CyberWire Daily

Huawei is on the US Entity List, and US exporters have been quick to notice and cut the Shenzhen company off. Security concerns are now expected to shift to the undersea cable market. Hacktivism seems to have gone into eclipse. The EU enacts a sanctions regime to deter election hacking. Facebook shutters inauthentic accounts targeting African politics. Salesforce is restoring service after an unhappy upgrade. OGuser forum hacked. And don’t worry about a hacker draft. Jonathan Katz from UMD on encryption for better security at border crossings. Tamika Smith reports on the Baltimore City government ransomware situation. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/May/CyberWire_2019_05_20.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers at Symantec have been tracking an espionage group known as Elfin (aka APT 33) that has targeted dozens of organizations over the past three years, primarily focusing on Saudi Arabia and the United States. Alan Neville is a principal threat intelligence analyst at Symantec, and he joins us to share their findings.The research can be found here: https://www.symantec.com/blogs/threat-intelligence/elfin-apt33-espionage Learn more about your ad choices. Visit megaphone.fm/adchoices

A Slack vulnerability is disclosed and fixed. And this is not as seen on TV: a real NCIS investigation is likely to occupy real JAGs for some time to come, with implications for military and civilian cyber law. The US is moving rapidly on Huawei and its associated companies: it’s now much harder for US companies to do business with them, and there’s likely to be fallout in other countries as well. An exposed database affords an instructive case of responsible disclosure.  Joe Carrigan from JHU ISI on USB device encryption and best practices. Guest is Mike Kijewski from MedCrypt on security for new and legacy medical devices. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/May/CyberWire_2019_05_17.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

President Trump declares a state of emergency over the threat from foreign adversaries and the companies they control. (And yes, Huawei, he’s looking at you.) Dutch intelligence is said to be investigating the possibility of backdoors in telecommunications networks. Concerns about spyware proliferation rise. Cipher stunting is observed in the wild. Titan security keys are spoofable. Meaconing airliners. And misconfigurations expose PII in Russia. Emily Wilson from Terbium Labs on the surprisingly open nature of online sales of elicit goods and services. Guest is Kris Beevers from NS1 on DNS security and management technology. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/May/CyberWire_2019_05_16.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Chinese domestic and foreign intelligence services are cooperating more closely in cyberspace. Another set of speculative execution issues is found in Intel chips. This month’s Patch Tuesday was a big one. CrowdStrike files for its long-anticipated IPO. WhatsApp, spyware, and zero-days. Apple may be required to open its devices to apps from third-party stores. The Cyber Solarium is ready to get started, and Russia offers a helpful hand. Baltimore continues to suffer from ransomware. Malek Ben Salem from Accenture Labs with an overview of the Accenture Technology Vision report. Guest is Tom Pedersen from OneLogin on password use trends. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/May/CyberWire_2019_05_15.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Russian operators breached two Florida counties’ voting systems, but without altering vote counts. Symantec, McAfee and Trend Micro are thought to be the security vendors hit by Fxmsp cybercrminals. WhatApp patches a flaw exploited to install spyware. The Equifax breach seems to have cost the company $1.4 billion. Companies are increasingly aware of data’s potential toxicity. Cisco patches two flaws. And Endless Mayfly peddled fake news on behalf of Iran. Daniel Prince from Lancaster University on asymmetric information and attacker/defender dynamics. Tamika Smith debuts on our show with her story on Hackground, a STEM and robotics club. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/May/CyberWire_2019_05_14.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Fxmsp criminals are now said to have code from a fourth security company, but none of the claimed victims have been publicly identified. A SharePoint vulnerability is being exploited against unpatched servers in the wild. The G7 are preparing a major exercise to evaluate the financial system’s ability to withstand a major cyberattack. No one is saying what the Anthem hackers were after. Amnesty takes NSO Group to court. And the Pentagon takes a security look at VCs. Jonathan Katz from UMD on differential privacy, a technique for providing privacy for individuals taking part in studies. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/May/CyberWire_2019_05_13.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers at Blackberry Cylance have been tracking payload obfuscation techniques employed by OceanLotus (APT32), specifically steganography used to hide code within seemingly benign image files.Tom Bonner is director of threat research at Blackberry Cylance, and he joins us to share their findings.The original research can be found here: https://www.cylance.com/en-us/lp/threat-research-and-intelligence/oceanlotus-steganography-malware-analysis-white-paper-2019.html Learn more about your ad choices. Visit megaphone.fm/adchoices

Fxmsp may have breached three anti-virus companies. US-CERT and CISA warn against a new North Korean malware tool being used by Hidden Cobra: they’re calling it “ElectricFish.” A changing of the guard at Symantec. Former Facebook insiders call for breaking up the company and for more regulation. Facebook disagrees about the breakup, but says it likes the idea of regulation. Two indictments are unsealed--one for leaking classified information, the other for the Anthem breach. Johannes Ullrich shares some vulnerabilities involving tools from Google. Verizon DBIR coauthor Alex Pinto shares this year’s key findings. Learn more about your ad choices. Visit megaphone.fm/adchoices

The Green Leakers release more information about Iranian cyber operators, including details about MuddyWater and the Rana Institute. A misconfigured GitLab instance exposes data used by Samsung engineers. Thoughts on how AI can shift the advantage to the attacker.  Amazon is after hackers who defrauded sellers. DeepDotWeb proprietors are indicted. “Evil Cippy” does VBA stomping. And a food fight in San Mateo’s corner of cyberspace. Justin Harvey from Accenture reviews cyber insurance. UVA’s Mariah Carey shares her experience as captain of the championship winning NCCDC team. Learn more about your ad choices. Visit megaphone.fm/adchoices