CyberWire Daily

Investigation of the Easter massacres in Sri Lanka continues. For all the concern about online inspiration, some of the coordination seems to have been face-to-face. Symantec describes a cryptojacking campaign, Beapy, that propagates using EternalBlue. An Oracle web server zero-day is reported. Recorded Future describes the commodified black market for credential-stuffing. And there’s a cabinet dust-up in the UK over a leak about the government’s plans for Huawei. Johannes Ullrich from SANS and the ISC Stormcast podcast on the increase in DHCP client vulnerabilities he’s been tracking. Guest is Anura Fernando from UL on the technological and regulatory challenges of medical devices and wearables. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_26.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Sri Lanka’s investigation of the Easter massacres continues, with some ISIS video surfacing. Apps with aggressive adware found in Google Play. Context-aware phishbait may be bringing the Qbot banking Trojan to an email thread near you. Facebook seems to think the FTC is about to hit it hard, and sets aside a rainy day fund. And the Wall Street Market, a contraband souk on the dark web, may be engaged in an exit scam.  Ben Yelin from UMD CHHS on the NSA recommending dropping the phone surveillance program. Guest is Jason Mical from Devo on the increasing importance of threat hunting. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_25.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Sri Lanka investigates a homegrown jihadist group with possible international connections for the Easter massacres. New Zealand is preparing the Christchurch Call to exclude violent terrorist content from the Internet. ShadowHammer moves its supply chain attacks upstream. Carbanak source code seems to have been in VirusTotal for two years. Someone’s spoofing financial institutions. Bots surged upon the release of the Mueller report. ASD offers a counsel of perfection. Prof. Awais Rashid from University of Bristol on evidence based risk assessment. Guest is Michael P. Morris from Topcoder on the challenges of creating secure apps in the gig economy. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_24.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

ISIS claims responsibility for the Sri Lankan bombings. The government maintains its declared state of emergency, and has arrested at least forty in the course of its investigation. Check Point describes a spearphishing campaign against embassies in Europe. It’s thought to be the work of the Russian mob. Weak keys let the “Blockchain Bandit” rifle alt-coin wallets. And a disgruntled bug hunter doxes one of Mexico’s embassies. Justin Harvey from Accenture on preserving digital evidence in the aftermath of a cyber attack. Guest is Maryam Rahmani on the upcoming NYIT Girls in Engineering and Technology Day. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_23.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Sri Lanka clamps down on social media in the wake of Easter massacres. Authorities suspect an Islamist group, but no terrorist organization has so far claimed responsibility. CIA intelligence is said to have the goods on Chinese security services’ hold over Huawei. Marcus Hutchins, also known as MalwareTech, and famous as the sometime hero of the WannaCry kill-switch, has taken a guilty plea to charges connected with the distribution of Kronos banking malware. Joe Carrigan from JHU ISI on password research from WP Engine. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_22.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers have discovered a number of vulnerabilities in the SwissPost e-vote system which could allow undetectable manipulation of votes. Dr Vanessa Teague is Associate Professor and Chair, Cybersecurity and Democracy Network at the Melbourne School of Engineering, University of Melbourne, Australia. She joins us to explain her team's findings.The original research is here:https://people.eng.unimelb.edu.au/vjteague/SwissVote Learn more about your ad choices. Visit megaphone.fm/adchoices

Some observations on the Mueller Report, in particular its insight into what two specific GRU units were up to. (And some naming of DCLeaks and Guccifer 2.0 as GRU fronts.) Someone is doxing Iran’s OilRig cyberespionage group. A French government messaging app appears less secure than intended. Old Excel macros can still be exploited. And what were the Wipro hackers after? Gift cards, apparently. Malek Ben Salem from Accenture Labs on the Cisco Talos report on malware markets in Facebook groups. Guest is Barbara Lawler from Looker Data Sciences on GDPR, CCPA and the coming wave of privacy legislation. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_19.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

The US Justice Department releases the redacted Mueller Report: investigators found no evidence sufficient to establish conspiracy or coordination between any US persons and the Russians over the 2016 campaign, but the Bears were busy. The Sea Turtle campaign sets a worrisome example of DNS manipulation. Sneaky apps booted from Google Play. Facebook apologizes again. Notre Dame fire fraud. Replication in cyber research. And an act of gratuitous computer destruction. Robert M. Lee from Dragos with a look back at the evolution of ICS technology. Guest is Nathan Katzenstein. He’s got 20 years in IT, and offers his perspective on the job market as he finishes up his masters in cyber security. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_18.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Spearphishing campaign against Ukraine traced to the so-called “Luhansk People’s Republic.” Anonymice threaten to rain chaos on Yorkshire if Julian Assange isn’t freed--actually, more chaos since the initial chaos was perhaps too easily overlooked. An implausible venture capitalist is asking people if they’re being paid to bad-mouth a security firm. Pirated Game of Thrones episodes carry malware. David Dufour from Webroot with survey results on AI and ML. Guest is Derek Vadala from Moody’s Investor Service on Moody’s framework for assessing cyber risk. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_17.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Condolences to the city of Paris and the people of France. And, alas, expect fraud to follow fire. A compromise may have turned a company’s networks against its customers. Denial-of-service in Ecuador. A look at Brazil’s cyber criminals. Selling a keylogger, complete with terms of service. Facebook’s attitude toward data. The EU finalizes its controversial copyright law. Huawei’s prospects. And what did the algorithm know, and when did the algorithm know it? Emily Wilson from Terbium Labs with their Fraud Guides 101 report. Guest is Ed Bellis from Kenna Security on their latest research report focused on vulnerability remediation. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_16.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices