CyberWire Daily

Iron Group said to use Hacking Team source code to build a backdoor. Operation Prowli both cryptojacks and sells traffic. Fancy Bear may be getting noisier. VPNFilter has a more extensive set of victim devices than previously believed. ZTE pays a billion dollar fine. CloudPets are oversharing via an unsecured server. The US Senate wants answers from both Facebook and Google about their user data sharing with Chinese companies. Daniel Prince from Lancaster University on the security of Industrial Control Systems. Guests are Kyle Lady and Olabode Anise from Duo Security covering their annual report on authentication.  Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that TempTick and Turla are interested in the US-North Korean summit. That summit might not take up many cybersecurity issues. Where did North Korea get all that digital rope they want to hang the West with? It seems we competed to sell it to them, more-or-less unwittingly. Russian influence ops continue to give lies their bodyguard of truth. The FBI gets a warrant for a high-profile iCloud account. Microsoft outbid Google for GitHub—what will Redmond do with all that code? Facebook may have a complicated relationship with Shanghai. Johannes Ullrich from the ICS Stormcast podcast on deserialization. Guest is Ameesh Divatia from Baffle on GDPR and cloud data privacy.  Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, North Korea still seems to be leaving American IoT networks more-or-less alone, for now, however actively they're hacking elsewhere. Everything old is new again, at least with Russian EW. Cryptocurrency crime is a worry everywhere. A look at law firm hacks shows the counselors could use the help of some street-savvy hotel detectives more than a tech-savvy perimeter security solution, although that wouldn't be bad, either. Beware of letting World Cup Wi-FI be an own-goal. Apple's latest updates seem privacy friendly. Thoughts on AI, and the polygraphing of a time traveler that sounds totally legit. David Dufour from Webroot on new roles for security, and how that impacts hiring and education. Guest is John Dickson from Denim Group on securing voting infrastructure.  Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear that Microsoft is buying GitHub for $7.5 billion. VPNFilter seeks to reestablish itself. Financial Trojans are up and ransomware is down, but don't count the ransomware out, not yet. A get-decrypted-for-free card to Russian ransomware victims. The children of Mirai trouble an unhappy world. USA Really may be the latest incarnation of the Internet Research Agency, complete with rabid Florida squirrels, Wisconsin blood-suckers, and advice on Louisiana's secession. Malek Ben Salem from Accenture Labs on using keyboard biometrics to detect mental disorders.  Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers from Flashpoint recently explored ISIS' ability to distribute propaganda across the internet, and their use of major internet service providers to help them achieve persistence.Ken Wolf is a Senior Analyst at Flashpoint, and he describes what they learned. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear that the Lazarus Group may be on (relative, selective) good behavior. A study suggests that if cybercrime were a country, it would have a GDP comparable to Russia's. The Canadian Security Intelligence Service warns, in the nicest way possible, that Chinese spies are out to get New Zealand. ZTE and Huawei come in for more criticism. The BND gets a court victory in Leipzig. Google's ground-truth algorithms are looking a little truthy. Joe Carrigan from JHU ISI with follow-up on listener comments from last week’s iOS vs Android discussion. Guest is Todd Inskeep from BAH with highlights from a talk he gave at RSA on NotPetya.  Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear that Kaspersky has lost its court challenge to the US Government ban on its products, but plans to  appeal. Cryptomix ransomware is out in the wild. Vulnerabilities found in SingTel routers. Chrome 67 update includes patches. The US Departments of Commerce and Homeland Security address botnets (and ask for research). The US Department of Energy plans for resiliency. Twitter takes down tweens. A packrat at CIA? Reboot your routers. Robert M. Lee from Dragos, reviewing some recently published ICS security reports. Guest is Adam Vincent from ThreatConnect on the increasing importance of threat intelligence for many organizations.  Learn more about your ad choices. Visit megaphone.fm/adchoices

In today' s podcast, we hear that the US has attributed two more strains of malware to North Korea. And whether you call them Hidden Cobra or the Lazarus Group, it's the same reliable crew of Pyongyang hoods. More trouble for the ICO world as unknown but probably bad actors scan for misconfigurations in EOS blockchain nodes. Canadian banks decline to pay extortion. Joker's Stash counterfeits show there's even less honor among thieves than you may have thought. Baratov gets five years for the Yahoo! hack, and "Courvoisier" gets a solid ten-year sentence for multiple crimes. Justin Harvey from Accenture with thoughts on GDPR. Guest is Ruvi Kitov from Tufin on why automation should be in wider use than it is.   Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear that the FBI recommends rebooting your routers against VPNFilter. Data extortion hits Canadian banks. The Cobalt Gang is back. 51% attacks fiddle with cryptocurrencies. BackSwap banking Trojan is tough to detect. Coca-Cola discloses data theft by a former employee. Courvoisier—the hacker, not the cognac, gets ten years. Facebook continues to work on its content moderation, and Papua New Guinea may block the platform for a month of study. NATO studies humor, very seriously. Ben Yelin from UMD CHHS on police attempts to use a deceased person’s fingerprints to unlock a phone. Guest is Mike Benjamin from CenturyLink on their recent threat report covering IoT and DDoS.  Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers at Akamai recently published a white paper titled UPnProxy: Blackhat proxies via NAT Injections.In it, they describe vulnerabilities with Universal Plug and Play capabilities in home routers, and how malicious actors could take advantage of them. Chad Seaman is a senior CERT engineer at Akamai, and he's our guide.  Learn more about your ad choices. Visit megaphone.fm/adchoices