CyberWire Daily

What’s an insider threat? Loosely, it’s a threat that operates from within your organization. In this CyberWire special edition, our UK correspondent Carole Theriault speaks with experts who’ll talk us through the different ways insider threats manifest themselves. A quick note - when Carole interviewed Dr. Richard Ford he was with Forcepoint. He’s since moved on to Cyren. Learn more about your ad choices. Visit megaphone.fm/adchoices

Until recently, usability was often an afterthought when developing security tools. These days there's growing realization that usability is a fundamental part of security. Lorrie Cranor is director of the CyLab Usable Privacy and Security lab (CUPS) at Carnegie Mellon University. She shares the work she's been doing with her colleagues and students to improve security through usability.The research can be found here:https://www.cylab.cmu.edu/news/2019/07/29-usability-history.html Learn more about your ad choices. Visit megaphone.fm/adchoices

FireEye warns of Messagetap malware and its spying on SMS. NSO Group’s Pegasus troubles seem to be expanding. Russia prepares to disconnect its Internet. The US opens a national security investigation into TikTok. An Android keyboard app is making bogus purchases and doing other adware stuff. E-sports draw criminal attention. And happy birthday, GCHQ. Robert M. Lee from Dragos on why it’s important for him to set aside time for teaching. Guest is Phil Quade from Fortinet on his recently published book, The Digital Big Bang, which makes an analogy between the Big Bang that created our Universe, and the explosion of bits & chaos in humankind’s age of cyber. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_01.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

The Kudankulam Nuclear Power Plant confirms it had malware in a business system, but that control systems were unaffected. Franchising coordinated inauthenticity. Facebook deletes NSO Group employees. Twitter says it will no longer accept political ads. NIST wants your comments. And Moody’s appears ready to consider cyber risk in its credit ratings. Ben Yelin from UMD CHHS on Europeans' right to repair. Guest is part two of my interview with Tanya Janca from Security Sidekick on web application inventory and vulnerability discovery. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_31.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

WhatsApp sues NSO Group for spreading Pegasus intercept software through WhatsApp’s service. Georgia continues its recovery from the large website defacement campaign it suffered at the beginning of the week. Facebook ejects more inauthenticity. Johannesburg hangs tough on cyber extortion. Money laundering finds its way into online games. Norsk Hydro’s insurance claim. An update on pentesting in Iowa. And Bed, Bath, and Beyond sustains a data breach.  Awais Rashid from Bristol University on securing large scale infrastructure. Guest is Tanya Janca from Security Sidekick on finding mentors and starting her own company. Learn more about your ad choices. Visit megaphone.fm/adchoices

Fancy Bear is pawing at anti-doping agencies, again, suggesting more to come for the 2020 Tokyo Olympics. Johannesburg has declined to pay the Shadow Kill Hackers the money they demanded. Adwind jRAT has gotten a bit harder to detect. The US FCC is considering a measure that would prevent certain funds from being used to purchase Huawei or ZTE gear. Pwn2Own goes ICS. Georgia is hit by unknown hackers, and Magecart appears in an American Cancer Society website. Daniel Prince from Lancaster University on risk management and uncertainty. Guest is Robb Reck from Ping Identity with their research, 5 Steps to Improve API Security. Learn more about your ad choices. Visit megaphone.fm/adchoices

Actionable intelligence, culling signal from noise, and the online resilience of threat groups. Ransomware hits a legal case management system. The city of Johannesburg continues its recovery from an online extortion attempt. The Raccoon information stealer looks like a disruptive product in the criminal-to-criminal market: not the best, but good enough, and cheaper than the high-end alternatives. And who’s more vulnerable to scams: seniors or young adults? It’s complicated.  Joe Carrigan from JHU ISI on Metasploit as a tool for good or bad. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_28.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers at Juniper Networks have been tracking a trojan they call Masad Stealer, which uses the Telegram instant messaging platform for part it its command and control infrastructure. (Telegram wasn't hacked; it's the innocent conduit.) Mounir Hahad is head of Juniper Threat Labs at Juniper Networks and he joins us to share their findingsThe original research is here: https://forums.juniper.net/t5/Threat-Research/Masad-Stealer-Exfiltrating-using-Telegram/ba-p/468559 Learn more about your ad choices. Visit megaphone.fm/adchoices

A spearphishing campaign is found targeting humanitarian, aid, and policy organizaitons. Google and Apple remove clickfraud-infested apps from their stores. A last look back at SecurityWeek’s 2019 ICS Cyber Security Conference, which wrapped up in Atlanta yesterday afternoon. Close- reading GCHQ and NSA advisories. The BBC takes to the dark web, in a good way. And Senators call for investigations of Amazon and TikTok. David Dufour from Webroot with research on phishing. Guest is Jeremy N. Smith, author and host of The Hacker Next Door podcast. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_25 .html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

AWS and Google Cloud are back up after early week unrelated outages. A German automation tool manufacturer discloses a ransomware infestation. Mobile malware in the spies’ toolkit. The FBI’s Protected Voices share election secuirty informaiton. Notes from SecurityWeek’s 2019 ICS Cyber Security Conference. NCSC’s annual report. And people have things to say about backdoors, bribes, and those aliens at Area 51. (Chemtrails, too.) Craig Williams from Cisco Talos with an update on Emotet. Guest is Dave Weinstein from Claroty discussing threats to critical infrastructure. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_24.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices