Tuesday, October 23, 2018
The CyberWire Podcast

Russian indicted in US midterm election influence conspiracy case. Styles and goals of info ops. Cyber deterrence. DPRK petty crime. Alt-coin scammer. Spy chip story remains unconfirmed, unretracted.

In today's podcast we hear that the US has indicted a Russian accountant for conspiring to influence US midterm elections. Different nations have different styles of information operations because they have different goals. Technology shifts, but underlying principles of...
The CyberWire Podcast

Russian indicted in US midterm election influence conspiracy case. Styles and goals of info ops. Cyber deterrence. DPRK petty crime. Alt-coin scammer. Spy chip story remains unconfirmed, unretracted.

In today's podcast we hear that the US has indicted a Russian accountant for conspiring to influence US midterm elections. Different nations have different styles of information operations because they have different goals. Technology shifts, but underlying principles of...
The CyberWire Podcast

Stormy weather in the Office 365 cloud. — Research Saturday

Security firm Lastline recently took a close look at threats to the Office 365 cloud environment, taking advantage of the insights they gain protecting their clients.  Andy Norton is director of threat intelligence at Lastline, and he joins us...
The CyberWire Podcast

Chinese supply-chain hack story gets vanishingly thin. Twitter downs pro-Saudi bots. SEO poisoning. OceanLotus evolves. Ransomware notes.

In today's podcast, we hear that no one but Bloomberg seems to retain much faith in Bloomberg's story about Chinese supply-chain seeding attacks. Twitter blocks bots retailing coordinated Saudi talking points about the disappearance of journalist Jamal Khashoggi. Latvia says it...
The CyberWire Podcast

Looks like Comment Crew, but probably isn’t. Facebook breached by spammers. Twitter’s big troll trove. Router issues. Who dunnit to YouTube?

In today's podcast, we hear that a campaign reuses some of the old Comment Crew code, but McAfee researchers think it's not the same old Crew. Facebook thinks its big breach was the work of spammers, not spies. Twitter releases a...
The CyberWire Podcast

Meddling with the midterms — Special Edition

Kim Zetter is longtime cybersecurity and national security reporter for the New York Times, and author of the book Countdown to Zero Day. She joins us to discuss her recent feature for the New York Times Magazine,  titled The...
The CyberWire Podcast

Two ways of hacking the vote. BlackEnergy is active in Poland and Ukraine. ISIS and info ops. Hurricane-stressed utility further stressed by ransomware. Silicon Valley governance.

In today's podcast, we hear about election security, and two ways of hacking the vote. DHS points out that the states are getting better about sharing election security information. ISIS sets the template for terrorist information operations. BlackEnergy is back, in...
The CyberWire Podcast

Facebook in Myanmar. Supply chain seeding attack update. Election hacking. NCSC reports. EU prepares sanctions (Russia feels ill-used).

In today's podcast we hear about social networking for genocide in Myanmar: Facebook takes down the Army's inauthentic and inflammatory pages. The supply chain seeding attack from China remains dubious. Probes of US election infrastructure, and black market offers...
The CyberWire Podcast

Facebook breach details. Privacy issues and an image problem for advocates. Supply-chain-attack skepticism. Info ops, bikers, and deniable paramilitaries.

In today's podcast, we heat that Facebook has found that fewer users than feared were affected by its breach, but that in this case "fewer" still means "a lot"—nearly thirty-million of them. Do privacy advocates have an image problem? Supply...
The CyberWire Podcast

Driving GPS manipulation — Research Saturday

Researchers at Virginia Tech investigate possible ways to manipulate GPS signals and send drivers to specific locations without their knowledge.  Gang Wang is Assistant Professor of Computer Science at Virginia Tech, and he joins us to share his team's...
The CyberWire Podcast

Busy Bears, again. Mixing IT and OT is a risky business. New Android Trojan. Supply chain seeding attack updates. Facebook purges more “inauthentic” accounts. Data privacy. Cyber sanctions.

In today's podcast we hear that Ukraine says it's under cyberattack, again. ESET connects Telebots and BlackEnergy. Port hacks suggest risks of mixing IT and OT. Talos finds a new Android Trojan. Skepticism over Chinese supply chain seeding attack report continues. Facebook purges more...
The CyberWire Podcast

Seeding-attack skepticism. MSS officer arrested, will face industrial espionage charges in the US. Russia says again that it didn’t hack the OPCW.

In today's podcast, we hear that the report of Chinese supply chain seeding attacks comes in for more skepticism: NSA never heard of it, and Congress would like some answers. The US has an officer of China's MSS in...
The CyberWire Podcast

Updates on supply-chain seeding reports. DDoS in Ukraine. GAO reports on US weapon system cyber vulnerabilities. Bugs exploited by Mirai persist. Patch note and toe dialing.

In today's podcast we hear that there's no consensus, yet, on Bloomberg's report of Chinese seeding attacks on the IT hardware supply chain. Ukrainian fiscal authority sustains DDoS attack. GAO reports on cyber vulnerabilities in US Defense Department weapon...
The CyberWire Podcast

Update on supply chain seeding reports. GRU comes in for more criticism. UK prepares cyber retaliatory capability. Power grid resilience. Panda Banker. Google’s good and bad news.

In today's podcast we hear that Bloomberg's report of a Chinese seeding attack on the IT hardware supply chain comes in for skepticism, but Bloomberg stands by—and adds to—its reporting. Everyone is seeing Russia's GRU everywhere, and Russia feels...
The CyberWire Podcast

Cryptojacking criminal capers continue — Research Saturday

Researchers at Palo Alto Networks' Unit 42 have been tracking the rise of cryptocurrency mining operations run by criminal groups around the world. Ryan Olson is V.P. of threat intelligence at Palo Alto Networks, and he joins us to...
SecurityWeek

Japan Orders Facebook to Improve Data Protection

The Japanese government on Monday ordered Facebook to improve protection of users' personal information following data breaches affecting tens of millions of people worldwide. read more

If Facebook buys a security company, how will it retain the staff who absolutely hate Facebook?

According to reports, Facebook is planning to acquire a cybersecurity firm. But what will the security boffins think of working for Mark Zuckerberg of all people?
The Register

jQuery? More like preyQuery: File upload tool can be exploited to hijack at-risk websites

Flaw present for the past eight years, easy to exploit, and there are thousands of forks A serious vulnerability in a widely used, and widely forked, jQuery file upload plugin may have been exploited for years by hackers to...

Watch how a Tesla Model S was stolen with just a tablet

Criminals were able to dupe the Tesla’s passive entry system into giving them access, and letting them drive away. (But only after they struggled to unplug it.)

Facebook Rumored to Be Hunting for Major Cybersecurity Acquisition

Goal appears both a bid to bolster its own security and its tattered reputation for privacy, according to reporting by The Information.