NIST SP 800-53 updated. Attack on Scotland Parliament's email system. Consequences of Equation Group leaks. "Mr. Smith" and HBO. Attacks of note: Trickbot, OLE exploits, NetSarang backdoor. Extremist inspiration. BEC.
In today's podcast, we hear about a new draft of NIST SP 800-53. There's been an attempt to brute-force email credentials in Scotland's Parliament. Fancy Bear's romp through high-end hotel Wi-Fi suggests the Equation Group leaks will be with us for some time. "Mr. Smith" remains at large, and still wants to be paid. Trickbot uses unusually convincing counterfeit sites. PowerPoint malware vectors may be part of a criminal test. NetSarang urges swift patching of a backdoor in its software. Extremist inspiration persists. Ben Yelin from UMD CHHS on privacy concerns with robot vacuum cleaners. Guest is Jeff Pederson from Kroll Ontrack, a data recovery firm, with tips on data recovery. And some guy in Nigeria with more moxie than skills is behind a big business email compromise campaign.