CyberWire Daily

Spanish TV is temporarily replaced by Russian programming. APT20, Violin Panda, is back, and playing a familiar tune. Rancor against Cambodia. The US Congress gets frosty with China and Russia. How Zeppelin ransomware spreads. Due diligence in M&A. Germany’s BSI warns of an Emotet campaign. A suspect in the Dark Overlord case is arraigned in St. Louis. The FBI collars a guy who ratted himself out over social media. David Dufour from Webroot with a review of their 2019 mid-year threat report. Guest is James Ritchey from GitLab with lessons learned on the one-year anniversary of their bug bounty program. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_19.html  Support our show   Learn more about your ad choices. Visit megaphone.fm/adchoices

More ransomware steals first, encrypts later. Are cobots vulnerable to novel forms of ransomware? Gangnam Industrial Style--the espionage campaign, not the K-pop dance number. Rancor is a persistent, well-resourced, and creative APT, but without much success to its credit. The Foreign Intelligence Surveillance Court takes the FBI to the woodshed. And, hey, maybe he’s really Vlad the Updater? Tom Etheridge from CrowdStrike on incident response speed and the 1-10-60 concept. Guest is Eli Sugarman from the Hewlett Foundation with the results of their CyberVisuals contest.  For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_18.html  Support our show   Learn more about your ad choices. Visit megaphone.fm/adchoices

Updates on the ransomware attacks in Florida and Louisiana. North Korea’s Lazarus Group adopts a new Trojan as it shows signs of pivoting into the Linux ecosystem. Insufficient entropy in IoT key generation. Older versions of WhatsApp are vulnerable to exploitation. The state of Julian Assange’s extradition to the US. Hey--this is Moscow! Where’d you think you were, Iowa? And guess who’s still running Windows XP? Ben Yelin from UMD CHHS on Google location data being used to find a bank robber. Guest is Michael Chertoff from the Chertoff group on the 5G transition. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_17.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Iran says it’s foiled a cyber espionage campaign mounted by APT27, a Chinese threat group. The Indian government responds to protests over a citizenship law in two states by sending in troops and cutting off the Internet in those states. The City of New Orleans sustains what appears to be a ransomware attack. So does a New Jersey healthcare network. And three Senators would like credit bureaus to tell them what the FBI is asking for. Joe Carrigan from JHU ISI on Twitter’s proposal to shift to open standards.  For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_16.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Capture the Flag competitions are an increasingly popular and valuable way for both cyber security students and seasoned professionals to test their skills, stay sharp and maybe even put a bit swagger on display. We set out to capture the excitement of a capture the flag event. As luck would have it, our sponsors at Juniper Networks were hosting a capture the flag hackathon at their annual NXTWork conference in Las Vegas, and they invited our CyberWire team to join them to experience it for ourselves. Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers at BlackBerry Cylance have been tracking ordinary WAV audio files being used to carry hidden malicious data used by threat actors. Eric Milam is VP of threat research and intelligence at BlackBerry Cylance, and he joins us to share their findings.The research can be found here: https://threatvector.cylance.com/en_us/home/malicious-payloads-hiding-beneath-the-wav.html Learn more about your ad choices. Visit megaphone.fm/adchoices

Parties unknown are phishing for government credentials in at least eight countries. Some other parties unknown are compromising Telegram accounts in Russia. Lateral movement is in the news, but not the good, Lamar Jackson kind. A familiar order of battle in the Crypto Wars emerges, again. NSA’s IG reports on SIGINT data retention. And a peek into what we suppose we must call the minds of some of the people hacking Ring systems. Daniel Prince from Lancaster University on Cyber security testbeds for IoT research. Guest is David Belson with Internet Society on Russian “Sovereign Internet” Law. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_13.html  Support our show   Learn more about your ad choices. Visit megaphone.fm/adchoices

Flying false flags, and borrowing someone else’s attack tools as the mast you use to run them up. The Pensacola cyber attack has been identified as involving Maze ransomware. China moves toward building its own autarkic operating system. US Senate Judiciary Committee hearings take an anti-encryption turn. TrickBot is phishing with payroll phishbait. And Krampus malware is punishing iPhone users as they shop during the holidays. Tom Etheridge VP of services from CrowdStrike, introducing himself. Guest is Dean Sysman from Axonius on S3 security flaws. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_12.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Iran says it’s stopped a cyber attack, and that an insider was responsible for a major paycard exposure. Trickbot is now working for the Lazarus Group. Influence operations both foreign and domestic concern British voters on the eve of the general election. The cryptowars are heating up again as the US Senate opens hearings on encryption. Pensacola’s cyberattack was ransomware, and so too apparently was the one that hit the Cherokee Nation. And do it for state. Emily Wilson from Terbium Labs with warnings about connected gifts for children. Guest is Kevin Lancaster from ID Agent on monitoring people affected by the OPM breach.  For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_11.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

The city of Pensacola is hit hard by an unspecified cyberattack. Ryuk ransomware decryptors may cause data loss. A new variant of Snatch ransomware evades anti-virus protection. The US Justice Department’s Inspector General has reported on the FBI’s Crossfire Hurricane investigation. Another unsecured database exposes PII. Keep an eye out for Patch Tuesday updates. And it’s prediction season, so CyberScoop lets the bots out. Ben Yelin from UMD CHHS on legislating the right to sue online platforms. Guest is Chris Wysopal from Veracode with findings on security debt from their State of Software Security report. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_10.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices