CyberWire Daily

A US Defense Intelligence Agency analyst has been charged with leaking national defense information. Europol releases its 2019 Internet Organized Crime Threat Assessment. NSA Director Nakasone says the Agency’s Cybersecurity Directorate will first focus on protecting the Defense Industrial Base from intellectual property theft. CISA wants subpoena power over ISPs. And US companies are criticised for caving to Beijing's demands. Robert M. Lee from Dragos on regulations vs incentives when securing the electrical grid. Guest is Robb Reck from Ping Identity with results from their CISO Advisory Council’s new research on Securing Customer Identity. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_10.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Twitter says it’s sorry is anything might have inadvertently happened with users’ email addresses and phone numbers, and that it’s taking steps to stop whatever might have happened from happening again. If anything actually happened. Other concerns about privacy surface elsewhere. The US  Senate Intelligence Committee issues its report on influence operations in the 2016 elections. Kaspersky ties a sophisticated malware campaign to Turla. Ben Yelin from UMD CHHS on a DARPA-inspired program exploring the possibility of using predictive technology to identify dangerous individuals. Guest is Neill Sciarrone from Trinity Cyber, discussing her career and the importance of attracting women to cyber. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_09.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

An update on Mustang Panda, and its pursuit of the goals outlined in the Thirteenth Five Year Plan. Unpatched Drupal instances are being hit as targets of opportunity. NSA adds its warnings to those of CISA and NCSC concering widely used VPNs: if you use them, patch them. (And change your credentials). Five Senators tell Microsoft, nicely, that Redmond is naive about Huawei. Patch Tuesday is here. And US Presidential campaign websites get privacy grades. Johannes Ullrich from the SANS Technology Institute on server side request forging. Guest is Jadee Hanson from Code42 with the results of their 2019 Global Data Exposure Report. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_08.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Iranian threat group Phosphorus (or Charming Kitten) has been found active against US elections and other targets. A big database of PII on Brazilians is up for auction in the dark web souks. Prince Harry takes a legal whack at Fleet Street. An Atlantic Council session takes a look at electrical infrastructure cyber risk. An Alabama medical system pays the ransom to get its files back. And HildaCrypt’s developers say it was all in fun, and release their own keys. Joe Carrigan from JHU ISI on the wider availability of malicious lightning charging cables. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_07.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers at FireEye recently released a report detailing the activities of APT41, a Chinese cyber threat group notable for the range of tools they use, their origins in the world of video gaming, and their willingness to shift from seemingly state-sponsored activity to hacking for personal gain. Nalani Fraser and Fred Plan contributed to the report, and they join us to share their findings.The original research is here: https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html Learn more about your ad choices. Visit megaphone.fm/adchoices

Project Zero warns that a use-after-free vulnerability in widely used Android devices is being exploited in the wild. Uzbekistan’s National Security Service continues to get stick in the court of public opinion for sloppy opsec. Check Point reports on what appears to be an Egyptian domestic surveillance operation. Palo Alto reports on a newly discovered Chinese state threat actor. A new volley in the Cryptowars. And Vlad gets out the rubber chicken. Guest is Paige Schaffer, CEO of Generali Global Assistance’s Identity and Digital Protection Services Global Unit, on the University of Texas ITAP report. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_04.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Who’s been hacking aerospace firms? Context Security suggests it’s a new Chinese threat actor, “Avivore.” The FBI issues a ransomware alert. The NCSC warns of active exploitation of vulnerable VPNs. The EU issues a sweeping takedown order to Facebook. US Senators ask Facebook about deep fakes. Spearphishing at the Australian National University. FireEye may be for sale. And the SandCat threat group shows poor opsec. Craig Williams from Cisco Talos on maliciously crafted ODT files. Guest is Yoav Leitersdof of YL Ventures with insights on the VC market in Israel. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_03.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Sobinokibi ransomware looks more like the child of GandCrab, and McAfee has some thoughts on how ransomware-as-a-service operates. FakeUpdates are back, and they’re installing ransomware, too. The Adwind RAT is back and infesting a new set of targets: it’s moved on from hospitality and retail and into the oil industry. Maliciously crafted ODT files are appearing in the wild. And a big database about Russian taxpayers has appeared in an unsecured Elasticsearch cluster. Ben Yelin from UMD CHHS on a California town implementing a robot police patrol unit. Guest is Daniel Garrie from Law & Forensics on eDiscovery. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_02.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

The oligarch behind the St. Petersburg troll farm is sanctioned, again. Recorded Future looks at disinformation and finds there’s a functioning private sector market for it. The European Union seems likely to pursue technological sovereignty, at least to the tune of some R&D investment. Ransomware attacks against US state and local governments have been trending up, and that trend is likely to continue. And NSA has its new Cybersecurity Directorate.  Joe Carrigan from JHU ISI on Microsoft no longer trusting built-in encryption on hard drives. Carole Theriault speaks with Simon Rodway from Entersekt about Facebook’s Libra and how it may effect traditional banks. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_01.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Rheinmetall and DCC have disclosed sustaining cyber attacks. The US Government is looking at airliner cyber vulnerabilities. SimJacker is real, but recent phones seem unaffected. RCMP data misappropriation case update. German police raid a bulletproof host. Gnosticplayers may be back. And someone is sending phishing snail mail that claims the British Crown needs your help to ease the economic fallout of Brexit--a Bitcoin wallet is helpfully made available. Malek Ben Salem from Accenture labs with an overview of five threat factors influencing the cyber security landscape. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_30.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices