Learn more about your ad choices. Visit megaphone.fm/adchoices
you're listening to the cyberwire network powered by N2k this is the energy of electrification available type S high performance variant nearly 500 horsepower and 278 mile EPA range range choose from our complimentary charging packages so you can charge how you want the all-electric Acura ZDX this is the energy of innovation Acura precision crafted performance this your local accurate dealer to lease the all-electric ZDX for three hundred eighty nine dollars a month hey everybody Dave here I want to talk about our sponsor legal zoom you know I started my first business back in the early 90s and oh what I would have done to have been able to have the services of an organization like legal zoom back then just getting all of those business ducks in a row all of that technical stuff the legal stuff the registrations of the business so the taxes all of those things that you need to go through when you're starting a business the hard stuff the stuff that sucks up your time when you just want to get that business launched and out there well legal zoom has everything you need to launch run and protect your business all in one place and they save you from wasting hours making sense of all that legal stuff launch run and protect your business to make it official today at legal zoom calm you can use promo code cyber 10 to get 10% off any legal zoom business information product excluding subscriptions and renewals that expires at the end of this year get everything you need from set up to success at legal zoom calm and use promo code cyber 10 that's legal zoom calm and promo code cyber 10 legal zoom provides access to independent attorneys and self-service tools legal zoom is not a law firm and does not provide legal advice except where authorized through its subsidiary law firm lz legal services LLC in today's show we offer an update on disruption of Ukraine's power grid distributed denial of service attacks increasingly serve as misdirection for data theft the juniper backdoor story grows a bit more complicated flaws in streaming TV and home security products from consumer worries about the internet of things and the u_s_ government is asking silicon valley for help developing counter terrorism intelligence i_d_ fitter in baltimore with your cyberwire summary for friday january eight twenty sixteen ices follows its unforgivable murder of a journalist with a chilling intrusion to her face book account observers read the intrusion as dashes search for her contacts evidence tying disruption of u_c_a_n_ power grid to russia accumulates i-site partner says quote it is a russian actor operating with alignment to the interest of the state and quote and here to inspiration may conceivably have served as a stand-in for direct command and control since i-site goes on to add whether or not it's freelance we don't know the user account compromise lino recently sustained was accomplished by denial of service attacks that served observers say as a misdirection for data theft this is a continued trend in distributed denial of service incidents such attacks draw the attention of security and i_t_ staff when the real action is elsewhere cisco's tallow security takes a look at the rig exploit and sees interesting similarities to angler lookout fines and google removes thirteen malicious brain test apps from google play checkpoint reports finding a vulnerability in the easy cast streaming television dongle they can provide attackers access to a user's home network this fall together with those recently found in some Comcast xfinity products arouse more consumer level worries about the internet of things the u_s_ federal government mops up issues emerging from the back door juniper networks disclosed in some products the university of illinois researcher reports the juniper added the insecure algorithm that enabled the back door after it had already implemented a more secure algorithm this raises questions of intentionality but juniper hasn't added much to its initial disclosure mozilla retreats from banning s_h_a_ one as it finds the consequences of deprecation more widespread than initially envisioned in meetings today the u_s_ government is asking for the tech industry's help against terrorism the government is particularly interested in whether industry might be able to help find actionable early warning of attacks in social media the encryption debate continues in at least three of the five eyes australia the u_k_ and the u_s_ sentiment in industry seems generally against policy proposals that would weaken encryption those interested in a quick summary of the industry position might look to the evidence a_o_l_ apple dropbox evernote face book google linkedin microsoft and yahoo jointly submitted to great britain's house of commons you'll find a link to their testimony in today's cyberwire this episode is brought to you by j_c_ penny the holiday season is here and j_c_ penny everybody gets more like for your loved one designer perfumes from versachi or carolina herara or the exclusive messy fragrance for the foodie in your life a cast iron dot chevin or cure coffee maker or for the kids all the toys they love from disney barbie lego and more j_c_ penny make it count shopping store online and now a word from our sponsor no before it's all connected and we're not talking conspiracy theories when it comes to info sec tools effective integrations can make or break your security stack the same should be true for security awareness training no before provider of the world's largest library of security awareness training provides a way to integrate your existing security stack tools to help you strengthen your organization security culture no before's security coach uses standard a p_i_s to quickly and easily integrate with your existing security products from vendors like microsoft crowd strike in cisco thirty five vendor integrations and counting security coach analyzes your security stack alerts to identify events related to any risky security behavior from your users use this information to set up real-time coaching campaigns targeting risky users based on those events from your network and point identity or web security vendors then coach your users at the moment the risky behavior occurs with contextual security tips delivered via microsoft teams slack or email learn more at no before dot com slash security coach that's no before dot com slash security coach and we thank no before for sponsoring our show yeti store has so many great gifts we had to hire a catalogs in here to make the most of these next thirty seconds alright folks and get started with the eighty french press during all of this day's hot for hours in french press thirty four hours for you six for the cruise to the eighty french press but next waterproof bags bags waterproof somersful waterproof doubles waterproof bag bags for us most of the waters to get a waterproof yeti bag i smell something cooking all new cast iron skillets made to be passed down like mama's recipes take a state corn big college pot pie potatoes next level three sizes yeti cast iron skillets gear gifts and product experts visit the yeti store at cherry creek north today imagine this your primary identity provider goes down whether it's a cloud outage network issue or even a cyber attack suddenly your business grinds to a halt but what if it didn't have to meet identity continuity from strata the game-changing solution that keeps your business running smoothly no matter what whether your cloud IDP crashes or your on-prem system faces a hiccup identity continuity seamlessly shifts authentication to a secondary or even tertiary IDP automatically and without disruption powered by the maverick's identity orchestration platform identity continuity uses smart health checks to monitor your IDP's availability and instantly activates failover strategies tailored to your needs when the coast is clear it's a seamless switchback no more downtime no lost revenue no frustrated customers just continuous secure access to your critical applications every single time protect your business from the high costs of IDP outages with identity continuity from strata downtime is a thing of the past visit strata.io/cyberwire to learn how strata's identity continuity can provide seamless enhanced capabilities to your existing identity fabric and receive a free set of AirPods pro joining me is john petrick editor the cyberwire john imagine i'm sitting home minding my own business and suddenly there's loud banging on the door and door gets swung open and i'm facing down the gun barrel of of police officers of of of of of special weapons and tactics units what likely has happened to me here you've just been swatted all right you know what a swat team is of course i do know what a swat team is as a matter of fact i was a big fan of the television show swat when i was a young lad right special weapons and tactics heavily armed police who were trained and prepared and equipped to go into very risky situations hostage situations active shooter situations things like that what's swatting is and there's nothing funny at all about it is for someone to spoof a call to a 911 service let's say in which they say something like joe smith has got a gun he's threatening to kill his family he's locked inside his house here's his address so effectively you're making a false police report and it's dangerous because of course you're calling a swat team and these guys are going to come in prepared for the worst so when you say spoofing the call are they are the bad guys making it look like the call is coming from inside my house sometimes they do sometimes the more capable spoofers have done that have actually made it look to the 911 operators that the call is coming from your phone number this has happened uh this has been done in some cases by cyber criminals who've been upset with investigative journalists who've exposed them so this is more than just uh an innocent practical joke lives are actually could be could actually be on the line here lives could be at risk there certainly have been injuries to swatting incidents there is one that happened not far from our baltimore headquarters earlier this summer at an elegant city maryland where man was injured with a rubber bullet in a swatting incident all right disturbing stuff but uh thanks for filling us in thanks john the it world used to be simpler you only had to secure and manage environments that you controlled then came new technologies and new ways to work now employees apps and networks are everywhere this means poor visibility security gaps and added risk that's why cloud flare created the first ever connectivity cloud visit cloud flare dot com to protect your business everywhere you do business this episode is brought to you by skinny pop popcorn perfectly popped endlessly delicious oh so light and crunchy skinny pop original popcorn is the snack you've been searching for made with just three simple ingredients popcorn kernel sunflower oil and salt snacking never felt or tasted so good perfectly popped and loosely delicious give yourself permission to snack and pick up skinny pop original popcorn today and that's the cyberwire we are proudly produced in maryland by our talented team of editors and producers i'm dave bitner thanks for listening and and now a word from our sponsor nord pass nord pass is an advanced password manager from the team behind nord vpn designed to help keep your business safe from data leaks and cyber threats it gives your it professionals control over who has access to your company's data and makes it easy for everyone else on your team to use strong passwords right now you can go to www dot nord pass dot com slash cyberwire for 35 percent off the nord pass business yearly plan don't miss out on that