podcast cover
Software Engineering

The CyberWire - Your cyber security news connection.



More signal, less noise—we distill the day’s critical cyber security news into a concise daily briefing.

Looking for recently uploaded episodes
Web hosts fix account takeover issues. Passenger Name Record exposure proof-of-concept. Swatting isn’t funny. Chinese manufacturers and suspicions of espinonage.

19:43 | Jan 15th

In today’s podcast, we hear that a bug hunter has found and responsibly disclosed issues in web hosts. Compromising Passenger Name Records in airline reservations. Business email compromise seems on the rise, and it’s also growing a bit more interact...Show More

Polish espionage case. Ryuk tactics, and some thoughts on its attribution. Access-control system zero-days. Lawsuit may bring clarity to cyber insurance war exclusion clauses.

18:58 | Jan 14th

In today’s podcast, we hear that Huawei has fired the sales manager arrested for espionage in Poland, and says that if he was spying, he was freelancing. Ryuk ransomware now looks more like a criminal than a state-sponsored operation. And its “big-ga...Show More

Magecart payment card theft analysis — Research Saturday

29:01 | Jan 12th

Researchers at RiskIQ have been tracking a series of web-based credit card skimmers known as Magecart. We take a closer look at attacks on Ticketmaster, British Airways, NewEgg and Shopper Approved payment card pages.  Yonathan Klijnsma is lead of th...Show More

Iran linked to DNS hijacking campaign. Smart doorbells not smart enough about security. Fuze cards are convenient for crooks, too. Huawei espionage arrest in Poland. Russian sympathy for NSA.

22:05 | Jan 11th

In today’s podcast, we hear that FireEye has called out Iran “with moderate confidence” for a long-running DNS-hijacking campaign. Smart doorbells may not be smart enough for their users’ comfort, if reports of video sharing are to be credited. Crook...Show More

TA505’s new tools. ISIS turns to emerging chat apps. Reddit asks for password resets. The EU’s right to be forgotten gets some court-imposed limits. The tweets Kaspersky flagged to NSA.

19:28 | Jan 10th

In today’s podcast, we hear that Proofpoint researchers are tracking the latest developments from the unusually diligent cyber criminals fo TA505. ISIS turns to newer, less closely monitored and moderated apps as it’s pushed out of larger social netw...Show More

ICEPick-3PC in the wild. Influence ops warning in Israel. Hackerangriff and a lone hacktivist. OXO and Magecart. The Dark Overlord wants you. Oversharing. Internet autarky. Kaspersky helped NSA?

19:26 | Jan 9th

In today’s podcast, we hear that ICEPick-3PC is out in the wild and scooping up Android IP addresses. Shin Bet warns of influence operations threatening Israel’s April election—much predictable yelling and finger-pointing ensues. German authorities a...Show More

German police have a suspect in #hackerangriff. Cyber espionage awareness campaign. Cyber cold war in the offing? US political operators learn from Russian trolls. WikiLeaks on the record.

19:50 | Jan 8th

In today’s podcast, an arrest has been made in #hackerangriff: a student in the German state of Hessen. The US begins a campaign to heighten businesses’ awareness of cyber espionage. Observers see a coming “cyber cold war,” with China on one side and...Show More

German doxing incident remains under investigation. Marriott breach update. Dark Overlord watch. Can cryptocurrency become less burdensome in terms of energy consumption?

20:01 | Jan 7th

In today’s podcast, we hear that investigation into the doxing campaign German political leaders suffered continues, and the Interior Minister promises a transparent inquiry. Attribution remains unsettled, but a lot of people are looking toward Russi...Show More

NOKKI, Reaper and DOGCALL target Russians and Cambodians — Research Saturday

14:28 | Jan 5th

Researchers from Unit 42 at Palo Alto Networks have discovered an interesting relationship between the NOKKI and DOGCALL malware families, as well as a new RAT being used to deploy the malware. Jen Miller-Osborn is Deputy Director of Threat Intellige...Show More

Doxing in Germany. How Lojax works. Spyware found in apps downloaded from Google Play. ISIS hijacks dormant Twitter accounts. Update on Moscow spy case. Chromecast hacking endgame.

25:03 | Jan 4th

In today’s podcast, we hear that German politicians, celebrities, and journalists have been doxed by parties unknown. ESET describes the workings of Lojax malware. Google ejects spyware-infested apps from the Play Store. ISIS returns online to inspir...Show More

2019’s first noteworthy breach. Update on the Tribune Publishing hack. reCAPTCHA defeated in proof-of-concept. Dark Overlord should avail itself of the right to remain silent.

19:39 | Jan 3rd

In today’s podcast, we hear that prize for first big breach of 2019 goes to Australia, but the year is young. Ryuk “artisanal” malware implicated in newspaper print-plant hacks. reCAPTCHA gets captchu’d, again. The Dark Overlord teases some pretty du...Show More

Stop the presses—the presses were stopped by ransomware. Video security system found vulnerable to oversharing. Changes in US DoD leadership. An arrest in Moscow, a court ruling in Baltimore. 

19:56 | Jan 2nd

In today’s podcast, we hear that US newspapers sustained a major cyberattack—possibly ransomware—over the weekend that disrupted printing. The attack is said to have originated overseas, but attribution so far is preliminary, murky, and circumstantia...Show More

Apple Device Enrollment Program vulnerabilities explored — Research Saturday

17:24 | Dec 22nd, 2018

Researchers at Duo Security have been looking into Apple's Device Enrollment Program (DEM) and have discovered vulnerabilities that could expose users of the service to potential issues from social engineering and rogue devices. James Barclay is Seni...Show More

Operation Cloudhopper and industrial espionage. Anonymous social network Blind server left exposed. Reputation jacking. Alexa shares too much, by accident. Hitman scam is back.

29:26 | Dec 21st, 2018

In today’s podcast, we hear that the Five Eyes have had quite enough of Stone Panda’s Cloudhopping, thank you very much, and they want Beijing to put a stop to it. Beijing says it’s all slander, and that the Yankees are probably just as bad. Blind tu...Show More

003 Risk and regulation in the financial sector — CyberWire X

29:09 | Dec 21st, 2018

In the third episode of our four-part series, called “Ground Truth or Consequences: the challenges and opportunities of regulation in cyberspace,” we take at risk and regulation in the financial sector, specifically how it intersects with cyber secur...Show More

US indicts two Stone Panda operators amid ongoing international concern over Chinese IP theft. Suspicious customer support traffic on Twitter. Emergency IE patch. Influence experiment.

20:19 | Dec 20th, 2018

In today’s podcast, we hear that the US has indicted two hackers working for China’s Ministry of State Security. US and allies are said to be planning a joint response to China’s industrial espionage. Twitter sees suspicious customer support traffic....Show More

Suspicion of Chinese hardware manufacturers continues. EU diplomatic cables leaked. Hiding out by dumbing down. Facebook data-sharing. NASA PII exposed. Parrot uses Alexa to advantage.

19:57 | Dec 19th, 2018

In today’s podcast we hear of more international skittishness about Chinese hardware manufacturers. Information operations in Taiwan’s elections. EU diplomatic cables hacked, rehacked, and published. Dumbing down cyber craft as a form of misdirection...Show More

Shamoon 3 and Charming Kitten. Czech CERT issues warning concerning Huawei, ZTE. Influence ops and a Facebook boycott. PewDiePie’s followers versus the Wall Street Journal.

19:54 | Dec 18th, 2018

In today’s podcast, we hear that Shamoon 3 and the renewed activity of Charming Kitty strike observers as the long-expected Iranian cyber retaliation for reimposition of sanctions. The Czech CERT says Huawei and ZTE both represent a threat. Huawei in...Show More

Huawei and the Five Eyes. Report on Russian trolling finds fluency in American. Boomstortion scammers turn to new threats. PewDiePie followers hack printers, again.

15:07 | Dec 17th, 2018

In today’s podcast, we hear that the Five Eyes agreed to contain Huawei’s potential for espionage. Huawei and ZTE both continue their charm offensive to convince international customers it’s safe to use their gear. Senate commissioned report on Russi...Show More

The Sony hack and the perils of attribution — Research Saturday

20:14 | Dec 15th, 2018

Researchers at Risk Based Security took a detailed look back at the 2014 Sony hack, comparing analysis that occurred while the facts were still unfolding with what we know, today. There are interesting lessons to be learned, especially when it comes ...Show More

False flags and real flags. ISIS claims the Strasbourg killer as one of its soldiers. A bogus bomb threat circulates by email.

25:02 | Dec 14th, 2018

In today’s podcast, we hear about false flag cyberattacks that mimic state actors, especially Chinese state actors. Chinese intelligence services are prospecting US Navy contractors. Russia’s Fancy Bear continues its worldwide phishing campaign. ISIS...Show More

Shamoon variant implicated in Saipem hack. Charming Kitten reappears. Sino-American tension over trade and industrial espionage.

20:36 | Dec 13th, 2018

In today’s podcast we hear that the Saipem hack looks like a new Shamoon variant. Charming Kitten started prowling through relevant places after the Iran sanctions became more serious. US authorities denounce Chinese espionage, especially industrial ...Show More

Operation Sharpshooter. Meng makes bail. Sino-American cyber tensions. Leadership crises in the UK and France. Congress doesn’t lay a glove on Google. 2018’s bad password practices.

20:11 | Dec 12th, 2018

In today’s podcast, we hear some of McAfee’s description of Operation Sharpshooter, an ambitious cyber reconnaissance campaign. Huawei’s CFO Meng makes bail in Vancouver, and China reacts sharply to the arrest. The US is said to be preparing sanction...Show More

Audit finds no Chinese spy chips on motherboards. Huawei CFO hearings continue in Vancouver. Oilfield services firm’s servers attacked. Spyware and adware. Congressional hearings, reports.

19:54 | Dec 11th, 2018

Audit finds no “Chinese spy chips” on Supermicro motherboards. Huawei CFO Meng’s hearing continues. Oil services firm’s servers attacked. Seedworm shows some new tricks. Secure instant messaging apps may be less secure than hoped. A new adware strain...Show More

A bail hearing in Vancouver. The prospect of indictments in IP theft cases. Kubernetes vulnerabilities. Russia and Ukraine swap hacks? An advance fee scam asks for help getting out of jail.

19:57 | Dec 10th, 2018

In today’s podcast, we hear that Huawei’s CFO awaits her immediate fate in a Vancouver detention facility, where she faces possible extradition to the US on a sanctions-violation beef. Huawei itself receives hostile scrutiny from the Five Eyes, the E...Show More

Operation Red Signature targets South Korean supply chain — Research Saturday

23:54 | Dec 8th, 2018

Researchers at Trend Micro uncovered a supply chain attack targeting organizations in South Korea. With the goal of information theft, attackers compromised the update server of a third party support provider, resulting in the installation of a RAT, ...Show More

Huawei legal and security updates. A shift to personalized spam in attacks on retailers. “Hollywood hacks” in Eastern European banks.

25:23 | Dec 7th, 2018

In today’s podcast we hear that Huawei’s CFO remains in Canadian custody, perhaps facing extradition to the US. All Five Eyes have now expressed strong reservations about Huawei on security grounds. They’ve been joined in this by Japan and the Europe...Show More

Huawei CFO arrested in Canada, faces extradition to US. Anonymous claims that Chinese intelligence hacked Marriott. Russian hospital phished. SamSam indictments, warnings. Facebook agonistes.

19:56 | Dec 6th, 2018

In today’s podcast, we hear that Huawei’s CFO was arrested in Vancouver on a US sanctions beef. Anonymous sources tell Reuters Chinese intelligence was behind the Marriott hack. A Flash zero-day is used in an attack against a Russian hospital. SamSam...Show More

DDoS and BEC risks rising. Ukraine says it stopped Russian cyber campaign. EU looks to stopping disinformation. NRCC email compromise. Facebook emails released by Parliament.

20:01 | Dec 5th, 2018

In today’s podcast, we hear that CoAp-based DDoS attacks are on the rise. A Nigerian gang has done some industrial-scale work on business email compromise. Ukraine says it stopped a major Russian cyber attack. The EU looks toward its May elections an...Show More

Fancy Bear in Czech government systems. Watering hole attacks. Quora breached. Marriott breach follow-up. Kubernetes privilege escalation flaw. Scams kicked out of Apple’s App Store.

20:18 | Dec 4th, 2018

In today’s podcast we hear how Fancy Bears and free-range catphish have been disporting themselves in the Czech Republic. China reported to have used watering hole attacks to gain entry into Australian institutions. Quora suffers a data breach. Marri...Show More

US Defense Department and UK’s MI6 aren’t buying Russian honey over cyber operations. Iranian influence operations. Marriott breach fallout. Court upholds Kaspersky ban. Ransom and sanctions.

14:59 | Dec 3rd, 2018

In today’s podcast, we hear that senior US and UK officials have harsh words for Russian actions in cyberspace even as President Putin undertakes a charm offensive at the G20 meetings. (In fairness to the US and UK officials, it’s a pretty dour charm...Show More

Settling in with GDPR — CyberWire-X

29:55 | Dec 3rd, 2018

In the second episode of our new, four-part series, called “Ground Truth or Consequences: the challenges and opportunities of regulation in cyberspace,” we take a look at the impact GDPR has had since it's implementation in May 2018. Joining us are E...Show More

Getting an education on Cobalt Dickens — Research Saturday

12:24 | Dec 1st, 2018

Researchers from Secureworks' Counter Threat Unit have been tracking a threat group spoofing login pages for universities. Evidence suggests the Iranian group Cobalt Dickens is likely responsible. Allison Wikoff is a senior researcher at Secureworks,...Show More

Marriott suffers data breach. Dunkin Donuts credential stuffing attack. Urban Massage database exposed, unsecured. Fancy Bear paws at German government targets. SamSam cost.

24:11 | Nov 30th, 2018

In today’s podcast we hear about Marriott’s big breach. And Dunkin’ Donuts big breach. And, and, Urban Massage’s embarrassing exposure. Lessons are drawn about third-party risk, password reuse, and the importance of being less creepy to the people yo...Show More

Reconnaissance and degradation. Hybrid war in Eastern Europe and Southwest Asia. Eternal Silence infects unpatched systems. Dell customers reset passwords. SamSam indictments.

20:04 | Nov 29th, 2018

In today’s podcast, we hear warnings of Russian recon “degradation” of the North American power grid. Information operations in Russia’s hybrid war against Ukraine. Factions in Yemen’s civil war contest cyberspace (and fiber optic cables). Eternal Si...Show More

DNSpionage. Cobalt Dickens’ unwelcome return. iOS spyware may be more widespread than believed. Governments move toward content moderation. Small towns, big problems.

20:35 | Nov 28th, 2018

In today’s podcast, we hear that DNSpionage espionage tools are hitting Middle Eastern targets. Iran’s Cobalt Dickens returns to pester universities. Lawful intercept vendors receive more scrutiny, and that scrutiny suggests iOS might not have escape...Show More

Rotexy Trojan gets worse. Bad apps in Google Play. Backdoor for crypto-wallets. Facebook goes before Parliament. Pegasus spyware versus journalists. Russian hybrid war. Too-smart devices.

20:07 | Nov 27th, 2018

In today’s podcast we hear that the Rotexy Trojan has evolved into phishing and ransomware. Bad apps found in Google Play. An open source library used in cryptocurrency wallets had a wide-open backdoor. Facebook goes before Parliament, which seems in...Show More

A quick look at the state of spam. Phishing for power grids. Industrial espionage. Free and command economy versions of social control. Lessons from JTF Ares.

18:20 | Nov 26th, 2018

In today’s podcast we hear that Emotet ramped up for Black Friday—beware of the spam. Social engineering and the power grid. Industrial espionage resurfaces as an issue in Sino-American relations. Huawei remains unforgiven in Washington. China’s emer...Show More

Perils of paycards, as Cyber Weekend approacheth. Tessa88 is identified. Many more people than before have now heard of High Tail Hall.

19:48 | Nov 21st, 2018

In today’s podcast, we hear that Amazon has offered customers a modified, limited hangout on some kind of data exposure. The online retailer says everything’s OK, but it hasn’t said much else. Facebook is back online—yesterday’s outage attributed to ...Show More

Nation-state cyber campaigns: North Korean, Iranian, Russian, and unknown. Social media outages.

19:56 | Nov 20th, 2018

In today’s podcast, we hear about nations behaving badly (but from the point-of-view of cyberespionage they’re doing, unfortunately, well). The Lazarus Group is back robbing banks in Asia and Latin America. Russia’s Hades Group, known for Olympic Des...Show More

CISA is now officially an agency. Cozy Bear is back. Gmail spoofing issue opens social engineering possibilities. Speculation about “cyber 9/11s.”

16:45 | Nov 19th, 2018

In today’s podcast, we hear that CISA is now an agency within DHS. Cozy Bear is back, and spearphishing in American civilian waters. Ukrainian authorities say they’ve detected and blocked a malware campaign that appears targeted against former Soviet...Show More

Doubling down on Cobalt Group activity — Research Saturday

18:55 | Nov 17th, 2018

The NETSCOUT Arbor ASERT team has been tracking Cobalt Group campaigns targeting financial institutions. Richard Hummel is manager of threat intelligence with ASERT, and he joins us to share his team's findings.  The research can be found here: http...Show More

GPS jamming. Bank phishing. Exposed server. Censorship, East, West, and South. Is there a sealed indictment of Julian Assange?

22:36 | Nov 16th, 2018

In today’s podcast, we ask a question: when does a military exercise become hybrid warfare? Answer: when it affects civilian safety. Like with GPS jamming. Russian banks are sustaining a major, and well-crafted, phishing campaign. An unprotected serv...Show More

RATs and the long game. New ransomware, Learning from other espionage services. Advance-fee scams continue to infest Twitter. Fancy Bear says it can’t be sued.

18:19 | Nov 15th, 2018

In today’s podcast, we hear that tRAT indicates a criminal shift to a longer game. Chinese industrial espionage copies Russian services’ tricks. Dharma ransomware evolves. Bitcoin’s price may be tanking, but Bitcoin-based advance-fee scams are still ...Show More

When BGP hijacking isn’t hijacking at all. The White Company’s Operation Shaheen. SWAuTistic pleads guilty. NPPD will become CISA.

20:00 | Nov 14th, 2018

In today’s podcast, we hear that Monday’s BGP hijacking wasn’t hijacking at all, but rather a fumbled upgrade in an ISP. The White Company’s Operation Shaheen is a nation-state espionage campaign directed against Pakistan’s military. Sleazy gamer and...Show More

GPS jamming. Jihadist account hijacking. ISIS on Wickr? Magecart exposed. Cathay Pacific breach. Paris Call for Trust and Security in Cyberspace.

19:59 | Nov 13th, 2018

In today’s podcast, we hear that Finland is investigating  GPS signal jamming during NATO exercises. Russia’s the usual suspect, as usual Russia feels picked on and ill-used. Jihadists seem to be feeling the effects of social media screening, and may...Show More

Regulation in the U.S. — CyberWire X

28:18 | Nov 13th, 2018

In this premier episode of our new, four-part series, called “Ground Truth or Consequences: the challenges and opportunities of regulation in cyberspace,” we take a closer look at cyber security regulation in the U.S.  Joining us are Dr. Christopher ...Show More

Establishing international norms in cyberspace — Research Saturday

20:29 | Nov 10th, 2018

Joseph Nye is former dean of the Harvard Kennedy School of Government. He served as Chair of the National Intelligence Council, and as Assistant Secretary of Defense for International Security Affairs under President Clinton. He serves as a Commissio...Show More

Critical infrastructure resiliency. Lazarus Group’s FASTcash robberies. China’s ongoing industrial espionage. Trolls aside, Russian observers think the US elections were A-OK.

24:52 | Nov 9th, 2018

In today’s podcast we hear that Britain’s NCSC has warned, again, that the UK is likely to face a Category One cyberattack within the next few years. In the US, Government-industry-academic partnerships work toward making critical infrastructure more...Show More

Post hack ergo propter hack: DHS calls Russian claims “noisy garbage.” Responsible and irresponsible disclosure. FCC wants an end to robocalls. USPS Informed Delivery abused. Post Canada—whoa.

18:53 | Nov 8th, 2018

In today’s podcast, we hear that, while election hacking seems not have happened in the US this week, that hasn’t stopped the IRA and its mouthpieces in Sputnik, RT, and elsewhere from loudly claiming it has. Election influence operations continue lo...Show More

A quick look back at the US midterms, and the cyber Pearl Harbor that wasn’t. Update Apache Struts. Smishing with the Play Store. Another advance fee scam.

20:01 | Nov 7th, 2018

In today’s podcast we take a quick look back at the US midterm elections, and at what did and didn’t happen. Is Iran looking at waging cyber-enabled economic warfare? If you use Apache Struts, update now to avoid remote code execution. A spyware-deli...Show More

Iran complains, threatens, and spies. Election Day cybersecurity notes.

19:47 | Nov 6th, 2018

In today's podcast, we hear that Iran has accused Israel of a second Stuxnet, claiming the attack was thwarted, and threatening retaliation. Nor is Tehran neglecting domestic surveillance of its own: Persian Stalker is involved with some pretty suspi...Show More

US midterm election cybersecurity updates. PortSmash side-channel proof-of-concept. Botnets compete to cryptojack Android devices. And will the GRU get its "R" back?

16:01 | Nov 5th, 2018

In today's podcast, we note that US midterm elections end tomorrow evening, with officials on high alert for election hacking. Russia sends poll watcher to the US to make sure democratic norms are observed. Side-channel attack proof-of-concept announ...Show More

Election protection — Research Saturday

22:22 | Nov 3rd, 2018

Symantec technical director Vikram Thakur returns to share his team's look at threat groups APT 28 and APT 29, the influence they had on the 2016 election, and how the cyber security industry has responded in preparation for the 2018 midterms. The o...Show More

Cyber Sitzkrieg. Waiting for the Bears to show up (and ready to set the Dogs on them). Facebook private messages for sale.

25:02 | Nov 2nd, 2018

In today's podcast, we hear that people are asking if that lull in Chinese cyber operations was just a strategic pause. Huawei's on a charm offensive. People are seeing plenty of Russian trolling, but election hacking proper continues to be quiet. An...Show More

Wi-Fi access point zero-day reported. US Cyber Command on the offensive. Transparency is tougher than it looks. GandCrab not paying out as much—good. PIPEDA takes effect. Soulmate spyware.

20:51 | Nov 1st, 2018

In today's podcast, we hear that Bleeding Bit flaws leave Wi-Fi access points open to war drivers and other malefactors within a hundred meters of your equipment. US Cyber Command continues its attempts to dissuade foreign influence operations agains...Show More

Influence operations, and advice on recognizing them. Ransomware updates. US indicts Chinese nationals for industrial espionage. An object lesson from the US Geological Survey.

20:00 | Oct 31st, 2018

In today's podcast, we hear about influence operations in social media (again): Americans remain more vulnerable (because they lack a cultural experience of state propaganda) than Eastern Europeans. Rules of thumb for recognizing the good, the bad, a...Show More

The Malware Mash

3:07 | Oct 31st, 2018

Enjoy this rerun of our Halloween musical parody, The Malware Mash!

This cybersecurity stuff is tougher than it looks, US state election officials learn. Saudi surveillance. Espionage in Iran. New attack varieties. Chinese hardware concerns. US sanctions chipmaker.

19:46 | Oct 30th, 2018

In today's podcast, we hear that installing cybersecurity tools to protect elections is tougher than it looks. Information operations continue to pose the most prominent foreign threat to US midterm elections, although there are concerns about voting...Show More

Facebook takes down Iranian-run accounts. Criminal investigations look online. IBM to buy Red Hat. Satori is still with us. British Airways and Magecart.

16:49 | Oct 29th, 2018

Facebook takes down accounts linked to Iran for coordinated inauthenticity. Iranian information operations appear to be learning from the Russian approach: be divisive, be negative, and be opportunistic. Investigations of pipe-bombs and the Pittsburg...Show More

Faxploitation — Research Saturday

14:34 | Oct 27th, 2018

Researchers at security firm Check Point Software Technologies explored the possibility of exploiting old, complex fax protocols to gain access to modern multifunction office printers, and then pivot to connected networks.  Yaniv Balmas is head of se...Show More

Airline breach bigger than thought. Securing Mexican financial institutions. Demonbot vs. Hadoop. New decryptor out for GandCrab ransomware. Civilian Cybersecurity Corps?

22:48 | Oct 26th, 2018

In today's podcast, we hear that British Airways' breach has gotten bigger. Mexico's financial institutions say they've contained the anomalies in interbank transfer systems. "Demonbot" is infesting poorly secured Hadoop servers. Google receives crit...Show More

Influence operations, da. Direct hacking? Maybe nyet. Chalubo botnet borrows old tricks. Financial sector alert in Mexico. Airline breach disclosed. Lawsuits over privacy. ICS Security notes.

18:26 | Oct 25th, 2018

In today's podcast, we hear that the US Department of Homeland Security sees lower-than-expected rates of Russian election system probing even as Russian information operations continue. Sophos warns of the emergence of the Linux-based "Chalubo" botn...Show More

Trolling the trolls. Triton/Trisis attributed to Russia. Asset management in ICS. Threat intelligence drives threat evolution. Shadow web-apps. Apple likes GDPR, hates the Data-Industrial Complex.

20:08 | Oct 24th, 2018

In today's podcast, we hear that US Cyber Command has been reaching out to tell the trolls Uncle Sam cares. Industrial control system security suffers from poor asset management practices. FireEye looks at the Triton malware and says the Russians did...Show More

Influence operations in Brazil and the US. Vulnerabilities disclosed in commonly used software. Healthcare.gov breach. Industrial control system cybersecurity.

17:59 | Oct 23rd, 2018

In today's podcast we wonder WhatsApp with Brazil's runoff election? Hacktivism hits Davos-in-the-Desert. Kraken Cryptor ransomware gets an upgrade. Remote code execution vulnerabilities disclosed in two classes of systems. Healthcare.gov breach unde...Show More

Making the business case for privacy. — Special Edition

21:09 | Oct 23rd, 2018

In this cyberwire special edition, my guest is Cisco’s Chief Privacy Officer Michelle Dennedy. We discuss what exactly a chief privacy officer does at a global organization like Cisco, why she thinks we’re in the early stages of a privacy revolution,...Show More

Russian indicted in US midterm election influence conspiracy case. Styles and goals of info ops. Cyber deterrence. DPRK petty crime. Alt-coin scammer. Spy chip story remains unconfirmed, unretracted.

12:59 | Oct 22nd, 2018

In today's podcast we hear that the US has indicted a Russian accountant for conspiring to influence US midterm elections. Different nations have different styles of information operations because they have different goals. Technology shifts, but und...Show More

Stormy weather in the Office 365 cloud. — Research Saturday

21:41 | Oct 20th, 2018

Security firm Lastline recently took a close look at threats to the Office 365 cloud environment, taking advantage of the insights they gain protecting their clients.  Andy Norton is director of threat intelligence at Lastline, and he joins us to des...Show More

Chinese supply-chain hack story gets vanishingly thin. Twitter downs pro-Saudi bots. SEO poisoning. OceanLotus evolves. Ransomware notes.

23:42 | Oct 19th, 2018

In today's podcast, we hear that no one but Bloomberg seems to retain much faith in Bloomberg's story about Chinese supply-chain seeding attacks. Twitter blocks bots retailing coordinated Saudi talking points about the disappearance of journalist Jam...Show More

Looks like Comment Crew, but probably isn't. Facebook breached by spammers. Twitter's big troll trove. Router issues. Who dunnit to YouTube?

19:51 | Oct 18th, 2018

In today's podcast, we hear that a campaign reuses some of the old Comment Crew code, but McAfee researchers think it's not the same old Crew. Facebook thinks its big breach was the work of spammers, not spies. Twitter releases a trove of trolling an...Show More

Meddling with the midterms — Special Edition

21:07 | Oct 17th, 2018

Kim Zetter is longtime cybersecurity and national security reporter for the New York Times, and author of the book Countdown to Zero Day. She joins us to discuss her recent feature for the New York Times Magazine,  titled The Crisis of Election Secur...Show More

Two ways of hacking the vote. BlackEnergy is active in Poland and Ukraine. ISIS and info ops. Hurricane-stressed utility further stressed by ransomware. Silicon Valley governance.

19:32 | Oct 17th, 2018

In today's podcast, we hear about election security, and two ways of hacking the vote. DHS points out that the states are getting better about sharing election security information. ISIS sets the template for terrorist information operations. BlackEn...Show More

Facebook in Myanmar. Supply chain seeding attack update. Election hacking. NCSC reports. EU prepares sanctions (Russia feels ill-used).

18:06 | Oct 16th, 2018

In today's podcast we hear about social networking for genocide in Myanmar: Facebook takes down the Army's inauthentic and inflammatory pages. The supply chain seeding attack from China remains dubious. Probes of US election infrastructure, and black...Show More

Facebook breach details. Privacy issues and an image problem for advocates. Supply-chain-attack skepticism. Info ops, bikers, and deniable paramilitaries.

19:41 | Oct 15th, 2018

In today's podcast, we heat that Facebook has found that fewer users than feared were affected by its breach, but that in this case "fewer" still means "a lot"—nearly thirty-million of them. Do privacy advocates have an image problem? Supply chain se...Show More

Driving GPS manipulation — Research Saturday

27:29 | Oct 13th, 2018

Researchers at Virginia Tech investigate possible ways to manipulate GPS signals and send drivers to specific locations without their knowledge.  Gang Wang is Assistant Professor of Computer Science at Virginia Tech, and he joins us to share his tea...Show More

Busy Bears, again. Mixing IT and OT is a risky business. New Android Trojan. Supply chain seeding attack updates. Facebook purges more "inauthentic" accounts. Data privacy. Cyber sanctions.

24:59 | Oct 12th, 2018

In today's podcast we hear that Ukraine says it's under cyberattack, again. ESET connects Telebots and BlackEnergy. Port hacks suggest risks of mixing IT and OT. Talos finds a new Android Trojan. Skepticism over Chinese supply chain seeding attack re...Show More

Seeding-attack skepticism. MSS officer arrested, will face industrial espionage charges in the US. Russia says again that it didn't hack the OPCW.

20:20 | Oct 11th, 2018

In today's podcast, we hear that the report of Chinese supply chain seeding attacks comes in for more skepticism: NSA never heard of it, and Congress would like some answers. The US has an officer of China's MSS in front of a Cincinnati court on char...Show More

Updates on supply-chain seeding reports. DDoS in Ukraine. GAO reports on US weapon system cyber vulnerabilities. Bugs exploited by Mirai persist. Patch note and toe dialing.

20:49 | Oct 10th, 2018

In today's podcast we hear that there's no consensus, yet, on Bloomberg's report of Chinese seeding attacks on the IT hardware supply chain. Ukrainian fiscal authority sustains DDoS attack. GAO reports on cyber vulnerabilities in US Defense Departmen...Show More

Update on supply chain seeding reports. GRU comes in for more criticism. UK prepares cyber retaliatory capability. Power grid resilience. Panda Banker. Google's good and bad news.

19:51 | Oct 9th, 2018

In today's podcast we hear that Bloomberg's report of a Chinese seeding attack on the IT hardware supply chain comes in for skepticism, but Bloomberg stands by—and adds to—its reporting. Everyone is seeing Russia's GRU everywhere, and Russia feels ag...Show More

Cryptojacking criminal capers continue — Research Saturday

22:42 | Oct 6th, 2018

Researchers at Palo Alto Networks' Unit 42 have been tracking the rise of cryptocurrency mining operations run by criminal groups around the world. Ryan Olson is V.P. of threat intelligence at Palo Alto Networks, and he joins us to share what they've...Show More

Reports of Chinese seeding attacks on the supply chain. Five Eyes and other allies push back at Russia's GRU. NPPD to become Cybersecurity and Infrastructure Security Agency

23:54 | Oct 5th, 2018

In today's podcast, we hear more on the possibility that China's Peoples Liberation Army engaged in seeding the supply chain with malicious chips. Companies deny it, but Bloomberg stands by its story. All Five Eyes denounce Russia's GRU for hacking. ...Show More

Bloomberg reports a seeding attack on the supply chain by Chinese intelligence services. GRU is named, shamed, indicted, and expelled.

19:46 | Oct 4th, 2018

In today's podcast, we hear that Bloomberg reports that a Chinese hardware hack has infested sensitive US supply chains. Dutch authorities expel GRU officers for attempting to hack the international body investigating the nerve agent attacks in Salis...Show More

Facebook breach updates. Bogus Zoho Office Suite. Brazil's big botnet. Vulnerable router firmware. Patch news. A DGSI officer arrested for dark web collusion with the mob. Bad Fortnite cheats.

19:54 | Oct 3rd, 2018

In today's podcast, we hear that Facebook continues to investigate its breach, and says it's not found any evidence of apps compromised through Facebook Login. Irish authorities open a GDPR investigation of Facebook. Bogus offers of Zoho Office Suite...Show More

RDP exploitation. More on the Facebook breach. Google and content moderation. Reaper Group stayed busy even after US-DPRK summit. Spyware in Canada. Hacking an airport.

19:58 | Oct 2nd, 2018

In today's podcast we hear that the US FBI and DHS warn that RDP exploitation is up. Facebook's breach exhibits the tension between swift disclosure and sound incident response. A look at slow-rolled disclosure. Google draws criticism for some conten...Show More

Facebook agonistes. Election meddling. Livestreamed hack gets cancelled.

19:22 | Oct 1st, 2018

In today's podcast we hear an update on Facebook's data breach, including EU inquiries, Congressional attention, FTC scrutiny, and user unhappiness. The threat of Chinese election meddling seems to be a matter of concern in the US Intelligence Commit...Show More

Sophisticated FIN7 criminal group hits payment card data — Research Saturday.

31:33 | Sep 29th, 2018

Researchers at security firm FireEye have been tracking malicious actors they call FIN7, a group which targets payment card data in the hospitality industry and elsewhere. They make use of targeted phishing campaigns, telephone vishing and even a con...Show More

Facebook discloses a major breach. Botnet brute forcing ransomware. Retail domain typosquatting. ATM wiretapping. Ransomware in San Diego. SEC hits cyber deficiencies. Assange retires?

24:17 | Sep 28th, 2018

In today's podcast, we hear that Facebook has disclosed a cyberattack that affected fifty million users. A botnet is brute-forcing credentials. Cybercriminals show signs of ramping up spoofed retail domains in preparation for holiday shopping. The US...Show More

Fancy Bear, again and again. QRecorder is a banking Trojan. Authentication issues with Apple's Device Enrollment Program. Notes on regulation. Farewell to a code-breaker.

19:04 | Sep 27th, 2018

In today's podcast, we find out that Fancy Bear has its very own rootkit. VPNFilter turns out to do a lot more than previously suspected. One of the Salisbury assassins is identified as a GRU colonel. A voice recorder app is kicked out of Google Play...Show More

Cryptojacking and ransomware news. The black market in zero-days looks like a bear market. Google budges (a little) on Chrome login. Senate hearings on privacy. Political campaign cybersecurity.

17:42 | Sep 26th, 2018

In today's podcast, we hear that cryptojacking apps have reappeared in Google Play. A brewer's experience with ransomware shows that victims needn't be helpless in the face of extortion. A look at the black market finds that zero-day vendors have gro...Show More

Follow-up to terror attack in Iran. UN data exposure. Kodi and cryptojacking. SHEIN retail breach. Atlanta's ransomware remediation. Payroll phishing. Quantum strategy.

18:59 | Sep 25th, 2018

In today's podcast, we hear that Iran has accused Saudi Arabia, UAE, and the US of running Saturday's terror attack "from the shadows." Data exposure at the UN. Kodi platform exploited for cryptojacking. SHEIN retail breach affects more than six mill...Show More

Terror attack in Iran prompts info skirmishing, and perhaps worse to come. JET bug disclosed. ANSSI open-sources OS. Anglo-American response to Russian cyber ops. Russian elections. Scam notes.

16:47 | Sep 24th, 2018

In today's CyberWire, we hear about a terror attack in Iran that has heightened tensions among adversaries: expect a heightened cyber optempo.  A JET vulnerability in Microsoft products is publicly disclosed as Microsoft misses the Zero Day Initiativ...Show More

ICS honeypots attract sophisticated snoops. — Research Saturday

21:20 | Sep 22nd, 2018

Researchers at security firm Cybereason recently set up online honeypots to attract adversaries interested in industrial control system environments. It didn't take long for sophisticated attackers to sniff out the virtual honey and start snuffling a...Show More

US National Cyber Strategy. New sanctions. GCHQ beefs up Russia unit. Cryptocurrency heist. Hacking Senatorial Gmail. Crime and punishment.

25:14 | Sep 21st, 2018

In today's podcast, we hear about the US national cyber security strategy, and developing international norms, calling out bad actors, establishing a credible deterrent, and imposing consequences are important parts of it. The State Department blackl...Show More

Magecart is back. Bad apps booted from Google Play. OilRig taken seriously. Election influence operations. Sending in the National Guard. ICO fines Equifax for last year's breach.

16:12 | Sep 20th, 2018

In today's podcast, we hear that Magecart has hit a Philippine media conglomerate. Bogus (and malicious) financial apps are ejected from Google Play. Gulf states are taking warnings about Iran's OilRig seriously. A cloud hosting service serves up phi...Show More

State Department cybersecurity issues. Iron Group's pseudoransomware. Bristol Airport's deliberate recovery. State of cryptojacking. Facebook offers campaigns help. US cyber strategy. Mirai masters.

19:40 | Sep 19th, 2018

In this podcast, we hear that the US State Department has acknowledged an email breach. The criminal gang Iron Group is hitting targets with data-stealing and data destroying pseudoransomware. Bristol Airport continues its slow recovery from whatever...Show More

Tracking Pegasus. OilRig spearphishing. IP theft from universities. Peekaboo bug in surveillance cameras. WannaMine won't be EternalBlue's last ride. Preventing data abuse.

19:45 | Sep 18th, 2018

In today's podcast, we hear about a Citizen Lab report on the global use of Pegasus lawful intercept tools. OilRig seems to be spearphishing in Bahrain. University IP theft by Iran seems widespread, but it also doesn't look very lucrative. Peekaboo v...Show More

Ransomware and cryptojacking are all the rage. Iran seeks IP, North Korea seeks a quick buck. More on EU content moderation. Alleged Russian hacking of WADA, Spiez Laboratory. Propaganda overreach?

18:30 | Sep 17th, 2018

In today's podcast, we hear about the ransomware that's clogged systems at a UK airport. New variants of ransomware are out and about in the wild. EternalBlue continues to be used to install cryptojackers in vulnerable systems—the campaign is being c...Show More

Android device eavesdropping investigation. — Research Saturday

17:32 | Sep 15th, 2018

A team of researchers from Northeastern University and UC Santa Barbara examined over 17,000 Android apps, and revealed a number of alarming privacy risks.  Elleen Pan and Christo Wilson were members of the research team, and they join us to share wh...Show More

Magecart continues its way. Evil cursor attacks. Seasonal trends in Trojans. More Novichok disinformation. Pyongyand denounces a "smear campaign." Wait and see on pipeline fires.

24:22 | Sep 14th, 2018

In today's podcast we hear that Magecart has achieved another library infestation as Feedify is hit. An evil cursor attack is a variant of a familiar tech support scam. The Ramnit banking Trojan seems to be spiking during the summer, and there are va...Show More

Domestic Kitten spyware. Crypto wallet shenanigans. Firmware issues enable cold boot attacks. BlueBorne bugs are still out and about. Tech support scams. Election security.

19:56 | Sep 13th, 2018

In today's podcast we hear that an Iranian domestic spyware campaign has been reported: it's most interested in ethnic Kurds. A bogus cryptocurrency wallet site is taken down. F-Secure warns of a widespread firmware problem that could be exploited fo...Show More

Executive Order mandates election interference sanctions. British Airways regulatory exposure. Patch Tuesday notes. EU passes copyright law. Russia says no to Novichok. WhatsApp scam.

19:44 | Sep 12th, 2018

In our podcast we hear that a US Executive Order issued today will impose sanctions on foreign actors following a determination that there's been an attempt at election meddling. The Executive Order covers both hacking and propaganda. British Airways...Show More

Trend Micro answers spying allegations. Magecart blamed for British Airways breach. Tor Browser exploit disclosed. Google vs. the right to be forgotten. Accused JPMorgan hacker extradited.

19:48 | Sep 11th, 2018

In today's podcast, we hear that Trend Micro has clarified what was up with allegations it was deploying spyware with its tools—no spyware, but they've changed their products to remove the appearance of impropriety. RiskIQ fingers the Magecart gang a...Show More

Elections and information operations, but not necessarily the elections you expect. Apple purges dodgy security apps. Who are the Silence criminals? BA's breach. Cyber moonshots.

19:30 | Sep 10th, 2018

In today's podcast, we hear about foreign information operations surrounding elections in Israel and Sweden. Domestic information operations surround local elections in Russia. Apple purges questionable security apps from its store. Are the Silence c...Show More

Leafminer espionage digs the Middle East. — Research Saturday

22:23 | Sep 8th, 2018

Researchers at Symantec recently published their findings on an active attack group named Leafminer that's targeting government organizations and businesses in the Middle East region.  Vikram Thakur is a technical director at Symantec, and he joins u...Show More

Russia does the info ops dance. An indictment of a Lazarus Groupie. FOIA shares too much. British Airways breaches. Silence makes some noise. Notes from the Billington Cybersecurity Summit.

24:38 | Sep 7th, 2018

In today's podcast we hear that Russia says it had nothing to do with the Salisbury nerve agent attacks, but no one really seems to be buying the denial. The US indicts a North Korean hacker in matters pertaining to the Lazarus Group. FOIA.gov oversh...Show More

Cyberwar looms between Russia and the UK. Twitter and Facebook complete testimony, but inquiries continue. Unpatched MikroTik routers exploited. OilRig's new tricks.

20:00 | Sep 6th, 2018

In today's podcast, we hear that the Novichok attacks have brought Britain and Russia to the brink of cyberwar. The UK will take its case to the UN Security Council. Twitter and Facebook have completed their testimony on Capitol Hill, but investigati...Show More

Sleeper malware. Hakai botnet spreads. SamSam is still with us. US DNI warns of election threats. Congressional panels interrogate Facebook and Twitter, but not Google.

20:01 | Sep 5th, 2018

In today's podcast, we hear that German security authorities warn about the possibility of sleeper sabotage malware. A botnet to rival Satori, this one called Hakai, continues to spread to new classes of router. SamSam ransomware remains disheartenin...Show More

Tracking Stone Panda to the Tianjin Bureau. Ad-fraud and Tokelau. RansomWarrior decrypted. US Congress to grill Facebook, Google, and Twitter. Celebrity scams.

15:28 | Sep 4th, 2018

In today's podcast, we hear that Intrusion Truth seems to have Stone Panda dead to rights. Chinese intelligence increases targeting of expatriate Uyghurs. Zscaler warns that an ad-fraud campaign is making use of the Tokelau top-level domain. Check Po...Show More

ATM hacks on the rise. — Research Saturday

22:45 | Sep 1st, 2018

Threat researcher Marcelle Lee from LookingGlass Cyber Solutions joins us to share her research on the growing threat of ATM hacks in the U.S.  The research can be found here: https://www.lookingglasscyber.com/blog/atm-hacking-you-dont-have-to-pay-to...Show More

Recruiting spies via LinkedIn. WindShift in the Gulf. GlobeImposter ransomware. Blocking Telegram is harder than it looks. Policy notes from the Five Eyes.

25:12 | Aug 31st, 2018

In today's podcast we hear that the US Intelligence Community says that China is actively trying to recruit spies over LinkedIn. Britain and Germany had earlier issued similar warnings. WindShift espionage group is active in the Gulf. GlobeImposter r...Show More

Twitter bots in Swedish politics. A different approach to influence operations. Hotel guest PII for sale. Medical device vulnerabilities. Charges in the case of the Satori botnet.

17:45 | Aug 30th, 2018

In today's podcast, we hear that Twitter bots have shown up in Sweden's political discourse. Not so much Chinese hacking for influence: Beijing seems to prefer funding sympathetic cultural and research centers. 130 million hotel guests have their PII...Show More

Unpatched Apache Struts installations being exploited in the wild. Windows local privilege escalation flaw. Similarities among spyware. Stalkerware hack. Criminal threats to the grid. Breaches.

20:00 | Aug 29th, 2018

In today's podcast we hear that the Apache Struts vulnerability, patched last week, is being actively exploited by cryptojackers. Microsoft works on a fix for local privilege escalation flaw in Windows. Trend Micro sees similarities among Urpage, Con...Show More

Social media struggle with their social role. Election hacking concerns remain high. Australia's new government shuffles cybersecurity responsibilities.

20:00 | Aug 28th, 2018

In today's podcast, we hear that Twitter has suspended more accounts for "divisive social commentary" and "coordinated manipulation." Facebook blocks accounts belonging to Myanmar leaders over Rohingya persecution. US Senators are unconvinced by clai...Show More

Moscow HUMINT drought? Spying on the Patriarch. Ottoman hacktivism. Iranian information operations. ISIS in cyberspace. RtPOS malware discovered.

17:25 | Aug 27th, 2018

In today's podcast, we discuss reports that suggest US HUMINT collection in Russia has dried up. Russian intelligence services are showing an interest in disrupting a grant of autonomy to the Ukrainian Orthodox Church by the Ecumenical Patriarch. Tur...Show More

Cyber espionage coming from Chinese University. — Research Saturday

26:02 | Aug 25th, 2018

Threat intelligence firm Recorded Future recently published research describing espionage activities originating from servers at a major Chinese university, coinciding with international economic development efforts. Winnona DeSombre and Sanil Chohan...Show More

More action against Iranian influence operations. Tehran's cyberespionage against universities. Counter-value targeting in cyber deterrence. Sino-Australian trade war? Law and order.

24:44 | Aug 24th, 2018

In today's podcast, we hear that Google has put the cats out. Secureworks describes an Iranian cyberespionage campaign targeting universities. That DNC phishing campaign is confirmed to be a false alarm caused by a Michigan misstep, but almost fiftee...Show More

If you're running a red team, let someone know it's a drill. Apache patches Struts. Another exposed AWS bucket. Remcos abused by hackers. DPRK goes after Macs. Dark Tequila runs in Mexico.

19:50 | Aug 23rd, 2018

In today's podcast, we hear that a phishing attempt against the Democratic National Committee turned out to have been a poorly coordinated red-team exercise. Apache patches a remote code execution vulnerability in Struts. Another exposed AWS bucket. ...Show More

Facebook takes down "inauthentic" Russian and Iranian fronts. Twitter blocks Iranian false-flags, and FireEye explains why they think it's Tehran. Triout Android spyware described. Hacking back?

20:00 | Aug 22nd, 2018

In today's podcast we hear that Facebook has taken down more inauthentic pages—some are Russian, but others are Iranian. Twitter blocks Iranian accounts for being bogus. Russia denies, again, any involvement in information operations against the US. ...Show More

Fancy Bear bogus sites taken down. Some in the US Congress think they want hack-back laws. Cyber and sanctions. Operation Red Signature. Doxing Chinese Intelligence. Buggy medical devices.

19:56 | Aug 21st, 2018

In today's podcast, we hear that Microsoft has sprung its bear trap, again, and caught Fancy Bear. This time the targets are more to the right than the left. The US Senate holds hearings on cybersecurity—hacking back is expected to be on the table. T...Show More

Beers with Talos — Live from the RiRa at Black Hat

1:22:45 | Aug 21st, 2018

CyberWire host Dave Bittner joins the crew from Cisco's Talos team on a special live edition of their Beers with Talos podcast from Black Hat.

DarkHotel is back. So is Necurs, and it's distributing a modular malware dropper. Industrial espionage follows international trade. Election meddling. The use and abuse of data.

16:56 | Aug 20th, 2018

In today's podcast, we hear that an evolved DarkHotel campaign is under way. A new malware dropper is out and about thanks to the Necurs botnet. Researchers demonstrate proof-of-concept exploits. Cyber espionage follows trade. Notes on election meddl...Show More

Stealthy ad fraud campaign evades detection. — Research Saturday

19:21 | Aug 18th, 2018

Researchers at Bitdefender have been tracking a bit of complex rootkit malware called Zacinlo that they suspect has been operating virtually undetected for over six years. Bogdan Botezatu is a senior cyber security analyst with Bitdefender, and he de...Show More

Election risks—hacking and influence. Chinese industrial espionage spike. Misconfigured project management. Necurs appears briefly. Bogus Fortnite downloads. What they heard in the banya.

24:42 | Aug 17th, 2018

In today's podcast we run through a brief guide to election risks, and the difference between hacking and influence operations. An Alaskan trade mission prompts a wave of Chinese industrial espionage. Misconfigured project management pages may have e...Show More

Hacking Old Man River. Nation-state cyber conflict: objectives and norms of behavior. Australia's new cyber laws. ATM campaign. Lawsuits, and the Dread Pirate Robert asks for pardon.

19:55 | Aug 16th, 2018

In today's podcast we hear that cyber threats to river traffic have intermodal implications. Nation state hacking, Presidential Policy Directive 20, and international norms of cyber conflict. The tragic consequences of overconfidence concerning commu...Show More

Notes on patching. Foreshadow speculative execution vulnerability. Influence operations. The FBI's new cyber chief. Are stickers a temptation to thieves, hackers, and customs officers?

19:58 | Aug 15th, 2018

In today's podcast we hear some Patch Tuesday notes—both Microsoft and Adobe were busy yesterday. Foreshadow, a new speculative execution vulnerability, is reported. Malaysia gets attention from Chinese espionage services. Competition for jihadist mi...Show More

Cryptowars notes. DDoS in Finland. Bears aren't under the beds; they're in the routers. Smart city attack surfaces. Sanction notes. Training through puzzle-solving .

19:59 | Aug 14th, 2018

In today's podcast, we hear about the cryptowars down under. Major DDoS incident in Finland. Bears in the home routers, and concerns about IoT and power grid security prompt a US Senator to demand answers. Smart cities present big attack surfaces. Pr...Show More

Spyware for states and spouses. Election hacking demos. New ransomware strains, and a clipper for Android. Airline Wi-Fi is not only irritating, but insecure as well.

16:30 | Aug 13th, 2018

In today's podcast, we hear about spyware in the guise of a missile attack warning app. New Dharma variant out. Android.Clipper redirects transactions to crooks' cryptowallets. DLink exploits rob Brazilian banking customers. Utilities prepare for gri...Show More

Thrip espionage group lives off the land. — Research Saturday

25:46 | Aug 11th, 2018

Researchers at Symantec have been tracking a wide-ranging espionage operation that's targeting satellite, telecom and defense companies.  Jon DiMaggio is a senior cyber intelligence analyst at Symantec, and he takes us through what they've discovered...Show More

DPRK RAT in the wild. Vulnerable WPA2 4-way handshake implementations. Black Hat notes. Sanctions and retaliation. RoK to reorganize Cyber Command. PGA and ransomware.

22:05 | Aug 10th, 2018

In today's podcast we hear that US-CERT is warning of a North Korean RAT. Researchers find vulnerable WPA2 handshake implementations. A sales call results in inadvertent data exposure. Notes on Black Hat: circumspection, hype, barkers, and artificial...Show More

State-sponsored ransomware campaigns coming? DarkHydrus and Phishery. Hitting ATMs for alt-coin. US sanctions Russia. IBM looks at artificially intelligent malware. Black Hat notes.

19:05 | Aug 9th, 2018

In today's podcast we hear that Tehran seems ready to follow Pyongyang into state-sponsored theft to redress financial shortfalls: cryptocurrency ransomware looks like Iran's preferred approach. DarkHydrus uses commodity tool Phishery in Middle Easte...Show More

Payment processors probed with BGP exploits for redirection attacks. WhatsApp vulnerable to manipulation? Deterrence and retaliation. Anonymous vs. QAnon. Notes from Black Hat.

17:03 | Aug 8th, 2018

In today's podcast we hare that Oracle has warned of BGP exploits against payment processors. Check Point says it's found vulnerabilities in WhatsApp that could enable chat sessions to be intercepted and manipulated. Germany, Ukraine, and the US inde...Show More

TSMC recovers from WannaCry infection. OpenEMR fixes 30 bugs. UK will ask Russia to extradite two GRU operators for Novichok attacks. Twitterbots flourish.

19:03 | Aug 7th, 2018

In today's podcast we hear that chipmaker TSMC says the virus that shut it down in Taiwan was WannaCry. It appears to have been an incidental infection enabled by inattentive installation of software. OpenEMR fixes bugs that could have exposed millio...Show More

More data exposures, from banks and a major CRM provider. Ransomware strikes back. The irresistibility of data. An unhackable wallet gets hacked…maybe. Spreading goodwill through Akido?

19:39 | Aug 6th, 2018

Leaky API may have exposed Salesforce customers' data, TSMC reports a virus in its semiconductor plants. TCM Bank discloses a paycard application leak. Ransomware in Hong Kong. The US Census Bureau prepares to secure its 2020 "fully digital" census. ...Show More

Cortana voice assistant lets you in. — Research Saturday

21:32 | Aug 4th, 2018

Researchers at McAfee recently discovered code execution vulnerabilities in the default settings of the Cortana voice-activated digital assistant in Windows 10 systems.  Steve Povolny is head of advanced threat research at McAfee and he shares their ...Show More

Russian threats and threats to Russia. Cryptojacking wave spreads out from Brazil. Recovering from malware in Alaska and Atlanta. Notes on automotive cybersecurity.

24:52 | Aug 3rd, 2018

In today's podcast we hear that the US Intelligence Community warns of Russian threats, again. A criminal spearphishing campaign hits Russian industrial companies. A cryptojacking wave is installing CoinHive in MicroTik routers. Speakers at the Billi...Show More

RASPITE noses around the US power grid. Cisco will buy Duo Security. Sandworm afflicts lab investigating Novichok attack. Influence ops can be no-lose proposition.Crytpojacking and malspam.

18:06 | Aug 2nd, 2018

In today's podcast, we hear that Cisco plans to buy Duo Security. Dragos warns of the RASPITE adversary actor. Russia's Sandworm group is phishing people connected with a Swiss chemical forensics lab. How influence operations can be a no-lose proposi...Show More

Reddit Hacked. Ukrainians nabbed. Facebook boots "inauthentic" accounts for malign influence. Pegasus spyware found in Amnesty phone. Yale's old breach. Google and censorship.

19:49 | Aug 1st, 2018

In today's podcast we hear that a Swiss chemical agent forensic lab has seen Sandworm phishing attempts. Facebook kicks thirty-one "inauthentic" accounts from its platform: they seem to have been engaged in influence operations, possibly Russian. Att...Show More

Data-centric security. — Special Edition

27:36 | Aug 1st, 2018

In this CyberWire special edition, we take a look at data-centric security, focusing on the security of the data itself, rather than the surrounding networks, application or servers.    To help us on our journey of understanding we’ve lined up a numb...Show More

Infrastructure security, especially power, finance, and elections. Preparation pays off. Proofpoint warns of new AZORult malware. Check Point tracks Master134 malvertising. Crime news.

19:22 | Jul 31st, 2018

In today's podcast we hear more warnings about Russian cyber operators in the North American power grid. The US Department of Homeland Security announces formation of a National Risk Management Center. Cosco's preparation may have rendered the shippe...Show More

NetSpectre proof-of-concept. Election hacking, in the US and Australia. Cyber industrial espionage. Cyber threats to power grids. Hacking JPay.

16:25 | Jul 30th, 2018

In today's podcast, we hear about NetSpectre, a new speculative execution proof-of-concept. Australia's Electoral Commission says there were no signs of hacking recent by-elections. US states remain concerned about election hacking. Missouri Senator ...Show More

BabaYaga strangely symbiotic Wordpress malware — Research Saturday

20:30 | Jul 28th, 2018

Researchers at Defiant recently analyzed a malware family they named "BabaYaga," which has the curious behavior of clearing out other malware and keeping infected sites up to date. Brad Hass is a senior security analyst at Defiant, and he guides us t...Show More

Fancy Bear sniffs around Senatorial staffs. US NSC considers Russian election interference. Chinese and Iranian cyberespionage. Malware loaders. Smart home bugs. Stealing WiFi.

21:21 | Jul 27th, 2018

In today's podcast we learn that Fancy Bear is said to be snuffling around at least one US Senatorial office. The US National Security Council meets to consider Russian election interference. Notes on Chinese and Iranian cyberespionage. New malware l...Show More

LifeLock closes proof-of-concept hole. US-CERT warns of active campaigns against ERP applications. Ad blockers may function as spyware. Parasite HTTP RAT. Underminer EK. NSA's IG scowls.

19:25 | Jul 26th, 2018

In today's podcast we hear that LifeLock gets locked down—probably no harm done, maybe. US-CERT warns of active campaigns against ERP applications. Ad blockers may be doubling as spyware. A new RAT gnaws away at corporate HR departments. Underminer s...Show More

Leafminer wants to learn from the best, and that's not good. Shipper hacked. Old malware resurfaces in improved form. Russian grid and election threats. What insurance covers.

20:00 | Jul 25th, 2018

In today's podcast, we hear that Leafminer is infesting networks in the Middle East. Red Alert, Kronos, Mirai, and Gafgyt make their reappearance in new forms. Shipping firm Cosco is dealing with a cyberattack. US officials raise warnings about Russi...Show More

Warnings of Russian cyber threat to power grids. Phishing rises. Patch gets patched. SingHealth breach. Satori botnet. Bluetooth MitM. Evil maids?

19:54 | Jul 24th, 2018

In today's podcast, we hear that warnings of Russian prep for an attack on power grids become more pointed. Phishing and impersonation attacks continue to rise. Microsoft patches a patch. The SingHealth breach remains under investigation. The Satori ...Show More

SingHealth breach hits Singapore. Manufacturers afflicted with third-party data exposure. Aspen Security Forum takes cyber threats seriously. Ecuador may withdraw asylum from Assange.

14:30 | Jul 23rd, 2018

In today's podcast we hear that Singapore's SingHealth has sustained a major data breach: authorities speculate it may have been the work of a nation-state yet to be determined (or at least named). A third-party data exposure affects major manufactur...Show More

Measuring the spearphishing threat — Research Saturday

23:41 | Jul 21st, 2018

Researchers Gang Wang and Hang Hu from Virginia Tech recently conducted an end-to-end measurement on 35 popular email providers and examining user reactions to spoofing through a real-world spoofing/phishing test. Gang Wang joins us to share the sobe...Show More

Cyberespionage and influence operations. Big botnet assembled in less than a day. Monetizing stolen paycards through online games. Amazon nudges developers. Report on Huawei. Phishing notes.

21:59 | Jul 20th, 2018

In today's podcast we hear that the US Intelligence Community remains convinced the Bears are up to no good. Finland experienced elevated rates of cyberattack during the Helsinki summit, mostly Chinese espionage. The hacker "Anarchy" assembled an 18,...Show More

Fancy Bear's Roman Holiday. RAT phishing in Ukraine. AWS S3 bucket leaks robocaller data. Bug or abuse? NIST to withdraw outdated cybersecurity publications. Content moderation.

19:52 | Jul 19th, 2018

In today's podcast, we hear that Fancy Bear has taken a Roman Holiday, and the Italian Navy may be taking note. A criminal espionage campaign is underway, with Ukraine's government as its target. An exposed AWS S3 bucket leaks voter information. A se...Show More

Magnibur ransomware spreads. LabCorp discloses suspicious incident on its networks. Spectre, Meltdown notes. Oracle patches. Helsinki summit backing and filling and backing.

20:13 | Jul 18th, 2018

In today's podcast, we hear about the spread of Magnibur ransomware. LabCorp discloses "suspicious activity" on its networks. The Pentagon will add cybersecurity checks to its test and evaluation process. Siemens updates customers on Spectre and Melt...Show More

Trump-Putin summit. East Asian cyberespionage campaigns. Vulnerable DVRs. Concern about census security.

19:59 | Jul 17th, 2018

In today's podcast we review fallout from the Trump-Putin summit. Cyberespionage campaigns resurface in East Asia—at least one of them originates in North Korea. Telefonica sustains a major data breach of Spanish customers' details. Passwords to DVRs...Show More

DNI warns of cyber threats. Russo-US summit. Mueller investigation and indictments. Huawei agonists. Congress reconsiders ZTE reinstatement. Kaspersky receives no emergency ban relief.

19:31 | Jul 16th, 2018

DNI says "warning lights are blinking red" over cyber threats. Election interference remains a risk despite lower than expected levels of threat activity. Presidents Trump and Putin meet in Helsinki. Notes on the Mueller investigation and the GRU ind...Show More

A new approach to mission critical systems — Research Saturday

21:16 | Jul 14th, 2018

Andy Bochman is senior grid strategist for Idaho National Lab’s National and Homeland Security directorate. Today we’re discussing the research the INL has been doing, developing new approaches to protecting mission critical systems. The CyberWire's ...Show More

Fancy Bear indictments. VPNFilter found in Ukrainian water-treatment chlorine plant. Comment spam. Speculative execution side-channel attacks. MDM exploits in India.

25:07 | Jul 13th, 2018

In today's podcast, we hear that Special Counsel Mueller has secured an indictment of twelve Russian intelligence officers for hacking during the 2016 US presidential elections. Ukraine finds VPNFilter in a water treatment facility. Comment spam retu...Show More

Timehop refines its breach disclosure. Speculative execution side-channel attacks described. Tech manuals offered for sale on the dark web. Twitter versus bots.

20:00 | Jul 12th, 2018

In today's podcast, we hear that Timehop has released more information as its breach investigation proceeds. The case will be interesting as an indicator of what GDPR enforcement will look like. Two speculative execution side-channel attacks are desc...Show More

Ticketmaster paycard breach is part of a very large skimmer campaign. Chinese cyberespionage and censorship. Smartphone privacy issues. Data misuse litigation. Affirming the consequent.

19:37 | Jul 11th, 2018

In today's podcast we hear reports that the Ticketmaster breach is the tip of a big software supply chain iceberg. Chinese intelligence services closely interested in Cambodia's elections. iOS crashes appear related to code designed to block displays...Show More

More Elon Musk impersonators in social media. Cryptocurrency raided. Spearphishing in Palestine. BlackTech espionage group. Apple upgrades. Polar Flow fitness app and oversharing.

20:00 | Jul 10th, 2018

In today's podcast, we hear that advance fee scams run by Elon Musk impersonators are using the recently rescued boys' soccer team as phishbait. Bancor wallet robbed of crytpocurrencies. Palestinian police spearphished. BlackTech espionage group usin...Show More

Malware infections down during World Cup matches. UK-Russia tensions. Australian National University hacked. Data breach notes. Calls for cooperation. Tell it to the Marines.

15:39 | Jul 9th, 2018

In today's podcast, we hear that if your nation's team was playing a World Cup match, you probably weren't visiting dodgy websites. Concerns mount in the UK that Russia may be readying a long-expected attack on British infrastructure and holding it u...Show More

No Distribute Scanners help sell malware

14:30 | Jul 7th, 2018

Sellers of malware on Dark Web forums often use No Distribute malware scanning tools to help verify the effectiveness of their wares, while preventing legitimate virus scanning tools from adding the malware to their database. Daniel Hatheway is a Sen...Show More

When catphishing, it pays to know what bait they'll take. Permission hogs are often misers. Cyber comes to the NTC. Natural intelligence screening for artificial intelligence. The Thermanator.

22:47 | Jul 6th, 2018

In today's podcast we hear about catphishing in Berlin and Tel Aviv: whether you're offering payment for a white paper or up-to-date futbol scores, it pays to know the right bait. Android apps may be permission hogs, but it's surprising how often the...Show More

Catphish and Charming Kittens. Data-sharing receives more scrutiny. European copyright law won't be fast-tracked. ZTE gets some relief. Juggalos and Juggalettes defeat facial recognition tools.

19:52 | Jul 5th, 2018

In today's podcast we hear about some catphishing in the IDF's pond. Charming Kitten uses itself as bait. Facebook and Google face scrutiny over sharing users' information with third-parties. The Pirate Bay is back after its hiatus, and it's back to ...Show More

Hybrid warfare. Inveterate DDoS against ProtonMail. Security concerns about Chinese companies. Retail breaches. Agencies scrutinize Facebook data abuse. Infrasound weapons?

19:20 | Jul 3rd, 2018

In today's podcast we hear that Ukraine has warned of hybrid warfare during UN counter-terrorism meetings. ProtonMail DDoS continues. Security concerns surrounding ZTE, Huawei, and China Mobile. Retail data breaches. A quiz app's backup data are acce...Show More

Adidas data breach. Facebook on data abuse. Investigation of Exactis data exposure continues. Algonquin College hacked. Tenable's IPO. US-Russia summit will talk election influence ops.

15:52 | Jul 2nd, 2018

In today's podcast we hear a bit about the data breach Adidas disclosed late last week. Facebook answers Congressional questions for the record and adopts a data abuse bounty program. Investigation of the Exactis data exposure incident continues, but...Show More

VPNFilter malware could brick devices worldwide — Research Saturday

28:43 | Jun 30th, 2018

Researchers from Cisco Talos continue to track malware they've named VPNFilter, a multi-stage infection with multiple capabilities, targeting consumer-grade routers. Craig Williams is head of Cisco Talos Outreach, and he joins us with the details.  T...Show More

Data breaches and data exposure. Privacy legislation. Improperly collected phone call records destroyed.

24:55 | Jun 29th, 2018

In today's podcast we hear that Ticketmaster UK's hacking incident will provide an interesting GDPR test case. Data aggregator Exactis left nearly two terabytes of personal and business information exposed on the publicly accessible Internet. NSA des...Show More

Ukraine accuses Russia of preparing a cyber campaign. China eyes Tibetan diaspora. A decryptor for Thanatos ransomware. Nudging away from privacy. Dark web undercover.

19:58 | Jun 28th, 2018

In today's podcast we hear that Ukraine has warned that Russia is preparing a coordinated attack against Ukrainian financial and energy infrastructure. China appears to be stepping up surveillance of the Tibetan diaspora. Cisco's Talos unit has a fre...Show More

Separating fools from money. — Hacking Humans

29:47 | Jun 28th, 2018

Dave shares a story of airport penetration testing with high degree of yuck-factor. Joe explores research on protecting passwords from social engineering. The catch-of-the-day comes courtesy of Graham Cluley's email spam box. Dave interviews Wired's ...Show More

DDoS attack on ProtonMail. Rancor cyberespionage campaign. PythonBot serves ads and a cryptominer. EU joint cyber response unit forming. Arrests in BEC campaign. Reality Winner's plea.

19:54 | Jun 27th, 2018

In today's podcast, we hear that ProtonMail was hit this morning by an Apophis Squad DDoS attack. Rancor cyberespionage campaign observed in Southeast Asia. PythonBot serves up adware and cryptojacking. WannaCry-themed protection racket is all bark a...Show More

Romania, UK, warn of Russian cyber ops. International norms of cyber conflict. Bronze Butler's USB drives. Too-smart batteries not smart enough. Industry notes. Game cheater gets jail time.

19:59 | Jun 26th, 2018

In today's podcast, we hear warnings of Russian cyber operations from Romania and the UK. Recent attempts at developing international rules of conduct (and conflict) in cyberspace. Bronze Butler's naughty USB drives—not as scary as they sound, but a ...Show More

Nation-state cyberespionage and cybercrime. Cryptocurrency fraud and theft give alt-coins a rocky ride. Sino-US trade conflict update. GDPR data extortion. Spammy protection racket.

14:28 | Jun 25th, 2018

In today's podcast, we hear that Taiwan continues to receive the PLA's cyber attentions. A look at what the Lazarus Group is up to. Cryptocurrency fraudsters arrested as alt-coin values have a rocky ride. Continuing US hot water for ZTE and Huawei. G...Show More

LG smartphone keyboard vulnerabilities — Research Saturday

16:22 | Jun 23rd, 2018

Researchers at Check Point Research recently discovered vulnerabilities in some LG smartphone keyboards, vulnerabilities that could have been used to remotely execute code with elevated privileges, act as a keylogger and thereby compromise the users’...Show More

Phishing plays small ball with depressing success. Chinese cyberespionage up. US IC, JCS, worries about innovation. Guilty plea in US espionage case. Ex-Knesset member suspected of spying. Supreme Court decides location privacy case.

24:06 | Jun 22nd, 2018

In today's podcast, we hear that phishing scams continue to nibble away at bank accounts and reputations: the State of Oregon is among those suffering. Avoid emails promising you leaked pictures of YouTube stars. Chinese espionage against US targets ...Show More

Malicious apps, a clever botnet, and cryptojacking. Patch notes. EU copyright regulations. Congress still doesn't like the cut of ZTE's or Huawei's jib. Tesla sues a former employee.

19:52 | Jun 21st, 2018

In today's podcast we hear about a malicious app that will save your battery, but it will also install a backdoor, steal information, and click on a bunch of ads. A sophisticated and patient botnet, Mylobot, is observed in the wild, but it's not yet ...Show More

Playing on Kindness — Hacking Humans

22:17 | Jun 21st, 2018

Joe explains the Ben Franklin effect. Dave describes job applicants tricked unto money laundering. A listener tells a tale of being fooled by an appeal to greed. Joe interviews Stacey Cameron from DirectDefense about her physical penetration testing ...Show More

Satellite communications suffer from Thrip(s). Zacinlo rootkit poses as a VPN. Insecure Firebase apps. EU copyright legislation. Kardon Loader. Bithumb robbed. #Opicarus2018. Bitcoin Baron jailed.

19:57 | Jun 20th, 2018

In today's podcast, we hear that the Chinese espionage group Thrip is targeting satellite communications operators and others in the US and Southeast Asia. Zacinlo rootkit hides inside a bogus VPN. Developers are leaving Firebase apps insecure. The E...Show More

Charges in Vault 7 case. Olympic Destroyer appears to be back. Liberty Life hack. Does Tesla have a rogue insider? US Senate hits at ZTE. Guilty plea in OPM hack-related fraud. Motive: blackmail.

19:57 | Jun 19th, 2018

In today's podcast we hear that the US has charged a former CIA engineer in the WikiLeaks Vault 7 case. Olympic Destroyer may be back, and preparing to hit chemical weapons investigators and arms control specialists. Updates on the Liberty Life data ...Show More

Date extortion attempt against Liberty Life. Rex Mundi, Black Hand arrests. Hidden Cobra's back. Clipboard hijacking hits cryptocurrency wallets. ZTE, Huawei security fears. Pulp fiction.

18:46 | Jun 18th, 2018

In today's podcast we hear that Liberty Life has sustained an attempt at data extortion. In separate operations, international police agencies cooperate against Rex Mundi, Black Hand, and the remnants of Silk Road. Cyber espionage notes. North Korean...Show More

Cyber bank heists — Research Saturday

15:57 | Jun 16th, 2018

Carbon Black's Chief Cybersecurity Officer Tom Kellerman shares the results of their recent report, Modern Bank Heists: Cyberattacks & Lateral Movement in the Financial Sector. For the report, they interviewed CISOs at 40 major financial institutions...Show More

MysteryBot developed from LokiBot. Satan rebranded as DBGer. Snooping on iOS got harder, but maybe not impossible. IG report on the FBI is out, not damning but not good, either.

22:40 | Jun 15th, 2018

In today's podcast we hear that MysteryBot is under development and presumably being prepared for sale on the black market. Satan ransomware gets a makeover and a new name. Apple has taken measures to make iOS traffic less accessible to snooping, but...Show More

Chinese espionage in Central Asia. Dixons Carphone data exposure. Lazy State speculative execution bug. Pyongyang is expected to come roaring back into cyberspace. Unlucky 13. Chinese espionage in Central Asia. Dixons Carphone data exposure. Lazy State sp

18:44 | Jun 14th, 2018

In today's podcast, we hear that LuckyMouse has crept into an unnamed Central Asian house. Dixons Carphone data exposure presents complex legal and regulatory issues—it's the first big incident since GDPR came into effect. "Lazy State" is another CPU...Show More

Hacking Humans — Gaming pro athletes online.

30:00 | Jun 14th, 2018

Joe warns of scammers taking advantage of natural disasters, Dave explores romance scams, and gets a strange voice mail.  Stephen Frank from the National Hockey League Players Association joins us to share how professional athletes protect themselves...Show More

Cable-tapping for a new century. Lazarus Group update. BabaYaga's cannibalistic malware. Patch Tuesday notes. Cryptojacking. World Cup surveillance. Beware of strangers bearing gifts with USB connections.

16:40 | Jun 13th, 2018

In today's podcast we hear that old news is new news when it comes to undersea cables. The Lazarus Group is still at it, against South Korean targets. BabaYaga eats other malware so it can stage WordPress spam. Patch Tuesday notes, including some pro...Show More

Don't get cozy with Cozy Bear. Code-signing issues stem from muddled documentation. Devices ship with inadvertent backdoor. Matryosha attack. Operation WireWire versus BEC scammers.

19:46 | Jun 12th, 2018

In today's podcast we hear that the US Treasury Department has announced sanctions against Russian entities it says were too cyber-cozy with the FSB. Code-signing issue looks like what we have here is a failure to communicate. Android devices are bei...Show More

SWIFT fraud (behind a wiper). Coinrail ICO robbery. Chinese espionage. G7 agrees to a coordinated response to hostile cyber operations. Malwaretech faces new charges.

17:33 | Jun 11th, 2018

In today's podcast, we hear about more SWIFT fraud, with a wiper attack as misdirection. Cryptocurrency exchange looted of ICO tokens. Chinese espionage in Rhode Island, and a conviction in Virginia. Dropping Elephant spearphishes in think tanks. G7 ...Show More

Winnti Umbrella Chinese threat group — Research Saturday

20:59 | Jun 9th, 2018

Researchers from ProtectWise's 401TRG team recently published research linking a variety of new and previously reported Chinese cyber threat groups. Tom Hegel is a Senior Threat Researcher with the 401TRG, and he joins us to share their findings.  Th...Show More

Adobe patches a zero-day being exploited in the wild. Chinese cyber espionage, and the risks of data-sharing. Facebook default settings glitch. Industry notes.

24:50 | Jun 8th, 2018

In today's podcast, we hear that Adobe has patched a Flash vulnerability. InvisiMole is a discrete, selective cyber espionage tool. A Facebook glitch inadvertently changed users' default privacy settings. Leidos exits the commercial cyber market. Chi...Show More

New criminal campaigns out and about. Fancy Bear changes style, but not management. VPNFilter hits more devices. CloudPets overshare, but maybe more benignly than Google and Facebook.

19:18 | Jun 7th, 2018

Iron Group said to use Hacking Team source code to build a backdoor. Operation Prowli both cryptojacks and sells traffic. Fancy Bear may be getting noisier. VPNFilter has a more extensive set of victim devices than previously believed. ZTE pays a bil...Show More

Hacking Humans — A flood of misinformation and fake news

30:07 | Jun 7th, 2018

In this episode, Joe examines the anatomy of a phishing attack, Dave explores pretexting, and a scammer targets real estate agents.  Professor Stephen Lewandowsky from the University of Bristol joins us to share his research on misinformation, fake n...Show More

Espionage, influence, summits, and elections. What counts as a luxury? An iCloud warrant raises cryptowars speculation. Microsoft's GitHub acquisition. Facebook's coziness with Shanghai?

19:49 | Jun 6th, 2018

In today's podcast, we hear that TempTick and Turla are interested in the US-North Korean summit. That summit might not take up many cybersecurity issues. Where did North Korea get all that digital rope they want to hang the West with? It seems we co...Show More

DPRK hackers quieter in the run-up to the Kim-Trump summit. Russian EW. Cryptocurrencies and crime. Law firm social engineering. Dodgy World Cup Wi-Fi. Bad AI, a time-traveler's poly.

18:30 | Jun 5th, 2018

In today's podcast, North Korea still seems to be leaving American IoT networks more-or-less alone, for now, however actively they're hacking elsewhere. Everything old is new again, at least with Russian EW. Cryptocurrency crime is a worry everywhere...Show More

Microsoft buys GitHub for $7.5 billion. VPNFilter tries to reconstitute itself. Ransomware and DDoS notes. USA Really seems to be latest in Russian disinformation.

14:57 | Jun 4th, 2018

In today's podcast we hear that Microsoft is buying GitHub for $7.5 billion. VPNFilter seeks to reestablish itself. Financial Trojans are up and ransomware is down, but don't count the ransomware out, not yet. A get-decrypted-for-free card to Russian...Show More

Islamic State propaganda persistence — Research Saturday

19:02 | Jun 2nd, 2018

Researchers from Flashpoint recently explored ISIS' ability to distribute propaganda across the internet, and their use of major internet service providers to help them achieve persistence. Ken Wolf is a Senior Analyst at Flashpoint, and he describe...Show More

Lazarus Group updates. Cybercrime's GDP. New Zealand a Chinese espionage target? ZTE and Huawei criticized. BND will continue to monitor Frankfurt hub. Google's knowledge panels.

24:37 | Jun 1st, 2018

In today's podcast we hear that the Lazarus Group may be on (relative, selective) good behavior. A study suggests that if cybercrime were a country, it would have a GDP comparable to Russia's. The Canadian Security Intelligence Service warns, in the ...Show More

Kaspersky loses court challenge to US Government ban. Cryptomix ransomware. US Departments of Commerce, Homeland Security, and Energy plan resiliency. A packrat at CIA? Reboot your routers.

19:56 | May 31st, 2018

In today's podcast we hear that Kaspersky has lost its court challenge to the US Government ban on its products, but plans to  appeal. Cryptomix ransomware is out in the wild. Vulnerabilities found in SingTel routers. Chrome 67 update includes patche...Show More

Hacking Humans - Social engineering works because we're human.

30:08 | May 31st, 2018

In this premier episode of the Hacking Humans podcast, cohosts Dave Bittner from the CyberWire and Joe Carrigan from the Johns Hopkins University Information Security Institute discuss noteworthy social engineering schemes and ways to detect them.  ...Show More

More North Korean malware identified. EOS scanned for misconfigurations by parties unknown. Canadian banks won't pay extortion. Stay away from Joker's Stash. Crime and punishment.

18:41 | May 30th, 2018

In today' s podcast, we hear that the US has attributed two more strains of malware to North Korea. And whether you call them Hidden Cobra or the Lazarus Group, it's the same reliable crew of Pyongyang hoods. More trouble for the ICO world as unknown...Show More

Rebooting routers against VPNFilter. Canadian banks compromised? Cobalt gang is back. 51% attacks on blockchains. "Courvoisier" sentenced. NATO looks at Russia's weaponized jokes.

19:55 | May 29th, 2018

In today's podcast we hear that the FBI recommends rebooting your routers against VPNFilter. Data extortion hits Canadian banks. The Cobalt Gang is back. 51% attacks fiddle with cryptocurrencies. BackSwap banking Trojan is tough to detect. Coca-Cola ...Show More

UPnProxy infiltrates home routers — Research Saturday

20:26 | May 26th, 2018

Researchers at Akamai recently published a white paper titled UPnProxy: Blackhat proxies via NAT Injections. In it, they describe vulnerabilities with Universal Plug and Play capabilities in home routers, and how malicious actors could take advantage...Show More

VPNFilter takedown. Low-cost Android phones with preloaded adware. Alexa's selective attention. BMW patches connected cars. Cryptocurrency crimes. New swatting charges. GDPR is here.

24:52 | May 25th, 2018

In today's podcast, we hear that the FBI's takedown of VPNFilter may have averted a major state-directed campaign. Some discount Android phones come with preloaded adware. Amazon's Echo echoed a little too much. BMW patches some potentially serious v...Show More

VPNFilter and battlespace preparation. XENOTIME may be back, and after industrial systems. GDPR updates. Following Presidential Tweets.

19:58 | May 24th, 2018

In today's podcast, we hear that VPNFilter, described by Cisco's Talos research unit, looks like battlespace preparation for Fancy Bear. The FBI may have succeeded in impeding its operation. Dragos describes XENOTIME, the threat actor behind the TRIS...Show More

Variant 4 and other chipset vulnerabilities. Confucius and Patchwork. Turla goes two-stage. Misconfigured not-for-profit bucket. ZTE's fraying lifeline. Facebook and the EU. Brain Food.

19:46 | May 23rd, 2018

In today's podcast we hear a bit more on Variant 4—we may see more like it. Mitigations are under preparation. The Confucius threat group modifies its approach to targets. Turla adopts a two-stage infection technique. A misconfigured AWS S3 bucket ex...Show More

Speculative Store Bypass. GPON-based botnet. Customer data exposures. Roaming Mantis gets more capable. Nation-state threats.

18:57 | May 22nd, 2018

In today' podcast we hear about the Speculative Store Bypass vulnerability that's been found in most current chipsets. GPON-based routers assembled into botnets. Comcast and TeenSafe close vulnerabilities in transmission and storage of customer data....Show More

DPRK's Sun Team works from three apps in Google Play. PII for sale in Zheijiang. SPEI theft. Jihadist content in social media. SEA charges. DDoS-for-hire sentencing. ZipperDown bug.

16:47 | May 21st, 2018

In today's podcast, we hear that North Korea's Sun Team is rising in Red Dawn. Much PII, mostly out of Japan, appears in the black-market stall of a poorly reviewed vendor. The Mexican bank raid seems, the Central Bank says, to have started with a sm...Show More

Threat actors hijack Lojack — Research Saturday

17:08 | May 19th, 2018

Researchers from Arbor Networks' ASERT Threat Intelligence Team recently published a report titled, "Lojack Becomes a Double Agent." It outlines how threat actors are altering legitimate recovery utility software and simulating its command and contro...Show More

Something Wicked this way comes. Automating wallet pilferage. Office 365 phsihing scams. DPRK hackers remain active. Recognizing alt-coin investment frauds.

23:48 | May 18th, 2018

In today's podcast, we hear that a new Mirai variant is out and about: they call it "Wicked." MEWkit automates coin theft. LocationSmart was buggy and leaky. The US Senate has confirmed Gina Haspel as Director of Cetnral Intelligence. Relaxed tension...Show More

Competing for terrorist mindshare. ICS threat group update. AnonPlus vandalizes US state sites. GDPR's disclosure timeline. Congressional hearings. DarkOverlord collared.

19:24 | May 17th, 2018

In today's podcast, we hear that Al Qaeda is back, howling online toward whatever lone wolves might be within earshot. The CHRYSENE ICS threat group may be looking beyond the Arabian Gulf. AnonPlus is after US state governments—New Mexico, Idaho, and...Show More

Spyware campaigns: phishing and watering holes. Signal patches (fast). DHS cyber strategy. Russian election hacking. Cyber Investing Summit. Do smart people pick better passwords?

19:21 | May 16th, 2018

In today's podcast we hear that a spyware campaign centered on Pakistan and thought to be the work of Pakistan's military, comes in two variants: one for Android, the other for iOS. Vietnam is said to be phishing in a compromised Phom Penh Post websi...Show More

Email client vulnerabilities. Sanctions and trade policy. FinFisher in Turkey. myPersonality data scandal. Patch news. High school phishing.

19:44 | May 15th, 2018

In today's podcast, we hear about reports of email client vulnerabilities. Worries about Russian and Chinese software and hardware vendors. Security and trade policy notes. FinFisher found used in Turkey. The data scandal that brought down Cambridge ...Show More

Unauthorized banking transfers in Mexico? A lifeline for ZTE. Iranian cyber op-tempo rises. Russian troll farm's ad buys. Reining in apps. Cell tracking. Anonymous is back.

15:17 | May 14th, 2018

In today's podcast we hear that Mexican banks may have sustained unauthorized funds transfers. Presidents Trump and Xi seem willing to toss a lifeline to drowning ZTE. Some researchers report an uptick in Iranian cyber operations. Russia's premier tr...Show More

Three pillars of Artificial Intelligence — Research Saturday

32:15 | May 12th, 2018

Bobby Filar is a Principal Data Scientist at Endgame, and coauthor of the research paper, The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and Mitigation. The report surveys the landscape of potential security threats from malic...Show More

Vigilantes and hacktivists. Point-of-sale malware source code leaks. Malicious extensions and apps. US Federal indictments: spying and hacking. Robo-caller gets record fine.

23:25 | May 11th, 2018

In today's podcast, we hear that vigilantes have visited ZooPark, and the lights go out—voluntarily—on some Georgia hacktivists. Treasure Hunter source code posted to a criminal forum. Malicious Chrome extensions and malicious Android photo-editing a...Show More

Cyber conflict between Iran and the US widely expected. ALLENITE threat group is after US, UK power grids. Jack-in-the-Box vulnerability. Signal's memory. Is ZTE going down?

19:58 | May 10th, 2018

In today's podcast we hear that US withdrawal from the Iranian nuclear deal is widely taken as heralding a new round of cyber conflict. Cyberattacks on critical infrastructure are seen as an asymmetric way of war. The ALLANITE threat group is observe...Show More

Subborn IoT botnets. Razzle-dazzle HTML phishing lure. Fancy Bear's false flag. Busy Yahoo boys. Crooks turn from Tor to Telegram. Kaspersky and contractors. Patch notes. SB 315 vetoed.

18:28 | May 9th, 2018

In today's podcast we hear about Hide-and-Seek, a hard to flush botnet. A phishing technique takes advantage of an email client's rendering of HTML. Facebook death threats in 2015 are said to have been the work of Fancy Bear, dressed up as the Cyber ...Show More

Greek and Turkish hacktivists swap defacements. Process Doppelgänging in the wild. GDRP is coming (like winter, for you Game of Thrones fans.) Profiling infosec enthusiasts.

18:49 | May 8th, 2018

In today's podcast we hear that hacktivist lightning is flashing across the Aegean, hitting Greek and Turkish TV stations. Process Doppelgänging is observed in ransomware circulating in the wild. Unstructured data could expose enterprises to GDPR reg...Show More

2018 RSAC Outlook - Special Edition

17:51 | May 8th, 2018

Just before the RSA conference this year, we spoke with a pair of industry experts for their take on the year so far, and what they expect to see in the coming months. In this CyberWire Special Edition, we hear from Craig Williams, Director of Talos ...Show More

Winnti Umbrella covers multiple threat actors. DPRK off-shores cyber ops. ZooPark is in its fourth generation. GPON router bugs exploited in the wild. Russian Twitterbots. Block the EU?

16:34 | May 7th, 2018

In today's podcast we hear that Chinese intelligence services have been seen beneath the Winnti Umbrella. North Korea's off-shoring of cyber operations. ZooPark Android spyware is now in its fourth generation, and still active in the Middle East and ...Show More

BlackTDS and ThreadKit offered in criminal markets — Research Saturday

21:16 | May 5th, 2018

Kevin Epstein is Vice President of Proofpoint's Threat Operations Center. We’re discussing two bits of research with him today. The first is about BlackTDS, a traffic distribution tool for sale in dark web markets. A little later in the show, he’ll ...Show More

In the shredder or off the truck? Battlespace prep for a supply chain campaign? NG-Spectre found in Intel chips. No domain fronting for you. Kitty mines monero. NSA, US Cyber Command under new management.

24:55 | May 4th, 2018

In today's podcast we hear that they're hoping in Australia that backup tapes made it to the shredder, and didn't fall off the truck. Equifax's board of directors gets reelected. Are China's espionage services preparing the battlespace for a supply c...Show More

Lojack for Laptops backdoor? World Cup cybersecurity. Schneider Electric patch. Reward points for sale. Medical device vulnerabilities. PPD-20 revision?

19:47 | May 3rd, 2018

In today's podcast we look at some indications that LoJack for Laptops might have been compromised to report back to Moscow. World Cup cybersecurity. Schneider Electric patches developer's tools. Travel and hospitality rewards points are the menhaden...Show More

New nation-state actors in cyberspace. SiliVaccine AV said to incorporate pirated code. Credential stuffing and password reuse. GravityRAT evades sandboxes. GDPR approaches.

19:27 | May 2nd, 2018

In today's podcast we hear that more nation-states have acquired and are using cyber capabilities. North Korea's SiliVaccine anti-virus product appears to have pirated an old version of Trend Micro's scan engine. Despite warnings of credential stuffi...Show More

Payment system hack investigated. Patch weaponization. Medical zero-days for sale. Responsible disclosure. Bad bots attack. Car hacking. Trends in phishbait.

18:58 | May 1st, 2018

In today's podcast, we hear that a possible bank payment system hack remains under investigation in Mexico. Medical zero-days for sale, and not on the black market. SamSam continues to spread. What to look for in bad bots. Patched vulnerabilities are...Show More

Bank hack in Mexico. FacexWorm goes cryptomining. SamSam's volume discount. Influence ops. Researchers confirm that teams use teamwork.

19:53 | Apr 30th, 2018

In today's podcast, we hear about an attempted banking hack in Mexcio. Hidden Cobra gets busy around diplomacy. The FacexWorm adds cryptomining functionality. SamSam ransomware looks to catpure entire enterprises. A Sunday Times investigation finds t...Show More

New MacOS backdoor linked to OceanLotus — Research Saturday

19:59 | Apr 28th, 2018

Researchers at Trend Micro recently discovered a backdoor targeting MacOS users that they believe is the work of the OceanLotus threat group, an organization previously thought to have launched targeted attacks against human rights organizations, med...Show More

Crimeware kits, ransomware, and source code breaches. The Internet conduces to organic radicalization. Russia in Finland. Snooper's Charter notes. Crypt armistice or just key escrow?

20:58 | Apr 27th, 2018

In today's podcast we hear that Rubella hits the shelves of the criminal black market—it's the crimeware kit, not the German measles. Necurs gets shifty by going retro. iPhone unlocking specialists endure an apparently minor breach. The sad story of ...Show More

Some fix fast, others not at all. Ransomware campaign's demands are non-negotiable (for most victims—Russians get a hometown discount). Content filtering. Jamming in Syria.

19:49 | Apr 26th, 2018

In today's podcast we hear about another exposed data base, trouble with routers, issues with storage cameras, and problems with storage devices. Some have been promptly fixed, but others are offering users Hobson's choice: take it or leave it. An ap...Show More

DPRK plays offense and defense. PyRoMine and EternalRomance. Russian disinformation on Syrian massacre. Alt-coin heist may be misdirection. Nakasone confirmed at NSA. Webstresser takedown.

19:55 | Apr 25th, 2018

In today's podcast, we hear that North Korea has gone big with GhostSecret. Meanwhile, Pyongyang's elite tries to cover its online tracks. PyRoMine uses EternalRomance to disable security systems enroute to cryptomining. Russia enagages in video disi...Show More

Ransomware in Ukraine's Energy Ministry. Energetic Bear infrastructure. Anonymous Twitter accounts equal bots? Orangeworm in x-ray, MRI machines. Sanction notes. Election security.

18:40 | Apr 24th, 2018

In today's podcast, we hear that Ukraine's Energy Ministry is under ransomware attack. Kaspersky finds infrastructure belonging to Energetic Bear. Lots of anonymous Twitter accounts pop up in East Asia. Orangeworm is after something in healthcare net...Show More

ISIS coordinates online inspiration campaign with terror attacks. APT10 spearphishing. IE zero day. Twitter won't sell Kaspersky ads. UK sentence in Crackas with Attitude case.

15:18 | Apr 23rd, 2018

ISIS returns to its grim inspiration. China's APT10 collects against Japan. An Internet Explorer zero-day is reported undergoing exploitation in the wild. Twitter won't sell Kaspersky any more ads, but doesn't have any specific explanation for why no...Show More

InnaputRAT exfiltrates victim data — Research Saturday

20:18 | Apr 21st, 2018

Researchers with Arbor Networks ASERT team have been tracking a malware campaign targeting commercial manufacturing, and have uncovered various samples dating back to at least 2016. Richard Hummel is Threat Intelligence Manager for Arbor Networks' A...Show More

RSA wraps up. Staging offensive cyber operations. (Information ops, too.) Business email compromise affects maritime shipping sectors. Sanctions bit Chinese device giants.

18:51 | Apr 20th, 2018

In today's podcast, we take look back at RSA as the big security conference wraps up. Tension between Russia and the West continues to manifest itself in apparent staging attacks and information operations. ISIS in its diaspora returns to recruiting ...Show More

Dispatches from RSA 2018. Russia continues to test the Five Eyes' patience and resolve. Trustjacking, Stresspaint, and an exposed AWS bucket.

19:04 | Apr 19th, 2018

In today's podcast we have some RSA notes: an industry-led cyber Geneva Convention, threats and deterrence, and addressing a labor shortage. New Zealand joins Australia, the UK, and the US in warning that someone's exploiting vulnerable routers. Mosc...Show More

More cyber battlespace preparation. Hacking as the continuation of war by other means. Ongoing social media privacy concerns. Tech glitch extends tax deadline. Notes from RSA.

16:29 | Apr 18th, 2018

Reconnaissance and staging in cyberspace, with Five Eye warnings to Russia. Privacy class action suit complains of Facebook facial recognition. Australia joins the ranks of ZTE sceptics. Cyberwarfare discussed at RSA: retaliation, deterrence, renunci...Show More

Russia versus routers. Desert Scorpion swept out of Google Play. ZTE faces sanctions. RSA notes, and a Sandbox winner.

20:59 | Apr 17th, 2018

In today's podcast we hear that Western governments attribute a large-scale campaign against poorly secured connected devices to Russia. Battlespace preparation is suspected. No new US sanctions against Russia, yet, but the matter remains under consi...Show More

Info ops follow airstrikes, to be followed by sanctions. Expect cyberattacks and reprisals, with a chance of kompromat.

14:07 | Apr 16th, 2018

In today's podcast, we note that RSA has opened with ten rising stars in its annual Innovation Sandbox. US, British, and French coordinated strikes against Syrian chemical warfare targets prompt Russian information ops and warnings from Britain that ...Show More

Energetic Dragonfly and DYMALLOY Bear 2.0 — Research Saturday

18:53 | Apr 14th, 2018

Researchers at Cylance recently uncovered the malicious use of a core router in a campaign aimed at critical infrastructure around the world.  Kevin Levelli is Director of Threat Intelligence at Cylance, and he takes us through what they've discover...Show More

Operation Parliament seems to have got what it came for. EITest finally sinkholed. Facebook testimony on Capitol Hill. Estonia reports. Swatting case teaches nothing?

24:47 | Apr 13th, 2018

In today's podcast, we hear that, while the operators behind Operation Parliament pretend to be nothing but a bunch of skids, they're anything but. EITest gets taken down. Facebook this week faced questions about privacy and ideological bias. Most ob...Show More

Zuckerberg testimony. Supply chain cyber threat to satellites. DPRK destructive malware. "Early bird" code injection. GCHQ vs. ISIS. Germany blames compromise on Russia. Salisbury attack update.

19:21 | Apr 12th, 2018

In today's podcast we hear that Facebook's CEO Mark Zuckerberg has finished testifying on Capitol Hill, denying that Facebook sells data or that it knew what those people at Cambridge were up to with the data they obtained. Supply chain cyber threats...Show More

Mark Zuckerberg testifies about Facebook, big data, and influence. Patch Tuesday notes. Deterrence or open conflict in cyberspace?

15:45 | Apr 11th, 2018

Today we're following all things Facebook—it's four o'clock: do you know where your data are? We're betting no. Neither side of the aisle seems content with the answers Mr. Zuckerberg gave to the Senate panel. He's speaking before a House panel today...Show More

Facebook comes to Washington. Research ethics? IoT threats. Switch bug exploited in the wild. Criminal misdirection. Russia and the West, again. And what do cybercriminals earn?

18:54 | Apr 10th, 2018

In today's podcast, we hear that Facebook begins facing the Congressional music today.  What are the rules for online research, professors? Experts say they're worried about weaponized IoT hacks. Hoods exploiting Cisco switch vulnerability in unpatch...Show More

Hacktivists may be warning Russia and Iran against interfering in US elections. Britain on alert for Russian moves against infrastructure. Facebook preps for Congress. Ransomware updates.

14:33 | Apr 9th, 2018

In today's podcast we hear about the curious case of hacktivists who may be slugging for Uncle Sam. Maybe. Britain's NCSC warns of battlespace preparation for a campaign against critical infrastructure. Facebook prepares for its appearance on Capitol...Show More

Crypto crumple zones — Research Saturday

35:43 | Apr 7th, 2018

In their recently published paper, "Crypto Crumple Zones: Enabling Limited Access Without Mass Surveillance," coauthors Charles Wright and Mayank Varia make their case for an alternative approach to the encryption debate, one based on economics as a ...Show More

Multibreach via chat app. OceanLotus notes. Mirai vs. Banks. Energetic Bear vs. Switches. Russia warns Britain against provocation. DataTribe finalists.

21:44 | Apr 6th, 2018

In today's podcast we hear that a breach in several companies' consumer-facing systems is attributed to a third-party chat vendor. Crooks are tampering with chipped debit cards. Ocean Lotus is back, with a MacOS backdoor. A Mirai variant was used aga...Show More

Facebook agonistes. Really agonizing. Ad-supported apps like them some data. Sino-US trade tensions and Chinese cyber espionage. Russian wet work and disinformation. Western reprisals.

19:38 | Apr 5th, 2018

In today's podcast we hear that Facebook's troubles are getting worse: more people's data were scraped, deleted videos were archived by Facebook, and so on. Appthority finds a more general problem with ad-supported apps: they're all hungry for data. ...Show More

Facebook boots Russian trolls for being trolls. Zuckerberg will testify before Congress. Different continents, different privacy protections. YouTube shootings. Pipeline hacks. Panera Bread's incident response.

19:50 | Apr 4th, 2018

In today's podcast, we hear that Facebook has kicked some Russian trolls out from under its bridge. Why? Because they're Russian trolls, that's why. Facebook CEO Zuckerberg will testify about data security before a House panel next Wednesday. Privacy...Show More

Magento brute-forcing. Android IM spyware. njRAT updated. Panera breach. Pipeline operator hacked. Cyber tensions. Cambridge Analytica named in class action suit.

19:45 | Apr 3rd, 2018

In today's podcast, we hear that the Magento e-commerce platform has brute forced. A new Android Trojan steals messaging info. njRAT gets an update, and some new and trendy criminal functionality. Notes on the Panera Bread data breach. A major US nat...Show More

Department stores suffer a paycard breach. Atlanta still working on SamSam recovery. Ransomware in India. SWIFT fraud attempt. Facebook's troubles. Kremlin doxed. Reality Winner case update.

16:12 | Apr 2nd, 2018

In today's podcast we hear about Saks and hacks, Lord and Taylor and JokerStash: a department store data breach. Atlanta still can't get fully back on its feet after SamSam. An Indian power utility's billing data are held for ransom. More SWIFT fraud...Show More

Chasing FlawedAMMYY — Research Saturday

19:48 | Mar 31st, 2018

FlawedAMMYY is a newly discovered remote access trojan (RAT) that’s been used in malicious email campaigns, as far back as 2016. Ryan Kalember is Senior Vice President of Cyber Security Strategy at Proofpoint, and he takes us through their research....Show More

Under Armour fitness app breached. Warning shot from WannaCry. Lazarus Group update. Aadhaar security questions. Ransomware and city governments. FBI agent charged in leak case.

20:36 | Mar 30th, 2018

In today's podcast, we hear that Under Armour's MyFItnessPal app has sustained a data breach. Boeing's WannaCry incident is minor, but a timely warning that this particular threat hasn't vanished. The Lazarus Group is showing fresh signs of activity ...Show More

Russia retaliates against the US with tit-for-tat PNGs, consular closure. Assange has no more Internet (until he behaves). Fauxpersky and WannaCry seen in the wild. Facebook works on privacy.

19:27 | Mar 29th, 2018

In today's podcast, we hear that Russia has retaliated against the US with diplomatic expulsions and at least one consulate closure. Potential cyber operations remain a matter of concern. Julian Assange no longer has Internet access in his room at Ec...Show More

Tensions over Salisbury nerve agent attack remain high. BranchScope raises concerns about side-channel attacks. Facebook data scandal updates. Atlanta and Baltimore recover from hacks.

19:51 | Mar 28th, 2018

In today's podcast, we hear that tensions continue to rise between Russia and other, mostly Western, countries as the number of nations taking diplomatic measures to protest the Salisbury attack exceeds twenty-five. Western governments are on alert f...Show More

Blockchains that bind us — Special Edition

33:44 | Mar 28th, 2018

The past few month have been all abuzz with excitement about cryptocurrencies and the blockchain. The price of Bitcoin took a rocket ride toward the stars, and stories were coming fast and furious about how the blockchain was going to tranform and re...Show More

Phishing from the library. Facebook and Cambridge Analytica updates. Bots as propaganda readers. SamSam still plagues Atlanta. Aadhaar leaky? Many nations expel Russian diplomats.

18:33 | Mar 27th, 2018

In today's podcast, we hear that the Mabna Institute was pretty good at phishing. Facebook's Mark Zuckerberg sends regrets to Westminster. Facebook is under FTC investigation. Cambridge Analytica is in hot water with the FEC. Kaspersky says outing Sl...Show More

Persona non grata, Ivan Ivanovich. Grid threat worries. Data scandal updates. Malware notes. Reaction to Iranian indictments. Alleged Carbanak kingpin collared.

17:42 | Mar 26th, 2018

In today's podcast we hear that Sixty Russian diplomats are now persona non grata in the US. It's the largest such retaliation so far for the Russian nerve agent attack in Salisbury, England. Fear of a Russian riposte against Western power grids rema...Show More

Code comments cause SAML conundrum — Research Saturday

15:41 | Mar 24th, 2018

Researchers at Duo Security recently unearthed a new vulnerability class that affects SAML-based single sign-on (SSO) systems. This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different...Show More

US indicts Iranian hackers. Guccifer 2.0 is a GRU Bear. Atlanta hit with ransomware. Equifax breach cost consumers plenty. Facebook's troubles persist, as do Cambridge Analytica's.

26:22 | Mar 23rd, 2018

In today's podcast, we hear that the US has indicted Iranian hackers. Guccifer 2.0 has been fingered as a GRU team. Inquiries into their activities are folded into Special Counsel Mueller's investigation. Atlanta, Georgia, hit with ransomware. A stud...Show More

Kaspersky burned a JSOC op? Facebook affair: apps, legal fallout, regulatory inspiration, apologies and resolution to sin no more. Tariffs against IP theft. Best Buy shows Huawei the highway.

19:14 | Mar 22nd, 2018

In today's podcast, we learn that Kaspersky Lab appears to have burned a US operation. Facebook has some other governments to answer to, now. Facebook CEO Zuckerberg finally discusses the Cambridge Analytics affair in public. Lawsuits and calls for r...Show More