CyberWire Daily

In today's podcast, it's bots, sockpuppets, and trolls, oh my. Mr. Zuckerberg goes to Washington. Equifax sources suggest China hacked it. Credit bureau phishbait chums the Internet. Pyongyang gets a new Internet connection, and observers bet it's not for checking Mr. Kim's fantasy sports leagues (anyway he could get all that from Mr. Rodman). ISIS posts more inspiration, and warnings. NSA prepares to wind down Section 702 operations. Johannes Ullrich from SANS Technology Institute and the ISC Stormcast podcast on malware using malicious DLL files. US and Russia seem to agree on one thing at least: Bitcoin fraud is bad.    Learn more about your ad choices. Visit megaphone.fm/adchoices

APT 33 is an Iranian cyber espionage group that targets aerospace and energy sectors and has ties to destructive malware. John Hultquist is Director of Intelligence Analysis at FireEye, and he takes us through their research. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that Whole Foods has been breached—if you've been to the taproom, look to your credit cards. An illusion gap could help bypass Windows Defender, says Cyber Ark. Microsoft says don't sweat the small stuff. A Mac firmware issue may be giving users a false sense of security. Equifax is offering a lifetime of free credit freezing, but observers are dubious. A study suggests there are still a lot of improperly secured clouds out there. ISIS and the Taliban resume their inspiration operations online. David DuFour from Webroot on the difference between Artificial Intelligence and Machine Learning. Guest is R.P. Eddy, coauthor with Richard Clarke of the book Warnings: Finding Cassandras to Stop Catastrophes. And alleged NSA leaker Reality Winner remains in custody, at least for now.  Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. Recorded Future's user conference RFUN 2017 comes to Washington, D.C. , October 4th and 5th, 2017, bringing together the people who put the act in actionable intelligence. If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper If you want to execute at machine speed, doesn’t make sense to see what the algorithms a good machine runs on can do for you? Check out sponsor Cylance . Learn more about your ad choices. Visit megaphone.fm/adchoices

Deloitte and Equifax continue to find themselves under scrutiny, but we should all resist the urge to chase Ambulances. The SEC commissioner gets a grilling form congress, and we can't help wonder if his Spidey sense was tingling. Chances are your credentials aren't as secure as you'd like them. Dale Drew from Level 3 Communications on attack patterns and lulls. Trip Nine from Comodo on credential theft trends. And Pyongyang is perched on a pile of coal.  Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear more about the Deloitte breach. Deloitte's stil saying little, but other people are talking. The SEC tells the Senate it's "deeply concerned" about its own breach. Popular iOS and Android stock-trading apps are found vulnerable. Sonic drive-ins have sustained what looks like a pretty big breach. Ben Yelin discusses a bipartisan bill to improve IoT security. Isaac Kohen from Teramind on detecting employees involved in radical political activities on company time. Russian influence operations against the US are turning toward local government, religious groups, civic associations and others at the grassroots.  Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. Recorded Future's user conference RFUN 2017 comes to Washington, D.C. , October 4th and 5th, 2017, bringing together the people who put the act in actionable intelligence. If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper If you want to execute at machine speed, doesn’t make sense to see what the algorithms a good machine runs on can do for you? Check out sponsor Cylance .   Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear that Equifax CEO Smith has joined the company's CSO and CIO in retirement, apparent expiation for the credit bureau's breacn. Deloitte remains tight-lipped. Suggestions about how to handle identity and investigate breaches. Mac OS High Sierra suffers from a password exfiltration zero-day. Joe Carrigan discusses Dave's skepticism of password managers. Stephen Moore from Exabeam on post-breach cleanup.  Two days after Germany's elections and the Russian dog hasn't barked (or the Bears growled) but there are plenty of 2016 paw prints over US opinion.  Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. Recorded Future's user conference RFUN 2017 comes to Washington, D.C. , October 4th and 5th, 2017, bringing together the people who put the act in actionable intelligence. If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper If you want to execute at machine speed, doesn’t make sense to see what the algorithms a good machine runs on can do for you? Check out sponsor Cylance .   Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we review reports saying that Deloitte has been hacked. Details are sparse but the story is developing. A Verizon AWS S3 bucket is found exposed online. Locky is being spammed out in quantity. Phantom Squad hoods run a DDoS protection racket. Kinetic tensions the US, Tehran, and North Korea raise expectations of cyber offensives. Chinese intelligence thought behind CCleaner backdoor. Unnamed ISPs accused of FinFisher spyware campaign complicity. Chris Poulin from BAH on vulnerabilities in connected cars. And Carlos Danger will go to the Big House.  Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. Recorded Future's user conference RFUN 2017 comes to Washington, D.C. , October 4th and 5th, 2017, bringing together the people who put the act in actionable intelligence. If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper If you want to execute at machine speed, doesn’t make sense to see what the algorithms a good machine runs on can do for you? Check out sponsor Cylance .   Learn more about your ad choices. Visit megaphone.fm/adchoices

In 2016 Bitdefender uncovered a new advanced persistent threat dubbed Pacifier, targeting government institutions starting in 2014. Using malicious .doc documents and .zip files distributed via spear phishing e-mails, attackers would lure victims with invitations to social functions or conferences into executing the attachments. It’s capable of dropping multi-stage backdoors.Liviu Arsene is a senior e-threat analyst at BitDefender, and he's our guide to the complex components of Pacifier APT. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that the EDGAR breach is being seen as a blow to confidence in financial system. Credit bureaus continue to receive heightened scrutiny after the Equifax breach. FinFisher campaign suggests ISPs may have been compromised. The backdoor in CCleaner seems to have targeted specific companies. US Forces Korea personnel receive a bogus noncombatant evacuation order. Someone behind Locky watches a lot of Game of Thrones. Malek Ben Salem from Accenture Labs with a new attack vector that uses power management systems. Guest is Robert Sell sharing his experience participating in a DEFCON capture the flag. And Thomas the Tank Engine would never do what some skids show him doing.  Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that the SEC was hacked, and someone might have made a lot of money from the incident. Equifax tweets send inquirers to a phishing site. Investigation into the Avast caper suggests a state intelligence service's hand. The Department of Homeland Security clarifies its ban on Kaspersky products. Emily Wilson from Terbium Labs, cautioning us to not be so distracted by big shiny objects like "taking down the power grid" that we forget the basics, like enabling two-factor authentication. Richard Henderson, global security strategist at Absolute, commenting on the Equifax breach and the challenges of keeping up with patching. And chatbots turn spiritual.  Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. Recorded Future's user conference RFUN 2017 comes to Washington, D.C. , October 4th and 5th, 2017, bringing together the people who put the act in actionable intelligence. If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper. Learn more about your ad choices. Visit megaphone.fm/adchoices