We're pleased to announce that it's now possible to become a CyberWire Patron. Your support will help us continue to provide our free cyber security news service, the briefings and podcasts so many have come to use and enjoy. Thanks for your consideration, and as always, thanks for reading and listening. Become a patron today.
Get Started with Threat Intelligence
Cedexis, a Paris-based provider of cloud and network services that operates internationally, was taken offline by a large distributed denial-of-service (DDoS) attack yesterday. Many media companies are Cedexis customers; the hardest hit in the incident were French media outlets, including Le Monde and Figaro. Services have been restored. Investigation is proceeding, but the source of the attack is presently unknown.
Flashpoint describes an irritating and motiveless (except insofar as attention-seeking lulz count as motivation) telephone harassment campaign. The skids use "Phonecord," a telephonic bot service. Among the recipients of the prank calls are police organizations (including Britain's NCA, the US FBI, pizza chains, hotels, and ordinary people whose personally identifiable information has been exposed in earlier breaches. Phonecord has been used for both DDoS and swatting.
Sophos describes Android XavirAd, an adware library recently found infesting Google's PlayStore. The adware strain is particularly objectionable in that it improperly collects personal information after users have specifically declined to provide their data to the ads XavirAd serves up.
ESET and FireEye report on the use in the wild of three zero-days Microsoft patched this Tuesday. They say CVE-2017-0261, CVE-2017-0262, and CVE-2017-0263 were all exploited by the Russian cyber espionage group Turla (a.k.a. KRYPTON, Waterbug, or Venomous Bear), and also by some "financially motivated" gangs.
NSA Director Rogers's testimony to Congress this week included downbeat remarks on information operations. While Rogers acknowledges their importance and says the agency has engaged in some counter-messaging, NSA isn't where it'd like to be in information ops
Today's issue includes events affecting Canada, France, India, Iraq, Russia, Syria, Thailand, United Kingdom, and United States.
In today's podcast, we hear from our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin takes a look at the first months of the Trump Administration from a cyber perspective. We also speak with our guest, Ken Spinner, VP of Field Engineering at Varonis Systems, who talks through the risks associated with stale data and excessive employee permissions.