May we ask for your vote? As a finalist for this year's Maryland Cybersecurity Industry Resource Award, we're also up for the People's Choice Award. If you're a fan of the CyberWire, we'd appreciate your support. You can cast your vote here through March 22 (and you don't need to be in Maryland, or even in the US, to do so). Thanks as always for reading and listening.
Vault 7 updates, and the search for leakers. Apache Struts attack traffic down. Malware loaded into Android phones somewhere in the supply chain. GCHQ warns UK of coming Russian influence operations.
The Vault 7 leaks look more as if their ultimate source was an insider. Former CIA Deputy Director Mike Morrell expressed no doubt over the matter in appearances on weekend talk shows—the material could only have come, he said, from strictly controlled and segregated internal networks. The effectiveness of such control and segregation seems not to have been called into question. Observers note a disturbing progression (Snowden, "ShadowBrokers," Martin, and now person(s) unknown) that some say casts doubt on the US Intelligence Community's security capabilities.
It seems there's been no large-scale leak of the hacking tools mentioned in Vault 7, so far. Two immediate sequelae of the incident include Chinese rumination to the effect that US equipment may be compromised, and some self-satisfaction from a couple of companies whose security products were noted as troublesome in the leaks.
Exploitation attempts against vulnerable Apache Struts deployments continue, but Rapid7 reports that malicious traffic is down. Patching Apache Struts remains a good idea.
MalwareHunter reports finding a new and unusually persuasive paycard information stealer. The malicious app, "Betaling," passes itself off as the Chrome browser.
Check Point warns that it's detected pre-loaded malware in thirty-eight Android phone models two unnamed companies issued to employees. The manufacturers (Samsung, ZTE, Oppo, Asus, Lenovo, and Xiaomi) were not, Check Point says, responsible. Rather, the bad code appears to have been introduced "somewhere along the supply chain."
The Japan Times laments ransomware's local successes.
GCHQ warns British political parties of coming Russian attempts to influence elections.
Today's issue includes events affecting Australia, Canada, China, Iran, Japan, Russia, United Kingdom, United States, and and Vietnam.
in today's podcast we hear from our partners at Virginia Tech's Hume Center, as director Charles Clancy discusses end-to-end encryption. And we speak with a guest from Novetta, blockchain expert Corey Petty, who tells us what to expect at their next Jailbreak session.
Special editions are also up. See Perspectives, Pitches, and Predictions from RSA, and an overview of artificial intelligence as it's applied to security. And take a look at Cylance's video (taken in partnership with the CyberWire): opinions from the conference floor.