CyberWire Daily

Teheran is running password spraying attacks (especially on Thursdays and Sundays). More on the renewed popularity of DDoS attacks. NCSC warns British businesses against ransomware. Two journalists win the Nobel Peace Prize. Joe Carrigan shares his thoughts on GriftHorse. Our guest is Bindu Sundaresan from AT&T Cybersecurity football season and cyber risks. And watch out for small data cards in your peanut butter sandwiches, kids.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/196 Learn more about your ad choices. Visit megaphone.fm/adchoices

Our guest is author and journalist Steven Levy. He’s editor-at-large at Wired and his most recent book is "Facebook: The Inside Story. Steven offers his insights on Facebook’s internal research teams, Ben shares a newly-decided court case on whether Big Tech companies can be sued under the Anti-Terrorism statute, and Dave's got the story of some warrantless surveillance being declared unconstitutional in Colorado. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney. Links to stories: Federal appeals court clears social media companies in Pulse shooting lawsuit Colorado Supreme Court Rules Three Months of Warrantless Video Surveillance Violates the Constitution Got a question you'd like us to answer on our show? You can send your audio file to caveat@thecyberwire.com or simply leave us a message at (410) 618-3720. Hope to hear from you.  Learn more about your ad choices. Visit megaphone.fm/adchoices

Lieutenant in the US Navy and Skillbridge Fellow at the CyberWire, Brandon Karpf, knew he wanted to join the military at a young age. He achieved that through the US Naval Academy where he was a member of the men's heavyweight rowing team. Commissioning into the cryptologic field as a naval cryptologic warfare officer, Brandon was sent to MIT for a graduate degree where he experienced the exact opposite end of the spectrum from USNA's structured life. Brandon's work with both NSA and US Cyber Command helped him gain experience and cyber operations skills. As he is transitions from active duty to civilian life, Brandon shares the difficulties that process brings about. Through Skillbridge Fellowship program, Brandon's transition has him sharing his skills with the CyberWire. We thank Brandon for sharing his skills and his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Matt Stafford, Senior Threat Intelligence Researcher, from Prevailion joins Dave to talk about their work on "Diving Deep into UNC1151’s Infrastructure: Ghostwriter and beyond." Prevailion’s Adversarial Counterintelligence Team (PACT) used advanced infrastructure hunting techniques and Prevailion’s visibility into threat actor infrastructure creation to uncover previously unknown domains associated with UNC1151 and the “Ghostwriter” influence campaign. UNC1151 is likely a state-backed threat actor waging an ongoing and far-reaching influence campaign that has targeted numerous countries across Europe. Their operations typically display messaging in general alignment with the security interests of the Russian Federation; their hallmarks include anti-NATO messaging, intimate knowledge of regional culture and politics, and strategic influence operations (such as hack-and-leak operations used in conjunction with fabricated messaging and/or forged documents). PACT assesses with varying degrees of confidence that there are 81 additional, unreported domains clustered with the activity that FireEye and ThreatConnect detailed in their respective reports. PACT also assesses with High Confidence that UNC1151 has targeted additional European entities outside of the Baltics, Poland, Ukraine and Germany, for which no previous public reporting exists.The research can be found here:Diving Deep into UNC1151’s Infrastructure: Ghostwriter and beyond Learn more about your ad choices. Visit megaphone.fm/adchoices

Google warns fourteen-thousand Gmail users that Fancy Bear has probably been after their passwords. FIN12, a fast-running ransomware group, is after hospitals’ and healthcare providers’ money. BlackMatter remains active against the agriculture sector. REvil is back and talking on the RAMP forum, but so far it’s getting a chilly reception. Twitch traces its vulnerability to a server misconfiguration. David Dufour from webroot wonders about cracking down on crypto. Our guest is Jeff Dileo of NCC on mastering container security. And Group-IB’s CEO is charged with treason.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/195 Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyberespionage remains rampant, with recent DDoS attacks hitting the Philippine Senate. New U.S. cybersecurity regulations for airlines and railways are on the horizon. The US Department of Justice is taking a tougher stance on contractors failing to meet cybersecurity standards. An update on the Twitch breach reveals ongoing security concerns. Experts discuss the evolving landscape of blockchain in cybersecurity, NFTs, and the risks associated with digital investments in the NFT space.

Twitch is breached. A newly discovered Iranian threat group is described. A Chinese cyberespionage campaign in India proceeds by phishing. SafeMoon alt-coin is trendy phishbait in criminal circles. As the US prepares to convene an anti-ransomware conference, Russian gangs show no signs of slacking off. Betsy Carmelite from BAH on AI/ ML in cyber defensive operations. Our guest is Adam Flatley of Redacted with recommendations from the Ransomware Task Force. And observations on what counts as compromising material.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/193 Learn more about your ad choices. Visit megaphone.fm/adchoices

Facebook restores service after dealing with an accidental BGP configuration issue. There’s now a data auction site for AvosLocker ransomware. Atom Silo ransomware is quiet, patient, and stealthy. The state of investigation into those two guys collared on a ransomware beef in Kyiv last week. Ben Yelin is skeptical of data privacy poll results. Our guest is Microsoft’s Ann Johnson, host of the newest show to join the CyberWire network, Afternoon Cyber Tea. And what would they have thought of the Pandora Papers in Deadwood, back in the day?For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/192 Learn more about your ad choices. Visit megaphone.fm/adchoices

The Pandora Papers leak erstwhile private financial transactions by the rich and well-connected (and it’s 150 mainstream news organizations who cooperated in bringing them to light). Flubot is using itself to scare victims into installing Flubot. Coinbase thieves exploited account recovery systems to obtain 2FA credentials. The US plans to convene an international conference on fighting cybercrime. Conti warns its victims not to talk to reporters. Andrea Little Limbago from Interos on modeling cyber risk. Carole Theriault has thoughts on facial recognition software. And a ransomware bust in Ukraine leads us to ask, why Capri Sun. (Think about it, kids.)For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/191 Learn more about your ad choices. Visit megaphone.fm/adchoices

Product Manager in Anti-Fraud Solutions at SpyCloud, Pattie Dillon shares her journey from raising her family to specializing in the anti-fraud space. Upon reentering the workforce, Pattie worked on identity verification and developed a system with privacy concerns in mind. She moved to work in gift cards and was exposed to money laundering. Traveling along the fraud spectrum, Pattie learned about underground data and feels that this data can be leveraged to actually prevent and fight online fraud. Pattie believes if you don't try, you'll never know. We know we appreciate Pattie sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices