CyberWire Daily

Magecart Group 5 is linked to the Carbanak gang. Another recently acquired reservation systems brings a headache to hospitality. Another app is found to carry the Joker malware. Some more notes from SecurityWeek’s ICS Cyber Security Conference in Atlanta, where the emphasis remains on attention to detail and taking care of first things first. And a list of the most dangerous celebrities offers a peek into the bad actors’ tackle box. Ben Yelin from UMD CHHS on a federal injunction against a company scraping user profiles from LinkedIn. Guest is Mandy Rogers from Northrop Grumman, on her own professional journey and the importance of diversity. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_23.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Facebook takes down more coordinated inauthenticity from Iran and Russia, and announces a new transparency policy about news sources. The former NSA Director schools an ICS security audience on the Westphalian system. Three VPNs and one antivirus provider sustain breaches that may be contained, but that may also derive from exploitation of phantom accounts. Microsoft gets more EU scrutiny. And Mr. Assange gets another day in court.  Johannes Ullrich from the SANS Technology Institute on phishing targeting the financial industry. Guest is Ori Eisen from Trusona on moving beyond phone numbers, usernames and passwords online. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_22.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Some notes on not jumping to conclusions that incidents are cyber attacks. A false flag operation shows the difficulty of attribution: not everything that purrs is a kitten, because sometimes it’s a bear. Notes from the ISC Security Conference in Atlanta, including some reflections on the criminal market’s business cycle, the dangers of social engineering, and the importance of attending to the fundamentals. And the Vatican fixes a bug. Joe Carrigan from JHU ISI on the ease with which one’s identity can be determined using previously anonymized data sets. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_21.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers at Independent Security Evaluators (ISE) recently published a report titled SOHOpelessly Broken 2.0, Security Vulnerabilities in Network Accessible Services. This publication continues and expands previous work they did examining small office/home office (SOHO) routers, network-attached storage devices (NAS), and IP cameras. Shaun Mirani is a security analyst at ISE, and he joins us to share their findings. The original research is here:https://www.ise.io/whitepaper/sohopelessly-broken-2/ Learn more about your ad choices. Visit megaphone.fm/adchoices

Clickfraud arrives via a third-party SDK, and the app developers who used it say they didn’t know nuthin’. Maybe they didn’t. A Trojanized TOR browser warns its bro’s that, whoa, you’re out of date and the police might see you, but it’s really just stealing the bros’ alt-coin. WiFi bugs are fixed in Kindle and Alexa. Don’t try to jailbreak your iPhone from a sketchy Checkrain site. Two Big Tech companies take different directions on free speech. And Russia gets an assist from Uncle Sam. Craig Williams from Cisco Talos on a Tortoiseshell creating a fake veteran’s job site. Guest is Caleb Barlow from Cynergistek on the challenges of securing medical records. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_18.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Cozy Bear isn’t back--Cozy Bear never really left at all. Iran says the Americans are dreaming: there was no cyberattack in retaliation for Iran’s implausibly deniable missile strikes on Saudi oil fields last month. Malicious audio files are dropping cryptominers and reverse shells into victim systems. An international dragnet collars hundreds in a darknet child exploitation sweep. And Graboid is out there, worming its cryptojacker into susceptible Docker hosts. Robert M. Lee from Dragos on their contribution to the Splunk Boss of the SOC (BOTS) capture-the-flag (CTF) competition. Guest is Chris Hickman from Keyfactor on Public Key Infrastructure. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_17.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

The US may have retaliated in cyberspace for Iran’s strikes against Saudi oil fields. China’s new C919 airliner seems to have benefited greatly from industrial espionage. An old botnet learns new tricks. Typosquatting as an election influence trick. A look at price lists in the Criminal-to-Criminal marketplace. Recovering from ransomware. And when it comes to reputation management, there’s not so much a right to be forgotten as there is a right to fuggeddaboutit, if your get what we mean. Justin Harvey from Accenture on ESports gaining popularity in cyber security.  Guest is Aashka, a high school junior who helped plan the Raytheon Girl Scouts National Cyber Challenge. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_16.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Ransomware hits companies in France and the US. A Finnish energy company sustains a suspicious IT incident. Turkey jams social media as it rolls tanks against the Kurds. Pegasus spyware said to be in use against Moroccan activists. Silent Librarian is still making noise. The Lazarus Group is back with a malign crypto-trading app. China tightens its cyber laws, and the EU privately warns itself that, yes, companies like Huawei are a security risk. Joe Carrigan from JHU ISI, responding to a listener question about training new employees. Carole Theriault interviews Dirk Schrader from Greenbone Networks on the security of medical data. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_15.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Michael Gillespie is a programmer at Emsisoft, as well as a host of the popular ID Ransomware web site that helps victims identify what strain of ransomware they may have been infected with, and what decryptors may be available. He's written many decryptors himself, most recently for the Syrk strain of ransomware. Links to the research and Michael's work: https://blog.emsisoft.com/en/33885/emsisoft-releases-a-free-decryptor-for-the-syrk-ransomware/https://id-ransomware.malwarehunterteam.com/https://www.youtube.com/user/Demonslay335 Learn more about your ad choices. Visit megaphone.fm/adchoices

BitPaymer ransomware is exploiting an Apple zero-day. “Attor” isn’t your ordinary malign faerie: it’s also an espionage platform that’s been carefully deployed against Russian and Eastern European targets. FIN7 upgrades its toolkit. Apple does what the Chinese government asks it to do, blocking a mapping and a news app from users in China. And a look inside the black box, as we visit NSA’s Cybersecurity Directorate. Awais Rashid from Bristol University on the need for real-world experimentation. Guest is Kumar Saurabh from LogicHub on the importance of making breach forensics public. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_11.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices