CyberWire Daily

Advice on WiFi security from NSA. South African ports are recovering from their ransomware attack. The attack on Iranian railroads was a wiper, of unknown origin and uncertain purpose. Developments in the criminal-to-criminal market. Israel undertakes an investigation of NSO Group. Josh Ray from Accenture Security on the road back to the office. Our guest is Duncan Godfrey from Auth0 with insights on managing digital identities. And a bad password is revealed on an open mic during an Olympic broadcast.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/145 Learn more about your ad choices. Visit megaphone.fm/adchoices

US formally establishes its Industrial Control System Cybersecurity Initiative. Shooting wars in cyberspace. Developments in the ransomware criminal souks. This week’s iOS update may have closed the vulnerability exploited by NSO Group’s Pegasus intercept tool. The US, UK, and Australia issue a joint advisory on the most exploited vulnerabilities. Abkhazia’s crackdown on coinminers. Joe Carrigan looks at the Mespinoza ransomware gang. And meet Marcy Flores, the Robin Sage of Liverpool aerobics.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/144 Learn more about your ad choices. Visit megaphone.fm/adchoices

Transnet declares force majeure over cyberattack on South African port management. The IRGC apparently is Googling a bunch of stuff about gas stations and merchant ships. Kaseya’s denial of paying ransom has legs. Criminal coders like obscure languages. The AvosLocker gang is looking for pentesters, access brokers, and affiliates. The US and China hold “frank and open” conversations about, among other things, cyber tensions. Ben Yelin explains the tech implications of President Biden's recent executive order. Our guest is Eve Maler from ForgeRock on their 3rd annual Breach Report. And, hey NSA, what did you have for lunch today?For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/143 Learn more about your ad choices. Visit megaphone.fm/adchoices

Kaseya isn’t saying where it got its REvil decryptor. Transportation services disrupted at two major South African ports by an unspecified cyber incident. Another company is mentioned as an alleged source of abused intercept tools as the controversy over NSO Group’s Pegasus software continues. Johannes Ullrich from SANS on supply chains, development tools and insecure libraries. Our own Rick Howard looks at enterprise encryption. And a guilty plea gets a swatter five years: he got off easy.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/142 Learn more about your ad choices. Visit megaphone.fm/adchoices

With the recent onslaught of ransomware attacks across healthcare institutions, critical infrastructure, and the public sector, it's clear that ransomware isn’t going anywhere. But given how common ransomware attacks have become, how is it that we've been unable to put a stop to them? Companies often overlook the role that hardware security plays in meeting this challenge, and that oversight has become a bad actor's dream. Michael Nordquist speaks about the recent surge in ransomware attacks, and how strong hardware security, combined with software security and personnel security awareness, can be the answer to the industry’s prayers.In this episode of CyberWire-X, guest Steve Winterfeld from Akamai shares his insights with the CyberWire's Rick Howard, and Michael Nordquist of sponsor Intel offers his thoughts to the CyberWire's Dave Bittner. Learn more about your ad choices. Visit megaphone.fm/adchoices

Chief Product Officer at Cybint Solutions, Ingrid Toppelberg, shares her journey from consulting to bootcamp coach and cybersecurity education. As a young girl, Ingrid wanted to do everything from being a teacher to the head of the World Bank. After consulting for several years, Ingrid found cybersecurity. What she found fascinating about the cyber world is how important it is for absolutely everyone at all levels to know about cybersecurity. Ingrid also develops and conducts bootcamps to reskill displaced people into cybersecurity. Ingrid says to those interested in cyber, "just do it. We need different kinds of minds in cyber keeping us safe." We thank Ingrid for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Guest Christopher Budd, Senior Global Threat Communications Manager at Avast, joins Dave to talk about some research his team did when they looked into a Reddit report saying their Avast folder was empty and other reports like it. The team found a new malware they’re calling “Crackonosh” in part because of some possible indications that the malware author may be Czech. Crackonosh is distributed along with illegal, cracked copies of popular software and searches for and disables many popular antivirus programs as part of its anti-detection and anti-forensics tactics.The research can be found here:Crackonosh: A New Malware Distributed in Cracked Software Learn more about your ad choices. Visit megaphone.fm/adchoices

The Olympics are underway, and the authorities are on the alert for cyberattacks. Kaseya has a decryptor for the REvil ransomware, but it hasn’t said how it got the key. NSO Group says it’s not responsible for customer misuse of its Pegasus intercept tool. US policy toward Chinese cyber activities shows continuity, with some diplomatic intensification, but hawks would like to see more action. Our guest Jack Williams from Hexagon joins Dave to discuss the promises and challenges of smart cities. Podcast partner Chris Novak of Verizon talks about advancing incident response. And Dutch police make arrests in their investigation of the Fraud Family.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/141 Learn more about your ad choices. Visit megaphone.fm/adchoices

It’s extortion after all at Saudi Aramco. Controversy and investigation over alleged misuse of NSO Group’s Pegasus intercept tool continues. Warning of Chinese espionage from ANSSI, and China’s denunciation of all this kind of “baseless slander.” Phishing in Milanote. FIN7 resurfaces after the conviction of some key members. Dinah Davis from Arctic Wolf on the importance of identity management. Our guest Jenn Donahue shares key strategies for mentoring and supporting female engineers, scientists, and leaders of the future. And IBM sifts through the ashes of a ransomware gang for a look at the business of crime.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/140 Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA warns of threats to industrial control systems, profusely illustrated with examples from recent history. Ransomware can be operated either in the course of privateering or as an APT side hustle. Security firms outline new and evolving threats and vulnerabilities. Reaction continues to the Pegasus Project’s reports on intercept tools. Joe Carrigan unpacks recent Facebook revelations and allegations. Our guest is Dave Humphrey from Bain Capital on his tech investment bets and predictions. And do you know what “military grade” means? Neither do we, but we think we have an idea.For links to all of today's stories check out our CyberWire daily news briefing:https://www.thecyberwire.com/newsletters/daily-briefing/10/139 Learn more about your ad choices. Visit megaphone.fm/adchoices