CyberWire Daily

Operation Soft Cell was low, slow, patient, and focused, and apparently run from China. Washington and Tehran are woofing at each other, with more exchanges in cyberspace expected. Cyber due diligence is taken increasingly seriously during mergers and acquisitions. Short-sighted design choices affect app security. The US security clearance process gets an overhaul. Shimmers replace skimmers. And yesterday’s US Internet outage explained. Sergio Caltagirone from Dragos on the growing tensions between the US, Russia and Iran and how providers of critical infrastructure can prepare. Tamika Smith interviews Danielle Gaines, a reporter for Maryland Matters, on MD Gov. Hogan’s response to the Baltimore ransomware incident, the creation of the Maryland Cyber Defense Initiative. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/June/CyberWire_2019_06_25.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

The US is said to have conducted cyberattacks against Iranian targets related to recent Iranian moves in the Gulf. They cyber operations are also said to have been a covert alternative to conventional military strikes. The Atlantic Council describes “Secondary Infektion,” a Russian disinformation campaign that begins obscurely, then depends upon amplification. And a case of cyber stalking in Minnesota goes to court. Joe Carrigan from JHU ISI on the escalating calls to patch the BlueKeep vulnerability. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/June/CyberWire_2019_06_24.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers at Cloudflare have been examining HTTPS interception, a technique that weakens security, and have developed tools to help detect it. Nick Sullivan is head of cryptography at Cloudflare, and he joins to us share their findings.The research can be found here:https://blog.cloudflare.com/monsters-in-the-middleboxes/ Learn more about your ad choices. Visit megaphone.fm/adchoices

Tensions between the US and Iran over tanker attacks, nuclear ambitions, and the downing of a Global Hawk drone seem to be finding expression in cyberspace: Refined Kitten sees to be pawing for some American phish. Facebook tries friction as an alternative to content moderation in damping its abuse in fomenting South Asian violence. Cryptomining campaigns are showing some renewed vigor. And a look at lead generation for Nigerian prince scams. Mike Benjamin from CenturyLink on RDP scanning and the GoldBrute campaign. Guest is Michael Coates, former CISO for Twitter and former head of security for Mozilla, from Altitude Networks on better addressing the needs of CISOs and improving the sales process. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/June/CyberWire_2019_06_21.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Call it Waterbug or call it Turla, the Russian cyber operation has been hijacking Iran’s OilRIg cyber espionage infrastructure. Other cyber campaigns also afflict Middle Eastern targets. A US panel convened by CISA has some recommendations for supply chain security. An ad agency inadvertently exposes sensitive personal data. A bankruptcy filing in the AMCA breach. And Riviera Beach, Florida, decides to pay $600,000 in ransom to decrypt its files. Johannes Ullrich from SANS and the ISC Stormcast podcast on DNS security issues. Carole Theriault returns with an interview with ethical hacker Zoe Rose, who shares her advice for woman working in cyber security. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/June/CyberWire_2019_06_20.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

More advice to patch BlueKeep, already. Facebook announces its planned launch of a cryptocurrency, Libra, to the accompaniment of considerable acclaim and at least as much skepticism. Updates on alleged power grid cyber operations. Catphishing and the adaptation of traditional espionage craft in the digital age. And cheap sunglasses turn up as phishbait in compromised social media accounts. Justin Harvey from Accenture with thoughts on tabletop exercises. Guest is Tom Hickman from Edgewise Networks on access control and zero trust. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/June/CyberWire_2019_06_19.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Investigation into Argentina’s power failure continues, with preliminary indications suggesting “operational and design errors were responsible for the outage. Russia reacts to reports that the US staged malware in its power grid. Iran says it stopped US cyberespionage. ISIS worries about its vulnerability to BlueKeep. A breach at EatStreet illustrates some of the features of third-party risk. Ben Yelin from UMD CHHS on a Virginia license plate reader ban. Guest is Jack Danahy from Alert Logic on the troubling issue of adversary dwell time and the IT vigilance gap. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/June/CyberWire_2019_06_18.html  Support our show   Learn more about your ad choices. Visit megaphone.fm/adchoices

The New York Times reports that the US has staged malware in Russia’s power grid, presumably as deterrence against Russian cyberattacks against the US. South America has largely recovered from a large-scale power outage that seems, so far, to have been accidental. An EU report claims that Russian information operations against the EU are increasing. Twitter takes down more inauthentic sites. The Target outage over the weekend seems to have been caused by glitches, not hacking. Joe Carrigan from JHU ISI on the GDPR fine of a Spanish soccer league for a spying app. Tamika Smith speaks with Britt Paris from the Data & Society Research Institute on the weaponization of AI. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/June/CyberWire_2019_06_17.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers at Zscaler have been tracking look-alike apps in third-party Android app stores that carry malicious code. Deepen Desai is VP of security research and operations and Zscaler, and he joins us to share their findings. The original research can be found here: https://www.zscaler.com/blogs/research/third-party-android-store-sms-trojan Learn more about your ad choices. Visit megaphone.fm/adchoices

Xenotime is detected snooping around the North American power grid. Hacking groups exploit the Return of the Wizard vulnerability in Exim servers. Hearings on the extradition of WikiLeaks’ Julian Assange have begun. Online gamers are being chased with credential stuffing attacks: they’re after your skins, your accounts, your credit cards. And some LinkedIn catphish seem to be going to AI charm school. Justin Harvey from Accenture with advice for job-hunting grads. Guest is Dr. Matthew Dunlop, Vice President and Chief Information Security Officer for Under Armour, on the challenges of protecting one of the world’s most well-known brands. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/June/CyberWire_2019_06_14.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices