CyberWire Daily

In today’s podcast we hear that a misconfigured Amazon Web Services database has exposed a risk screening database--and it seems the exposure itself was an instance of third-party risk. Farewell to Coinhive, long a favorite of cryptominers everywhere. Intel pulls back from a 5G project with a Chinese partner. A quick look at Bronze Union, and what the threat actor’s up to. Facebook will soon help you clear your data. And if you have a lawful intercept tool you no longer need, please don’t sell it on eBay. Malek Ben Salem from Accenture Labs on the commoditization of malware. Guest is Michelle Dennedy from Cisco with results from their most recent Data Privacy Benchmark Study. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_28.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that Nokia routers have been found vulnerable to man-in-the-middle and denial-of-service attacks. As one would expect, the  US and North Korean summit in Hanoi this week summons up some hacking. Ukraine accuses Russia of DDoS attacks in the service of election disruption. US Cyber Command played some chin music for St. Petersburg during US midterm elections. And if you’re going to hack into an embassy, wouldn’t you want to do more than install a cryptojacker? David Dufour from Webroot with insights on their pending purchase by Carbonite. Guest is Randy Vanderhoof from the Secure Technology Alliance on managing identity and fraud in the payment space.  For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_27.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear updates on suspicions of Chinese operators. Some trend reports from IBM and NETSCOUT. Bare-metal cloud services get reflashed. USB-C ports may be more vulnerable than thought to direct memory access attacks. Credential-stuffing attacks hit users of online tax-preparation services. And that missile attack on Tampa was not a drill—in fact, it never happened at all—and congratulations to the citizens of Florida for recognizing a hack and a hoax when they see one.  Justin Harvey from Accenture on the types of vulnerabilities adversaries target. Guest is Guarav Tuli from F-Prime Capital on the current venture capital environment for cyber.  For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_26.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that ICANN has warned of a DNS hijacking wave, and is urging widespread DNSSEC adoption. Security firms see Iran as a particularly active DNS hijacker. A B0r0nt0k ransomware outbreak infests Linux servers, but Windows users might be at risk as well. A request for whitelisting in the Firefox certificate store arouses controversy. Technology Review raises questions about blockchain security. Bots keep people from getting consular appointments, and people don’t like it. And telling minotaurs from unicorns. Rick Howard from Palo Alto Networks with tips on moving data to the cloud.   For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_25.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers at security firm Cylance have been tracking a threat group targeting the Rosneft Russian oil company. As Cylance uncovered details, suspicions shifted from state-sponsored espionage to business email compromise. Kevin Livelli is director of threat intelligence at Cylance, and he joins us to share what they found.The original research can be found here: https://threatvector.cylance.com/en_us/home/poking-the-bear-three-year-campaign-targets-russian-critical-infrastructure.html Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that Kiev says it’s found complex, large-scale Russian influence operations in Ukraine’s presidential election. Australian investigators are said to be closer to concluding that recent hacking attempts were the work of Chinese intelligence services. There’s also plenty of ordinary crime to go around. Huawei continues its charm and affordability offensive. User comments drive advertisers away from YouTube. DrainerBot sucks power from phones. And Russia outlaws soldier-selfies. Ben Yelin from UMD CHHS about a lawsuit involving a man refusing to unlock his phone at the U.S. border. Guest is Linda Burger from NSA with information on their Technology Transfer Program.  For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_22.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast we hear about a test of influencing soldiers through their social media: Instagram works best, Twitter not so much. Separ credential-stealing malware successfully lives off the land. NoRelationship attacks get past some email filters. Spamming users to get your point across may not be the best form of disclosure. University researchers find a man-in-the-room bug. Other researchers think they could capsize a ship. Britain’s NCSC continues its dance with Huawei. Password managers remain a good idea. Emily Wilson from Terbium Labs discussing law enforcement on the dark web. UK correspondent Carole Theriault returns with the story of surveillance and facial recognition in London.  For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_21.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that Microsoft has disclosed a Fancy Bear sighting, snuffling around Atlanticist think tanks in Europe. Ukraine says, in effect, see, we told you so. Speaking of bears, it seems that North Korea’s Hidden Cobra may be striking at the biggest bear of them all, going after Russian targets. There’s new decryptor available for GandCrab ransomware. Citizen Lab and NSO Group’s new partial owner exchange notes. A look at a ransomware help desk. Mike Benjamin from CenturyLink with an update on the Necurs botnet. Guest is Tommy McDowell from the R-CISC (the retail ISAC) on the importance of sharing threat data. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear of a small flare in cyber conflict between India and Pakistan. Australian political parties as well as Parliament subjected to attempted cyberattacks. A new strain of malware is being distributed through messaging apps. Microsoft pulls cryptojacking Windows 10 apps from its store. Britain’s NCSC is rumored to have concluded that it can mitigate Huawei risks. Facebook gets a harsh report from Westminster. And a hacker claims a higher motive for his breach (but still wants Bitcoin).  Joe Carrigan from JHU ISI on Apple requiring two-factor authentication for developers. Guest is Igal Gofman from XM Cyber on network compromise through email. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_18.html  Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers at Symantec have been tracking Seedworm, a cyber espionage group targeting the Middle East as well as Europe and North America. The threat group targets government agencies, oil & gas facilities, NGOs, telecoms and IT firms.Al Cooley is director of product management at Symantec, and he joins us to share their findings.The original research can be found here: https://www.symantec.com/blogs/threat-intelligence/seedworm-espionage-group Learn more about your ad choices. Visit megaphone.fm/adchoices