CyberWire Daily

Google takes down YouTube accounts spreading disinformation about Hong Kong protests. Cryptomining gear seized at a Ukrainian nuclear plant. CISA outlines its strategic vision. Telcos and law enforcement team up to stop robocalls. Spyware makes it into the Google Play Store twice. And a man gets life in prison for installing hidden cameras. Awais Rashid from University of Bristol on cybersecurity risk decisions. Guest is Cathy Hall from Sila on Privileged Access Management. Learn more about your ad choices. Visit megaphone.fm/adchoices

A North Korean cyber espionage campaign targets universities, think tanks, and foreign ministries. Chinese cyber spies goes after the healthcare sector. A bug hunter discloses a zero-day for Steam. Updates on the Texas ransomware attacks. Adult sites leak user information. And Veracruz fans hack their club president’s Twitter account to express their displeasure. Guest is Stewart Kantor, CFO and co-founder of Ondas Networks, on securing licensed spectrum. Emily Wilson from Terbium Labs on Phishing Kits. Learn more about your ad choices. Visit megaphone.fm/adchoices

China says Twitter and Facebook are restricting its freedom of speech. The Silence criminal gang has expanded internationally. Google, Mozilla, and Apple are blocking the Kazakh government’s root certificate. A popular Ruby library was backdoored after a developer’s account was hacked. And scammers buy ads to place their phone numbers at the top of search results. Daniel Prince from Lancaster University on cyber risk in a global economy and guest is Rick Howard Palo Alto Networks on a study revealing Americans are confused about cybersecurity. Learn more about your ad choices. Visit megaphone.fm/adchoices

Twitter and Facebook shut down Chinese information operations. A jailbreak for the latest version of iOS is out. Facebook may have known about the “view as” bug. Vulnerabilities in Google’s Nest cams are patched. Instagram gets a data abuse bounty program. The FCC released a report on the CenturyLink outage. And adult websites leak information. Michael Sechrist from Booz Allen Hamilton on exploits. Guest is John Bennett from LogMeIn on addressing the growing cyber threats to the SMB market.   Learn more about your ad choices. Visit megaphone.fm/adchoices

ISIS claims responsibility for Kabul massacre. Huawei gets another temporary reprieve. Local governments in Texas sustain ransomware attacks. Georgia hopes to combat cyberattacks with training. Google cuts a data sharing service. Bulletproof VPN services purchase residential IPs. Smartphones could be used to carry out acoustic side channel attacks. And Hy-Vee warns of a point-of-sale breach. Joe Carrigan from JHU ISI discusses corporate password policies. Guest is Ben Waugh from RedOx talks about bug bounties in healthcare. Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers from King’s College London, University of Bristol, Boston University, and University of Melbourne recently collaborated to publish a report titled, "Automatically Dismantling Online Dating Fraud." The research outlines techniques to analyze and identify fraudulent online dating profiles with a high degree of accuracy.Professor Awais Rashid is one of the report's authors, and he joins us to share their findings.The original research can be found here:https://arxiv.org/pdf/1905.12593.pdf Learn more about your ad choices. Visit megaphone.fm/adchoices

The European Central Bank shutters a service due to a hostile intrusion. Norman quietly mines Monero. MetaMorph passes through email security filters. Some Capital One insiders thought they saw trouble brewing. Instagram crowd-sources epistemology. Deep fakes are well and good, but the will to believe probably gets along just fine with shallow fakes. US Cyber Command posts North Korea’s Electric Fish malware to VirusTotal. Johannes Ullrich from the SANS Technology Institute on IP fragmentation in operating systems. Guest is John Smith from ExtraHop on the aftermath of an insurance claim. Learn more about your ad choices. Visit megaphone.fm/adchoices

Huawei accused of aiding government surveillance programs in Zambia and Uganda. Cyber gangs are adapting to law enforcement, and they’ve turned to “big game hunting.” They’re also adapting legitimate tools to criminal purposes. US Federal prosecutors indicate they intend to add charges to those Paige Thompson already faces for alleged data theft from Capital One. And there’s a new tool out there for detecting gas pump paycard skimmers. Malek Ben Salem from Accenture Labs on transparency and community standards online. Guest is Taylor Armerding from Synopsis on the projected employment shortfall in cyber security. Learn more about your ad choices. Visit megaphone.fm/adchoices

The Czech Senate wants action on what it describes as a foreign state’s cyberattack on the country’s Foreign Ministry. Microsoft warns against the wormable DéjaBlue set of vulnerabilities. More humans found training AI. Insecure airline check-in links. Exposed databases involve BioStar 2 and Choice Hotels--the latter was held at a third-party vendor. And the LAPD doesn’t find a vanity license plate with the letters N-U-L-L particularly funny. David Dufour from Webroot with thoughts on cyber security insurance policies. Guest is Elisa Costante from ForeScout on building automation vulnerabilities. Learn more about your ad choices. Visit megaphone.fm/adchoices

More on the UN Security Council’s report on North Korean state-sponsored cyber crime. PsiXBot evolves. BITTER APT probes Chinese government networks in an apparent espionage campaign. A study looks at the state of spearphishing. It’s not just the three-letter agencies out securing US voting systems; it’s the four-letter agencies who are taking point. And a last look back at Black Hat and Def Con. Jonathan Katz from UMD on Apple’s clever new cryptographic protocol. Guest is Mike Overly from Foley and Lardner LLP on the House’s hold on the State Department’s proposal for a Bureau of Cyberspace Securities and Emerging Technologies. Learn more about your ad choices. Visit megaphone.fm/adchoices