Each week the CyberWire’s Hacking Humans podcast looks behind the social engineering scams, phishing schemes, and criminal exploits that make headlines and take a heavy toll on organizations around the world. We talk to social engineering experts, security pros, cognitive scientists, and those practiced in the arts of deception (perhaps even a magician or two). We also hear from people targeted by social engineering attacks and learn from their experiences. Trust us: check out the first episode and subscribe today. And special thanks to KnowBe4, our sponsors for season 1.

Your wait is over. A new book is out from the Cylance data science team, covering artificial intelligence and machine learning techniques in practical situations to improve the security professional’s ability to thrive in a data driven world. Whether you are reviewing logs or analyzing malware, being able to derive meaningful results and improve productivity is key. Order your free copy today.
Keeping tabs on the Lazarus Group as US-DPRK summit nears. Canada warns New Zealand of Chinese espionage. Content moderation.
North Korea's Lazarus Group has continued to target financial institutions for cybertheft, but it appears to be on its good behavior, for now at least, with respect to US institutions. The restraint is generally thought part of the DPRK's charm offensive during the run-up to the June 12th Kim-Trump summit.
A subunit of the Lazarus Group, which researchers at AhnLab track as the Andariel Group, has been active against South Korean targets. It's been using an ActiveX zero-day in its campaign. Bleeping Computer's been told by an anonymous source close to the investigation that the zero-day is being used to exploit Samsung SDS Acube installations.
A report by the Canadian Security Intelligence Service concludes that Chinese espionage and influence in New Zealand has reached a critical point. The report was delivered at an academic conference and so doesn't necessarily reflect CSIS official views, and CSIS has hastened to express its solidarity with fellow Five Eyes services in New Zealand. The report reflects ongoing Five Eyes suspicion of Chinese companies and organizations. The US Congress is considering holding ZTE's and Huawei's feet to its own fires of scrutiny, and a court case in Australia describes ZTE as a company "built to spy and bribe."
Google's efforts at content moderation or at least flagging have produced some preposterously tendentious results. The search giant's reliance on Wikipedia for moderation may be damaging Wikipedia.
Germany's BND wins a surveillance case in a Leipzig court: it can continue to monitor traffic in a Frankfurt hub.
Today's issue includes events affecting Australia, Canada, China, Germany, India, Democratic Peoples Republic of Korea, New Zealand, Russia, Rwanda, and United States.
Control Risks says non-compliance is a truly enterprise risk for companies operating in the EU. It burdens already taxed programs with particular measures to protect personal data and disclose security issues. Many worry that resources catching up to GDPR before an incident occurs trade-off other critical initiatives, leaving them vulnerable nonetheless. Companies must get executives and experts involved in managing the risk and competing priorities. Let Control Risks help you be both secure and compliant.
In today's podcast we speak with our partners at the Johns Hopkins University, as Joe Carrigan follows up on listener comments from last week’s iOS versus Android smackdown. Our guest, Todd Inskeep from Booz Allen Hamilton, offers highlights of research into NotPetya.