CyberWire Daily

In today's podcast we learn that so far Russian influence seems not to be operating in Germany's election. Iran's APT33 turns from spying to sabotage. Equifax woes continue, but don't appear to include cover-up of an earlier breach. UpGuard helps Viacom dodge a cyber bullet. You may be party to a contract you didn’t know about. Criminal boneheads again more common than criminal geniuses. Ben Yelin from UMD CHHS with a story of the FBI raiding the wrong home based on WiFi router information. Guest is Eddie Habibi from PAS, debunking some ICS myths. And don't be a gazelle.  Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. Recorded Future's user conference RFUN 2017 comes to Washington, D.C. , October 4th and 5th, 2017, bringing together the people who put the act in actionable intelligence. If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that WikiLeaks is shocked, shocked, to learn that there's gambling…uh, we mean, Russian surveillance going on. Advice from Ukraine about influence operations. The Equifax story may have gotten worse—there may have been an earlier breach in March. Software supply chain issues come up in an Avast backdoor. Awais Rashid from Lancaster University on security being the responsibility of everyone in an organization, not just the IT folks. Mike Kail from Cybric on the DevSecOps trend. Industry notes, and the "Unlucky 13,' presented by Johns Hopkins.  Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. Recorded Future's user conference RFUN 2017 comes to Washington, D.C. , October 4th and 5th, 2017, bringing together the people who put the act in actionable intelligence. If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we note reports that, while Germany will hold elections Sunday, Russian cyber operators seem quiet. Too quiet? Switzerland and Singapore both report sustaining state-sponsored cyber espionage attempts. ISIS howls for its lone wolves to hit soft targets. The Equifax breach news isn't getting any better. Cisco finds a backdoor in an Avast security product. Chris Poulin from Booz Allen Hamilton, our newest industry partner, introduces himself. He leads the Internet of Things security strategy in Booz Allen’s Dark Labs, as well as dabbles in Machine Intelligence. He joins BAH from IBM, where he lead their X-Force research teams and built the first prototype Watson for cybersecurity.OurMine hackers hit Vevo to redress an insult delivered over LinkedIn.  Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. Recorded Future's user conference RFUN 2017 comes to Washington, D.C. , October 4th and 5th, 2017, bringing together the people who put the act in actionable intelligence. If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper. Learn more about your ad choices. Visit megaphone.fm/adchoices

Deepen Desai, senior director of security research and operations at Zscaler, describes research he and his team have been doing since discovered a clever bit of malware they’ve named Cobian RAT. (RAT stands for Remote Access Trojan.) It’s available for free, but contains a back door that allows the original author to access and control the RAT remotely. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear about how Equifax continues to struggle in the quicksand of wayward patching and clumsy incident response. Congress, the FTC, the CFPB, and DoNotPay are all taking an interest. Another unsecured database—this one for sale to political campaigns—is found (Alaska voters are affected). Kaspersky says his company is a bystander that's been hit in the Russo-American political crossfire. The US Navy continues to investigate the USS McCain collision. Justin Harvey from Accenture on what it’s like to be on an incident response team. Luke Beeson from BT on the challenges such a large organization faces protecting themselves and their clients. And Harvard decides Manning won't be a Kennedy School Fellow after all.  Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that DHS tells the US Executive Branch to stop using Kaspersky security software. Kromtech finds ElastiSearch servers hosting point-of-sale malware. BlueBorne bugs buzz billions of boxes. Equifax says that its breach was accomplished via the Apache Struts flaw patched in April. Industry notes include both venture funding and acquisition news. We take a quick look back at the Billington CyberSecurity Summit. Johannes Ulrich with an update on the Mirai botnet. Renato Marinho, Chief Research Officer at Morphus Labs, on a bad Chrome browser extension that can steal banking credentials. And robo-lawyers come to small claims court.  Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. We read Recorded Future’s free intel daily, you might find it valuable, too. If you’d like to protect your endpoints against advanced threats, check out Cylance. JHUISI & partner COMPASS Cyber present Cyber Security Conference for Executives on September 19th in Baltimore. Register for the event. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear that North Korea's stealing all the Bitcoins it can find. The Equifax breach continues to spread: countries other than the US are increasingly involved. Patch Tuesday notes. The US Director of National Intelligence addresses the Billington CyberSecurity Summit. Joe Carrigan from JHU on VPN companies collecting private user data. Dr. Richard Ford, Chief Scientist, Forcepoint, on the Equifax breach. And did a Russian lawmaker just cop to the influence ops President Putin has so piously denied?  Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. We read Recorded Future’s free intel daily, you might find it valuable, too. If you’d like to protect your endpoints against advanced threats, check out Cylance. JHUISI & partner COMPASS Cyber present Cyber Security Conference for Executives on September 19th in Baltimore. Register for the event. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast, we hear about how Equifax has attracted more attention from plaintiffs, AGs, and Congress. Everyone else is on heightened alert for fraud and identity theft. MongoDB says users of its database process were not assigning passwords to administrative accounts. A Bluetooth-based attack vector, "BlueBorne," is described. Syringe pumps are found to be hackable. Bots serve more effective social media clickbait than human operators can. Robert M. Lee from Dragos on deterrence.  Myke Cole, cyber security analyst and fantasy writer discussing the importance of empathy when considering your adversaries. And Roman Seleznev gets 27 years after he cops a plea to hacking. Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. We read Recorded Future’s free intel daily, you might find it valuable, too. If you’d like to protect your endpoints against advanced threats, check out Cylance. JHUISI & partner COMPASS Cyber present Cyber Security Conference for Executives on September 19th in Baltimore. Register for the event. Learn more about your ad choices. Visit megaphone.fm/adchoices

Today's podcast features all things Equifax, as the credit bureau deals with its breach (and the lawyers and Wall Street wind up to deal with the credit bureau). The Chaos Computer Club says it's found major flaws in German election software. Moscow seems to have done a lot of catphishing in social media during the last US campaign season. Best Buy boots Kaspersky security products from its big box stores. Dale Drew from Level 3 Communications with some sobering statistics on attack trends. And a Cracka with Attitude gets five years in Club Fed.   Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. We read Recorded Future’s free intel daily, you might find it valuable, too. If you’d like to protect your endpoints against advanced threats, check out Cylance. JHUISI & partner COMPASS Cyber present Cyber Security Conference for Executives on September 19th in Baltimore. Register for the event. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's podcast we hear that credit bureau Equifax had disclosed a massive data breach it discovered on July 29th. Does that mean they're about a month delinquent? WikiLeaks weekly Vault7 dump departs from past practice with respect to content. The ShadowBrokers are back, and offering a twice monthly twofer. Emily Wilson from Terbium Labs with her thoughts on the encryption debate. Alexander Klimburg, author of The Darkening Web. And Intelligence Community leaders agree on at least three things: they need a better security clearance process, they need Section 702, and nowadays all intelligence involves cyber intelligence. Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. To learn about combining threat intelligence, analytics, and orchestration, check out ThreatConnect’s webinar. If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper. JHUISI & partner COMPASS Cyber present Cyber Security Conference for Executives on September 19th in Baltimore. Register for the event. Learn more about your ad choices. Visit megaphone.fm/adchoices