CyberWire Daily

Researchers at Symantec recently published their findings on an active attack group named Leafminer that's targeting government organizations and businesses in the Middle East region. Vikram Thakur is a technical director at Symantec, and he joins us to share what they've found.The research can be found here:https://www.symantec.com/blogs/threat-intelligence/leafminer-espionage-middle-east  Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear that Russia says it had nothing to do with the Salisbury nerve agent attacks, but no one really seems to be buying the denial. The US indicts a North Korean hacker in matters pertaining to the Lazarus Group. FOIA.gov overshares. British Airways sustains a data breach. The "Silence" gang makes some noise in the underworld. Notes from yesterday's Billington Cybersecurity Summit. And Twitter bans a grandstander…for life. Dr. Charles Clancy from VA Tech’s Hume Center describes the Virginia Commonwealth Cyber Initiative. Guest is Rich Baich, CISO at Wells Fargo with insights on protecting a major financial institution.  Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that the Novichok attacks have brought Britain and Russia to the brink of cyberwar. The UK will take its case to the UN Security Council. Twitter and Facebook have completed their testimony on Capitol Hill, but investigation of tech's role in influence operations and public discourse continue. So do concerns about election security. Unpatched MikroTik routers are being exploited in the wild. OilRig shows some new tricks.  Joe Carrigan from JHU ISI on biometric scanners tagging travelers at the border. Guest is Robert Anderson from the Chertoff Group with insights on the encryption debate.  For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/September/CyberWire_2018_09_06.html Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that German security authorities warn about the possibility of sleeper sabotage malware. A botnet to rival Satori, this one called Hakai, continues to spread to new classes of router. SamSam ransomware remains dishearteningly successful. The US Director of National Intelligence warns against foreign influence in elections. Facebook's former security chief says the midterms could be the World Cup of information Warfare. Silicon Valley comes to Capitol Hill, but without Google. Craig Williams from Talos at Cisco with an update on the Remcos RAT. Guest is Robert Holmes from Proofpoint on the DHS’s Binding Operational Directive (BOD) 18-01 mandate to secure their email systems.  For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/September/CyberWire_2018_09_05.html Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that Intrusion Truth seems to have Stone Panda dead to rights. Chinese intelligence increases targeting of expatriate Uyghurs. Zscaler warns that an ad-fraud campaign is making use of the Tokelau top-level domain. Check Point has a decryptor for RansomWarrior. The US House and Senate will hear from Facebook, Twitter, and Google this week about influence operations, content moderation, and alleged monopolistic practices. And no, Pope Francis isn't giving away Bitcoin, nor did former President Obama encrypt your files. Emily Wilson from Terbium Labs with a look back at the effects of last year’s Alpha Bay takedown.   For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/September/CyberWire_2018_09_04.html Learn more about your ad choices. Visit megaphone.fm/adchoices

Threat researcher Marcelle Lee from LookingGlass Cyber Solutions joins us to share her research on the growing threat of ATM hacks in the U.S. The research can be found here:https://www.lookingglasscyber.com/blog/atm-hacking-you-dont-have-to-pay-to-play/  Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear that the US Intelligence Community says that China is actively trying to recruit spies over LinkedIn. Britain and Germany had earlier issued similar warnings. WindShift espionage group is active in the Gulf. GlobeImposter ransomware continues its evolution and spread. The Five Eyes issue some communiques about cooperation in cyberspace. Russia would like to block Telegram if it could do so without too much collateral traffic damage. Supply chain questions about Google's Titan. Johannes Ullrich from SANS and the ICS Stormcast podcast, with iPhone unlocking techniques. Guest is Andy Greenberg from WIRED discussing his recent article on NotPetya.  For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_31.html Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that Twitter bots have shown up in Sweden's political discourse. Not so much Chinese hacking for influence: Beijing seems to prefer funding sympathetic cultural and research centers. 130 million hotel guests have their PII offered for sale on the dark web. Medical device vulnerabilities are disclosed, and hospitals are urged to patch. Nexus Zeta faces charges in a US Federal Court, apparently in connection with the Satori botnet. Mike Benjamin from CenturyLink with an update on the Necurs botnet. Guest is Gilad Peleg from SecBI on the challenges of secure BYOD policies.  For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_30.html 1 Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear that the Apache Struts vulnerability, patched last week, is being actively exploited by cryptojackers. Microsoft works on a fix for local privilege escalation flaw in Windows. Trend Micro sees similarities among Urpage, Confucius, Patchwork, and Bahamut campaigns. Air Canada suffers a breach. Criminal threats to power grids. And searching for search engine optimization in all the wrong places. Jonathan Katz from UMD on flaws in Intel processors’ secure enclave. Guest is Fred Kneip from CyberGRX on third party risk.  For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_29.html Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that Twitter has suspended more accounts for "divisive social commentary" and "coordinated manipulation." Facebook blocks accounts belonging to Myanmar leaders over Rohingya persecution. US Senators are unconvinced by claims that it's dangerous to research voting-machine vulnerabilities. The House takes a look at the CVE database. Australia's new government reorganizes its cybersecurity portfolio. Justin Harvey from Accenture with details from their mid-year cyber threatscape report. Guest is Sean Tierney from Infoblox with their shadow IoT report.  For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_28.html Learn more about your ad choices. Visit megaphone.fm/adchoices