The CyberWire - Your cyber security news connection.

In today's podcast, we hear that WikiLeaks dumps another alleged CIA cyber manual from Vault7. Cyberwar is the continuation of war (and therefore policy) by other means. Counting the cost of NotPetya. AWS S3 misconfigurations could happen to the best of us (but need not). Chasing innovation in the UK and the US. AlphaBay taken down in international police operation. Rick Howard from Palo Alto Networks on their new initiative with the Girl Scouts for cyber security merit badges. Raj Samani, chief scientist from McAfee, on NotPetya. And what kind of bait is best for phishing?

In today's podcast, we hear about signs that NotPetya was covering up a broad espionage campaign. State-sponsored hacking seems, when not simple spying, to aim at eroding trust. Verizon suffers a major customer data breach said to derive from a vendor's misconfiguration of an Amazon S3 bucket. Industry notes—venture funding and an acquisition. David Dufour from Webroot on homoglyph attacks. Thomas Jones from Bay Dynamics on federal agencies being required to submit a Framework Implementation Action Plan. Singapore will license white hats. And Russia wants you properly signed into adult sites. Or, at least, one of them, anyway.

In today's podcast we share some Patch Tuesday notes: Microsoft and Adobe both offer updates. Kremlinology goes cyber as infrastructure attacks remain under investigation. A cyber company emerges from stealth. The US General Services Administration removes Kaspersky Lab from Schedule 70. Election influence investigations turn to the question of Russian opposition research. Jonathan Katz from the University of Maryland explains a side-channel attack on 1024-bit encryption. Cisco's Jennie Kay wants to ease your trade show anxiety with a helpful webinar. And, Sheriff of Nottingham, call your office, because Robin Hood was no winker.

In today's podcast we hear about how Russia has apparently been phishing in the North American and European power grid. NATO has had about enough of that. There will be no US-Russian joint cybersecurity effort. The Adwin RAT is back, and seeking to socially engineer its way into aerospace company networks. Election hacking investigation updates. Industry notes, including both venture and M&A news. Level 3 Communications' Dale Drew provides an update on botnets. Ntrepid's Lance Cottrell describes online ad tracking technology. And BYOD can pose a threat, especially when the device your rogue employees are bringing is an off-the-books server.

In today's podcast we discuss some answers to two Russian claims. No, Russia and America won't be linking up in a cyber alliance. And no, no one at the G20 meetings actually bought the line about election hacking retailed there by President Putin and Foreign Minister Lavrov. NotPetya recovery continues. Android infestations in the wild. US power plants warned to be alert for cyberattack. Criminals compromise self-service food kiosks; others phish with official-looking Australian emails as bait. Ben Yelin from UMD CHHS reviews license plate reader laws. ISIS adopts misspelling as a form of OPSEC.

In today's podcast, we hear that NotPetya still looks like a Russian campaign to Ukrainian authorities, and experts remain skeptical that affected data can be recovered. Companies warn that NotPetya may have a material effect on earnings. WikiLeaks dumps Gyrfalcon and BothanSpy documents from Vault7.  Johannes Ulrich from SANS and the ISC Stormcast Podcast on no SQL database security. Andy Greenberg, senior writer at WIRED, on his July 2017 issue cover story on Ukraine cyberwar. And pro wrestling fans now have something in common with registered voters, data.gov.uk, and the National Geospatial Agency.

In today's podcast we hear about the Ukrainian police raid on Intellect Service and their seizure of M.E. Doc servers. Ukraine's Interior Ministry says this stopped a second wave of NotPetya. Affected companies continue to recover from the NotPetya infestation. US Cyber Command prepares to parry hybrid warfare. Spyware campaign hits Chinese-language news services. The EU considers adopting a "right to repair." Joe Carrigan from the Johns Hopkins University ponders always-on cameras.  Dan Larson from CrowdStrike on fileless attacks. Medical information-sharing runs into problems in the UK. 

In today's podcast, we hear how affected enterprises are restoring services after last week's NotPetya pandemic. Maersk's experience prompts some introspection in the logistics sector. Ukraine prepares to charge ME Doc's maker with criminal negligence for allowing the infection to take hold. NotPetya tied to BlackEnergy and thence to a "state actor" (NATO's not saying it's Russia, but Ukraine is). Awais Rashid from Lancaster University looks at the anatomy of recent attacks. Haiyan Song from Splunk on a recent IDC report, “Investigation or Exasperation? The State of Security Operations.” FSB certificates allegedly express links between FSB and Kaspersky.

In today's podcast, we hear that recovery from Petya/Nyetya/NotPetya proceeds—and it's not ransomware. Ukraine says Russia's responsible. US warnings of cyberattacks on nuclear power plants may have been premature. NATO members consider when to invoke Article 5 in cyberspace. Islamist inspiration and other political discontents continue to prompt content screening in Europe. Europe is also in punitive mood with respect to regulation. Kaspersky says it will show the US its source code if that's the cost of doing business. Markus Rauschecker from UMD CHHS describes a novel use of kidnapping insurance. And, hey, Lords and Commons: that's not really Windows support asking for your password.

In today's podcast we hear that Petya/Nyetya/NotPetya is almost certainly a wiper, and not ransomware after all. Ukraine blames Russia, but whoever did it had EternalBlue before the ShadowBrokers leaked it. WikiLeaks Vault7 disgorges OutlawCountry, a Linux attack tool. The ShadowBrokers raise their rates. Emily Wilson from Terbium Labs with research on fraud guides on the dark web. Guests are Drew Gidwani, Director of Analytics at ThreatConnect, and Andy Pendergast, VP of Product & Co-Founder at ThreatConnect, speaking about the findings of a recent SANS Survey on Security Optimization. Russia calls for international cooperation to stamp out cybercrime.