CyberWire Daily

Updates on cyberattacks against Norway’s parliament and the Hedmark region. A popular TikTok page is infested with scammers. Magecart’s Inter scanner gains criminal market share. Thomas Etheridge from CrowdStrike on the many potential benefits of outsourced threat hunting. Our guest is Lauren Bean Buitta from Girl Security on closing the gender gap in national security. Heading back to school in Miami? Not so fast, kids. And in Northumberland? Same goes there. (That’s Northumberland, England, by the way, not Northumberland, Pennsylvania.)For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/9/172 Learn more about your ad choices. Visit megaphone.fm/adchoices

Facebook’s August takedowns included coordinated inauthenticity from Pakistan, Russia (that’s St. Petersburg, with a waystation in DC), and a US strategic communication firm. CISA and the FBI say nope, the Russians weren’t in voter databases. A Chinese APT turns its attention from Europe back to Tibet. A new cryptocurrency stealer is active in Central Europe. New Zealand DDoS attacks may be an extortion attempt. Joe Carrigan has the story of a reporter's stolen Facebook account. Our guest is Ophir Harpaz from Guardicore Labs with their Botnet Encyclopedia. And there may be another teenage mastermind behind last month’s Twitter hack.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/9/171 Learn more about your ad choices. Visit megaphone.fm/adchoices

An election hack that wasn’t. More DDoS in New Zealand’s stock exchange. A look at how Iranian cyber contractors make money as a byproduct of cyberespionage. Malware sneeks past Apple’s notarization process. The bandit economy that’s grown up around Fortnite. Ben Yelin looks at how the upcoming US elections could direct the nation’s cybersecurity strategies. Our guest is Julian Waits from Devo with highlights from their 2nd annual SOC performance report. And the US Army’s youngest branch celebrates a birthday.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/9/170 Learn more about your ad choices. Visit megaphone.fm/adchoices

New Zealand’s stock exchange continues to fight through offshore DDoS attacks. Sunday’s Internet outage was a glitch, not an attack. China enacts new technology export controls that may impede the sale of TikTok. Danish authorities investigate allegations of data sharing with NSA. North Korea says it doesn’t rob banks, but Americans do. Caleb Barlow looks at security validation and how it can help manage vendors and SOCs. Rick Howard has the CSO Perspective on Identity Management. And a look at Terracotta, a botnet serving up ad fraud.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/9/169 Learn more about your ad choices. Visit megaphone.fm/adchoices

Host of Darknet Diaries podcast Jack Rhysider shares his experiences from studying computer engineering at university to his strategy of using gamification on his career that led to him landing in the security space. Jack talks about how his wide experiences came together in security and what prompted him to learn podcasting. Jack endeavors to share the whole story through his podcasts while making them entertaining, enlightening and inspirational. Our thanks to Jack for sharing his story with us.  Learn more about your ad choices. Visit megaphone.fm/adchoices

Docker containers have been gaining popularity over the past few years as an effective way of packaging software applications. Docker Hub provides a strong community-based model for users and companies to share their software applications. This is also attracting the attention of malicious actors intending to make money by cryptojacking within Docker containers and using Docker Hub to distribute these images.Palo Alto Networks' Unit 42 researchers identified a malicious Docker Hub account, azurenql, active since October 2019 that was hosting six malicious images intended to mine the cryptocurrency, Monero. The images hosted on this account have been collectively pulled more than two million times. Additionally, when last checked minexmr.com for this wallet ID, Palo Alto's team saw recent activity indicating that it’s still being used.Joining us on this week's Research Saturday is Jen Miller-Osborn from Palo Alto Networks' Unit 42 group to share the research and findings.The research and blog post can be found here: Attackers Cryptojacking Docker Images to Mine for Monero Learn more about your ad choices. Visit megaphone.fm/adchoices

Denial-of-service attacks continue to cripple New Zealand’s NZX stock exchange. The Empire criminal market has exited, and done so with its users funds. US authorities have filed for civil forfeiture of Hidden Cobra’s stolen crytpo assets. An Instagram hijacking campaign is under way. Qbot and Emotet are back, and together again. The former Green Beret who allegedly spied for the GRU offers an insight into his (alleged) motives. We welcome our newest partner to the show, Betsy Carmelite from BAH. Our guest is Mark Calandra from CSC on their 2020 domain security report that revealed shortfalls among the Forbes Global 2000. And the unnamed company cited in the arrest of a Russian national this week has now been named: it’s Tesla. For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/9/168 Learn more about your ad choices. Visit megaphone.fm/adchoices

Several Magecart campaigns turn out to be the work of one gang. The unfortunate persistence of DDoS-for-hire services. Ransomware’s growing sophistication as a class of criminal enterprise. Andrea Little Limbago from Interos on supply chain attacks & risks. Our guest is Mark Testoni from SAP's NS2 on how Covid-19 reshaped classified work. And hey kids: the BeagleBoyz are on a crime spree.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/9/167 Learn more about your ad choices. Visit megaphone.fm/adchoices

New Zealand’s stock exchange has sustained two distributed denial-of-service attacks this week. CISA and FBI issue an alert about GoldenSpy. Two cyber mercenary groups are engaged in industrial espionage for hire. Thailand decides to crack down on sites that host content the government deems illegal. Joe Carrigan looks at new types of crimes made possible by AI. Our guest is Shane Harris from The Washington Post on an Elite CIA unit which failed to secure its own systems. And a Russian national faces US charges of conspiracy to damage a computer.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/9/166 Learn more about your ad choices. Visit megaphone.fm/adchoices

Security trends during the pandemic include shifts in underworld markets and some enduring changes in the way organizations approach cybersecurity. Discount phones come preloaded with adware and fleeceware. TikTok files its lawsuit. Ben Yelin on the Massachusetts Attorney General creating a data privacy office. Our guest is Nitzan Miron from Barracuda Networks on how brick & mortar shops have accelerated their shift online. And spoofing a Bitcoin exchange to spread malware. For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/9/165 Learn more about your ad choices. Visit megaphone.fm/adchoices