CyberWire Daily

Diplomatic Backdoor afflicts Africa, Europe, and Southwest Asia. Electronic Arts source code stolen. “Fancy Lazarus” is back: despite the name, it’s an extortion gang, not an espionage service. An international law enforcement action takes down a credential market. Making good data available for AI research. There’s a growing appetite for cyber regulation in Washington. Thomas Etheridge from CrowdStrike looks at protecting cloud data, and Matt Chiodi of Palo Alto Networks' Unit 42 has highlights from their Cloud Threat report. And hold that side order of fries - a McBreach is disclosed.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/10/112 Learn more about your ad choices. Visit megaphone.fm/adchoices

JBS discloses that it paid REvil roughly eleven-million dollars in ransom. REvil not only had a good haul, but the gang made a few points about its brand, too. Colonial Pipeline explains, and defends, its decision to pay ransom. The US Congress has a third-party problem that constituents may or may not notice. Dan Prince from Lancaster University on the science of cybersecurity. Our guest is Kris McConkey from PwC on their Cyber Threats 2020 - Report on the Global Threat Landscape. The FBI’s recovery of some of the ransom Colonial Pipeline paid to the DarkSide was good, but it doesn’t necessarily represent a new normal.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/10/111 Learn more about your ad choices. Visit megaphone.fm/adchoices

SentinelOne attributes the cyberespionage campaign against Russia’s FSB to Chinese services. President Biden replaces his predecessor’s bans on TikTok and WeChat with a process of engagement, security reviews, and data protection. More on the FBI-led Operation Trojan Shield. Privateering, again. NATO’s Article 5 in cyberspace. Joe Carrigan weighs in on recent high profile cyber incidents. Our guest is Shashi Kiran from Aryaka on their 2021 State of the WAN report. And notes on Patch Tuesday. For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/10/110 Learn more about your ad choices. Visit megaphone.fm/adchoices

The FBI seized a large portion of the funds DarkSide obtained from its extortion of Colonial Pipeline. An international sweep stings more than eight-hundred suspected criminals who were caught while using an encrypted chat app law enforcement was listening in on. CISA advises users to update their VMware instances. A new phishing campaign distributes Agent Tesla. Ben Yelin examines renewed controversy surrounding Clearview AI. Our guest is Aimee George Leery from Booz Allen on the challenging intersection of secure spaces and work from home. And a major truck maker discloses a cyber incident.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/10/109 Learn more about your ad choices. Visit megaphone.fm/adchoices

Dark Side seems to have attacked Colonial Pipeline through an old VPN account. Washington and Moscow prepare for this month’s summit, with cyber on the agenda. DDoS affects German banks. Anonymous may be back, and out to bring to book those who would troll Bitcoiners. Rick Howard looks at process management in security. David Dufour from Webroot on lessons learned from Exchange Server vulnerabilities. And one of Trickbot’s alleged authors has been arrested and arraigned on multiple charges in a US Federal court.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/10/108 Learn more about your ad choices. Visit megaphone.fm/adchoices

VP of Information Security at Barracuda Dave Farrow shares how a teenage surfer fell in love with software development and made his way in the cybersecurity field. Dave chose to study electrical engineering in college because he wanted to learn something that didn't make sense to him. He says he's done things in his career that he said he'd never do: for example, he went into and fell in love with software development. Taking on leadership of a bug bounty program at Barracuda blossomed into the creation of an internal security team. Dave wants to be the guy who enables the business and not the one who prevented it. He hopes all will come to recognize that there are other threats besides cybersecurity threats to business. We thank Dave for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Guest Karl Sigler of Trustwave's SpiderLabs joins Dave Bittner to talk about their research: "Hidden Phishing at Free JavaScript Site". The research describes an interesting phishing campaign SpiderLabs encountered recently. In this campaign, the email subject pertains to a price revision, followed by some numbers. There is no email body, but there is an attachment about an ”investment.” The attachment’s convoluted filename contains characters the file-naming convention doesn’t allow, notably the vertical stroke, “|.” Even though "xlsx" is in the filename, double-clicking the attachment will prompt the user to open it with the default web browser. Thus, the file indeed appears to be an HTML document. Of course, it’s malicious.The research can be found here:HTML Lego: Hidden Phishing at Free JavaScript Site Learn more about your ad choices. Visit megaphone.fm/adchoices

JBS recovers from its REvil ransomware attack, and this and other apparent instances of privateering will figure among the agenda at the upcoming US-Russia summit. (The US is said to be mulling retaliation.) The White House issues general advice on preparing for ransomware attacks. The Tokyo Olympic committee suffers a data breach. Ransomware may have interrupted some media livestreaming yesterday. Attribution in the MTA attack. Dinah Davis from arctic wolf helps prevent your SOC from becoming ineffective. Carole Theriault warns of data privacy leaks in online home tours. And ransomware-themed phishbait.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/10/107 Learn more about your ad choices. Visit megaphone.fm/adchoices

Evil, your name is REvil, except when it’s Sodinokibi. That’s what the Bureau says about the JBS ransomware attack, anyway. The US is expected to make strong objections to Russian cyber privateering at the upcoming summit. Other ransomware incidents are disclosed by regional transportation operators. A possible Mustang Panda sighting. Andrea Little Limbago from Interos on cyber related executive orders. Our guest is Terry Halvorsen from IBM on the need for investment, research and collaboration in preventing quantum cyberattacks. And mommas, don’t let your babies grow up to be DDoS jockeys.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/10/106 Learn more about your ad choices. Visit megaphone.fm/adchoices

Food processing is also vulnerable to ransomware: the case of multi-national meat-provider JBS. The US and Russia are in communication about the possibility that the criminals responsible for the JBS incident might be harbored in Russia. Domains used in the USAID impersonation campaign have been seized by the US Justice Department. Our guest is Melissa Gaddis from TransUnion with results from their Global Consumer Pulse study. Joe Carrigan looks at criminals abusing online search ads. Siemens addresses a critical issue in its PLCs.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/10/105 Learn more about your ad choices. Visit megaphone.fm/adchoices