We're pleased to announce that we've completed transcribing our library of podcasts: the Daily Podcast, Research Saturday, Hacking Humans, CyberWire-X, and Special Editions. Over one thousand episodes are now available as transcripts. Researchers, the hearing impaired, and even people who would rather read than listen, are invited to take a look.
There are many weapons to choose from when it comes to cybersecurity solutions providers – and you must choose wisely. With LookingGlass Cyber Solutions as your security provider, its “Game Over” for threat actors trying to infiltrate your network. To learn more about our solutions, visit our experts at the LookingGlass Network & Chill Lounge, Mandalay Bay South, Palm A on level 3, August 7 & 8. Take a break from the hectic show floor for old school video games, happy hour from 3-7 PM, and a demo tailored to your organization’s security needs.
Agent Smith afflicts Android users. Magecart scans for S3 buckets. FinSpy in the wild. A US Navy contractor gets phished.
Check Point is tracking “Agent Smith,” Android malware that replaces legitimate apps with simulacra that carry adware. According to ZDNet, researchers have traced the operators behind Agent Smith to a company based in Guangzhou. It appeared originally in the third party app store, 9Apps, but it appears to be working toward establishing a foothold in Google Play as well. Most of its twenty-five-million victims so far have been in India, Bangladesh, and Pakistan.
RiskIQ reports that the online card-skimmers of Magecart are actively looking for unsecured AWS S-3 buckets. The gang has spread its skimmer code to some seventeen-thousand domains over recent months, WIRED notes. They've gone for reach, and not targeting.
Forbes reports that Kaspersky has found new infestations of FinSpy in the wild, suggesting that the spyware continues to find users among governments in many corners of the world.
An unnamed US defense contractor was induced to send sensitive, highly classified communications intercept equipment worth about $3 million dollars to an international criminal gang. A search warrant request the US Department of Homeland Security filed with the United States District Court for the District of Maryland revealed the details. Homeland Security Investigations asked for Apple iCloud information pertaining to four email accounts of interest. The incident appears to have been a phishing scam executed by hoods posing as a fictional US Navy contracting officer, "Daniel Drunz." In addition to the communications intercept gear, the gang also stole $6.3 million in televisions and $1.1 million in iPhones and iPads.
Today's issue includes events affecting Australia, Bangladesh, Canada, China, France, India, Ireland, Israel, Japan, Republic of Korea, Luxembourg, Malaysia, Myanmar, New Zealand, Pakistan, Russia, Singapore, Sweden, United Arab Emirates, United Kingdom, United Nations, and United States.
Bring your own context.
Gamers are big targets for criminal hackers, but not because gamers are easy pickings. In many ways gamers comprise one of the more security-conscious online subcommunities. But the stuff they can win, and the in-game purchases they make, can be surprisingly valuable. And where there's meat, there are flies.
"And the whole reason we're seeing that move into gaming is because it's a lucrative market. There is value to all of the skins, all of the devices you can buy for your characters. Those have value. It's easy to go and say to the FBI or to your local law enforcement, hey, somebody cracked into my bank account, and here's how much they stole. Here's how much I lost, and can you go investigate? If you go and say, somebody broke into my Minecraft account and took it over and sold it, it's a lot harder to explain to a police officer or a law enforcement officer that this has value."
—Martin McKeay of Akamai, on the CyberWire Daily Podcast, 7.9.19.
Thar's gold in them thar skins.
Security operations is held back by the compromises of existing security analytics solutions, and throwing more money and time at the problem isn’t helping. Instead, you are left dealing with an army of point tools, exponential data growth, lack of context... the list goes on.
It's time to take a new approach to security analytics - explore how Devo can help evolve your SOC in this report by ESG.
In today's podcast, out later this afternoon, we speak with our partners at Accenture, as Justin Harvey discusses recent GDPR fines. Carole Theriault speaks with Michael Covington from Wandera on the risks facing financial services firms.
And Hacking Humans is up. In this episode, "Know and spot the patterns," Joe shares the heartbreaking tale of a catphishing case that leads to murder. Dave describes a shoe company using an unusual method to trick engagement with an online ad. The catch of the day engages a Nigerian scammer promising a fortune in precious minerals. Dave interviews Michael Coates, head of Altitude Networks and former CISO at Twitter.