Wednesday, December 11, 2019
The CyberWire Podcast

Hacking in Iran? The Lazarus Group hires Trickbot. Election influence ops. Cryptowars updata. Ransomware in municipal and tribal governments. Patch Tuesday notes. Do it for State.

Iran says it’s stopped a cyber attack, and that an insider was responsible for a major paycard exposure. Trickbot is now working for the Lazarus Group. Influence operations both foreign and domestic concern British voters on the eve of...
The CyberWire Podcast

Pensacola under cyberattack. Notes on ransomware. The US Justice Department IG report on Crossfire Hurricane. Who let the bots out?

The city of Pensacola is hit hard by an unspecified cyberattack. Ryuk ransomware decryptors may cause data loss. A new variant of Snatch ransomware evades anti-virus protection. The US Justice Department’s Inspector General has reported on the FBI’s Crossfire...
The CyberWire Podcast

Ocean Lotus versus car manufacturers. Ransomware versus dental practices. $5 million reward offered in Dridex case. Information operations and the UK’s general election.

Ocean Lotus puts down more roots in automobile manufacturing. Ransomware hits dentists’ IT providers as well as a Rhode Island town. The US is offering a reward of $5 million for information leading to the arrest or--and we stress...
The CyberWire Podcast

Targeting routers to hit gaming servers. — Research Saturday

Researchers at Palo Alto Networks' Unit 42 recently published research outlining attacks on home and small-business routers, taking advantage of known vulnerabilities to make the routers parts of botnets, ultimately used to attack gaming servers. Jen Miller-Osborn is the...
The CyberWire Podcast

Facebook sues over ad fraud. Tampering with VPN connections. Russian disinformation in Lithuania.

Facebook sues a company for ad fraud. Unix-based VPN traffic is vulnerable to tampering. Russian disinformation in Lithuania. Apple explains why new iPhones say they’re using Location Services, even when Location Services are switched off. Researchers set a new...
The CyberWire Podcast

Data center ransomware. Third-party breach hits telco customers. Buran and Buer on the black market. The Great Canon opens fire. Russia trolls Lithuania. Big bad BEC.

Data center operator CyrusOne sustains a ransomware attack. Another third-party breach involves a database inadvertently left exposed on an unprotected server. Buran ransomware finds its place in the black market, as does the new loader Buer. China’s Great Cannon...
The CyberWire Podcast

Lazarus Group interested in thorium reactors? Disinformation by phishing. ZeroCleare wiper in the wild. NATO addresses cyber conflict. NotPetya litigation. Black market takedown.

North Korea’s Lazarus Group may have been looking for Indian reactor design information. A possible case of Russian influence operations, served up by phishing, is under investigation in the UK. The ZeroCleare wiper malware is out and active in...
The CyberWire Podcast

Secondary Infektion may be back, and interested in UK elections. Quantum Dragon. FaceApp risks. PyXie RAT in the wild. An Ethereum developer is charged with helping North Korea evade sanctions.

Someone believes, or would like others to believe, that Britain’s National Health Service is for sale to the US. There’s no word on whether the US has offered the Brooklyn Bridge in exchange. The “Quantum Dragon” study summarizes Chinese...
The CyberWire Podcast

ANSSI considering retaliation for ransomware attack. MixCloud breached. Imminent Monitor shut down.

France might go on the offensive against ransomware attackers. The UK’s NCSC has been helping an unnamed nuclear power company recover from a cyberattack. A failed cyberattack targeted the Ohio Secretary of State’s website on Election Day. MixCloud confirms...
The CyberWire Podcast

Caveat 04 — Slowly awakening to the problems we face

Ben looks at the cozy relationship between Ring and local law enforcement, Dave shares a story about a DNA tests and search warrants. Our listener on the line wonders about deleted emails. Our guest is Michael Chertoff, former US Secretary...
The CyberWire Podcast

Special Edition — Peter W. Singer author of LikeWar

In this CyberWire special edition, an extended version of our conversation from earlier this year with Peter W. Singer. We spoke not long after the publication of his book, Like War - the Weaponization of Social Media. Thanks to...
The CyberWire Podcast

Special Edition — John Maeda author of How to Speak Machine

In this CyberWire special edition, a conversation with John Maeda. He’s a Graphic designer, visual artist, and computer scientist, and former President of the Rhode Island School of Design and founder of the SIMPLICITY Consortium at the MIT Media...
The CyberWire Podcast

Phishing, cryptojacking, and commodity malware. New supply chain security measures. And have you heard about this Black Friday thing?

A Fullz House for Thanksgiving. Google finds that nation-state phishing continues at its customary high levels. DeathRansom, the low-end ransomware that didn’t actually encrypt files, has now begun to do so. The Stantinko botnet adds cryptomining functionality. Microsoft reflects...
The CyberWire Podcast

Potentially malicious SDKs draw cease-and-desist letters. Nursing homes get ransom demands. A look back at the Sony Pictures hack. CISA offers advice on safe online shopping.

Twitter and Facebook warn of potentially malicious software development kits being used by app developers to, potentially, harvest and monetize users’ data. Nursing homes affected by a third-party ransomware incident receive extortion demands that amount to some $14 million....
The CyberWire Podcast

Arrest by algorithm. Dangers of data enrichment. Golden Falcon in Kazakhstan. FCC vs. Huawei and ZTE. Internet sovereignty. Chuckling Squad popped for Twitter caper. Other crime and punishment.

A defection and a leak expose Chinese espionage and social control operations. Data aggregation and enrichment seem to underlie a big inadvertent data exposure. Something seems to be up in Kazakhstan’s networks. The US FCC takes a swing at...
SC Magazine

Pensacola confirms ransomware attack

Pensacola officials confirmed that an ongoing cyberattack that began early Saturday morning is a ransomware attack. While the city did not release any additional details, the Pensacola News Journal said city spokeswoman Kaycee Lagarde confirmed the attack included a ransom, something that...

Trickbot Operators Now Selling Attack Tools to APT Actors

North Korea's Lazarus Group - of Sony breach and WannaCry fame - is among the first customers.
Brian Krebs

The Great $50M African IP Address Heist

A top executive at the nonprofit entity responsible for doling out chunks of Internet addresses to businesses and other organizations in Africa has resigned his post following accusations that he secretly operated several companies which sold tens of millions...

Intel Issues Fix for ‘Plundervolt’ SGX Flaw

Researchers were able to extract AES encryption key using SGX's voltage-tuning function.

How to stop spam calls right now

Spam calls drive us all crazy. Here are four ways to stop robocalls and other unsolicited phone calls.