Vulnerable peer-to-peer software exposes consumer and small-business IoT devices to compromise. A hacker says he’s hacked automotive GPS trackers, all for the good, of course, and could even turn off a car’s engine. Not, you know, that he would. Sri Lanka warns of the possibility of more violence, and journalists wonder if prior restraint of certain speech might be worth considering. Curating app stores for security. And potty-mouthed eScooters on Brisbane streets.  Joe Carrigan from JHU ISI on Facebook’s continuing privacy violations, potential FTC fines and PR woes.
 For links to all of today's stories check our our CyberWire daily news brief:
  https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_29.html 
 Support our show

IoT devices exposed in peer-to-peer software vulnerability. Car hacking claims. More warnings of possible violence in Sri Lanka. Curating app stores for security. eScooter’s “voices” hacked.

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

Technology

Tech News

Podcasting

Gadgets

Software How-To

News

Daily News

Healthcare providers report breaches affecting millions. PlugX malware is found in over 170 countries. Hackers exploit an old vulnerability to launch Cobalt Strike. A popular Wordpress plugin is under active exploitation. Developing nations may serve as a test bed for malware developers. German authorities question Microsoft over Russian hacks. CISA celebrates the success of their ransomware warning program. Our guest is Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA, discussing open source software. Password trends are a mixed bag.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest
Our guest is Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA, discussing open source software.

Selected Reading
Kaiser Permanente data breach may have impacted 13.4 million patients (Security Affairs)
LA County Health Services: Patients' data exposed in phishing attack (Bleeping Computer)
China-linked PlugX malware infections found in more than 170 countries (The Record)
Hackers Exploit Old Microsoft Office 0-day to Deliver Cobalt Strike (GB Hackers)
Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors (SecurityWeek)
Cybercriminals are using developing nations as test beds for ransomware attacks (TechSpot)
Microsoft Questioned by German Lawmakers About Russian Hack (GovInfo Security)
More than 800 vulnerabilities resolved through CISA ransomware notification pilot (The Record)
Most people still rely on memory or pen and paper for password management (Help Net Security)  

Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

Kaiser Permanente's privacy predicament.

Join us for this special three-part series where the N2K Cyber Talent Insights team guides you through effective strategies to develop your cybersecurity team, helping you stay ahead in the constantly changing cybersecurity landscape. 
In this episode, we center our conversation around the Cyber Workforce Pipeline. We discuss where the next great wave of talent is going to come.
We talk more about these sources of new talent, such as K-12 programs, higher education, and trade school programs, transitioning military, and other initiatives and programs focused on cultivating the next generation of cyber professionals.

Explore Cyber Talent Insights
N2K’s Cyber Talent Insights provides security leaders measurable and actionable insights on your organization’s current cyber roles and capabilities to maximize your talent investments and build a business case for better hiring, developing, maintaining, and retaining your technical talent pools. Learn how at n2k.com/talent-insights.

Connect with the N2K Cyber Workforce team on Linkedin:


Dr. Sasha Vanterpool, Cyber Workforce Consultant 


Dr. Heather Monthie, Cybersecurity Workforce Consultant


Jeff Welgan, Chief Learning Officer


Resources for developing your cybersecurity teams:

N2K Cyber Workforce Strategy Guide

Workforce Media Resources

Strategic Cyber Workforce Intelligence resources for your organization

Cyber Talent Acquisition Woes for Enterprises


Workforce Intelligence: What it is and why you need it for cyber teams webinar


Setting Better Cyber Job Expectations to Attract & Retain Talent webinar

Cyber Talent Insights: Strengthening the cyber talent pipeline apparatus. (Part 3 of 3) [Special Edition]

Cisco releases urgent patches for their Adaptive Security Appliances. Android powered smart TVs could expose Gmail inboxes. The FTC refunds millions to Amazon Ring customers. The DOJ charges crypto-mixers with money laundering. A critical vulnerability has been disclosed in the Flowmon network monitoring tool. A Swiss blood donation company reopens following a ransomware attack. Multiple vulnerabilities are discovered in the Brocade SANnav storage area network management application. Brokewell is a new Android banking trojan. Meta’s ad business continues to face scrutiny in the EU.  Ann Johnson, host of Microsoft Security’s Afternoon Cyber Tea podcast speaks with LinkedIn's CISO Geoff Belknap. And an AI Deepfake Sparks a Community Crisis.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest
We are joined by Ann Johnson, host of Microsoft Security’s Afternoon Cyber Tea podcast talking with Geoff Belknap sharing "Insights from LinkedIn's CISO." You can listen to their full discussion here. 

Selected Reading
'ArcaneDoor' Cyberspies Hacked Cisco Firewalls to Access Government Networks (WIRED)
Cisco Releases Security Updates Addressing ArcaneDoor Campaign, Exploited Vulnerabilities in ASA and FTD (NHS England Digital)
Android TVs Can Expose User Email Inboxes (404 Media)
FTC Sending $5.6 Million in Refunds to Ring Customers Over Security Failures (SecurityWeek)
Southern District of New York | Founders And CEO Of Cryptocurrency Mixing Service Arrested And Charged With Money Laundering And Unlicensed Money Transmitting Offenses (United States Department of Justice)
Maximum severity Flowmon bug has a public exploit, patch now (Bleeping Computer)
Plasma donation company Octapharma slowly reopening as BlackSuit gang claims attack (The Record)
New Brokewell malware takes over Android devices, steals data (Bleeping Computer)
Vulnerabilities Expose Brocade SAN Appliances, Switches to Hacking (SecurityWeek)
Meta could face further squeeze on surveillance ads model in EU (TechCrunch)
Baltimore County educator framed principal with AI-generated voice, police say (Baltimore Banner)

Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

The shadowy adversary in Cisco's crosshairs.

The DOJ indicts four Iranian nationals on hacking charges. Legislation to ban or force the sale of TikTok heads to the President’s desk. A Russian hack group claims a cyberattack on an Indiana water treatment plant. A roundup of dark web data leaks. Mandiant monitors dropping dwell times. Bcrypt bogs down brute-forcing. North Korean hackers target defense secrets. On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey. On our Industry Voices segment, Tony Velleca, CEO of CyberProof, joins us to explore some of the pain points that CISOs & CIOs are experiencing today, and how they can improve their cyber readiness. Ransomware may leave the shelves in Sweden’s liquor stores bare. 
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guests
Learning Layer
On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey using N2K’s comprehensive CISSP training course, CISSP practice test, and CISSP practice labs. Sam and Joe discuss content and study strategies for CISSP Domain 3 Security Architecture and Engineering, and discuss encryption and non-repudiation. Specifically they cover sub-domain 3.6, "Select and determine cryptographic solutions," which includes:

Cryptographic life cycle

Cryptographic method

Public key infrastructure (PKI).


Industry Voices
On our Industry Voices segment, Tony Velleca, CEO of CyberProof, joins us to explore some of the pain points that CISOs & CIOs are experiencing today, and how they can improve their cyber readiness. 

Selected Reading
Rewards Up to $10 Million for Information on Iranian Hackers (GB Hackers)
Congress passes bill that could ban TikTok after years of false starts (Washington Post)
Russian hackers claim cyberattack on Indiana water plant (The Record)
Major Data Leaks from Honda Vietnam, US Airports, and Chinese Huawei/iPhone Users (SOCRadar® Cyber Intelligence Inc.)
Global attacker median dwell time continues to fall (Help Net Security)
New Password Cracking Analysis Targets Bcrypt (SecurityWeek)
North Korean Hackers Target Dozens of Defense Companies (Infosecurity Magazine)
​​Hackers hijack antivirus updates to drop GuptiMiner malware (Bleeping Computer)
Sweden's liquor shelves to run empty this week due to ransomware attack (The Record)

Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

Iran's covert cyber operations exposed.

The State Department puts visa restrictions on spyware developers. UnitedHealth says its recent breach could affect tens of millions of Americans. LockBit leaks data allegedly stolen from the DC government. Microsoft says APT28 has hatched a GooseEgg. The White House and HHS update HIPAA rules to protect private medical data. Keyboard apps prove vulnerable. A New Hampshire hospital suffers a data breach. Microsoft’s DRM may be vulnerable to compromise. On our Industry Voices segment, Ian Leatherman, Security Strategist at Microsoft, discusses raising the bar for security in the software supply chain. GoogleTeller just can’t keep quiet. 
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest
On our Industry Voices segment, Ian Leatherman, Security Strategist at Microsoft, discusses raising the bar for security in the software supply chain.

Selected Reading
U.S. Gov imposed Visa restrictions on 13 individuals linked to commercial spyware activity (Security Affairs)
UnitedHealth Group Previews Massive Change Healthcare Breach (GovInfo Security)
Ransomware Gang Leaks Data Allegedly Stolen From Government Contractor (SecurityWeek)
Russian APT28 Group in New “GooseEgg” Hacking Campaign (Infosecurity Magazine)
HHS strengthens privacy protections for reproductive health patients and providers (The Record)
The not-so-silent type: Vulnerabilities across keyboard apps reveal keystrokes to network eavesdroppers (The Citizen Lab)
Records of almost 2,800 CMC patients vulnerable in 'data security incident': hospital | Crime (Union Leader) 
Microsoft DRM Hack Could Allow Movie Downloads From Popular Streaming Services (SecurityWeek)
The creepy sound of online trackers (Axbom) 

Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

IoT devices exposed in peer-to-peer software vulnerability. Car hacking claims. More warnings of possible violence in Sri Lanka. Curating app stores for security. eScooter’s “voices” hacked.

Download our free app to listen on your phone