CyberWire Daily

Investigators from McAfee's advanced threat research unit, working with partners at Coveware, have reevaluated hasty attributions of Ryuk ransomware to North Korea and have explored the inner workings of the threat.John Fokker is head of cyber investigations in McAfee's Advanced Threat research unit. He join us to share their findings.The original research can be found here: https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/ryuk-exploring-the-human-connection/  Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that Finland’s data protection authority is investigating reports that Nokia 7 Plus smartphones are sending data to a Chinese telecom server. Thousands of API tokens and cryptographic keys are exposed in public GitHub repositories. The US government warns that certain cardiac devices can be hacked from close range. A North Carolina county government is dealing with its third ransomware attack. And Magecart groups go after bedding companies. Malek Ben Salem from Accenture Labs with thoughts on securing the digital economy. Guest is Adam Isles from the Chertoff Group on supply chain risks. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_22.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Fancy Bear and Sandworm are launching cyberespionage campaigns against European governments before the EU parliamentary elections. The FIN7 cybercrime group is still active, and it’s using new malware. A scammer stole more than $100 million from Google and Facebook. Facebook stored hundreds of millions of passwords in plaintext for years. And chatbots can learn to impersonate you based on your texts. Ben Yelin from UMD CHHS on rumors of NSA shutting down the Section 215 program. Guest is Jadee Hanson from Code 42 on insider threats. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_21.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that Norsk Hydro’s recovery continues, with high marks for transparency. Some notes on the challenges of deterrence in cyberspace from yesterday’s CYBERSEC DC conference, along with context for US skepticism about Huawei hardware. Cookiebot says the EU is out of compliance with GDPR, it’s sites infested with data-scraping adtech. Google and Facebook get, if not a haircut, at least a trim, in EU and US courts. And some animadversions concerning digital courtship displays.  Dr. Charles Clancy from VA Tech’s Hume Center on updates to the GPS system. Guest is Landon Lewis from Pondurance on balancing AI and human intelligence. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_20.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that an aluminum manufacturing giant in Norway has suffered a major ransomware attack. A new version of the Mirai botnet malware is targeting enterprise systems. The US Homeland Security Secretary says the private sector and the government in the United States need to work together against cyber threats. Europol has a new cyber incident response strategy. And cybersecurity executives say some vendors’ marketing tactics are having a detrimental effect on the security industry. Johannes Ullrich from SANS and the ISC Stormcast Podcast on hardware security issues at the perimeter. Guest is Nathan Burke from Axonius, winners of the 2019 RSAC Innovation Sandbox competition. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_19.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast we hear about content moderation in the aftermath of the New Zealand mosque shootings. A shift in Huawei’s strategy in the face of Five Eye--and especially US--sanctions: the US doesn’t like us because we’re a threat to their ability to conduct untrammeled surveillance. Corruption, neglect, and replacement of experts by politically reliable operators seem to have caused Venezuela’s blackouts. Gnosticplayers are back, with more commodity data. And AI has no monopoly on evil--natural intelligence has that market cornered. Joe Carrigan from JHU ISI on the recently announced DARPA funded effort to develop and open-source voting system. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_18.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Akamai's Larry Cashdollar joins us to describe an exploit he recently came across while researching MageCart incidents. It's a remote command execution vulnerability affecting ThinkPHP, a popular web framework.The original research can be found here: https://blogs.akamai.com/sitr/2019/01/thinkphp-exploit-actively-exploited-in-the-wild.html  Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that a terror attack against two New Zealand mosques is announced on Twitter and live-streamed on Facebook. A new, unobtrusive JavaScript sniffer infests some e-commerce sites in the UK and the US. Cryptojacking finds its way into the cloud. A look at the consequences of regulation, both good and bad. How CISOs will have to grapple with the increasingly pervasive Internet-of-things. And China’s National People’s Congress makes a gesture toward respecting IP, but the world remains skeptical. Craig Williams from Cisco Talos with an update of crypto miners. Guest is Nirmal John, author of the book, “Breach: Remarkable Stories of Espionage and Data Theft and the Fight to Keep Secrets Safe.” For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_15.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that Indonesia says it’s got its voting security under control, and a lot of the problems sound like good old familiar fraud and dirty campaigning. Trustwave warns of a watering hole on a Pakistani government site. Recorded Future goes RAT hunting. Proofpoint offers a look at “intelligent brute-forcing.” Kaspersky reports on two espionage APTs exploiting a just-patched Microsoft zero-day. Flashpoint describes an unusual point-of-sale attack, and Check Point find Trojanized Android apps. Germany’s BND warns against Huawei.  Robert M. Lee from Dragos with thoughts on the Venezuelan power outages. Guest is Jeremy Tillman from Ghostery on the California Consumer Privacy Act. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_14.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In  today’s podcast, we hear that election interference concerns persist around the world. Governments seek to address them with a mix of threat intelligence and attention to security basics. A US Navy report says the Fleet’s supply chain is well on the way to being pwned by Chinese intelligence. Undersea cables are a center of Sino-US competition. The European Parliament warns about the Chinese threat to 5G infrastructure. More calls to rein in Big Tech. And the UN looks at North Korea and sees massive cyber crime. Emily Wilson from Terbium Labs with a look back at the Equifax breach. Guest is Dr. Wenliang (Kevin) Du from Syracuse University on his SEED labs and the importance of hands-on training in cyber security. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_13.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices