Saturday, October 19, 2019
The CyberWire Podcast

Clickfraud and third-parties (both SDKs and stores). Trojanized TOR browser steals from Russian users. WiFi bugs. Sketchy jailbreak. Big Tech on free speech. Cooperation against terrorism.

Clickfraud arrives via a third-party SDK, and the app developers who used it say they didn’t know nuthin’. Maybe they didn’t. A Trojanized TOR browser warns its bro’s that, whoa, you’re out of date and the police might see...
The CyberWire Podcast

Cozy Bear never really left. Iran denies it suffered a US cyberattack. Malicious WAV files. Darknet dragnet hauls in child exploitation ring. Graboid infests Docker hosts.

Cozy Bear isn’t back--Cozy Bear never really left at all. Iran says the Americans are dreaming: there was no cyberattack in retaliation for Iran’s implausibly deniable missile strikes on Saudi oil fields last month. Malicious audio files are dropping...
The CyberWire Podcast

Cyber retaliation for a kinetic attack, again. Industrial espionage from China. Botnet does sextortion. Typosquatting the other candidate. A poor approach to reputation management.

The US may have retaliated in cyberspace for Iran’s strikes against Saudi oil fields. China’s new C919 airliner seems to have benefited greatly from industrial espionage. An old botnet learns new tricks. Typosquatting as an election influence trick. A...
The CyberWire Podcast

Ransomware hits US, French companies. ISPs as combat support arms. Lawful intercept gone rogue? Lazarus Group is back and in GitHub. China’s security laws and security risks.

Ransomware hits companies in France and the US. A Finnish energy company sustains a suspicious IT incident. Turkey jams social media as it rolls tanks against the Kurds. Pegasus spyware said to be in use against Moroccan activists. Silent...
The CyberWire Podcast

Decrypting ransomware for good. — Research Saturday

Michael Gillespie is a programmer at Emsisoft, as well as a host of the popular ID Ransomware web site that helps victims identify what strain of ransomware they may have been infected with, and what decryptors may be available....
The CyberWire Podcast

Ransomware and a zero-day. A newly discovered espionage platform. FIN7’s new tricks. Beijing speaks and Apple listens. A visit to NSA’s Cybersecurity Directorate.

BitPaymer ransomware is exploiting an Apple zero-day. “Attor” isn’t your ordinary malign faerie: it’s also an espionage platform that’s been carefully deployed against Russian and Eastern European targets. FIN7 upgrades its toolkit. Apple does what the Chinese government asks...
The CyberWire Podcast

Alleged DIA leaker. Europol cybergang study. Protecting the DIB. Chinese information operations.

A US Defense Intelligence Agency analyst has been charged with leaking national defense information. Europol releases its 2019 Internet Organized Crime Threat Assessment. NSA Director Nakasone says the Agency’s Cybersecurity Directorate will first focus on protecting the Defense Industrial...
The CyberWire Podcast

Twitter and two-factor authentication. Privacy concerns. The US Senate Intelligence Committee reports on Russian troll farms. Turla is back with some new tricks.

Twitter says it’s sorry is anything might have inadvertently happened with users’ email addresses and phone numbers, and that it’s taking steps to stop whatever might have happened from happening again. If anything actually happened. Other concerns about privacy...
The CyberWire Podcast

Riding herd on Mustang Panda. Drupalgeddon2 is out in the wild. VPN warnings and mitigations. Patch notes. An offer to share intelligence about Huawei. Presidential sites get low privacy grades.

An update on Mustang Panda, and its pursuit of the goals outlined in the Thirteenth Five Year Plan. Unpatched Drupal instances are being hit as targets of opportunity. NSA adds its warnings to those of CISA and NCSC concering...
The CyberWire Podcast

Iran hacks for influence. Brazilian PII up for auction. Prince Harry vs. Fleet Street. Electrical infrastructure cyber risk. Paying ransom. HildaCrypt developers say they’re going straight.

Iranian threat group Phosphorus (or Charming Kitten) has been found active against US elections and other targets. A big database of PII on Brazilians is up for auction in the dark web souks. Prince Harry takes a legal whack...
The CyberWire Podcast

The fuzzy boundaries of APT41. — Research Saturday

Researchers at FireEye recently released a report detailing the activities of APT41, a Chinese cyber threat group notable for the range of tools they use, their origins in the world of video gaming, and their willingness to shift from...
The CyberWire Podcast

Android vulnerability exploited in the wild. Careless spycraft. The Eye on the Nile. A new Chinese threat actor. A spoiling attack in the CryptoWars. Take election interference, please.

Project Zero warns that a use-after-free vulnerability in widely used Android devices is being exploited in the wild. Uzbekistan’s National Security Service continues to get stick in the court of public opinion for sloppy opsec. Check Point reports on...
The CyberWire Podcast

A new threat group, Avivore, is called out in the Airbus hack. Ransomware and VPN exploit warnings. EU tells Facebook to take down some content, everywhere. Spearphishing ANU. SandCat’s bad opsec.

Who’s been hacking aerospace firms? Context Security suggests it’s a new Chinese threat actor, “Avivore.” The FBI issues a ransomware alert. The NCSC warns of active exploitation of vulnerable VPNs. The EU issues a sweeping takedown order to Facebook....
The CyberWire Podcast

RATs, ransomware, payloads, and unsecured data: a look at the cybercriminal underground.

Sobinokibi ransomware looks more like the child of GandCrab, and McAfee has some thoughts on how ransomware-as-a-service operates. FakeUpdates are back, and they’re installing ransomware, too. The Adwind RAT is back and infesting a new set of targets: it’s...
The CyberWire Podcast

Piling on sanctions. The disinformation-as-a-service black market. Technological sovereignty through R&D investment? Ransomware continues to rise. NSA’s new Cybersecurity Directorate.

The oligarch behind the St. Petersburg troll farm is sanctioned, again. Recorded Future looks at disinformation and finds there’s a functioning private sector market for it. The European Union seems likely to pursue technological sovereignty, at least to the...
The Register

Deus ex hackina: It took just 10 minutes to find data-divulging demons corrupting Pope’s Click to Pray eRosary app

Vatican coders exorcise API gremlins but, we must confess, they missed little monster.... Exclusive  The technology behind the Catholic Church’s latest innovation, an electronic rosary, is so insecure, it can be trivially hacked to siphon off worshipers' personal information.…
SC Magazine

Trojanized Russian-language Tor browser lets attacks steal from users’ e-wallets

Researchers have discovered a trojanized version of a Tor private browser that targets Russian-speaking dark web marketplace visitors and lets cybercriminals steal from their e-wallet transactions. The developers behind the malicious browser have so far stolen at least $40,000 in...
SC Magazine

UC Browser potentially endangers 500 million users

The popular Android browser UC Browser was found to break several Google mobile app rules possibly placing up to 500 million of its users at risk. UC Browser, which is available from the Google Play store, was found by Zscaler ThreatLabZ...
ZDNet

US stopped using floppy disks to manage nuclear weapons arsenal

US Air Force switches to secure solid-state-based solution to replace antiquated floppy disks in SACCS nuclear weapons management system.
Bruce Schneier

Friday Squid Blogging: Six-Foot-Long Mass of Squid Eggs Found on Great Barrier Reef

It's likely the diamondback squid. There's a video. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.