FireEye says that the Triton actor is back. There’s some ICS malware staged in an unnamed “critical infrastructure” facility, and it looks as if the people who went after a petrochemical plant in 2017 are back for battlespace preparation. Kaspersky describes Project TajMahal, a cyberespionage effort against a Central Asian embassy. And California’s motor-voter program hits a hacker-induced bump in the road. Johannes Ullrich from SANS and the ISC Stormcast podcast on protecting yourself from hidden cameras when vacationing. Guest is Dr. Ratinder Ahuja from ShieldX on Elastic Microsegmentation.
 For links to all of today's stories check our our CyberWire daily news brief:
  https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_10.html 
 Support our show

The Triton actor seems to be back. Project TajMahal is after diplomatic secrets. California’s motor-voter program and a DMV hack.

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

Technology

Tech News

Podcasting

Gadgets

Software How-To

News

Daily News

Section 702 gets another two years.  MITRE suffers a breach through an Ivanti VPN. CrushFTP urges customers to patch an actively exploited flaw. SafeBreach researchers disclose vulnerabilities in Windows Defender that allow remote file deletion. Ukrainian soldiers see increased attention from data-stealing apps. GitHub’s comments are being exploited to distribute malware. VW confirms legacy Chinese espionage and data breaches. CISA crowns winners of the President’s Cup Cybersecurity Competition. Cecilia Marinier, Director, Innovation and Programs at RSA Conference, and Niloo Razi Howe, Senior Operating Partner at Energy Impact Partners & judge, review the top Innovation Sandbox contest finalists in anticipation of RSAC 2024. Targeting kids online puts perpetrators in the malware crosshairs. 
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest
We have two guests today. Cecilia Marinier, Director, Innovation and Programs at RSA Conference, and Niloo Razi Howe, Senior Operating Partner at Energy Impact Partners & judge, review the top Innovation Sandbox contest finalists and what to look for on the innovation front at RSAC 2024. For 18 years, cybersecurity's boldest new innovators have competed in the RSAC Innovation Sandbox contest to put the spotlight on their potentially game-changing ideas. This year, 10 finalists will once again have three minutes to make their pitch to a panel of judges. Since the start of the contest, the Top 10 Finalists have collectively seen over 80 acquisitions and $13.5 billion in investments. Innovation Sandbox will take place on Monday, May 6th at 10:50am PT.

Selected Reading
Warrantless spying powers extended to 2026 with Biden’s signature (The Record)
MITRE breached by nation-state threat actor via Ivanti zero-days (Help Net Security)
CrushFTP File Transfer Vulnerability Lets Attackers Download System Files (Infosecurity Magazine)
Researchers Claim that Windows Defender Can Be Bypassed (GB Hackers)
Ukrainian soldiers’ apps increasingly targeted for spying, cyber agency warns  (The Record)
GitHub comments abused to push malware via Microsoft repo URLs (Bleeping Computer)
Presumably Chinese industrial spies stole VW data on e-drive technology (Bleeping Computer)
CISA declares winners of President’s Cup cybersecurity competition, with Artificially Intelligent team leading (Industrial Cyber)
Malware dev lures child exploiters into honeytrap to extort them (Bleeping Computer)

Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

Renewed surveillance sparks controversy.

Managing director of the Cyber Readiness Institute Kiersten Todt shares how she came to be in the cybersecurity industry helping to provide free tools and resources for small businesses through a nonprofit. She describes how her work on the Hill prior to and just after 9/11 changed. Kiersten talks about the diversity of skills that benefit work in cybersecurity and offers her advice on going after what you want to do. Our thanks to Kiersten for sharing her story with us.

Encore: Kiersten Todt: problem solving and building solutions. [Policy] [Career Notes]

In this episode of CyberWire-X, N2K CyberWire’s Podcast host Dave Bittner is joined by Brian Davis, Principal Software Engineer, and Thomas Gardner, Senior Detection Engineer, both from Red Canary. They engage in a cloud architect vs. detection engineer discussion. Through the conversation, they illustrate how one person benefits the other's work and how they work together. Red Canary is our CyberWire-X episode sponsor.

Cloud Architect vs Detection Engineer: Mutual benefit. [CyberWire-X]

Greg Lesnewich, senior threat researcher at Proofpoint, sits down to discuss "From Social Engineering to DMARC Abuse: TA427’s Art of Information Gathering." Since 2023, TA427 has directly solicited foreign policy experts for their opinions on nuclear disarmament, US-ROK policies, and sanction topics via benign conversation starting emails. 
The research states "While our researchers have consistently observed TA427 rely on social engineering tactics and regularly rotating its email infrastructure, in December 2023 the threat actor began to abuse lax Domain-based Message Authentication, Reporting and Conformance (DMARC) policies to spoof various personas and, in February 2024, began incorporating web beacons for target profiling."
The research can be found here:
From Social Engineering to DMARC Abuse: TA427’s Art of Information Gathering

The art of information gathering. [Research Saturday]

Two swift responses to recent cyberattacks. Frontier Communications discloses cyberattack. Texas town repels water system cyberattack by unplugging. List of undesirables falls into the wrong hands. CryptoChameleon phishing kit impersonates LastPass. Ransomware payments trending down in Q1 2024 and a warning for small to medium-sized businesses. US auto manufacturers targeted by FIN7. Akira ransomware has made $42 million since March 2023. No more WhatsApp or Threads in China. Concerning drop in US cybersecurity job listings. Our guest is Zscaler’s Chief Security Officer Deepen Desai exploring encrypted attacks amidst the AI revolution. Meghan Markle hacked by Kate supporters. 
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest
Guest Deepen Desai, Chief Security Officer and SVP Security Engineering & Research at Zscaler, joins us to talk about exploring encrypted attacks amidst the AI revolution.

Selected Reading
Frontier Communications Shuts Down Systems Following Cyberattack (SecurityWeek)
Tiny Texas City Repels Russia-Tied Hackers Eyeing Water System (Bloomberg) 
Cybercriminals threaten to leak all 5 million records from stolen database of high-risk individuals (The Register) 
Advanced Phishing Kit Adds LastPass Branding for Use in Phishing Campaigns (LastPass)
Ransomware in Q1 2024: Frequency, size of payments trending downwards, SMBs beware! (Help Net Security)
FIN7 cybercriminals targeted large U.S. automotive manufacturer last year (The Record) 
Akira Ransomware Made Over $42 Million in One Year: Agencies (SecurityWeek) 
Apple pulls WhatsApp, Threads from China App Store following state order (TechCrunch)
Alarming Decline in Cybersecurity Job Postings in the US (Infosecurity Magazine)
Meghan Markle's new lifestyle website hijacked by anonymous user whose ‘thoughts are with Kate’ (GB News)

Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

The Triton actor seems to be back. Project TajMahal is after diplomatic secrets. California’s motor-voter program and a DMV hack.

Download our free app to listen on your phone