CyberWire Daily

Public Wi-Fi advice from NSA. South African ports recover from ransomware. Iranian rail incident was a wiper attack. Developments in the criminal-to-criminal market. Intercept vendors under scrutiny.

Advice on WiFi security from NSA. South African ports are recovering from their ransomware attack. The attack on Iranian railroads was a wiper, of unknown origin and uncertain purpose. Developments in the criminal-to-criminal market. Israel undertakes an investigation of NSO Group. Josh Ray from Accenture Security on the road back to the office. Our guest is Duncan Godfrey from Auth0 with insights on managing digital identities. And a bad password is revealed on an open mic during an Olympic broadcast.

US ICS Cybersecurity Initiative formalized. Developments in the ransomware world. Addressing known vulnerabilities. Caucasus coinmining crackdown. A long-running IRGC catphishing campaign.

US formally establishes its Industrial Control System Cybersecurity Initiative. Shooting wars in cyberspace. Developments in the ransomware criminal souks. This week’s iOS update may have closed the vulnerability exploited by NSO Group’s Pegasus intercept tool. The US, UK, and Australia issue a joint advisory on the most exploited vulnerabilities. Abkhazia’s crackdown on coinminers. Guest Anup Ghosh of Fidelis Cybersecurity shares his views on the private sector hacking back and alternatives to doing so. Joe Carrigan looks at the Mespinoza ransomware gang. And meet Marcy Flores, the Robin Sage of Liverpool aerobics.

Transcript

South African ports invoke force majeure over cyberattack. Documents indicate Iranian interest in control systems attacks. Dark web wanted ads. Cyber diplomacy. Lousy cafeteria food?

Transnet declares force majeure over cyberattack on South African port management. The IRGC apparently is Googling a bunch of stuff about gas stations and merchant ships. Kaseya’s denial of paying ransom has legs. Criminal coders like obscure languages. The AvosLocker gang is looking for pentesters, access brokers, and affiliates. The US and China hold “frank and open” conversations about, among other things, cyber tensions. Ben Yelin explains the tech implications of President Biden's recent executive order. Our guest is Eve Maler from ForgeRock on their 3rd annual Breach Report. And, hey NSA, what did you have for lunch today?

Transcript

The source of Kaseya’s REvil key remains unknown. Cyber incident disrupts port operations at Cape Town and Durban. Updates on the Pegasus Project. And a guilty plea in a swatting case.

Kaseya isn’t saying where it got its REvil decryptor. Transportation services disrupted at two major South African ports by an unspecified cyber incident. Another company is mentioned as an alleged source of abused intercept tools as the controversy over NSO Group’s Pegasus software continues. Johannes Ullrich from SANS on supply chains, development tools and insecure libraries. Our own Rick Howard looks at enterprise encryption. And a guilty plea gets a swatter five years: he got off easy.

Transcript

Cyber threats to, and around, the Olympic Games. Kaseya got a decryptor, from somewhere…. NSO says it’s not responsible for Pegasus misuse. US cyber policy toward China. Fraud Family busted.

The Olympics are underway, and the authorities are on the alert for cyberattacks. Kaseya has a decryptor for the REvil ransomware, but it hasn’t said how it got the key. NSO Group says it’s not responsible for customer misuse of its Pegasus intercept tool. US policy toward Chinese cyber activities shows continuity, with some diplomatic intensification, but hawks would like to see more action. Our guest Jack Williams from Hexagon joins Dave to discuss the promises and challenges of smart cities. Podcast partner Chris Novak of Verizon talks about advancing incident response. And Dutch police make arrests in their investigation of the Fraud Family.

Transcript