Archive.fm

CyberWire Daily

The CyberWire 12.23.15

Duration:
12m
Broadcast on:
23 Dec 2015
Audio Format:
other

Learn more about your ad choices. Visit megaphone.fm/adchoices

[MUSIC] You're listening to the Cyberwire Network, powered by N2K. [MUSIC] >> This episode is brought to you by GE Healthcare. GE Healthcare sees possibilities through innovation. They are partnering with their customers to fulfill healthcare's greatest potential through groundbreaking medical technology, intelligent devices, and care solutions, just like they have for over 125 years. The technology they're mastering today will help make care more personalized tomorrow. Find out more at GEHealthcare.com. [MUSIC] >> Hey everybody, Dave here. I want to talk about our sponsor, LegalZoom. I started my first business back in the early '90s, and oh, what I would have done to have been able to have the services of an organization like LegalZoom back then. Just getting all of those business ducks in a row, all of that technical stuff, the legal stuff, the registrations of the business, of the taxes, all of those things that you need to go through when you're starting a business, the hard stuff, the stuff that sucks up your time when you just want to get that business launched and out there. Well, LegalZoom has everything you need to launch, run, and protect your business all in one place. They save you from wasting hours making sense of all that legal stuff. Launch, run, and protect your business to make it official today at legalzoom.com. You can use promo code Cyber10 to get 10 percent off any LegalZoom business information product, excluding subscriptions and renewals that expires at the end of this year. Get everything you need from set up to success at legalzoom.com and use promo code Cyber10. That's legalzoom.com and promo code Cyber10. LegalZoom provides access to independent attorneys and self-service tools. LegalZoom is not a law firm and does not provide legal advice except where authorized through its subsidiary law firm, LZ Legal Services, LLC. Call of jihad, rise surprise, Juniper investigation points to RNG, cyber regulations, and holiday scents. I'm Dave Bittner in Baltimore with your Cyberwire daily summary for Wednesday, December 23, 2015. ISIS opens up a new recruitment tool, a first-person shooter game called Call of Jihad. An obvious knock-off of the popular Call of Duty, it remains to be seen how successfully gaming can bear the jihadist message, especially given how complicated that message's expression can be. See, for example, the Brookings Institute's thoughts on how terrorist messaging is refracted through social media. Westchester County officials say it's news to them that the feds detected Iranian probing of their small dam in Rye, New York. County executives' reaction suggests, unsurprisingly, that inter-government cyber-threat information sharing may still suffer from implementation issues. Investigation into the Juniper backdoor now points toward a less than satisfactory random number generator once advocated by NSA. Cisco is inspecting its own code for similar issues and finds none so far and observers expect other companies to undertake comparable self-examination. The spy-banker Trojan courses through Brazil via Facebook and Twitter accounts. Joomla 2.4.7 is out and includes important security patches to the widely used content management system. You may soon see a new error code in your browser, joining 403 Forbidden and 404 Not Found. Error 451 will tell you that legal obstacles, essentially if not exclusively censorship, prevent you from viewing content. The choice of 451 as the designator is an homage to Ray Bradbury's dystopian novel Fahrenheit 451 and the temperature at which Bradbury said books burned. Internet privacy, censorship, and surveillance rules are enacted or debated in China, the EU, the UK, and the US. The tech sector is generally cool toward them, especially the British versions. As Christmas approaches, the Hello Kitty and VTech toy hacks continue to give parents the willies. Security companies offer much holiday specific advice. You should, for example, make sure that any old device you're replacing with new gift is securely wiped before you sell, toss, or give it away. And do remember how many toys are networked nowadays. Bud Light knows that there's no better day than game day. With good food, great company, and plenty of cold ones for the tailgate, Bud Light makes football easier to enjoy, especially when your team scores. Bud Light, easy to drink, easy to enjoy. Enjoy responsibly, 21+ Copyright 2024, and has a Bush Bud Light beer, St. Louis, Missouri. And now, a word from our sponsor, No Before. It's all connected, and we're not talking conspiracy theories. When it comes to InfoSec tools, effective integrations can make or break your security stack. The same should be true for security awareness training. InfoBefore, provider of the world's largest library of security awareness training, provides a way to integrate your existing security stack tools to help you strengthen your organization's security culture. NoBefore's security coach uses standard APIs to quickly and easily integrate with your existing security products from vendors like Microsoft, CrowdStrike, and Cisco, 35 vendor integrations and counting. The coach analyzes your security stack alerts to identify events related to any risky security behavior from your users. Use this information to set up real-time coaching campaigns targeting risky users based on those events from your network, endpoint, identity, or web security vendors. Then, coach your users at the moment the risky behavior occurs, with contextual security tips delivered via Microsoft Teams, Slack, or email. And more at knowbefore.com/securitycoach, that's knowbefore.com/securitycoach, and we thank know before for sponsoring our show. So, you want to be a marketer. It's easy. You just have to score a ton of leads and figure out a way to turn them all into customers. Plus, manage a dozen channels, write a million blogs, and launch a hundred campaigns all at once. When that's done, simply make your socials go viral and bring in record profits. No sweat. Okay, fine. It's a lot of sweat. But with HubSpot's AI-powered marketing tools, launching benchmark breaking campaigns is easier than ever. Get started at HubSpot.com/marketers. Imagine this. Your primary identity provider goes down, whether it's a cloud outage, network issue, or even a cyber attack. Suddenly, your business grinds to a halt. But what if it didn't have to? Meet identity continuity from Strata, the game-changing solution that keeps your business running smoothly no matter what. Whether your cloud IDP crashes or your on-prem system faces a hiccup, identity continuity seamlessly shifts authentication to a secondary or even tertiary IDP, automatically and without disruption. Powered by the Mavericks Identity Orchestration Platform, identity continuity uses smart health checks to monitor your IDP's availability and instantly activates failover strategies tailored to your needs. When the coast is clear, it's a seamless switchback. No more downtime, no lost revenue, no frustrated customers, just continuous, secure access to your critical applications every single time. Select your business from the high costs of IDP outages. With identity continuity from Strata, downtime is a thing of the past. Visit strata.io/cyberwire to learn how Strata's identity continuity can provide seamless enhanced capabilities to your existing identity fabric and receive a free set of AirPods Pro. Joining me is John Patrick, editor of the Cyberwire. John, from time to time, we like to dig into our Cyberwire glossary that we have on our website at thecyberwire.com. Today we're going to talk about sock puppets, not the thing that's in my kids' toy box. When it comes to cyber, what is a sock puppet? A sock puppet is an online identity that's created and used for purposes of deception. So a sock puppet looks like an independent party who supports, approves of, or agrees with some person, some organization, some agency, or some state. But in fact, the sock puppet is created and controlled by the person or agency that they're endorsing, it has no independent existence. And where would I encounter a sock puppet in the real world? Well, common uses of sock puppets include plausibly-deniable information operations, provocations, fraudulent advertising, astroturfing, things like that. So you might find a sock puppet, for example, in an online review of some product or service. If you find that a product or service is being heavily endorsed in similar fashion, you may be seeing, in fact, a number of sock puppets that are being controlled by the offer. So what's the best way for me to protect myself from sock puppetry? Be skeptical when you're online. Remember that the screen persona need not represent the reality behind it. John Patrick, editor of The Cyberwire. Thanks for joining us. We'll talk again soon. The IT world used to be simpler. You only had to secure and manage environments that you controlled. Then came new technologies and new ways to work. Now employees, apps and networks are everywhere. This means poor visibility, security gaps and added risk. That's why CloudFlare created the first-ever connectivity cloud, visit cloudflare.com to the top of the world. And that's The Cyberwire. We are proudly produced in Maryland by our talented team of editors and producers. I'm Dave Bittner, thanks for listening. And now, a word from our sponsor NordPass. NordPass is an advanced password manager from the team behind NordVPN, designed to help keep your business safe from data leaks and cyber threats. It gives your IT professionals control over who has access to your company's data and makes it easy for everyone else on your team to use strong passwords. Right now, you can go to www.nordpass.com/cyberwire for 35% off the NordPass business yearly plan. Don't miss out on that. [MUSIC] (gentle music) [BLANK_AUDIO]