Wednesday, June 19, 2019
The CyberWire Podcast

Power grids, accidents, the challenge of forensics, and the nature of deterrence. BlueKeep considerations. Third- and fourth-party risks.

Investigation into Argentina’s power failure continues, with preliminary indications suggesting “operational and design errors were responsible for the outage. Russia reacts to reports that the US staged malware in its power grid. Iran says it stopped US cyberespionage. ISIS...
The CyberWire Podcast

Cyber deterrence? What grid failure looks like (and it needn’t come from a cyberattack). EU complains of Russian info ops. Twitter takes down inauthentic accounts.

The New York Times reports that the US has staged malware in Russia’s power grid, presumably as deterrence against Russian cyberattacks against the US. South America has largely recovered from a large-scale power outage that seems, so far, to...
The CyberWire Podcast

Apps on third-party Android store carry unwelcome code — Research Saturday

Researchers at Zscaler have been tracking look-alike apps in third-party Android app stores that carry malicious code. Deepen Desai is VP of security research and operations and Zscaler, and he joins us to share their findings.  The original research...
The CyberWire Podcast

Xenotime is now interested in the power grid. Vulnerable Exim servers under attack. Mr. Assange goes to court. Credential-stuffing attacks on gamers. And that Ms Katie Jones? Not a real person.

Xenotime is detected snooping around the North American power grid. Hacking groups exploit the Return of the Wizard vulnerability in Exim servers. Hearings on the extradition of WikiLeaks’ Julian Assange have begun. Online gamers are being chased with credential...
The CyberWire Podcast

Telegram recovers from DDoS. Fishwrap campaign breaks old news. Ransomware hits ACSO plants. Congress considers hacking back, again. That ol’ devil limbic system.

Telegram recovers from a distributed denial-of-service attack. No attribution yet, but all the circumstantial evidence points to the Chinese security services. Operation Fishwrap, conducted by parties unknown, is an influence campaign that substitutes olds for news. Aircraft component manufacturer...
The CyberWire Podcast

Shifting techniques in cybercrime. Miscreants take note: “the aperture” will henceforth be wider for US Cyber Command and offensive ops. What Radiohead did.

TA505 and Fin8 are both up to their old ways, with some new tricks in their criminal bag. A reminder about social engineering and Google Calendar. A new assertiveness is promised in US cyber operations, as the Administration “widens...
The CyberWire Podcast

Russia’s sovereign Internet. Huawei updates. CBP discloses exposure of images collected at a border crossing. Gmail features used for social engineering. M&A notes. Top bugs found by bounty hunters.

Russia says shrapnel from America’s war on that nice company Huawei is “destroying the world.” Russia also tells Tinder to fork over user pictures and messages. A Recorded Future study outlines the case for regarding Huawei as a security...
The CyberWire Podcast

An espionage campaign succeeds without zero-days. Spam serves up old Office exploit. Disinformation makes it into YouTube. The Huawei Affair. Raytheon to be acquired.

MuddyWater shows renewed activity--no zero-days and no exotic malware, just clever approaches and determined social engineering. Spam is serving up payloads that exploit an old Microsoft Office vulnerability. Russian-sponsored disinformation has been romping freely through YouTube. Some back-and-forth over...
The CyberWire Podcast

Xwo scans for default credentials and exposed web services — Research Saturday

Researchers at AT&T Alien Labs have been tracking a new malware family they've named "Xwo" that's scanning systems for default credentials and vulnerable web services.  Tom Hegel is security researcher with AT&T Alien Labs, and he share their findings....
The CyberWire Podcast

Recruiting spies at university? GoldBrute botnet and RDP vulnerabilities. MuddyWater update. RIG delivers Buran. Achilles claims to sell access. NRC’s IG reports on cyber. Antitrust for Big Tech.

The Australian National University hack and data loss look to many observers like the work of Chinese intelligence services. The GoldBrute botnet is scanning vulnerable RDP servers. MuddyWater is back, undeterred by leaks and learning from the best. The...
The CyberWire Podcast

BlueKeep proofs-of-concept. BeiTaAd plug-in is a serious Android pest. Cyber espionage against the EU’s Moscow embassy. Influence operations. A motive for GPS spoofing?

BlueKeep proof-of-concept exploits have been developed, and people are urged to patch. An annoying, disruptive advertising plug-in comes bundled with a couple of hundred Android apps in the Play Store. The EU’s Moscow embassy seems to have been the...
The CyberWire Podcast

AMCA breach extends to LabCorp. Still no EternalBlue in Baltimore ransomware attack. Frankenstein malware. Real hacking isn’t like the movies. Huawei’s no-spy deal. US Data Strategy. Patch BlueKeep.

Another medical testing firm is hit by the third-party breach at AMCA. More officials say there’s no EternalBlue involved in Baltimore’s ransomware attack. (And that attack may have involved some doxing, too--investigation is underway.) Real hacking isn’t like the...
The CyberWire Podcast

Iranian brute-forcing tool leaked. Third-party data breach touches medical testing company. Ransomware news and updates. An antitrust look at Silicon Valley?

Jason, an Iranian brute-forcing tool, has been leaked. A third-party breach affects customer and patient data held by Quest Diagnostics. Eurofins Scientific is recovering from a ransomware attack. A look at Baltimore City’s ransomware infestation shows no signs of...
The CyberWire Podcast

Recovery from network congestion. GandCrab to close. BlackSquid drops XMRig. BlueKeep patching lags. Crypto for criminals trial. Antitrust investigation of Google. “Persistence of Chaos” sold.

Google’s cloud services recover from network congestion. GandCrab’s proprietors say they’re retiring rich at the end of the month. BlackSquid delivers the XMRig Monero miner. Updates on the Baltimore ransomware incident. Too many machines not yet patched against BlueKeep....
The CyberWire Podcast

Blockchain bandits plunder weak wallets — Research Saturday

Adrian Bednarek is a senior research analyst at Independent Security Evaluators. He and his colleagues looked at weak private cryptocurrency keys on the Ethereum blockchain in an attempt to discover how and why they are being generated as well...

6 Security Tips That’ll Keep the Summer Fun

Taking some time off this summer? Before you head out on vacation, make sure your devices and apps are also ready.

How AI-enhanced malware poses a threat to your organization

Malware controlled by artificial intelligence could create more convincing spam, avoid security detection, and better adapt itself to each target, says a new report from Malwarebytes.

Tech news roundup: HPE Discover 2019, Facebook’s Libra cryptocurrency, and Google Cloud’s debacle

This week's TechRepublic and ZDNet news stories include a look at the companies that hire the most data scientists, four significant impacts of a security breach, and a first-hand account of a major hack job.
SC Magazine

ACLU tells Ga. Supreme Court Fourth Amendment should apply to personal data stored by cars

Fourth Amendment protections should apply to personal data in a car’s Event Data Recorder, the American Civil Liberties Union (ACLU) will argue before the Georgia Supreme Court today. The state’s high court is hearing oral arguments in Mobley v. State, which challenges law...
PC Mag

Can Anything Protect Us From Deepfakes?

Along with fake news, forged videos have become a national security concern, especially as the 2020 presidential elections draw near. Researchers at the University of Surrey have developed a solution that might solve the problem.