CyberWire Daily

Al Qaeda online sources cheer the Taliban’s ascendancy. The new rulers of Afghanistan are likely to have acquired a good deal of sensitive data along with political rule and a quantity of US-supplied military equipment. Terrorist watchlist data were found in an exposed server (now taken offline). Connections between gangland and Russian intelligence. T-Mobile was hacked, but it’s unclear what if any data were compromised. Joe Carrigan on FlyTrap Android Malware Compromising Thousands of Facebook Accounts. Our guest is Liam O’Murchu from Symantec on what keeps him up at night. And some personal information was exposed in the Colonial Pipeline incident.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/158 Learn more about your ad choices. Visit megaphone.fm/adchoices

The Taliban has effectively taken control of Afghanistan, and the fall of Kabul is likely to have a quick, near-term effect on all forms of security. The Indra Group’s actions against Iranian interests suggest the potential of non-state, politically motivated actors. Crooks returned almost all the money rifled from DeFi provider Poly Network. A new C2C service tells hoods if their alt-coin is clean. DeepBlueMagic is a new strain of ransomware. Chris Novak of Verizon on advancing incident response. Rick Howard is taking on Orchestration in this week’s CSO Perspectives. And T-Mobile investigates claims of a data breach.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/157 Learn more about your ad choices. Visit megaphone.fm/adchoices

Chief Security Officer, Chief Analyst, and Senior Fellow at the CyberWire, Rick Howard, shares his travels through the cybersecurity job space. The son of a gold miner who began his career out of West Point in the US Army, Rick worked his way up to being the Commander of the Army's Computer Emergency Response Team. Rick moved to the commercial sector working for Bruce Schneier running Counterpane's global SOC. Rick's first CSO job was for Palo Alto Networks where he was afforded the opportunity to create the Cybersecurity Canon Hall of Fame and the Cyber Threat Alliance. Upon considering retirement, Rick called up on the CyberWire to ask about doing a podcast and he was hired on to the team. Rick shares a proud moment through a favorite story. We thank Rick for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Guests Will Schroeder and Lee Christensen from SpecterOps join Dave to share the research they recently presented at Black Hat USA on the security of Microsoft's Active Directory Certificate Services.Their abstract:Microsoft’s Active Directory Public Key Infrastructure (PKI) implementation, known as Active Directory Certificate Services (AD CS), has largely flown under the radar of both the offensive and defensive communities. AD CS is widely deployed, and provides attackers opportunities for credential theft, machine persistence, domain escalation, and subtle domain persistence. We present relevant background on certificates in Active Directory, detail the abuse of AD CS through certificate theft and active malicious enrollments for user and machine persistence, discuss a set of common misconfigurations that can result in domain escalation, and explain a method for stealing a Certificate Authority’s private key in order to forge new user/machine “golden” certificates. By bringing light to the security implications of AD CS, we hope to raise awareness for both attackers and defenders alike of the security issues surrounding this complex, widely deployed, and often misunderstood system.The blog post and white paper can be found here: Certified Pre-Owned blog post Certified Pre-Owned white paper Learn more about your ad choices. Visit megaphone.fm/adchoices

ReverseRat is back and better, and it’s sniffing at Afghanistan. LockBit wants $50 million from Accenture. When employees leave, do they take your data with them? (Survey, or rather, telemetry, says yes.) Unpatched Apex One instances are under active attack. PrintNightmare continues to resist patching. Google bans SafeGraph. Apple explains what’s up with iCloud privacy. Caleb Barlow wonders if ransomware payments financing criminal infrastructure in Russia. Our guest is Oliver Rochford from Securonix on the notion of cyberwar. And the SynAck ransomware gang rebrands.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/156 Learn more about your ad choices. Visit megaphone.fm/adchoices

More stolen coin is returned in the case of the Poly Network cross-chain hack. Accenture says the incident it sustained had no significant effect, and the LockBit ransomware gang who claimed responsibility release some relatively anodyne files. Home routers are under attack. Crooks are offering what they claim to be Bkav source code for sale on Raidforums. Magniber weaponizes a PrintNightmare flaw. Dinah Davis from Arctic Wolf shares stats on the state of women in cyber. Our guest is Peter Voss of Aigo.ai on what’s missing in artificial intelligence. Two extradition cases proceed. And the Solarium Commission reports.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/155 Learn more about your ad choices. Visit megaphone.fm/adchoices

Cross-chain attack steals millions in cryptocurrency. LockBit claims to have hit Accenture, but Accenture says with negligible consequences. Emissary Panda flies a false Iranian flag. Ekranoplan posts a key for the REvil strain used against Kaseya. AlphaBay has risen from the grave, sort of. Johannes Ullrich has thoughts on resetting 2FA. Our guest is Idan Plotnik from Apiiro on their win of the 2021 RSAC Innovation Sandbox Contest. And you can’t fool us, you bought-and-paid-for influencers you: no vaccine is going to turn us into monkeys.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/154 Learn more about your ad choices. Visit megaphone.fm/adchoices

RansomEXX threatens to release stolen proprietary data. Some looks at the C2C market, the criminal division of labor, and a splashy carder marketing ploy. Misconfigured Salesforce Communities expose organizational data. Our guest is Ron Brash from Verve International on a CISA advisory regarding GE ICS equipment. Ben Yelin on the proposed U.S. Bureau of Cyber Statistics. Huawei faces sanctions-induced headwinds. Mexico’s investigation of Pegasus abuse continues, but so far without arrests or resignations.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/153 Learn more about your ad choices. Visit megaphone.fm/adchoices

Home router vulnerabilities exploited in the wild. ACSC warns of a spike in LockBit ransomware attacks. The Flytrap Android Trojan is still concealed in malicious apps. An unidentified threat actor has been prospecting SCADA systems in Southeast Asia. Rick Howard checks in with the Hash Table about Backups. Mike Benjamin from Lotus Labs on watering hole attacks. Apple’s new child protection measures attract skepticism from privacy hawks. Wiretaps extended to social media. And using three random words for your password.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/152 Learn more about your ad choices. Visit megaphone.fm/adchoices

Business Information Security Officer at S&P Global Ratings, Alyssa Miller, joins us to talk about her journey to become a champion to create a welcoming nature and acceptance of diversity in the cybersecurity community. Starting her first full-time tech position while still in college, Alyssa noted the culture shock being in both worlds. Entering as a programmer and then moving to pen testing where she got her start in security, Alyssa grew into a leader who is committed to elevating those around her. Some stumbling blocks along the way gave her pause and helped point her in her current role where Alyssa works to bring more diverse views to improve the problem-solving in the space, something she sees as a key to success for the industry. We thank Alyssa for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices