryptowallets. DLink exploits rob Brazilian banking customers. Utilities prepare for grid hacks, but researchers say an appliance botnet could cycle demand enough to induce blackouts. Vulnerabilities in airline Wi-Fi and SATCOM connectivity. Election hacking demos may or may not be realistic. Family spy ware proves vulnerable to data exfiltration. Ben Yelin from UMD CHHS on police using facial recognition software to nab a suspect. 

Cryptowars notes. DDoS in Finland. Bears aren't under the beds; they're in the routers. Smart city attack surfaces. Sanction notes. Training through puzzle-solving .

August 14, 2018, 11:24 am

≫ Next: Notes on patching. Foreshadow speculative execution vulnerability. Influence operations. The FBI's new cyber chief. Are stickers a temptation to thieves, hackers, and customs officers?

≪ Previous: Spyware for states and spouses. Election hacking demos. New ransomware strains, and a clipper for Android. Airline Wi-Fi is not only irritating, but insecure as well.

$

0

0

In today's podcast, we hear about the cryptowars down under. Major DDoS incident in Finland. Bears in the home routers, and concerns about IoT and power grid security prompt a US Senator to demand answers. Smart cities present big attack surfaces. Preliminary notes on patches. ZTE and Huawei devices formally disinvited from US Government networks. Cyber retaliation expected from Russia and Iran over sanctions. And locking people in a room to teach them good cyber hygiene. Justin Harvey from Accenture on threat hunting. Guest is Bob Stevens from Lookout discussing app-based malware on mobile devices. 

For links to all of today's stories check out our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_14.html

Notes on patching. Foreshadow speculative execution vulnerability. Influence operations. The FBI's new cyber chief. Are stickers a temptation to thieves, hackers, and customs officers?

August 15, 2018, 1:00 pm

≫ Next: Hacking Old Man River. Nation-state cyber conflict: objectives and norms of behavior. Australia's new cyber laws. ATM campaign. Lawsuits, and the Dread Pirate Robert asks for pardon.

≪ Previous: Cryptowars notes. DDoS in Finland. Bears aren't under the beds; they're in the routers. Smart city attack surfaces. Sanction notes. Training through puzzle-solving .

$

0

0

In today's podcast we hear some Patch Tuesday notes—both Microsoft and Adobe were busy yesterday. Foreshadow, a new speculative execution vulnerability, is reported. Malaysia gets attention from Chinese espionage services. Competition for jihadist mindshare. Influence operations as marketing. The US FBI gets a new cyber boss. The Kremlin thinks the BBC is biased in the crypto-wars. And laptop stickers: are they good, bad, or ugly? Zulfikar Ramzan from RSA on SOCs and IoT. Guest is Dimitris Maniatis from Upstream on Android ad fraud malware. 

For links to all of today's stories check out the CyberWire daily briefing:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_15.html

Hacking Old Man River. Nation-state cyber conflict: objectives and norms of behavior. Australia's new cyber laws. ATM campaign. Lawsuits, and the Dread Pirate Robert asks for pardon.

August 16, 2018, 11:44 am

≫ Next: Election risks—hacking and influence. Chinese industrial espionage spike. Misconfigured project management. Necurs appears briefly. Bogus Fortnite downloads. What they heard in the banya.

≪ Previous: Notes on patching. Foreshadow speculative execution vulnerability. Influence operations. The FBI's new cyber chief. Are stickers a temptation to thieves, hackers, and customs officers?

$

0

0

In today's podcast we hear that cyber threats to river traffic have intermodal implications. Nation state hacking, Presidential Policy Directive 20, and international norms of cyber conflict. The tragic consequences of overconfidence concerning communications security. Australia's new cyber laws are more legal hammer than required backdoor. A campaign of ATM robbery nets millions worldwide. A cryptocurrency speculator sues the phone company, a spyware firm sues a former employee, and the Dread Pirate Roberts would like a pardon. Johannes Ullrich from SANS and the ICS Stormcast Podcast, on lingering legacy passwords in Office documents. Guest is Phil Neray from CyberX on the National Risk Management Center being spun up by DHS. 

For links to all today's stories, check out our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_16.html

Election risks—hacking and influence. Chinese industrial espionage spike. Misconfigured project management. Necurs appears briefly. Bogus Fortnite downloads. What they heard in the banya.

August 17, 2018, 1:28 pm

≫ Next: Stealthy ad fraud campaign evades detection. — Research Saturday

≪ Previous: Hacking Old Man River. Nation-state cyber conflict: objectives and norms of behavior. Australia's new cyber laws. ATM campaign. Lawsuits, and the Dread Pirate Robert asks for pardon.

$

0

0

In today's podcast we run through a brief guide to election risks, and the difference between hacking and influence operations. An Alaskan trade mission prompts a wave of Chinese industrial espionage. Misconfigured project management pages may have exposed Canadian and British Government information. Necurs flared up in a short-lived spam campaign against banks this week. Crooks use bogus Fortnite download pages. Final briefs are submitted in Kaspersky's court challenge to its US ban. Emily Wilson from Terbium Labs on her experience getting certified as a fraud examiner. Guest is Marco Rubin from the Center for Innovative Technology, on the security of UAVs and drones. 

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_17.html

Stealthy ad fraud campaign evades detection. — Research Saturday

August 18, 2018, 3:00 am

≫ Next: DarkHotel is back. So is Necurs, and it's distributing a modular malware dropper. Industrial espionage follows international trade. Election meddling. The use and abuse of data.

≪ Previous: Election risks—hacking and influence. Chinese industrial espionage spike. Misconfigured project management. Necurs appears briefly. Bogus Fortnite downloads. What they heard in the banya.

$

0

0

Researchers at Bitdefender have been tracking a bit of complex rootkit malware called Zacinlo that they suspect has been operating virtually undetected for over six years. Bogdan Botezatu is a senior cyber security analyst with Bitdefender, and he describes what they've found.

Research link:
https://labs.bitdefender.com/2018/06/six-years-and-counting-inside-the-complex-zacinlo-ad-fraud-operation/

 

The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative.

Thanks to our sponsor Enveil, closing the last gap in data security.

---

DarkHotel is back. So is Necurs, and it's distributing a modular malware dropper. Industrial espionage follows international trade. Election meddling. The use and abuse of data.

August 20, 2018, 12:46 pm

≫ Next: Beers with Talos — Live from the RiRa at Black Hat

≪ Previous: Stealthy ad fraud campaign evades detection. — Research Saturday

$

0

0

In today's podcast, we hear that an evolved DarkHotel campaign is under way. A new malware dropper is out and about thanks to the Necurs botnet. Researchers demonstrate proof-of-concept exploits. Cyber espionage follows trade. Notes on election meddling. Google and Facebook encounter some regulatory and legal headwinds over data collection. Connected cars know a lot about their drivers, and there's money in those data. Robert M. Lee from Dragos on the notion of cyber attacks as a distraction. 

For links to all today's stories, check out our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_20.html

Beers with Talos — Live from the RiRa at Black Hat

August 21, 2018, 8:16 am

≫ Next: Fancy Bear bogus sites taken down. Some in the US Congress think they want hack-back laws. Cyber and sanctions. Operation Red Signature. Doxing Chinese Intelligence. Buggy medical devices.

≪ Previous: DarkHotel is back. So is Necurs, and it's distributing a modular malware dropper. Industrial espionage follows international trade. Election meddling. The use and abuse of data.

$

0

0

CyberWire host Dave Bittner joins the crew from Cisco's Talos team on a special live edition of their Beers with Talos podcast from Black Hat.

Fancy Bear bogus sites taken down. Some in the US Congress think they want hack-back laws. Cyber and sanctions. Operation Red Signature. Doxing Chinese Intelligence. Buggy medical devices.

August 21, 2018, 12:59 pm

≫ Next: Facebook takes down "inauthentic" Russian and Iranian fronts. Twitter blocks Iranian false-flags, and FireEye explains why they think it's Tehran. Triout Android spyware described. Hacking back?

≪ Previous: Beers with Talos — Live from the RiRa at Black Hat

$

0

0

In today's podcast, we hear that Microsoft has sprung its bear trap, again, and caught Fancy Bear. This time the targets are more to the right than the left. The US Senate holds hearings on cybersecurity—hacking back is expected to be on the table. The UK wants more sanctions on Russia. US Senators are looking into reducing sanctions' collateral economic damage. Operation Red Signature pokes at South Korean supply chains. Intrusion Truth doxes Chinese intelligence officers. Medical device bugs. Rick Howard from Palo Alto Networks with tips buying cybersecurity products. Guest is Travis Rosiek from Blue Vector on fileless attacks. 

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_21.html

Facebook takes down "inauthentic" Russian and Iranian fronts. Twitter blocks Iranian false-flags, and FireEye explains why they think it's Tehran. Triout Android spyware described. Hacking back?

August 22, 2018, 11:23 am

≫ Next: If you're running a red team, let someone know it's a drill. Apache patches Struts. Another exposed AWS bucket. Remcos abused by hackers. DPRK goes after Macs. Dark Tequila runs in Mexico.

≪ Previous: Fancy Bear bogus sites taken down. Some in the US Congress think they want hack-back laws. Cyber and sanctions. Operation Red Signature. Doxing Chinese Intelligence. Buggy medical devices.

$

0

0

In today's podcast we hear that Facebook has taken down more inauthentic pages—some are Russian, but others are Iranian. Twitter blocks Iranian accounts for being bogus. Russia denies, again, any involvement in information operations against the US. US Army Cyber Command's boss wonders if his job isn't more "information ops" than "cyber." Bitdefender describes Triout, an Android spyware framework. And some in industry caution the Senate not to expect them to get frisky hacking back. Craig Williams from Cisco’s Talos team, discussing MDM (mobile device management) vulnerabilities. Guest is James Burns from CFC Underwriting on cyber security insurance. 

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_22.html

If you're running a red team, let someone know it's a drill. Apache patches Struts. Another exposed AWS bucket. Remcos abused by hackers. DPRK goes after Macs. Dark Tequila runs in Mexico.

August 23, 2018, 12:46 pm

≫ Next: More action against Iranian influence operations. Tehran's cyberespionage against universities. Counter-value targeting in cyber deterrence. Sino-Australian trade war? Law and order.

≪ Previous: Facebook takes down "inauthentic" Russian and Iranian fronts. Twitter blocks Iranian false-flags, and FireEye explains why they think it's Tehran. Triout Android spyware described. Hacking back?

$

0

0

In today's podcast, we hear that a phishing attempt against the Democratic National Committee turned out to have been a poorly coordinated red-team exercise. Apache patches a remote code execution vulnerability in Struts. Another exposed AWS bucket. Remcos remote administration tool is being abused by black hats. Dark Tequila goes after customers of Mexican financial institutions. The Lazarus Group is back, and it's getting into Macs for the first time. Joe Carrigan from JHU ISI on Android vs. iOS data privacy. Guest is Oren Falkowitz from Area 1 Security on protection against phishing attempts. 

For links to all of today's stories check our our CyberWire daily news brief:
https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_23.html