Podcasts about hidden cobra

Rick Howard, N2K's CSO and The CyberWire's Chief Analyst and Senior Fellow, discusses the latest developments in mapping the MITRE ATT&CK(R) wiki to your deployed security stack with guests James Stanley, section chief at the U.S. Cybersecurity and Infrastructure Security Agency, John Wunder, Department Manager for Cyber Threat Intelligence and Adversary Emulation at MITRE, and Steve Winterfeld, Akamai's Advisory CISO. Howard, R., Olson, R., 2020. Implementing Intrusion Kill Chain Strategies by Creating Defensive Campaign Adversary Playbooks [Journal Article]. The Cyber Defense Review. URL https://cyberdefensereview.army.mil/CDR-Content/Articles/Article-View/Article/2420129/implementing-intrusion-kill-chain-strategies-by-creating-defensive-campaign-adv/ Staff, 2023. The Ultimate Guide to Sigma Rules [Blog]. THE GRAYLOG BLOG. URL https://graylog.org/post/the-ultimate-guide-to-sigma-rules/ Seuss, Dr., 1990. Oh, the Places You'll Go! [Book]. Goodreads. URL https://www.goodreads.com/book/show/191139.Oh_the_Places_You_ll_Go_?ref=nav_sb_ss_1_14 Beriro, S., ishmael, stacy-marie, 2023. Crypto Hackers Stole Record Amount in 2022, Fueled by North Korea's Lazarus [Podcast]. Bloomberg. URL https://www.bloomberg.com/news/articles/2023-02-23/crypto-hackers-stole-record-amount-in-2022-fueled-by-north-korea-s-lazarus cisagov, 2023. Decider: A web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CK® framework. [Code Repository]. GitHub. URL https://github.com/cisagov/Decider/ Hutchins, E., Cloppert, M., Amin, R., 2010. Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains [White Paper]. Lockheed Martin. URL https://www.lockheedmartin.com/content/dam/lockheed-martin/rms/documents/cyber/LM-White-Paper-Intel-Driven-Defense.pdf JupiterDoc, 2011. Law & Order Full Theme (High Quality) [Theme]. YouTube. URL https://www.youtube.com/watch?v=xz4-aEGvqQM Nickels, K, 2019. Introduction to ATT&CK Navigator [Video]. YouTube. URL https://www.youtube.com/watch?v=pcclNdwG8Vs Page, C., 2022. US officials link North Korean Lazarus hackers to $625M Axie Infinity crypto theft [website]. TechCrunch. URL https://techcrunch.com/2022/04/15/us-officials-link-north-korean-lazarus-hackers-to-625m-axie-infinity-crypto-theft/ Page, C., 2022. North Korean Lazarus hackers linked to $100M Harmony bridge theft [Website]. TechCrunch. URL https://techcrunch.com/2022/06/30/north-korea-lazarus-harmony-theft/ Staff, n.d. Lazarus Group (G0032) [Wiki]. Mitre ATT&CK Navigator. URL https://mitre-attack.github.io/attack-navigator//#layerURL=https%3A%2F%2Fattack.mitre.org%2Fgroups%2FG0032%2FG0032-enterprise-layer.json Staff, n.d. Lazarus Group, Labyrinth Chollima, HIDDEN COBRA, Guardians of Peace, ZINC, NICKEL ACADEMY, Group G0032 [Wiki]. MITRE ATT&CK®. URL https://attack.mitre.org/groups/G0032/ Staff, n.d. Lazarus Group [Wiki]. Tidal Cyber. URL https://app.tidalcyber.com/groups/0bc66e95-de93-4de7-b415-4041b7191f08-Lazarus%20Group Staff, January 2023. Best Practices for MITRE ATT&CK® Mapping [White Paper]. Cybersecurity and Infrastructure Security Agency (CISA). URL https://www.cisa.gov/news-events/news/best-practices-mitre-attckr-mapping Staff, March 2023. CISA Releases Decider Tool to Help with MITRE ATT&CK Mapping [Announcement]. Cybersecurity and Infrastructure Security Agency (CISA). URL https://www.cisa.gov/news-events/alerts/2023/03/01/cisa-releases-decider-tool-help-mitre-attck-mapping Staff, n.d. List of top Cryptocurrency Companies - Crunchbase Hub Profile [Website]. Crunchbase. URL https://www.crunchbase.com/hub/cryptocurrency-companies Strom, B.E., Applebaum, A., Miller, D.P., Nickels, K.C., Pennington, A.G., Thomas, C.B., 2020. ATTACK Design and Philosophy March 2020 Revision [White Paper]. Mitre. URL https://www.mitre.org/sites/default/files/publications/pr-18-0944-11-mitre-attack-design-and-philosophy.pdf

Cyber Security is big business. In fact, it's estimated to be worth $160 billion. But that's likely to be peanuts compared to the value of cyber crime, which is estimated to cost the global economy $600 billion in 2022 - nearly 1% of the global economy. And just one corner of that - ransomware - costs the same in damage and paid-out fees as the entire cyber security industry: $160 billion. In fact, if ransomware was a country, its GDP would be higher than Morocco or Kuwait. In this episode, we'll be examining the rise of ransomware, where the risk lies in modern-day attacks, who is behind them, and what we can do about it.For Hewlett Packard Enterprise Senior Vice President and Global Chief Security Officer Bobby Ford, defeating ransomware is a constant and growing battle because its a straightforward payout for criminal gangs - there is no need to try and sell stolen data on the dark web or to foreign governments, you simply sell the victim back their access. He argues that the key to protecting ourselves is twofold. Firstly, use two-factor authentication wherever possible to guard against human weak-points such as opening infected emails. Secondly, be prepared to defend yourself. Be aware of the threats and where they are coming from, and mitigate them where you can, so long as it doesn't affect the running of your organisation. Beyond that, have a plan in place for being attacked, be that data recovery or, unfortunately, paying up. Chris Rogers is a Technologist at cyber security firm Zerto. He agrees that ransomware can be hard to avoid because humans are an inherent weakpoint, and ransomware attacks often come through human social engineering rather than password cracking. He points out that even momentary downtime can cause millions of dollars in damages. He agrees with Bobby that robust, quickly spooled up backups are an essential part of doing business. Unfortunately, that's easier said than done: Backups can sometimes be limited access, which is great for security but leaves organisations vulnerable if the key holder isn't immediately available. Beyond that, backups have to maintained incredibly regularly, as even a day's lost work for a large organisation can be a major blow. On the other hand, any back-up is better than no preparation at all. But how are cyber security threats like ransomware being treated at the very top of the tree? When it comes to cyber security, it doesn't get much more high value or (hopefully) secure than financial institutions. George Webster is chief Security Architect for HSBC. His office is tasked with quickly assessing threats, in particular APTs or Advanced Persistent Threats, and providing tools to counter them. He argues that the primary risk increase of the last couple of years has been people working from home, in situations where there are distractions and their security awareness may not be as strong as it was in the office. He also argues that on a wider level, it's not just staff who become more vulnerable as they are spread out: As ransomware becomes an increasing problem internationally, no organisation is safe anywhere in the world and being aware of the risk is key to countering it without shutting yourself off from the outside.The long show notes for this episode can be found here: https://community.hpe.com/t5/hpe-blog-uk-ireland-middle-east/ransomware-should-we-be-worried/ba-p/7183709#.Y_3FpHbP1PY 

In today's podcast we cover four crucial cyber and technology topics, including: 1.F5 fixes flaws, one severe in Big-IP product 2.Heroku users receive email to reset passwords after data theft 3.Researchers link ransomware strain to North Korean hackers 4.Chinese Winnti campaign targeting copyright, trademark data disclosed I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

What do Sony and the Bank of Bangladesh have in common? Were they both hacked by Club Penguin using the North Korean malware known as Hidden Cobra? While Nate raises important questions about Club Penguin's involvement in the attempted theft of $850,000,000.00, Joshua went on a 34 minute rant about EDR, MDR, and DDR (don't worry - it was cut for time!). In this episode, we talk about phishing emails, Secure Email Gateways (AKA SEGways), and the importance of having a firm grip on financial procedures.

Welcome! Good morning, everybody. I was on WTAG this morning with Jim Polito.  We had an interesting discussion about North Korea and their extensive hacking efforts, who is supporting them, and why.  Then we got into Social Media censorship and Birdwatching and how the left has succeeded in shutting down conservative opinion. Here we go with Jim For more tech tips, news, and updates, visit - CraigPeterson.com. ---  Automated Machine Generated Transcript: Craig Peterson: [00:00:00] Good morning, everybody. Craig Peterson here this morning, we talked about Canada being a big hacker nation and the other big one, there's really top three if you will. So that's what we got into today. A lot of people just weren't expecting what's happening. It's crazy. So we get into why Mr. IL is out there hacking and it was a surprise to Jim, anyway., Hopefully, you got my email this morning. I got another one Thursday. We've got some little training things coming up that I want you to pay attention to all part of this launch of the finally the improving windows security course. No, we had a name. We had like working names, everything else, you know how that goes, but the whole idea behind the course is how to improve your windows security to that next level. All right, everybody, take care. And here we go. Jim Polito: [00:00:59] Craig Peterson, the Tech-Talk guru and our good friend who joins us every Tuesday at this time. Good morning, sir. Craig Peterson: [00:01:06] Good morning. Jim Polito: [00:01:08] Hey, we're going to get some Some of your, Canada like weather, just a little bit, little snow. Hey, a little snow. Craig Peterson: [00:01:17] Have you seen this? A Northwest territory's Buffalo airways show. They have it on the weather channel at times at night, sometimes. They're up in the Northwest territory up in Yellowknife. They're flying to places, Calgary, Edmonton, red deer, that's south to them.  I never moved this far North as those guys. Yeah. Jim Polito: [00:01:39] You might as well be in Alaska seriously. Craig Peterson: [00:01:43] Yeah. Yeah, exactly. Jim Polito: [00:01:48] Here's something I want to talk about still more about social media and censorship and everything else that's going on, but I do want to ask you about. The country in the world that is probably the least high tech or one of the least high tech. You see a satellite picture of this country at night and there aren't many lights on, and yet they couldn't be one of the best hacking units in the world. I think I'm giving it away as to who it is, Craig, but I'll let you, yeah. Craig Peterson: [00:02:25] Yeah. It's Canada. Jim Polito: [00:02:27] No, that was pretty good because if you get, if you see a picture of the Northwest territories at night, there aren't any lights up the other than the Northern lights. Craig Peterson: [00:02:41] The Northern half of Canada has a total of just over a hundred thousand people that said something like two-thirds of the population lives within a hundred miles of the US border. But no, that's not it here. We're talking about cybersecurity and cybersecurity has become a real problem. In fact, Rhode Island. Now you can call 211 to report cybercrime in Rhode Island. In Mass, there is a 211 is you probably could, but Rhode Island has been really leading this somewhat and setting this up. For cybercrimes and includes cyber-stalking, identity theft, financial fraud, cyberbullying. They've been trying to stay ahead of this game. So what we're talking about right now is this state-sponsored hacking. Now countries, if you look at Russia, you look at China, they're hacking us as part of what kind of world war three right. What's the easiest way for us to attack the United States. It's via cyber. We've seen power outages in some of these countries, including Iran lately. There's a lot of speculation that it's us doing that to them. Although Iran says the reason that they've had power outages is that too many people are trying to mine Bitcoin cyber currencies. They use too much electricity and we didn't allot for that then. They shut down 1600 cyber mining facilities within Iran. There are countries like Iran that want the cash and North Korea, believe it or not, is one of the leaders out there because they want their hands on money. They have a number of different groups out there. There's a Lazarus group, which is probably the best known, Hidden Cobra is another one of them. They do all kinds of extortion and ransom and just general online so that they can get their hands on money. There's an estimated of I've seen various numbers, about three to 6,000 people in North Korea that are very advanced technologically. They have gone to foreign universities. Look at current leader of North Korea. He went to school over in England, and it's just amazing. Some of the things we let these other countries do. Now they have what Kim Jong himself calls an all-purpose sword that guarantees North Korea military capability to strike relentlessly. The main reason they're doing this is getting their hands on hard currency. Jim Polito: [00:05:32] That makes sense. We're talking with Craig Peterson, our tech talk guru. So Craig, the expression if only you had used your powers and skills and talents for good. This type of high-tech hacking, that requires smart people requires some hardware, requires software, all of this, they're doing it just to steal, so that they can fund them, shall we say, hermit nation.  As I said, you take a satellite picture of the nation at night and there's hardly any lights on because there's just, the people are living in a primitive society. So that's their motivation. When you look at Yosef Stalin when he first became a communist, this was before they had over three around the czar, he was a bank robber, robbing banks for money, for the Bolsheviks, for the revolution. Isn't that basically what they're doing here in North Korea, although they've already had their communist revolution. Craig Peterson: [00:06:40] Yeah, they are. That is what they're doing. They're trying to fund this so that they can feed their people. Remember people are starving in North Korea. These are defectors their medical conditions are just insane, crazy.  They're also directly tied into China. So even though they're obviously playing not even second fiddle there they're way in the back in a different auditorium, from China. China is a huge cyber threat and frankly. Russia and China and then North Korea is right behind them. China is actually providing them with some of this technology to do the hacking as well, which is absolutely fascinating to me.  China is continuing to support North Korea, but it's doing it by giving them technology, giving them training, allowing North Koreans into their universities. Specifically, so that they can learn how to hack computers in the United States, as well as other countries, and fund themselves. So they don't have to keep coming back to China for more money and grain and oil and everything else for free at the very least they'll be able to pay for it. It's like the kid in the basement you're trying to get rid of, and not everyone can get on that hermit out of the basement and put them into the white house. Jim Polito: [00:08:01] Wow. We're talking with Craig Peterson tech talk. We will tell you how you can get in touch with him at the end of this segment. But Craig, we just got a few more minutes here. Anything new in social media? I heard Twitter invented, what is it? Bird something or bird catcher or whatever. This system that's supposed to identify tweets that are inappropriate. Does this really mean anything? Craig Peterson: [00:08:34] Yeah, they've been doing it for quite a while. It's called birdwatch and this is a community-based.  Here's what's really been going on and no one, I don't understand why, but I haven't heard anyone else talk about this. Jim. This is a first in the media, but the problem we have out there is that Twitter and Facebook, they don't have the time. They don't have the resources, even the artificial intelligence to be able to monitor all of the tweets and catch the bad ones. The way they find the tweet that they want to shut down is they get people reporting them. So now they've made this more formal by calling this community, birdwatch and doing all of this stuff. Here's what happens, you post something online that is maybe slightly questionable, especially if you'd take it the wrong way. There are people who are sitting there again in the basement I'm running for president, or maybe they've never gotten a job, or maybe it's both. They're watching a few social media accounts. They think of these hacking communities overseas, where you have all of these people. Pretending to be someone else. As they're pretending to be someone else there, they're posting and trying to change our opinion, right? So much of these bots, et cetera, we're not going to get into that right now. The reason Twitter shuts things down is that somebody reports. Now you or I, we looked at a tweet and say that guy's an idiot and we move on. But the people on the left, particularly the far left, all see a tweet and they will say, okay, we can get them on this one. They then have a few hundred of their fellow community members report that person, tweet to Twitter. Twitter then has to respond based on his community standards because so many people were complaining. You got a 24-hour ban or demonetization. That's the big secret behind all of this? It's these kids, bad guys obviously not all of them are young kids who are sitting there watching certain accounts reporting on mass. People w via different people and different bonds. That this is really offensive to them and now Twitter has something to fall back on. Jim Polito: [00:11:09] Yeah. And you know what? They destroy a lot of conservatives and I've had it. I've had it happen to me. That's why everything I write on Twitter, anywhere else, is something that I would not be afraid to say to a priest, my late mother, when she was alive, anyone like that is.  I have my political opinions, but the way in which I convey them, I do it in a way that's not offensive, but even doing that, they keep reporting. You can get hurt and that's scary. That is scary. Craig. If folks want to get more information from you what do they do? Craig Peterson: [00:11:52] I sent out this morning, in fact, a video to everyone that's on my email list, and I've got another email going up Thursday. I've got some more training coming out. This is all training stuff, people, and you can get on that list. Just go to Craig peterson.com. You can subscribe right there. Craig Peterson.com/subscribe. If you'd like. All of my podcasts are up there. You can get copies of these special reports. Like the one, I released today and much, much more just Craig peterson.com. Jim Polito: [00:12:25] All right, Craig. Thanks so much, great information. We'll catch up with you. Craig Peterson: [00:12:30] Take care. Thanks. Jim. Jim Polito: [00:12:32] Thanks. Bye-bye, all a final word. When we return. ---  More stories and tech updates at: www.craigpeterson.com Don't miss an episode from Craig. Subscribe and give us a rating: www.craigpeterson.com/itunes Follow me on Twitter for the latest in tech at: www.twitter.com/craigpeterson For questions, call or text: 855-385-5553

Hidden Cobra inserts Lazarus malware into security management chains. Malsmoke malvertizing doesn’t need exploit kits, anymore. Ransomware operators shift toward social engineering as the ransomware-as-a-service criminal market flourishes. Draft EU data transfer regulations implement the Schrems II decision. Robert M. Lee from Dragos shares a little love for the lesser-known areas of ICS security. Our guest is Greg Smith from CAMI with insights on promoting cyber capabilities at the state level. And the next thing in disinformation? No surprises here: it’s COVID-19 vaccines. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/222

This week, Dr. Doug talks Bumble, Facebook Scams, Mudge, CISA, Hidden Cobra, and Lazarus Group! All this and Jason Wood returns for Expert Commentary on the Security Weekly News!   Show Notes: https://securityweekly.com/swn83 Visit https://www.securityweekly.com/swn for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Dr. Doug talks Bumble, Facebook Scams, Mudge, CISA, Hidden Cobra, and Lazarus Group! All this and Jason Wood returns for Expert Commentary on the Security Weekly News!   Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn83

This week, Dr. Doug talks Bumble, Facebook Scams, Mudge, CISA, Hidden Cobra, and Lazarus Group! All this and Jason Wood returns for Expert Commentary on the Security Weekly News!   Show Notes: https://securityweekly.com/swn83 Visit https://www.securityweekly.com/swn for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Notes on Election Day security, from CISA. The Maze gang finally releases its press release announcing that it’s going out of business. Mr. Snowden applies for dual Russian-American citizenship. Ben Yelin shares his thoughts on Mark Zuckerberg’s recent Senate testimony. Our guest is Karlo Zanki from Reversing Labs on Hidden Cobra. And a botmaster gets eight years after copping a US Federal guilty plea to conspiracy. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/213

Denial-of-service attacks continue to cripple New Zealand’s NZX stock exchange. The Empire criminal market has exited, and done so with its users funds. US authorities have filed for civil forfeiture of Hidden Cobra’s stolen crytpo assets. An Instagram hijacking campaign is under way. Qbot and Emotet are back, and together again. The former Green Beret who allegedly spied for the GRU offers an insight into his (alleged) motives. We welcome our newest partner to the show, Betsy Carmelite from BAH. Our guest is Mark Calandra from CSC on their 2020 domain security report that revealed shortfalls among the Forbes Global 2000. And the unnamed company cited in the arrest of a Russian national this week has now been named: it’s Tesla.  For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/168

In today's podcast we cover four crucial cyber and technology topics, including: 1. Experian South Africa, discloses breach, claims no user credit, or financial data stolen 2. Taiwan alledges Chinese hackers compromised at least 6,000 government accounts 3. U.S. Government provides details on new "BLINDINGCAN" RAT used by North Korea4. U.S. Senate to weigh in on legal uses of Facial recognition, bio metric data I'd love feedback, feel free to send your comments and feedback to | cyberandtechwithmike@gmail.com

Twitter permanently suspends DDoSecrets for violating its policy with respect to hacked material. DDoSecrets explains its thinking with respect to BlueLeaks. A quick look at a Hidden Cobra hunt. Sino-Australian dispute over hacking may be moving into a trade war phase. Lessons on election management. What do cybercriminals watch when they binge-watch? Joe Carrigan explains the Ripple 20 vulnerabilities. Cybersecurity Canon week continues with Joseph Menn, author of Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World. And some notes on the most malware-infested movie and television fan communities. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/122

In this episode - Bill Swearingen and Joel Bork reveal information not just on the most recent ransomeware attacks and the issues surrounding yet another breach, but also talk about multiple pieces of Hidden Cobra malware (North Korean Government APT) that is targeting Financial Institutions - Cryptocurrencies exchanges in particular. In this episode details on how WannaCry was stopped three years ago and some insights into who the hero of the day actually was - Marcus Hutchins. References: https://www.us-cert.gov/northkorea https://www.wired.com/story/confessions-marcus-hutchins-hacker-who-saved-the-internet/

Unattributed cyberattacks in an Iranian port prompt speculation that a broader cyberwar in the Middle East may be in the offing. CISA releases malware analysis reports on North Korea’s Hidden Cobra. Astaroth malware grows more evasive (and it was already pretty good at hiding). Texas courts sustain a ransomware attack. COVID-19 espionage warnings are on the way. Twitter’s misinformation warning system. Ben Yelin describes a Fourth Amendment case on automated license plate reader (ALPR) databases. Our guest is Brian Dye from Corelight on dealing with encrypted traffic without compromising privacy. And taking down Plandemic’s trailer. For links to all of today's stories check out our CyberWire daily news brief: https://thecyberwire.com/newsletters/daily-briefing/9/92

A new Monero miner is out and about. Hidden Cobra is pushing a RAT through a Trojanized two-factor authentication app. The rise and fall of a botnet. Markets, criminal and legitimate, react to the pandemic. Ransomware hits Taiwan. Remcos is resurgent. Michael Sechrist from BAH on where things are headed with ransomware, our guest is Rachael Stockton from LastPass on their Psychology of Passwords report. And, despite what you saw on Twitter when you were “doing your own research,” 5G does not cause COVID-19, and telecom repair crews are not agents of the Illuminati. For links to all of today's stories check out our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/May/CyberWire_2020_05_07.html

Tensions between China and its neighbors. ICS incursions are troubling. The US intelligence community comments on COVID 19 disinformation. The FBI tracks increased cybercrime activity during the pandemic. Johannes Ullrich explains Excel 4 Macro vulnerabilities. Our guest is Tina C. Williams-Koroma, from TCecure on the importance of strong, effective leadership in cybersecurity. And smile for the web-cam. Your boss may be watching. For links to all of today's stories check out our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/May/CyberWire_2020_05_01.html

The US indicts Huawei for racketeering. The FBI and CISA release details on malware used by North Korea’s Hidden Cobra. Iran attributes last week’s DDoS attack to the US. Google takes down a big malvertising and click-fraud network that exploited Chrome extensions. Reports surface of DNC involvement in IowaReporterApp. Not all official advice is necessarily good advice. And if things don’t work out with your object of affection, don’t spy on their social media accounts, OK? Craig Williams from Cisco Talos with updates on JhoneRAT. Guest is Shuvo Chatterjee from Google on their Advanced Protection Program (APP). For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_14.html Support our show

Spy versus spy, in America, Canada, and Australia, with special guest stars from the Russian and Chinese services. The US Treasury Department issues more sanctions against North Korea’s  Reconnaissance General Bureau, better known as the Lazarus Group or Hidden Cobra. Russian election influence goes local (and domestic). Password manager security problems. And why does your flashlight want to know so much about you? Justin Harvey from Accenture with insights on HTTPS and phishing.

Fxmsp may have breached three anti-virus companies. US-CERT and CISA warn against a new North Korean malware tool being used by Hidden Cobra: they’re calling it “ElectricFish.” A changing of the guard at Symantec. Former Facebook insiders call for breaking up the company and for more regulation. Facebook disagrees about the breakup, but says it likes the idea of regulation. Two indictments are unsealed--one for leaking classified information, the other for the Anthem breach. Johannes Ullrich shares some vulnerabilities involving tools from Google. Verizon DBIR coauthor Alex Pinto shares this year’s key findings.

Julian Assange is out of the Ecuadoran embassy and in British custody. He’s been found guilty of bail jumping, and will face extradition to the US on charges related to conspiracy to release classified material. Hidden Cobra is back with a new Trojan: “HOPLIGHT.” Kaspersky describes Operation SneakyPastes. IBM Security finds organizations don’t exercise incident response plans. Two New Jersey high school boys are in trouble for jamming Secaucus High’s wi-fi.  Jonathan Katz from UMD with his response to a skeptical critique of quantum computing. Guest is Maurice Singleton from Vidsys on the convergence of IoT security devices and IT security. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_11.html  Support our show

In today’s podcast, we hear that Microsoft has disclosed a Fancy Bear sighting, snuffling around Atlanticist think tanks in Europe. Ukraine says, in effect, see, we told you so. Speaking of bears, it seems that North Korea’s Hidden Cobra may be striking at the biggest bear of them all, going after Russian targets. There’s new decryptor available for GandCrab ransomware. Citizen Lab and NSO Group’s new partial owner exchange notes. A look at a ransomware help desk. Mike Benjamin from CenturyLink with an update on the Necurs botnet. Guest is Tommy McDowell from the R-CISC (the retail ISAC) on the importance of sharing threat data.

Digital Shadows CISO Rick Holland, Dr Richard Gold and Simon Hall join Rafael Amado to cover the Hidden Cobra FASTCash campaign alert issued by US authorities, detailing ATM cash out campaigns performed by North Korean actors. The team look over the Five Eyes joint report into publicly available hacking tools. And, finally, are companies who use MSPs at greater risk of attack? For more on the Powershell blog referenced by the Five Eyes report, visit: https://www.digitalshadows.com/blog-and-research/powershell-security-best-practices/

The black letter law and articles discussed in this episode: John Bolton gets rid of the “cyber czar” position in the NSC on Lawfare https://www.lawfareblog.com/boltons-magnificent-idea-nix-white-house-cyber-czar Cyber czar removal article on Ars Technica https://arstechnica.com/tech-policy/2018/05/trump-closes-job-opening-for-cyber-czar-raising-protests-from-congress/ Senator King and Senator Lankford question the intelligence community on cyber preparedness http://transcripts.cnn.com/TRANSCRIPTS/1802/13/ath.01.html Correction: The National Protection and Programs Directorate (NPPD) at DHS https://www.dhs.gov/national-protection-and-programs-directorate NIST Cybersecurity Framework 1.1 https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf Cybersecurity Information Sharing Act of 2015 https://www.dni.gov/index.php/ic-legal-reference-book/cybersecurity-act-of-2015 OPM hack https://www.lawfareblog.com/why-opm-hack-far-worse-you-imagine Hidden Cobra alert https://www.us-cert.gov/ncas/alerts/TA18-149A Proof of concept of a car hack https://www.wired.com/story/car-hack-shut-down-safety-features/ Ukrainian Power Grid hack https://ics.sans.org/media/E-ISAC_SANS_Ukraine_DUC_5.pdf Bowman Dam, Rye Brook, New York SCADA system hacked https://www.nytimes.com/2016/03/26/nyregion/rye-brook-dam-caught-in-computer-hacking-case.html Paul Rosenzweig is a senior advisor at the Chertoff Group, a lecturer at George Washington University Law School and a senior fellow at the R Street Institute https://www.rstreet.org/team/paul-rosenzweig/ Paul’s Lawfare feed https://www.lawfareblog.com/contributors/prosenzweig Follow Paul on Twitter: https://twitter.com/@RosenzweigP

In today' s podcast, we hear that the US has attributed two more strains of malware to North Korea. And whether you call them Hidden Cobra or the Lazarus Group, it's the same reliable crew of Pyongyang hoods. More trouble for the ICO world as unknown but probably bad actors scan for misconfigurations in EOS blockchain nodes. Canadian banks decline to pay extortion. Joker's Stash counterfeits show there's even less honor among thieves than you may have thought. Baratov gets five years for the Yahoo! hack, and "Courvoisier" gets a solid ten-year sentence for multiple crimes. Justin Harvey from Accenture with thoughts on GDPR. Guest is Ruvi Kitov from Tufin on why automation should be in wider use than it is.  

In today's podcast, we hear about an attempted banking hack in Mexcio. Hidden Cobra gets busy around diplomacy. The FacexWorm adds cryptomining functionality. SamSam ransomware looks to catpure entire enterprises. A Sunday Times investigation finds that Russian Twitterbots tried to swing British voters toward Labour. The US House Intelligence Committee has released its report on influence operations during the last US Presidential election. Researchers find that teams and committees are different things. Robert M. Lee from Dragos on regulations vs. incentives. Guest is Dan Lyon from Synopsys on IoT security.  

In today's podcast, we hear reports of cyber reconnaissance of Turkish financial institutions: Hidden Cobra is the suspect. The Chinese government appears to have finagled its national vulnerability database to afford misdirection to cyber operations. Cryptomining attempts hit Windows endpoints. Other cryptojacking campaigns afflict vulnerable servers. Memcrash DDoS hits new targets. The US Administration hints at possible cyber policy changes. Emily Wilson from Terbium Labs, on the issue of trying to spend our way to security. Guest is Priscilla Moriuchi from Recorded Future, with research documenting a backdating issue in the CNNVD, China’s National Vulnerability Database. 

Episode 246: ControlTalk NOW — Smart Buildings PodCast for week ending November 19, 2017 features interviews with two of the industry’s most prominent thought leaders, BuildingContext.me’s editor, Therese Sullivan, provides CoreTech coverage and Co-Founder and Partner, John Petze discusses SkyFoundry’s 13 Billion Sq Ft worth of success and the roadmap ahead. Special shout out to Samuel Elkins, Portrait & Commercial Photographer extraordinaire, based in Salt Lake City, UT. More news: Good luck to Phil Zito, who is running full-time with Building Automation Monthly; Project Haystack’s latest update; Belimo releases 6-way electronic pressure independent valve with NFC; Homeland Security Advisory: HIDDEN COBRA; Contemporary Controls announces pre-built CVTRU application now available; and Johnson Controls introduces their VP140 PICV valve series. ControlTalk NOW first guest interview with Therese Sullivan, Principal, BuildingContext.me. Therese does a fabulous job updating the ControlTrends Community on CORE TECH 2017 and what’s new from Silicon Valley. Iot and OT on big campuses have bright futures ahead, drone cleaning crews keep your skyscrapers clean 24/7, UBER says buku city garage space available for re-purposing, Building Therapeutic Center to be the Largest Net Zero project to date, and much more. Visit Therese at BuildingContext. The Easy Way to Make The Internet of Things Device Data Just Work! Data, Data everywhere! As the smart building controls world explodes, and systems become more robust, they consume and need a new type of fuel, DATA! But how do you make this data usable? It is kind of like the problem the United Nations had when they designed the UN. You have all these different participants coming together to work, but they all speak different languages. Nothing gets done until they can understand each other. Without some sort of translator nothing happens. Sign up for Memoori’s Making Internet of Things Device Data Just Work! A Q&A Webinar with Project Haystack. Belimo Releases the new 6-way Electronic Pressure Independent Valve (ePIV) with Near Field Communication (NFC). Now available! Belimo‘s non-spring return 6-way electronic pressure independent valve (ePIV) assemblies with Near Field Communication (NFC) and an ultrasonic flow meter. The ½” offers flow setting to 5.5 GPM and the ¾” with flow setting to 10.3 GPM ideal for ideal for chilled beams and radiant ceilings. The compact valve has the functionality of four 2-way control valves saving space, material and installation time. Homeland Security Advisory TA17-318B: HIDDEN COBRA – North Korean Trojan: Volgmer. Overview: This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS and FBI identified Internet Protocol (IP) addresses and other indicators of compromise (IOCs) associated with a Trojan malware variant used by the North Korean government—commonly known as Volgmer. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information on HIDDEN COBRA activity, visit https://www.us-cert.gov/hiddencobra. Contemporary Controls Announcement Pre-Built Constant Volume RTU Applications Now Available. re-Built applications make it easy to utilize a Contemporary Controls‘ BASC22 BACnet/IP Sedona Unitary controller in constant volume air-handling (AHU) or constant volume rooftop unit (RTU) applications. Although the BASC22 is a 22-point freely-programmable controller using Sedona as the control language, it can be made into a configurable controller by installing one of five versions (CvRTUv1-CvRTUv5) of constant volume AHU/RTU applications into the controller from the CvRTU Application Series. ControlTalk NOW second guest interview is with SkyFoundry’s Co-Founder and Partner, John Petze. John spells it out — move forward with basic evaluations that are scalable, whether it’s at the edge on a cluster of field buses serving locally, or in the cloud on a huge Amazon server, make your decisions and base your workloads — using proven tools and accurate information. SkyFoundry’s SkySpark deployments have achieved an incredible milestone of ONE BILLION Square Feet worldwide with their Partner Channel, which consists of a network of over 125 authorized systems integrators, specialty engineering firms and OEMs, that implement SkySpark for end users. Read more. The post Episode 246: ControlTalk NOW — Smart Buildings PodCast for Week Ending November 19, 2017 appeared first on ControlTrends.

In today's podcast, we hear about more misconfigured S3 buckets (these in Australia). Kaspersky Lab protests its innocence as it releases a study of Equation Group leaks. Notes from the world of crime: dual-purpose Trojans, fake-news-as-a-service, and how the cops are keeping the robbers hopping. Some thoughts on Hidden Cobra, and what it means for ICS operators in particular. More positive notices for the VEP. Chris Poulin from BAH on AI ethical conundrums with self-driving cars. Jeremy Wittkop from InteliSecure on the trouble with Social Security Numbers. And Amazon Key may unlock more than one would like.  

What is a SLAPP Suit? Let's say you own a small business called "Policy Town Fajitas". You think your business is second-to-none. You've invested in it--time, sweat, money and otherwise ... But then, all of a sudden, one of your customers doesn't fancy your business as much as you do. So they post a negative review about your business on a site like Yelp. They say your "chicken fajitas taste like pigeon and that's how I know it's not authentic Mexican food." If you're like most businesses, you try to improve (such as by switching to chicken meat). But some businesses try to turn the tables by putting the reviewer on the defensive. Let's call the reviewer Mrs. Davis. So you file a lawsuit against Mrs. Davis that is simply designed to drive her absolutely nuts. Eventually, you hope, Mrs. Johnson will decide to delete her review. That lawsuit is called a "strategic lawsuit against public participation", but we just call them SLAPP suits.    Now, we know you would NEVER serve up pigeon fajitas. But what are the policy implications of SLAPP suits, particularly as they relate to online freedom of speech? Here to discuss SLAPP suits is Laurent Crenshaw (@LCrenshaw), Yelp's head of Federal Public Policy in Washington DC. At Yelp Laurent has championed the company's federal efforts to protect consumer freedom of speech on the Internet, and worked to implement Yelp as a tool for the federal government. Prior to joining Yelp in 2013, Laurent worked in the House of Representatives for over 11 years. During his tenure he served as the Legislative Director for Representative Darrell Issa focusing on technology policy issues, particularly in the areas of intellectual property, telecommunications and Internet law; and also worked in the offices of the House Majority Whip and House Republican Conference. Laurent successfully worked on numerous legislative efforts including the passage of the Leahy-Smith America Invents Act in 2011 and the fight to defeat SOPA and PIPA in Congress. Additionally, Laurent also serves on the board of directors for Public Knowledge and as a member of the American Library Association's Public Policy Advisory Council. Laurent obtained his undergraduate degree in International Relations from Stanford University in 2002 and his Juris Doctor degree from American University's Washington College of Law in 2010. Resources Yelp's Public Policy Blog SPEAK FREE Act (Congressional Anti-SLAPP Suits legislation) Zero to One: Notes on Startups, or How to Build the Future by Peter Thiel News Roundup Amazon is acquiring Whole Foods for $13.7 billion.  Experts see the move as a direct hit on big box retailers like Wal-Mart and Target, whose shares tumbled sharply on news of the announcement. Analysts see it as a significant step by Amazon to substantially expand its warehouse and local supply chain operations. Laura Stevens has more at the Wall Street Journal. One interesting thing to note is that on May 30th, Amazon filed a patent for technology that allows it to block customers from using their phones to "window shop", or check the prices of other stores, while they're on site at an Amazon property. Brian Fung reports on that in the Washington Post. President Trump has officially nominated former Democratic FCC Commissioner Jessica Rosenworcel to return to the agency.  Rosenworcel has strong Democratic support. Her previous four-year term ended last year when the Senate failed to reconfirm her term before it expired. Still open at the FCC is the third Republican seat. Brendan Carr--a current advisor to FCC Chairman Ajit Pai -- is considered the front-runner for that seat although, as of Monday evening, the White House has not yet made the official nomination. The FBI and Department of Homeland Security released a joint announcement saying North Korea has been executing cyberattacks against institutions  worldwide since 2009. North Korean government actors calling themselves "Hidden Cobra" are the culprits, according to the statement, and they have been attacking aerospace, financial and other institutions in the U.S. and around the world. Deb Reichmann reports for the Associated Press. Verizon has completed its $4.5 billion acquisition of Yahoo. Former Yahoo CEO Marissa Mayer resigned with a $23 million package. Alina Selyukh has the story at NPR. The Federal Trade Commission will be opposing the proposed merger of DraftKing and FanDuel--the two largest fantasy sports  sites. In a statement released Monday, the FTC wrote that the combined company would control more than 90% of the market. The families of prison inmates could see their phone charges for calling incarcerated loved ones shoot back up to as much as $14 per minute. The Obama-era FCC had placed caps on those calls that ranged to between 14 and 49 cents per minute. But the DC Circuit Court of Appeals ruled last week that the FCC did not have the authority to regulate those rates. The Court ruled that the FCC lacked the authority to regulate those rates because they pertained to intrastate calls, and not interstate calls, and thus they fall outside the FCC's federal jurisdiction. Zoe Tillman covers this for BuzzFeed. The Indian woman who was raped by an Uber driver in India is suing the company in the U.S. for violating her privacy and for defamation of character. The plaintiff, a Texas resident, has filed as a Jane Doe. Apparently, Uber CEO Travis Kalanick had said publicly that the company would do everything it could to ensure the rapist would be brought to justice. However, behind the scenes, the victim alleges that Uber obtained her medical records in India and then worked to use the information to claim the rape was all a ruse that was orchestrated by Uber's main competitor in India.  Julia Carrie Wong summarized this story in the Guardian. Uber has been embroiled in numerous controversies of late. These culminated last week  in Kalanick being placed on an indefinite leave of absence and top ranking executives being let go. These latest developments were in response to a report spearheaded by former Attorney General Eric Holder that recommended these and other changes at Uber. Facebook has outlined a strategy for weeding out terrorist content on its platform. The company released a blog post last week saying that it has about 150 people on staff nationwide whose job it is to remove all content posted by or in support of terrorists. The company also uses artificial intelligence and other technology to take down content that promotes terrorism on Facebook and its other properties, according to the post. Finally, remember President Trump's Twitter typo a few weeks ago, when he tweeted the word "covfefe" instead of "coverage"? Well, The Hill's Harper Neidig noticed last week that the U.S. Patent and Trademark Office had more than 30 trademark requests containing the word "covefefe" since the flub. 

In today's podcast, we hear that WikiLeaks has dumped more of Vault7. More attribution of WannaCry to North Korea, where Hidden Cobra and the Lazarus Group appear to be one and the same. FIN10 cybercriminals are asking US and Canadian businesses for a big payoff to head off a big doxing. Conventional ransomware hits British universities. Kasperky and Avast release free decryptors for Jaff and EncrypTile. Markus Rauschecker from UMD CHHS reviews China's new cyber laws. Jocelyn Aqua from PwC describes attitudes toward AI. The ISAC process seems to be working. And patch early, patch often.

In today's podcast, we hear that the FBI and the Department of Homeland Security have warned that Hidden Cobra actively pursuing DDoS campaigns. Microsoft patches remaining ShadowBrokers' exploits, even in deprecated systems. The US Congress votes to sanction Russia for election influence operations. Those operations have a long, long history, going back to the 1930s at least. Electrical and natural gas sectors work to protect themselves against CrashOverride. Emily Wilson from Terbium Labs reminds us not to forget the basics. Michael Callahan from Firemon shares survey data suggesting that IT pros spend too much time fixing their coworkers personal devices. Mergers and acquisitions seem to be followed by layoffs—Hexadite is said to be the latest case.