No time to read the Daily News Briefing? Let our own talent do it for you on your Alexa. Just say, "Alexa, what's my flash briefing?" or "Alexa, what's in the news?" after you've set the CyberWire as part of your flash briefing and the hosts of our podcast will take it away.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
US Census and cyber vulnerabilities. MAC defeat. FBI offers GandCrab decryption keys. Ransomware. Congress queries cyberwar.
Yahoo reports that Bulgarian authorities have arrested a 20-year-old man in connection with a data breach at the national tax agency that exposed some seven-million people's personal information. The unidentified suspect is said to have been a legitimate penetration tester who went over to the dark side.
Congress is raising concerns about the 2020 US census, according to TheHill. This is the first census in which a significant portion of the data collection will be done online, with the attendant possibility of hacking, and a priori jitters are to be expected.
Researchers at Boston University report that they've demonstrated ways of defeating Media Access Control (MAC) address randomization Bluetooth Low Energy (BLE) uses to protect devices from being identified and tracked. Even properly, carefully implemented instances can yield a lot more information about a device than had generally been believed.
The US FBI has issued a Flash alert offering master decryption keys and other useful information concerning the now possibly retired but still troublesome GandCrab ransomware.
Monroe College, a proprietary school headquartered in the Bronx borough of New York, is grappling with a significant ransomware incident. Naked Security puts the extortion demand at $1.8 million; Inside Higher Ed says it's an even $2 million. Monroe has declined to say whether it will pay the ransom, but it has reverted to manual operations wherever possible.
The US House Armed Services Committee has asked to see “all National Security Presidential Memorandums relating to Department of Defense operations in cyberspace," Roll Call reports.
Today's issue includes events affecting Bulgaria, Czech Republic, Germany, India, Iran, Israel, Lithuania, Russia, Ukraine, United Kingdom, and United States.
Bring your own context.
A lot of people talk about moving away from passwords and, even moreso, about moving away from other knowledge-based modes of authentication. Why is this?
"And so what we've been advocating for - in fact, we do this millions and millions of times each day for some of the largest financial institutions in the country - is relying far less on the asking of questions, the knowledge information. That whole approach, frankly, is broken because criminals know your date of birth. It's on social media. It's been shared. The sad news is, with all the data breaches and hacks and so on out there, they have your Social Security number. They have your address. They have your mortgage payment information. The information has been shared with the bad guys."
—Patrick Cox, founder of TRUSTID, on the CyberWire Daily Podcast, 7.15.19.
You've seen the old war movies where the enemy spy tries to pass for a GI but he's tripped up because he doesn't know things any decent American would know, like what a Baltimore chop is, or who's Popeye's girlfriend? That's Hollywood, friends: it's not real. Trust us, Fancy Bear and Cozy Bear already know all that stuff. But just for the record, the answers, respectively, are a high bouncing fair ball that can't be caught in time to throw the batter out at first, and Olive Oyl. (Stone Panda? Charming Kitten? You knew that too, right?)
If you are doing online research, the common web browser can betray you by exposing you and your organization to cyber attacks. Authentic8, the maker of Silo Cloud Browser and Silo Research Toolbox, ends this betrayal. Silo insulates and isolates all web data and code execution from user endpoints, providing powerful, proactive security even if you are gathering data and collections across the deep and dark web. Learn more.
In today's podcast, out later this afternoon, we speak with our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin talks discusses the US Department of Justice and attempts to break encryption in Facebook Messenger. Tamika Smith speaks with Alex Guirakhoo from Digital Shadows about scammers registering fake domains to try to capitalize on Facebook’s Libra cryptocurrency plans.