The CyberWire

06/11/2020

Taking a selfie with your ID.

Joe talks about HROs (High Reliability Organizations), Dave has a #scam on Upwork gigs, The Catch of the Day talks about giving a scammer the runaround, and later in the show our interview with Sanjay Gupta from Mitek on how #cybercriminals are capitalizing on the recently-deceased and creating synthetic identities. Listen to today’s episode of Hacking Humans:

Joe talks about HROs (High Reliability Organizations), Dave has a scam on Upwork gigs, The Catch of the Day talks about giving a scammer the runaround, and later in the show our interview with Sanjay Gupta from Mitek on how cybercriminals are capitalizing on the recently-deceased and creating synthe...

06/10/2020

Our 10 favorite non-fiction cybersecurity books.

Worm by Mark Bowden “A thrilling history lesson that’s as relevant today as it was when it first came out nearly a decade ago…Worm chronicles the fascinating cast of real-life characters collaborating and clashing as they sought solutions and navigated extraordinary obstacles.” Check out more of the CyberWire’s book recommendations:

Our own CSO and Chief Analyst, Rick Howard recently told us all about his favorite cybersecurity novels in his CSO Perspectives article and podcast, Four cybersecurity novels to distract you from the current zombie apocalypse. Rick’s thoughts sparked a lot of conversation among the team about the ...

06/10/2020

“Sure, your password was good, but you can’t use [email protected]@[email protected]@_n1kto on everything. Once your Date-o-rama account got pwned, you know the bad guys were going to #credentialstuff it everywhere you’ve been, even if they haven’t memorized all Klaatu’s lines from “The Day the Earth Stood Still.” Get a clue and use a password once, Gort.” #CWLearn

06/10/2020

BellTroX says it just helped out some private eyes. Honda's incident investigation continues. SEO for crime. Patch Tuesday notes.

BellTroX says it just helped some private eyes. Honda's incident investigation continues. SEO for crime. And #PatchTuesday notes. Read about it in today’s #CWBrief:

BellTroX says it just helped out some private eyes. Honda's incident investigation continues. SEO for crime. Patch Tuesday notes. Equifax settlement will go mostly toward upgrading Equifax security.

06/10/2020

Cybersecurity at the global, national, and state levels.

Dave's got the story of a class action #privacy suit targeting Google, Ben takes a look at #surveillance in a time of protests and unrest, and later in the show our interview with Maryland State Senator Katie Fry Hester. Listen to today’s episode of Caveat:

Dave's got the story of a class action privacy suit targeting Google, Ben takes a look at surveillance in a time of protests and unrest, and later in the show our interview with Maryland State Senator Katie Fry Hester.

06/09/2020

Dark Basin's reverse advocacy. Honda hacked? Criminal cooperation (and competition). A contraband menu from the dark web.

How good is your early superhero movie knowledge? Check out today’s #Trivia Tuesday question in the #CWBrief and see if you know the answer:

Dark Basin's reverse advocacy. Honda hacked? Criminal cooperation (and competition). A contraband menu from the dark web.

06/09/2020

Dark Basin's reverse advocacy. Honda hacked? Criminal cooperation (and competition). A contraband menu from the dark web.

Dark Basin's reverse advocacy. Honda #hacked? Criminal cooperation (and competition). And a contraband menu from the #darkweb. Details in today’s brief:

Dark Basin's reverse advocacy. Honda hacked? Criminal cooperation (and competition). A contraband menu from the dark web.

06/08/2020

#CWCaveat Episode 10
“The quiet, behind-the-scenes work of the FBI.”
Check out the full episode: http://bit.ly/cwcv010820

06/08/2020

Our 10 favorite non-fiction cybersecurity books.

The Fifth Domain by Richard Clarke & Robert Knake “The authors reiterate that we need to shift the balance of power from the attacker to the defender, to enable our institutions to be resilient in the face of changing attack patterns. It provides an overview of the developments within ”fifth domain, and describes what has happened in the past with attacks like Stuxnet and Wannacry. Check out more of the CyberWire’s book recommendations:

Our own CSO and Chief Analyst, Rick Howard recently told us all about his favorite cybersecurity novels in his CSO Perspectives article and podcast, Four cybersecurity novels to distract you from the current zombie apocalypse. Rick’s thoughts sparked a lot of conversation among the team about the ...

06/08/2020

South Asia, Middle Eastern regional rivalries play out in cyberspace. Online voting insecurity. PPE supply chain attacks.

South Asia, Middle Eastern regional rivalries play out in #cyberspace. Online voting insecurity. And PPE #supplychain attacks. Read more about it in today’s brief:

South Asia, Middle Eastern regional rivalries play out in cyberspace. Online voting insecurity. PPE supply chain attacks.

06/08/2020

Cybersecurity First Principles - DevSecOps.

Episode # 5 in our series that discusses the development of a general purpose #cybersecurity strategy for all network defender practitioners-- be they from the commercial sector, government enterprise, or academic institutions-- using the concept of first principles. Listen to this week’s episode of #CSOPerspectives with Rick Howard.

This is the fifth essay in a planned series that discusses the development of a general purpose cybersecurity strategy for all network defender practitioners-- be they from the commercial sector, government enterprise, or academic institutions-- using the concept of first principles.

06/07/2020

Pushing the CCPA.

Ben takes a look at #Twitter adjusting their policies in response to the President, Dave’s got the story of a judge ruling that powering up a mobile device requires a warrant, and later in the show our conversation with Ken Dort, #dataprivacy lawyer at Faegre Drinker on insights into the online data-privacy bills under consideration in New Jersey. Check out today’s episode of Caveat: http://bit.ly/cwcv060320

Dave’s got the story of a judge ruling that powering up a mobile device requires a warrant, Ben takes a look at Twitter adjusting their policies in response to the President, and later in the show our conversation with Ken Dort, data privacy lawyer at Faegre Drinker on insights into the online dat...

06/07/2020

Today we launch the #CareerNotes podcast. Our first guest is Tracy Maleeff. Listen as she shares her career journey from library science to cybersecurity. Maybe it’ll inspire you to invite someone to dance? Listen here: https://bit.ly/3eWAwyr

06/07/2020

Welcome a new podcast to the CyberWire family, #CareerNotes! Each Sunday, step inside the diverse and fascinating worlds of cybersecurity professionals around the globe and hear their personal stories in their own words. Subscribe today:
https://bit.ly/2AeauI6

06/07/2020

Don’t have time to read the cybersecurity news? We do it for you. Subscribe to our daily news briefing to stay up to date. http://bit.ly/35zj5ze

06/07/2020

Joe talks #phishing with Google firebase storage URLs, some listener follow-up, Dave has a #ransomware story from inside a virtual machine, The Catch of the Day comes from Joe's daughter and "Apple", and later in the show our interview with Paige Schaffer from Generali Global Assistance on the digital habits of seniors and millennials and the latest #scams. Listen to today’s #HackingHumans: http://bit.ly/cwhh060420

06/06/2020

Catch up on the #cybersecurity news of the week in the #WeekthatWas: Hacktivism accompanies US protests. APTs targeting US presidential campaigns. Maze seeks to form a ransomware cartel. Read more here: https://bit.ly/cwWTW060620

06/06/2020

Earlier this year, a Virgin Media database containing the personal details of 900,000 people was discovered to be unsecured and accessible online for 10 months. The breach was discovered by researchers at the security firm TurgenSec. This breach had major implications under #GDPR.

Joining us in this week's #ResearchSaturday are George Punter and Peter Hansen from TurgenSec to talk about the discovery of the breach. Listen here: https://bit.ly/cwRS060620

06/06/2020

Grab your morning coffee and hang out with the CyberWire. Hear the latest cybersecurity research on our #ResearchSaturday podcast. http://bit.ly/cwResearchSaturday

Check out the #WeekThatWas and catch up on the cyber news of the week. http://bit.ly/cwWTWmain

06/06/2020

Part 4 of our series that discusses the development of a general purpose #cybersecurity strategy for all network defender practitioners - be they from the commercial sector, government enterprise, or academic institutions - using the concept of first principles. This show will cover resilience. Listen to today’s CSO Perspectives: http://bit.ly/cwcsop060120

06/05/2020

StopCovid's adoption outpaces privacy fears. A test environment exposes retirees' PII.

In yesterday's CyberWire Pro #Privacy briefing:
- StopCovid adoption overcomes privacy fears.
- San Francisco retirement system #breached.
Check it out:

StopCovid adoption overcomes privacy fears. San Francisco retirement system breached.

06/05/2020

Hurricane Panda and Charming Kitten get busy against US Presidential campaigns. Disinformation, and labeling state-sponsored news.

Hurricane Panda and Charming Kitten get busy against US Presidential campaigns. #Disinformation. Labeling state-sponsored news. Details in today’s #CWBrief:

Hurricane Panda and Charming Kitten get busy against US Presidential campaigns. Disinformation, and labeling state-sponsored news.

06/04/2020

Nuisance-level hacktivism during US protests. USBs against air gaps. Hardening EU attitudes toward GRU hacking? COVID-19 notes.

Nuisance-level #hacktivism during US protests. USBs against air gaps. Hardening EU attitudes toward GRU #hacking? COVID-19 notes. Read about it in today’s brief:

Nuisance-level hacktivism during US protests. USBs against the air gap. Hardening EU attitudes toward GRU hacking? COVID-19 notes.

06/04/2020

CyberWire Live: Practical steps on your zero trust journey. A CyberWire Pro Briefing by Rick Howard.

[Video] Trust nobody and only allow employees enough access to the organization's resources to get their jobs done, but nothing further. Check out this CyberWire Pro online briefing with Rick Howard in partnership with Maryland Innovation & Security Institute that discusses what #ZeroTrust is, how to think about it in terms of your own environments, and the practical steps you can take right now with equipment you already have that will move you along that journey. Check it out! http://bit.ly/cwmisizerotrust051820

The Zero Trust strategy assumes that your network is already compromised and compels you to design it to reduce the probability of material impact to your organization if you experience either a trusted insider attack or an invading outsider who has bypassed your security controls to attain the same...

06/04/2020

Seniors and millenials more alike than people think.

Dave has a #ransomware story from inside a virtual machine, Joe talks #phishing with Google firebase storage URLs, some listener follow-up, The Catch of the Day comes from Joe's daughter and "Apple", and later in the show our interview with Paige Schaffer from Generali Global Assistance on the digital habits of seniors and millennials and the latest #scams. Listen to today’s #HackingHumans:

Dave has a ransomware story from inside a virtual machine, Joe talks phishing with Google firebase storage URLs, some listener follow-up, The Catch of the Day comes from Joe's daughter and "Apple", and later in the show our interview with Paige Schaffer from Generali Global Assistance on the digital...

06/03/2020

Pushing the CCPA.

Dave’s got the story of a judge ruling that powering up a mobile device requires a warrant, Ben takes a look at #Twitter adjusting their policies in response to the President, and later in the show our conversation with Ken Dort, #dataprivacy lawyer at Faegre Drinker on insights into the online data-privacy bills under consideration in New Jersey. Check out today’s episode of Caveat:

Dave’s got the story of a judge ruling that powering up a mobile device requires a warrant, Ben takes a look at Twitter adjusting their policies in response to the President, and later in the show our conversation with Ken Dort, data privacy lawyer at Faegre Drinker on insights into the online dat...

06/03/2020

“So this #bashmob showed up and bought up every doughnut in the shop. One guy with his mouth full told me they got together on LinkedIn. I should’ve known--it’s the first bashmob I ever saw dressed in business casual.” #CWLearn

06/03/2020

The CyberWire Daily Briefing for 6.3.20

Jamming during unrest. Civil pain as branding opportunity. A #ransomware cartel rises? Election jitters. #Cybercrime for dummies. Details in today’s brief:

Jamming during unrest. Civil pain as a branding opportunity. A ransomware cartel rises? Election jitters. Cybercrime for dummies.