Each week the CyberWire’s Hacking Humans podcast looks behind the social engineering scams, phishing schemes, and criminal exploits that make headlines and take a heavy toll on organizations around the world. We talk to social engineering experts, security pros, cognitive scientists, and those practiced in the arts of deception (perhaps even a magician or two). We also hear from people targeted by social engineering attacks and learn from their experiences. Step right up and trust us: check out the first two episodes and subscribe today. And thanks to KnowBe4, our sponsors for Season 1.
China returns to IP theft? Congress exercised over data-sharing with ZTE, Huawei. Flash 0-day exploited in the wild. InvisiMole.
CrowdStrike says that, after more-or-less abiding by a 2015 mutual undertaking with the US not to engage in massive IP theft, China is back at it with a vengeance. CrowdStrike doesn't offer any particular reason for the upswing, but observers speculate that it's linked to recent trade tension between the US and China. Recorded Future sees a potential partial explanation in terms of reshuffled agency equities after consolidation of signals and intelligence organizations into China's large Strategic Support Force, a process that began in 2015.
The US Congress seems loaded for bear in its investigations of ZTE and Huawei, and their (alleged) US partners Facebook and Google. There's also dissatisfaction over the lifeline extended to ZTE (despite the billion dollar fine).
Adobe issued an emergency patch yesterday of a Flash vulnerability that's being exploited in the wild. Most of the exploitation has been against targets in Qatar, still in bad odor with other regional Arab powers including Egypt, Saudi Arabia, and the UAE. At issue are Qatar's alleged Iranian connections.
ESET analyzes InvisiMole, a cyberespionage tool that backdoors targets, engages in remote code execution, and steals audio from infected devices. It's uncommon, and ESET offers no attribution, but the malware has been found in Ukrainian and Russian computers.
A Facebook glitch inadvertently turned some 14 million users' private data public.
Leidos becomes the latest US Federal contractor to exit the commercial cybersecurity market, selling its commercial unit to Capgemini.
The US Federal Trade Commission wants to hear from cryptojacking victims.
Today's issue includes events affecting Australia, Bahrain, China, Egypt, European Union, NATO/OTAN, Qatar, Russia, Saudi Arabia, United Arab Emirates, United Kingdom, and United States.
Insider threat incidents come with a hefty price tag, according to the “2018 Cost of Insider Threats: Global Organizations” report released by independent research group, The Ponemon Institute. Make sure that you understand the full context (and cost) of these threats by downloading the full report. Get your copy today.