Software Engineering

The CyberWire - Your cyber security news connection.

thecyberwire.com

+6 FANS

More signal, less noise—we distill the day’s critical cyber security news into a concise daily briefing.

Best
Newest
Looking for recently uploaded episodes
Ryuk ransomware relationship revelations — Research Saturday

21:39 | Mar 23rd

Investigators from McAfee's advanced threat research unit, working with partners at Coveware, have reevaluated hasty attributions of Ryuk ransomware to North Korea and have explored the inner workings of the threat. John Fokker is head of cyber inves...Show More

Finland’s data protection authority investigates suspicious smartphone activity. GitHub repos are leaking keys. Cardiac devices can be hacked.

23:28 | Mar 22nd

In today’s podcast, we hear that Finland’s data protection authority is investigating reports that Nokia 7 Plus smartphones are sending data to a Chinese telecom server. Thousands of API tokens and cryptographic keys are exposed in public GitHub repo...Show More

Russian APTs target EU governments. FIN7 is back. Google and Facebook scammed.

19:36 | Mar 21st

Fancy Bear and Sandworm are launching cyberespionage campaigns against European governments before the EU parliamentary elections. The FIN7 cybercrime group is still active, and it’s using new malware. A scammer stole more than $100 million from Goog...Show More

Norsk Hydro recovers from LockerGoga infection. Cyber conflict, cyber deterrence, and an economic case for security. EU out of compliance with GDPR? Big Tech in court. Thoughts on courtship.

19:55 | Mar 20th

In today’s podcast, we hear that Norsk Hydro’s recovery continues, with high marks for transparency. Some notes on the challenges of deterrence in cyberspace from yesterday’s CYBERSEC DC conference, along with context for US skepticism about Huawei h...Show More

LockerGoga hits Norse Hydro. Mirai botnet malware gets an update. The DHS is concerned about cybersecurity.

18:57 | Mar 19th

In today’s podcast, we hear that an aluminum manufacturing giant in Norway has suffered a major ransomware attack. A new version of the Mirai botnet malware is targeting enterprise systems. The US Homeland Security Secretary says the private sector a...Show More

Online content and terrorism. Huawei’s shifting strategy. Venezuela’s grid failure is explicable by corruption and incompetence--no hacking or sabotage required. Gnostiplayers are back. AI and evil.

16:24 | Mar 18th

In today’s podcast we hear about content moderation in the aftermath of the New Zealand mosque shootings. A shift in Huawei’s strategy in the face of Five Eye--and especially US--sanctions: the US doesn’t like us because we’re a threat to their abili...Show More

ThinkPHP exploit from Asia-Pacific region goes global — Research Saturday

11:43 | Mar 16th

Akamai's Larry Cashdollar joins us to describe an exploit he recently came across while researching MageCart incidents. It's a remote command execution vulnerability affecting ThinkPHP, a popular web framework. The original research can be found here...Show More

Terror, announced and celebrated online. JavaScript sniffer afflicts e-commerce sites. Cryptojacking in the cloud. Perspectives on regulation, thoughts on a pervasive IoT. China’s IP protection law.

21:55 | Mar 15th

In today’s podcast, we hear that a terror attack against two New Zealand mosques is announced on Twitter and live-streamed on Facebook. A new, unobtrusive JavaScript sniffer infests some e-commerce sites in the UK and the US. Cryptojacking finds its ...Show More

Indonesian election security. Watering hole in Pakistani passport site. RAT hunting. “Intelligence brute-forcing.” Just-patched zero-day exploited. PoS DGA attack. Operation Sheep. BND advises “nein” to Huawei.

20:12 | Mar 14th

In today’s podcast, we hear that Indonesia says it’s got its voting security under control, and a lot of the problems sound like good old familiar fraud and dirty campaigning. Trustwave warns of a watering hole on a Pakistani government site. Recorde...Show More

Election security and influence operations. Hacking the Fleet. Undersea cable competition. 5G worries. Calls to rein in Big Tech. UN report outlines North Korean cyber crime (there’s a lot of it).

20:23 | Mar 13th

In  today’s podcast, we hear that election interference concerns persist around the world. Governments seek to address them with a mix of threat intelligence and attention to security basics. A US Navy report says the Fleet’s supply chain is well on ...Show More

Venezuela power blackout updates. Social media and social control. Trojanized games. Free decryptor out for ransomware strain. Ads on Facebook. A look at 30 years of the web.

20:11 | Mar 12th

In today’s podcast, we hear an update on Venezuela and its power outages. Amplification of social media posts as a form of mass persuasion. A look at how control of the Internet has replaced control of the radio station as a move in civil war and cou...Show More

Allegations and information operations. Iridium group may have compromised Citrix. Sino-American trade and security conflicts continue. Fashions in trolling.

16:54 | Mar 11th

Venezuela sustains power outages, and the regime blames hackers and wreckers. The opposition says it’s all due to the regime’s corruption, incompetence, and neglect. Citrix loses business documents in what might have been an Iranian espionage operati...Show More

Job-seeker exposes banking network to Lazurus Group — Research Saturday

22:11 | Mar 9th

Vitali Kremez is a Director of Research at Flashpoint. His team discovered that the recently disclosed intrusion suffered in December 2018 by Chilean interbank network Redbanc involved PowerRatankba, a malware toolkit with ties to North Korea-linked ...Show More

Chinese influence campaigns. Egyptian spear phishing. Hundreds of million email records exposed.

22:58 | Mar 8th

In today’s podcast, we hear that Chinese information operations on US social media are widespread. The Egyptian government launches spear phishing attacks against activists. Hundreds of millions of email records were found online. Chelsea Manning is ...Show More

Scope of APT33 attacks revealed. GandCrab criminals shift tactics. Slub malware uses Slack.

20:55 | Mar 7th

The scope of Iran-linked APT33 cyberattacks has been revealed. GandCrab criminals are using more sophisticated tactics. A new type of malware was using Slack to communicate. Chrome gets an important update. Huawei sues the US, and Germany sets toughe...Show More

5G worries. Whitefly vs. SingHealth. Speculative execution bug.

20:11 | Mar 6th

In today’s podcast, we hear that Australia's former prime minister warns Britain about Chinese tech companies. Symantec says Whitefly was behind SingHealth's massive data breach. Iranian hackers show code overlap. Intel CPUs are vulnerable to another...Show More

India hacks back. Rob Joyce discusses cyber conflict. Chinese hackers look for maritime technologies. Google reveals a macOS vulnerability.

19:48 | Mar 5th

In today’s podcast, we hear that India went on the offensive when its government websites were attacked by hackers from Pakistan. Rob Joyce, Senior Advisor for Cybersecurity Strategy to the Director of the US National Security Agency, discusses trend...Show More

Operation Sharpshooter. Canada begins extradition process. Huawei will sue the US. Facebook’s global lobbying practices revealed. Visitor management systems are vulnerable.

15:22 | Mar 4th

In today’s podcast, we hear that Operation Sharpshooter is linked to North Korea. Canada begins the extradition process for Meng Wanzhou. Huawei is planning to sue the US for banning its equipment from government use.  Facebook may have used question...Show More

Fake Fortnite app scams infect gamers — Research Saturday

15:17 | Mar 2nd

Researchers at Zscaler have been tracking a variety fake versions of the popular Fortnite game on the Google Play store, along with associated scams. Deepen Desai is head of security research at Zscaler, and he joins us to share their findings. The ...Show More

Qbot spreads. Bug hunting makes a millionaire. US Cyber Command shows what “persistent engagement” looks like. Huawei agonistes. There’s no Momo, really.

23:07 | Mar 1st

Qbot infections are spreading. The bounty-hunting gig economy apparently has its first millionaire. Observers are liking what they see in US Cyber Command’s “persistent engagement.” Canada mulls the extradition of Huawei’s CFO to the US. The US conti...Show More

Third-parties can misconfigure, too. Coinhive goes out of business. Intel decides 5G project with Chinese partner is too hard. Bronze Union. Clearing Facebook data. Proper disposal of lawful intercept tools.

20:50 | Feb 28th

In today’s podcast we hear that a misconfigured Amazon Web Services database has exposed a risk screening database--and it seems the exposure itself was an instance of third-party risk. Farewell to Coinhive, long a favorite of cryptominers everywhere...Show More

Router vulnerabilities. Hacking around the Hanoi summit. DDoSing an election. Brushing back a troll farm. Crytpojacking an embassy.

20:34 | Feb 27th

In today’s podcast, we hear that Nokia routers have been found vulnerable to man-in-the-middle and denial-of-service attacks. As one would expect, the  US and North Korean summit in Hanoi this week summons up some hacking. Ukraine accuses Russia of D...Show More

Sino-Australian, Sino-American cyber tensions. Threat trends. Bare-metal cloud issues addressed. USB-C and memory attacks, Credential stuffing in tax season. Twitter hijacking.

20:35 | Feb 26th

In today’s podcast, we hear updates on suspicions of Chinese operators. Some trend reports from IBM and NETSCOUT. Bare-metal cloud services get reflashed. USB-C ports may be more vulnerable than thought to direct memory access attacks. Credential-stu...Show More

Another warning of DNS hijacking. B0r0nt0k ransomware is out and about, and in too many servers. Whitelisting a controversial CA. Blockchain security. Bots get on the consular calendar.

16:21 | Feb 25th

In today’s podcast, we hear that ICANN has warned of a DNS hijacking wave, and is urging widespread DNSSEC adoption. Security firms see Iran as a particularly active DNS hijacker. A B0r0nt0k ransomware outbreak infests Linux servers, but Windows user...Show More

Rosneft suspicions shift from espionage to business email compromise — Research Saturday

27:06 | Feb 23rd

Researchers at security firm Cylance have been tracking a threat group targeting the Rosneft Russian oil company. As Cylance uncovered details, suspicions shifted from state-sponsored espionage to business email compromise.  Kevin Livelli is directo...Show More

Influence operations in Ukraine’s elections. Australian hacks look more like China’s work. Huawei and the 5G future. Objectionable content in comments. DrainerNot. No more soldier-selfies in Russia.

25:20 | Feb 22nd

In today’s podcast, we hear that Kiev says it’s found complex, large-scale Russian influence operations in Ukraine’s presidential election. Australian investigators are said to be closer to concluding that recent hacking attempts were the work of Chi...Show More

Hybrid war and tactical influence operations. Separ lives off the land. NoRelationship attacks get past email filters. Responsible disclosure. Man-in-the-room bug. Ship hacking. Password managers.

20:24 | Feb 21st

In today’s podcast we hear about a test of influencing soldiers through their social media: Instagram works best, Twitter not so much. Separ credential-stealing malware successfully lives off the land. NoRelationship attacks get past some email filte...Show More

Fancy Bear phishes in think tanks. Lazarus Group takes a swipe at Russian organizations. New decryptor for GandCrab. Citizen Lab and Novalpina discuss NSO Group. Ryuk’s lousy help desk.

20:37 | Feb 20th

In today’s podcast, we hear that Microsoft has disclosed a Fancy Bear sighting, snuffling around Atlanticist think tanks in Europe. Ukraine says, in effect, see, we told you so. Speaking of bears, it seems that North Korea’s Hidden Cobra may be strik...Show More

International cyber conflict: India and Pakistan; Australia and China. Rietspoof malware. Microsoft ejects cyptojackers from its store. NCSC may go easy on Huawei. Parliament criticizes Facebook.

20:24 | Feb 19th

In today’s podcast, we hear of a small flare in cyber conflict between India and Pakistan. Australian political parties as well as Parliament subjected to attempted cyberattacks. A new strain of malware is being distributed through messaging apps. Mi...Show More

Seedworm digs Middle East intelligence — Research Saturday

16:19 | Feb 16th

Researchers at Symantec have been tracking Seedworm, a cyber espionage group targeting the Middle East as well as Europe and North America. The threat group targets government agencies, oil & gas facilities, NGOs, telecoms and IT firms. Al Cooley is ...Show More

GandCrab notes. Make tests, not bans, says GSMA. Content moderation. Takedown of inauthentic accounts. Influence operations. Happy birthday, GCHQ.

26:04 | Feb 15th

In today’s podcast, we hear that GandCrab has been scuttling through unpatched holes. Independent testing as an alternative to banning specific vendors as security risks. Big Tech gets some Congressional scrutiny over content moderation. Facebook tak...Show More

Former Air Force counterintelligence specialist indicted on charges of spying for Iran. Where’s the stolen Equifax data? Two alleged Apophis Squad clowns indicted.

20:32 | Feb 14th

In today’s podcast we hear that US prosecutors have unsealed the indictment of a former US Air Force counterintelligence specialist on charges she conspired to commit espionage on behalf of Iran. The US Treasury Department announces further sanctions...Show More

China says it had nothing to do with the Parliament hack in Australia. Notes on Patch Tuesday. Shlayer and GreyEnergy malware analyzed. Tomorrow is Valentine’s Day—act accordingly.

19:59 | Feb 13th

In today’s podcast, we hear that China has denied involvement in the Australian Parliament hack. Patch Tuesday notes. A new strain of Shlayer malware is out. A look at GreyEnergy. Reactions to the destructive VFEmail attack. And thoughts on St. Valen...Show More

VFEmail attacked, infrastructure wiped. EU considers a response to APT10. US Executive Order on AI is out. GPS jamming threat. Stryker hack. Shadow IT in the Corps.

19:35 | Feb 12th

In today’s podcast, we hear that VFEmail has sustained a devastating, data-destroying attack. The EU considers whether it should, can, or will make a coordinated response to China’s APT10. A US Executive Order outlines a strategy to maintain superior...Show More

Cryptojackers gone wild. Attempted hack of Australia’s Parliament investigated. Huawei security concerns continue. Russia tests Internet autarky. Prosecutors investigate alleged blackmail.

19:02 | Feb 11th

In today’s podcast, we hear that clipper malware has been ejected from Google Play. A different cryptojacker is kicking its competitors out of infected machines. Australian authorities continue to investigate the attempted hack of Parliament, with Ch...Show More

Trends and tips for cloud security — Research Saturday

19:50 | Feb 9th

The team at Palo Alto Networks' Unit 42 recently published research tracking trends in how organizations are addressing cloud security, along with tips for improvement.  Ryan Olson is VP of threat intelligence at Palo Alto Networks, and he joins us t...Show More

Australia’s Federal Parliament has a cyber incident. DHS warns of third-party spying. Legit privacy app tampered with. Credit Union phishing. Bezos vs. Pecker. FaceTime bounty. Seal scat.

25:11 | Feb 8th

In today’s podcast, we hear that Australia is investigating an attempted hack of its Federal Parliament. The US Department of Homeland Security warns that spies are working through third parties to get to their targets. Spyware is bundled in a legiti...Show More

Social engineering and the power of brands. Insecure check-ins? APT10 is quiet but not gone. MacOS Keychain bug. Assessment of Chinese device manufacturers continues.

20:01 | Feb 7th

In today’s podcast, we hear about social engineering, with a few new twists. Some airlines may be exposing passenger data with insecure check-in links. APT10 may be lying low, for now, but the US Department of Homeland Security expects the cyber spie...Show More

APT10 stays busy. More skepticism about Huawei (and ZTE, for that matter). No foreign “material effect” on US midterms. Reverse RDP risk. IIoT bug found. RSA Innovation Sandbox finalists.

20:43 | Feb 6th

In today’s podcast, we hear that Chinese threat group APT10 seems to have been busy lately, and up to its familiar industrial espionage. More governments express skepticism about Chinese manufacturers. The US report on election security is out: influ...Show More

ExileRAT versus Tibet. SpeakUp backdoors Linux. Facebook bans Myanmar militias. Norway sees a threat in Huawei. Westminster gets hacked? Bangladesh Bank sues over SWIFT caper.

20:10 | Feb 5th

In today’s podcast, we hear that ExileRAT is targeting Tibet’s government-in-exile. The SpeakUp backdoor afflicts many varieties of Linux systems. Facebook bans ethnic militias in Myanmar from its platform. Norway’s PST intelligence service says that...Show More

Tracking the impresario behind Collection#1. OceanLotus and a new downloader. CookieMiner malware afflicts Macs. Huawei’ prospects. Influence ops. Extortion by bluff.

17:46 | Feb 4th

In today’s podcast, we hear that Collection#1 looks like the work of an aggregator who goes by the name of “C0rpz.” OceanLotus is working with a new downloader. CookieMiner malware is poking around in Macs. Huawei continues to receive harsh security ...Show More

Online underground markets in the Middle East — Research Saturday

17:59 | Feb 2nd

Researchers at Trend Micro recently published their look inside online underground marketplaces in the Middle East and North Africa, where criminals are buying and selling malware, laundering money and event booking their next discount vacation. Jon ...Show More

No more Apple time-out for Facebook and Google. Inauthentic sites taken down. Fancy Bear paws at Washington, again. Malware-serving ads. Amplification DDoS. Data exposures in India.

24:39 | Feb 1st

In today’s podcast, we hear that Apple has let Facebook and Google out of time-out. Russia decides it would like access to Apple data because, you know, its Russian law. Social networks take down large numbers of inauthentic accounts. Fancy Bear is s...Show More

Commodity credential stuffing gets four new collections. Google was also doing a pay-to-pwn, like Facebook. Russian trolling. FaceTime bug investigation. Joanap botnet. Other online scams.

20:05 | Jan 31st

In today’s podcast, we hear that Collections #2 through #5 have joined Collection #1 in hacker fora. Google is found to be collecting data from devices in much the same way its advertising peer Facebook was. Russian trolls seek to discredit the Speci...Show More

US IC on cyber threats. Iran goes after PII. UAE surveillance described. Scanning for unpatched routers. Huawei’s possible fates. Scam exploits child. FaceTime disclosure. Facebook Research.

19:49 | Jan 30th

In today’s CyberWire, we hear that US Intelligence Community leaders testify that the major cyber threat comes from Russia, China, North Korea, and Iran. Iran’s APT39 takes an interest in PII. A UAE surveillance program is revealed. Hackers scanning ...Show More

004 Case studies in risk and regulation — CyberWire-X

32:13 | Jan 30th

In the final episode of our four-part series, called “Ground Truth or Consequences: the challenges and opportunities of regulation in cyberspace,” we examine some of the game changing high profile breaches like Yahoo, Equifax and OPM, along with thei...Show More

FaceTime’s odd bug, and how to squash it. FormBook malware surges through a new hosting service. Some international law enforcement wins. International conflict in cyberspace.

20:04 | Jan 29th

In today’s podcast, we hear that a FaceTime bug lets you listen to someone’s phone before they’ve even picked up. FormBook malware’s surge is abetted by a new hosting service. Compromised server market xDedic has been taken down. Europol is looking f...Show More

Someone takes an unhealthy interest in Citizen Lab. Ukraines accuses Russia of election phishing. Russian bigshots doxed. Tension over Venezuela. Swatting indictments. National Privacy Day.

19:10 | Jan 28th

In today’s podcast, we hear about some Spy vs. Spy at Citizen Lab, but who the spies were working for isn’t clear. Ukraine’s cyber police accuse Russia of phishing for election influence. As Fortuna’s wheel turns, Russian bigwigs get doxed by transpa...Show More

Amplification bots and how to detect them. — Research Saturday

18:34 | Jan 26th

Researchers from Duo Security have been analyzing the behavior of Twitter bots in a series of posts on their web site. Their most recent dive into the subject explores amplification bots, which boost the impact of tweets through likes and retweets. ...Show More

Glitches, not attacks or takedowns. Tracing Gray Energy and Zebrocy back to their servers. US Army tactical cyber operations. Venezuela crisis. Bellingcat and OSINT. Roger Stone arrested.

25:03 | Jan 25th

In today’s podcast, we hear that two potential cyberattacks now look like glitches. Gray Energy and Zebrocy look as if they’re close enough to be, if not the same threat actor, at least first cousins. The US Army pushes significant cyber capability t...Show More

The US House of Representatives wants to know more about DNS-hijacking. Huawei skepticism. Anonymous dunnit, say the Russians. Financial data exposed. Family spooked by hackers.

20:00 | Jan 24th

In today’s podcast, we hear that the US House would like some more information from DHS about what prompted its emergency directive about DNS hijacking. More skepticism about Huawei from various governments. A British think tank has been hacked—obser...Show More

Emergency Directive 19-01 versus DNS hijacking. 2019 US National Intelligence Strategy on cyber. France says cyber war is upon us. Courts in UK have email trouble. Hacks and lulz.

19:43 | Jan 23rd

In today’s podcast, we hear that Emergency Directive 19-01 has told US Federal civilian agencies to take steps to stop an ongoing DNS-hijacking campaign. The US National Intelligence Strategy is out, and it prominently features cyber as a “topical mi...Show More

Ex-employee backdoor. Stealthy DDoS. Anubis dropper looks for motion. Influence operations. Privacy actions. The curious case of the espionage arrest in Russia.

20:44 | Jan 22nd

In today’s podcast, we hear that the WordPress Multilingual Plugin was compromised by a disgruntled ex-employee. Stealthy DDoS might escape notice. Anubis droppers wait for the phone to move before executing. EU works against influence in its May ele...Show More

Luring IoT botnets to the honeypot — Research Saturday

18:54 | Jan 19th

Researchers from Netscout's ASERT team have been making use of honeypots to gather information on rapidly evolving IoT botnets that take advantage of default usernames and passwords to gain access and take control of unprotected devices. Matt Bing is...Show More

Collection #1 and the threat of credential stuffing. Cryptojacker disables some cloud security tools. Don’t chat with strange bots. Facbebook shutters more Russian coordinated inauthenticity.

25:48 | Jan 18th

In today’s podcast we hear that Collection #1 is big but not the end-of-the-world. Still, be on the lookout for credential stuffing attacks. Rocke cryptojacker can disable some cloud security services. Beware of Telegram bots. Facebook shuts down a f...Show More

Cyber espionage vs. the RoK MoD. Fancy Bear’s old Lojax tricks. US rumored to be prepping another case against Huawei. Database exposure in Oklahoma. Yes Men prank Post.

19:53 | Jan 17th

In today’s podcast, we hear that South Korea’s Defense Ministry has disclosed a cyber espionage incident. Fancy Bear sticks to its old tricks with Lojax. The US Justice Department is rumored not to be done with Huawei—this time an IP theft beef is be...Show More

SEC, DoJ, issue civil and criminal complaints against EDGAR hackers. Lazarus Group in Chile? Iran’s Ashiyane Forum. Cryptomix ransomware. Money laundering through Fortnite. Fake WaPo edition.

20:29 | Jan 16th

In today’s podcast, we hear that the SEC and the Department of Justice are going after EDGAR hackers for securities fraud. Flashpoint sees the Lazarus Group in an attack on Chile’s Redbanc. Recorded Future shares notes on Iran’s Ashiyane Forum. Crytp...Show More

Web hosts fix account takeover issues. Passenger Name Record exposure proof-of-concept. Swatting isn’t funny. Chinese manufacturers and suspicions of espinonage.

19:43 | Jan 15th

In today’s podcast, we hear that a bug hunter has found and responsibly disclosed issues in web hosts. Compromising Passenger Name Records in airline reservations. Business email compromise seems on the rise, and it’s also growing a bit more interact...Show More

Polish espionage case. Ryuk tactics, and some thoughts on its attribution. Access-control system zero-days. Lawsuit may bring clarity to cyber insurance war exclusion clauses.

18:58 | Jan 14th

In today’s podcast, we hear that Huawei has fired the sales manager arrested for espionage in Poland, and says that if he was spying, he was freelancing. Ryuk ransomware now looks more like a criminal than a state-sponsored operation. And its “big-ga...Show More

Magecart payment card theft analysis — Research Saturday

29:01 | Jan 12th

Researchers at RiskIQ have been tracking a series of web-based credit card skimmers known as Magecart. We take a closer look at attacks on Ticketmaster, British Airways, NewEgg and Shopper Approved payment card pages.  Yonathan Klijnsma is lead of th...Show More

Iran linked to DNS hijacking campaign. Smart doorbells not smart enough about security. Fuze cards are convenient for crooks, too. Huawei espionage arrest in Poland. Russian sympathy for NSA.

22:05 | Jan 11th

In today’s podcast, we hear that FireEye has called out Iran “with moderate confidence” for a long-running DNS-hijacking campaign. Smart doorbells may not be smart enough for their users’ comfort, if reports of video sharing are to be credited. Crook...Show More

TA505’s new tools. ISIS turns to emerging chat apps. Reddit asks for password resets. The EU’s right to be forgotten gets some court-imposed limits. The tweets Kaspersky flagged to NSA.

19:28 | Jan 10th

In today’s podcast, we hear that Proofpoint researchers are tracking the latest developments from the unusually diligent cyber criminals fo TA505. ISIS turns to newer, less closely monitored and moderated apps as it’s pushed out of larger social netw...Show More

ICEPick-3PC in the wild. Influence ops warning in Israel. Hackerangriff and a lone hacktivist. OXO and Magecart. The Dark Overlord wants you. Oversharing. Internet autarky. Kaspersky helped NSA?

19:26 | Jan 9th

In today’s podcast, we hear that ICEPick-3PC is out in the wild and scooping up Android IP addresses. Shin Bet warns of influence operations threatening Israel’s April election—much predictable yelling and finger-pointing ensues. German authorities a...Show More

German police have a suspect in #hackerangriff. Cyber espionage awareness campaign. Cyber cold war in the offing? US political operators learn from Russian trolls. WikiLeaks on the record.

19:50 | Jan 8th

In today’s podcast, an arrest has been made in #hackerangriff: a student in the German state of Hessen. The US begins a campaign to heighten businesses’ awareness of cyber espionage. Observers see a coming “cyber cold war,” with China on one side and...Show More

German doxing incident remains under investigation. Marriott breach update. Dark Overlord watch. Can cryptocurrency become less burdensome in terms of energy consumption?

20:01 | Jan 7th

In today’s podcast, we hear that investigation into the doxing campaign German political leaders suffered continues, and the Interior Minister promises a transparent inquiry. Attribution remains unsettled, but a lot of people are looking toward Russi...Show More

NOKKI, Reaper and DOGCALL target Russians and Cambodians — Research Saturday

14:28 | Jan 5th

Researchers from Unit 42 at Palo Alto Networks have discovered an interesting relationship between the NOKKI and DOGCALL malware families, as well as a new RAT being used to deploy the malware. Jen Miller-Osborn is Deputy Director of Threat Intellige...Show More

Doxing in Germany. How Lojax works. Spyware found in apps downloaded from Google Play. ISIS hijacks dormant Twitter accounts. Update on Moscow spy case. Chromecast hacking endgame.

25:03 | Jan 4th

In today’s podcast, we hear that German politicians, celebrities, and journalists have been doxed by parties unknown. ESET describes the workings of Lojax malware. Google ejects spyware-infested apps from the Play Store. ISIS returns online to inspir...Show More

2019’s first noteworthy breach. Update on the Tribune Publishing hack. reCAPTCHA defeated in proof-of-concept. Dark Overlord should avail itself of the right to remain silent.

19:39 | Jan 3rd

In today’s podcast, we hear that prize for first big breach of 2019 goes to Australia, but the year is young. Ryuk “artisanal” malware implicated in newspaper print-plant hacks. reCAPTCHA gets captchu’d, again. The Dark Overlord teases some pretty du...Show More

Stop the presses—the presses were stopped by ransomware. Video security system found vulnerable to oversharing. Changes in US DoD leadership. An arrest in Moscow, a court ruling in Baltimore. 

19:56 | Jan 2nd

In today’s podcast, we hear that US newspapers sustained a major cyberattack—possibly ransomware—over the weekend that disrupted printing. The attack is said to have originated overseas, but attribution so far is preliminary, murky, and circumstantia...Show More

Apple Device Enrollment Program vulnerabilities explored — Research Saturday

17:24 | Dec 22nd, 2018

Researchers at Duo Security have been looking into Apple's Device Enrollment Program (DEM) and have discovered vulnerabilities that could expose users of the service to potential issues from social engineering and rogue devices. James Barclay is Seni...Show More

Operation Cloudhopper and industrial espionage. Anonymous social network Blind server left exposed. Reputation jacking. Alexa shares too much, by accident. Hitman scam is back.

29:26 | Dec 21st, 2018

In today’s podcast, we hear that the Five Eyes have had quite enough of Stone Panda’s Cloudhopping, thank you very much, and they want Beijing to put a stop to it. Beijing says it’s all slander, and that the Yankees are probably just as bad. Blind tu...Show More

003 Risk and regulation in the financial sector — CyberWire X

29:09 | Dec 21st, 2018

In the third episode of our four-part series, called “Ground Truth or Consequences: the challenges and opportunities of regulation in cyberspace,” we take at risk and regulation in the financial sector, specifically how it intersects with cyber secur...Show More

US indicts two Stone Panda operators amid ongoing international concern over Chinese IP theft. Suspicious customer support traffic on Twitter. Emergency IE patch. Influence experiment.

20:19 | Dec 20th, 2018

In today’s podcast, we hear that the US has indicted two hackers working for China’s Ministry of State Security. US and allies are said to be planning a joint response to China’s industrial espionage. Twitter sees suspicious customer support traffic....Show More

Suspicion of Chinese hardware manufacturers continues. EU diplomatic cables leaked. Hiding out by dumbing down. Facebook data-sharing. NASA PII exposed. Parrot uses Alexa to advantage.

19:57 | Dec 19th, 2018

In today’s podcast we hear of more international skittishness about Chinese hardware manufacturers. Information operations in Taiwan’s elections. EU diplomatic cables hacked, rehacked, and published. Dumbing down cyber craft as a form of misdirection...Show More

Shamoon 3 and Charming Kitten. Czech CERT issues warning concerning Huawei, ZTE. Influence ops and a Facebook boycott. PewDiePie’s followers versus the Wall Street Journal.

19:54 | Dec 18th, 2018

In today’s podcast, we hear that Shamoon 3 and the renewed activity of Charming Kitty strike observers as the long-expected Iranian cyber retaliation for reimposition of sanctions. The Czech CERT says Huawei and ZTE both represent a threat. Huawei in...Show More

Huawei and the Five Eyes. Report on Russian trolling finds fluency in American. Boomstortion scammers turn to new threats. PewDiePie followers hack printers, again.

15:07 | Dec 17th, 2018

In today’s podcast, we hear that the Five Eyes agreed to contain Huawei’s potential for espionage. Huawei and ZTE both continue their charm offensive to convince international customers it’s safe to use their gear. Senate commissioned report on Russi...Show More

The Sony hack and the perils of attribution — Research Saturday

20:14 | Dec 15th, 2018

Researchers at Risk Based Security took a detailed look back at the 2014 Sony hack, comparing analysis that occurred while the facts were still unfolding with what we know, today. There are interesting lessons to be learned, especially when it comes ...Show More

False flags and real flags. ISIS claims the Strasbourg killer as one of its soldiers. A bogus bomb threat circulates by email.

25:02 | Dec 14th, 2018

In today’s podcast, we hear about false flag cyberattacks that mimic state actors, especially Chinese state actors. Chinese intelligence services are prospecting US Navy contractors. Russia’s Fancy Bear continues its worldwide phishing campaign. ISIS...Show More

Shamoon variant implicated in Saipem hack. Charming Kitten reappears. Sino-American tension over trade and industrial espionage.

20:36 | Dec 13th, 2018

In today’s podcast we hear that the Saipem hack looks like a new Shamoon variant. Charming Kitten started prowling through relevant places after the Iran sanctions became more serious. US authorities denounce Chinese espionage, especially industrial ...Show More

Operation Sharpshooter. Meng makes bail. Sino-American cyber tensions. Leadership crises in the UK and France. Congress doesn’t lay a glove on Google. 2018’s bad password practices.

20:11 | Dec 12th, 2018

In today’s podcast, we hear some of McAfee’s description of Operation Sharpshooter, an ambitious cyber reconnaissance campaign. Huawei’s CFO Meng makes bail in Vancouver, and China reacts sharply to the arrest. The US is said to be preparing sanction...Show More

Audit finds no Chinese spy chips on motherboards. Huawei CFO hearings continue in Vancouver. Oilfield services firm’s servers attacked. Spyware and adware. Congressional hearings, reports.

19:54 | Dec 11th, 2018

Audit finds no “Chinese spy chips” on Supermicro motherboards. Huawei CFO Meng’s hearing continues. Oil services firm’s servers attacked. Seedworm shows some new tricks. Secure instant messaging apps may be less secure than hoped. A new adware strain...Show More

A bail hearing in Vancouver. The prospect of indictments in IP theft cases. Kubernetes vulnerabilities. Russia and Ukraine swap hacks? An advance fee scam asks for help getting out of jail.

19:57 | Dec 10th, 2018

In today’s podcast, we hear that Huawei’s CFO awaits her immediate fate in a Vancouver detention facility, where she faces possible extradition to the US on a sanctions-violation beef. Huawei itself receives hostile scrutiny from the Five Eyes, the E...Show More

Operation Red Signature targets South Korean supply chain — Research Saturday

23:54 | Dec 8th, 2018

Researchers at Trend Micro uncovered a supply chain attack targeting organizations in South Korea. With the goal of information theft, attackers compromised the update server of a third party support provider, resulting in the installation of a RAT, ...Show More

Huawei legal and security updates. A shift to personalized spam in attacks on retailers. “Hollywood hacks” in Eastern European banks.

25:23 | Dec 7th, 2018

In today’s podcast we hear that Huawei’s CFO remains in Canadian custody, perhaps facing extradition to the US. All Five Eyes have now expressed strong reservations about Huawei on security grounds. They’ve been joined in this by Japan and the Europe...Show More

Huawei CFO arrested in Canada, faces extradition to US. Anonymous claims that Chinese intelligence hacked Marriott. Russian hospital phished. SamSam indictments, warnings. Facebook agonistes.

19:56 | Dec 6th, 2018

In today’s podcast, we hear that Huawei’s CFO was arrested in Vancouver on a US sanctions beef. Anonymous sources tell Reuters Chinese intelligence was behind the Marriott hack. A Flash zero-day is used in an attack against a Russian hospital. SamSam...Show More

DDoS and BEC risks rising. Ukraine says it stopped Russian cyber campaign. EU looks to stopping disinformation. NRCC email compromise. Facebook emails released by Parliament.

20:01 | Dec 5th, 2018

In today’s podcast, we hear that CoAp-based DDoS attacks are on the rise. A Nigerian gang has done some industrial-scale work on business email compromise. Ukraine says it stopped a major Russian cyber attack. The EU looks toward its May elections an...Show More

Fancy Bear in Czech government systems. Watering hole attacks. Quora breached. Marriott breach follow-up. Kubernetes privilege escalation flaw. Scams kicked out of Apple’s App Store.

20:18 | Dec 4th, 2018

In today’s podcast we hear how Fancy Bears and free-range catphish have been disporting themselves in the Czech Republic. China reported to have used watering hole attacks to gain entry into Australian institutions. Quora suffers a data breach. Marri...Show More

US Defense Department and UK’s MI6 aren’t buying Russian honey over cyber operations. Iranian influence operations. Marriott breach fallout. Court upholds Kaspersky ban. Ransom and sanctions.

14:59 | Dec 3rd, 2018

In today’s podcast, we hear that senior US and UK officials have harsh words for Russian actions in cyberspace even as President Putin undertakes a charm offensive at the G20 meetings. (In fairness to the US and UK officials, it’s a pretty dour charm...Show More

Settling in with GDPR — CyberWire-X

29:55 | Dec 3rd, 2018

In the second episode of our new, four-part series, called “Ground Truth or Consequences: the challenges and opportunities of regulation in cyberspace,” we take a look at the impact GDPR has had since it's implementation in May 2018. Joining us are E...Show More

Getting an education on Cobalt Dickens — Research Saturday

12:24 | Dec 1st, 2018

Researchers from Secureworks' Counter Threat Unit have been tracking a threat group spoofing login pages for universities. Evidence suggests the Iranian group Cobalt Dickens is likely responsible. Allison Wikoff is a senior researcher at Secureworks,...Show More

Marriott suffers data breach. Dunkin Donuts credential stuffing attack. Urban Massage database exposed, unsecured. Fancy Bear paws at German government targets. SamSam cost.

24:11 | Nov 30th, 2018

In today’s podcast we hear about Marriott’s big breach. And Dunkin’ Donuts big breach. And, and, Urban Massage’s embarrassing exposure. Lessons are drawn about third-party risk, password reuse, and the importance of being less creepy to the people yo...Show More

Reconnaissance and degradation. Hybrid war in Eastern Europe and Southwest Asia. Eternal Silence infects unpatched systems. Dell customers reset passwords. SamSam indictments.

20:04 | Nov 29th, 2018

In today’s podcast, we hear warnings of Russian recon “degradation” of the North American power grid. Information operations in Russia’s hybrid war against Ukraine. Factions in Yemen’s civil war contest cyberspace (and fiber optic cables). Eternal Si...Show More

DNSpionage. Cobalt Dickens’ unwelcome return. iOS spyware may be more widespread than believed. Governments move toward content moderation. Small towns, big problems.

20:35 | Nov 28th, 2018

In today’s podcast, we hear that DNSpionage espionage tools are hitting Middle Eastern targets. Iran’s Cobalt Dickens returns to pester universities. Lawful intercept vendors receive more scrutiny, and that scrutiny suggests iOS might not have escape...Show More

Rotexy Trojan gets worse. Bad apps in Google Play. Backdoor for crypto-wallets. Facebook goes before Parliament. Pegasus spyware versus journalists. Russian hybrid war. Too-smart devices.

20:07 | Nov 27th, 2018

In today’s podcast we hear that the Rotexy Trojan has evolved into phishing and ransomware. Bad apps found in Google Play. An open source library used in cryptocurrency wallets had a wide-open backdoor. Facebook goes before Parliament, which seems in...Show More

A quick look at the state of spam. Phishing for power grids. Industrial espionage. Free and command economy versions of social control. Lessons from JTF Ares.

18:20 | Nov 26th, 2018

In today’s podcast we hear that Emotet ramped up for Black Friday—beware of the spam. Social engineering and the power grid. Industrial espionage resurfaces as an issue in Sino-American relations. Huawei remains unforgiven in Washington. China’s emer...Show More

Perils of paycards, as Cyber Weekend approacheth. Tessa88 is identified. Many more people than before have now heard of High Tail Hall.

19:48 | Nov 21st, 2018

In today’s podcast, we hear that Amazon has offered customers a modified, limited hangout on some kind of data exposure. The online retailer says everything’s OK, but it hasn’t said much else. Facebook is back online—yesterday’s outage attributed to ...Show More

Nation-state cyber campaigns: North Korean, Iranian, Russian, and unknown. Social media outages.

19:56 | Nov 20th, 2018

In today’s podcast, we hear about nations behaving badly (but from the point-of-view of cyberespionage they’re doing, unfortunately, well). The Lazarus Group is back robbing banks in Asia and Latin America. Russia’s Hades Group, known for Olympic Des...Show More

CISA is now officially an agency. Cozy Bear is back. Gmail spoofing issue opens social engineering possibilities. Speculation about “cyber 9/11s.”

16:45 | Nov 19th, 2018

In today’s podcast, we hear that CISA is now an agency within DHS. Cozy Bear is back, and spearphishing in American civilian waters. Ukrainian authorities say they’ve detected and blocked a malware campaign that appears targeted against former Soviet...Show More

Doubling down on Cobalt Group activity — Research Saturday

18:55 | Nov 17th, 2018

The NETSCOUT Arbor ASERT team has been tracking Cobalt Group campaigns targeting financial institutions. Richard Hummel is manager of threat intelligence with ASERT, and he joins us to share his team's findings.  The research can be found here: http...Show More

GPS jamming. Bank phishing. Exposed server. Censorship, East, West, and South. Is there a sealed indictment of Julian Assange?

22:36 | Nov 16th, 2018

In today’s podcast, we ask a question: when does a military exercise become hybrid warfare? Answer: when it affects civilian safety. Like with GPS jamming. Russian banks are sustaining a major, and well-crafted, phishing campaign. An unprotected serv...Show More

RATs and the long game. New ransomware, Learning from other espionage services. Advance-fee scams continue to infest Twitter. Fancy Bear says it can’t be sued.

18:19 | Nov 15th, 2018

In today’s podcast, we hear that tRAT indicates a criminal shift to a longer game. Chinese industrial espionage copies Russian services’ tricks. Dharma ransomware evolves. Bitcoin’s price may be tanking, but Bitcoin-based advance-fee scams are still ...Show More

When BGP hijacking isn’t hijacking at all. The White Company’s Operation Shaheen. SWAuTistic pleads guilty. NPPD will become CISA.

20:00 | Nov 14th, 2018

In today’s podcast, we hear that Monday’s BGP hijacking wasn’t hijacking at all, but rather a fumbled upgrade in an ISP. The White Company’s Operation Shaheen is a nation-state espionage campaign directed against Pakistan’s military. Sleazy gamer and...Show More

GPS jamming. Jihadist account hijacking. ISIS on Wickr? Magecart exposed. Cathay Pacific breach. Paris Call for Trust and Security in Cyberspace.

19:59 | Nov 13th, 2018

In today’s podcast, we hear that Finland is investigating  GPS signal jamming during NATO exercises. Russia’s the usual suspect, as usual Russia feels picked on and ill-used. Jihadists seem to be feeling the effects of social media screening, and may...Show More

Regulation in the U.S. — CyberWire X

28:18 | Nov 13th, 2018

In this premier episode of our new, four-part series, called “Ground Truth or Consequences: the challenges and opportunities of regulation in cyberspace,” we take a closer look at cyber security regulation in the U.S.  Joining us are Dr. Christopher ...Show More

Establishing international norms in cyberspace — Research Saturday

20:29 | Nov 10th, 2018

Joseph Nye is former dean of the Harvard Kennedy School of Government. He served as Chair of the National Intelligence Council, and as Assistant Secretary of Defense for International Security Affairs under President Clinton. He serves as a Commissio...Show More

Critical infrastructure resiliency. Lazarus Group’s FASTcash robberies. China’s ongoing industrial espionage. Trolls aside, Russian observers think the US elections were A-OK.

24:52 | Nov 9th, 2018

In today’s podcast we hear that Britain’s NCSC has warned, again, that the UK is likely to face a Category One cyberattack within the next few years. In the US, Government-industry-academic partnerships work toward making critical infrastructure more...Show More

Post hack ergo propter hack: DHS calls Russian claims “noisy garbage.” Responsible and irresponsible disclosure. FCC wants an end to robocalls. USPS Informed Delivery abused. Post Canada—whoa.

18:53 | Nov 8th, 2018

In today’s podcast, we hear that, while election hacking seems not have happened in the US this week, that hasn’t stopped the IRA and its mouthpieces in Sputnik, RT, and elsewhere from loudly claiming it has. Election influence operations continue lo...Show More

A quick look back at the US midterms, and the cyber Pearl Harbor that wasn’t. Update Apache Struts. Smishing with the Play Store. Another advance fee scam.

20:01 | Nov 7th, 2018

In today’s podcast we take a quick look back at the US midterm elections, and at what did and didn’t happen. Is Iran looking at waging cyber-enabled economic warfare? If you use Apache Struts, update now to avoid remote code execution. A spyware-deli...Show More

Iran complains, threatens, and spies. Election Day cybersecurity notes.

19:47 | Nov 6th, 2018

In today's podcast, we hear that Iran has accused Israel of a second Stuxnet, claiming the attack was thwarted, and threatening retaliation. Nor is Tehran neglecting domestic surveillance of its own: Persian Stalker is involved with some pretty suspi...Show More

US midterm election cybersecurity updates. PortSmash side-channel proof-of-concept. Botnets compete to cryptojack Android devices. And will the GRU get its "R" back?

16:01 | Nov 5th, 2018

In today's podcast, we note that US midterm elections end tomorrow evening, with officials on high alert for election hacking. Russia sends poll watcher to the US to make sure democratic norms are observed. Side-channel attack proof-of-concept announ...Show More

Election protection — Research Saturday

22:22 | Nov 3rd, 2018

Symantec technical director Vikram Thakur returns to share his team's look at threat groups APT 28 and APT 29, the influence they had on the 2016 election, and how the cyber security industry has responded in preparation for the 2018 midterms. The o...Show More

Cyber Sitzkrieg. Waiting for the Bears to show up (and ready to set the Dogs on them). Facebook private messages for sale.

25:02 | Nov 2nd, 2018

In today's podcast, we hear that people are asking if that lull in Chinese cyber operations was just a strategic pause. Huawei's on a charm offensive. People are seeing plenty of Russian trolling, but election hacking proper continues to be quiet. An...Show More

Wi-Fi access point zero-day reported. US Cyber Command on the offensive. Transparency is tougher than it looks. GandCrab not paying out as much—good. PIPEDA takes effect. Soulmate spyware.

20:51 | Nov 1st, 2018

In today's podcast, we hear that Bleeding Bit flaws leave Wi-Fi access points open to war drivers and other malefactors within a hundred meters of your equipment. US Cyber Command continues its attempts to dissuade foreign influence operations agains...Show More

Influence operations, and advice on recognizing them. Ransomware updates. US indicts Chinese nationals for industrial espionage. An object lesson from the US Geological Survey.

20:00 | Oct 31st, 2018

In today's podcast, we hear about influence operations in social media (again): Americans remain more vulnerable (because they lack a cultural experience of state propaganda) than Eastern Europeans. Rules of thumb for recognizing the good, the bad, a...Show More

The Malware Mash

03:07 | Oct 31st, 2018

Enjoy this rerun of our Halloween musical parody, The Malware Mash!

This cybersecurity stuff is tougher than it looks, US state election officials learn. Saudi surveillance. Espionage in Iran. New attack varieties. Chinese hardware concerns. US sanctions chipmaker.

19:46 | Oct 30th, 2018

In today's podcast, we hear that installing cybersecurity tools to protect elections is tougher than it looks. Information operations continue to pose the most prominent foreign threat to US midterm elections, although there are concerns about voting...Show More

Facebook takes down Iranian-run accounts. Criminal investigations look online. IBM to buy Red Hat. Satori is still with us. British Airways and Magecart.

16:49 | Oct 29th, 2018

Facebook takes down accounts linked to Iran for coordinated inauthenticity. Iranian information operations appear to be learning from the Russian approach: be divisive, be negative, and be opportunistic. Investigations of pipe-bombs and the Pittsburg...Show More

Faxploitation — Research Saturday

14:34 | Oct 27th, 2018

Researchers at security firm Check Point Software Technologies explored the possibility of exploiting old, complex fax protocols to gain access to modern multifunction office printers, and then pivot to connected networks.  Yaniv Balmas is head of se...Show More

Airline breach bigger than thought. Securing Mexican financial institutions. Demonbot vs. Hadoop. New decryptor out for GandCrab ransomware. Civilian Cybersecurity Corps?

22:48 | Oct 26th, 2018

In today's podcast, we hear that British Airways' breach has gotten bigger. Mexico's financial institutions say they've contained the anomalies in interbank transfer systems. "Demonbot" is infesting poorly secured Hadoop servers. Google receives crit...Show More

Influence operations, da. Direct hacking? Maybe nyet. Chalubo botnet borrows old tricks. Financial sector alert in Mexico. Airline breach disclosed. Lawsuits over privacy. ICS Security notes.

18:26 | Oct 25th, 2018

In today's podcast, we hear that the US Department of Homeland Security sees lower-than-expected rates of Russian election system probing even as Russian information operations continue. Sophos warns of the emergence of the Linux-based "Chalubo" botn...Show More

Trolling the trolls. Triton/Trisis attributed to Russia. Asset management in ICS. Threat intelligence drives threat evolution. Shadow web-apps. Apple likes GDPR, hates the Data-Industrial Complex.

20:08 | Oct 24th, 2018

In today's podcast, we hear that US Cyber Command has been reaching out to tell the trolls Uncle Sam cares. Industrial control system security suffers from poor asset management practices. FireEye looks at the Triton malware and says the Russians did...Show More

Influence operations in Brazil and the US. Vulnerabilities disclosed in commonly used software. Healthcare.gov breach. Industrial control system cybersecurity.

17:59 | Oct 23rd, 2018

In today's podcast we wonder WhatsApp with Brazil's runoff election? Hacktivism hits Davos-in-the-Desert. Kraken Cryptor ransomware gets an upgrade. Remote code execution vulnerabilities disclosed in two classes of systems. Healthcare.gov breach unde...Show More

Making the business case for privacy. — Special Edition

21:09 | Oct 23rd, 2018

In this cyberwire special edition, my guest is Cisco’s Chief Privacy Officer Michelle Dennedy. We discuss what exactly a chief privacy officer does at a global organization like Cisco, why she thinks we’re in the early stages of a privacy revolution,...Show More

Russian indicted in US midterm election influence conspiracy case. Styles and goals of info ops. Cyber deterrence. DPRK petty crime. Alt-coin scammer. Spy chip story remains unconfirmed, unretracted.

12:59 | Oct 22nd, 2018

In today's podcast we hear that the US has indicted a Russian accountant for conspiring to influence US midterm elections. Different nations have different styles of information operations because they have different goals. Technology shifts, but und...Show More

Stormy weather in the Office 365 cloud. — Research Saturday

21:41 | Oct 20th, 2018

Security firm Lastline recently took a close look at threats to the Office 365 cloud environment, taking advantage of the insights they gain protecting their clients.  Andy Norton is director of threat intelligence at Lastline, and he joins us to des...Show More

Chinese supply-chain hack story gets vanishingly thin. Twitter downs pro-Saudi bots. SEO poisoning. OceanLotus evolves. Ransomware notes.

23:42 | Oct 19th, 2018

In today's podcast, we hear that no one but Bloomberg seems to retain much faith in Bloomberg's story about Chinese supply-chain seeding attacks. Twitter blocks bots retailing coordinated Saudi talking points about the disappearance of journalist Jam...Show More

Looks like Comment Crew, but probably isn't. Facebook breached by spammers. Twitter's big troll trove. Router issues. Who dunnit to YouTube?

19:51 | Oct 18th, 2018

In today's podcast, we hear that a campaign reuses some of the old Comment Crew code, but McAfee researchers think it's not the same old Crew. Facebook thinks its big breach was the work of spammers, not spies. Twitter releases a trove of trolling an...Show More

Meddling with the midterms — Special Edition

21:07 | Oct 17th, 2018

Kim Zetter is longtime cybersecurity and national security reporter for the New York Times, and author of the book Countdown to Zero Day. She joins us to discuss her recent feature for the New York Times Magazine,  titled The Crisis of Election Secur...Show More

Two ways of hacking the vote. BlackEnergy is active in Poland and Ukraine. ISIS and info ops. Hurricane-stressed utility further stressed by ransomware. Silicon Valley governance.

19:32 | Oct 17th, 2018

In today's podcast, we hear about election security, and two ways of hacking the vote. DHS points out that the states are getting better about sharing election security information. ISIS sets the template for terrorist information operations. BlackEn...Show More

Facebook in Myanmar. Supply chain seeding attack update. Election hacking. NCSC reports. EU prepares sanctions (Russia feels ill-used).

18:06 | Oct 16th, 2018

In today's podcast we hear about social networking for genocide in Myanmar: Facebook takes down the Army's inauthentic and inflammatory pages. The supply chain seeding attack from China remains dubious. Probes of US election infrastructure, and black...Show More

Facebook breach details. Privacy issues and an image problem for advocates. Supply-chain-attack skepticism. Info ops, bikers, and deniable paramilitaries.

19:41 | Oct 15th, 2018

In today's podcast, we heat that Facebook has found that fewer users than feared were affected by its breach, but that in this case "fewer" still means "a lot"—nearly thirty-million of them. Do privacy advocates have an image problem? Supply chain se...Show More

Driving GPS manipulation — Research Saturday

27:29 | Oct 13th, 2018

Researchers at Virginia Tech investigate possible ways to manipulate GPS signals and send drivers to specific locations without their knowledge.  Gang Wang is Assistant Professor of Computer Science at Virginia Tech, and he joins us to share his tea...Show More

Busy Bears, again. Mixing IT and OT is a risky business. New Android Trojan. Supply chain seeding attack updates. Facebook purges more "inauthentic" accounts. Data privacy. Cyber sanctions.

24:59 | Oct 12th, 2018

In today's podcast we hear that Ukraine says it's under cyberattack, again. ESET connects Telebots and BlackEnergy. Port hacks suggest risks of mixing IT and OT. Talos finds a new Android Trojan. Skepticism over Chinese supply chain seeding attack re...Show More

Seeding-attack skepticism. MSS officer arrested, will face industrial espionage charges in the US. Russia says again that it didn't hack the OPCW.

20:20 | Oct 11th, 2018

In today's podcast, we hear that the report of Chinese supply chain seeding attacks comes in for more skepticism: NSA never heard of it, and Congress would like some answers. The US has an officer of China's MSS in front of a Cincinnati court on char...Show More

Updates on supply-chain seeding reports. DDoS in Ukraine. GAO reports on US weapon system cyber vulnerabilities. Bugs exploited by Mirai persist. Patch note and toe dialing.

20:49 | Oct 10th, 2018

In today's podcast we hear that there's no consensus, yet, on Bloomberg's report of Chinese seeding attacks on the IT hardware supply chain. Ukrainian fiscal authority sustains DDoS attack. GAO reports on cyber vulnerabilities in US Defense Departmen...Show More

Update on supply chain seeding reports. GRU comes in for more criticism. UK prepares cyber retaliatory capability. Power grid resilience. Panda Banker. Google's good and bad news.

19:51 | Oct 9th, 2018

In today's podcast we hear that Bloomberg's report of a Chinese seeding attack on the IT hardware supply chain comes in for skepticism, but Bloomberg stands by—and adds to—its reporting. Everyone is seeing Russia's GRU everywhere, and Russia feels ag...Show More

Cryptojacking criminal capers continue — Research Saturday

22:42 | Oct 6th, 2018

Researchers at Palo Alto Networks' Unit 42 have been tracking the rise of cryptocurrency mining operations run by criminal groups around the world. Ryan Olson is V.P. of threat intelligence at Palo Alto Networks, and he joins us to share what they've...Show More

Reports of Chinese seeding attacks on the supply chain. Five Eyes and other allies push back at Russia's GRU. NPPD to become Cybersecurity and Infrastructure Security Agency

23:54 | Oct 5th, 2018

In today's podcast, we hear more on the possibility that China's Peoples Liberation Army engaged in seeding the supply chain with malicious chips. Companies deny it, but Bloomberg stands by its story. All Five Eyes denounce Russia's GRU for hacking. ...Show More

Bloomberg reports a seeding attack on the supply chain by Chinese intelligence services. GRU is named, shamed, indicted, and expelled.

19:46 | Oct 4th, 2018

In today's podcast, we hear that Bloomberg reports that a Chinese hardware hack has infested sensitive US supply chains. Dutch authorities expel GRU officers for attempting to hack the international body investigating the nerve agent attacks in Salis...Show More

Facebook breach updates. Bogus Zoho Office Suite. Brazil's big botnet. Vulnerable router firmware. Patch news. A DGSI officer arrested for dark web collusion with the mob. Bad Fortnite cheats.

19:54 | Oct 3rd, 2018

In today's podcast, we hear that Facebook continues to investigate its breach, and says it's not found any evidence of apps compromised through Facebook Login. Irish authorities open a GDPR investigation of Facebook. Bogus offers of Zoho Office Suite...Show More

RDP exploitation. More on the Facebook breach. Google and content moderation. Reaper Group stayed busy even after US-DPRK summit. Spyware in Canada. Hacking an airport.

19:58 | Oct 2nd, 2018

In today's podcast we hear that the US FBI and DHS warn that RDP exploitation is up. Facebook's breach exhibits the tension between swift disclosure and sound incident response. A look at slow-rolled disclosure. Google draws criticism for some conten...Show More

Facebook agonistes. Election meddling. Livestreamed hack gets cancelled.

19:22 | Oct 1st, 2018

In today's podcast we hear an update on Facebook's data breach, including EU inquiries, Congressional attention, FTC scrutiny, and user unhappiness. The threat of Chinese election meddling seems to be a matter of concern in the US Intelligence Commit...Show More

Sophisticated FIN7 criminal group hits payment card data — Research Saturday.

31:33 | Sep 29th, 2018

Researchers at security firm FireEye have been tracking malicious actors they call FIN7, a group which targets payment card data in the hospitality industry and elsewhere. They make use of targeted phishing campaigns, telephone vishing and even a con...Show More

Facebook discloses a major breach. Botnet brute forcing ransomware. Retail domain typosquatting. ATM wiretapping. Ransomware in San Diego. SEC hits cyber deficiencies. Assange retires?

24:17 | Sep 28th, 2018

In today's podcast, we hear that Facebook has disclosed a cyberattack that affected fifty million users. A botnet is brute-forcing credentials. Cybercriminals show signs of ramping up spoofed retail domains in preparation for holiday shopping. The US...Show More

Fancy Bear, again and again. QRecorder is a banking Trojan. Authentication issues with Apple's Device Enrollment Program. Notes on regulation. Farewell to a code-breaker.

19:04 | Sep 27th, 2018

In today's podcast, we find out that Fancy Bear has its very own rootkit. VPNFilter turns out to do a lot more than previously suspected. One of the Salisbury assassins is identified as a GRU colonel. A voice recorder app is kicked out of Google Play...Show More

Cryptojacking and ransomware news. The black market in zero-days looks like a bear market. Google budges (a little) on Chrome login. Senate hearings on privacy. Political campaign cybersecurity.

17:42 | Sep 26th, 2018

In today's podcast, we hear that cryptojacking apps have reappeared in Google Play. A brewer's experience with ransomware shows that victims needn't be helpless in the face of extortion. A look at the black market finds that zero-day vendors have gro...Show More

Follow-up to terror attack in Iran. UN data exposure. Kodi and cryptojacking. SHEIN retail breach. Atlanta's ransomware remediation. Payroll phishing. Quantum strategy.

18:59 | Sep 25th, 2018

In today's podcast, we hear that Iran has accused Saudi Arabia, UAE, and the US of running Saturday's terror attack "from the shadows." Data exposure at the UN. Kodi platform exploited for cryptojacking. SHEIN retail breach affects more than six mill...Show More

Terror attack in Iran prompts info skirmishing, and perhaps worse to come. JET bug disclosed. ANSSI open-sources OS. Anglo-American response to Russian cyber ops. Russian elections. Scam notes.

16:47 | Sep 24th, 2018

In today's CyberWire, we hear about a terror attack in Iran that has heightened tensions among adversaries: expect a heightened cyber optempo.  A JET vulnerability in Microsoft products is publicly disclosed as Microsoft misses the Zero Day Initiativ...Show More

ICS honeypots attract sophisticated snoops. — Research Saturday

21:20 | Sep 22nd, 2018

Researchers at security firm Cybereason recently set up online honeypots to attract adversaries interested in industrial control system environments. It didn't take long for sophisticated attackers to sniff out the virtual honey and start snuffling a...Show More

US National Cyber Strategy. New sanctions. GCHQ beefs up Russia unit. Cryptocurrency heist. Hacking Senatorial Gmail. Crime and punishment.

25:14 | Sep 21st, 2018

In today's podcast, we hear about the US national cyber security strategy, and developing international norms, calling out bad actors, establishing a credible deterrent, and imposing consequences are important parts of it. The State Department blackl...Show More

Magecart is back. Bad apps booted from Google Play. OilRig taken seriously. Election influence operations. Sending in the National Guard. ICO fines Equifax for last year's breach.

16:12 | Sep 20th, 2018

In today's podcast, we hear that Magecart has hit a Philippine media conglomerate. Bogus (and malicious) financial apps are ejected from Google Play. Gulf states are taking warnings about Iran's OilRig seriously. A cloud hosting service serves up phi...Show More

State Department cybersecurity issues. Iron Group's pseudoransomware. Bristol Airport's deliberate recovery. State of cryptojacking. Facebook offers campaigns help. US cyber strategy. Mirai masters.

19:40 | Sep 19th, 2018

In this podcast, we hear that the US State Department has acknowledged an email breach. The criminal gang Iron Group is hitting targets with data-stealing and data destroying pseudoransomware. Bristol Airport continues its slow recovery from whatever...Show More

Tracking Pegasus. OilRig spearphishing. IP theft from universities. Peekaboo bug in surveillance cameras. WannaMine won't be EternalBlue's last ride. Preventing data abuse.

19:45 | Sep 18th, 2018

In today's podcast, we hear about a Citizen Lab report on the global use of Pegasus lawful intercept tools. OilRig seems to be spearphishing in Bahrain. University IP theft by Iran seems widespread, but it also doesn't look very lucrative. Peekaboo v...Show More

Ransomware and cryptojacking are all the rage. Iran seeks IP, North Korea seeks a quick buck. More on EU content moderation. Alleged Russian hacking of WADA, Spiez Laboratory. Propaganda overreach?

18:30 | Sep 17th, 2018

In today's podcast, we hear about the ransomware that's clogged systems at a UK airport. New variants of ransomware are out and about in the wild. EternalBlue continues to be used to install cryptojackers in vulnerable systems—the campaign is being c...Show More

Android device eavesdropping investigation. — Research Saturday

17:32 | Sep 15th, 2018

A team of researchers from Northeastern University and UC Santa Barbara examined over 17,000 Android apps, and revealed a number of alarming privacy risks.  Elleen Pan and Christo Wilson were members of the research team, and they join us to share wh...Show More

Magecart continues its way. Evil cursor attacks. Seasonal trends in Trojans. More Novichok disinformation. Pyongyand denounces a "smear campaign." Wait and see on pipeline fires.

24:22 | Sep 14th, 2018

In today's podcast we hear that Magecart has achieved another library infestation as Feedify is hit. An evil cursor attack is a variant of a familiar tech support scam. The Ramnit banking Trojan seems to be spiking during the summer, and there are va...Show More

Domestic Kitten spyware. Crypto wallet shenanigans. Firmware issues enable cold boot attacks. BlueBorne bugs are still out and about. Tech support scams. Election security.

19:56 | Sep 13th, 2018

In today's podcast we hear that an Iranian domestic spyware campaign has been reported: it's most interested in ethnic Kurds. A bogus cryptocurrency wallet site is taken down. F-Secure warns of a widespread firmware problem that could be exploited fo...Show More

Executive Order mandates election interference sanctions. British Airways regulatory exposure. Patch Tuesday notes. EU passes copyright law. Russia says no to Novichok. WhatsApp scam.

19:44 | Sep 12th, 2018

In our podcast we hear that a US Executive Order issued today will impose sanctions on foreign actors following a determination that there's been an attempt at election meddling. The Executive Order covers both hacking and propaganda. British Airways...Show More

Trend Micro answers spying allegations. Magecart blamed for British Airways breach. Tor Browser exploit disclosed. Google vs. the right to be forgotten. Accused JPMorgan hacker extradited.

19:48 | Sep 11th, 2018

In today's podcast, we hear that Trend Micro has clarified what was up with allegations it was deploying spyware with its tools—no spyware, but they've changed their products to remove the appearance of impropriety. RiskIQ fingers the Magecart gang a...Show More

Elections and information operations, but not necessarily the elections you expect. Apple purges dodgy security apps. Who are the Silence criminals? BA's breach. Cyber moonshots.

19:30 | Sep 10th, 2018

In today's podcast, we hear about foreign information operations surrounding elections in Israel and Sweden. Domestic information operations surround local elections in Russia. Apple purges questionable security apps from its store. Are the Silence c...Show More

Leafminer espionage digs the Middle East. — Research Saturday

22:23 | Sep 8th, 2018

Researchers at Symantec recently published their findings on an active attack group named Leafminer that's targeting government organizations and businesses in the Middle East region.  Vikram Thakur is a technical director at Symantec, and he joins u...Show More

Russia does the info ops dance. An indictment of a Lazarus Groupie. FOIA shares too much. British Airways breaches. Silence makes some noise. Notes from the Billington Cybersecurity Summit.

24:38 | Sep 7th, 2018

In today's podcast we hear that Russia says it had nothing to do with the Salisbury nerve agent attacks, but no one really seems to be buying the denial. The US indicts a North Korean hacker in matters pertaining to the Lazarus Group. FOIA.gov oversh...Show More

Cyberwar looms between Russia and the UK. Twitter and Facebook complete testimony, but inquiries continue. Unpatched MikroTik routers exploited. OilRig's new tricks.

20:00 | Sep 6th, 2018

In today's podcast, we hear that the Novichok attacks have brought Britain and Russia to the brink of cyberwar. The UK will take its case to the UN Security Council. Twitter and Facebook have completed their testimony on Capitol Hill, but investigati...Show More

Sleeper malware. Hakai botnet spreads. SamSam is still with us. US DNI warns of election threats. Congressional panels interrogate Facebook and Twitter, but not Google.

20:01 | Sep 5th, 2018

In today's podcast, we hear that German security authorities warn about the possibility of sleeper sabotage malware. A botnet to rival Satori, this one called Hakai, continues to spread to new classes of router. SamSam ransomware remains disheartenin...Show More

Tracking Stone Panda to the Tianjin Bureau. Ad-fraud and Tokelau. RansomWarrior decrypted. US Congress to grill Facebook, Google, and Twitter. Celebrity scams.

15:28 | Sep 4th, 2018

In today's podcast, we hear that Intrusion Truth seems to have Stone Panda dead to rights. Chinese intelligence increases targeting of expatriate Uyghurs. Zscaler warns that an ad-fraud campaign is making use of the Tokelau top-level domain. Check Po...Show More

ATM hacks on the rise. — Research Saturday

22:45 | Sep 1st, 2018

Threat researcher Marcelle Lee from LookingGlass Cyber Solutions joins us to share her research on the growing threat of ATM hacks in the U.S.  The research can be found here: https://www.lookingglasscyber.com/blog/atm-hacking-you-dont-have-to-pay-to...Show More

Recruiting spies via LinkedIn. WindShift in the Gulf. GlobeImposter ransomware. Blocking Telegram is harder than it looks. Policy notes from the Five Eyes.

25:12 | Aug 31st, 2018

In today's podcast we hear that the US Intelligence Community says that China is actively trying to recruit spies over LinkedIn. Britain and Germany had earlier issued similar warnings. WindShift espionage group is active in the Gulf. GlobeImposter r...Show More

Twitter bots in Swedish politics. A different approach to influence operations. Hotel guest PII for sale. Medical device vulnerabilities. Charges in the case of the Satori botnet.

17:45 | Aug 30th, 2018

In today's podcast, we hear that Twitter bots have shown up in Sweden's political discourse. Not so much Chinese hacking for influence: Beijing seems to prefer funding sympathetic cultural and research centers. 130 million hotel guests have their PII...Show More

Unpatched Apache Struts installations being exploited in the wild. Windows local privilege escalation flaw. Similarities among spyware. Stalkerware hack. Criminal threats to the grid. Breaches.

20:00 | Aug 29th, 2018

In today's podcast we hear that the Apache Struts vulnerability, patched last week, is being actively exploited by cryptojackers. Microsoft works on a fix for local privilege escalation flaw in Windows. Trend Micro sees similarities among Urpage, Con...Show More

Social media struggle with their social role. Election hacking concerns remain high. Australia's new government shuffles cybersecurity responsibilities.

20:00 | Aug 28th, 2018

In today's podcast, we hear that Twitter has suspended more accounts for "divisive social commentary" and "coordinated manipulation." Facebook blocks accounts belonging to Myanmar leaders over Rohingya persecution. US Senators are unconvinced by clai...Show More

Moscow HUMINT drought? Spying on the Patriarch. Ottoman hacktivism. Iranian information operations. ISIS in cyberspace. RtPOS malware discovered.

17:25 | Aug 27th, 2018

In today's podcast, we discuss reports that suggest US HUMINT collection in Russia has dried up. Russian intelligence services are showing an interest in disrupting a grant of autonomy to the Ukrainian Orthodox Church by the Ecumenical Patriarch. Tur...Show More

Cyber espionage coming from Chinese University. — Research Saturday

26:02 | Aug 25th, 2018

Threat intelligence firm Recorded Future recently published research describing espionage activities originating from servers at a major Chinese university, coinciding with international economic development efforts. Winnona DeSombre and Sanil Chohan...Show More

More action against Iranian influence operations. Tehran's cyberespionage against universities. Counter-value targeting in cyber deterrence. Sino-Australian trade war? Law and order.

24:44 | Aug 24th, 2018

In today's podcast, we hear that Google has put the cats out. Secureworks describes an Iranian cyberespionage campaign targeting universities. That DNC phishing campaign is confirmed to be a false alarm caused by a Michigan misstep, but almost fiftee...Show More

If you're running a red team, let someone know it's a drill. Apache patches Struts. Another exposed AWS bucket. Remcos abused by hackers. DPRK goes after Macs. Dark Tequila runs in Mexico.

19:50 | Aug 23rd, 2018

In today's podcast, we hear that a phishing attempt against the Democratic National Committee turned out to have been a poorly coordinated red-team exercise. Apache patches a remote code execution vulnerability in Struts. Another exposed AWS bucket. ...Show More

Facebook takes down "inauthentic" Russian and Iranian fronts. Twitter blocks Iranian false-flags, and FireEye explains why they think it's Tehran. Triout Android spyware described. Hacking back?

20:00 | Aug 22nd, 2018

In today's podcast we hear that Facebook has taken down more inauthentic pages—some are Russian, but others are Iranian. Twitter blocks Iranian accounts for being bogus. Russia denies, again, any involvement in information operations against the US. ...Show More

Fancy Bear bogus sites taken down. Some in the US Congress think they want hack-back laws. Cyber and sanctions. Operation Red Signature. Doxing Chinese Intelligence. Buggy medical devices.

19:56 | Aug 21st, 2018

In today's podcast, we hear that Microsoft has sprung its bear trap, again, and caught Fancy Bear. This time the targets are more to the right than the left. The US Senate holds hearings on cybersecurity—hacking back is expected to be on the table. T...Show More

Beers with Talos — Live from the RiRa at Black Hat

1:22:45 | Aug 21st, 2018

CyberWire host Dave Bittner joins the crew from Cisco's Talos team on a special live edition of their Beers with Talos podcast from Black Hat.

DarkHotel is back. So is Necurs, and it's distributing a modular malware dropper. Industrial espionage follows international trade. Election meddling. The use and abuse of data.

16:56 | Aug 20th, 2018

In today's podcast, we hear that an evolved DarkHotel campaign is under way. A new malware dropper is out and about thanks to the Necurs botnet. Researchers demonstrate proof-of-concept exploits. Cyber espionage follows trade. Notes on election meddl...Show More

Stealthy ad fraud campaign evades detection. — Research Saturday

19:21 | Aug 18th, 2018

Researchers at Bitdefender have been tracking a bit of complex rootkit malware called Zacinlo that they suspect has been operating virtually undetected for over six years. Bogdan Botezatu is a senior cyber security analyst with Bitdefender, and he de...Show More

Election risks—hacking and influence. Chinese industrial espionage spike. Misconfigured project management. Necurs appears briefly. Bogus Fortnite downloads. What they heard in the banya.

24:42 | Aug 17th, 2018

In today's podcast we run through a brief guide to election risks, and the difference between hacking and influence operations. An Alaskan trade mission prompts a wave of Chinese industrial espionage. Misconfigured project management pages may have e...Show More

Hacking Old Man River. Nation-state cyber conflict: objectives and norms of behavior. Australia's new cyber laws. ATM campaign. Lawsuits, and the Dread Pirate Robert asks for pardon.

19:55 | Aug 16th, 2018

In today's podcast we hear that cyber threats to river traffic have intermodal implications. Nation state hacking, Presidential Policy Directive 20, and international norms of cyber conflict. The tragic consequences of overconfidence concerning commu...Show More

Notes on patching. Foreshadow speculative execution vulnerability. Influence operations. The FBI's new cyber chief. Are stickers a temptation to thieves, hackers, and customs officers?

19:58 | Aug 15th, 2018

In today's podcast we hear some Patch Tuesday notes—both Microsoft and Adobe were busy yesterday. Foreshadow, a new speculative execution vulnerability, is reported. Malaysia gets attention from Chinese espionage services. Competition for jihadist mi...Show More

Cryptowars notes. DDoS in Finland. Bears aren't under the beds; they're in the routers. Smart city attack surfaces. Sanction notes. Training through puzzle-solving .

19:59 | Aug 14th, 2018

In today's podcast, we hear about the cryptowars down under. Major DDoS incident in Finland. Bears in the home routers, and concerns about IoT and power grid security prompt a US Senator to demand answers. Smart cities present big attack surfaces. Pr...Show More

Spyware for states and spouses. Election hacking demos. New ransomware strains, and a clipper for Android. Airline Wi-Fi is not only irritating, but insecure as well.

16:30 | Aug 13th, 2018

In today's podcast, we hear about spyware in the guise of a missile attack warning app. New Dharma variant out. Android.Clipper redirects transactions to crooks' cryptowallets. DLink exploits rob Brazilian banking customers. Utilities prepare for gri...Show More

Thrip espionage group lives off the land. — Research Saturday

25:46 | Aug 11th, 2018

Researchers at Symantec have been tracking a wide-ranging espionage operation that's targeting satellite, telecom and defense companies.  Jon DiMaggio is a senior cyber intelligence analyst at Symantec, and he takes us through what they've discovered...Show More

DPRK RAT in the wild. Vulnerable WPA2 4-way handshake implementations. Black Hat notes. Sanctions and retaliation. RoK to reorganize Cyber Command. PGA and ransomware.

22:05 | Aug 10th, 2018

In today's podcast we hear that US-CERT is warning of a North Korean RAT. Researchers find vulnerable WPA2 handshake implementations. A sales call results in inadvertent data exposure. Notes on Black Hat: circumspection, hype, barkers, and artificial...Show More

State-sponsored ransomware campaigns coming? DarkHydrus and Phishery. Hitting ATMs for alt-coin. US sanctions Russia. IBM looks at artificially intelligent malware. Black Hat notes.

19:05 | Aug 9th, 2018

In today's podcast we hear that Tehran seems ready to follow Pyongyang into state-sponsored theft to redress financial shortfalls: cryptocurrency ransomware looks like Iran's preferred approach. DarkHydrus uses commodity tool Phishery in Middle Easte...Show More

Payment processors probed with BGP exploits for redirection attacks. WhatsApp vulnerable to manipulation? Deterrence and retaliation. Anonymous vs. QAnon. Notes from Black Hat.

17:03 | Aug 8th, 2018

In today's podcast we hare that Oracle has warned of BGP exploits against payment processors. Check Point says it's found vulnerabilities in WhatsApp that could enable chat sessions to be intercepted and manipulated. Germany, Ukraine, and the US inde...Show More

TSMC recovers from WannaCry infection. OpenEMR fixes 30 bugs. UK will ask Russia to extradite two GRU operators for Novichok attacks. Twitterbots flourish.

19:03 | Aug 7th, 2018

In today's podcast we hear that chipmaker TSMC says the virus that shut it down in Taiwan was WannaCry. It appears to have been an incidental infection enabled by inattentive installation of software. OpenEMR fixes bugs that could have exposed millio...Show More

More data exposures, from banks and a major CRM provider. Ransomware strikes back. The irresistibility of data. An unhackable wallet gets hacked…maybe. Spreading goodwill through Akido?

19:39 | Aug 6th, 2018

Leaky API may have exposed Salesforce customers' data, TSMC reports a virus in its semiconductor plants. TCM Bank discloses a paycard application leak. Ransomware in Hong Kong. The US Census Bureau prepares to secure its 2020 "fully digital" census. ...Show More

Cortana voice assistant lets you in. — Research Saturday

21:32 | Aug 4th, 2018

Researchers at McAfee recently discovered code execution vulnerabilities in the default settings of the Cortana voice-activated digital assistant in Windows 10 systems.  Steve Povolny is head of advanced threat research at McAfee and he shares their ...Show More

Russian threats and threats to Russia. Cryptojacking wave spreads out from Brazil. Recovering from malware in Alaska and Atlanta. Notes on automotive cybersecurity.

24:52 | Aug 3rd, 2018

In today's podcast we hear that the US Intelligence Community warns of Russian threats, again. A criminal spearphishing campaign hits Russian industrial companies. A cryptojacking wave is installing CoinHive in MicroTik routers. Speakers at the Billi...Show More

RASPITE noses around the US power grid. Cisco will buy Duo Security. Sandworm afflicts lab investigating Novichok attack. Influence ops can be no-lose proposition.Crytpojacking and malspam.

18:06 | Aug 2nd, 2018

In today's podcast, we hear that Cisco plans to buy Duo Security. Dragos warns of the RASPITE adversary actor. Russia's Sandworm group is phishing people connected with a Swiss chemical forensics lab. How influence operations can be a no-lose proposi...Show More

Reddit Hacked. Ukrainians nabbed. Facebook boots "inauthentic" accounts for malign influence. Pegasus spyware found in Amnesty phone. Yale's old breach. Google and censorship.

19:49 | Aug 1st, 2018

In today's podcast we hear that a Swiss chemical agent forensic lab has seen Sandworm phishing attempts. Facebook kicks thirty-one "inauthentic" accounts from its platform: they seem to have been engaged in influence operations, possibly Russian. Att...Show More

Data-centric security. — Special Edition

27:36 | Aug 1st, 2018

In this CyberWire special edition, we take a look at data-centric security, focusing on the security of the data itself, rather than the surrounding networks, application or servers.    To help us on our journey of understanding we’ve lined up a numb...Show More

Infrastructure security, especially power, finance, and elections. Preparation pays off. Proofpoint warns of new AZORult malware. Check Point tracks Master134 malvertising. Crime news.

19:22 | Jul 31st, 2018

In today's podcast we hear more warnings about Russian cyber operators in the North American power grid. The US Department of Homeland Security announces formation of a National Risk Management Center. Cosco's preparation may have rendered the shippe...Show More

NetSpectre proof-of-concept. Election hacking, in the US and Australia. Cyber industrial espionage. Cyber threats to power grids. Hacking JPay.

16:25 | Jul 30th, 2018

In today's podcast, we hear about NetSpectre, a new speculative execution proof-of-concept. Australia's Electoral Commission says there were no signs of hacking recent by-elections. US states remain concerned about election hacking. Missouri Senator ...Show More

BabaYaga strangely symbiotic Wordpress malware — Research Saturday

20:30 | Jul 28th, 2018

Researchers at Defiant recently analyzed a malware family they named "BabaYaga," which has the curious behavior of clearing out other malware and keeping infected sites up to date. Brad Hass is a senior security analyst at Defiant, and he guides us t...Show More

Fancy Bear sniffs around Senatorial staffs. US NSC considers Russian election interference. Chinese and Iranian cyberespionage. Malware loaders. Smart home bugs. Stealing WiFi.

21:21 | Jul 27th, 2018

In today's podcast we learn that Fancy Bear is said to be snuffling around at least one US Senatorial office. The US National Security Council meets to consider Russian election interference. Notes on Chinese and Iranian cyberespionage. New malware l...Show More

LifeLock closes proof-of-concept hole. US-CERT warns of active campaigns against ERP applications. Ad blockers may function as spyware. Parasite HTTP RAT. Underminer EK. NSA's IG scowls.

19:25 | Jul 26th, 2018

In today's podcast we hear that LifeLock gets locked down—probably no harm done, maybe. US-CERT warns of active campaigns against ERP applications. Ad blockers may be doubling as spyware. A new RAT gnaws away at corporate HR departments. Underminer s...Show More

Leafminer wants to learn from the best, and that's not good. Shipper hacked. Old malware resurfaces in improved form. Russian grid and election threats. What insurance covers.

20:00 | Jul 25th, 2018

In today's podcast, we hear that Leafminer is infesting networks in the Middle East. Red Alert, Kronos, Mirai, and Gafgyt make their reappearance in new forms. Shipping firm Cosco is dealing with a cyberattack. US officials raise warnings about Russi...Show More

Warnings of Russian cyber threat to power grids. Phishing rises. Patch gets patched. SingHealth breach. Satori botnet. Bluetooth MitM. Evil maids?

19:54 | Jul 24th, 2018

In today's podcast, we hear that warnings of Russian prep for an attack on power grids become more pointed. Phishing and impersonation attacks continue to rise. Microsoft patches a patch. The SingHealth breach remains under investigation. The Satori ...Show More

SingHealth breach hits Singapore. Manufacturers afflicted with third-party data exposure. Aspen Security Forum takes cyber threats seriously. Ecuador may withdraw asylum from Assange.

14:30 | Jul 23rd, 2018

In today's podcast we hear that Singapore's SingHealth has sustained a major data breach: authorities speculate it may have been the work of a nation-state yet to be determined (or at least named). A third-party data exposure affects major manufactur...Show More

Measuring the spearphishing threat — Research Saturday

23:41 | Jul 21st, 2018

Researchers Gang Wang and Hang Hu from Virginia Tech recently conducted an end-to-end measurement on 35 popular email providers and examining user reactions to spoofing through a real-world spoofing/phishing test. Gang Wang joins us to share the sobe...Show More

Cyberespionage and influence operations. Big botnet assembled in less than a day. Monetizing stolen paycards through online games. Amazon nudges developers. Report on Huawei. Phishing notes.

21:59 | Jul 20th, 2018

In today's podcast we hear that the US Intelligence Community remains convinced the Bears are up to no good. Finland experienced elevated rates of cyberattack during the Helsinki summit, mostly Chinese espionage. The hacker "Anarchy" assembled an 18,...Show More

Fancy Bear's Roman Holiday. RAT phishing in Ukraine. AWS S3 bucket leaks robocaller data. Bug or abuse? NIST to withdraw outdated cybersecurity publications. Content moderation.

19:52 | Jul 19th, 2018

In today's podcast, we hear that Fancy Bear has taken a Roman Holiday, and the Italian Navy may be taking note. A criminal espionage campaign is underway, with Ukraine's government as its target. An exposed AWS S3 bucket leaks voter information. A se...Show More

Magnibur ransomware spreads. LabCorp discloses suspicious incident on its networks. Spectre, Meltdown notes. Oracle patches. Helsinki summit backing and filling and backing.

20:13 | Jul 18th, 2018

In today's podcast, we hear about the spread of Magnibur ransomware. LabCorp discloses "suspicious activity" on its networks. The Pentagon will add cybersecurity checks to its test and evaluation process. Siemens updates customers on Spectre and Melt...Show More

Trump-Putin summit. East Asian cyberespionage campaigns. Vulnerable DVRs. Concern about census security.

19:59 | Jul 17th, 2018

In today's podcast we review fallout from the Trump-Putin summit. Cyberespionage campaigns resurface in East Asia—at least one of them originates in North Korea. Telefonica sustains a major data breach of Spanish customers' details. Passwords to DVRs...Show More

DNI warns of cyber threats. Russo-US summit. Mueller investigation and indictments. Huawei agonists. Congress reconsiders ZTE reinstatement. Kaspersky receives no emergency ban relief.

19:31 | Jul 16th, 2018

DNI says "warning lights are blinking red" over cyber threats. Election interference remains a risk despite lower than expected levels of threat activity. Presidents Trump and Putin meet in Helsinki. Notes on the Mueller investigation and the GRU ind...Show More

A new approach to mission critical systems — Research Saturday

21:16 | Jul 14th, 2018

Andy Bochman is senior grid strategist for Idaho National Lab’s National and Homeland Security directorate. Today we’re discussing the research the INL has been doing, developing new approaches to protecting mission critical systems. The CyberWire's ...Show More

Fancy Bear indictments. VPNFilter found in Ukrainian water-treatment chlorine plant. Comment spam. Speculative execution side-channel attacks. MDM exploits in India.

25:07 | Jul 13th, 2018

In today's podcast, we hear that Special Counsel Mueller has secured an indictment of twelve Russian intelligence officers for hacking during the 2016 US presidential elections. Ukraine finds VPNFilter in a water treatment facility. Comment spam retu...Show More

Timehop refines its breach disclosure. Speculative execution side-channel attacks described. Tech manuals offered for sale on the dark web. Twitter versus bots.

20:00 | Jul 12th, 2018

In today's podcast, we hear that Timehop has released more information as its breach investigation proceeds. The case will be interesting as an indicator of what GDPR enforcement will look like. Two speculative execution side-channel attacks are desc...Show More

Ticketmaster paycard breach is part of a very large skimmer campaign. Chinese cyberespionage and censorship. Smartphone privacy issues. Data misuse litigation. Affirming the consequent.

19:37 | Jul 11th, 2018

In today's podcast we hear reports that the Ticketmaster breach is the tip of a big software supply chain iceberg. Chinese intelligence services closely interested in Cambodia's elections. iOS crashes appear related to code designed to block displays...Show More

More Elon Musk impersonators in social media. Cryptocurrency raided. Spearphishing in Palestine. BlackTech espionage group. Apple upgrades. Polar Flow fitness app and oversharing.

20:00 | Jul 10th, 2018

In today's podcast, we hear that advance fee scams run by Elon Musk impersonators are using the recently rescued boys' soccer team as phishbait. Bancor wallet robbed of crytpocurrencies. Palestinian police spearphished. BlackTech espionage group usin...Show More

Malware infections down during World Cup matches. UK-Russia tensions. Australian National University hacked. Data breach notes. Calls for cooperation. Tell it to the Marines.

15:39 | Jul 9th, 2018

In today's podcast, we hear that if your nation's team was playing a World Cup match, you probably weren't visiting dodgy websites. Concerns mount in the UK that Russia may be readying a long-expected attack on British infrastructure and holding it u...Show More

No Distribute Scanners help sell malware

14:30 | Jul 7th, 2018

Sellers of malware on Dark Web forums often use No Distribute malware scanning tools to help verify the effectiveness of their wares, while preventing legitimate virus scanning tools from adding the malware to their database. Daniel Hatheway is a Sen...Show More

When catphishing, it pays to know what bait they'll take. Permission hogs are often misers. Cyber comes to the NTC. Natural intelligence screening for artificial intelligence. The Thermanator.

22:47 | Jul 6th, 2018

In today's podcast we hear about catphishing in Berlin and Tel Aviv: whether you're offering payment for a white paper or up-to-date futbol scores, it pays to know the right bait. Android apps may be permission hogs, but it's surprising how often the...Show More

Catphish and Charming Kittens. Data-sharing receives more scrutiny. European copyright law won't be fast-tracked. ZTE gets some relief. Juggalos and Juggalettes defeat facial recognition tools.

19:52 | Jul 5th, 2018

In today's podcast we hear about some catphishing in the IDF's pond. Charming Kitten uses itself as bait. Facebook and Google face scrutiny over sharing users' information with third-parties. The Pirate Bay is back after its hiatus, and it's back to ...Show More

Hybrid warfare. Inveterate DDoS against ProtonMail. Security concerns about Chinese companies. Retail breaches. Agencies scrutinize Facebook data abuse. Infrasound weapons?

19:20 | Jul 3rd, 2018

In today's podcast we hear that Ukraine has warned of hybrid warfare during UN counter-terrorism meetings. ProtonMail DDoS continues. Security concerns surrounding ZTE, Huawei, and China Mobile. Retail data breaches. A quiz app's backup data are acce...Show More

Adidas data breach. Facebook on data abuse. Investigation of Exactis data exposure continues. Algonquin College hacked. Tenable's IPO. US-Russia summit will talk election influence ops.

15:52 | Jul 2nd, 2018

In today's podcast we hear a bit about the data breach Adidas disclosed late last week. Facebook answers Congressional questions for the record and adopts a data abuse bounty program. Investigation of the Exactis data exposure incident continues, but...Show More

VPNFilter malware could brick devices worldwide — Research Saturday

28:43 | Jun 30th, 2018

Researchers from Cisco Talos continue to track malware they've named VPNFilter, a multi-stage infection with multiple capabilities, targeting consumer-grade routers. Craig Williams is head of Cisco Talos Outreach, and he joins us with the details.  T...Show More

Data breaches and data exposure. Privacy legislation. Improperly collected phone call records destroyed.

24:55 | Jun 29th, 2018

In today's podcast we hear that Ticketmaster UK's hacking incident will provide an interesting GDPR test case. Data aggregator Exactis left nearly two terabytes of personal and business information exposed on the publicly accessible Internet. NSA des...Show More

Ukraine accuses Russia of preparing a cyber campaign. China eyes Tibetan diaspora. A decryptor for Thanatos ransomware. Nudging away from privacy. Dark web undercover.

19:58 | Jun 28th, 2018

In today's podcast we hear that Ukraine has warned that Russia is preparing a coordinated attack against Ukrainian financial and energy infrastructure. China appears to be stepping up surveillance of the Tibetan diaspora. Cisco's Talos unit has a fre...Show More

Separating fools from money. — Hacking Humans

29:47 | Jun 28th, 2018

Dave shares a story of airport penetration testing with high degree of yuck-factor. Joe explores research on protecting passwords from social engineering. The catch-of-the-day comes courtesy of Graham Cluley's email spam box. Dave interviews Wired's ...Show More

DDoS attack on ProtonMail. Rancor cyberespionage campaign. PythonBot serves ads and a cryptominer. EU joint cyber response unit forming. Arrests in BEC campaign. Reality Winner's plea.

19:54 | Jun 27th, 2018

In today's podcast, we hear that ProtonMail was hit this morning by an Apophis Squad DDoS attack. Rancor cyberespionage campaign observed in Southeast Asia. PythonBot serves up adware and cryptojacking. WannaCry-themed protection racket is all bark a...Show More

Romania, UK, warn of Russian cyber ops. International norms of cyber conflict. Bronze Butler's USB drives. Too-smart batteries not smart enough. Industry notes. Game cheater gets jail time.

19:59 | Jun 26th, 2018

In today's podcast, we hear warnings of Russian cyber operations from Romania and the UK. Recent attempts at developing international rules of conduct (and conflict) in cyberspace. Bronze Butler's naughty USB drives—not as scary as they sound, but a ...Show More

Nation-state cyberespionage and cybercrime. Cryptocurrency fraud and theft give alt-coins a rocky ride. Sino-US trade conflict update. GDPR data extortion. Spammy protection racket.

14:28 | Jun 25th, 2018

In today's podcast, we hear that Taiwan continues to receive the PLA's cyber attentions. A look at what the Lazarus Group is up to. Cryptocurrency fraudsters arrested as alt-coin values have a rocky ride. Continuing US hot water for ZTE and Huawei. G...Show More

LG smartphone keyboard vulnerabilities — Research Saturday

16:22 | Jun 23rd, 2018

Researchers at Check Point Research recently discovered vulnerabilities in some LG smartphone keyboards, vulnerabilities that could have been used to remotely execute code with elevated privileges, act as a keylogger and thereby compromise the users’...Show More

Phishing plays small ball with depressing success. Chinese cyberespionage up. US IC, JCS, worries about innovation. Guilty plea in US espionage case. Ex-Knesset member suspected of spying. Supreme Court decides location privacy case.

24:06 | Jun 22nd, 2018

In today's podcast, we hear that phishing scams continue to nibble away at bank accounts and reputations: the State of Oregon is among those suffering. Avoid emails promising you leaked pictures of YouTube stars. Chinese espionage against US targets ...Show More

Malicious apps, a clever botnet, and cryptojacking. Patch notes. EU copyright regulations. Congress still doesn't like the cut of ZTE's or Huawei's jib. Tesla sues a former employee.

19:52 | Jun 21st, 2018

In today's podcast we hear about a malicious app that will save your battery, but it will also install a backdoor, steal information, and click on a bunch of ads. A sophisticated and patient botnet, Mylobot, is observed in the wild, but it's not yet ...Show More

Playing on Kindness — Hacking Humans

22:17 | Jun 21st, 2018

Joe explains the Ben Franklin effect. Dave describes job applicants tricked unto money laundering. A listener tells a tale of being fooled by an appeal to greed. Joe interviews Stacey Cameron from DirectDefense about her physical penetration testing ...Show More

Satellite communications suffer from Thrip(s). Zacinlo rootkit poses as a VPN. Insecure Firebase apps. EU copyright legislation. Kardon Loader. Bithumb robbed. #Opicarus2018. Bitcoin Baron jailed.

19:57 | Jun 20th, 2018

In today's podcast, we hear that the Chinese espionage group Thrip is targeting satellite communications operators and others in the US and Southeast Asia. Zacinlo rootkit hides inside a bogus VPN. Developers are leaving Firebase apps insecure. The E...Show More

Charges in Vault 7 case. Olympic Destroyer appears to be back. Liberty Life hack. Does Tesla have a rogue insider? US Senate hits at ZTE. Guilty plea in OPM hack-related fraud. Motive: blackmail.

19:57 | Jun 19th, 2018

In today's podcast we hear that the US has charged a former CIA engineer in the WikiLeaks Vault 7 case. Olympic Destroyer may be back, and preparing to hit chemical weapons investigators and arms control specialists. Updates on the Liberty Life data ...Show More

Date extortion attempt against Liberty Life. Rex Mundi, Black Hand arrests. Hidden Cobra's back. Clipboard hijacking hits cryptocurrency wallets. ZTE, Huawei security fears. Pulp fiction.

18:46 | Jun 18th, 2018

In today's podcast we hear that Liberty Life has sustained an attempt at data extortion. In separate operations, international police agencies cooperate against Rex Mundi, Black Hand, and the remnants of Silk Road. Cyber espionage notes. North Korean...Show More

Cyber bank heists — Research Saturday

15:57 | Jun 16th, 2018

Carbon Black's Chief Cybersecurity Officer Tom Kellerman shares the results of their recent report, Modern Bank Heists: Cyberattacks & Lateral Movement in the Financial Sector. For the report, they interviewed CISOs at 40 major financial institutions...Show More

MysteryBot developed from LokiBot. Satan rebranded as DBGer. Snooping on iOS got harder, but maybe not impossible. IG report on the FBI is out, not damning but not good, either.

22:40 | Jun 15th, 2018

In today's podcast we hear that MysteryBot is under development and presumably being prepared for sale on the black market. Satan ransomware gets a makeover and a new name. Apple has taken measures to make iOS traffic less accessible to snooping, but...Show More

Chinese espionage in Central Asia. Dixons Carphone data exposure. Lazy State speculative execution bug. Pyongyang is expected to come roaring back into cyberspace. Unlucky 13. Chinese espionage in Central Asia. Dixons Carphone data exposure. Lazy State sp

18:44 | Jun 14th, 2018

In today's podcast, we hear that LuckyMouse has crept into an unnamed Central Asian house. Dixons Carphone data exposure presents complex legal and regulatory issues—it's the first big incident since GDPR came into effect. "Lazy State" is another CPU...Show More

Hacking Humans — Gaming pro athletes online.

30:00 | Jun 14th, 2018

Joe warns of scammers taking advantage of natural disasters, Dave explores romance scams, and gets a strange voice mail.  Stephen Frank from the National Hockey League Players Association joins us to share how professional athletes protect themselves...Show More

Cable-tapping for a new century. Lazarus Group update. BabaYaga's cannibalistic malware. Patch Tuesday notes. Cryptojacking. World Cup surveillance. Beware of strangers bearing gifts with USB connections.

16:40 | Jun 13th, 2018

In today's podcast we hear that old news is new news when it comes to undersea cables. The Lazarus Group is still at it, against South Korean targets. BabaYaga eats other malware so it can stage WordPress spam. Patch Tuesday notes, including some pro...Show More