CyberWire Daily

CISA tells the Feds to patch Zerologon by midnight tonight. Cerberus surges after its source code is released. Rampant Kitten, an Iranian surveillance operation, is described. The US bans on WeChat and TikTok were both postponed. Justin Harvey from Accenture marks three years since wannacry with a look at ransomware. Our own Rick Howard on red and blue team operations. And police in Germany are looking for ransomware attackers on a homicide charge.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/9/183 Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber Initiative and Special Projects Fellow at the Hewlett Foundation Monica Ruiz shares her career development from aspirations of being a weather woman to her current role as a grantmaker and connector in cybersecurity. Monica discusses how her international study experience changed her outlook and brought her to the field of security. She shares the difficulties she faced as a woman of color when when not that many people look like you, and how she used that as her reason to move forward and better the cybersecurity field through her work. Our thanks to Monica for sharing her story with us.  Learn more about your ad choices. Visit megaphone.fm/adchoices

The cybersecurity space is nothing if not crowded. Yet despite all the fantastic offers and promises being made by vendors, the sober reality persists that spending has not equated to improved security. Did you know that 80% of IT security budgets are focused on detection and containment controls, even though 70% of security experts believe that a greater focus on prevention would strengthen their security posture? Joining the conversation are Bob Olsen from Ankura giving his insight on the many options out there when buying cyber security systems and platforms. Later, we will be joined by Steve Salinas, Head of Product Marketing at Deep Instinct, as he addresses this paradox of why organizations are spending their scarce budget in ways that are contrary to their interests. Learn more about your ad choices. Visit megaphone.fm/adchoices

After the 2016 General Election, the talk was all around foreign meddling. Rumors swirled that some votes may have been changed or influenced by state-sponsored actors. Sanctions and accusations followed. Four years later, is the U.S. any more prepared to protect the results of its largest elections? More than you may realize.Talos researchers take a deep dive into election security after spending the past four years talking to local, state and national officials, performing their own independent research and even watching one state plan an election in real-time.Joining us in this week's Research Saturday to discuss the report on this timely topic is Cisco Talos' Matt Olney. The research can be found here:  What to expect when you’re electing: Talos’ 2020 election security primer. Learn more about your ad choices. Visit megaphone.fm/adchoices

The US Commerce Department announces a clampdown on TikTok and WeChat, to begin Sunday. An overview of the Grayfly and Blackfly units of APT41. Maze begins delivering payloads inside a VM. A ransomware attack on a Düsseldorf hospital is implicated in the death of a patient. Google wants less stalkerware and misrepresentation in the Play store. Caleb Barlow from Cynergistek on the Military's CMMC program. Our guest Galina Antova from Claroty highlights importance of secure remote access in industrial systems during times of crisis. And an alleged fox was allegedly guarding the henhouse.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/9/182 Learn more about your ad choices. Visit megaphone.fm/adchoices

Cerberus is available for free, the Empire Market’s old and betrayed customers are probably looking for another marketplace where English is spoken, and it seems the Russian mob is selling access to North Korea’s Lazarus Group. NSA thinks US elections will be safe and secure, but that influence operations are probably here to stay. Betsy Carmelite from BAH on medical device security, our guest is Jonathan Langer from Medigate on lessons to help clinical and IT leaders at institutions heavily affected by COVID-19. Two Iranians are indicted for espionage and theft, and more evidence allegedly surfaces of Huawei’s role in sanctions evasion. For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/9/181 Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA and the FBI warn of extensive Iranian cyberattacks that exploit flaws in widely used VPNs. The US indicts two men for website defacements undertaken for the benefit of Iran, and in retribution for the US drone strike that killed Quds Force commander Soleimani. The US has also indicted seven in a cybercrime and cyberespionage wave conducted in conjunction with Wicked Panda. Ethiopian strife made worse by social media. Joe Carrigan describes scammers using fake alerts on web sites. Our guest is Kevin Ford, CISO of the state of North Dakota on their move to offer free anti-malware to all state k-12 institutions. And ByteDance’s plans for TikTok grow clearer.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/9/180 Learn more about your ad choices. Visit megaphone.fm/adchoices

Details of the Zerologon vulnerability are published, and it seems a serious one indeed. CISA describes Chinese cyberespionage practices--they’re not exotic, but they’re effective. What’s the difference between highly targeted market research and intelligence collection against individuals? Better commercials? Ben Yelin explains a 9th circuit court opinion with 4th amendment implications. Our guest is Exabeam’s Richard Cassidy on why when it comes to insider risk, context is everything. And there’s been a data breach at the VA.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/9/179 Learn more about your ad choices. Visit megaphone.fm/adchoices

Social engineers use text from legitimate recent warnings. Cybercrooks go for whatever they can get from software about to reach the end of its life. A big database filled with individual information is leaked from a Chinese government contractor. In the race to do whatever it is US companies hope to do with TikTok, Microsoft is apparently out, but Oracle is apparently in. Rick Howard looks at red versus blue. Our gust is Colby Prior, Infrastructure Engineer for AusCERT, on running honeypots. And the FBI wants you to know, contrary what you may have seen online, that Oregon wildfires are not extremist arson.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/9/178 Learn more about your ad choices. Visit megaphone.fm/adchoices

A reading of “Ode to Wealthy Elite”, written circa August 16, 2016. From “The collected works of the Shadow Brokers, volume I,” read by D.W. Bittner, compiled and edited by the CyberWire. The Shadow Brokers represent themselves as hackers who sell stolen exploits, hacking tools, and other scandalous material online to the detriment of Wealthy Elite, whose hidden hands the ShadowBrokers wish to convince you secretly move the world's events. Their online auctions have been notorious fizzles, finding few takers, but they continue to reappear with their offers from time to time. The smart money bets that the Brokers are a Russian intelligence service operation. They communicate in Hollywood scriptwriter broken English as opposed to any known natural language. Learn more about your ad choices. Visit megaphone.fm/adchoices