CyberWire Daily

Researchers at Duo Security have been looking into Apple's Device Enrollment Program (DEM) and have discovered vulnerabilities that could expose users of the service to potential issues from social engineering and rogue devices.James Barclay is Senior R&D Engineer at Duo Security, and he joins us to share what they've found.The original research can be found here: https://duo.com/blog/weak-apple-dep-authentication-leaves-enterprises-vulnerable-to-social-engineering-attacks-and-rogue-devices  Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that the Five Eyes have had quite enough of Stone Panda’s Cloudhopping, thank you very much, and they want Beijing to put a stop to it. Beijing says it’s all slander, and that the Yankees are probably just as bad. Blind turns out not to be as blind as its users thought. Reputation jacking comes to business email compromise. Alexa complies with GDPR, but goes a little overboard. And no, a hitman has not been hired to get you, no matter what that email says. Joe Carrigan from JHU ISI on hackers bypassing GMail two-factor authentication. Guest is Brian McCullough, host of the TechMeme Ride Home podcast and author of the book How the Internet Happened. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_21.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In the third episode of our four-part series, called “Ground Truth or Consequences: the challenges and opportunities of regulation in cyberspace,” we take at risk and regulation in the financial sector, specifically how it intersects with cyber security. How do organizations operate in a heavily regulated global financial environment, while protecting their employees, their customers, and the integrity of a system largely built on trust?Joining us are Valerie Abend from Accenture and Josh Magri from the Bank Policy Institute.Later in the program we'll hear from Jason Hart, CTO for enterprise and cybersecurity at Gemalto. They're the sponsors of this show. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that the US has indicted two hackers working for China’s Ministry of State Security. US and allies are said to be planning a joint response to China’s industrial espionage. Twitter sees suspicious customer support traffic. Microsoft issues an emergency patch for Internet Explorer. Facebook continues to struggle with transparency. New Knowledge CEO acknowledges a questionable experiment in social media manipulation. And, flash: Russian embassy hack was “brutal.” Rick Howard from Palo Alto Networks with some holiday reading suggestions. Guest is Sarah Tennant from the Michigan Economic Development Corporation describing new cyber security initiatives at Michigan universities. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_20.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast we hear of more international skittishness about Chinese hardware manufacturers. Information operations in Taiwan’s elections. EU diplomatic cables hacked, rehacked, and published. Dumbing down cyber craft as a form of misdirection. More Facebook data-sharing practices come under scrutiny. NASA PII exposed; investigation continues. And did you hear the one about the parrot, Alexa, Amazon orders, and sappy dance tunes?  Jonathan Katz from UMD describing security improvements in the Signal messaging app. Guest Michael Doran from Optiv with tips on protecting your organization from ransomware. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_19.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that Shamoon 3 and the renewed activity of Charming Kitty strike observers as the long-expected Iranian cyber retaliation for reimposition of sanctions. The Czech CERT says Huawei and ZTE both represent a threat. Huawei insists it didn’t do nuthin’. Facebook faces a boycott in the wake of Senate commissioned reports on Russian trolling. And PewDiePie’s followers deface a Wall Street Journal page. Craig Williams from Cisco Talos with a look back at 2018. Carole Thieriault speaks with Rapid7's Tod Beardsley about their Industry Cyber Exposure report. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear that the Five Eyes agreed to contain Huawei’s potential for espionage. Huawei and ZTE both continue their charm offensive to convince international customers it’s safe to use their gear. Senate commissioned report on Russian influence operations finds the St. Petersburg troll farmers “fluent in American trolling.” Boomstortion scammers now threaten acid attacks. PewDiePie followers—again—hack printers, but this time they say it’s for the public good. Justin Harvey from Accenture on M&A targets and resilience. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_17.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers at Risk Based Security took a detailed look back at the 2014 Sony hack, comparing analysis that occurred while the facts were still unfolding with what we know, today. There are interesting lessons to be learned, especially when it comes to attribution.Brian Martin is V.P. of vulnerability intelligence at Risk Based Security, and he shares their findings.The research can be found here: https://www.riskbasedsecurity.com/2018/09/you-didnt-think-the-sony-saga-was-over-did-you/ Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast, we hear about false flag cyberattacks that mimic state actors, especially Chinese state actors. Chinese intelligence services are prospecting US Navy contractors. Russia’s Fancy Bear continues its worldwide phishing campaign. ISIS claims the career criminal responsible for the Strasbourg Christmas market killings as one of its soldiers. And a bogus bomb threat is being circulated by email—call the technique “boomstortion.”  Malek Ben Salem from Accenture Labs on smart speaker vulnerabilities. Guest is Laura Noren from Obsidian Security on data science ethics. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_14.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices

In today’s podcast we hear that the Saipem hack looks like a new Shamoon variant. Charming Kitten started prowling through relevant places after the Iran sanctions became more serious. US authorities denounce Chinese espionage, especially industrial espionage, but there are as yet no new indictments or sanctions. Concerns mount over Chinese influence operations. Another Canadian may be in Chinese custody—possibly in retaliation for the detention of Huawei’s CFO. Ben Yelin from UMD CHHS on how password policies align with the 5th amendment. Guest is Liz Rice from Aqua Security on the notion of security teams “shifting left.” For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_13.html Support our show Learn more about your ad choices. Visit megaphone.fm/adchoices