CyberWire Daily

Iranian wannabes successfully use Dharma ransomware against soft targets. SourMint hid an ad-fraud and info-stealing package in an SDK. A former US Army officer and sometime Government contractor is charged with working for the GRU. DarkSide ransomware rises as affiliates go into business on their own. Awais Rashid from the University of Bristol on aligning cyber security metrics with business goals. Rick Howard talks data loss prevention with members of the Hash Table. And copycat DDoS extortionists pretend to be, who else? Fancy Bear.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/9/164 Learn more about your ad choices. Visit megaphone.fm/adchoices

Managing director of the Cyber Readiness Institute Kiersten Todt shares how she came to be in the cybersecurity industry helping to provide free tools and resources for small businesses through a nonprofit. She describes how her work on the Hill prior to and just after 9/11 changed. Kiersten talks about the diversity of skills that benefit work in cybersecurity and offers her advice on going after what you want to do. Our thanks to Kiersten for sharing her story with us.  Learn more about your ad choices. Visit megaphone.fm/adchoices

The goal of malicious activity is to compromise the system to install some unauthorized software. Increasingly that goal is tied to one thing: the user. Over the past several years, we as an industry improved exploit mitigation and the value of working exploits has increased accordingly. Together, these changes have had an impact on the threat landscape. We still see large amounts of active exploitation, but enterprises are getting better at defending against them.This has left adversaries with a couple of options, develop or buy a working exploit that will defeat today's protections, which can be costly, or pivot to enticing a user to help you. In today's threat landscape, adversaries are always trying to develop and implement the most effective lures to try and draw users into their infection path. They've tried a multitude of different tactics in this space, but one always stands out — current events.Joining us on this week's Research Saturday from Craig Williams from Cisco's Talos Outreach team to walk us through how current events are used as lures.The research and blog post can be found here: Adversarial use of current events as luresThe CyberWire's Research Saturday is presented by Juniper Networks.Thanks to our sponsor Enveil, closing the last gap in data security. Learn more about your ad choices. Visit megaphone.fm/adchoices

Transparent Tribe upgrades Crimson RAT. Cuba, North Korea, and Saudi Arabia are also interested in influencing the upcoming US election. The University of Utah restored from backups after a ransomware attack, but paid the ransom to prevent the crooks from publishing stolen data. Uber’s former CSO has been charged with allegedly covering up a hack the company sustained in 2016. Justin Harvey from Accenture on how the pandemic has affected Incident Response. Gerald Beuchelt from LogMeIn on how secure remote access may or may not be. And a popular fertility app was found to be sharing data with advertisers without users’ permission.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/9/163 Learn more about your ad choices. Visit megaphone.fm/adchoices

Ukraine warns that Russia’s Gamaredon Group is running a phishing campaign ahead of Ukraine’s independence day. CISA and the FBI publish details on a North Korean remote access Trojan. Google patches a serious Gmail flaw. Marriott faces another lawsuit over its 2018 data breach. The WannaRen ransomware operators have released a decryption key. Rob Lee from Dragos with lessons learned from recent virtual conferences. Our guest is Rachel Tobac from SocialProof with her insights on social engineering and the Twitter hack. For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/9/162 Learn more about your ad choices. Visit megaphone.fm/adchoices

Phone spearphishing is catching on after the Twitter hack. Taiwan blames China for hacking government agencies. FritzFrog botnet is cryptomining, for now. Whoever’s behind GoldenSpy is trying to cover their tracks. WastedLocker ransomware is successful without stealing data. The US Senate Select Committee on Intelligence releases its final report on Russian interference with the 2016 election. Joe Carrigan looks at shady SIM cards. Our guest is Nathan Jones from WhiteCanyon Software on secure data destruction. And an AI company exposes millions of medical records.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/9/161 Learn more about your ad choices. Visit megaphone.fm/adchoices

Suspected patriotic hacktivists are defacing websites. A cryptomining worm is stealing AWS credentials. Cruise company Carnival suffered a ransomware attack that involved data theft. US measures against Huawei are expected to make things much more difficult for the Chinese company. Ben Yelin on new tools tracking cyber data on US borders. Our guest is Jesse Rothstein from ExtraHop on what happens to enterprise security when the network goes dark. And a look at the organizational structure of North Korea’s hacking units.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/9/160 Learn more about your ad choices. Visit megaphone.fm/adchoices

North Korea harasses defectors. Researchers have been exploiting a bug in Emotet to inoculate systems against the malware for the past six months. CISA warns of KONNI spearphishing. RedCurl APT conducts corporate espionage. The US announces more restrictions on Huawei’s access to US-made chips. Chris Novak from Verizon on the evolving role of cyber insurance. Rick Howard on data loss prevention. And Australian schools are without email after an unpleasant experience with Reply-All.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/9/159 Learn more about your ad choices. Visit megaphone.fm/adchoices

Founder and CEO Stu Sjouwerman takes us on a journey of how his career developed from starting a software service company to currently focusing on the infosec side of the business where his team essentially helps to create human firewalls. Stu talks about learning all aspects of the business while creating startups and suggests you learn to speak the language of the area you are looking to get into. He even touches on predicting the future and taking over the world. Our thanks to Stu for sharing his story with us.  Learn more about your ad choices. Visit megaphone.fm/adchoices

Teachers, students, admin, parents: The education sector has possibly the most diverse user base, each requiring its own user privileges, access requirements, and behavioral trends. Yet besides this, there are a number of unique challenges to securing an educational environment, including ensuring broad attack surface protection, minimal false positives, and maintaining a cost-effective security posture. Join us in as we chat with Kevin Ford, Chief Information Security Officer for the state of North Dakota, about these challenges for securing statewide educational institutions and their networks. Later, we will be joined by Steve Salinas, Head of Product Marketing at Deep Instinct and Matthew Fredrickson, Director of IT at Council Rock School District, in what should be a steep learning curve on protecting educational environments. Learn more about your ad choices. Visit megaphone.fm/adchoices