CyberWire Daily

Adrian Bednarek is a senior research analyst at Independent Security Evaluators. He and his colleagues looked at weak private cryptocurrency keys on the Ethereum blockchain in an attempt to discover how and why they are being generated as well as how bad actors are taking advantage of them.The original research is here:https://www.securityevaluators.com/casestudies/ethercombing/ Learn more about your ad choices. Visit megaphone.fm/adchoices

Malicious misdirection served up from unpatched WordPress sites. A big, big set of dating site records has been found exposed online--it’s in China, but the records seem to belong to anglophones. Many other files are exposed elsewhere, too, so it’s not a single problem. Turla’s back, and still after diplomats. The International Red Cross proposes rules for cyber conflict. And Baltimore City calculates the cost of not patching. It’s a lot higher than the cost of patching. Craig Williams from Cisco Talos with his take on a critical Microsoft vulnerability, CVE-2019-0708. Guest is Matt Aldridge from Webroot on the San Francisco facial recognition ban. Justin Harvey from Accenture on the dramatic increase in targeted ransomware. Guest is NSA’s Diane M. Janosek, celebrating the 20th year of their Centers of Academic Excellence in Cybersecurity program. Learn more about your ad choices. Visit megaphone.fm/adchoices

Malicious misdirection served up from unpatched WordPress sites. A big, big set of dating site records has been found exposed online--it’s in China, but the records seem to belong to anglophones. Many other files are exposed elsewhere, too, so it’s not a single problem. Turla’s back, and still after diplomats. The International Red Cross proposes rules for cyber conflict. And Baltimore City calculates the cost of not patching. It’s a lot higher than the cost of patching. Craig Williams from Cisco Talos with his take on a critical Microsoft vulnerability, CVE-2019-0708. Guest is Matt Aldridge from Webroot on the San Francisco facial recognition ban. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/May/CyberWire_2019_05_30.html  Support our show   Learn more about your ad choices. Visit megaphone.fm/adchoices

Special Counsel Mueller makes his first public statement about the results of his investigation into influence operations surrounding the 2016 US Presidential campaign. He says his first statement will also be his last. FireEye identifies Iranian coordinated inauthenticity in US 2018 midterm elections, and Twitter and Facebook take down the offending accounts. Notes on the BlueKeep exploit. More Pegasus infestations. Reality Winner revisited. Updates on Baltimore ransomware.  Ben Yelin from UMD CHHS reacts to allegations that NSA may have some culpability in the Baltimore ransomware incident. Guests are Julie Bernard from Deloitte and John Carlson from the FS-ISAC on the recent report, “Pursuing cybersecurity maturity at financial institutions.” For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/May/CyberWire_2019_05_29.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

First American Financial suffers a data exposure, with hundreds of millions of mortgage-related documents left open to the Internet. Someone is scanning Tor for signs of BlueKeep RDP vulnerabilities. China complains about US complaints against Huawei as some major German firms rethink their dealings with Shenzhen. And no, NSA did not hold Baltimore for ransom, but Baltimore wants Washington to pick up its remediation and recovery tab. Malek Ben Salem from Accenture Labs on NIST transitioning some crypto algorithms. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/May/CyberWire_2019_05_28.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Chronicle researchers Juan Andres Guerrero Saade and Silas Cutler recently published research tracking the development of the Stuxnet family of malware, which ultimately led them to the GOSSIPGIRL Supra Group of threat actors. Juan Andres Guerrero Saade joins us to share their findings.The research can be found here:https://medium.com/chronicle-blog/who-is-gossipgirl-3b4170f846c0 Learn more about your ad choices. Visit megaphone.fm/adchoices

Stone Panda is distributing the Quasar RAT. A new strain of Mirai is out. Bitcoin prices are up, and so is the incidence of malicious cryptocurrency apps in Google Play. The US charges Wikileaks’ Julain Assagne with seventeen new counts under the Espionage Act. UK political parties are said to have poor security. Huawei’s charm offensive. Russia points with sad alarm to NATO cyber deterrence policy. Bogus law firm emails prove effective phishbait. Joe Carrigan from JHU ISI on recent research from Google on the effectiveness of basic security hygiene. Guest is Nate Lesser from Cypient Black on  “entangled enterprise risk.” For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/May/CyberWire_2019_05_24.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

The UK and NATO send Moscow a pointed message about the consequences of meddling with either infrastructure or elections. More companies, including ARM, decide they won’t be working with Huawei. Other Chinese companies seem headed for US blacklisting. Moody’s cuts Equifax’s rating over its 2017 breach. Notes from last week’s Cyber Investing Summit. And we may not know much about art, but we know what we like. Justin Harvey from Accenture on the ongoing threat of USB devices. Tamika Smith speaks with Sydney Freedberg Jr. from Breaking Defense about his article, “Can NSA Stop China Copying Its Cyber Weapons?” For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/May/CyberWire_2019_05_23.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Fancy Bear’s latest campaign is using malware reported to Virus Total by US Cyber Command. IBM’s X-Force looks at cybersecurity for travelers, and shares a bunch of horror stories. Security Scorecard looks at the online security of political parties in the US and Europe: some are better than others, but all could use some help. Updates on Huawei and other Chinese companies facing US sanctions. And if you’re listening to this in the US, you may believe you know more than you in fact do. Johannes Ullrich from SANS and the ISC Stormcast podcast on website vulnerabilities due to third party tools. Guest is Inga Goddijn from Risk Based Security on their Q1 Data Breach Report and cyber insurance issues. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/May/CyberWire_2019_05_22.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

BlackWater is snooping around the Middle East. It’s evasive, and it looks a lot like the more familiar MuddyWater threat actor. TeamViewer turns out to have been hacked, and the perpetrators look like the proprietors of the Winnti backdoor. An Android app is behaving badly. Another unsecured database is found hanging out on the Internet. There’s a free decryptor out for a strain of ransomware, but  also it won’t help Baltimore. And the market’s look at the Huawei ban. Craig Williams from Cisco Talos discussing honeypots on Elasticsearch. Guest is Dave Venable from Masergy on cyber vulnerabilities at the infrastructure level. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/May/CyberWire_2019_05_21.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices