CyberWire Daily

Containers offer speed, performance, and portability, but do they actually contain? While they try their best, the shared kernel is a disturbing attack surface: a mere kernel vulnerability may allow containerized processes to escape and compromise the host. This issue prompted a new wave of sandboxing tools that use either unikernels, lightweight VMs or userspace-kernels to separate the host OS from the container's OS.One of these solutions is Kata Containers, a container runtime that spawns each container inside a lightweight VM, and can function as the underlying runtime in Docker and Kubernetes. Kata's virtualized containers provide two layers of isolation: even if an attacker breaks out of the container, he is still confined to the microVM.Joining us in this week's Research Saturday to discuss the research is Yuval Avrahami from Palo Alto Networks Unit 42.The research presented at Black Hat USA 2020 can be found here: Escaping Virtualized Containers Learn more about your ad choices. Visit megaphone.fm/adchoices

A Parliamentary committee issues a scathing report on Huawei’s connection to the Chinese government and the Communist Party of China. Facebook takes down coordinated inauthenticity with a domestic focus in four countries. Twitter goes after influence operators in four other countries. Betsy Carmelite addresses threats to telehealth platforms. Our guests are the FBI’s Herb Stapleton and the US Secret Service’s Greg McAleer new multi-agency mission center to tackle the highest priority cyber criminal threats facing the US. And two of the former eBayers charged in a cyber-stalking case have taken their expected guilty pleas.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/9/197 Learn more about your ad choices. Visit megaphone.fm/adchoices

Add the Bahamut cyber mercenaries to the shadow armies for hire in cyberspace. Reports associate the SlothfulMedia RAT with Chinese intelligence services, and claim that it’s being used against India and China. The US takes down domains the Islamic Revolutionary Guard Corps uses to push disinformation. Trends in phishbait. Caleb Barlow rethinks a TED talk he gave a while back, given what we’ve learned from COVID-19. Our guest is Dr. Greg Rattray from Next Peak on 'Advanced Persistent Threats' a term, by the way, that he coined. And Moscow says, hey, we don’t meddle in anyone’s elections.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/9/196 Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber ops accompany fighting in the Caucasus. Iranian threat group exploits Zerologon in the wild. The Kraken gets unleashed in Southeast Asia, of all places. Emotet is back, and it’s after state and local governments. The US House identifies the Four Horsemen of Silicon Valley. Monero gains criminal market share. The US Comptroller of the Currency moves for clarity in alt-coin regulation. Joe Carrigan takes a look at ransomware trends. Our guest is Mathew Newfield from Unisys with remote school safety tips for students and parents. And a cyberattack from Waikiki.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/9/195 Learn more about your ad choices. Visit megaphone.fm/adchoices

Spyware version of Mirai detected in the wild. The People’s Liberation Army is told, by its government, to lighten up on US election stories. Centripetal wins a major patent lawsuit. Excel is not a big data tool. John McAfee is arrested on US tax charges. Our guest is Roger Barranco from Akamai on tracking increased DDoS attacks. Ben Yelin on a case involving warrants for Wifi location data. And an aid to chastity is found to be hackable, but at least it errs on the side of continence.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/9/194 Learn more about your ad choices. Visit megaphone.fm/adchoices

Attacks on maritime shipping organizations raise concerns about global supply chains. Someone’s pushing spyware through the firmware. Someone else is messing with the heads of Trickbot’s masters. A new ransomware strain, Egregor, shows again that a ransomware attack amounts to a data breach. Huawei may be losing ground in Europe. Mike Benjamin from Lumen on DDoS ransoms. Scott Algeier from IT-ISAC looks back on 20 years of information sharing. And criminals give their fingerprints to police, virtually.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/9/193 Learn more about your ad choices. Visit megaphone.fm/adchoices

Commandant for the National Security Agency's National Cryptologic School Diane M. Janosek shares the story of her career going global Diane explains how she's always been drawn to doing things that could help and raise the nation. From a position as a law clerk during law school, to the role of a judicial clerk, and joining the White House Counsel's office, Diane was exposed to many things and felt she experienced the full circle. Moving on to the Pentagon and finally, the NSA, Diane transitioned into her current role where she orchestrates the educational environment for military and civilian cyber and cryptologists worldwide for the nation. Diane encourages those who love to learn to join the multidisciplinary cybersecurity field. Our thanks to Diane for sharing her story with us.  Learn more about your ad choices. Visit megaphone.fm/adchoices

Threat actors and cybercriminals that don’t have the ability to develop their own ransomware for malicious campaigns can turn to the Smaug Ransomware as a Service (RaaS) offering, which is available via a Dark Web Onion site. At least two threat actors are operating the site, providing ransomware that can be used to target Windows, macOS, and Linux machines. The site is built with ease of use in mind. To launch an attack, threat actors simply need to sign up, create a campaign, and then start distributing the malware. The site also handles decryption key purchasing and tracking for victims.Joining us in this week's Research Saturday to discuss the research is Anomali's Joakim Kennedy and Rory Gould.The research can be found here: Anomali Threat Research Releases First Public Analysis of Smaug Ransomware as a Service Learn more about your ad choices. Visit megaphone.fm/adchoices

SlothfulMedia is the new RAT in town. Emotet spam counts on political commitments. ESET describes two distinct spyware campaigns in the Middle East and Eastern Europe. Hackers are paying more attention than usual to the maritime sector. Awais Rashid from the University of Bristol on privacy concerns of contact tracing apps. Our guest is Krystle Portocarrero from Juniper Networks on the continued rise of encryption and the technical and privacy challenges that come with it. And the US Treasury Department cautions all that paying up in a ransomware attack might land you in sanctions hot water.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/9/192 Learn more about your ad choices. Visit megaphone.fm/adchoices

Two ransomware incidents now seem worse than originally believed. Hacking hospitals raises concerns for patient safety. It appears Fancy Bear was the group that hacked the US Federal agency CISA warned about recently. Chris Novak from Verizon considers whether investigations should be performed under attorney client privilege and if that privilege will hold. Alex Mosher from MobileIron explains how yours truly got phished. With Cookies. And interruptions to trading on Japan’s exchanges seem to be due to technical problems, and not to cyberattack.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/9/191 Learn more about your ad choices. Visit megaphone.fm/adchoices