CyberWire Daily

Turla is back, and with a clever backdoor called “LightNeuron.” Verizon’s Data Breach Investigations Report shows that the C-suite remains a big target of social engineers, that crooks are following companies into the cloud, that ransomware remains popular, and that people seem warier of phishing. Bad actors peddle influence in the EU. Binance gets looted, Baltimore gets hacked. Meny Har from Siemplify explains SOCs, SIEMs and SOARs. Ben Yelin from UMD CHHS considers emojis in the courtroom. Learn more about your ad choices. Visit megaphone.fm/adchoices

Buckeye seems to have reengineered some of Uncle Sam’s cyber tools, and they did it without, apparently, help from the ShadowBrokers. More on airstrikes as retaliation for hacking, with a brief excursus on electronic warfare. Notes on malicious commitment as one of the hazards of open source software development. How big is the dark web? Big enough, but maybe not as big as everyone thinks. And beware of bogus Avengers Endgame sites. David Dufour from Webroot with thoughts on HTTPS security concerns. Guest is Michael Figueroa from the Advance Cyber Security Center on their recent report identifying a need for a board-level cyber risk management standard. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/May/CyberWire_2019_05_07.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Tracking a group that’s after the software supply chain. Israel adds airstrikes to the array of responses it’s prepared to make to hackers. The US Federal Trade Commission still doesn’t know how you solve a problem like Mark. Some more notes from last week’s Global Cyber Innovation Summit. Sophos has more details on MegaCortex, a new strain of ransomware. And criminal organizations organize and operate a lot like legitimate businesses. Joe Carrigan from JHU ISI with information on a remote code execution vulnerability affecting Dell systems. Guest is Blake Sobczak from E & E News on the recent electrical grid “cyber event”. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/May/CyberWire_2019_05_06.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers at Cisco Talos have been tracking what they believe is a state-sponsored attack on DNS systems, targeting the Middle East and North Africa. This attack has the potential to erode trust and stability of the DNS system, so critical to the global economy.Craig Williams is director of Talos Outreach at Cisco, and he joins us to share their findings. The original research can be found here:https://blog.talosintelligence.com/2019/04/seaturtle.html Learn more about your ad choices. Visit megaphone.fm/adchoices

That cyber incident that affected electrical utilities in the western United States seems to have been a denial-of-service attack. Concerns arise over potential proliferation of Chinese security service tools. Exploit blackmarketeer Volodya and some customers. The Retefe banking Trojan is back. Some new ransomware thinks it’s the moving finger that writes, and, having written, moves on. And some cause for measured optimism at the Global Cyber Innovation Summit. Emily Wilson from Terbium Labs on the Dynamic Connections conference, hosted by General Dynamics. Guest is Joseph Carson from Thycotic on lessons he’s learned (the hard way) on communications with the board. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/May/CyberWire_2019_05_03.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

The group behind the Wipro attack has been active since 2015. Office 365 are still being targeted by account takeover attacks. A third-party Android app store is serving malware. The UK Defense Secretary has been sacked over leaked information. The US warned Russia to cease its support of Venezuela’s Chavista regime. Russia’s Internet sovereignty bill is signed into law. And notes on the Global Cyber Innovation Summit. Jonathan Katz from UMD on law enforcement requests for “ghost” encryption. Guest is Cody Cornell from Swimlane on collaborative SOCs. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that a US Energy Department report alludes to a March cyber incident. Citycomp refused to yield to blackmail, so now its client data is being leaked. The US Department of Homeland Security has issued Binding Operational Directive 19-02. A UK judge sentenced Julian Assange to fifty weeks jail for bail jumping. Facebook the privacy-focused initiatives it plans to implement. And notes on the Global Cyber Innovation Summit. Robert M. Lee from Dragos on the pros and cons of conferences like RSA. Guest is Bert Grantges from Vera on cyber security as a business enabler. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/May/CyberWire_2019_05_01.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

A backdoor turns out to be a familiar kind of Telnet implementation (and it was fixed seven years ago in any case). A large database of US household personally identifiable information was found exposed online, but who owned it remains unclear. The US Department of Homeland Security releases a Critical Functions List. ISIS’s sometime Caliph is back online. And piracy streaming is loaded with malware. Who knew? Craig Williams from Cisco Talos on their research into malware markets on Facebook. Guest is Dean Pipes from TetraVX on the root cause of shadow IT. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_30.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Vulnerable peer-to-peer software exposes consumer and small-business IoT devices to compromise. A hacker says he’s hacked automotive GPS trackers, all for the good, of course, and could even turn off a car’s engine. Not, you know, that he would. Sri Lanka warns of the possibility of more violence, and journalists wonder if prior restraint of certain speech might be worth considering. Curating app stores for security. And potty-mouthed eScooters on Brisbane streets.  Joe Carrigan from JHU ISI on Facebook’s continuing privacy violations, potential FTC fines and PR woes. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_29.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers at Ben Gurion University in Israel have developed techniques to infiltrate medical imaging system networks and alter 3D medical scans within, fooling both human and automated examiners with a high rate of success. Yisroel Mirsky is a cybersecurity researcher and project manager at Ben Gurion University, and he joins us to share what his team discovered.The original research can be found here:https://arxiv.org/pdf/1901.03597.pdfA video demonstrating the exploit is here:https://youtu.be/_mkRAArj-x0 Learn more about your ad choices. Visit megaphone.fm/adchoices