CyberWire Daily

Someone is phishing for Russian rocketeers. The Port of Houston discloses a cyberattack, which the Port says it deflected before it had operational consequences. Ransomware gangs are up and active, and the US is considering mandatory reporting by victims as a defensive policy. Pegasus spyware is said to have been found in the phones of five French government ministers. Johannes Ullrich from the SANS Technology Institute on Attackers Hunting for Environment Variables. Our guest is Graeme Bunton of DNS Abuse Institute. And Huawei’s Meng Wanzhou may soon be headed home from Vancouver.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/185 Learn more about your ad choices. Visit megaphone.fm/adchoices

Ransomware hits a second US Midwestern farm co-op. The US House hears from the FBI that Russia seems not to have modified its toleration of privateering gangs (at least yet). A new APT, “FamousSparrow,” is described. REvil seems to have been--surprise!--cheating its criminal affiliates. Josh Ray from Accenture with an update on the Hades Threat Group. Our guest is Tim Eades of vArmour on the urgent need to update cyber strategies in healthcare. CISA issues a new warning, this one on the Conti ransomware operation. For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/184 Learn more about your ad choices. Visit megaphone.fm/adchoices

BlackMatter continues to make a nuisance of itself on a large scale. The US is woofing about taking action against ransomware, and Treasury has sanctioned a rogue cryptocurrency exchange, but some advocate stronger measures. Where did all those Ukrainian cybercriminal chat platforms go? A warning of the “censor mode” in some Chinese manufactured smartphones. Caleb Barlow shares thoughts on CMMC certification. Our guest is Kevin Jones of Virsec with reactions to the White House Cybersecurity Summit. And, hey, no, really, Apple is not celebrating the iPhone 13 by giving away a stash of Bitcoin.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/183 Learn more about your ad choices. Visit megaphone.fm/adchoices

Ransomware hits an Iowa agricultural cooperative, which doesn’t meet, the criminals say, the standard for “critical infrastructure.” US Treasury Department announces steps against ransomware’s economic support system. Did Kaseya get its REvil decryptor from the FBI? Ben Yelin describes a major federal court victory for security researchers. Our guest is Dave Stapleton from CyberGRX on the rise of extortionware. And Europol, along with Spanish and Italian police, take down a Camorra cybercrime ring.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/182 Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber electioneering, in Hungary and Russia, the latter with some international implications. The Mirai botnet is exploiting the OMIGOD vulnerability. A shipping company deals with data extortion. Government websites have been serving up some oddly adult-themed ads. Malek Ben Salem from Accenture has thoughts on quantum security in the automotive industry. Our guest is Padraic O'Reilly of CyberSaint to discuss concerns about the Defense Industrial Base. And no, there’s no such thing as the Elon Musk Mutual Aid Society.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/181 Learn more about your ad choices. Visit megaphone.fm/adchoices

Executive Security Advisor at IBM Security Limor Kessem says she started her cybersecurity career by pure chance. Limor made a change from her childhood dream of being a doctor and came into cybersecurity with her passion, investment, discipline, and perseverance. Limor talks about how we must tighten our core security and at the same time we allow innovation to help us move forward with the times. She's been fortunate to have been able to stand up for others and has had others support her. She said that is very motivating and has allowed her to really explore every possible thing in her career that she can contribute without limiting herself to a certain role. We thank Limor for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Guest Jake Valletta, Director of Professional Services at Mandiant, joins Dave to talk about the critical vulnerability Mandiant disclosed that affects millions of IoT devices. Mandiant disclosed a critical risk vulnerability in coordination with the Cybersecurity and Infrastructure Security Agency (“CISA”) that affects millions of IoT devices that use the ThroughTek “Kalay” network. This vulnerability, discovered by researchers on Mandiant’s Red Team in late 2020, would enable adversaries to remotely compromise victim IoT devices, resulting in the ability to listen to live audio, watch real time video data, and compromise device credentials for further attacks based on exposed device functionality. These further attacks could include actions that would allow an adversary to remotely control affected devices.The research can be found here:Mandiant Discloses Critical Vulnerability Affecting Millions of IoT Devices Learn more about your ad choices. Visit megaphone.fm/adchoices

Patch your Zoho software now--vulnerable instances are being actively exploited. Maximum engagement isn’t necessarily good engagement: the hidden hand of the trolls replaces the invisible hand of the marketplace of ideas. Politics ain’t beanbag, Russian edition. An indictment emerges from the US investigation into possible misconduct during the 2016 elections. The costs of coin-mining. Josh Ray from Accenture on protecting critical infrastructure. Our guest is Tony Pepper from Egress with a look at Insider Data Breaches. And don’t mix investment advice with matters of the heart.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/180 Learn more about your ad choices. Visit megaphone.fm/adchoices

Denial-of-service at a German election agency, as Federal prosecutors investigate GhostWriter. More nation-states get into election meddling. South Africa works to recover from a ransomware attack against government networks. A cryptojacking botnet moves from Linux to Windows. A ransomware gang threatens to burn your data if you bring in third-party help. Ransomware cyberinsurance claims rise. Rick Howard checks in with Tom Ayres from Lead Up Strategies on Cyber Piracy. Caleb Barlow shares insights on CMMC. And it’s a really good week to patch.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/179 Learn more about your ad choices. Visit megaphone.fm/adchoices

That Russian crackdown on ransomware gangs people thought they were seeing? Hasn’t happened, at least according to the FBI. The Cyber Partisans take a virtual whack at President Lukashenka’s government in Belarus. Operation Harvest is complicated and long-running. Phishing with a promise of infrastructure funding. The criminal market for bogus vaccine cards. Johannes Ullrich from SANS on dealing with image uploads - vulnerabilities in conversion libraries. Our UK correspondent Carole Theriault on Deepfakes - what you need to know now. And a deferred prosecution agreement in a “cyber mercenary” case.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/178 Learn more about your ad choices. Visit megaphone.fm/adchoices