the CyberWire Podcast-logo

the CyberWire Podcast

Technology Podcasts >

The CyberWire Daily Podcast is our look at what's happening in cyberspace. We provide a clear and concise summary of the news and offer commentary from industry experts as well as our Academic and Research Partners. Each Friday, we provide the usual daily summary along with a look back at the news for the entire week. We publish each weekday afternoon (in time for US East Coast drive-time).

The CyberWire Daily Podcast is our look at what's happening in cyberspace. We provide a clear and concise summary of the news and offer commentary from industry experts as well as our Academic and Research Partners. Each Friday, we provide the usual daily summary along with a look back at the news for the entire week. We publish each weekday afternoon (in time for US East Coast drive-time).
More Information

Location:

MD

Description:

The CyberWire Daily Podcast is our look at what's happening in cyberspace. We provide a clear and concise summary of the news and offer commentary from industry experts as well as our Academic and Research Partners. Each Friday, we provide the usual daily summary along with a look back at the news for the entire week. We publish each weekday afternoon (in time for US East Coast drive-time).

Language:

English

Contact:

443-884-6868


Episodes

Looks like Comment Crew, but probably isn't. Facebook breached by spammers. Twitter's big troll trove. Router issues. Who dunnit to YouTube?

10/18/2018
More
In today's podcast, we hear that a campaign reuses some of the old Comment Crew code, but McAfee researchers think it's not the same old Crew. Facebook thinks its big breach was the work of spammers, not spies. Twitter releases a trove of trolling and invites researchers to take a look. Researchers disclose flaws in D-Link and Linksys routers. Ghost Squad says that they downed YouTube the other day, but who knows? And if YouTube goes down, please don't call 911. Dr. Charles Clancy from VA...

Duration:00:19:50

Meddling with the midterms — Special Edition

10/17/2018
More
Kim Zetter is longtime cybersecurity and national security reporter for the New York Times, and author of the book Countdown to Zero Day. She joins us to discuss her recent feature for the New York Times Magazine, titled The Crisis of Election Security. In it she explores the structure and fragile integrity of the US election system, how we got to where we are today, and what can be done to reestablish confidence in the system. Link to Kim Zetter's feature The Crisis of Election...

Duration:00:21:05

Two ways of hacking the vote. BlackEnergy is active in Poland and Ukraine. ISIS and info ops. Hurricane-stressed utility further stressed by ransomware. Silicon Valley governance.

10/17/2018
More
In today's podcast, we hear about election security, and two ways of hacking the vote. DHS points out that the states are getting better about sharing election security information. ISIS sets the template for terrorist information operations. BlackEnergy is back, in Poland and Ukraine, with new, "GreyEnergy" malware. Diplomatic targets prospected in Central Asia. North Carolina, recovering from hurricane damage, also faces some ransomware. Silicon Valley governance receives scrutiny. Craig...

Duration:00:19:30

Facebook in Myanmar. Supply chain seeding attack update. Election hacking. NCSC reports. EU prepares sanctions (Russia feels ill-used).

10/16/2018
More
In today's podcast we hear about social networking for genocide in Myanmar: Facebook takes down the Army's inauthentic and inflammatory pages. The supply chain seeding attack from China remains dubious. Probes of US election infrastructure, and black market offers of voter databases, are reported. GCHQ sees cybercrime as a chronic threat, but state-sponsored cyber operations as an acute problem. EU prepares sanctions against a big country to the east. And farewell to Paul Allen, departed...

Duration:00:18:05

Facebook breach details. Privacy issues and an image problem for advocates. Supply-chain-attack skepticism. Info ops, bikers, and deniable paramilitaries.

10/15/2018
More
In today's podcast, we heat that Facebook has found that fewer users than feared were affected by its breach, but that in this case "fewer" still means "a lot"—nearly thirty-million of them. Do privacy advocates have an image problem? Supply chain seeding attack story draws more skeptical comment. A pipeline accident turns out not to have been a cyberattack. Estonia joins the UK and the Netherlands in an effort to clarify EU cyber sanctions. But Italy pumps the brakes. (Do Putin's Angels...

Duration:00:19:39

Driving GPS manipulation — Research Saturday

10/13/2018
More
Researchers at Virginia Tech investigate possible ways to manipulate GPS signals and send drivers to specific locations without their knowledge. Gang Wang is Assistant Professor of Computer Science at Virginia Tech, and he joins us to share his team's findings. The original research can be found here: https://people.cs.vt.edu/gangwang/sec18-gps.pdf The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative. Thanks to our sponsor Enveil, closing the...

Duration:00:27:28

Busy Bears, again. Mixing IT and OT is a risky business. New Android Trojan. Supply chain seeding attack updates. Facebook purges more "inauthentic" accounts. Data privacy. Cyber sanctions.

10/12/2018
More
In today's podcast we hear that Ukraine says it's under cyberattack, again. ESET connects Telebots and BlackEnergy. Port hacks suggest risks of mixing IT and OT. Talos finds a new Android Trojan. Skepticism over Chinese supply chain seeding attack report continues. Facebook purges more "inauthentic" sites—this time they're American. Data privacy regulation is trending, in both Sacramento and Washington. EU will consider cyber sanctions policy. NATO looks to cyber IOC. Alleged SIM-swappers...

Duration:00:24:57

Seeding-attack skepticism. MSS officer arrested, will face industrial espionage charges in the US. Russia says again that it didn't hack the OPCW.

10/11/2018
More
In today's podcast, we hear that the report of Chinese supply chain seeding attacks comes in for more skepticism: NSA never heard of it, and Congress would like some answers. The US has an officer of China's MSS in front of a Cincinnati court on charges of industrial espionage: he was extradited this week from Belgium. Notes on officers and agents. Russia repeats denials of hacking the Organisation for the Prevention of Chemical Warfare. Ben Yelin from UMD CHHS with a court case on cell site...

Duration:00:20:19

Updates on supply-chain seeding reports. DDoS in Ukraine. GAO reports on US weapon system cyber vulnerabilities. Bugs exploited by Mirai persist. Patch note and toe dialing.

10/10/2018
More
In today's podcast we hear that there's no consensus, yet, on Bloomberg's report of Chinese seeding attacks on the IT hardware supply chain. Ukrainian fiscal authority sustains DDoS attack. GAO reports on cyber vulnerabilities in US Defense Department weapon systems. Xiongmai DVRs and cameras still exhibit bugs exploited by the Mirai botnet. Patch notes. And a lizard toe-dials from a veterinary clinic—he wasn't a patient; just visiting. Robert M. Lee from Dragos with insights on the...

Duration:00:20:48

Update on supply chain seeding reports. GRU comes in for more criticism. UK prepares cyber retaliatory capability. Power grid resilience. Panda Banker. Google's good and bad news.

10/9/2018
More
In today's podcast we hear that Bloomberg's report of a Chinese seeding attack on the IT hardware supply chain comes in for skepticism, but Bloomberg stands by—and adds to—its reporting. Everyone is seeing Russia's GRU everywhere, and Russia feels aggrieved by the accusations. The UK prepares a retaliatory cyber capability. The US looks to grid security. Cylance describes Panda Banker. Google had a good day in UK courts Monday, but a bad day elsewhere. Justin Harvey from Accenture with...

Duration:00:19:50

Cryptojacking criminal capers continue — Research Saturday

10/6/2018
More
Researchers at Palo Alto Networks' Unit 42 have been tracking the rise of cryptocurrency mining operations run by criminal groups around the world. Ryan Olson is V.P. of threat intelligence at Palo Alto Networks, and he joins us to share what they've learned. The original research can be found here: https://researchcenter.paloaltonetworks.com/2018/06/unit42-rise-cryptocurrency-miners/ The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative. Thanks to...

Duration:00:22:41

Reports of Chinese seeding attacks on the supply chain. Five Eyes and other allies push back at Russia's GRU. NPPD to become Cybersecurity and Infrastructure Security Agency

10/5/2018
More
In today's podcast, we hear more on the possibility that China's Peoples Liberation Army engaged in seeding the supply chain with malicious chips. Companies deny it, but Bloomberg stands by its story. All Five Eyes denounce Russia's GRU for hacking. Russia responds unconvincingly. And the NPPD will become a new agency within the US Department of Homeland Security, and the lead civilian agency responsible for cybersecurity and critical infrastructure protection. Malek Ben Salem from Accenture...

Duration:00:23:53

Bloomberg reports a seeding attack on the supply chain by Chinese intelligence services. GRU is named, shamed, indicted, and expelled.

10/4/2018
More
In today's podcast, we hear that Bloomberg reports that a Chinese hardware hack has infested sensitive US supply chains. Dutch authorities expel GRU officers for attempting to hack the international body investigating the nerve agent attacks in Salisbury. Australia, the UK, and Canada all finger the GRU as responsible for high-profile cyberattacks. The US indicts seven GRU officers for a range of hacking-related crimes. Craig Williams from Cisco Talos with tips on getting the most out of...

Duration:00:19:45

Facebook breach updates. Bogus Zoho Office Suite. Brazil's big botnet. Vulnerable router firmware. Patch news. A DGSI officer arrested for dark web collusion with the mob. Bad Fortnite cheats.

10/3/2018
More
In today's podcast, we hear that Facebook continues to investigate its breach, and says it's not found any evidence of apps compromised through Facebook Login. Irish authorities open a GDPR investigation of Facebook. Bogus offers of Zoho Office Suite are malicious. A big botnet hits Brazil's banking customers. Home routers found vulnerable. Google and Adobe patch. A DGSI officer is arrested in France for dark web trafficking. FEMA tests its emergency text system. Fortnite cheats are bad...

Duration:00:19:53

RDP exploitation. More on the Facebook breach. Google and content moderation. Reaper Group stayed busy even after US-DPRK summit. Spyware in Canada. Hacking an airport.

10/2/2018
More
In today's podcast we hear that the US FBI and DHS warn that RDP exploitation is up. Facebook's breach exhibits the tension between swift disclosure and sound incident response. A look at slow-rolled disclosure. Google draws criticism for some content it hosts. North Korea's Reaper Group never missed a beat. Citizen Lab says Saudi Arabia is spying on at least one prominent dissident who's a permanent resident in Canada. Nepal's airport is hacked, apparently for the lulz. Joe Carrigan from...

Duration:00:19:57

Facebook agonistes. Election meddling. Livestreamed hack gets cancelled.

10/1/2018
More
In today's podcast we hear an update on Facebook's data breach, including EU inquiries, Congressional attention, FTC scrutiny, and user unhappiness. The threat of Chinese election meddling seems to be a matter of concern in the US Intelligence Committee. And, despite promises, there was no livestreamed obliteration of much of anything yesterday. Rick Howard from Palo Alto Networks on rebooting the kill chain. For links to all of today's stories check our our CyberWire daily news...

Duration:00:19:21

Sophisticated FIN7 criminal group hits payment card data — Research Saturday.

9/29/2018
More
Researchers at security firm FireEye have been tracking malicious actors they call FIN7, a group which targets payment card data in the hospitality industry and elsewhere. They make use of targeted phishing campaigns, telephone vishing and even a convincing front company to do their deeds. Nick Carr and Barry Vengerick are coauthors of the research, along with their colleagues Kimberly Goody and Steve Miller. The research is titled On the Hunt for FIN7: Pursuing an Enigmatic and Evasive...

Duration:00:31:32

Facebook discloses a major breach. Botnet brute forcing ransomware. Retail domain typosquatting. ATM wiretapping. Ransomware in San Diego. SEC hits cyber deficiencies. Assange retires?

9/28/2018
More
In today's podcast, we hear that Facebook has disclosed a cyberattack that affected fifty million users. A botnet is brute-forcing credentials. Cybercriminals show signs of ramping up spoofed retail domains in preparation for holiday shopping. The US Secret Service warns of ATM wiretapping. The Port of San Diego struggles with ransomware. The US SEC fines a company for cyber deficiencies. Mr. Assange goes offline. And some guy says he'll live-stream his annihilation of a prominent Facebook...

Duration:00:24:16

Fancy Bear, again and again. QRecorder is a banking Trojan. Authentication issues with Apple's Device Enrollment Program. Notes on regulation. Farewell to a code-breaker.

9/27/2018
More
In today's podcast, we find out that Fancy Bear has its very own rootkit. VPNFilter turns out to do a lot more than previously suspected. One of the Salisbury assassins is identified as a GRU colonel. A voice recorder app is kicked out of Google Play for being a banking Trojan. Apple's Device Enrollment Program may have authentication issues. Big Tech might learn to like being regulated. And farewell to one of Bletchley Park's Jenny Wrens. Mike Benjamin from CenturyLink with thoughts on the...

Duration:00:19:03

Cryptojacking and ransomware news. The black market in zero-days looks like a bear market. Google budges (a little) on Chrome login. Senate hearings on privacy. Political campaign cybersecurity.

9/26/2018
More
In today's podcast, we hear that cryptojacking apps have reappeared in Google Play. A brewer's experience with ransomware shows that victims needn't be helpless in the face of extortion. A look at the black market finds that zero-day vendors have grown a lot scarcer on the ground. Google responds—a little—to concerns about privacy in Chrome login. The US Senate is holding hearings on privacy. Big Tech will be there. And are political campaigns slipping into learned helplessness about...

Duration:00:17:41