CyberWire Daily
The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.
S10 E2296 · Mon, April 28, 2025
Lights out, lines down.
A massive power outage strikes the Iberian Peninsula. Iran says it repelled a “widespread and complex” cyberattack targeting national infrastructure. Researchers find hundreds of SAP NetWeaver systems vulnerable to a critical zero-day. A British retailer tells warehouse workers to stay home following a cyberattack. VeriSource Services discloses a breach exposing personal data of four million individuals. Global automated scanning surged 16.7% in 2024. CISA discloses several critical vulnerabilities affecting Planet Technology’s industrial switches and network management products. A Greek court upholds a VPN provider’s no-logs policies. Law enforcement dismantles the JokerOTP phishing tool. Our guest is Tim Starks from CyberScoop with developments in the NSO Group trial. How Bad Scans and AI Spread a Scientific Urban Legend. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Special Edition On our Microsoft for Startups Spotlight, brought to you by N2K CyberWire and Microsoft, we are shining a light on innovation, ambition, and the tech trailblazers building the future right from the startup trenches. This episode is part of our exclusive RSAC series where we dive into the real world impact of the Microsoft for Startups Founders Hub. Along with Microsoft’s Kevin Magee , Dave Bittner talks with an entrepreneur and startup veteran, and founders from three incredible startups who are part of the Founders Hub, each tackling big problems with even bigger ideas. Dave and Kevin set the stage speaking with startup veteran and Cygenta co-founder FC about making the leap from hacker to entrepreneur. Dave and Kevin then speak with three founders: Matthew Chiodi of Cerby , Travis Howerton of RegScale , and Karl Mattson of Endor Labs . So whether you are building your own startup or just love a good innovation story, listen in . For more information, visit the <a href="https://thecyberwire.com/podcasts/special-edition/82/What%20is%20Microsoft%20for%2
Bonus · Sun, April 27, 2025
Natali Tshuva: Impacting critical industries. [CEO] [Career Notes]
Please enjoy this encore episode of Career Notes. CEO and co-founder of Sternum, Natali Tshuva shares how she took her interest in science and technology and made a career and company out of it. Beginning her computer science undergraduate degree at age 14 through a special program in Israel, Natali says it opened up a new world for her. Her required service in the IDF found Natali as a member of Unit 8200, the Israeli intelligence. In the Israeli corporate space following the IDF, Natali discovered how cybersecurity could actually create impact in the real world environment and found a way to combine her cybersecurity expertise with the passion to impact critical industries like the medical industry. Natali recommends that those entering the field get some hands-on experience and use your unique strengths to find a way to make the world a better place. We thank Natali for sharing her story. Learn more about your ad choices. Visit megaphone.fm/adchoices
S10 E82 · Sun, April 27, 2025
Microsoft for Startups (MFS): The benefits of the cyber startup ecosystem. [Special Edition]
Welcome to the Microsoft for Startups Spotlight, brought to you by N2K CyberWire and Microsoft. In this episode, we are shining a light on innovation, ambition, and the tech trailblazers building the future right from the startup trenches. This episode is part of our exclusive RSAC series where we dive into the real world impact of the Microsoft for Startups Founders Hub. Along with Microsoft’s Kevin Magee , Dave Bittner talks with an entrepreneur and startup veteran, and founders from three incredible startups who are part of the Founders Hub, each tackling big problems with even bigger ideas. Dave and Kevin set the stage speaking with startup veteran and Cygenta co-founder FC about making the leap from hacker to entrepreneur. Dave and Kevin then speak with three founders: Matthew Chiodi of Cerby , Travis Howerton of RegScale , and Karl Mattson of Endor Labs . So whether you are building your own startup or just love a good innovation story, listen in. For more information, visit the Microsoft for Startups website . Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, April 26, 2025
China’s new cyber arsenal revealed. [Research Saturday]
Today we are joined by Crystal Morin , Cybersecurity Strategist from Sysdig , as she is sharing their work on "UNC5174’s evolution in China’s ongoing cyber warfare: From SNOWLIGHT to VShell." UNC5174, a Chinese state-sponsored threat actor, has resurfaced with a stealthy cyber campaign using a new arsenal of customized and open-source tools, including a variant of their SNOWLIGHT malware and the VShell RAT. Sysdig researchers discovered that the group targets Linux systems through malicious bash scripts, domain squatting, and in-memory payloads, indicating a high level of sophistication and espionage intent. Their evolving tactics, such as using spoofed domains and fileless malware, continue to blur attribution and pose a significant threat to research institutions, critical infrastructure, and NGOs across the West and Asia-Pacific regions. The research can be found here: UNC5174’s evolution in China’s ongoing cyber warfare: From SNOWLIGHT to VShell Learn more about your ad choices. Visit megaphone.fm/adchoices
S10 E2295 · Fri, April 25, 2025
Pentagon hits fast-forward on software certs.
The Defense Department is launching a new fast-track software approval process. A popular employee monitoring tool exposes over 21 million real-time screenshots. The U.S. opens a criminal antitrust investigation into router maker TP-Link. A pair of health data breaches affect over six million people. South Korea’s SK Telecom confirms a cyberattack. A critical zero-day puts thousands of SAP applications at potential risk. Researchers raise concerns over AI agents performing unauthorized actions. “Policy Puppetry” can break the safety guardrails of all major generative AI models. New research tallies the high costs of data breaches. A preview of the RSAC Innovation Sandbox with Cecilia Marinier, Vice President at RSAC, and David Chen, Head of Global Technology Investment Banking at Morgan Stanley. Stocking hard drives full of human knowledge, just in case. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn CyberWire Guest Cecilia Marinier , Vice President at RSAC , and David Chen , Head of Global Technology Investment Banking at Morgan Stanley , sit down with Dave to discuss the Innovation Sandbox Contest 2025. Selected Reading Acting Pentagon CIO Signing Off on New, Faster Cyber Rules for Contractors (airandspaceforces) Top employee monitoring app leaks 21 million screenshots on thousands of users (TechRadar ) Router Maker TP-Link Faces US Criminal Antitrust Investigation (bloomberg) <a href="https
S10 E2294 · Thu, April 24, 2025
Lessons from the latest breach reports.
Verizon and Mandiant call for layered defenses against evolving threats. Cisco Talos describes ToyMaker and Cactus threat actors. Researchers discover a major Linux security flaw which allows rootkits to bypass traditional detection methods. Ransomware groups are experimenting with new business models. Deputy Assistant Director Cynthia Kaiser from the FBI Cyber Division shares the latest on Salt Typhoon. Global censorship takes a coffee break. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Dave sits down with Deputy Assistant Director Cynthia Kaiser from the FBI Cyber Division who shares a PSA on Salt Typhoon. Selected Reading 2025 Data Breach Investigations Report (Verizon) Mandiant M-Trends 2025 Report (Mandiant) Introducing ToyMaker, an initial access broker working in cahoots with double extortion gangs (Ciso Talos) Linux 'io_uring' security blindspot allows stealthy rootkit attacks (bleepingcomputer) Ransomware groups test new business models to hit more victims, increase profits (the record) Cloudflare: Government-backed internet shutdowns plummet to zero in first quarter (the record) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit . Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, I
Bonus · Thu, April 24, 2025
Are we a trade or a profession? [CISO Perspectives]
We're sharing a episode from another N2K show we thought you might like. It's the first episode of the new season of the show CISO Perspectives with Kim Jones. Enjoy! Show Notes: Cybersecurity has an identity problem where the industry as a whole is struggling to determine whether it is a trade or a profession. In this episode of CISO Perspectives, host Kim Jones sits down with Larry Whiteside Jr ., the Chief Advisory Officer for The CISO Society, to discuss this identity crisis and how the industry as a whole connects to both of these labels. Throughout the conversation, Larry and Kim will discuss the merits and drawbacks of both labels and how cybersecurity does not solely fall into one category or the other. Want more CISO Perspectives?: Check out a companion blog post by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. It’s the perfect follow-up if you’re curious about the cyber talent crunch and how we can reshape the ecosystem for future professionals. Learn more about your ad choices. Visit megaphone.fm/adchoices
S10 E2293 · Wed, April 23, 2025
States struggle with cyber shift.
The White House’s shift of cybersecurity responsibilities to the states is met with skepticism. Baltimore City Public Schools suffer a ransomware attack. Russian state-backed hackers target Dutch critical infrastructure. Microsoft resolves multiple Remote Desktop issues. A new malware campaign is targeting Docker environments for cryptojacking. A new phishing campaign uses weaponized Word documents to steal Windows login credentials. Zyxel Networks issues critical patches for two high-severity vulnerabilities. CISA issues five advisories highlighting critical vulnerabilities in ICS systems. Our guest is Deputy Assistant Director Cynthia Kaiser from the FBI Cyber Division, sharing the findings of their latest IC3 report. So long, Privacy Sandbox. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Today we are joined by Deputy Assistant Director Cynthia Kaiser from the FBI Cyber Division , as she is sharing the findings of their latest IC3 report. Selected Reading Trump is shifting cybersecurity to the states, but many aren’t prepared (Stateline ) Baltimore City Public Schools report data breach (beyondmachines) Russia attempting cyber sabotage attacks against Dutch critical infrastructure (record) Microsoft fixes Remote Desktop freezes caused by Windows updates (bleepingcomputer) New Malware Hijacking Docker Images with Unique Obfuscation Technique (cybersecuritynews) Hackers Exploit Weaponized Word Docs to Steal Windows Login Credentials (gbhackers) Kelly Benefits Data Breach Impacts 260,000 People (SecurityWeek ) Data Breach at Onsite Mammography Impacts 350,000 (SecurityWeek ) <a h
S10 E2292 · Tue, April 22, 2025
Proton66’s malware highway.
The Russian Proton66 is tied to cybercriminal bulletproof hosting services. A new Rust-based botnet hijacks vulnerable routers. CISA budget cuts limit the use of popular analysis tools. A pair of healthcare providers confirm ransomware attacks. Researchers uncover the Scallywag ad fraud network. The UN warns of cyber-enabled fraud in Southeast Asia expanding at an industrial scale. Fog ransomware resurfaces and points a finger at DOGE. The cybercrime marketplace Cracked relaunches under a new domain. On our Industry Voices segment, Bob Maley, CSO of Black Kite, shares insights on the growing risk of third-party cyber incidents. Taking the scenic route through Europe's digital landscape. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Today we are joined by Kim Jones , the new Host of CISO Perspectives podcast, previewing the latest episode where Kim is joined by Larry Whiteside Jr. discussing “Are we a trade or a profession?” Industry Voices On our Industry Voices segment, Bob Maley , CSO of Black Kite , sharing insights on the growing risk of third-party cyber incidents. Selected Reading Many Malware Campaigns Linked to Proton66 Network (SecurityWeek) New Rust Botnet Hijacking Routers to Inject Commands Remotely (Cyber Security News) CISA Issues Warning Against Using Censys, VirusTotal in Threat Hunting Ops (GB Hackers) Two Healthcare Orgs Hit by Ransomware Confirm Data Breaches Impacting Over 100,000 (SecurityWeek) Scalllywag Ad Fraud Network Generates 1.4 Billion Bid Requests Daily (Infosecurity Magazine) $40bn Southeast Asian Scam Sector Growing “Like a Cancer” (Infosecurity Magazine) <a href="https://www.scworld
S10 E2291 · Mon, April 21, 2025
When fake fixes hide real attacks.
Adversary nations are using ClickFix in cyber espionage campaigns. Japan’s Financial Services Agency issues an urgent warning after hundreds of millions in unauthorized trades. The critical Erlang/OTP’s SSH vulnerability now has public exploits. A flawed rollout of a new Microsoft Entra app triggers widespread account lockouts. The alleged operator of SmokeLoader malware faces federal hacking charges. A new scam blends social engineering, malware, and NFC tech to drain bank accounts. GSA employees may have been oversharing sensitive documents. Yoni Shohet, Co-Founder and CEO of Valence Security, who cautions financial organizations of coming Chinese open source AI. Crosswalks in the crosshairs of satirical hacking. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest We are joined by Yoni Shohet , Co-Founder and CEO of Valence Security , discussing how the onslaught of more open source AI tools coming out of China will be difficult to manage for companies especially those in the financial sector. Selected Reading North Korea, Iran, Russia-Backed Hackers Deploy ClickFix in New Attacks (Hackread) Countries Shore Up Their Digital Defenses as Global Tensions Raise the Threat of Cyberwarfare (SecurityWeek) Japan warns of hundreds of millions of dollars in unauthorized trades from hacked accounts (The Record) Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (Bleeping Computer) Widespread Microsoft Entra lockouts tied to new security feature rollout (Bleeping Computer) Alleged SmokeLoader malware operator facing federal charges in Vermont (The Record) New payment-card scam involves a phone call, some malware and a personal tap (The
Bonus · Sun, April 20, 2025
Rich Hale: Understanding the data. [CTO] [Career Notes]
Please enjoy this encore episode of Career Notes. Chief Technology Officer of ActiveNav Rich Hale takes us through his career aspirations of board game designer (one he has yet to realize), through his experience with the Royal Air Force to the commercial sector where his firm works to secure dark data. During his time in the Air Force, Rich was fortunate to serve on a wide range of different platforms from training aircraft to bombers, and all the way into procurement and policy. Transitioning to the commercial sector, Rich notes he was well prepared for some aspects, but lacking in some he's made up on his own. Rich likes to lead with vision and empower his teams. He counsels that you should not fear making a career change, but be sure to look twice before making the leap. We thank Rich for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, April 19, 2025
Crafting malware with modern metals. [Research Saturday]
This week, we are joined by Nick Cerne , Security Consultant from Bishop Fox , to discuss "Rust for Malware Development." In pursuit of simulating real adversarial tactics, this blog explores the use of Rust for malware development, contrasting it with C in terms of binary complexity, detection evasion, and reverse engineering challenges. The author demonstrates how Rust's inherent anti-analysis traits and memory safety features can create more evasive malware tooling, including a simple dropper that injects shellcode using lesser-known Windows APIs. Through hands-on comparisons and decompiled output analysis, the post highlights Rust’s growing appeal in offensive security while noting key OPSEC considerations and tooling limitations. The research can be found here: Rust for Malware Development Learn more about your ad choices. Visit megaphone.fm/adchoices
S10 E2290 · Fri, April 18, 2025
SSH-attered trust.
A critical vulnerability in Erlang/OTP SSH allows unauthenticated remote code execution. There’s a bipartisan effort to renew a key cybersecurity info sharing law. A newly discovered Linux kernel vulnerability allows local attackers to escalate privileges. A researcher uncovers 57 risky Chrome extensions with a combined 6 million users. AttackIQ shares StrelaStealer simulations. A major live events service provider notifies employees and customers of a data breach. CISA warns of an actively exploited SonicWall vulnerability. An airport retailer agrees to a multi-million dollar settlement stemming from a ransomware attack. A preview of RSAC 2025 with Linda Gray Martin and Britta Glade. Zoom-a-zoom zoom, it’s always DNS. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Today Dave sits down with Linda Gray Martin , Chief of Staff, and Britta Glade , SVP of Content and Communities, from RSAC sharing what is new at RSAC 2025. Selected Reading Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (Bleeping Computer) Bipartisan duo wants to renew 10-year-old cyberthreat information sharing law (The Record) Linux Kernel Vulnerability Let Attackers Escalate Privilege – PoC Released (Cyber Security News) Chrome extensions with 6 million installs have hidden tracking code (Bleeping Computer) Emulating the Stealthy StrelaStealer Malware (AttackIQ) <a href="https://www.securityweek.com/live-events-giant-legends-internatio
S10 E2289 · Thu, April 17, 2025
Microsoft squashes windows server bug.
Microsoft issues emergency updates for Windows Server. Apple releases emergency security updates to patch two zero-days. CISA averts a CVE program disruption. Researchers uncover Windows versions of the BrickStorm backdoor. Atlassian and Cisco patch several high-severity vulnerabilities. An Oklahoma cybersecurity CEO is charged with hacking a local hospital. A Fortune 500 financial firm reports an insider data breach. Researchers unmask IP addresses behind the Medusa Ransomware Group. CISA issues a warning following an Oracle data breach. On our Industry Voices segment, we are joined by Rob Allen, Chief Product Officer at ThreatLocker, to discuss a layered approach to zero trust. Former CISA director Chris Krebs steps down from his role at SentinelOne. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . Industry Voices On our Industry Voices segment, we are joined by Rob Allen , Chief Product Officer at ThreatLocker , to discuss a layered approach to zero trust. Selected Reading New Windows Server emergency updates fix container launch issue (Bleeping Computer) Apple fixes two zero-days exploited in targeted iPhone attacks (Bleeping Computer) CISA Throws Lifeline to CVE Program with Last-Minute Contract Extension (Infosecurity Magazine) MITRE Hackers' Backdoor Has Targeted Windows for Years (SecurityWeek) Vulnerabilities Patched in Atlassian, Cisco Products (SecurityWeek) Edmond cybersecurity CEO accused in major hack at hospital (KOCO News) Fortune 500 firm's ex-employee exposes thousands of clients (Cybernews) Researchers Deanonymized Medusa Ransomware Group's Onion Site (Cyber Security News)</p
Bonus · Thu, April 17, 2025
Is the cyber talent ecosystem broken? [CISO Perspectives]
We're sharing a episode from another N2K show we thought you might like. It's the first episode of the new season of the show CISO Perspectives with Kim Jones. Enjoy! Show Notes: The cyber talent ecosystem faces severe indigestion, which has stifled growth and closed doors to new talent. In this episode of CISO Perspectives, host Kim Jones sits down with Ed Adams , the Head of Cybersecurity for North America at the Bureau Veritas Group , to discuss what has caused this indigestion and how leadership can better address these challenges. A key aspect of this conversation revolved around discussing Ed's book , See Yourself in Cyber: Security Careers Beyond Hacking, and how he expands the conversation surrounding traditional roles associated with cybersecurity. Want more CISO Perspectives?: Check out a companion blog post by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. It’s the perfect follow-up if you’re curious about the cyber talent crunch and how we can reshape the ecosystem for future professionals. Learn more about your ad choices. Visit megaphone.fm/adchoices
S10 E2288 · Wed, April 16, 2025
CVE program gets last-minute lifeline.
The CVE program gets a last-minute reprieve. A federal whistleblower alleges a security breach at the NLRB. Texas votes to spin up their very own Cyber Command. BreachForums suffers another takedown. A watchdog group sues the federal government over SignalGate allegations. The SEC Chair reveals a 2016 hack. ResolverRAT targets the healthcare and pharmaceutical sectors worldwide. Microsoft warns of blue screen crashes following recent updates. On our CertByte segment, Chris Hare is joined by Troy McMillan to break down a question targeting the EC-Council® Certified Ethical Hacker (CEH) exam. 4chan gets Soyjacked. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare , a content developer and project management specialist at N2K . In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by Troy McMillan to break down a question targeting the EC-Council® Certified Ethical Hacker (CEH) exam. Today’s question comes from N2K’s EC-Council Certified Ethical Hacker CEH (312-50) Practice Test . Have a question that you’d like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify.To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro . Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Selected Reading Funding Expires for Key Cyber Vulnerability Database (Krebs on Security) CISA extends funding to ensure 'no lapse in critical CVE services' (Bleeping C
S10 E2287 · Tue, April 15, 2025
OCC breach jolts financial sector.
Some U.S. banks pause electronic communications with the OCC following a major breach of the agency’s email system. Uncertainty spreads at CISA. China accuses three alleged U.S. operatives of conducting cyberattacks during February’s Asian Games. Microsoft Teams suffers filesharing issues. Fraudsters use ChatGPT to create fake passports. Car rental giant Hertz confirms data stolen in last year’s Cleo breach. Researchers describe a novel process injection method called Waiting Thread Hijacking. A new macOS malware-as-a-service threat is being sold on underground forums. A UK man is sentenced to over eight years for masterminding the LabHost phishing platform. Kim Jones joins us with a preview of the newly relaunched CISO Perspective podcast. David Moulton from Unit 42 sits down with Rob Wright, Security News Director at Informa TechTarget for the latest Threat Vector. Fighting the flood of AI generated experts. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Kim Jones joins Dave to launch the newly rebranded CISO Perspectives —formerly CSO Perspectives . We’re excited to welcome a fresh voice to the mic as Kim takes the helm. In this premiere episode, he’s joined by Ed Adams for a candid conversation about the evolving role of the CISO and the big question on everyone’s mind: Is the cyber talent ecosystem broken? Tune in as Kim kicks off this next chapter—same mission, sharper focus, new perspective. Threat Vector Segment The cybersecurity industry is full of headlines, but are we paying attention to the right ones? In this segment of Threat Vector , host David Moulton , Director of Thought Leadership at Unit 42, sits down with Rob Wright , Security News Director at Informa TechTarget, to discuss the stories the industry overlooks, the overhyped AI security fears, and the real risks posed by certificate authorities. You can listen to the full conversation here and catch new episodes of Threat Vector each Thursday on your favorite podcast app. Selected Reading <a href="https://www.bloomberg.com/news/articles/2025-04-14/jpmorgan-bny-limit-
S10 E2286 · Mon, April 14, 2025
AI ambitions clash with cyber caution.
The Department of the Interior removes top cybersecurity and tech officials. The DOJ looks to block foreign adversaries from acquiring sensitive personal data of U.S. citizens. Microsoft issues emergency updates to fix an Active Directory bug. Hackers are installing stealth backdoors on FortiGate devices. Researchers warn of a rise in “Dangling DNS” attacks. A pair of class action lawsuits allege a major adtech firm secretly tracks users online without consent. Google is fixing a 20-year-old Chrome privacy flaw. The Tycoon2FA phishing-as-a-service platform continues to evolve. My guest is Tim Starks from CyberScoop, discussing the latest from CISA and Chris Krebs. Slopsquatting AI totally harshes the supply chain vibe. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Today we are joined by Tim Starks from CyberScoop , and he is discussing the latest with CISA and Chris Krebs. Selected Reading Interior Department Ousts Key Cyber Leaders Amid DOGE Spat (Data Breach Today) US Blocks Foreign Governments from Acquiring Citizen Data (Infosecurity Magazine) Microsoft: New emergency Windows updates fix AD policy issues (Bleeping Origin) Fortinet Issues Fixes After Attackers Bypass Patches to Maintain Access (Hackread) Dangling DNS Attack Let Hackers Gain Control Over Organization’s Subdomain (Cyber Security News) Two Lawsuits Allege The Trade Desk Secretly Violates Consumer Privacy Laws (AdTech) Chrome 136 fixes 20-year browser history privacy risk (Bleeping Computer) Tycoon2FA phishing kit targets Microsoft 365 with new tricks (Bleeping
Bonus · Sun, April 13, 2025
Jennifer Walsmith: Pioneering and defining possible. [Cyber Solutions] [Career Notes]
Please enjoy this encore of Career Notes. Vice President for Cyber and Information Solutions within Mission Systems at Northrop Grumman, Jennifer Walsmith takes us on her pioneering career journey. Following in her father's footsteps at the National Security Agency, Jennifer began her career out of high school in computer systems analysis. Jennifer notes she saw the value of a college degree and at her parents' urging attended night school. She completed her bachelors in computer science at University of Maryland, Baltimore County with the support of the NSA. Jennifer talks about the support of her team at NSA where she was one of the first women to have a career and a family, raising two children while working. Upon retirement from government service, Jennifer chose an organization with values that closely matched her own and uses her position to help her team define possible where they sometimes think they can't. We thank Jennifer for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
S1 E10 · Sat, April 12, 2025
The new malware on the block.
This week, we are sharing an episode of our monthly show, Only Malware in the Building. We invite you to join Dave Bittner and cohost Selena Larson as they explore "The new malware on the block." Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson , Proofpoint intelligence analyst and host of their podcast DISCARDED . Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner —and our newest totally unbiased co-host, Archy, a highly sophisticated AI robot who swears they have no ulterior motives (but we’re keeping an eye on them just in case). Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about the latest shake-ups in the fake update threat landscape , including two new cybercriminal actors, fresh Mac malware, and the growing challenge of tracking these evolving campaigns. Learn more about your ad choices. Visit megaphone.fm/adchoices
S10 E2285 · Fri, April 11, 2025
CISA shrinks while threats grow.
CISA braces for widespread staffing cuts. Russian hackers target a Western military mission in Ukraine. China acknowledges Volt Typhoon. The U.S. signs on to global spyware restrictions. A lab supporting Planned Parenthood confirms a data breach. Threat actors steal metadata from unsecured Amazon EC2 instances. A critical WordPress plugin vulnerability is under active exploitation. A new analysis details a critical unauthenticated remote code execution flaw affecting Ivanti products. Joining us today is Johannes Ullrich, Dean of Research at SANS Technology Institute, with his take on "Vibe Security." Does AI understand, and does that ultimately matter? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Joining us today is Johannes Ullrich , Dean of Research at SANS Technology Institute , discussing "Vibe Security," similar to “Vibe Coding” where security teams overly rely on AI to do their job. Selected Reading Trump administration planning major workforce cuts at CISA (The Record) Cybersecurity industry falls silent as Trump turns ire on SentinelOne (Reuters) Russian hackers attack Western military mission using malicious drive (Bleeping Computer) China Admitted to US That It Conducted Volt Typhoon Attacks: Report (SecurityWeek) US to sign Pall Mall pact aimed at countering spyware abuses (The Record) US lab testing provider exposed health data of 1.6 million people (Bleeping Computer) Amazon EC2 instance metadata targeted in SSRF attacks (SC Media) Vulnerability in OttoKit WordPress Plugin Exploited in the Wild (SecurityWe
S10 E2284 · Thu, April 10, 2025
Former cybersecurity officials lose clearances.
Trump targets former cybersecurity officials. Senator blocks CISA nominee over telecom security concerns. The acting head of NSA and Cyber Command makes his public debut. Escalation of Cyber Tensions in U.S.-China Trade Relations. Researchers evaluate the effectiveness of Large Language Models (LLMs) in automating Cyber Threat Intelligence. Hackers at Black Hat Asia pown a Nissan Leaf. A smart hub vulnerability exposes WiFi credentials. A new report reveals routers’ riskiness. Operation Endgames nabs SmokeLoader botnet users. Our guest is Anushika Babu, Chief Growth Officer at AppSecEngineer, joins us to discuss the creative ways people are using AI. The folks behind the Flipper Zero get busy. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest is Anushika Babu , Chief Growth Officer at AppSecEngineer , joins us to discuss the creative ways people are using AI. Selected Reading Trump Signs Memorandum Revoking Security Clearance of Former CISA Director Chris Krebs (Zero Day) Senator puts hold on Trump's nominee for CISA director, citing telco security 'cover up' (TechCrunch) Infosec experts fear China could retaliate against tariffs with a Typhoon attack (The Register) New US Cyber Command, NSA chief glides in first public appearance (The Record) LARGE LANGUAGE MODELS ARE UNRELIABLE FOR CYBER THREAT INTELLIGENCE (ARXIG) Nissan Leaf Hacked for Remote Spying, Physical Takeover (SecurityWeek) TP-Link IoT Smart Hub Vulnerability Exposes Wi-Fi Credentials (Cyber Security News) Study Identifies 20 Most Vulnerable Connected Devices of 2025 (SecurityWeek) <a href="https://cyber
S10 E2283 · Wed, April 09, 2025
Major breach at the US Treasury’s OCC.
Treasury’s OCC reports a major email breach. Patch Tuesday updates. A critical vulnerability in AWS Systems Manager (SSM) Agent allowed attackers to execute arbitrary code with root privileges. Experts urge Congress to keep strict export controls to help slow China’s progress in AI. A critical bug in WhatsApp for Windows allows malicious code execution.CISA adds multiple advisories on actively exploited vulnerabilities. Insider threat allegations rock a major Maryland medical center. Microsoft’s Ann Johnson from Afternoon Cyber Tea is joined by Jack Rhysider, the creator and host of the acclaimed podcast Darknet Diaries. Feds Aim to Rewrite Social Security Code in Record Time. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest In this episode of Afternoon Cyber Tea , Ann Johnson is joined by Jack Rhysider , the creator and host of the acclaimed podcast Darknet Diaries. You can hear the full conversation here . Be sure to catch new episodes of Afternoon Cyber Tea every other Tuesday on N2K CyberWIre and your favorite podcast app. Selected Reading Treasury's OCC Says Hackers Had Access to 150,000 Emails (SecurityWeek) Microsoft Fixes Over 130 CVEs in April Patch Tuesday (Infosecurity Magazine) Vulnerabilities Patched by Ivanti, VMware, Zoom (SecurityWeek) Fortinet Patches Critical FortiSwitch Vulnerability (SecurityWeek) ICS Patch Tuesday: Vulnerabilities Addressed by Rockwell, ABB, Siemens, Schneider (SecurityWeek) AWS Systems Manager Plugin Vulnerability Let Attackers Execute Arbitrary Code (Cyber Security News) <a href="https://cyberscoop.com/china-deepseek-expor
S10 E2282 · Tue, April 08, 2025
Using AI to sniff out opposition.
Is DOGE using AI to monitor federal employees? Google’s latest Android update addresses two zero-days. Scattered Spider continues its phishing and malware campaigns. Ransomware’s grip is slipping. ToddyCat exploits a critical flaw in ESET products. Oracle privately confirms a legacy system breach. Over 5,000 Ivanti Connect Secure appliances remain exposed online to a critical remote code execution vulnerability. CISA confirms active exploitation of a critical vulnerability in CrushFTP. In our Industry Voices segment, we are joined by Matt Radolec, VP of Incident Response at Varonis, on turning to gamers to to Build Resilient Cyber Teams. AI outphishes human red teams. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest In our Industry Voices segment, we are joined by Matt Radolec , VP of Incident Response, Cloud Operations & SE EU from Varonis , as he is discussing research on “From Gamer to Leader: How to Build Resilient Cyber Teams.” Catch Matt’s keynote at RSAC 2025 on April 30th. Selected Reading Exclusive: Musk's DOGE using AI to snoop on U.S. federal workers, sources say (Reuters) Tariff Wars: The Technology Impact (BankInfo Security) Google Patched Android 0-Day Vulnerability Exploited in the Wild (Cyber Security News) Scattered Spider adds new phishing kit, malware to its web (The Register) Ransomware Underground Faces Declining Relevance (BankInfo Security) <a href="https://www.securityweek.com/eset-vulnerability-exploited-for-stealthy-ma
S13 E2281 · Mon, April 07, 2025
UK Apple showdown gonna be public.
UK court blocks government's attempt to keep Apple encryption case secret. Port of Seattle says last year's breach affected 90,000 people. Verizon Call Filter App flaw exposes millions' call records. Hackers hit Australian pension funds. A global threat hiding in plain sight. Cybercriminals are yelling CAPTCH-ya! Meta retires U.S. fact-checking program. Our guest today is Rob Boyce from Accenture and he’s discussing Advanced Persistent Teenagers (APTeens). And Google’s AI Goes Under the Sea. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Rob Boyce , Global Lead for Cyber Resilience at Accenture , joins to discuss Advanced Persistent Teenagers (APTeens). Advanced Persistent Teenagers (APTeens) have rapidly become a significant enterprise risk by demonstrating capabilities once limited to organized ransomware groups, the threat from juvenile, homegrown threat-actors has risen steadily. Selected Reading UK Effort to Keep Apple Encryption Fight Secret Blocked in Court (Bloomberg) Port of Seattle says ransomware breach impacts 90,000 people (BleepingComputer) Call Records of Millions Exposed by Verizon App Vulnerability (SecurityWeek) Cybercriminals are trying to loot Australian pension accounts in new campaign (The Record) NEPTUNE RAT Attacking Windows Users to Exfiltrate Passwords from 270+ Apps (Cyber Security News) Threat Actors Using Fake CAPTCHAs and CloudFlare Turnstile to Deliver LegionLoader (Cyber Security News) Meta ends its fact-checking program in the US later today, replaces it with Community Notes (Techspot) Suspected
Bonus · Sun, April 06, 2025
Rick Howard: Give people resources. [CSO] [Career Notes]
Please enjoy this encore of Career Notes. Chief Security Officer, Chief Analyst, and Senior Fellow at the CyberWire, Rick Howard, shares his travels through the cybersecurity job space. The son of a gold miner who began his career out of West Point in the US Army, Rick worked his way up to being the Commander of the Army's Computer Emergency Response Team. Rick moved to the commercial sector working for Bruce Schneier running Counterpane's global SOC. Rick's first CSO job was for Palo Alto Networks where he was afforded the opportunity to create the Cybersecurity Canon Hall of Fame and the Cyber Threat Alliance. Upon considering retirement, Rick called up on the CyberWire to ask about doing a podcast and he was hired on to the team. Rick shares a proud moment through a favorite story. We thank Rick for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, April 05, 2025
Bybit’s $1.4B breach. [Research Saturday]
Zach Edwards from Silent Push is discussing their work on "New Lazarus Group Infrastructure, Acquires Sensitive Intel Related to $1.4B ByBit Hack and Past Attacks." Silent Push analysts uncovered significant infrastructure used by the Lazarus APT Group, linking them to the $1.4 billion Bybit crypto heist through the domain bybit-assessment[.]com registered just hours before the attack. The investigation revealed a pattern of test entries, VPN usage, and fake job interview scams targeting crypto users, with malware deployment tied to North Korean threat actor groups like TraderTraitor and Contagious Interview. The team also identified numerous companies being impersonated in these scams, including major crypto platforms like Coinbase, Binance, and Kraken, to alert potential victims. The research can be found here: Silent Push Pivots into New Lazarus Group Infrastructure, Acquires Sensitive Intel Related to $1.4B ByBit Hack and Past Attacks Learn more about your ad choices. Visit megaphone.fm/adchoices
S10 E2280 · Fri, April 04, 2025
A leadership shift.
President Trump fires the head of NSA and Cyber Command. The Health Sector Coordinating Council asks the White House to abandon Biden-era security updates. Senators introduce bipartisan legislation to help fight money laundering. A critical vulnerability has been discovered in the Apache Parquet Java library. The State Bar of Texas reports a ransomware-related data breach. New Android spyware uses a password-protected uninstallation method. A Chinese state-backed threat group exploits a critical Ivanti vulnerability for remote code execution. Today’s guest is Dave Dewalt, Founder and CEO of NightDragon, with the latest trends and outlook from cyber leaders. Malware masquerades as the tax man. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Today’s guest is Dave Dewalt , Founder and CEO of NightDragon , sharing 2024 trends and a 2025 outlook . Selected Reading Haugh fired from leadership of NSA, Cyber Command (The Record) Defense Sec Hegseth in Signalgate Pentagon watchdog probe (The Register) HSCC Urges White House to Shift Gears on Health Cyber Regs (BankInfo Security) Lawmakers seek to close loophole limiting Secret Service investigations into cyber laundering (The Record) Critical Apache Parquet RCE Vulnerability Lets Attackers Run Malicious Code (Cyber Security News) State Bar of Texas Says Personal Information Stolen in Ransomware Attack (SecurityWeek) New Android Spyware That Asks Password From Users to Uninstall (TechCrunch) Chinese State Ha
S10 E2279 · Thu, April 03, 2025
The invisible force fueling cyber chaos.
A joint advisory labels Fast Flux a national security threat. Europol shuts down a major international CSAM platform. Oracle verifies a data breach. A new attack targets Apache Tomcat servers. The Hunters International group pivots away from ransomware. Hackers target Juniper routers using default credentials. A controversy erupts over a critical CrushFTP vulnerability. Johannes Ullrich, Dean of Research at SANS Technology Institute unpacks Next.js. Abracadabra, alakazam — poof! Your credentials are gone. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Johannes Ullrich , Dean of Research at SANS Technology Institute , is discussing Next.js and how similar problems have led to vulnerabilities recently. Selected Reading Fast Flux: A National Security Threat (CISA) Don’t cut CISA personnel, House panel leaders say, as they plan legislation giving the agency more to do (CyberScoop) CSAM platform Kidflix shut down by international operation (The Record) AI Image Site GenNomis Exposed 47GB of Underage Deepfakes (Hackread) Oracle tells clients of second recent hack, log-in data stolen, Bloomberg News reports (Reuters) Hackers Exploiting Apache Tomcat Vulnerability to Steal SSH Credentials & Gain Server Control (Cyber Security News) Hunters International Ransomware Gang Rebranding, Shifting Focus (SecurityWeek) Hackers Actively Scanning for Juniper’s Smart Router With Default Password (Cyber Security News) Details Emerge on CVE Controversy Around Exploited CrushFTP Vulnerability (Securi
S10 E2278 · Wed, April 02, 2025
Chrome & Firefox squash the latest flaws.
Google and Mozilla patch nearly two dozen security flaws. The UK’s Royal Mail Group sees 144GB of data stolen and leaked. A bizarre campaign looks to recruit cybersecurity professionals to hack Chinese websites. PostgreSQL servers with weak credentials have been compromised for cryptojacking. Google Cloud patches a vulnerability affecting its Cloud Run platform. Oracle faces a class-action lawsuit over alleged cloud services data breaches. CISA releases ICS advisories detailing vulnerabilities in Rockwell Automation and Hitachi Energy products. General Paul Nakasone offers a candid assessment of America’s evolving cyber threats. On today’s CertByte segment, a look at the Cisco Enterprise Network Core Technologies exam. Are AI LLMs more like minds or mirrors? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare , a content developer and project management specialist at N2K , we share practice questions from N2K’s suite of industry-leading certification resources, this week, Chris is joined by Troy McMillan to break down a question targeting the Cisco Enterprise Network Core Technologies (350-401 ENCOR) v1.1 exam. Today’s question comes from N2K’s Cisco CCNP Implementing and Operating Cisco Enterprise Network Core Technologies ENCOR (350-401) Practice Test . The ENCOR exam enables candidates to earn the Cisco Certified Specialist - Enterprise Core certification, which can also be used to meet exam requirements for several other Cisco certifications. Have a question that you’d like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify.To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro . Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Additional so
S10 E2277 · Tue, April 01, 2025
Hackers beware, fines are in the air.
The UK unveils the full scope of its upcoming Cyber Security and Resilience Bill. Apple warns of critical zero-day vulnerabilities under active exploitation. The InterLock ransomware group claims responsibility for a cyberattack on National Presto Industries. Microsoft flags a critical vulnerability in Canon printer drivers. Check Point Software confirms a data breach. The FTC warns 23andMe’s bankruptcy trustees to uphold their privacy obligations. A Canadian hacker has been arrested and charged for allegedly breaching systems tied to the Texas Republican Party. A GCHQ intern pleads guilty to stealing top-secret data. On our Threat Vector segment, host David Moulton from Palo Alto Networks speaks with Richu Channakeshava, Senior Product Manager at Palo Alto Networks, about the urgent need for organizations to prepare for a post-quantum world. The confabulous hallucinations of AI. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . Threat Vector Segment Host David Moulton from Palo Alto Networks Threat Vector podcast asks “Is the Quantum Threat Closer Than You Think?” on the latest segment of Threat Vector. Quantum computing is advancing fast, and with it comes a major cybersecurity risk—the potential to break today’s encryption standards. David speaks with Richu Channakeshava , Senior Product Manager at Palo Alto Networks, about the urgent need for organizations to prepare for a post-quantum world. You can catch the full discussion here . Be sure to listen to new episodes of Threat Vector every Thursday on your favorite podcast app. Selected Reading UK threatens £100K-a-day fines under new cyber bill (The Register) Apple Warns of Three 0-Day Vulnerabilities Actively Exploited in Attacks (Cyber Security News) Ransomware Group Takes Credit for National Presto Industries Attack (SecurityWeek) Critical Vulnerability Found in Canon Printer Drivers (SecurityWeek)<
S10 E2276 · Mon, March 31, 2025
Ransom demands and medical data for sale.
A cyberattack targeting Oracle Health compromises patient data. The DOJ nabs over $8 million tied to romance scams. Trend Micro examines a China-linked APT group conducting cyber-espionage. A new Android banking trojan called Crocodilus has emerged. North Korea’s Lazarus Group targets job seekers in the crypto industry. CISA IDs a new malware variant targeting Ivanti Connect Secure appliances. Maria Varmazis, host of N2K’s T-Minus Space Daily show chats with Jake Braun, former White House Principal Deputy National Cyber Director and chairman of DEF CON Franklin. They discuss designating space as critical infrastructure. Nulling out your pizza payment. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Maria Varmazis , host of N2K’s T-Minus Space Daily show sits down with Jake Braun , former White House Principal Deputy National Cyber Director and chairman of DEF CON Franklin, and they discuss designating space as critical infrastructure and sharing an overview of its attack surface. Selected Reading Oracle Health breach compromises patient data at US hospitals (Bleeping Computer) Oracle Warns Health Customers of Patient Data Breach (Bloomberg) Critical Condition: Legacy Medical Devices Remain Easy Targets for Ransomware (SecurityWeek) U.S. seized $8.2 million in crypto linked to 'Romance Baiting' scams (Bleeping Computer) DOJ Seizes USD 8.2M Tied to Pig Butchering Scheme (TRM Labs) Earth Alux Hackers Employ VARGIET Malware to Attack Organizations (Cyber Security News) 'Crocodilus' Android Banking Trojan Allows Device Takeover, Data Theft (Secur
Bonus · Sun, March 30, 2025
Alyssa Miller: We have to elevate others. [BISO] [Career Notes]
Please enjoy this encore episode of Career Notes. Business Information Security Officer at S&P Global Ratings, Alyssa Miller, joins us to talk about her journey to become a champion to create a welcoming nature and acceptance of diversity in the cybersecurity community. Starting her first full-time tech position while still in college, Alyssa noted the culture shock being in both worlds. Entering as a programmer and then moving to pen testing where she got her start in security, Alyssa grew into a leader who is committed to elevating those around her. Some stumbling blocks along the way gave her pause and helped point her in her current role where Alyssa works to bring more diverse views to improve the problem-solving in the space, something she sees as a key to success for the industry. We thank Alyssa for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, March 29, 2025
Breaking barriers, one byte at a time. [Research Saturday]
This week, we are joined by Jon Williams , Vulnerability Researcher from Bishop Fox , discussing "Tearing Down (Sonic)Walls: Decrypting SonicOSX Firmware." Bishop Fox researchers reverse-engineered the encryption protecting SonicWall SonicOSX firmware, enabling them to access its underlying file system for security research. They presented their process and findings at DistrictCon Year 0 and released a tool called Sonicrack to extract keys from VMware virtual machine bundles, facilitating the decryption of VMware NSv firmware images. This research builds upon previous work, including techniques to decrypt static NSv images and reverse-engineer other encryption formats used by SonicWall. The research can be found here: Tearing Down (Sonic)Walls: Decrypting SonicOSX Firmware Learn more about your ad choices. Visit megaphone.fm/adchoices
Fri, March 28, 2025
New sandbox escape looks awfully familiar.
Mozilla patches Firefox flaw similar to actively exploited Chrome vulnerability. Russia-based RedCurl gang deploys ransomware for the first time. Ukraine's railway operator recovers from cyberattack. India cracks down on Google’s billing monopoly. Morphing Meerkat's phishing kit abuses DNS mail exchange records. 300,000 attacks in three weeks. Our guest is Chris Wysopal, Founder and Chief Security Evangelist of Veracode, who sits down with Dave to discuss the increase in the average fix time for security flaws. And Liz Stokes joins with another Fun Fact Friday. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Chris Wysopal , Founder and Chief Security Evangelist of Veracode , discussing increase in the average fix time for security flaws and percent of organizations that carry critical security debt for longer than a year. Selected Reading After Chrome patches zero-day used to target Russians, Firefox splats similar bug (The Register) Microsoft fixes Remote Desktop issues caused by Windows updates (Bleeping Computer) Firefox fixes flaw similar to Chrome zero-day used against Russian organizations (The Record) RedCurl's Ransomware Debut: A Technical Deep Dive (Bitdefender) Ukraine’s state railway restores online ticket sales after major cyberattack (The Record) Google App Store Billing Policy Anti-Competitive, India Court Rules (Bloomberg) Morphing Meerkat PhaaS Platform Spoofs 100+ Brands - Infosecurity Magazine (Infosecurity Magazine) Fresh Grandoreiro Banking Trojan Campaigns Target Latin America, Europe (SecurityWeek) <a href="https:
S10 E2274 · Thu, March 27, 2025
FamousSparrow’s sneaky resurgence.
China’s FamousSparrow is back. A misconfigured Amazon S3 bucket exposes data from an Australian fintech firm. Researchers uncover a sophisticated Linux-based backdoor targeting industrial systems. Infiltrating the BlackLock Ransomware group’s infrastructure. Solar inverters in the security spotlight. Credential stuffing gets automated. CISA updates the Known Exploited Vulnerabilities catalog. The UK’s NCA warns of online groups involved in sadistic cybercrime and real-world violence. Authorities arrest a dozen individuals linked to the now-defunct Ghost encrypted communication platform. Our guest is Tal Skverer, Research Team Lead from Astrix, discussing the OWASP NHI Top 10 framework. Remembering our friend Matt Stephenson. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest We are joined by Tal Skverer , Research Team Lead from Astrix , who is discussing the OWASP NHI Top 10 framework and how teams can use these as they implement NHIs into their systems. Selected Reading Chinese Spy Group FamousSparrow Back with a Vengeance, Targets US (Infosecurity Magazine) Aussie Fintech Vroom Exposes Thousands of Records After AWS Misconfiguration (HackRead) New Sophisticated Linux Backdoor Targets OT Systems via 0-Day RCE Exploit (GB Hackers) Blacklock Ransomware: A Late Holiday Gift with Intrusion into the Threat Actor's Infrastructure (Resecurity) Dozens of solar inverter flaws could be exploited to attack power grids (Bleeping Computer) Threat Actors Using Powerful Cybercriminal Weapon 'Atlantis AIO' to Automate Credential Stuffing Attacks (Cyber Security News) CISA Adds of Sitecore CMS Code Execution Vulnerability to List of Kn
S10 E2273 · Wed, March 26, 2025
No click, all tricks.
Researchers uncover a new Windows zero-day. A covert Chinese-linked network targets recently laid-off U.S. government workers. Malicious npm packages are found injecting persistent reverse shell backdoors. A macOS malware loader evolves. DrayTek router disruptions affect users worldwide. A new report warns of growing cyber risks to the commercial space sector. CISA issues four ICS advisories. U.S. Marshals arrest a key suspect in a multi million dollar cryptocurrency heist. Our guest is Brian Levine, Co-Founder and CEO of FormerGov.com, speaking about creating a networking directory for former government and military professionals. The UK’s NCSC goes full influencer to promote 2FA. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Brian Levine , Co-Founder and CEO of FormerGov.com , speaking about the importance of networking and creating a directory for former government and military professionals. Selected Reading New Windows 0-Day Vulnerability Let Remote Attackers Steal NTLM Credentials - Unofficial Patch (cybersecuritynews) Exclusive: Secretive Chinese network tries to lure fired federal workers, research shows (Reuters ) New npm attack poisons local packages with backdoors (bleepingcomputer) macOS Users Warned of New Versions of ReaderUpdate Malware (securityweek) DrayTek Routers Vulnerability Exploited in the Wild – Possibly Links to Reboot Loop (cybersecuritynews) ENISA Probes Space Threat Landscape in New Report (Infosecurity Magazine) CISA Warns of Four Vulnerabilities, and
S10 E2272 · Tue, March 25, 2025
The nightmare you can’t ignore.
Critical Remote Code Execution vulnerabilities affect Kubernetes controllers. Senior Trump administration officials allegedly use unsecured platforms for national security discussions. Even experts like Troy Hunt get phished. Google acknowledges user data loss but doesn’t explain it. Chinese hackers spent four years inside an Asian telecom firm. SnakeKeylogger is a stealthy, multi-stage credential-stealing malware. A cybercrime crackdown results in over 300 arrests across seven African countries. Ben Yelin, Caveat co-host and Program Director, Public Policy & External Affairs at the University of Maryland Center for Health and Homeland Security, joins to discuss the Signal national security leak. Pew Research Center figures out how its online polling got slightly forked. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest We are joined by Ben Yelin , Caveat co-host and Program Director, Public Policy & External Affairs at the University of Maryland Center for Health and Homeland Security , on the Signal national security leak. Selected Reading IngressNightmare: critical Kubernetes vulnerabilities in ingress NGINX controller (Beyond Machines) Remote Code Execution Vulnerabilities in Ingress NGINX (Wiz) Ingress-nginx CVE-2025-1974: What You Need to Know (Kubernetes) Trump administration is reviewing how its national security team sent military plans to a magazine editor (NBC News) The Trump Administration Accidentally Texted Me Its War Plans (The Atlantic) How Russian Hackers Are Exploiting Signal 'Linked Devices' Feature for Real-Time Spying (SecurityWeek)<
S10 E2271 · Mon, March 24, 2025
Scammers celebrate with a bang.
Money laundering runs rampant in Cambodia. Privacy advocates question a new data sharing EO from the White House. An NYU website hack exposes the data of millions. A game demo gets pulled from Steam after users report infostealing malware. The Cloak ransomware group claims a cyberattack on the Virginia Attorney General’s Office. 23andMe files for Chapter 11 bankruptcy. Medusa ransomware is using a malicious driver to disable security tools on infected systems. Clearview AI settles a class-action lawsuit over privacy violations. A look back at the CVE program. In today’s Industry Voices segment, we are joined by Joe Ryan, Head of Customer Enablement at Maltego Technologies, who is highlighting how to help analysts in resource-constrained environments overcome training gaps and use investigative tools more effectively. Luring AI bots into the digital labyrinth. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest In today’s Industry Voices segment, we are joined by Joe Ryan , Head of Customer Enablement at Maltego Technologies , who is highlighting how to help analysts in resource-constrained environments overcome training gaps and use investigative tools more effectively. Selected Reading How Scammers Launder Money and Get Away With It (New York Times) Trump order on information sharing appears to have implications for DOGE and beyond (The Record) Over 3 million applicants’ data leaked on NYU’s website (Washington Square News) Steam pulls game demo infecting Windows with info-stealing malware (Bleeping Computer) Ransomware Group Claims Attack on Virginia Attorney General’s Office (SecurityWeek) <a href="https://www.nytimes.com/2025/03/24/business/23andme-bankruptcy.html?unlocked_article_code=1.6U4.rMSp.hq7gq
Bonus · Sun, March 23, 2025
Andrew Hammond: Understanding the plot. [Historian and Curator] [Career Notes]
Please enjoy this encore of Career Notes. Historian and Curator at the International Spy Museum. Dr. Andrew Hammond, shares how he came to share the history of espionage and intelligence as a career. Starting out in the Royal Air Force when 9/11 happened, Andrew found himself trying to understand what was going on in the world. Studying history and international relations gave him some perspective and led him on his career path which included an introduction to museum industry at the 9/11 Museum. After a stint in academia in the UK, Andrew found his way back to the US and eventually ended up at the International Spy Museum in Washington, DC. He said one of the "greatest parts of the job being able to engage with the artifacts" and share their stories. We thank Andrew for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
S9 E370 · Sat, March 22, 2025
Excel-lerating cyberattacks. [Research Saturday]
This week, we are joined by Tom Hegel , Principal Threat Researcher from SentinelLabs research team, to discuss their work on "Ghostwriter | New Campaign Targets Ukrainian Government and Belarusian Opposition." The latest Ghostwriter campaign, linked to Belarusian government espionage, is actively targeting Ukrainian military and government entities as well as Belarusian opposition activists using weaponized Excel documents. SentinelLabs identified new malware variants and tactics, including obfuscated VBA macros that deploy malware via DLL files, with payload delivery seemingly controlled based on a target’s location and system profile. The campaign, which began preparation in mid-2024 and became active by late 2024, appears to be an evolution of previous Ghostwriter operations, combining disinformation with cyberattacks to further political and military objectives. The research can be found here: Ghostwriter | New Campaign Targets Ukrainian Government and Belarusian Opposition Learn more about your ad choices. Visit megaphone.fm/adchoices
S10 E2270 · Fri, March 21, 2025
Brute force and broken trust.
Over 150 government database servers are dangerously exposed to the internet. Threat actors are exploiting a vulnerability in CheckPoint’s ZoneAlarm antivirus software. Albabat ransomware goes cross-platform. ESET reports on the Chinese Operation FishMedley campaign. VanHelsing ransomware targets Windows systems in the U.S. and France. CISA issues five ICS advisories warning of high-severity vulnerabilities across critical infrastructure systems. A former NFL coach is indicted for allegedly hacking into the accounts of thousands of college athletes. Brandon Karpf joins us with a look at cyberspace in space. A fraud detection firm gets shut down for fraud. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Brandon Karpf , friend of N2K CyberWire, joins T-Minus Space Daily host Maria Varmazis for the Space and Cyber March segment. Selected Reading Over 150 US Government Database Servers Vulnerable to Internet Exposure (GB Hackers) White House Shifting Cyber Risk to State and Local Agencies (Data Breach Today) Cybercriminals Exploit CheckPoint Driver Flaws in Malicious Campaign (Infosecurity Magazine) Albabat Ransomware Attacking Windows, Linux & macOS by Leveraging GitHub (Cyber Security News) Chinese I-Soon Hackers Hit 7 Organizations in Operation FishMedley (SecurityWeek) VanHelsing Ransomware Attacking Windows Systems With New Evasion Technique & File Extension (Cyber Security News) CISA Releases Five Industrial Control Systems Advisories Covering Vulnerabilities & Exploits (Cyber Security News) Former NFL, Michigan Assi
S10 E2269 · Thu, March 20, 2025
Can’t escape RCE flaws.
Veeam patches a critical vulnerability in its Backup & Replication software. A spyware data breach highlights ongoing risks. Clearview AI attempted to purchase sensitive data such as Social Security numbers and mug shots. The Netherlands’ parliament looks to reduce reliance on U.S. software firms. A Pennsylvania union notifies over 517,000 individuals of a data breach. Researchers discover a RansomHub affiliate deploying a new custom backdoor called Betruger. A new info-stealer spreads through game cheats and cracks. David Wiseman, Vice President of Secure Communications at BlackBerry, joins us to explore how organizations can effectively implement CISA’s encrypted communications guidelines. What to do when AI casually accuses you of murder? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest David Wiseman , Vice President of Secure Communications at BlackBerry , joins us to explore how organizations can effectively implement CISA’s encrypted communications guidelines. Don’t miss the full conversation—listen now on the Caveat podcast! Selected Reading Veeam Patches Critical Vulnerability in Backup & Replication (SecurityWeek) The Citizen Lab’s director dissects spyware and the ‘proliferating’ market for it (The Record) Data breach at stalkerware SpyX affects close to 2 million, including thousands of Apple users (TechCrunch) Facial Recognition Company Clearview Attempted to Buy Social Security Numbers and Mugshots for its Database (404 Media) Dutch parliament calls for end to dependence on US software companies (Yahoo) Pennsylvania education union data breach hit 500,000 people (Bleeping Computer) <a href="https://cybersecuritynews.com/ransomhub-a
S10 E2268 · Wed, March 19, 2025
Remote hijacking at your fingertips.
A critical vulnerability could let attackers hijack and potentially disable vulnerable servers. Europol warns of a “shadow alliance” between state-backed threat actors and cybercriminals. Sekoia examines ClearFake. A critical PHP vulnerability is under active exploitation. A sophisticated scareware phishing campaign has shifted its focus to macOS users. Phishing as a service attacks are on the rise. A new jailbreak technique bypasses security controls in popular LLMs. Microsoft has uncovered StilachiRAT. CISA confirms active exploitation of a critical Fortinet vulnerability. On our CertByte segment, Chris Hare is joined by Troy McMillan to break down a question targeting the ISACA® Certified Information Security Manager® (CISM®) exam. AI coding assistants get all judgy. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare , a content developer and project management specialist at N2K , we share practice questions from N2K’s suite of industry-leading certification resources. This week, Chris is joined by Troy McMillan to break down a question targeting the ISACA® Certified Information Security Manager® (CISM®) exam. Today’s question comes from N2K’s ISACA® Certified Information Security Manager® (CISM®) Practice Test . The CISM exam helps to affirm your ability to assess risks, implement effective governance, proactively respond to incidents and is the preferred credential for IT managers, according to ISACA.To learn more about this and other related topics under this objective, please refer to the following resource: CISM Review Manual, 15th Edition, 1.0, Information Security Governance, Introduction. Have a question that you’d like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Additional source:<a hre
S10 E2267 · Tue, March 18, 2025
Tomcat got your server?
An Apache Tomcat vulnerability is under active exploitation. CISA rehires workers ousted by DOGE. Lawmakers look to protect rural water systems from cyber threats. Western Alliance Bank notifies 22,000 individuals of a data breach. A new cyberattack method called BitM allows hackers to bypass multi-factor authentication. A Chinese cyberespionage group targets Central European diplomats. A new cyberattack uses ChatGPT infrastructure to target the financial sector and U.S. government agencies. Australia sues a major securities firm over inadequate protection of customer data. Our Threat Vector segment examines how unifying security capabilities strengthens cyber resilience. Cybercriminals say, “Get me Edward Snowden on the line!” Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . Threat Vector Segment Security platformization is transforming the way organizations defend against cyber threats. In this episode of Threat Vector, host David Moulton speaks with Carlos Rivera , Senior Analyst at Forrester, about how unifying security capabilities strengthens cyber resilience. To listen to the full discussion, please check out the episode here or on your favorite podcast app, and tune in to new episodes of Threat Vector by Palo Alto Networks every Thursday. Selected Reading Critical Apache Tomcat RCE Vulnerability Exploited in Just 30hrs of Public Exploit (Cyber Security News) CISA Rehires Fired Employees, Immediately Puts Them on Leave (GovInfo Security) Western Alliance Bank Discloses Data Breach Linked to Cleo Hack (SecurityWeek) New BitM Attack Lets Hackers Steal User Sessions Within Seconds (Cyber Security News) US Lawmakers Reintroduce Bill to Boost Rural Water Cybersecurity (SecurityWeek) <a href="https://www.govinfosec
S10 E2266 · Mon, March 17, 2025
A reel disaster for GitHub.
A phishing campaign targets nearly 12,000 GitHub repositories. The BlackLock ransomware group is one to watch. A federal judge orders reinstatement of workers at CISA. Over 100 car dealership websites suffer a supply chain attack, and Hellcat breaches Jaguar Land Rover. Researchers uncover a major vulnerability affecting RSA encryption keys. A Life Insurance Company notifies 355,500 individuals of a December 2024 data breach. A researcher releases a decryptor for Akira ransomware. A new mapping database aims to help NGOs and high-risk individuals find security tools. Tim Starks from CyberScoop reports that trade groups fear a cybersecurity blackout if a key panel and vital cyber law aren’t renewed. A fundamental shift of our understanding of hash tables. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Today our guest is Tim Starks from CyberScoop is discussing how " Trade groups worry information sharing will worsen without critical infrastructure panel, CISA law renewal ." Selected Reading Fake "Security Alert" issues on GitHub use OAuth app to hijack accounts (Bleeping Computer) BlackLock Ransomware Strikes Over 40 Organizations in Just Two Months (GB Hackers) Federal Judges Block Trump's Mass Firings of Federal Workers (BankInfo Security) 100 Car Dealerships Hit by Supply Chain Attack (SecurityWeek) Jaguar Land Rover Breached by HELLCAT Ransomware Group using Jira Credentials (Cyber Security News) Millions Of RSA Key Exposes Serious Flaws That Can Be Exploited (Cyber Security News) Insurer Notifying 335,500 Customers, Agents, Others of Hack (BankInfo Security) <a href="
Bonus · Sun, March 16, 2025
Ingrid Toppelberg: Knowing how to take risks will pay off. [Cybersecurity education] [Career Notes]
Please enjoy this encore of Career Notes. Chief Product Officer at Cybint Solutions, Ingrid Toppelberg, shares her journey from consulting to bootcamp coach and cybersecurity education. As a young girl, Ingrid wanted to do everything from being a teacher to the head of the World Bank. After consulting for several years, Ingrid found cybersecurity. What she found fascinating about the cyber world is how important it is for absolutely everyone at all levels to know about cybersecurity. Ingrid also develops and conducts bootcamps to reskill displaced people into cybersecurity. Ingrid says to those interested in cyber, "just do it. We need different kinds of minds in cyber keeping us safe." We thank Ingrid for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sun, March 16, 2025
Trailblazers in Cybersecurity: Lessons from the Women Leading the Charge
We thought you might enjoy this episode of Threat Vector podcast from the N2K CyberWIre network as we continue our observance of Women's History Month. You can catch new episodes of Threat Vector every Thursday here and on your favorite podcast app. In this special Women’s History Month episode of Threat Vector, host David Moulton speaks with four trailblazing women in cybersecurity who are shaping the industry: Kristy Friedrichs , Chief Partnerships Officer; Tanya Shastri , SVP of Product Management; Sama Manchanda , Consultant at Unit 42; and Stephanie Regan , Principal Technical Architect at Unit 42. They share their journeys into cybersecurity, discuss the challenges they faced, and offer insights on leadership, innovation, and mentorship. From AI-driven security to digital forensics, these women have made a lasting impact. Tune in to hear their advice for the next generation and why cybersecurity remains one of the most exciting and dynamic fields to be in today. Join the conversation on our social media channels: Website : https://www.paloaltonetworks.com/ Threat Research: https://unit42.paloaltonetworks.com/ Facebook: https://www.facebook.com/LifeatPaloAltoNetworks/ LinkedIn: https://www.linkedin.com/company/unit42/ YouTube: @paloaltonetworks Twitter: https://twitter.com/PaloAltoNtwks About Threat Vector Threat Vector by Palo Alto Networks is your premier podcast for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends. The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers.
Bonus · Sat, March 15, 2025
The ransomware clones of HellCat & Morpheus. [Research Saturday]
Jim Walter, Senior Threat Researcher on SentinelLabs research team, to discuss their work on "HellCat and Morpheus | Two Brands, One Payload as Ransomware Affiliates Drop Identical Code." Over the past six months, new ransomware groups like FunkSec, Nitrogen, and Termite have emerged, while established threats such as Cl0p and LockBit 4.0 have resurfaced. Two prominent Ransomware-as-a-Service (RaaS) operations, HellCat and Morpheus, have gained traction, with research indicating that affiliates of both are using nearly identical ransomware payloads. Despite similarities in their encryption techniques and ransom notes, there is no conclusive evidence linking HellCat and Morpheus to the Underground Team, though shared tools or affiliates may be involved. The research can be found here: HellCat and Morpheus | Two Brands, One Payload as Ransomware Affiliates Drop Identical Code Learn more about your ad choices. Visit megaphone.fm/adchoices
S10 E2265 · Fri, March 14, 2025
Balancing budget cuts and cybersecurity.
The White House is urging federal agencies not to lay off cybersecurity teams. Google doesn’t deny receiving a secret legal order from the UK government. Microsoft researchers identify a simple method to bypass AI safety guardrails. Scammers are impersonating the Clop ransomware gang. Cisco issues security advisories for multiple IOS XR vulnerabilities. CISA warns of multiple ICS security issues. A LockBit ransomware developer has been extradited to the U.S. GCHQ’s former director calls for stronger cybersecurity collaboration. Rick Howard and Kim Jones pass the mic for the CISO Perspectives podcast. Sniffing out Stingrays. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Today, we have Dave speaking with Rick Howard , a friend of the show, and Kim Jones , a veteran CISO, educator, and expert in the field, as Rick passes the mic to Kim for a brand new season of CISO Perspectives , formerly CSO Perspectives. Selected Reading White House instructs agencies to avoid firing cybersecurity staff, email says (Reuters) Elon Musk Made Visit to U.S. Spy Agency (Wall Street Journal) Google refuses to deny it received encryption order from UK government (The Record) New Context Compliance Exploit Jailbreaks Major AI Models (GB Hackers) Fraudsters Impersonate Clop Ransomware to Extort Businesses (Infosecurity Magazine) Cisco Warns of IOS XR Software Vulnerability Let Attackers Trigger DoS condition (Cyber Security News) CISA Releases Thirteen Industrial Control Systems Focusing Vulnerabilities & Exploits (Cyber Security News)</
S10 E2264 · Thu, March 13, 2025
FCC draws the line on Chinese tech threats.
The FCC looks to counter Chinese cyber threats. Turmoil at CISA. Volt Typhoon infiltrated a power utility for over 300 days. Europe takes the lead at Ukraine’s annual cyber conference. Facebook discloses a critical vulnerability in FreeType. A new Android spyware infiltrated the Google Play store. Our guest is Alvaro Alonso Ruiz, Co-Founder and CCO of Leanspace, who is discussing software in space with T-Minus Space Daily host Maria Varmazis. A UK hospital finds thousands of unwelcome guests on their network. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Today our guest is Alvaro Alonso Ruiz , Co-Founder and CCO of Leanspace , who is discussing software in space with T-Minus Space Daily host Maria Varmazis . Selected Reading US communications regulator to create council to counter China technology threats (Financial Times) ‘People Are Scared’: Inside CISA as It Reels From Trump’s Purge (WIRED) CISA cuts $10 million annually from ISAC funding for states amid wider cyber cuts (The Record) Arizona Secretary of State Proposes Alternative to Defunded National Election Security Program (Democracy Docket) China's Volt Typhoon Hackers Dwelled in US Electric Grid for 300 Days (SecurityWeek) Chinese cyberspies backdoor Juniper routers for stealthy access (Bleeping Computer) At Ukraine’s major cyber conference, Europe takes center stage over US (The Record) Facebook discloses FreeType 2 flaw exploited in attacks (Bleeping Computer) <a href="https://www.bleep
S10 E2263 · Wed, March 12, 2025
Will Plankey lead CISA to victory?
The White House names their nominee for CISA’s top spot. Patch Tuesday updates. Apple issues emergency updates for a zero-day WebKit vulnerability. Researchers highlight advanced MFA-bypassing techniques. North Korea's Lazarus Group targets cryptocurrency wallets and browser data. Our guest today is Rocco D’Amico of Brass Valley discussing hidden risks in retired devices and reducing data breach threats. Making sense of the skills gap paradox. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Joining us today is Rocco D’Amico of Brass Valley discussing hidden risks in retired devices and reducing data breach threats. Selected Reading Trump nominates Sean Plankey as new CISA director (Tech Crunch) CISA worker says 100-strong red team fired after DOGE action (The Register) March 2025 Patch Tuesday: Microsoft Fixes 57 Vulnerabilities, 7 Zero-Days (Hackread) ICS Patch Tuesday: Advisories Published by CISA, Schneider Electric, Siemens (SecurityWeek) CISA Warns of Microsoft Windows Management Console (MMC) Vulnerability Exploited in Wild (Cyber Security News) Apple WebKit Zero-Day Vulnerability Actively Exploit in High Profile Cyber Attacks (Cyber Security News) Hackers Using Advanced MFA-Bypassing Techniques To Gain Access To User Account (Cyber Security News) North Korean Lazarus hackers infect hundreds via npm packages (Bleeping Computer) Welcome to the skills gap paradox (Computing) Share your feedback.
S10 E2262 · Tue, March 11, 2025
X marks the hack.
X-Twitter had multiple waves of outages yesterday. Signal’s president warns against agentic AI. A new lawsuit alleges DOGE bypassed critical security safeguards. Is the Five Eyes Alliance fraying? The Minja attack poisons ai memory through user interaction. Researchers report increased activity from the SideWinder APT group. A critical Veritas vulnerability enables remote code execution. A Kansas healthcare provider breach exposes 220,000 patients’ data. New York sues Allstate over data exposure in insurance websites. CISA warns of critical Ivanti and VeraCode vulnerabilities. FTC to refund $25.5 million to victims of tech support scams. On our Industry Voices segment, we are joined by Gerald Beuchelt, CISO at Acronis, who is discussing how threat research and intelligence matter to MSPs. The UK celebrates a record-breaking CyberFirst Girls Competition. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On our Industry Voices segment, we are joined by Gerald Beuchelt , CISO at Acronis , who is discussing how threat research and intelligence matter to MSPs. Selected Reading Hackers Take Credit for X Cyberattack (SecurityWeek) X users report login troubles as Dark Storm claims cyberattack (Malwarebytes) Signal President Meredith Whittaker calls out agentic AI as having 'profound' security and privacy issues (TechCrunch) Lawsuit Says DOGE Is Ignoring Key Social Security Data Rules (BankInfo Security) As Trump pivots to Russia, allies weigh sharing less intel with U.S. (NBC News) MINJA sneak attack poisons AI models for other chatbot users (The Register) SideWinder APT Group Attacking Military & Government
S2 E74 · Tue, March 11, 2025
software bill of materials (SBOM) (noun) [Word Notes]
Please enjoy this encore of Word Notes. A formal record containing the details and supply chain relationships of various components used in building software. Learn more about your ad choices. Visit megaphone.fm/adchoices
S10 E2261 · Mon, March 10, 2025
PHP flaw sparks global attack wave.
PHP exploits are active in the wild. Security researchers discover undocumented commands in a popular Wi-Fi and Bluetooth-enabled microcontroller. The ONCD could gain influence in this second Trump administration. The Akira ransomware gang leverages an unsecured webcam. Mission, Texas declares a state of emergency following a cyberattack. The FBI and Secret Service confirm crypto-heists are linked to the 2022 LastPass breach. A popular home appliance manufacturer suffers a cyberattack. Switzerland updates reporting requirements for critical infrastructure operators. Our guest is Errol Weiss, Chief Security Officer at the Health-ISAC, who warns “the cavalry isn’t coming—why the private sector must take the lead in critical infrastructure cybersecurity.” A termination kill switch leads to potential jail time. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Today, we have Errol Weiss , Chief Security Officer at the Health-ISAC , sharing his take “the cavalry isn’t coming—why the private sector must take the lead in critical infrastructure cybersecurity.” Selected Reading Mass Exploitation of Critical PHP Vulnerability Begins (SecurityWeek) Undocumented commands found in Bluetooth chip used by a billion devices (Bleeping Computer) White House cyber director’s office set for more power under Trump, experts say (The Record) Ransomware gang encrypted network from a webcam to bypass EDR (Bleeping Computer) Texas border city declares state of emergency after cyberattack on government systems (The Record) Feds Link $150M Cyberheist to 2022 LastPass Hacks (Krebs on Security) Home appliance company Presto says cyberattack causing delivery delays (The Record) <a href="https://www.infosecurity-magazin
Bonus · Sun, March 09, 2025
Peter Baumann: Adding value to data. [CEO] [Career Notes]
Please enjoy this encore of Career Notes. CEO of ActiveNav, Peter Baumann, takes us on his career journey from minor home electrical experiments to the business of data discovery. He began his career as an electrical engineer, but felt an entrepreneurial spirit was part of his makeup. Following his return to college to study business and finance, Peter talks about being set on the path to shine the light on the data to provide discovery capability. To those interested in the field, he suggests having a broad familiarity of different approaches. We thank Peter for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, March 08, 2025
Botnet’s back, tell a friend. [Research Saturday]
This week we are joined by Silas Cutler , Principal Security Researcher at Censys , asking the important question of "Will the Real Volt Typhoon Please Stand Up?" The FBI's disruption of the KV Botnet in December 2023, attributed to the Chinese threat group Volt Typhoon, targeted infected systems but did not affect the botnet's control infrastructure. Despite law enforcement efforts and technical exposure, the botnet's infrastructure has remained largely stable, with only changes in hosting providers, raising questions about whether another party operates the botnet. Censys scanning data from 2024 shows a shift in the botnet's control servers, indicating a response to disruption attempts, while the botnet's operators have shown limited efforts to obscure their infrastructure. The research can be found here: Will the Real Volt Typhoon Please Stand Up? Learn more about your ad choices. Visit megaphone.fm/adchoices
S10 E2260 · Fri, March 07, 2025
The end of the line for Garantex.
Law enforcement shutters Garantex crypto exchange. NTT discloses breach affecting corporate customers. Malvertising campaign hits nearly a million devices. AI’s role in Canada’s next election. Scammers target Singapore’s PM in AI fraud. Botnets exploit critical IP camera vulnerability. In our International Women's Day and Women’s History Month special, join Liz Stokes as she shares the inspiring stories of women shaping the future of cybersecurity. And how did Insider threats turn a glitch into a goldmine? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest In this special International Women’s Day edition, we shine a spotlight on the incredible women in and around our network who are shaping the future of cybersecurity. Join Liz Stokes as we celebrate Selena Larson , Threat Researcher at Proofpoint , and co-host of Only Malware in the Building , Gianna Whitver , CEO & Co-Founder of the Cybersecurity Marketing Society and co-host of the Breaking Through in Cybersecurity Marketing podcast, Maria Velasquez , Chief Growth Officer & Co-Founder of the Cybersecurity Marketing Society and co-host of the Breaking Through in Cybersecurity Marketing podcast, Chris Hare , Project Management Specialist and Content Developer at N2K Networks , and host of CertByte, Ann Lang , Project Manager at N2K Networks , Jennifer Eiben , Executive Producer at N2K Networks , and Maria Varmazis , host of the T-Minus Space Daily s
S10 E2259 · Thu, March 06, 2025
From China with love (and Malware).
US Justice Department charges employees of Chinese IT contractor i-Soon. Silk Typhoon targets the IT supply chain for initial access. Chrome extensions that change shape. Attackers target airflow misconfigurations. LibreOffice vulnerability opens the door to script-based attacks. NSO group leaders face charges in spyware case. Today, our own Dave Bittner is our guest as he appeared on the Adopting Zero Trust podcast at ThreatLocker’s Zero Trust World 2025 event with hosts Elliot Volkman and Neal Dennis and guest Dr. Chase Cunningham. And turning $1B into thin air. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Today, our own Dave Bittner is in our guest spot as he appeared on the Adopting Zero Trust podcast at ThreatLocker ’s Zero Trust World 2025 event with hosts Elliot Volkman and Neal Dennis and guest Dr. Chase Cunningham aka Dr. Zero Trust. Adopting Zero Trust is an ongoing conversation about the people and organizations adopting Zero Trust. You can catch the full episode here where Dave and Dr. Zero Trust weigh the difference between delivering refined news and raw perspective, hitting critical mass for AI, and the current political environment. Selected Reading US charges Chinese nationals in cyberattacks on Treasury, dissidents and more (The Record) Silk Typhoon targeting IT supply chain (Microsoft) Malicious Chrome extensions can spoof password managers in new attack (Bleeping Computer) Apache Airflow Misconfigurations Leak Login Credentials to Hackers (GB Hackers) LibreOffice Flaw Allows Attackers to Run Arbitrary Scripts via Macro URL (GB Hackers) <a href="https://www.securityweek.com/exp
S10 E2258 · Wed, March 05, 2025
US Treasury targets darknet kingpin.
US Treasury Department sanctions Iranian national accused of running the Nemesis criminal marketplace. Hunters International threatens to leak data stolen from Tata Technologies. Apple challenges U.K.’s iCloud encryption backdoor order. UK competition regulator says no investigation into Microsoft's OpenAI partnership. Stealthy malware campaign targets the UAE's aviation and satellite industry. This week on our CertByte segment, N2K’s Chris Hare is joined by Troy McMillan to break down a question targeting the Cisco Certified Network Associate (CCNA) exam. And hackers hit the books. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare , a content developer and project management specialist at N2K . This week, Chris is joined by Troy McMillan to break down a question targeting the Cisco Certified Network Associate (CCNA) exam, 201-301, version 1.1 exam. Today’s question comes from N2K’s Cisco Certified Network Associate (CCNA 200-301) Practice Test . According to Cisco, the CCNA is the industry’s most widely recognized and respected associate-level certification. To learn more about this and other related topics under this objective, please refer to the following resource: https://learningnetwork.cisco.com/s/article/protection-techniques-nbsp-from-wardriving-attack To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro. Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Additional source:<a href="https://www.cisco.com/site/us/en/learn/training-certifications/certifications/ente
S10 E2257 · Tue, March 04, 2025
CISA keeps watch on Russia.
CISA says it will continue monitoring Russian cyber threats. Broadcom patches zero-days that can lead to VM escape. Google patches 43 Bugs, including two sneaky zero-days. CISA flags vulnerabilities exploited in the wild. Palau's health ministry recovers from ransomware attack. Lost and found or lost and leaked? On this week's Threat Vector segment, David Moulton previews an episode with Hollie Hennessy on IoT cybersecurity risk mitigation and next week’s special International Women's Day episode featuring trailblazing women from Palo Alto Networks sharing their cybersecurity journeys and leadership insights. And is that really you? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . Threat Vector Segment On our Threat Vector Segment, host David Moulton shares previews of two upcoming episodes. On this Thursday’s episode, he speaks with Hollie Hennessy , Principal Analyst for IoT Cybersecurity at Omdia , to discuss how attackers exploit vulnerabilities in connected environments and the best approaches for risk mitigation. The next week On Thursday, March 13th, David shares four conversations with some of the trailblazing women at Palo Alto Networks in honor of International Women’s Day and Women’s History Month . They share their journeys into cybersecurity, discuss the challenges they faced and offer insights on leadership, innovation, and mentorship. Be sure to tune in for some inspiring stories. Don't miss the full episodes every Threat Vector Thursday, subscribe now to stay ahead. If you're in Austin, Texas for SXSW and want to meet up, email David at threatvector@Paloaltonetworks.com . Selected Reading DHS says CISA won’t stop looking at Russian cyber threats (CyberScoop) Did Trump Admin Order U.S. Cyber Command and CISA to Stand Down on Russia? (Zero Day) Broadcom P
S10 E2256 · Mon, March 03, 2025
Is it cyber peace just a buffer?
Cyber Command ordered to halt offensive operations against Russia during Ukraine negotiations. Ransomware actors exploit Paragon Partition Manager vulnerability. Amnesty International publishes analysis of Cellebrite exploit chain. California orders data broker to shut down for violating the Delete Act. On our Afternoon Cyber Tea segment with host Ann Johnson of Microsoft Security, Ann speaks with Igor Tsyganskiy, Microsoft's Global Chief Information Security Officer, about "The Power of Partnership in Cyber Defense." And it’s the end of an era. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . Afternoon Cyber Tea segment. On our monthly Afternoon Cyber Tea segment with host Ann Johnson of Microsoft Security, Ann speaks with Igor Tsyganskiy, Microsoft's Global Chief Information Security Officer, about "The Power of Partnership in Cyber Defense." Ann and Igor share an engaging conversation on the challenges and optimism driving the fight against cyber threats. To hear the full conversation on Ann’s show, check out the episode here . You can catch new episodes of Afternoon Cyber Tea every other Tuesday on N2K CyberWire network and on your favorite podcast app. Selected Reading Exclusive: Hegseth orders Cyber Command to stand down on Russia planning (The Record) As Trump warms to Putin, U.S. halts offensive cyber operations against Moscow (The Washington Post) Hegseth Orders Pentagon to Stop Offensive Cyberoperations Against Russia (The New York Times) Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks (Bleeping Computer) VU#726882 - Paragon Partition Manager contains five memory vulnerabilities within its BioNTdrv.sys driver that allow for privilege escalation and denial-of-service (DoS) attacks (Carnegie Mellon University Software Engineering Institute CERT Coordination Center) <a href="https://securitylab.amnesty.org/latest/2025/02/cellebrite-zero-day-exploit-u
Bonus · Sun, March 02, 2025
Taree Reardon: A voice for women in cyber. [Career Notes]
Senior Threat Analyst and Shift Lead for VMware Taree Reardon shares her journey to becoming leader for women in the cybersecurity field. A big gamer who has always been interested in hacking and forensics, Taree found her passion while learning about cybersecurity. She's dedicated to diversity and inclusion and found her footing on a team made up of 50% women. Taree spends her days tracking and blocking attacks and as a champion for women. Trusting yourself is top on her list of advice. We thank Taree for sharing her story. Learn more about your ad choices. Visit megaphone.fm/adchoices
S9 E367 · Sat, March 01, 2025
Caught in the contagious interview. [Research Saturday]
This week we are joined by Phil Stokes , threat researcher at SentinelOne's SentinelLabs, discussing their work on "macOS FlexibleFerret | Further Variants of DPRK Malware Family Unearthed." Apple recently pushed an update to its XProtect tool, blocking several variants of the DPRK-linked Ferret malware family, which targets victims through the "Contagious Interview" campaign. The malware uses fake job interview processes to trick users into installing malicious software, and new variants, including FlexibleFerret, remain undetected by XProtect. SentinelOne's research reveals a deeper investigation into this malware, which uses social engineering to expand its attack vectors, including targeting developers through platforms like GitHub. The research can be found here: macOS FlexibleFerret | Further Variants of DPRK Malware Family Unearthed Learn more about your ad choices. Visit megaphone.fm/adchoices
S10 E2255 · Fri, February 28, 2025
Pay the ransom or risk data carnage.
Qilin ransomware gang claims responsibility for attack against Lee Enterprises. Thai police arrest suspected hacker behind more than 90 data leaks. JavaGhost uses compromised AWS environments to launch phishing campaigns. LotusBlossum cyberespionage campaigns target Southeast Asia. Malware abuses Microsoft dev tunnels for C2 communication. Protecting the food supply. Today’s guest is Keith Mularski, Chief Global Ambassador at Qintel and former FBI Special Agent, discussing crypto being the target of the cyber underground. And an interview with Iron Man? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Today we share Dave’s conversation with Keith Mularski , Chief Global Ambassador at Qintel and former FBI Special Agent, discussing crypto being the target of the cyber underground. Selected Reading Ransomware Group Takes Credit for Lee Enterprises Attack (SecurityWeek) Hacker Behind Over 90 Data Leaks Arrested in Thailand (SecurityWeek) JavaGhost’s Persistent Phishing Attacks From the Cloud (Unit 42) Lotus Blossom espionage group targets multiple industries with different versions of Sagerunex and hacking tools (Cisco Talos) Njrat Campaign Using Microsoft Dev Tunnels (SANS Internet Storm Center) New Pass-the-Cookie Attack Bypass Microsoft 365 & YouTube MFA Logins (Cyber Security News) How pass the cookie attacks can bypass your MFA (Longwall Security) Farm and Food Cybersecurity Act reintroduced to protect food supply chain from cyber threats (Industrial Cyber) Share your feedback. We want to ensure that
S10 E2254 · Thu, February 27, 2025
The masterminds behind a $1.5 billion heist.
FBI attributes $1.5 billion Bybit hack to DPRK hackers. Cellebrite suspends services in Serbia following allegations of misuse. A Belgium spy agency is hacked. New groups, bigger attacks. Sticky Werewolf strikes again. US DNI orders legal review of UK's request for iCloud backdoor. A cybersecurity veteran takes CISA’s lead. DOGE accesses sensitive HUD data. Cleveland Municipal Court remains closed following cyber incident. Our guest today is an excerpt from our Caveat podcast. Adam Marré, Arctic Wolf CISO and former FBI special agent, joins Dave to discuss banning TikTok and increasing regulations for social media companies. And can hacking be treason? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest today is an excerpt from our Caveat podcast. Adam Marré , Arctic Wolf CISO and former FBI special agent, joins Dave to discuss banning TikTok and increasing regulations for social media companies. You can hear Adam and Dave’s full discussion on today’s Caveat episode . Listen to Dave and co-host Ben Yelin discuss the issue following the interview on Caveat. Selected Reading FBI confirms Lazarus hackers were behind $1.5B Bybit crypto heist (Bleeping Computer) Cellebrite suspends Serbia as customer after claims police used firm's tech to plant spyware (TechCrunch) Belgium probes suspected Chinese hack of state security service (The Record) It's not just Salt Typhoon: All China-backed attack groups are showcasing specialized offensive skills (CyberScoop) Angry Likho APT Resurfaces with Lumma Stealer Attacks Against Russia (Hackread) Gabbard: UK demand to Apple for backdoor access is 'grave concern' to US (The Record) <a href="https://cyberscoop.com/karen-evans-steps-into-a-leading-federal-cyber-posit
Bonus · Thu, February 27, 2025
Live from Orlando, it's Hacking Humans!
In this special live episode of Hacking Humans , recorded at ThreatLocker’s Zero Trust World 2025 conference in Orlando, Florida, Dave Bittner is joined by T-Minus host Maria Varmazis . Together, they explore the latest in social engineering scams, phishing schemes, and cybercriminal exploits making headlines. Their guest, Seamus Lennon , ThreatLocker’s VP of Operations for EMEA, shares insights on Zero Trust security and the evolving threat landscape. Maria's story this week follows the IRS warning about a fake “Self Employment Tax Credit” scam on social media, urging taxpayers to ignore misinformation and consult professionals. Dave's got the story of the Better Business Bureau’s annual Scam Tracker report, revealing that online shopping scams continue to top the list for the fifth year, with phishing and employment scams remaining major threats, while fraudsters increasingly use AI and deepfake technology to deceive victims. Our catch of the day comes from Diesel in West Virginia, and features a scammer who tried to panic their target with a classic “We’ve frozen your account” scam—only to get hilariously mixed up with actual embryo freezing. Resources and links to stories: Better Business Bureau reveals top local scams of 2024 IRS warns taxpayers about misleading claims about non-existent “Self Employment Tax Credit;” promoters, social media peddling inaccurate eligibility suggestions BBB Scam Tracker Got a $1,400 rebate text from the IRS? It's a scam, Better Business Bureau warns. You can hear more from the T-Minus space daily show here . Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com . Learn more about your ad choices. Visit megaphone.fm/adchoices
S10 E2253 · Wed, February 26, 2025
Hacked in plain sight.
A major employee screening provider discloses a data breach affecting over 3.3 million people. Signal considers exiting Sweden over a proposed law that would give police access to encrypted messages. House Democrats call out DOGE’s negligent cybersecurity practices. Critical vulnerabilities in Rsync allow attackers to execute remote code. A class action lawsuit claims Amazon violates Washington State’s privacy laws. CISA warns that attackers are exploiting Microsoft’s Partner Center platform. A researcher discovers a critical remote code execution vulnerability in MITRE’s Caldera security training platform. An analysis of CISA’s JCDC AI Cybersecurity Collaboration Playbook. Ben Yelin explains Apple pulling iCloud end-to-end encryption in response to the UK Government. A Disney employee’s cautionary tale. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest We are joined by Caveat podcast co-host Ben Yelin to discuss Apple pulling iCloud end-to-end encryption in response to the UK Government. You can read the article from Bleeping Computer here . Ben is the Program Director for Public Policy & External Affairs at University of Maryland Center for Health and Homeland Security . You can catch Caveat every Thursday here on the N2K CyberWire network and on your favorite podcast app. Selected Reading 3.3 Million People Impacted by DISA Data Breach (SecurityWeek) DOGE must halt all ‘negligent cybersecurity practices,’ House Democrats tell Trump (The Record) Signal May Exit Sweden If Government Imposes Encryption Backdoor (Infosecurity Magazine) Rsync Vulnerabilities Let Hackers Gain Full Control of Servers - PoC Released (Cyber Security News) Lawsuit: Amazon Violates Washington State Health Data Law (BankInfo Security) <a href="https://cybersecurityne
S10 E2252 · Tue, February 25, 2025
Orange you glad you didn't fall for this?
A hacker claims to have stolen internal documents from a major French telecommunications company. A security breach hits Russia’s financial sector. Cyberattacks targeting ICS and OT surged dramatically last year. Chinese group Silver Fox is spoofing medical software. The UK Home Office’s new vulnerability reporting policy risks prosecuting ethical hackers. Ransomware actors are shifting away from encryption. A sophisticated macOS malware campaign is distributing Poseidon Stealer. The LightSpy surveillance framework evolves into a cross-platform espionage tool. A Chinese botnet is targeting Microsoft 365 accounts using password spraying attacks. Our guest today is Lauren Buitta, Founder and CEO at Girl Security, discussing mentoring and intergenerational strategies. There may be a backdoor in your front door. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest today is Lauren Buitta , Founder and CEO at Girl Security , discussing mentoring and intergenerational strategies. Selected Reading Orange Group confirms breach after hacker leaks company documents (Bleeping Computer) Russia warns of breach of major IT service provider LANIT serving the financial sector (Beyond Machines) Dragos: Surge of new hacking groups enter ICS space as states collaborate with private actors (CyberScoop) China's Silver Fox spoofs medical imaging apps to hijack patients' computers (The Register) UK Home Office’s new vulnerability reporting mechanism leaves researchers open to prosecution (The Record) Only a Fifth of Ransomware Attacks Now Encrypt Data (Infosecurity Magazine) Poseidon Stealer Malware Attacking Mac Users via Fake DeepSee
S10 E2251 · Mon, February 24, 2025
Can the U.S. keep up in cyberspace?
Retired Gen. Paul Nakasone warns the U.S. is falling behind in cyberspace. Australia orders government entities to remove and ban Kaspersky products. FatalRAT targets industrial organizations in the APAC region. A major cryptocurrency exchange reports the theft of $1.5 billion in digital assets. Apple removes end-to-end encryption (E2EE) for iCloud in the UK. Researchers uncover a LockBit ransomware attack exploiting a Windows Confluence server. Researchers uncover zero-day vulnerabilities in a widely used cloud logging utility.A PayPal email scam is tricking users into calling scammers. Republican leaders in the House request public input on national data privacy standards. A Michigan man faces charges for his use of the Genesis cybercrime marketplace. Our guest is Karl Sigler, Senior Security Research Manager from Trustwave SpiderLabs, explaining the domino effect of a cyberattack on the power grid. Meta sues an Insta Extortionist. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Today, Dave speaks with Karl Sigler , Senior Security Research Manager from Trustwave SpiderLabs , about the domino effect of a cyberattack on the power grid. You can dig into the details in their report . Selected Reading Former NSA, Cyber Command chief Paul Nakasone says U.S. falling behind its enemies in cyberspace (CyberScoop) Kaspersky Banned on Australian Government Systems (SecurityWeek) Chinese Hackers Attacking Industrial Organizations With Sophisticated FatalRAT (Cyber Security News) Bybit Hack Drains $1.5 Billion From Cryptocurrency Exchange (SecurityWeek) Experts Slam Government After “Disastrous” Apple Encryption Move (Infosecurity Magazine) <a href="https://thedfirreport.com/2025/02/24/confluence-exploit-le
S2 E56 · Sun, February 23, 2025
Dwayne Price: Sharing information. [Project Management] [Career Notes]
Please enjoy this encore of Career Notes. Senior technical project manager Dwayne Price takes us on his career journey from databases to project management. Always fascinated with technology and one who appreciates the aspects of the business side of a computer implementations, Dwayne attended UMBC for both his undergraduate and graduate degrees in information systems management. A strong Unix administration background prepared him to understand the relationship between Unix administration and database security. He recommends those interested in cybersecurity check out the NICE Framework as it speaks to all the various different types of roles in cybersecurity, Dwayne prides himself on his communication skills and openness. We thank Dwayne for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, February 22, 2025
From small-time scams to billion-dollar threats. [Research Saturday]
This week, we are joined by Selena Larson from Proofpoint, and co-host of the "Only Malware in the Building" podcast, as she discusses the research on "Why Biasing Advanced Persistent Threats over Cybercrime is a Security Risk." The cybersecurity industry has historically prioritized Advanced Persistent Threats (APTs) from nation-state actors over cybercrime, but this distinction is outdated as cybercriminals now employ equally sophisticated tactics. Financially motivated threat actors, especially ransomware groups, have evolved to the point where they rival state-backed hackers in technical capability and impact, disrupting businesses, infrastructure, and individuals on a massive scale. To enhance security, defenders must shift focus from an APT-centric mindset to a broader approach that equally prioritizes combating cybercrime, which poses an immediate and tangible risk to global stability. The research can be found here: Why Biasing Advanced Persistent Threats over Cybercrime is a Security Risk Learn more about your ad choices. Visit megaphone.fm/adchoices
S10 E2250 · Fri, February 21, 2025
The political shake-up at the FBI.
The Senate confirms Kash Patel as FBI director. The SEC rebrands its Crypto Assets and Cyber Unit. Microsoft's quantum chip signals an urgent need for post-quantum security. Chat log leaks reveal the inner workings of BlackBasta. CISA advisories highlight Craft CMS and ICS devices. Researchers release proof-of-concepts for Ivanti Endpoint Manager vulnerabilities. Warby Parker gets a $1.5 million HIPAA fine. Our guest is Steve Schmidt, Amazon CSO, with a behind the scenes look at securing a major event. Researchers explore the massive, mysterious YouTube wormhole. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest is Steve Schmidt , Amazon CSO, talking about integrating physical and logical security measures. Learn more: " Securing a city-sized event: How Amazon integrates physical and logical security at re:Invent ." Selected Reading Trump loyalist Kash Patel is confirmed as FBI director by the Senate despite deep Democratic doubts (AP) SEC rebrands cryptocurrency unit to focus on emerging technologies (CyberScoop) Microsoft’s Quantum Chip Breakthrough Accelerates Threat to Encryption (Infosecurity Magazine) BlackBasta Ransomware Chatlogs Leaked Online (Infosecurity Magazine) CISA Warns of Attacks Exploiting Craft CMS Vulnerability (SecurityWeek) CISA Releases 7 ICS Advisories Detailing Vulnerabilities & Exploits (Cyber Security News) Ivanti endpoint manager can become endpoint ravager (The Register) Feds Fine Eyeglass Retailer $1.5M for HIPAA Lapses in Hacks (GovInfo Security) <
S10 E2249 · Thu, February 20, 2025
No rest for the patched.
The CISA and FBI warn that Ghost ransomware has breached organizations in over 70 countries. President Trump announces his pick to lead the DOJ’s National Security Division. A new ransomware strain targets European healthcare organizations. Researchers uncover four critical vulnerabilities in Ivanti Endpoint Manager. Microsoft has patched a critical improper access control vulnerability in Power Pages. The NSA updates its Ghidra reverse engineering tool. A former U.S. Army soldier admits to leaking private call records. Our guest is Stephen Hilt, senior threat researcher at Trend Micro, sharing the current state of the English cyber underground market. The pentesters’ breach was simulated — their arrest was not. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest is Stephen Hilt , senior threat researcher at Trend Micro , sharing the current state of the English cyber underground market. Learn more in the report . Selected Reading CISA and FBI: Ghost ransomware breached orgs in 70 countries (Bleeping Computer) Trump to nominate White House insider from first term to lead DOJ’s National Security Division (The Record) New NailaoLocker ransomware used against EU healthcare orgs (Bleeping Computer) PoC Exploit Published for Critical Ivanti EPM Vulnerabilities (SecurityWeek) Microsoft Patches Exploited Power Pages Vulnerability (SecurityWeek) NSA Added New Features to Supercharge Ghidra 11.3 (Cyber Security News) Army soldier linked to Snowflake extortion to plead guilty (The Register) <a href="https://www.govinf
S10 E2248 · Wed, February 19, 2025
Pennies for access.
Credential theft puts sensitive corporate and military networks at risk. A federal judge refuses to block DOGE from accessing sensitive federal data. New York-based Insight Partners confirms a cyber-attack. BlackLock ransomware group is on the rise. OpenSSH patches a pair of vulnerabilities. Russian threat actors are exploiting Signal’s “Linked Devices” feature. Over 12,000 GFI KerioControl firewalls remain exposed to a critical remote code execution (RCE) vulnerability.CISA issued two ICS security advisories. Federal contractors pay $11 million in cybersecurity noncompliance fines. In our CertByte segment, Chris Hare is joined by Steven Burnley to break down a question targeting the ISC2® SSCP - Systems Security Certified Practitioner exam.Sweeping cybercrime reforms are unveiled by…Russia? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare , a content developer and project management specialist at N2K , we share practice questions from N2K’s suite of industry-leading certification resources, for the past 25 years, N2K's practice tests have helped more than half a million IT and cyber security professionals reach certification success. Have a question that you’d like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify . Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Additional source: https://www.isc2.org/certifications/sscp Selected Reading Hundreds of US Military and Defense Credentials Compromised (Infosecurity Magazine) DOGE Team Wins Legal Battle, Retains Access to Federal Data (GovInfo Security) <a href="https://www.404media.co/musk-ally-demands-admin-access-to-system-that-lets-government-
S10 E2247 · Tue, February 18, 2025
PAN-ic mode: The race to secure PAN-OS.
Palo Alto Networks confirms a recently patched firewall vulnerability is being actively exploited. CISA warns of an actively exploited iOS vulnerability. Juniper Networks has issued a critical security advisory for an API authentication bypass vulnerability. The acting commissioner of the Social Security Administration (SSA) resigns after Elon Musk’s team sought access to sensitive personal data of millions of Americans. The EagerBee malware framework is actively targeting government agencies and ISPs across the Middle East. Proofpoint researchers document a new macOS infostealer. A new phishing kit uses timesheet notification emails to steal credentials and two-factor authentication codes. JPMorgan Chase will begin blocking Zelle payments to social media contacts to combat online scams. Our guest is Tim Starks from CyberScoop discussing his interview with former National Cyber Director Harry Coker. Transferring your digital legacy. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest is Tim Starks from CyberScoop discussing his interview with former National Cyber Director Harry Coker. You can read more about Tim’s interview “ National Cyber Director Harry Coker looks back (and ahead) on the Cyber Director office ” and companion piece “ Trump picks Sean Cairncross for national cyber director ” on CyberScoop. Selected Reading Palo Alto Networks Confirms Exploitation of Firewall Vulnerability (SecurityWeek) CISA Warns of Apple iOS Vulnerability Exploited in Wild (Cyber Security News) Juniper Warns of Critical Authentication Bypass Vulnerability Affecting Multiple Products (Cyber Security News) Top Social Security Official Leaves After Musk Team Seeks Data Access (New York Times) EagerBee Malware Attacking
Bonus · Mon, February 17, 2025
LIVE! From Philly [Threat Vector]
While we are taking a publishing break to observe Washington's Birthday here in the United States, enjoy this primer on how to create a podcast from our partners at Palo Alto Networks direct from the CyberMarketingCon 2024. Podcasts have become vital tools for sharing knowledge and insights, particularly in technical fields like cybersecurity. "Threat Vector," led by David Moulton , serves as an essential guide through the complex landscape of cyber threats, offering expert interviews and in-depth analysis. In this session, David will discuss the process behind creating "Threat Vector," highlighting the challenges and rewards of developing a podcast that resonates with industry experts. Attendees will learn about the foundational elements of podcasting, from initial concept development to content creation and audience engagement. David's approach integrates his extensive background in storytelling, design, and strategic marketing, enabling him to tackle intricate cybersecurity topics and make them accessible to a broad audience. This session will dive into how to present intricate cybersecurity topics in an accessible and engaging manner and explore various techniques for producing compelling content and effective strategies for promoting a podcast to a wider audience. Join David and guest host David J. Ebner of Content Workshop for an informative discussion on using podcasts as a medium for education and influence in the cybersecurity field. This session is ideal for anyone interested in starting a podcast or enhancing their approach to cybersecurity communication. Join the conversation on our social media channels: Website : http://www.paloaltonetworks.com Threat Research : https://unit42.paloaltonetworks.com/ Facebook : https://www.facebook.com/LifeatPaloAltoNetworks/ LinkedIn : https://www.linkedin.com/company/palo-alto-networks/ YouTube : @paloaltonetworks Twitter : https://twitter.com/PaloAltoNtwks About Threat Vector Threat Vector, Palo Alto Networks podcast, is your premier destination for security thought leadership. Join
Bonus · Sun, February 16, 2025
Maria Thompson-Saeb: Be flexible and make it happen. [Program Management] [Career Notes]
Please enjoy this encore of Career Notes. Senior Program Manager for Governance, Risk and Compliance at Illumio, Maria Thompson-Saeb shares experiences that led to her career in cybersecurity. Interested in computers and not a fan of math, Maria opted for information systems management rather than computer science. She started her career as a government contractor. Once in the private sector, Maria moved into the Unix and Linux environments where she says "something that would totally change everything." She gained an interest in security and took it upon herself to train up and move into that realm. Maria notes it was not without roadblocks, but that being flexible helped her address those challenges and make her career in security happen. We thank Maria for sharing her story. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, February 15, 2025
Bot or not? The fake CAPTCHA trick spreading Lumma malware. [Research Saturday}
Nati Tal , Head of Guardio Labs , discusses their work on "“DeceptionAds” — Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising." Guardio has uncovered a large-scale malvertising campaign dubbed “DeceptionAds,” which tricks users into running a malicious PowerShell command under the guise of proving they’re human. This fake CAPTCHA scheme delivers Lumma info-stealer malware while bypassing security measures like Google’s Safe Browsing. Even after disclosure and takedown efforts, the campaign resurfaced—raising concerns about the effectiveness of existing defenses against ad-driven cyber threats. The research can be found here: “DeceptionAds” — Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising Learn more about your ad choices. Visit megaphone.fm/adchoices
S10 E2246 · Fri, February 14, 2025
AI’s blind spots need human eyes.
Nakasone addresses AI at the Munich Cyber Security Conference. Court documents reveal the degree to which DOGE actually has access. Dutch police dismantle a bulletproof hosting operation. German officials investigate Apple’s App Tracking. Hackers exploited security flaws in BeyondTrust. CISA issues 20 new ICS advisories. The new Astoroth phishing kit bypasses 2FA. Hackers waste no time exploiting a SonicWall proof-of-concept vulnerability. Our guest today is Lawrence Pingree, VP of Technical Marketing at Dispersive, joining us to discuss why preemptive defense is essential in the AI arms race. Have I Been Pwned ponders whether resellers are worth the trouble. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest today is Lawrence Pingree , VP of Technical Marketing at Dispersive , joining us to discuss why preemptive defense is essential in the AI arms race . You can read more in " How Cybercriminals Are Using AI: Exploring the New Threat Landscape ." Selected Reading Putting the human back into AI is key, former NSA Director Nakasone says (The Record) Court Documents Shed New Light on DOGE Access and Activity at Treasury Department (Zero Day) Musk's DOGE team: Judges to consider barring it from US government systems (Reuters) Anyone Can Push Updates to the DOGE.gov Website (404 Media) Dutch Police seizes 127 XHost servers, dismantles bulletproof hoster (Bleeping Computer) Apple app tracking rules more strict for others – watchdog (The Register) <a href="https://www.bleepingcomputer.com/
S10 E2245 · Thu, February 13, 2025
Salt in the wound.
Salt Typhoon is still at it. Russian cyber-actor Seashell Blizzard expands its reach. The EFF sues DOGE to protect federal workers’ data. House Republicans pursue a comprehensive data privacy bill. Fortinet patches a critical vulnerability. Google views cybercrime as a national security threat. Palo Alto Networks issues 10 new security advisories. Symantec suspects a Chinese APT sidehustle. Guest Jason Baker, Principal Security Consultant at GuidePoint Security, joins us to share an update on the state of ransomware. A massive IoT data breach exposes 2.7 billion records. Here come the AI agents. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Today’s guest, Jason Baker , Principal Security Consultant at GuidePoint Security , joins us to share an update on the state of ransomware. Selected Reading China’s Salt Typhoon Spies Are Still Hacking Telecoms—Now by Exploiting Cisco Routers (WIRED) Russian Seashell Blizzard Enlists Specialist Initial Access Subgroup to Expand Ops (Infosecurity Magazine) EFF Leads Fight Against DOGE and Musk's Access to US Federal Workers' Data (Infosecurity Magazine) Elon Musk and the Right Are Recasting Reporting as ‘Doxxing’ (New York Times) FortiOS Vulnerability Allows Super-Admin Privilege Escalation – Patch Now! (Hackread) Cybercrime evolving into national security threat: Google (The Record) House Republicans launch group for comprehensive data privacy legislation (The Record) Palo Alto Networks Patches Potentially Serious Firewall Vulnerability (SecurityWeek) <a href="https://www.securityweek.com/chinese-cyberspy-possi
S10 E2244 · Wed, February 12, 2025
DOGEgeddon: The cyber crisis hiding in plain sight.
Is DOGE a cyberattack against America? The White House plans to nominate a new national cyber director. Patch Tuesday updates. Ivanti discloses a critical stack-based buffer overflow vulnerability. The GAO identifies cybersecurity gaps in the U.S. Coast Guard’s efforts to secure the Maritime Transportation System. An Arizona woman pleads guilty to running a laptop farm for North Korea. A notorious swatter gets a prison sentence. Our guests are Gianna Whitver and Maria Velasquez, co-hosts of the Breaking Through in Cybersecurity Marketing podcast. Plague-themed phishing tests take it too far. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Today, we welcome Gianna Whitver and Maria Velasquez , co-hosts of the Breaking Through in Cybersecurity Marketing podcast, sharing their plans for 2025. You can listen to new episodes of Breaking Through in Cybersecurity Marketing every Wednesday airing on the N2K CyberWire network and wherever you get your podcasts. Selected Reading DOGE's Cyberattack Against America (Foreign Policy) Trump plans to nominate GOP insider Sean Cairncross as national cyber director (The Record) Microsoft Fixes Another Two Actively Exploited Zero-Days (Infosecurity Magazine) Chipmaker Patch Tuesday: Intel, AMD, Nvidia Fix High-Severity Vulnerabilities (SecurityWeek) ICS Patch Tuesday: Vulnerabilities Addressed by Schneider Electric, Siemens (SecurityWeek) Ivanti Connect Secure Vulnerabilities Let Attackers Execute Code Remotely (Cyber Security News) GAO Tells Coast Guard to Improve Cybersecurity of Maritime Transportation System (SecurityWeek) <a href="htt
S10 E2243 · Tue, February 11, 2025
Apple’s race to secure your iPhone.
Apple releases emergency security updates to patch a zero-day vulnerability. CISA places election security workers on leave. Elon Musk leads a group of investors making an unsolicited bid to acquire OpenAI. The man accused of hacking the SEC’s XTwitter account pleads guilty. Law enforcement seizes the leak site of the 8Base ransomware gang. Researchers track a massive increase in brute-force attacks targeting edge devices. Experts question the U.K. government’s demand for an encryption backdoor in Apple devices. Today’s guest is John Fokker, Head of Threat Intelligence at Trellix, joining us to discuss their work on "Blurring the Lines: How Nation-States and Organized Cybercriminals Are Becoming Alike." And it’s international day for women and girls in science. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Today’s guest is John Fokker , Head of Threat Intelligence at Trellix , joining us to discuss their work on " Blurring the Lines: How Nation-States and Organized Cybercriminals Are Becoming Alike ." Selected Reading Apple fixes zero-day exploited in 'extremely sophisticated' attacks (BleepingComputer) US cyber agency puts election security staffers who worked with the states on leave (AP News) Elon Musk-led group makes $97.4 billion bid for OpenAI, CEO refuses and offers to "buy Twitter for $9.74 billion" (TechSpot) OpenAI Finds No Evidence of Breach After Hacker Offers to Sell 20 Million Credentials (SecurityWeek) Hacker who hijacked SEC’s X account pleads guilty, faces maximum five-year sentence (The Record) 8Base ransomware site taken down as Thai authorities arrest 4 connected to operation (The Record) <a href="https://www.databreach
S10 E2242 · Mon, February 10, 2025
Read all about it—or maybe not.
A cyberattack disrupts newspaper publishing. A major AI summit takes place in Paris this week. A federal judge restricts DOGE from accessing Treasury Department systems. Cybersecurity cooperation between Canada and the U.S. remains strong. The Kraken ransomware group leaks credentials allegedly linked to Cisco. Europol urges banks to start preparing for quantum-safe cryptography. Microsoft expands its Copilot bug bounty program. The PlayStation Network (PSN) experienced a major outage over the weekend. Indiana man sentenced to 20 years for $37m cryptocurrency fraud. Our guest is Mike Woodard, VP of Product Management for App Security at Digital.ai, sharing strategies to minimize risk when implementing AI. Hunting for length and complexity in WiFi passwords. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest is Mike Woodard , VP of Product Management for App Security at Digital.ai , sharing strategies to minimize risk when implementing AI to enhance security. Selected Reading Cyberattack Disrupts Publication of Lee Newspapers Across the U.S. (New York Times) Trump’s AI Ambition and China’s DeepSeek Overshadow an AI Summit in Paris (SecurityWeek) Musk Team’s Treasury Access Raises Security Fears, Despite Judge’s Ordered Halt (New York Times) In Breaking USAID, the Trump Administration May Have Broken the Law (ProPublica) Judge: DOGE made US Treasury ‘more vulnerable to hacking’ (The Register) Cisco Data Breach – Ransomware Group Allegedly Breached Internal Network (GB Hackers) Europol Warns Financial Sector of “Imminent” Quantum Threat (Infosecurity Magazine) Trade war or not, Canada will keep working with the U.S. on cybersecurity (The Logic)<
Bonus · Sun, February 09, 2025
Avi Shua: Try to do things by yourself. [CEO] [Career Notes]
Please enjoy this encore of Career Notes. CEO and co-founder of Orca Security Avi Shua shares his thoughts on ways to succeed in cybersecurity. Avi's excitement about cybersecurity began when he was 13 as he tried to think of ways to get around the school's network security. He joined the Israeli Army's Intelligence Unit 8200 and experienced some unique cybersecurity training programs that he would eventually come to teach. Learning to solve problems on your own is a skill Avi acquired and took into his professional career. In his current position, Avi works to advance Orca's mission. He loves that his company works to reduce friction and enables security people to do their jobs. Instead of becoming of plumbers connecting things, Avi says they can do their job and become real security practitioners. We thank Avi for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
S9 E364 · Sat, February 08, 2025
Cleo’s trojan horse. [Research Saturday]
Mark Manglicmot , SVP of Security Services from Arctic Wolf , is sharing their research on "Cleopatra’s Shadow: A Mass Exploitation Campaign Deploying a Java Backdoor Through Zero-Day Exploitation of Cleo MFT Software." Arctic Wolf Labs discovered an ongoing exploitation campaign targeting Cleo Managed File Transfer (MFT) products, beginning on December 7, 2024. Threat actors used a malicious PowerShell stager to deploy a Java-based backdoor, dubbed Cleopatra , which features in-memory file storage and cross-platform compatibility across Windows and Linux. Despite Cleo's previous patch for CVE-2024-50623, attackers appear to have leveraged an alternative access method, exploiting the software's autorun feature to execute payloads and establish persistent access. The research can be found here: Cleopatra’s Shadow: A Mass Exploitation Campaign Deploying a Java Backdoor Through Zero-Day Exploitation of Cleo MFT Software Learn more about your ad choices. Visit megaphone.fm/adchoices
S10 E2241 · Fri, February 07, 2025
DOGE-eat-DOGE world.
Security concerns grow over DOGE’s use of AI. The British government demands access to encrypted iCloud accounts. Researchers identify critical vulnerabilities in the DeepSeek iOS app. Microsoft Edge uses AI to block scareware. A phishing campaign targets Facebook users with fake copyright infringement notices. Researchers discover malicious machine learning models on Hugging Face. A major data broker faces yet-another data breach lawsuit. CISA warns of a critical Microsoft Outlook vulnerability under active exploitation. Guest John Anthony Smith, Founder and Chief Security Officer at Fenix24, shares insights into why backups are the most important security control. The UK’s cyber weather report says expect light phishing with a chance of ransomware. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Today on our Industry Voices segment, guest John Anthony Smith , Founder and Chief Security Officer at Fenix24 , shares insights into why backups are the most important security control. For additional details, please visit this resource: The Reality of Resilience, Recovery, and Repeat Cyberattacks (Infographic) Selected Reading Elon Musk’s DOGE feeds AI sensitive federal data to target cuts (The Washington Post) Will DOGE Access to CMS Data Lead to HIPAA Breaches? (GovInfo Security) Federal judge tightens DOGE leash over critical Treasury payment system access (The Register) UK reportedly demands secret ‘back door’ to Apple users’ iCloud accounts (The Record) NowSecure Uncovers Multiple Security and Privacy Flaws in DeepSeek iOS Mobile App (NowSecure) Microsoft Edge update adds
S10 E2240 · Thu, February 06, 2025
FCC around and find out.
Chaos and security concerns continue in Washington. Spanish authorities arrest a man suspected of hacking NATO, the UN, and the US Army. A major U.S. hiring platform exposes millions of resumes. Another British engineering firm suffers a cyberattack. Cisco patches multiple vulnerabilities. Cybercriminals exploit SVG files in phishing attacks. SparkCat SDK targets cryptocurrency via Android and iOS apps. CISA directs federal agencies to patch a high-severity Linux kernel flaw. Thailand leaves scamming syndicates in the dark. Positive trends in the fight against ransomware. Our guest is Cliff Crosland, CEO and Co-founder at Scanner.dev, discusses the evolution of security data lakes and the "bring your own" model for security tools. Don’t eff with the FCC. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Today on our Industry Voices segment, guest Cliff Crosland , CEO and Co-founder at Scanner.dev , discusses the evolution of security data lakes and the "bring your own" model for security tools. For some additional details, check out their blog on “ Security Data Lakes: A New Tool for Threat Hunting, Detection & Response, and GenAI-Powered Analysis .” Selected Reading Musk’s DOGE agents access sensitive personnel data, alarming security officials (Washington Post) Union groups sue Treasury over giving DOGE access to sensitive data (The Record) Hacker Who Targeted NATO, US Army Arrested in Spain (SecurityWeek) Hiring platform serves users raw with 5.4 million CVs exposed (Cybernews) IMI becomes the latest British engineering firm to be hacked (TechCrunch) Cisco Patches Critical Vulnerabilities in Enterprise Security Product (SecurityWeek) <a href="htt
S10 E2239 · Wed, February 05, 2025
DOGE days numbered?
The DOGE team faces growing backlash. The Five Eyes release guidance on protecting edge devices. A critical macOS kernel vulnerability allows privilege escalation, memory corruption, and kernel code execution. Google and Mozilla release security updates for Chrome and Firefox. Multiple Veeam backup products are vulnerable to man-in-the-middle attacks. Zyxel suggests you replace those outdated routers. A former Google engineer faces multiple charges for alleged corporate espionage. CISA issues nine new advisories for ICS vulnerabilities. A house Republican introduces a cybersecurity workforce scholarship bill. On our CertByte segment, a look at ISC2’s CISSP exam. Google updates its stance on AI weapons. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare . This week, Chris is joined by Steven Burnley to break down a question targeting ISC2®'s CISSP - Certified Information Systems Security Professional) exam. Today’s question comes from N2K’s ISC2® CISSP - Certified Information Systems Security Professional Practice Test . Have a question that you’d like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify . Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Selected Reading Federal Workers Sue to Disconnect DOGE Server (WIRED) Treasury says DOGE review has ‘read-only’ access to federal payments system (The Record) ‘Things Are Going to Get Intense:’ How a Musk Ally Plans to Push AI on the Government (404 Media) <a href="https:
S10 E2238 · Tue, February 04, 2025
A wolf in DOGE’s clothing?
DOGE’s unchecked access to federal networks sparks major cybersecurity fears. Senator Hawley’s AI ban targets China and raises free speech concerns. Apple service ticket portal vulnerability exposed millions of users’ data. North Korean ‘FlexibleFerret’ malware targets macos via job scams and fake zoom apps. February 2025 android security update fixes 48 vulnerabilities, including exploited zero-day. Grubhub data breach exposes customer and driver information. Abandoned cloud infrastructure creates major security risks. Texas to launch its own Cyber Command amid rising cyber threats. Dell PowerProtect vulnerabilities pose critical security risks. On our Threat Vector segment, David Moulton and his guests look at the potential dangers of DeepSeek. U.S. Government is quietly altering the Head Start database. And a moment of inspiration from a spacefaring poet. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . Threat Vector Segment Artificial intelligence is advancing fast, but with innovation comes risk. In this segment of Threat Vector, host David Moulton sits down with Sam Rubin , SVP of Consulting and Threat Intelligence at Unit 42, and Kyle Wilhoit , Director of Threat Research, to explore the vulnerabilities of DeepSeek, a new large language model. To listen to the full discussion, please check out the episode here or on your favorite podcast app, and tune in to new episodes of Threat Vector by Palo Alto Networks every Thursday. Selected Reading Musk’s DOGE effort could spread malware, expose US systems to threat actors (CSO Online) As DOGE teams plug into federal networks, cybersecurity risks could be huge, experts say (The Record) Senator Hawley Proposes Jail Time for People Who Download DeepSeek (404 Media) Apple Service Ticket portal Vulnerability Exposes Millions of Users Data (Cy
S10 E2237 · Mon, February 03, 2025
Federal agencies in power struggle crossfire.
Federal agencies become battlegrounds in an unprecedented power struggle. XE Group evolves from credit-card skimming to exploiting zero-day vulnerabilities. WhatsApp uncovers a zero-click spyware attack linked to an Israeli firm.Texas expands its ban on Chinese-backed AI and social media apps. Data breaches expose the personal and medical information of over a million people.NVIDIA patches multiple critical vulnerabilities. Arm discloses critical vulnerabilities affecting its Mali GPU Kernel Drivers and firmware. The UK government aims to set the global standard for securing AI. Tim Starks from CyberScoop has the latest from Senate confirmation hearings. The National Cryptologic Museum rights a wrong. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Joining us today is Tim Starks , Senior Reporter from CyberScoop, to discuss two of his recent articles: FBI nominee Kash Patel getting questions on cybercrime investigations, Silk Road founder, surveillance powers Even the US government can fall victim to cryptojacking Selected Reading Top Security Officials at Aid Agency Put on Leave After Denying Access to Musk Team (New York Times) Exclusive: Musk aides lock workers out of OPM computer system (Reuters) Federal Workers Block Doors of Admin Building Over Elon Musk Data Breach (DC Media Group) Trump Broke the Federal Email System and Government Employees Got Blasted With Astonishingly Vulgar Messages (Futurism) CISA employees told they are exempt from federal worker resignation program (The Record) From credit card fraud to zero-day exploits: Xe Group expanding cybercriminal efforts (CyberScoop)<
Bonus · Sun, February 02, 2025
Margaret Cunningham: A people scientist with a technology focus. [Behavioral science} [Career Notes]
Please enjoy this encore episode with Principal Research Scientist for Human Behavior at Forcepoint, Margaret Cunningham. She shares her story of how she landed in cybersecurity. With a background in psychology and counseling and not feeling that one-on-one counseling was her thing, Margaret had a transformational moment in her PhD program in applied experimental technology when she realized she could "provide helping services and good work services at a broader scale." Margaret found her professional footing at DHS's Human Systems Integration Branch of Science and Technology Department as the person who figured out how to measure how new technologies impacted human performance. Margaret points out that making connections and reading whatever you can is important to stay up to date in the field. She notes that her statistical analysis skills are an asset. She hopes to create champions in human behavior and performance in the world of technology. We thank Margaret for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, February 01, 2025
A Digital Eye on supply-chain-based espionage attacks. [Research Saturday]
This week, Dave Bittner is joined by Juan Andres Guerrero-Saade (JAGS) from SentinelOne 's SentinelLabs to discuss the work his team and Tinexta Cyber did on "Operation Digital Eye | Chinese APT Compromises Critical Digital Infrastructure via Visual Studio Code Tunnels." Tinexta Cyber and SentinelLabs have been tracking threat activities targeting business-to-business IT service providers in Southern Europe. Based on the malware, infrastructure, techniques used, victimology, and the timing of the activities, we assess that it is highly likely these attacks were conducted by a China-nexus threat actor with cyberespionage motivations. The relationships between European countries and China are complex, characterized by cooperation, competition, and underlying tensions in areas such as trade, investment, and technology. Suspected China-linked cyberespionage groups frequently target public and private organizations across Europe to gather strategic intelligence, gain competitive advantages, and advance geopolitical, economic, and technological interests. The research can be found here: Operation Digital Eye | Chinese APT Compromises Critical Digital Infrastructure via Visual Studio Code Tunnels Learn more about your ad choices. Visit megaphone.fm/adchoices
S10 E2236 · Fri, January 31, 2025
The end of a cybercrime empire.
Authorities dismantle a Pakistan-based cybercrime network. Lawmakers question the feasibility of establishing a U.S. Cyber Force as a standalone military branch. The DOJ sues to block HPE’s acquisition of Juniper Networks. Tangerine Turkey deploys cryptomining malware. Major healthcare providers send breach notifications. Norwegian police seize a Russian-crewed ship suspected of damaging a communications cable. Researchers discover critical vulnerabilities in GitHub Copilot. D-Link patches a critical router vulnerability. CISA and the FDA have warned U.S. healthcare organizations of severe security vulnerabilities in Chinese-made patient monitors. Pauses in funding create confusion for federal cybersecurity vendors. We bid a fond farewell to a pair of N2K colleagues. The case of the disappearing government data. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Today’s guest segment is bittersweet as we offer our thanks and see you laters to two of our beloved colleagues N2K President Simone Petrella , who’s taking her leadership role to our advisory board, and Executive Editor Brandon Karpf , who will be taking up the mantle of protecting our national security starting his own company, Hedy Cyber. Join us in celebrating their incredible journeys, contributions to our successes, and letting them both know just how deeply they will be missed by all of us here at N2K. Selected Reading US, Dutch Authorities Disrupt Pakistani Hacking Shop Network (SecurityWeek) Lawmakers push for guardrails, deadline on cyber military study (The Record) US Sues to Stop HPE $14 Billion Deal to Buy Juniper Networks (Bloomberg) Tangerine Turkey mines cryptocurrency in global campaign (Red Canary) US healthcare provider data breach impacts 1 million patients (Bleeping Computer) <a href="https://www.securityweek.com/northbay-health-data-breach-impact
S10 E2235 · Thu, January 30, 2025
Cracked and Nulled taken down.
International law enforcement takes down a pair of notorious hacking forums. Wiz discovers an open DeepSeek database. Time Bandit jailbreaks ChatGPT. Ransomware hits one of the largest U.S. blood centers. A cyberattack takes the South African Weather Service offline. Researchers describe a new “browser syncjacking” attack. TeamViewer patches a high-severity privilege escalation flaw. Over three dozen industry groups urge Congress to pass a national data privacy law. CISA faces an uncertain future. N2K’s Brandon Karpf speaks with Ellen Chang, Vice President Ventures at BMNT and Head of H4XLabs. OpenAI Cries Foul After Getting a Taste of Its Own Medicine. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Today, N2K’s Brandon Karpf speaks with Ellen Chang , Vice President Ventures at BMNT and Head of H4XLabs , about the venture model, why it exists, how it works, and its impact. Selected Reading Police seizes Cracked and Nulled hacking forum servers, arrests suspects (Bleeping Computer) Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History (Wiz) Time Bandit ChatGPT jailbreak bypasses safeguards on sensitive topics (Bleeping Computer) US blood donation giant warns of disruption after ransomware attack (TechCrunch) South Africa’s government-run weather service knocked offline by cyberattack (The Record) Syncjacking Attack Enables Full Browser and Device Takeover (Infosecurity Magazine) TeamViewer Patches High-Severity Vulnerability in Windows Applications (SecurityWeek) Industry
S10 E2234 · Wed, January 29, 2025
Cats and RATS are all the rage.
Hackers linked to China and Iran are using AI to enhance cyberattacks. An AI-powered messaging tool for Slack and Discord is reportedly leaking user data. British engineering giant Smiths Group suffers a cyberattack. Rockwell Automation details critical and high-severity vulnerabilities. Researchers warn of new side-channel vulnerabilities in Apple CPUs. The Hellcat ransomware gang looks to humiliate its victims. SparkRAT targets macOS users and government entities. Flashpoint looks at FleshStealer malware. Cybercriminals leverage trust in government websites. Our guest is Ivan Novikov, CEO at Wallarm, sharing insights on the recent United States ruling that bars certain Chinese and Russian connected car tech from being imported into the US. QR code shenanigans. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest is Ivan Novikov , CEO at Wallarm , sharing insights on the recent United States ruling that bars certain Chinese and Russian connected car tech from being imported into the US and its impact. Selected Reading Chinese and Iranian Hackers Are Using U.S. AI Products to Bolster Cyberattacks (Wall Street Journal) Update: Cybercriminals still not fully on board the AI train (yet) (Sophos) Unprotected AI service streams private Slack messages for 30 bucks a month (Cybernews) Engineering giant Smiths Group discloses security breach (Bleeping Computer) Rockwell Patches Critical, High-Severity Vulnerabilities in Several Products (SecurityWeek) New Apple CPU side-channel attacks steal data from browsers (Bleeping Computer) SLAP (Predictors Fail) <a href="https://cnews
S10 E2233 · Tue, January 28, 2025
It was DDoS, not us.
DeepSeek blames DDoS for recent outages. Hackers behind last year’s AT&T data breach targeted members of the Trump family, Kamala Harris, and Marco Rubio’s wife.The EU sanctions Russians for cyberattacks against Estonia. ENGlobal confirms personal information was taken in last year’s ransomware attack. CISA issues a critical warning about a SonicWall vulnerability actively exploited. A large-scale phishing campaign exploits users’ trust in PDF files and the USPS. Apple patches a zero-day affecting many of their products. A ransomware attack on an Ohio-based operator of skilled nursing and rehabilitation facilities affects over 70,000. President Trump has a tumultuous first week back in office. Our guest is Bogdan Botezatu, Director, Threat Research and Reporting at Bitdefender, to discuss the dark market subculture and its parallels to holiday shopping. A nonprofit aims to clean up the AI industry’s mess. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest We are joined by Bogdan Botezatu , Director, Threat Research and Reporting at Bitdefender , to discuss the dark market subculture and its parallels to holiday shopping. Check out Bitdefender’s research on the topic here . Selected Reading DeepSeek Blames Disruption on Cyberattack as Vulnerabilities Emerge (SecurityWeek) DeepSeek FAQ (Stratechery) We tried out DeepSeek. It worked well, until we asked it about Tiananmen Square and Taiwan (The Guardian) Hackers Mined AT&T Breach for Data on Trump's Family, Kamala Harris (404 Media) European Union Sanctions Russian Nationals for Hacking Estonia (SecurityWeek) ENGlobal Says Personal Information Accessed in Ransomwa
S10 E2232 · Mon, January 27, 2025
China's chatbot sends tech stocks into tailspin.
Chinese AI startup DeepSeek shakes up the market. Trump freezes cyber diplomacy funding and puts a vital U.S.-EU data-sharing agreement at risk. A trojanized RAT targets script kiddies. U.K. telecom giant TalkTalk investigates a data breach. Researchers uncover a critical flaw in Meta’s Llama Stack AI framework. Attackers leverage hidden text salting in emails. The “FlowerStorm” phishing framework targets multiple brands to steal customer credentials. A critical zero-day hits SonicWall VPN appliances. Swedish authorities seized a cargo ship suspected of damaging a key fiber optic cable. Freezing out crypto-kidnappers. Our guest is Jon Miller, CEO and Co-founder from Halcyon, sharing trends in ransomware and insights on Brain Cipher. The British Museum defends its artefacts from IT attacks. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest today is Jon Miller , CEO and Co-founder from Halcyon , sharing trends in ransomware along with some insights on Brain Cipher. For more detail, check out Halcyon’s Power Rankings: Ransomware Malicious Quartile Q4-2024 . Selected Reading A shocking Chinese AI advancement called DeepSeek is sending US stocks plunging (CNN Business) Politicization of intel oversight board could threaten key US-EU data transfer agreement (The Record) Cyber diplomacy funding halted as US issues broad freeze on foreign aid (The Record) Weaponised XWorm RAT builder Attacking script kiddies to Steal Sensitive Data (GB Hackers) Change Healthcare Breach Almost Doubles in Size to 190 Million Victims (Infosecurity Magazine) TalkTalk investigating data breach after hacker claims theft of customer data (TechCrunch) <a href="https://cnews.link/meta-rushes-fix-critical-llama-stack-vulnera
Bonus · Sun, January 26, 2025
Dave Farrow: The guy that enabled the business. [Security leadership] [Career Notes]
Please enjoy this encore episode with VP of Information Security at Barracuda Dave Farrow, and how he shares how a teenage surfer fell in love with software development and made his way in the cybersecurity field. Dave chose to study electrical engineering in college because he wanted to learn something that didn't make sense to him. He says he's done things in his career that he said he'd never do: for example, he went into and fell in love with software development. Taking on leadership of a bug bounty program at Barracuda blossomed into the creation of an internal security team. Dave wants to be the guy who enables the business and not the one who prevented it. He hopes all will come to recognize that there are other threats besides cybersecurity threats to business. We thank Dave for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, January 25, 2025
LightSpy's dark evolution. [Research Saturday]
This week, we are joined by Ismael Valenzuela , VP of Threat Research & Intelligence, and Jacob Faires , Principal Threat Researcher, from Blackberry discussing the team's work on "LightSpy: APT41 Deploys Advanced DeepData Framework In Targeted Southern Asia Espionage Campaign." In April 2024, BlackBerry uncovered a significant evolution of the LightSpy malware campaign, attributed to Chinese cyber-espionage group APT41. The newly introduced DeepData framework, a modular Windows-based surveillance tool, expands data theft capabilities with 12 specialized plugins for tasks like communication surveillance, credential theft, and system intelligence gathering. The campaign targets a wide range of communication platforms, including WhatsApp, Signal, and WeChat, with advanced techniques for monitoring and stealing sensitive information from victims across the Asia-Pacific region. The research can be found here: LightSpy: APT41 Deploys Advanced DeepData Framework In Targeted Southern Asia Espionage Campaign Learn more about your ad choices. Visit megaphone.fm/adchoices
S10 E2231 · Fri, January 24, 2025
The end of warrantless searches?
A federal court finds the FBI’s warrantless section 702 searches unconstitutional. The DOJ charges five in a fake IT worker scheme. The Texas Attorney General expands his investigation into automakers’ data sharing. CISA highlights vulnerabilities in the aircraft collision avoidance system. Estonia will host Europe's new space cybersecurity testing ground. Hackers use hardware breakpoints to evade EDR detection. Subaru’s Starlink connected vehicle service exposed sensitive customer and vehicle data. Asian nations claim progress against criminal cyber-scam camps. Our guest today is Dr. Chris Pierson, Founder and CEO of BlackCloak, with his outlook on 2025. Sticking AI crawlers in the tar pit. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest today is Dr. Chris Pierson , Founder and CEO of BlackCloak , joining us to share trends he sees coming our way in 2025. Selected Reading Court rules FBI’s warrantless searches violated Fourth Amendment (Ars Technica) US Charges Five People Over North Korean IT Worker Scheme (SecurityWeek) Texas probes four more car companies over how they collect and sell consumer data (The Record) CISA Warns of Flaws in Aircraft Collision Avoidance Systems (BankInfo Security) ESA - Estonia to host Europe's new space cybersecurity testing ground (European Space Agency) Bypassing EDR Detection by Exploiting Hardware Breakpoints at CPU Level (Cyber Security News) Subaru Starlink Vulnerability Exposed Cars to Remote Hacking (SecurityWeek) China and friends say they're hurting cyber-slave scam camps<
S10 E2230 · Thu, January 23, 2025
A warning from the cloud.
CISA and FBI detail exploit chains used by Chinese hackers to compromise Ivanti Cloud Service Appliances. Energy systems in Central Europe use unencrypted radio signals. A critical SonicWall vulnerability is under active exploitation. The Nnice ransomware strain isn’t. Cisco discloses a critical vulnerability in its Meeting Management tool. GhostGPT is a new malicious generative AI chatbot. ClamAV patches critical vulnerabilities in the open-source anti-virus engine. A new report questions the effectiveness of paying ransomware demands. DOGE piggybacks on the United States Digital Service. On our Industry Voices segment, we are joined by Joe Gillespie, Senior Vice President at Booz Allen, discussing Cyber AI. Jen Easterly leaves CISA a legacy of resilience and dedication. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . Industry Voices Today on our Industry Voices segment, we are joined by Joe Gillespie , Senior Vice President at Booz Allen , discussing Cyber AI. Selected Reading FBI/CISA Share Details on Ivanti Exploits Chains: What Network Defenders Need to Know (SecurityWeek) Researchers say new attack could take down the European power grid (Ars Technica) Critical SonicWall Vulnerability Exploited In Attacks Execute Arbitrary OS Commands (Cyber Security News) Nnice Ransomware Attacking Windows Systems With Advanced Encryption Techniques (GB Hackers) Cisco Fixes Critical Vulnerability in Meeting Management (Infosecurity Magazine) New GhostGPT AI Chatbot Facilitates Malware Creation and Phishing (Infosecurity Magazine) Open-Source ClamAV Releases Critical Security Patch Updates – What’s Inside! (Cyber Security News) <a href="https://cybernews.com/security/ransomware-attacks-increase-data-recovery-surv
S10 E2229 · Wed, January 22, 2025
The uncertain future of cyber safety oversight.
The latest cyber moves from the Trump White House. Pompompurin faces resentencing. An attack on a government IT contractor impacts Medicaid, child support, and food assistance programs. Helldown ransomware targets unpatched Zyxel firewalls. Murdoc is a new Mirai botnet variant. Cloudflare maps the DDoS landscape. North Korea’s Lazarus group uses fake job interviews to deploy malware. Hackers are abusing Google ads to spread AmosStealer malware. Pwn2Own Automotive awards over $382,000 on its first day. In our CertByte segment, Chris Hare and Steven Burnley take on a question from N2K’s Agile Certified Practitioner (PMI-ACP)® Practice Test. NYC Restaurant week tries to keep bots off the menu. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare , a content developer and project management specialist at N2K , we share practice questions from N2K’s suite of industry-leading certification resources, and a study tip to help you achieve the professional certifications you need to fast-track your career growth in IT, cyber security, or project management. In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by Steven Burnley to break down a question targeting the CC - Certified in Cyber Security certification by ISC2®. Today’s question comes from N2K’s Agile Certified Practitioner (PMI-ACP)® Practice Test . Have a question that you’d like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify . To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro . Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Additional sources: <a href="htt
S10 E2228 · Tue, January 21, 2025
Trump’s opening moves.
President Trump rolls back AI regulations and throws TikTok a lifeline. Attackers pose as Ukraine’s CERT-UA tech support. A critical vulnerability is found in the Brave browser. Sophos observes hacking groups abusing Microsoft 365 services and exploiting default Microsoft Teams settings. Researchers uncover critical flaws in tunneling protocols. A breach exposes personal information of thousands of students and educators. Oracle patches 320 security vulnerabilities. Kaspersky reveals over a dozen vulnerabilities in a Mercedes-Benz infotainment system. Tim Starks from CyberScoop discusses executive orders on cybersecurity and the future of CISA. We preview coming episodes of Threat Vector. Honesty isn’t always the best policy. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . Threat Vector Segment On our Threat Vector podcast preview today: IoT devices are everywhere, with billions deployed globally in industries like healthcare, manufacturing, and critical infrastructure. But this explosion of connectivity brings unprecedented security challenges. Host David Moulton speaks with Dr. May Wang , CTO of IoT Security at Palo Alto Networks, about how AI is transforming IoT security. Stay tuned for the full conversation this Thursday. CyberWire Guest Our guest is Tim Starks from CyberScoop discussing executive orders on cybersecurity and the future of CISA. You can read Tim’s article on the recent Biden EO here . Selected Reading Trump revokes Biden executive order on addressing AI risks (Reuters) TikTok is back up in the US after Trump says he will extend deadline (Bleeping Computer) Hackers impersonate Ukraine’s CERT to trick people into allowing computer access (The Record) Brave Browser Vulnerabilit
Bonus · Mon, January 20, 2025
AWS in Orbit: Data Automation and Space Domain Awareness with Kayhan Space. [AWS in Orbit]
You can learn more about AWS in Orbit at space.n2k.com/aws . Our guests today are Araz Feyzi, Co-founder and CTO at Kayhan Space and Tim Sills , Lead Security Solutions Architect at AWS for Aerospace and Satellite . Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on LinkedIn and Instagram . Selected Reading AWS Aerospace and Satellite Audience Survey We want to hear from you! Please complete our short survey . It’ll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit . Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sun, January 19, 2025
Baan Alsinawi: Trust ourselves and be courageous. [Compliance] [Career Notes]
Please enjoy this encore of the Managing Director at Cerberus Sentinel, Chief Compliance Officer and the President of TalaTek, Baan Alsinawi as she shares her cybersecurity journey from a teenager who wanted to understand computers and held several positions in IT from help desk to systems engineering and cybersecurity. Founding her own business focusing on compliance, Baan says she spends maybe only 20% of her day on technical tasks and that there is always so more to do. Finding the right people for her team is a marker of success for Baan. She talks of the importance of sharing the sense of community of women in technology and nurturing women in the field. We thank Baan for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
S9 E361 · Sat, January 18, 2025
A cute cover for a dangerous vulnerability. [Research Saturday]
Nati Tal , Head of Guardio Labs , sits down to share their work on “CrossBarking” — Exploiting a 0-Day Opera Vulnerability with a Cross-Browser Extension Store Attack. Guardio Labs has uncovered a critical vulnerability in the Opera browser, enabling malicious extensions to exploit Private APIs for actions like screen capturing, browser setting changes, and account hijacking. Highlighting the ease of bypassing extension store security, researchers demonstrated how a puppy-themed extension exploiting this flaw could infiltrate both Chrome and Opera's extension stores, potentially reaching millions of users. This case underscores the delicate balance between enhancing browser productivity and ensuring robust security measures, revealing the alarming tactics modern threat actors employ to exploit trusted platforms. The research can be found here: “CrossBarking” — Exploiting a 0-Day Opera Vulnerability with a Cross-Browser Extension Store Attack Learn more about your ad choices. Visit megaphone.fm/adchoices
S10 E2227 · Fri, January 17, 2025
Hacking the bureau.
The FBI warns agents of hacked call and text logs. The US Treasury sanctions entities tied to North Korea’s fake IT worker operations. Russian hacking group Star Blizzard attempted to infiltrate WhatsApp accounts of nonprofits supporting Ukraine. Yubico discloses a critical vulnerability in its Pluggable Authentication Module)software. Google releases an open-source library for software composition analysis. CISA hopes to close the software understanding gap. Pumakit targets critical infrastructure. Simplehelp patches multiple flaws in their remote access software. The FTC bans GM from selling driver data. HHS outlines their efforts to protect hospitals and healthcare. Our guest Maria Tranquilli, Executive Director at Common Mission Project, speaks with N2K’s Executive Editor Brandon Karpf about the origins and impact of Hacking for Defense. Even the best of red teamers are humbled by AI. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest Maria Tranquilli , Executive Director at Common Mission Project , speaks with N2K ’s Executive Editor Brandon Karpf about the origins and impact of Hacking for Defense , and how universities can get involved. Selected Reading FBI Has Warned Agents It Believes Hackers Stole Their Call Logs (Bloomberg) US Announces Sanctions Against North Korean Fake IT Worker Network (SecurityWeek) Russian Star Blizzard hackers exploit WhatsApp accounts to spy on nonprofits aiding Ukraine (The Record) Yubico PAM Module Vulnerability Let Attackers Bypass Authentications In Certain Configurations (Cyber Security News) Google Releases Open Source Library for Software Composition Analysis (SecurityWeek) Closing the Software
S10 E2226 · Thu, January 16, 2025
Bolstering the digital shield.
President Biden issues a comprehensive cybersecurity executive order. Updates on Silk Typhoon’s US Treasury breach. A Chinese telecom hardware firm is under FBI investigation. A critical vulnerability has been found in the UEFI Secure Boot mechanism. California-based cannabis brand Stiiizy suffers a data breach. North Korea’s Lazarus Group lures freelance developers. The FTC highlights major security failures at web hosting giant GoDaddy. Veeam patches a critical vulnerability in their Backup for Microsoft Azure product. Hackers leak sensitive data from over 15,000 Fortinet firewalls. Our guest today is Oren Koren, Veriti's Co-founder and CPO, sharing insights about the state of healthcare cybersecurity. Shiver me timbers! Meta’s AI trains on a treasure chest of pirated books. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest today is Oren Koren , Veriti 's Co-founder and CPO, sharing insights about the state of healthcare cybersecurity. You can read more in their “ The State of Healthcare Cybersecurity 2025 ” report. Selected Reading Biden to sign executive order on AI and software security (Axios) Treasury Breach by Chinese Sponsored Hackers Focused on Sanctions, Report Says (Bloomberg) Exclusive: Chinese tech firm founded by Huawei veterans in the FBI's crosshairs (Reuters) New UEFI Secure Boot Bypass Vulnerability Exposes Systems to Malicious Bootkits (Cyber Security News) 380,000 Impacted by Data Breach at Cannabis Retailer Stiiizy (SecurityWeek) North Korean Hackers Targeting Freelance Software Developers (SecurityWeek) GoDaddy Accused of Serious Security Failings by FTC (Infosecurity Magazi
S10 E2225 · Wed, January 15, 2025
Massive malware cleanup.
The FBI deletes PlugX malware from thousands of U.S. computers. Researchers uncover vulnerabilities in Windows 11 allowing attackers to bypass protections and execute code at the kernel level. A look at (a busy) Patch Tuesday. Researchers uncovered six critical vulnerabilities in a popular Linux file transfer tool. Texas sues Allstate for allegedly collecting, using, and selling driving data without proper consent. An executive order enables AI developers to build data centers on federal lands. On our Industry Voices segment, we are joined by Mike Hamilton, Chief Information Officer at Cloudflare, discussing how tech sprawl emulates the snake game. Meta profits while users suffer. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . Industry Voices Segment On our Industry Voices segment, we are joined by Mike Hamilton , Chief Information Officer at Cloudflare , discussing how tech sprawl emulates the snake game. You can read Mike’s thoughts here . Selected Reading FBI deletes Chinese PlugX malware from thousands of US computers (Bleeping Computer) Windows 11 Security Features Bypassed to Obtain Arbitrary Code Execution in Kernel Mode (Cyber Security News) Microsoft Patches Eight Zero-Days to Start the Year (Infosecurity Magazine) Chrome 132 Patches 16 Vulnerabilities (SecurityWeek) Nvidia, Zoom, Zyxel Patch High-Severity Vulnerabilities (SecurityWeek) Ivanti Patches Critical Vulnerabilities in Endpoint Manager (SecurityWeek) Zoom Patches Multiple Vulnerabilities That Let Attackers Escalate Privileges (Cyber Security News) Apple Patches Flaw That Allows Kerne
S10 E2224 · Tue, January 14, 2025
National security in the digital age.
A draft cybersecurity executive order from the Biden administration seeks to bolster defenses. Researchers identify a “mass exploitation campaign” targeting Fortinet firewalls. A Chinese-language illicit online marketplace is growing at an alarming rate. CISA urges patching of a second BeyondTrust vulnerability. The UK proposes banning ransomware payments by public sector and critical infrastructure organizations. A critical flaw in Google’s authentication flow exposes millions to unauthorized access.OWASP releases its first Non-Human Identities (NHI) Top 10. A Microsoft lawsuit targets individuals accused of bypassing safety controls in its Azure OpenAI tools. Our guest is Chris Pierson, Founder and CEO of BlackCloak, discussing digital executive protection. The feds remind the health care sector that AI must first do no harm. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest is Chris Pierson , Founder and CEO of BlackCloak , discussing digital executive protection. Selected Reading Second Biden cyber executive order directs agency action on fed security, AI, space (CyberScoop) Snoops exploited Fortinet firewalls with 'probable' 0-day (The Register) The ‘Largest Illicit Online Marketplace’ Ever Is Growing at an Alarming Rate, Report Says (WIRED) CISA Warns of Second BeyondTrust Vulnerability Exploited in Attacks (SecurityWeek) UK Considers Ban on Ransomware Payments by Public Bodies (Infosecurity Magazine) Google OAuth "Sign in with Google" Vulnerability Exposes Millions of Accounts to Data Theft (Cyber Security News) OWASP Publishes First-Ever Top 10 “Non-Human Identities (NHI) Security Risks (Cyber Security News) Microsoft Sue
S10 E2223 · Mon, January 13, 2025
Multi-factor frustration.
An MFA outage affects Microsoft 365 Office apps. The Biden administration introduces new export controls to block adversaries from accessing advanced AI chips. A Dutch university cancels lectures after a cyberattack. Three Russian nationals have been indicted for operating cryptocurrency mixers. Juniper Networks releases security updates for Junos OS. Spain’s largest telecommunications company confirms a data breach. The “Banshee” infostealer leverages a stolen Apple encryption algorithm. Researchers uncover a novel ransomware campaign targeting Amazon S3 buckets. A major data broker suffers a major data breach. Our guest Philippe Humeau, CEO and Founder of CrowdSec, shares the biggest issues currently facing cybersecurity and how open-source cybersecurity platforms combat them. The weirdness of AI. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest Philippe Humeau , CEO and Founder of CrowdSec , shares the biggest issues currently facing cybersecurity and how open-source cybersecurity platforms combat them. Selected Reading Microsoft MFA outage blocking access to Microsoft 365 apps (Bleeping Computer) White House Moves to Restrict AI Chip Exports (GovInfo Security) New Ransomware Group Uses AI to Develop Nefarious Tools (Infosecurity Magazine) Cyberattack forces Dutch university to cancel lectures (The Record) 3 Russians Indicted for Operating Blender.io and Sinbad.io Crypto Mixers (Hackread) Juniper Networks Fixes High-Severity Vulnerabilities in Junos OS (SecurityWeek) Aviatrix Controller RCE Vulnerability Exploited In The Wild (Cyber Security News) Hackers Exploiting YouTube to Spread Malware That Steals Brow
Bonus · Sat, January 11, 2025
The hidden cost of data hoarding. [Research Saturday]
This week, we are joined by Kyla Cardona and Aurora Johnson from SpyCloud discussing their research "China’s Surveillance State Is Selling Citizen Data as a Side Hustle." Chinese technology companies, under CCP mandate, collect vast amounts of data on citizens, creating opportunities for corrupt insiders to steal and resell this information on dark markets. These stolen datasets, aggregated into "Social Work Libraries" (SGKs), mirror lower-tech versions of CCP internal security databases. Kyla and Aurora discuss how Chinese cybercriminals use these SGKs and their implications compared to Western, European, and Russian cybercrime ecosystems. With expertise in Chinese OSINT and cybersecurity policy, both researchers bring deep insights into the geopolitical and technical dynamics of China's digital landscape. The research can be found here: “Pantsless Data”: Decoding Chinese Cybercrime TTPs A Deep Dive Into the Intricate Chinese Cybercrime Ecosystem China’s Surveillance State Is Selling Citizen Data as a Side Hustle Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, January 11, 2025
Michael Bishop Jr.: Good, bad or indifferent. [Security] [Career Notes]
Please enjoy this encore episode, where we are joined by Senior Security Officer at Centers for Medicare and Medicaid Services Michael Bishop Jr. as he shares his journey from Army infantryman deployed to Iraq to working in cybersecurity. After 12 years in the U.S. Army, Mike found himself in a rough spot. Looking for work and having some personal challenges, Mike's mentor, an Army officer he met while enlisted, recognized Mike's struggles and helped to nudge him toward cybersecurity. Mike credits his mentor with helping him transition to where he is today. Undergoing training for cybersecurity, he was tested in many areas and found the route he wanted to go. We thank Michael for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
S10 E2226 · Fri, January 10, 2025
When retaliation turns digital.
New details emerge about Chinese hackers breaching the US Treasury Department. The Supreme Court considers the TikTok ban. Chinese hackers exploit a zero-day flaw in Ivanti Connect Secure VPN. A new credit card skimmer malware targets WordPress checkout pages. The Banshee macOS info-stealer has been updated. A California health services organization reports a data breach. A Florida firm pays a $337,750 HIPAA settlement following a 2018 breach. Samsung patches Android devices. A Proton Mail outage hits users worldwide. A popular e-card site recovers from malware. CertByte segment host Chris Hare interviews our guest Casey Marks, ISC2's Chief Qualifications Officer, about the future of certifications. That’s a feature, not a hack. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest CertByte segment host Chris Hare interviews our guest Casey Marks , ISC2 's Chief Qualifications Officer, about certifications and where they could be heading. You can check out their 2024 ISC2 Cybersecurity Workforce study here . Selected Reading Chinese hackers breached US government office that assesses foreign investments for national security risks (CNN) Supreme Court considers whether to allow TikTok ban to take effect (NBC News) Ivanti VPN zero-day exploited by Chinese hackers (SC Media) New Skimmer Malware Hijacking WordPress Websites to Steal Credit Cards (Cyber Security News) Banshee macOS Malware Expands Targeting (SecurityWeek) BayMark Health Services Reports Data Breach, Exposing Patient Information (The Cyber Express) <a href="https://www.bankinfosecurity.com/florida-firm-fined-337k-by-feds-for-data-deleted-in-h
S10 E2220 · Thu, January 09, 2025
Biden’s final cyber order tackles digital weaknesses.
The Biden administration is finalizing an executive order to bolster U.S. cybersecurity. Ivanti releases emergency updates to address a critical zero-day vulnerability. A critical vulnerability is discovered in Kerio Control firewall software. Palo Alto Networks patches multiple vulnerabilities in its retired migration tool. Fake exploits for Microsoft vulnerabilities lure security researchers. A medical billing company data breach affects over 360,000. A cyberattack disrupts the city of Winston-Salem. CrowdStrike identifies a phishing campaign exploiting its recruitment branding. Our guest is Danny Allen, CTO from Snyk, sharing how a balanced approach between AI and human oversight can strengthen cybersecurity. The worst of the worst from CES. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest is Danny Allen , CTO from Snyk , sharing how a balanced approach between AI and human oversight can strengthen cybersecurity. Learn more in Snyk’s AI Readiness Report about how some companies are still hesitant to adopt AI, despite its clear benefits in addressing human error and keeping up with fast-evolving technology. Selected Reading White House Rushes to Finish Cyber Order After China Hacks (Bloomberg) Zero-Day Patch Alert: Ivanti Connect Secure Under Attack (GovInfo Security) GFI KerioControl Firewall Vulnerability Exploited in the Wild (SecurityWeek) Palo Alto Networks Patches High-Severity Vulnerability in Retired Migration Tool (SecurityWeek) <a href="https://www
S10 E2219 · Wed, January 08, 2025
A new Mirai-based botnet.
Researchers ID a new Mirai-based botnet. Android devices get their first round of updates for the new year. Criminals exploit legitimate Apple and Google services in sophisticated voice phishing attacks. Japan attributes over 200 cyberattacks to the Chinese hacking group MirrorFace. A PayPal phishing scam exploits legitimate platform functionality. SonicWall addresses critical vulnerabilities in its SonicOS software. CISA warns of active exploitation of vulnerabilities in Mitel MiCollab. A new government backed labelling program hopes to help consumers choose more secure devices. On today’s CertByte segment, Chris Hare and Steven Burnley unpack a question from N2K’s ISC2® Certified in Cyber Security (CC) Practice Test. Streaming license plate readers - no password required. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare , a content developer and project management specialist at N2K . In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by Steven Burnley to break down a question targeting the CC - Certified in Cyber Security certification by ISC2®. Today’s question comes from N2K’s ISC2® Certified in Cyber Security (CC) Practice Test . The CC(SM) - Certified in Cyber Security is an entry-level, ANAB accredited exam geared towards anyone who wants to prove their foundational skills, knowledge, and abilities. To learn more about this and other related topics under this objective, please refer to the following resource: ISC2 (n.d.). https://www.isc2.org/landing/cc-etextbook Have a question that you’d like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro . Please note: The que
S10 E2219 · Tue, January 07, 2025
U.S. sanctions spark cyber showdown with China.
China criticizes U.S. sanctions. School districts face cyberattacks over the holiday season. The U.N.’s International Civil Aviation Organization (ICAO) is investigating a potential data breach. Eagerbee malware targets government organizations and ISPs in the Middle East. A major New York medical center notifies 674,000 individuals of a data breach. Hackers infiltrate Argentina’s Airport Security Police (PSA) payroll system. An industrial networking firm identifies critical vulnerabilities in its cellular routers, secure routers, and network security appliances. Phishing click rates among enterprise users surged in 2024. A California man is suing three banks for allegedly enabling criminals to steal nearly $1 million from him. On our Threat Vector segment, we preview this week’s episode where host David Moulton speaks with Margaret Kelley about the evolving landscape of cloud breaches. Microsoft’s Bing demonstrates imitation is the sincerest form of flattery. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . Threat Vector Segment On our Threat Vector segment, we preview this week’s episode where host David Moulton speaks with Margaret Kelley about the evolving landscape of cloud breaches and how organizations can defend against sophisticated attacks. You can catch new episodes of Threat Vector every Thursday here and on your favorite podcast app. Selected Reading China Protests US Sanctions for Its Alleged Role in Hacking, Complains of Foreign Hacker Attacks (SecurityWeek) Tencent added to US list of 'Chinese military companies' (The Register) School districts in Maine, Tennessee respond to holiday cyberattacks (The Record) UN aviation agency 'actively investigating' cybercriminal’s claimed data breach (The Record) Eagerbee backdoor deployed against Middle Eastern govt orgs, ISPs (B
S10 E2218 · Mon, January 06, 2025
China’s shadow over U.S. telecom networks.
New reports shed light on both Volt and Salt Typhoons. Tenable updates faulty Nessus Agents and resumes plugin updates. A new infostealer campaign targets gamers on Discord. A fake version of a popular browser extension has been discovered stealing login credentials and conducting phishing attacks. ESET warns Windows 10 users of a potential “security fiasco.” A vulnerability in Nuclei allows attackers to bypass template signature verification and inject malicious code. An Indiana dental practice pays a $350,000 settlement over an alleged ransomware coverup. Tim Starks, Senior Reporter from CyberScoop, joins us today to discuss a new United Nations cybercrime treaty and his outlook for 2025. Farewell to a visionary leader. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Tim Starks , Senior Reporter from CyberScoop , joins us today to discuss a new United Nations cybercrime treaty and his outlook for 2025. Read Tim’s article on the UN cybercrime treaty here . Selected Reading The US’s Worst Fears of Chinese Hacking Are on Display in Guam (Bloomberg) How Chinese Hackers Graduated From Clumsy Corporate Thieves to Military Weapons (Wall Street Journal) China protests US sanctions for its alleged role in hacking, complains of foreign hacker attacks (AP News) Tenable Disables Nessus Agents Over Faulty Updates (SecurityWeek) New Infostealer Campaign Uses Discord Videogame Lure (Infosecurity Magazine) Beware! Malicious EditThisCookie Chrome Extension Steals Login Credentials (Cyber Security News) Windows 10 users urged to upgrade to avoid "security fiasco"<
Bonus · Sat, January 04, 2025
Crypto client or cyber trap? [Research Saturday]
Karlo Zanki , Reverse Engineer at ReversingLabs , discussing their work on "Malicious PyPI crypto pay package aiocpa implants infostealer code." ReversingLabs' machine learning-based threat hunting system identified a malicious PyPI package, aiocpa , designed to exfiltrate cryptocurrency wallet information. Unlike typical attacks involving typosquatting, the attackers published a seemingly legitimate crypto client tool to build trust before introducing malicious updates. ReversingLabs used its Spectra Assure platform to detect behavioral anomalies and worked with PyPI to remove the package, highlighting the growing need for advanced supply chain security tools to counter increasingly sophisticated threats. The research can be found here: Malicious PyPI crypto pay package aiocpa implants infostealer code Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, January 04, 2025
Dominique West: Security found me. [Strategy] [Career Notes]
Technical account manager Dominique West takes us on her career journey from engineering to cybersecurity. Even though her undergraduate degree was in information systems, Dominique did not learn about cybersecurity until she personally experienced credit card fraud. She had a range of positions from working the help desk in an art museum to vulnerability management and cloud security. Dominique mentions remembering feeling isolated as the only black person and one of few women in many situations. These experiences spurred her into action to create Security in Color to help others navigate their way into cybersecurity and share resources are available to them. Dominique recommends those interested in cybersecurity to go ahead and get your hands dirty out there; figure out what you like and what you don't like and do community. We thank Dominique for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
S9 E2217 · Fri, January 03, 2025
AI-powered propaganda.
The U.S. sanctions Russian and Iranian groups over election misinformation. Apple settles a class action lawsuit over Siri privacy allegations. DoubleClickjacking exploits a timing vulnerability in browser behavior. FireScam targets sensitive info on Android devices. ASUS issues a critical security advisory for several router models. A former crypto boss faces extradition amidst allegations of defrauding investors out of more than $40 billion. HHS unveils proposed updates to HIPAA. Millions of email servers have yet to enable encryption. Our guest is Joe Saunders, Co-Founder & CEO of RunSafe Security discussing the complexities of safeguarding critical infrastructure. Using Doom to prove you’re human. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest is Joe Saunders , Co-Founder & CEO of RunSafe Security . Joe joins us to discuss the complexities of safeguarding critical infrastructure amid the looming threat of cyber attacks and military conflict. Selected Reading US Imposes Sanctions on Russian and Iranian Groups Over Disinformation Targeting American Voters (SecurityWeek) Apple Agrees $95M Settlement Over Siri Privacy Violations (Infosecurity Magazine) SysBumps - New Kernel Break Attack Bypassing macOS Systems Security (Cyber Security News) 'DoubleClickjacking' Threatens Major Websites’ Security (GovInfo Security) FireScam Android Malware Packs Infostealer, Spyware Capabilities (SecurityWeek) ASUS Routers Vulnerabilities Allows Arbitrary Code Execution (Cyber Security News) Crypto Boss Extradited to Face $40bn Fraud Charges (Infosecurity Magazine) What's in HHS' Proposed HIPAA Security Rule Overhaul? (GovInfo Secur
S9 E2216 · Thu, January 02, 2025
A breach in the U.S. Treasury.
Chinese hackers breach the U.S. Treasury Department. At least 35 Chrome extensions are compromised. Federal authorities arrest a U.S. Army soldier over accusations of sensitive data stolen from AT&T and Verizon. A misconfigured Amazon cloud server exposes sensitive data from over 800,000 VW EV owners. Rhode Island confirms a data breach linked to ransomware group Brain Cipher. Ascension healthcare confirms the exposure of the personal and medical data of 5.6 million customers. A recent patch to Windows BitLocker encryption proves inadequate. A suspected Chinese hacking campaign is exploiting a vulnerability in Palo Alto firewalls for espionage. The DOJ bans the sale of Americans’ sensitive data to adversarial nations. HHS proposes a HIPAA update to address cybersecurity. Our guest is Mick Baccio, Global Security Advisor at Splunk, with insights on the cybersecurity resilience gap. CISA Director Easterly looks back at 2024. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest is Mick Baccio, Global Security Advisor at Splunk’s security research team SURGe, sharing some insights on the cybersecurity resilience gap and top cyber challenges/priorities for the public sector. You can read more about this in SURGe’s blog and whitepaper . Selected Reading US Treasury Department breached through remote support platform (Bleeping Computer) New details reveal how hackers hijacked 35 Google Chrome extensions (Bleeping Computer) U.S. Army Soldier Arrested in AT&T, Verizon Extortions (Krebs on Security) AT&T and Verizon Say Chinese Hackers Ejected From Networks (GovInfo Security) Volkswagen leak exposes private information of 800,000 EV owners, including location data (TechSpot) <p
Bonus · Wed, January 01, 2025
Scotland’s position to lead cyber and space. [Deep Space]
Sharon Lemac-Vincere is an academic that focuses her research on the intersection of space and cyber. She has released a report on space and cybersecurity which outlines how Scotland can lead the way in both industries. You can connect with Sharon on LinkedIn , and read her paper on The Cyber-Safe Gateway : Unlocking Scotland's Space Cybersecurity Potential on this website . Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on LinkedIn and Instagram . T-Minus Crew Survey We want to hear from you! Please complete our 4 question survey . It’ll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit . Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
S1 E25 · Wed, January 01, 2025
Disrupting Cracked Cobalt Strike [The Microsoft Threat Intelligence Podcast]
While we are on our winter publishing break, please enjoy an episode of our N2K CyberWire network show, The Microsoft Threat Intelligence Podcast by Microsoft Threat Intelligence. See you in 2025! On this week's episode of The Microsoft Threat Intelligence Podcast, we discuss the collaborative effort between Microsoft and Fortra to combat the illegal use of cracked Cobalt Strike software, which is commonly employed in ransomware attacks. To break down the situation, our host, Sherrod DeGrippo, is joined by Richard Boscovich, Assistant General Counsel at Microsoft, Jason Lyons, Principal Investigator with the DCU, and Bob Erdman, Associate VP Research and Development at Fortra. The discussion covers the creative use of DMCA notifications tailored by geographic region to combat cybercrime globally. The group express their optimism about applying these successful techniques to other areas, such as phishing kits, and highlight ongoing efforts to make Cobalt Strike harder to abuse. In this episode you’ll learn : The impact on detection engineers due to the crackdown on cracked Cobalt Strike Extensive automation used to detect and dismantle large-scale threats How the team used the DMCA creatively to combat cybercrime Some questions we ask: Do you encounter any pushback when issuing DMCA notifications? How do you plan to proceed following the success of this operation? Can you explain the legal mechanisms behind this take-down? Resources: View Jason Lyons on LinkedIn View Bob Erdman on LinkedIn View Richard Boscovich on LinkedIn View Sherrod DeGrippo on LinkedIn Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft <a href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fsecurity%2Fbusiness%2Fsecurity-insider%2F&data=05%7C02%7Cv-ropetrillo%40microsoft.com%7C81e205a6b727403624b808dc64a2
Bonus · Tue, December 31, 2024
Future-proofing finance: FS-ISAC’s blueprint for cryptographic agility. [Special Edition]
Brandon Karpf sits down with Mike Silverman , Chief Strategy and Innovation Officer at FS-ISAC , to discuss the white paper Building Cryptographic Agility in the Financial Sector. Authored by experts from FS-ISAC’s Post-Quantum Cryptography Working Group , the paper addresses the vulnerabilities posed by quantum computing to current cryptographic algorithms. It provides financial institutions with strategies to safeguard sensitive data and maintain trust as these emerging threats evolve. Discover the challenges and actionable steps to build cryptographic agility in this insightful conversation. Learn more about your ad choices. Visit megaphone.fm/adchoices
S1 E34 · Mon, December 30, 2024
Navigating AI Safety and Security Challenges with Yonatan Zunger [The BlueHat Podcast]
While we are on our winter publishing break, please enjoy an episode of our N2K CyberWire network show, The BlueHat Podcast by Microsoft and MSRC. See you in 2025! Yonatan Zunger , CVP of AI Safety & Security at Microsoft joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Yonatan explains the distinction between generative and predictive AI, noting that while predictive AI excels in classification and recommendation, generative AI focuses on summarizing and role-playing. He highlights how generative AI's ability to process natural language and role-play has vast potential, though its applications are still emerging. He contrasts this with predictive AI's strength in handling large datasets for specific tasks. Yonatan emphasizes the importance of ethical considerations in AI development, stressing the need for continuous safety engineering and diverse perspectives to anticipate and mitigate potential failures. He provides examples of AI's positive and negative uses, illustrating the importance of designing systems that account for various scenarios and potential misuses. In This Episode You Will Learn : How predictive AI anticipates outcomes based on historical data The difficulties and strategies involved in making AI systems safe and secure from misuse How role-playing exercises help developers understand the behavior of AI systems Some Questions We Ask: What distinguishes predictive AI from generative AI? Can generative AI be used to improve decision-making processes? What is the role of unit testing and test cases in policy and AI system development? Resources: View Yonatan Zunger on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Learn more about your ad choices. Visit megaphone.fm/adchoices
S9 E68 · Mon, December 30, 2024
Streamlining the US Navy's innovation process: A conversation with Acting CTO Justin Fanelli.
Please enjoy this encore episode of a Special Edition. N2K ’s Brandon Karpf speaks with guest Justin Fanelli , Acting CTO of the US Navy , about the US Navy streamlining the innovation process. For some background, you can refer to this article . Additional resources: PEO Digital Innovation Adoption Kit Atlantic Council’s Commission on Defense Innovation Adoption For industry looking to engage with PEO Digital: Industry Engagement Learn more about your ad choices. Visit megaphone.fm/adchoices
S1 E48 · Sun, December 29, 2024
Yatia (Tia) Hopkins: Grit and right place, right time. [Solutions Architecture] [Career Notes]
VP of Global Solutions Architecture at eSentire Tia Hopkins shares her career journey and talks about its beginnings in engineering and pivots into cybersecurity leadership. Tia shares how she liked to take things apart when she was young, including the brand new computer her mother bought her and how she was fascinated by all the pieces of it spread all across her bedroom floor. As she started studying engineering, Tia learned she was more of a technologist than an engineer. Tia got her start in technology without completing her formal education by what she says is "grit and right place, right time." Once she was in a management role, Tia wanted to validate her knowledge, experience, and ability and not only completed her bachelor's degree, but also two master's degrees. Tia recently started an organization to encourage and grow interest, confidence, and leaders of women of color in the field of cybersecurity. We thank Tia for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E337 · Sat, December 28, 2024
On the prowl for mobile malware. [Research Saturday]
This week, we are joined by Asheer Malhotra and Vitor Ventura from Cisco Talos, and they are discussing "Operation Celestial Force employs mobile and desktop malware to target Indian entities." Cisco Talos revealed Operation Celestial Force, an espionage campaign by the Pakistani threat group "Cosmic Leopard," targeting Indian defense, government, and technology sectors. Active for at least six years, the operation has recently increased its use of mobile malware and commercial spyware for surveillance. The research can be found here: Operation Celestial Force employs mobile and desktop malware to target Indian entities Learn more about your ad choices. Visit megaphone.fm/adchoices
S1 E7 · Fri, December 27, 2024
A cyber carol.
Please enjoy this encore episode of Only Malware in the Building. Welcome in! You’ve entered, Only Malware in the Building. Grab your eggnog and don your coziest holiday sweater as we sleuth our way through cyber mysteries with a festive twist! Your host is Selena Larson , Proofpoint intelligence analyst and host of their podcast DISCARDED . Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, our cyber ghosts delve into the past, present, and future of some of the season’s most pressing threats: two-factor authentication (2FA), social engineering scams, and the return to consumer-targeted attacks. Together, Rick, Dave, and Selena deliver a ghostly—but insightful—message about the state of cybersecurity, past, present, and future. Can their advice save your holiday season from digital disaster? Tune in and find out. May your holidays be merry, bright, and free of cyber fright! Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E57 · Thu, December 26, 2024
Putting a dent in the cybersecurity workforce gap.
Please enjoy this encore episode of Solution Spotlight. In this special edition of Solution Spotlight, N2K President, Simone Petrella is talking with ISC2 CEO Clar Rosso about putting a dent in the cybersecurity workforce gap through empowerment, breaking down barriers and expanding DE&I initiatives. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Wed, December 25, 2024
The CyberWire: The 12 Days of Malware. [Special edition]
Merry Christmas and Happy Holidays from the CyberWire and our friends! Enjoy our rendition of the 12 Days of Malware created by Dave Bittner and performed by Dave and friends: Rachel Tobac, Jayson Street, Ron Eddings & Chris Cochran, Ray [Redacted], Dinah Davis, Camille Stewart, Rick Howard, Michelle Dennedy, Jack Rhysider, Johannes Ullrich, and Charity Wright. Ba dum bum bum. Sing along if you are game! Check out our video for the full effect! The 12 Days of Malware lyrics On the first day of Christmas, my malware gave to me: A keylogger logging my keys. On the second day of Christmas, my malware gave to me: 2 Trojan Apps... And a keylogger logging my keys. On the third day of Christmas, my malware gave to me: 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the fourth day of Christmas, my malware gave to me: 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the fifth day of Christmas, my malware gave to me: 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the sixth day of Christmas, my malware gave to me: 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the seventh day of Christmas, my malware gave to me: 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the eighth day of Christmas, my malware gave to me: 8 Worms a wiping... 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the ninth day of Christmas, my malware gave to me: 9 Rootkits rooting... 8 Worms a wiping... 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the tenth day of Christmas, my malware gave to me: 10 Darknet markets
Wed, December 25, 2024
A social engineering carol.
Gather 'round for a holiday treat like no other! In this festive edition of Only Malware in the Building , we present A Social Engineering Carol —a cunning twist on the classic Dickens tale, penned and created by our very own Dave Bittner. Follow a modern-day Scrooge as they navigate the ghostly consequences of phishing, vishing, and smishing in this holiday cybersecurity fable. Don't miss the accompanying video , packed with holiday cheer and cyber lessons to keep you safe this season! Check it out now! Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Tue, December 24, 2024
Lessons from the Viasat cybersecurity attack. [T-Minus]
Please enjoy this encore of T-Minus Space Daily. A few hours prior to the Russian invasion of Ukraine on February 24, 2022, Russia’s military intelligence launched a cyberattack against ViaSat’s KA-SAT satellite network, which was used by the Ukrainian Armed Forces. It prevented them from using satellite communications to respond to the invasion. After the ViaSat hack, numerous cyber operations were conducted against the space sector from both sides of the conflict. What have we learnt from the Viasat attack? Clémence Poirier has written a report on the Viasat cybersecurity attack during the war in Ukraine. Hacking the Cosmos: Cyber operations against the space sector. You can connect with Clémence Poirier on LinkedIn , and read her report on this website . Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space , and you’ll never miss a beat . And be sure to follow T-Minus on LinkedIn and Instagram . T-Minus Crew Survey We want to hear from you! Please complete our 4 question survey . It’ll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit . Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
S4 E46 · Tue, December 24, 2024
Decoding XDR: Allie Mellen on What’s Next [Threat Vector]
While we are on our winter publishing break, please enjoy an episode of our N2K CyberWire network show, Threat Vector by Palo Alto Networks . See you in 2025! Announcement: We are pleased to share an exciting announcement about Cortex XDR at the top of our show. You can learn more here . Check out our episode on " Cyber Espionage and Financial Crime: North Korea’s Double Threat " with Assaf Dahan, Director of Threat Research at Palo Alto Networks Cortex team. Join host David Moulton on Threat Vector , as he dives deep into the rapidly evolving XDR landscape with Allie Mellen , Principal Analyst at Forrester . With expertise in security operations, nation-state threats, and the application of AI in security, Allie offers an inside look at how XDR is reshaping threat detection and response. From tackling the SIEM market’s current challenges to optimizing detection engineering, Allie provides invaluable insights into the people, processes, and tools central to an effective SOC. This episode offers listeners a thoughtful exploration of how to navigate today's complex threat landscape and separate XDR hype from reality. Perfect for cybersecurity professionals looking to stay ahead in the field, tune in to hear expert perspectives on the next steps in cybersecurity resilience. Ready to go deeper? Join Josh Costa, Director of Product Marketing, Allie Mellen, Principal Analyst at Forrester and David Moulton, Director of Content and Thought Leadership for Unit 42 as they discuss the State of XDR https://start.paloaltonetworks.com/State-of-XDR-with-Forrester . Join the conversation on our social media channels: Website : http://www.paloaltonetworks.com Threat Research : https://unit42.paloaltonetworks.com/ Facebook : https://www.facebook.com/LifeatPaloAltoNetworks/ LinkedIn : https://www.linkedin.com/company/palo-alto-networks/
S8 E2215 · Mon, December 23, 2024
Court puts the ‘spy’ in spyware.
A federal judge finds NSO Group liable for hacking WhatsApp. China accuses the U.S. government of cyberattacks. The UK’s Operation Destabilise uncovers a vast criminal network. An alleged LockBit developer says he did it for the money. Apache releases a security update for their Tomcat web server. Siemens issues a security advisory for their User Management Component. Italy’s data protection authority fines OpenAI $15.6 million. Researchers demonstrate a method to bypass the latest Wi-Fi security protocol. Apple sends potential spyware victims to a nonprofit for help. Our guest is Sven Krasser, CrowdStrike's Senior Vice President Data Science and Chief Scientist, talking about balancing AI and human intervention. Hackers supersize their McDonald’s delivery orders. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Today, our guest is Sven Krasser , CrowdStrike 's Senior Vice President Data Science and Chief Scientist, talking about balancing AI and human intervention. Selected Reading Judge rules NSO Group is liable for spyware hacks targeting 1,400 WhatsApp user devices (Recorded Future) Chinese cyber center points finger at U.S. over alleged cyberattacks to steal trade secrets (CyberScoop) Inside Operation Destabilise: How a ransomware investigation linked Russian money laundering and street-level drug dealing (Recorded Future) Suspected LockBit dev faces extradition to the US (The Register) Apache fixes remote code execution bypass in Tomcat web server (Bleeping Computer) Siemens Warn of Critical Vulnerability in UMC (GovInfoSecurity) Italy's Privacy Watchdog Fines OpenAI for ChatGPT's Violations in Collecting Users Personal Data (SecurityWeek) <a href
Bonus · Sun, December 22, 2024
Jim Zufoletti: Building your experience portfolio. [Entrepreneur] [Career Notes]
CEO and co-founder of SafeGuard Cyber Jim Zufoletti shares his journey starting out as an intrepreneur and transformation into a serial entrepreneur in cybersecurity. Jim shares how he got his feet wet working for others as an intrepreneur and catching the entrepreneurial bug in the mid-90s. He has co-founded a number of companies starting with FreeMarkets, a B2B ecommerce company. After that went public and Jim moved on, he went to business school at the University of Virginia and crossed paths with his future co-founder of SafeGuard Cyber. At UVA, Jim was inspired by a professor who exposed him to the effectuation approach to entrepreneurship, Along those lines, Jim recommends those looking to start a business in cyber build their experience portfolio. Jim took what he learned to help build where he is today. His company helps protect the humans in this new digital world with the current work from home environment. And, we thank Jim for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, December 21, 2024
Quishing for trouble. [Research Saturday]
Adam Khan , VP of Security Operations at Barracuda , joins to discuss his team's work on "The evolving use of QR codes in phishing attacks." Cybercriminals are evolving phishing tactics by embedding QR codes, or “quishing,” into PDF documents attached to emails, tricking recipients into scanning them to access malicious websites that steal credentials. Barracuda researchers found over half a million such emails from June to September 2024, with most impersonating brands like Microsoft, DocuSign, and Adobe to exploit urgency and trust. To counter these attacks, businesses should deploy multilayered email security, use AI-powered detection tools, educate employees on QR code risks, and enable multifactor authentication to safeguard accounts. The research can be found here: Threat Spotlight: The evolving use of QR codes in phishing attacks Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E2214 · Fri, December 20, 2024
Ukraine’s fight to restore critical data.
Russian hackers attack Ukraine’s state registers. NotLockBit is a new ransomware strain targeting macOS and Windows. Sophos discloses three critical vulnerabilities in its Firewall product. The BadBox botnet infects over 190,000 Android devices. BeyondTrust patches two critical vulnerabilities. Hackers stole $2.2 billion from cryptocurrency platforms in 2024. Officials dismantle a live sports streaming piracy ring. Rockwell Automation patches critical vulnerabilities in a device used for energy control in industrial systems. A new report from Dragos highlights ransomware groups targeting industrial sectors. A Ukrainian national is sentenced to 60 months in prison for distributing the Raccoon Infostealer malware. We bid a fond farewell to our colleague Rick Howard, who’s retiring after years of inspiring leadership, wisdom, and camaraderie. The LockBit gang tease what’s yet to come. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Today’s guest segment is bittersweet as we bid farewell to our beloved Rick Howard , who’s retiring after years of inspiring leadership, wisdom, and camaraderie. Join us in celebrating his incredible journey, sharing heartfelt memories, and letting him know just how deeply he’ll be missed by all of us here at N2K. Selected Reading Ukraine’s state registers hit with one of Russia’s largest cyberattacks, officials say (The Record) NotLockBit - Previously Unknown Ransomware Attack Windows & macOS (GB Hackers) Critical Sophos Firewall Vulnerabilities Let Attackers Execute Remote Code (Cyber Security News) Botnet of 190,000 BadBox-Infected Android Devices Discovered (SecurityWeek) BeyondTrust Security Incident — Command Injection and Escalation Weaknesses (CVE-2024-12356, CVE-2024-12686) (SOCRadar) Crypto-Hackers Steal $2.2bn as North Koreans Dominate (Infosecurity Magazine) <a href="https://www.bleepingcomputer.com/news/security/massive-live-spo
S8 E2213 · Thu, December 19, 2024
Breached but not broken.
CISA urges senior government officials to enhance mobile device security. Russian state-sponsored hacker group Sandworm is targeting Ukrainian soldiers. A website bug in GPS tracking firm Hapn is exposing customer information. Multiple critical vulnerabilities have been identified in Sharp branded routers. Ireland’s Data Protection Commission fines Meta $263 million for alleged GDPR violations. Google releases an urgent Chrome security update to address four high-rated vulnerabilities. Cyberattacks on India-based organizations surged 92% year-over-year. Cybercriminals target Google Calendar to launch phishing attacks. Fortinet patches a critical vulnerability in FortiWLM. Juniper Networks warns of a botnet infection targeting routers with default credentials. Our guest is Jeff Krull, principal and practice leader of Baker Tilly's cybersecurity practice, with advice on using employee access controls to limit internal cyber threats. When is “undesirable” a badge of honor? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest is Jeff Krull , principal and practice leader of Baker Tilly 's cybersecurity practice, talking about using employee access controls to limit internal cyber threats. Selected Reading CISA urges senior government officials to lock down mobile devices amid ongoing Salt Typhoon breach (The Record) Sandworm-linked hackers target users of Ukraine’s military app in new spying campaign (The Record) Tracker firm Hapn spilling names of thousands of GPS tracking customers (TechCrunch) Multiple security flaws reported in SHARP routers (Beyond Machines) Meta fined $263 million for alleged GDPR violations that led to data breach (The Record) Update Google Chrome Now—4 New Windows, Mac, Linux Security Warnings (Forbes) <a href="http
S8 E2212 · Wed, December 18, 2024
Hacking allegations and antitrust heat.
The U.S. considers a ban on Chinese made routers. More than 200 Cleo managed file-transfer servers remain vulnerable. The Androxgh0st botnet expands. Schneider Electric reports a critical vulnerability in some PLCs. A critical Apache Struts 2 vulnerability is being actively exploited. Malicious campaigns are targeting Chinese-branded IoT devices. A Nebraska-based healthcare insurer discloses a data breach affecting over 225,000 individuals. IntelBroker leaks 2.9GB of data from Cisco’s DevHub environment. CISA issues a Binding Operational Directive requiring federal agencies to enhance cloud security. On today’s CERTByte segment, Chris Hare and Dan Neville unpack a question targeting the Network+ certification. INTERPOL says, “Enough with the pig butchering.“ Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CertByte Segment This week, Chris is joined by Dan Neville to break down a question targeting the Network+ certification (N10-008 expires on 12/20/24 and the N10-009 update launched on June 20th of this year). Today’s question comes from N2K’s CompTIA® Network+ Practice Test , both exam versions of which are offered on our site. Have a question that you’d like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro. Please note: The questions and answers provided here and on our site are not actual current or prior questions and answers from these certification publishers or providers. Selected Reading U.S. Weighs Ban on Chinese-Made Router in Millions of American Homes (Wall Street Journal) Attack Exposure: Unpatched Cleo Managed File-Transfer Software (BankInfo Security) Androxgh0st Botnet Targets IoT Dev
S8 E2211 · Tue, December 17, 2024
The cost of peeking at U.S. traffic.
The Biden administration takes its first step to retaliate against China for the Salt Typhoon cyberattack. The Feds release a draft National Cyber Incident Response Plan. Telecom Namibia suffers a cyberattack. The Australian Information Commissioner has reached a $50 million settlement with Meta over the Cambridge Analytica scandal. CISA releases its 2024 year in review. LastPass hackers nab an additional five millions dollars. Texas Tech University notifies over 1.4 million individuals of a ransomware attack. Researchers discover a new DarkGate RAT attack vector using vishing. A fraudster gets 69 months in prison. On our Threat Vector segment, David Moulton speaks with Nir Zuk, Founder and CTO of Palo Alto Networks about predictions for 2025. Surveillance tweaks our brains in unexpected ways. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . Threat Vector Segment On our Threat Vector segment, we preview this week’s episode where host David Moulton talks with Nir Zuk , Founder and CTO of Palo Alto Networks. They talk about Palo Alto Networks' predictions for 2025, focusing on the shift to unified data security platforms and the growing importance of AI in cybersecurity. You can catch new episodes of Threat Vector every Thursday here and on your favorite podcast app. Selected Reading Biden Administration Takes First Step to Retaliate Against China Over Hack (The New York Times) US Unveils New National Cyber Incident Response Plan (Infosecurity Magazine) Telecom Namibia Cyberattack: 400,000 Files Leaked (The Cyber Express) Landmark settlement of $50m from Meta for Australian users impacted by Cambridge Analytica incident (OAIC) CISA Warns of New Windows Vulnerability Used in Hacker Attacks (CyberInsider) CISA 2024 Year in review (CISA) <a href="https://cointelegraph.com/news/lastpass-threat-actor-steals-over-5-million-from-40-victi
S8 E2210 · Mon, December 16, 2024
Rhode Island cyberattack exposes sensitive data.
A cyberattack in Rhode Island targets those who applied for government assistance programs. U.S. Senators propose a three billion dollar budget item to “rip and replace” Chinese telecom equipment. The Clop ransomware gang confirms exploiting vulnerabilities in Cleo’s managed file transfer platforms. A major Southern California healthcare provider suffers a ransomware attack. A leading US auto parts provider discloses a cyberattack on its Canadian business unit.SRP Federal Credit Union notifies over 240,000 individuals of cyberattack. A sophisticated phishing campaign targets YouTube creators. Researchers identify a high-severity vulnerability in Mullvad VPN. A horrific dark web forum moderator gets 30 years in prison. Our guests are Perry Carpenter and Mason Amadeus, hosts of the new FAIK Files podcast. Jailbreaking your license plate. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guests are Perry Carpenter and Mason Amadeus , hosts of The FAIK Files podcast, talking about their new show. You can find new episodes of The FAIK Files every Friday on the N2K CyberWire network. Selected Reading Personal Data of Rhode Island Residents Breached in Large Cyberattack (The New York Times) Senators, witnesses: $3B for ‘rip and replace’ a good start to preventing Salt Typhoon-style breaches ( CyberScoop) Clop ransomware claims responsibility for Cleo data theft attacks (Bleeping Computer) Hackers Steal 17M Patient Records in Attack on 3 Hospitals (BankInfo Security) Major Auto Parts Firm LKQ Hit by Cyberattack (Securityweek) SRP Federal Credit Union Ransomware Attack Impacts 240,000 (Securityweek) <a href="https://www.hipaajo
Bonus · Sun, December 15, 2024
Marcelle Lee: Cyber sleuth detecting emerging threats. [Research] [Career Notes]
Please enjoy this encore episode of Career Notes. Senior security researcher from Secureworks Marcelle Lee shares her career journey into cybersecurity and how she helps solve hard problems in her daily work. Marcelle came into cybersecurity not through any traditional path. She describes her route from a different field and starting in cyber at her local community college through a grant program. Marcelle took full advantage of the opportunities she had and grew her career from there. She recommends finding your specialty, but continue to build other skills. As a woman in the field, she is a strong proponent of diversity and encouraging others to find what excites them. And, we thank Marcelle for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, December 14, 2024
Watching the watchers. IoT vulnerabilities exposed by AI. [Research Saturday]
This week, we are joined by Andrew Morris , Founder and CTO of GreyNoise , to discuss their work on "GreyNoise Intelligence Discovers Zero-Day Vulnerabilities in Live Streaming Cameras with the Help of AI." GreyNoise discovered two critical zero-day vulnerabilities in IoT-connected live streaming cameras, used in sensitive environments like healthcare and industrial operations, by leveraging its AI-powered detection system, Sift. The vulnerabilities, CVE-2024-8956 (insufficient authentication) and CVE-2024-8957 (OS command injection), could allow attackers to take full control of affected devices, manipulate video feeds, or integrate them into botnets for broader attacks. This breakthrough underscores the transformative role of AI in identifying threats that traditional systems might miss, highlighting the urgent need for robust cybersecurity measures in the expanding IoT landscape. The research can be found here: GreyNoise Intelligence Discovers Zero-Day Vulnerabilities in Live Streaming Cameras with the Help of AI Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E2209 · Fri, December 13, 2024
Hackers in handcuffs.
The U.S. dismantles the Rydox criminal marketplace. File-sharing provider Cleo urges customers to immediately patch a critical vulnerability. A Japanese media giant reportedly paid nearly $3 million to a Russia-linked ransomware group. The largest Bitcoin ATM operator in the U.S. confirms a data breach. Microsoft quietly patches two potentially critical vulnerabilities. Researchers at Claroty describe a malware tool used by nation-state actors to target critical IoT and OT systems. Dell releases patches for a pair of critical vulnerabilities. A federal court indicts 14 North Korean nationals for a scheme funding North Korea’s weapons programs. Texas accuses a data broker of sharing sensitive driving data without consent. Tim Starks, senior reporter at CyberScoop, joins Dave to explore the FCC's groundbreaking proposal to introduce cybersecurity rules linked to wiretapping laws. How the bots stole Christmas. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Tim Starks , senior reporter at CyberScoop , joins Dave to explore the FCC's groundbreaking proposal to introduce cybersecurity rules linked to wiretapping laws. Read more about it in Tim’s article . Selected Reading Rydox Cybercrime Marketplace Disrupted, Administrators Arrested (SecurityWeek) Cleo urges customers to ‘immediately’ apply new patch as researchers discover new malware (The Record) Japanese game and anime publisher reportedly pays $3 million ransom to Russia-linked hackers (The Record) Bitcoin ATM Giant Byte Federal Hit by Hackers, 58,000 Users Impacted (Hackread) Microsoft Patches Vulnerabilities in Windows Defender, Update Catalog (SecurityWeek) Researchers Discover Malware Used by Nation-Sates to Attack OT Systems (Infosecurity Magazine) <a href="https://cybersecuritynews
S8 E2208 · Thu, December 12, 2024
When AI goes offline.
ChatGPT and Meta face widespread outages. Trump advisors explore splitting NSA and CyberCom leadership roles. A critical vulnerability in Apache Struts 2 has been disclosed. “AuthQuake” allowed attackers to bypass Microsoft MFA protections. Researchers identify Nova, a sophisticated variant of the Snake Keylogger malware. Adobe addresses critical vulnerabilities across their product line. Chinese law enforcement has been using spyware to collect data from Android devices since 2017. A new report highlights the gaps in hardware and firmware security management. A Krispy Kreme cyberattack creates a sticky situation. N2K’s Executive Editor Brandon Karpf speaks with guest Mike Silverman, Chief Strategy and Innovation Officer at the FS-ISAC discussing cryptographic agility. Do Not Track bids a fond farewell. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Today, N2K’s Executive Editor Brandon Karpf speaks with guest Mike Silverman , Chief Strategy and Innovation Officer at the FS-ISAC discussing cryptographic agility. You can learn more in their new white paper " Building Cryptographic Agility in the Financial Sector ." We will share the extended version of this conversation over our winter break. Stay tuned. Selected Reading ChatGPT Down Globally, Services Restored After Hours Of Outage (Cyber Security News) Facebook, Instagram and other Meta apps go down due to 'technical issue' (CNBC) Unfinished business for Trump: Ending the Cyber Command and NSA 'dual hat' (The Record) Apache issues patches for critical Struts 2 RCE bug (The Register) Microsoft MFA Bypassed via AuthQuake Attack (SecurityWeek) Nova Keylogger – A Snake Malware Steal Credentials and Capture Screenshorts From Windows (Cyber Security News) <a href="https://beyondmachines.net/event_details/adobe-releases-december
S8 E2207 · Wed, December 11, 2024
When exploits go wild and patches race the clock.
Microsoft confirms a critical Windows zero-day vulnerability. Global law enforcement agencies dismantle 27 DDoS platforms. Researchers compromise memory in AMD virtual machines. Ivanti reports multiple critical vulnerabilities in its Cloud Services Application. Group-IB researchers expose a sophisticated global phishing campaign. A zero-day vulnerability in Cleo’s managed file transfer software is under active exploitation. The U.S. sanctions a Chinese firm for a 2020 firewall exploit. Congress looks to require the FCC to regulate telecom cybersecurity. Our guest is Malachi Walker, Security Strategist at DomainTools, discussing their role in ODNI's newly established Sentinel Horizon Program. SpartanWarriorz dodge a Telegram crackdown. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest is Malachi Walker , Security Strategist at DomainTools , about their role in ODNI's newly established Sentinel Horizon Program . Selected Reading New Windows 0Day Attack Confirmed—Homeland Security Says Update Now (Forbes) Microsoft Fixes 71 CVEs Including Actively Exploited Zero-Day (Infosecurity Magazine) Atlassian, Splunk Patch High-Severity Vulnerabilities (SecurityWeek) Chrome Security Update, Patch for 3 High-severity Vulnerabilities (Cyber Security News) ICS Patch Tuesday: Security Advisories Released by Siemens, Schneider, CISA, Others (SecurityWeek) Operation PowerOFF Takes Down DDoS Boosters (Infosecurity Magazine) AMD Chip VM Memory Protections Broken by BadRAM (Security Boulevard) <a href="https://www.theregister.com/2024/12/11/ivanti_vulns_critic
S8 E2206 · Tue, December 10, 2024
Buckets of trouble.
Researchers uncover a large-scale hacking operation tied to the infamous ShinyHunters. A Dell Power Manager vulnerability lets attackers execute malicious code. TikTok requests a federal court injunction to delay a U.S. ban. Radiant Capital attributed a $50 million cryptocurrency heist to North Korea. Japanese firms report ransomware attacks affecting their U.S. subsidiaries. WhatsApp’s “ViewOnce” feature faces continued scrutiny. SpyLoan malware targets Android users through deceptive loan apps. A major Romanian electricity distributor is investigating an ongoing ransomware attack. A critical flaw in OpenWrt Sysupgrade has been fixed. Contenders for top cyber roles in the next Trump administration visit Mar-a-Lago. On our Industry Voices segment, Jason Lamar, Cobalt’s Senior Vice President of Product, joins us to share insights on offensive security: staying ahead of cyber threats. Google’s new quantum chip promises scaling without failing. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On our Industry Voices segment, Jason Lamar , Cobalt ’s Senior Vice President of Product, joins us to share insights on offensive security: staying ahead of cyber threats. Check out Cobalt’s GigaOm Radar Report for PTaaS 2024 to learn more. Selected Reading ShinyHunters, Nemesis Linked to Hacks After Leaking Their AWS S3 Bucket (Hackread) Dell Power Manager Vulnerability Let Attackers Execute Malicious Code (Cyber Security News) TikTok Asks Court To Suspend Ban Ahead of Supreme Court Appeal (The Information) Radiant links $50 million crypto heist to North Korean hackers (Bleeping Computer) US subsidiaries of Japanese water treatment company, green tea maker hit with ransomware (The Record) <a href="https://cybersecuritynews.com/wh
S8 E2205 · Mon, December 09, 2024
Router security in jeopardy.
A critical zero-day is confirmed by a Japanese router maker. Romania annuls the first round of its 2024 presidential election over concerns of Russian interference. A sophisticated malware campaign targets macOS users. Mandiant uncovers a method to bypass browser isolation using QR codes. Belgian and Dutch authorities arrest eight individuals linked to online fraud schemes. A medical device company discloses a ransomware attack. A community hospital in Massachusetts confirms a ransomware attack affecting over three hundred thousand. The Termite ransomware gang claims responsibility for the attack on Blue Yonder. Synology patches multiple vulnerabilities in its Router Manager (SRM) software. The head of U.S. Cyber Command outlines the challenges of keeping decision makers up to date. Our guest is Anna Pobletts, Head of Passwordless at 1Password, discussing the state of passkeys and what she sees on the road to a truly passwordless future. Robot rats join the mischief. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest is Anna Pobletts , Head of Passwordless at 1Password , discussing the state of passkeys and what she sees on the road to a truly passwordless future . Selected Reading I-O Data Confirms Zero-Day Attacks on Routers, Full Patches Pending (SecurityWeek) Romania’s top court annuls presidential election result (CNN) MacOS Passwords Alert—New Malware Targets Keychain, Chrome, Brave, Opera (Forbes) QR codes bypass browser isolation for malicious C2 communication (Bleeping Computer) Eight Suspected Phishers Arrested in Belgium, Netherlands (SecurityWeek) Medical Device Maker Artivion Scrambling to Restore Systems After Ransomware Attack
Bonus · Sun, December 08, 2024
Aviv Grafi: There needs to be fundamental changes in security. [CEO] [Career Notes]
CEO and Founder of Votiro Aviv Grafi shares his story from serving as a member of the IDF's intelligence forces to leading his own venture. Aviv says his service in the IDF shaped a lot of his thinking and problem solving. Following his military service, Aviv worked to gain more real world and business experience. Starting his own business as a pentester was where the seeds for what would become Votiro would form. Aviv talks about the roller coaster that you experience when starting your own venture and offers some advice. And, we thank Aviv for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E80 · Sun, December 08, 2024
Digital Mindhunters: a novel look at cybersecurity and artificial intelligence. [Special Edition]
In this special edition podcast, N2K's Executive Editor Brandon Karpf talks with author, CEO and cybersecurity advisor Dr. Bilyana Lilly about her new novel " Digital Mindhunters ." Book Overview In a high-stakes game of espionage and deception, a female analyst uncovers Russia's plot to wield artificial intelligence, espionage, and disinformation as weapons of chaos against the United States. As she races against time to thwart an assassination plot, she finds herself entangled in a web of international intrigue and discovers a parallel threat from a Chinese spy network aiming to steal data, manipulate American voters, and harness technology to dismantle the very foundations of U.S. democracy. In a world where lies are a weapon and trust is a luxury, she navigates the treacherous worlds of arms dealers, hackers, and spies to protect her country. About the author Dr. Bilyana Lilly is a cybersecurity and information warfare expert. She advises senior executives in the private and public sector on how to mitigate cybersecurity risk across their enterprises. Dr. Lilly serves on the Advisory Boards of the venture capital firm Night Dragon and the cybersecurity firm RunSafe Security. She chairs the Democratic Resilience Track of the Warsaw Security Forum and is an adjunct senior advisor for critical infrastructure and resilience at the Institute for Security and Technology. Her previous roles include a manager at Deloitte's Financial Cybersecurity Practice and a fellow at the RAND Corporation. Dr. Lilly holds a PhD in policy analysis and cyber security, and three master's degrees, including an honors degree from Oxford University. Her book "Russian Information Warfare" became a bestseller and is on display at the Pentagon. Dr. Lilly is a mentor and a speaker at RSA, DefCon, CyCon, and the Executive Women's Forum. She has been denounced by Russia's Ministry of Foreign Affairs and called cyber expert by Tom Hanks. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, December 07, 2024
The JPHP loader breaking away from the pack. [Research Saturday]
Shawn Kanady , Global Director of Trustwave SpiderLabs, to discuss their work on "Pronsis Loader: A JPHP-Driven Malware Diverging from D3F@ck Loader." Trustwave SpiderLabs has uncovered Pronsis Loader, a new malware variant using the rare programming language JPHP and stealthy installation tactics to evade detection. The malware is capable of delivering high-risk payloads like Lumma Stealer and Latrodectus, posing a significant threat. Researchers highlight its unique capabilities and infrastructure, offering insights for bolstering cybersecurity defenses. The research can be found here: Pronsis Loader: A JPHP-Driven Malware Diverging from D3F@ck Loader Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E2204 · Fri, December 06, 2024
The NTLM bug that sees and steals.
Researchers uncover a critical Windows zero-day. An alleged Ukrainian cyberattack targets one of Russia’s largest banks. Russian group BlueAlpha exploits CloudFlare services. Microsoft flags Chinese hacking group Storm-0227 for targeting critical infrastructure and U.S. government agencies. SonicWall patches high-severity vulnerabilities in its secure access gateway. Atrium Health reports a data breach affecting over half a million individuals. Rockwell Automation discloses four critical vulnerabilities in its Arena software. U.S. authorities arrest an alleged member of the Scattered Spider gang. Our guest is Hugh Thompson, RSAC program committee chair, discussing the 2025 Innovation Sandbox Contest and its new investment component. C3PO gets caught in the crypto mines. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Joining Dave today is Hugh Thompson , RSAC program committee chair, discussing the 2025 Innovation Sandbox Contest and its new investment component. Read more details in the press release . Selected Reading New Windows 7 To 11 Warning As Zero-Day With No Official Fix Confirmed (Forbes) Russian users report Gazprombank outages amid alleged Ukrainian cyberattack (The Record) BlueAlpha Russian hackers caught abusing CloudFlare services (SC Media) U.S. org suffered four month intrusion by Chinese hackers (Bleeping Computer) Microsoft: Another Chinese cyberspy crew targeting US critical orgs 'as of yesterday' (The Register) SonicWall Patches 6 Vulnerabilities in Secure Access Gateway (SecurityW
S8 E2203 · Thu, December 05, 2024
Dismantling the Manson cybercrime market.
Europol dismantles the Manson cybercrime market. Operation Destabilise stops two major Russian-speaking money laundering networks. New details emerge on China’s attacks on U.S. telecoms. Black Lotus Labs uncovers a covert campaign by the Russian-based threat actor “Secret Blizzard”. Cisco issues patches for a high impact bootloader vulnerability. Trend Micro researchers uncovered Earth Minotaur targeting Tibetan and Uyghur communities. Payroll Pirates target HR payroll systems to redirect employee funds .Pegasus spyware may be more prevalent than previously believed. Our guest today is Jon France, CISO at ISC2, with insights from the ISC2 2024 Workforce Study. How businesses can lose customers one tip at a time. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest today is Jon France , CISO at ISC2 , sharing the ISC2 2024 Workforce Study. You can read the press release about the report here and dig into the details of the report itself here . Selected Reading 50 Servers Linked to Cybercrime Marketplace and Phishing Sites Seized by Law Enforcement (SecurityWeek) UK’s NCA Disrupts Multibillion-Dollar Russian Money Launderers (Infosecurity Magazine) The White House reveals at least 8 U.S. telecom firms impacted by China’s Salt Typhoon cyberattack (Fast Company) Senators implore Department of Defense to expand the use of Matrix (Element) Snowblind: The Invisible Hand of Secret Blizzard (Lumen) <a href="https://www.microsoft.com/en-us/security/blog/2024/12/04/frequent-freeloader-part-i-secret-blizzard-compromising-storm-0156-infra
S8 E2202 · Wed, December 04, 2024
The end of MATRIX.
International law enforcement takes down the MATRIX messaging platform. SailPoint discloses a critical vulnerability in its IdentityIQ platform. A Solana library has been backdoored. SolarWinds discloses a critical vulnerability in its Platform product. Researchers identify 16 zero-day vulnerabilities in Fuji Electric’s remote monitoring software. Cisco urges users to patch a decade-old vulnerability. CISA warns of active exploitation of Zyxel firewall devices. A critical XSS vulnerability has been identified in MobSF. Google’s December 2024 Android security update addresses 14 high-severity vulnerabilities. The Federal Trade Commission settles with data brokers over alleged consent violations. On today’s CertByte segment, Chris Hare and Dan Neville break down a question targeting the A+ Core (220-1101) Exam 1 certification. A vodka company gets iced by ransomware. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare , a content developer and project management specialist at N2K , we share practice questions from N2K’s suite of industry-leading certification resources, and a study tip to help you achieve the professional certifications you need to fast-track your career growth in IT, cyber security, or project management. This week, Chris is joined by Dan Neville breaking down a question targeting the A+ Core (220-1101) Exam 1 certification. Today’s question comes from N2K’s CompTIA® A+ Core Exam 1 Practice Test ( Core Exam 2 Practice Test is also available on our site). Have a question that you’d like to see covered? Email us at certbyte@n2k.com. Check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. Please note: The questions and answers provided here and on our site are not actual current or prior questions and answers from these certification publishers or providers. Additional sources:<a href="ht
S8 E2201 · Tue, December 03, 2024
Nam3l3ss but not harmless.
More than 760,000 see their personal data exposed on the BreachForums cybercrime forum. The new head of the UK’s NCSC warns against underestimating growing cyber threats. The Consumer Financial Protection Bureau (CFPB) looks to prevent data brokers from selling Americans’ personal and financial information. A U.S. government and energy sector contractor discloses a ransomware attack. The “smoked ham” Windows backdoor is being actively deployed. A new report warns of overreliance on Chinese-made LIDAR technology. SmokeLoader malware targets companies in Taiwan. NIST proposes new password guidelines. South Korean police make arrests over 240,000 satellite receivers with built-in DDoS attack capabilities. On our Threat Vector segment, we preview this week’s episode where host David Moulton goes Behind the Scenes with Palo Alto Networks CIO and CISO. ChatGPT has a Voldemort moment. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . Threat Vector Segment On our Threat Vector segment, we preview this week’s episode where host David Moulton goes “Behind the Scenes with Palo Alto Networks CIO and CISO Securing Business Success with Frictionless Cybersecurity.” Meerah Rajavel , CIO of Palo Alto Networks, and Niall Browne , CISO of the organization, join David to discuss the importance of aligning IT strategy with cybersecurity. You can catch new episodes of Threat Vector every Thursday here and on your favorite podcast app. Selected Reading 760,000 Employee Records From Several Major Firms Leaked Online (SecurityWeek) UK cyber chief warns country is ‘widely underestimating’ risks from cyberattacks (The Record) US agency proposes new rule blocking data brokers from selling Americans' sensitive personal data (TechCrunch) US government contractor ENGl
S8 E2200 · Mon, December 02, 2024
The international effort making digital spaces safer.
A major cybercrime crackdown by Interpol nabs hundreds of suspects and millions in stolen funds. Zabbix has disclosed a critical SQL injection vulnerability. A novel phishing campaign exploits Microsoft Word’s file recovery feature. Researchers track the Rockstar 2FA phishing toolkit. Critical vulnerabilities are found in Advantech’s industrial wireless access points. North Korea’s Kimsuky hacking group shifts their tactics. The U.N. forms an advisory body to address growing threats to critical undersea cable infrastructure.The U.K. is laser-focused on AI security research. Russian authorities arrest the Wazawaka ransomware affiliate. Our guest is Marshall Heilman, CEO of DTEX Systems, sharing his experience with a nation-state actor's attempt to gain employment at his company. OpenAI opens the door for encrudification. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest is Marshall Heilman , CEO of DTEX Systems , discussing how HR can spot fake IT workers and sharing their own experience with a nation-state actor's attempt to gain employment at his company. You can read DTEX Systems findings here . Selected Reading Global Police Arrest 5500 in $400m Cyber-Fraud Crackdown (Infosecurity Magazine) Critical Vulnerability Found in Zabbix Network Monitoring Tool (SecurityWeek) Novel phishing campaign uses corrupted Word documents to evade security (Bleeping Computer) "Rockstar 2FA" Phishing-as-a-Service Steals Microsoft 365 Credentials Via AiTM Attacks (Cyber Security News) Warning: Patch Advantech Industrial Wireless Access Points (GovInfo Security) North Korean Hacking Group Launches Undected Malwareless URL Phishing Attacks (Cyber Security News) UN, internati
Bonus · Sun, December 01, 2024
Debra Danielson: Be fearless. [CTO] [Career Notes]
Please enjoy this encore episode, where we are joined by Chief Technology Officer and Senior Vice President, Engineering for Digital Guardian Debra Danielson, as she shares her career journey. From aspirations of becoming an astronaut studying mechanical and aerospace engineering, Finding her first job at a local software company that turned into a long term commitment after it was acquired by another firm. Debra mentions that when she was heads-down programming, there were many women in the field and when she emerged from the cube to take on management and leadership positions, the ratio of women had dropped dramatically. She noted at this time that it took a lot of energy to be different. Debra shared that each time she had challenges in her career, she learned from them. She offers advice of taking risks earlier in your career as you don't know what it could lead to. And, we thank Debra for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, November 30, 2024
Leaking your AWS API keys, on purpose? [Research Saturday]
Please enjoy this encore episode: Noah Pack, a SANS Internet Storm Center Intern, sits down to discuss research on "What happens when you accidentally leak your AWS API keys?" This research is a guest diary from Noah and shares a project he worked on after seeing an online video of someone who created a python script that emailed colleges asking for free swag to be shipped to him. The research states "In this article, I will share some research, resources, and real-world data related to leaked AWS API keys." In this research, Noah shares what he learned while implementing his experiment. The research can be found here: What happens when you accidentally leak your AWS API keys? [Guest Diary] Learn more about your ad choices. Visit megaphone.fm/adchoices
S1 E74 · Fri, November 29, 2024
Science fiction meets reality with Ronald D. Moore. [T-Minus Deep Space]
T-Minus Space Daily Podcast Host Maria Varmazis was asked to host a fireside chat with Sci-Fi legend Ronald D. Moore at the Beyond Earth Symposium in Washington DC. Ronald D. Moore is an American screenwriter and television producer. He is best known for his work on Star Trek, the re-imagined Battlestar Galactica and For All Mankind TV series. Check out the full conversation on our YouTube Page here ! Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space , and you’ll never miss a beat . And be sure to follow T-Minus on LinkedIn and Instagram . T-Minus Crew Survey We want to hear from you! Please complete our 4 question survey . It’ll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit . Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
S9 E69 · Thu, November 28, 2024
Solution Spotlight: Simone Petrella talking with Lee Parrish, CISO of Newell Brands, about his book and security relationship management. [Special Edition]
Please enjoy this encore episode: On this Solution Spotlight, guest Lee Parrish , author and CISO at Newell Brands , joins N2K President Simone Petrella to discuss his book " The Shortest Hour: An Applied Approach to Boardroom Governance of Cyber Security " and security relationship management. Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E2199 · Wed, November 27, 2024
Grappling with a ransomware attack.
Blue Yonder continues to grapple with ransomware attack. AI-powered scams surge this shopping season. Gaming engine exploited to deliver malware. Chinese hackers ride the router wave. TikTok’s beauty filter ban. Redefining cybersecurity education for the future. On our Industry Voices segment, Dave sits down with Damon Fleury, SpyCloud’s Chief Product Officer to discuss defending against what criminals know about you and the role of holistic digital identity in cyber defense. And when do cyber criminals start their holiday scheming? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Today on our Industry Voices segment, guest Damon Fleury , SpyCloud ’s Chief Product Officer, joins Dave to discuss defending against what criminals know about you and the role of holistic digital identity in cyber defense. Selected Reading Kevin Beaumont (@GossiTheDog) on Mastodon (Mastodon) Advanced Cyberthreats Targeting Holiday Shoppers (FortiGuard Labs) Black Friday Gets a Fakeover: Fake Stores Spike 110% by Using LLMs this Holiday Shopping Season (Netcraft) The Exploitation of Gaming Engines: A New Dimension in Cybercrime (Check Point Software) T-Mobile Engineers Spotted Hackers Running Commands on Routers (Bloomberg Law) TikTok will block beauty filters for teens over mental health concerns (The Verge) Australia passes bill banning social media for children under 16 (The Washington Post) CISA debuts new cybersecurity training platform (Federal News Network) African cybercrime crackdown culminates in 1,0
S8 E2198 · Tue, November 26, 2024
Taking aim at cybercrime.
Smashing cybercrime syndicates. CyberVolk goes global. Tech troubles mostly resolved. A malware web weaved by Salt Typhoon targets global sectors. Love at first exploit. Ransomware attack on Blue Yonder brews trouble. Google faces a UK court battle. Lateral moves and lost data. I sit down with Clemence Poirer, Senior Cyberdefense Researcher at the Center for Security Studies (CSS) at ETH Zurich | Space Cybersecurity to discuss cybersecurity attacks in space. And finally, a Cybersecurity sales pitch goes rogue. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Today’s guest, Clemence Poirier , Senior Cyberdefense Researcher at the Center for Security Studies (CSS) at ETH Zurich, recently spoke with T-Minus Space Daily podcast host Maria Varmazis about cybersecurity attacks in space. Read the case study: Hacking the Cosmos: Cyber operations against the space sector. A case study from the war in Ukraine . Selected Reading Bangkok busts SMS Blaster sending 1 million scam texts from a van (Bleeping Computer) Police bust two Chinese syndicates (Bangkok Post) 'CyberVolk' hacktivists use ransomware in support of Russian interests (The Record) Microsoft says massive Outlook and Teams outage is mostly resolved (CNN) British hospital group declares ‘major incident’ following cyberattack (The Record) NHS declares major cyber incident for third time this year (The Register) Game of Emperor: Unveiling Long Term Earth Estries Cyber Intrusions (Trend Micro) RomCom exploits Firefox and Windows ze
S8 E2197 · Mon, November 25, 2024
Novel attacks and creative phishing angles.
APT28 uses a novel technique to breach organizations via nearby WiFi networks. Your Apple ID is (not) suspended. UK highlighting Russian threats at NATO Cyber Defence Conference. US senators request an audit of TSA's facial recognition technology. Supply chain software company sustains ransomware attack. Critical QNAP vulnerability could allow remote code execution. Outdated Avast Anti-Rootkit driver exploited. No more internet rabbit holes for China. Guest Lesley Carhart from Dragos on "The Shifting Landscape of OT Incident Response." Stop & Shop turns cyber oops into coffee and cookies. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest is Lesley Carhart , Technical Director at Dragos , speaking with Dave Bittner about "The Shifting Landscape of OT Incident Response." You can find the blog here . Selected Reading Russian Cyberspies Hacked Building Across Street From Target for Wi-Fi Attack (SecurityWeek) The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access (Volexity) New Warning For 2 Billion iPhone, iPad, Mac Users—Your Apple ID Is Suspended (Forbes) Russia plotting to use AI to enhance cyber-attacks against UK, minister will warn (The Guardian) Britain, NATO must stay ahead in 'new AI arms race', says UK minister (Reuters) Senators call for audit of TSA’s facial recognition tech as use expands in airports (The Record) Blue Yo
Bonus · Mon, November 25, 2024
So you want to write a book about AI and cybersecurity? [CSO Perspectives]
Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, turns over hosting duties to Caroline Wong, the Chief Strategy Officer at Cobalt to discuss the mechanics of writing a cybersecurity book about AI. References: Ben Smith. “Security Metrics: A Beginner’s Guide” Review [Review]. Cybersecurity Canon Project. Caroline Wong, 2011. Security Metrics, A Beginner’s Guide [Book]. Goodreads. Rick Howard, Caroline Wong, 2022. Interview with Author and Hall of Fame winner Caroline Wong [Interview]. Cybersecurity Canon Project. Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads. Rick Howard. Security Metrics, A Beginner’s Guide [Review]. Cybersecurity Canon Project. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sun, November 24, 2024
Greg Bell: Answer the question of "why?" [Open Source] [Career Notes]
Enjoy this encore episode where we are joined by Co-founder and Chief Strategy Officer for Corelight Greg Bell, as he describes the twists and turns of his career bringing him back to his childhood joy of computers. Working in a myriad of fields from human rights to Hollywood to writing a history of conspiracy belief before pivoting back to technology. Focusing on the relationships within the open source community, Greg works to change and improve the world through his mission-based organization. For those looking to begin their career in cyber, Greg offers that great mentorship and working for great organizations where you can soak in the culture are really important. And, we thank Greg for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, November 23, 2024
Exposing AI's Achilles heel. [Research Saturday]
This week, we are joined by Ami Luttwak , Co-Founder and CTO from Wiz , sharing their work on "Wiz Research Finds Critical NVIDIA AI Vulnerability Affecting Containers Using NVIDIA GPUs, Including Over 35 percent of Cloud Environments." A critical vulnerability in the NVIDIA Container Toolkit, widely used for GPU access in AI workloads, could allow attackers to escape containers and gain full access to host environments, jeopardizing sensitive data. Wiz estimates that at least 33% of cloud environments are affected and urges immediate updates to NVIDIA's patched version. This discovery highlights the broader issue of young, under-secured codebases in AI tools, emphasizing the need for stronger security measures and collaboration. The research can be found here: Wiz Research Finds Critical NVIDIA AI Vulnerability Affecting Containers Using NVIDIA GPUs, Including Over 35% of Cloud Environments Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E2196 · Fri, November 22, 2024
A not so BASIC farewell.
META details its efforts against pig butchering. The Salt Typhoon attack on major U.S. telecoms sparks interest from Congress. Microsoft dismantles 240 domains linked to the ONNX phishing-as-a-service platform. A major U.S. gambling and lottery provider suffers a cyberattack. Hackers exploit newly patched zero-days in Palo Alto Networks firewalls. Researchers say Fortinet VPN servers lack sufficient logging. A pilot program looks to improve security for small U.S. water utilities. Bitdefender warns of scammers using Black Friday-themed spam emails. Our guest is DataDome’s CEO and Co-founder, Benjamin Fabreto, discussing how "Fake Accounts Threaten Black Friday Gaming Sales." A fond farewell for a true cyber innovator. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest In advance of Black Friday shopping next week, our guest is DataDome ’s CEO and Co-founder, Benjamin Fabreto discussing their team's work on " Fake Accounts Threaten Black Friday Gaming Sales ." Selected Reading Meta cracks down on millions of accounts it tied to pig-butchering scams (CyberScoop) China’s Hacking Reached Deep Into U.S. Telecoms (New York Times) FCC leaders skirt call for wiretap security reform, hope to ‘go deeper’ on telecom breach briefings (NextGov) Microsoft disrupts ONNX phishing-as-a-service infrastructure (Bleeping Computer) Gambling and lottery giant disrupted by cyberattack, working to bring systems back online (The Record) Over 2,000 Palo Alto firewalls hacked using recently patched bugs (Bleeping Computer) <a href="https://www.bleepingcomputer.com/news/security/fortinet-vpn-design-flaw-hides-
S8 E2195 · Thu, November 21, 2024
No more spinach for PopeyeTools.
The feds take down the PopeyeTools cybercrime market. Five alleged Scattered Spider members have been charged. CISA warns of critical vulnerabilities in VMware’s vCenter Server. Global AI experts convene to discuss safety. MITRE updates its list of Top 25 Most Dangerous Software Weaknesses. US and Australian agencies warn critical infrastructure organizations about evolving tactics by the BianLian ransomware group. A new report looks at rising threats to the U.S. manufacturing industry. Researchers at ESET uncover the WolfsBane Linux backdoor. A pair of malicious Python packages impersonating ChatGPT went undetected for over a year. A data breach at a French hospital compromised the medical records of 750,000 patients. On our Industry Voices segment, guest Avihai Ben-Yossef, Cymulate’s Co-Founder and CTO, joins us to discuss "The Evolution and Outlook of Exposure Management." AI Pimping is the scourge of Instagram. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On our Industry Voices segment, guest Avihai Ben-Yossef , Cymulate ’s Co-Founder and CTO, joins us to discuss "The Evolution and Outlook of Exposure Management." Resources : Security Validation Essentials Hertz Israel Reduced Cyber Risk by 81% within 4 Months with Cymulate SecOps Roundtable: Security Validation and the Path to Exposure Management Double Agent: Exploiting Pass-through Authentication Credential Validation in Azure AD Selected Reading US seizes PopeyeTools cybercrime marketplace, charges administrators (Bleeping Computer) Five Charged in Scattered Spider Case (Infosecurity Magazine) <a href="https:
S8 E2194 · Wed, November 20, 2024
When location data becomes a weapon.
A WIRED investigation uncovers the ease of tracking U.S. military personnel. Apple releases emergency security updates to address actively exploited vulnerabilities. Latino teenagers and LGBTQ individuals are receiving disturbing text messages spreading false threats. Crowdstrike says Liminal Panda is responsible for telecom intrusions. Oracle patches a high-severity zero-day vulnerability. Trend Micro has disclosed a critical vulnerability in its Deep Security 20 Agent software. A rural hospital in Oklahoma suffers a ransomware attack. A leading fintech firm is investigating a security breach in its file transfer platform. Researchers deploy Mantis against malicious LLMs. Ben Yelin from the University of Maryland Center for Health and Homeland Security discusses AI’s bias in the resume screening process. Tracking down a lost Lambo. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Today, we have Ben Yelin , Program Director, Public Policy & External Affairs at the University of Maryland Center for Health and Homeland Security and our Caveat podcast co-host, discussing AI’s racial and gender bias in the resume screening process. You can read about it here . Selected Reading Anyone Can Buy Data Tracking US Soldiers and Spies to Nuclear Vaults and Brothels in Germany (WIRED) GAO recommends new agency to streamline how US government protects citizens’ data (The Record) Apple Issues Emergency Security Update for Actively Exploited Flaws (Infosecurity Magazine) Texts threatening deportation and 're-education' for gays stoke both fear and defiance (NBC News) Chinese APT Group Targets Telecom Firms Linked to BRI (Infosecurity Magazine) Oracle Patches Exploited Agile PLM Zero-Day (SecurityWeek) <a href="https://cybersecuritynews.com/trend
S8 E2193 · Tue, November 19, 2024
Biden vs. Trump: A tale of two cybersecurity strategies.
Pundits predict Trump will overhaul U.S. cybersecurity policy. Experts examine escalating cybersecurity threats facing the U.S. energy sector. Palo Alto Networks patches a pair of zero-days. Akira and SafePay ransomware groups claim dozens of new victims. A major pharmacy group is pressured to pay a $1.3 million ransomware installment. Threat actors are exploiting Spotify playlists and podcasts. An alleged Phobos ransomware admin has been extradited to the U.S. Rapper “Razzlekhan” gets 18 months in prison for her part in the Bitfinex cryptocurrency hack. On today’s Threat Vector, David Moulton speaks with Assaf Dahan, Director of Threat Research at Palo Alto Networks’ Cortex team, about the rising cyber threat from North Korea. Swiss scammers send snail mail. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . Threat Vector Segment On this segment of Threat Vector , host David Moulton speaks with Assaf Dahan , Director of Threat Research at Palo Alto Networks’ Cortex team, about the rising cyber threat from North Korea. To hear the full conversation between David and Assaf, listen to Cyber Espionage and Financial Crime: North Korea’s Double Threat , and catch new episodes of Threat Vector every Thursday on your favorite podcast app! Selected Reading More Spyware, Fewer Rules: What Trump’s Return Means for US Cybersecurity (WIRED) How to remove the cybersecurity gridlock from the nation's energy lifelines (CyberScoop) Palo Alto Patches Firewall Zero-Day Exploited in Operation Lunar Peek (SecurityWeek) SafePay ransomware: Obscure group uses LockBit builder, claims 22 victims (SC Media) Akira Ransomware Drops 30 Victims on Leak Site in One Day (SecurityWeek) <a href="https://www.govinfosecurity.com/gang-shaking-down-pharmacy-group-for
S8 E2192 · Mon, November 18, 2024
A new era for CISA under Trump?
CISA’s Director Easterly plans to step down in the coming year. DHS issues recommendations for AI in critical infrastructure.Palo Alto Networks confirms active exploitation of a critical zero-day vulnerability in its firewalls. Threat actors exploit Microsoft’s 365 Admin Portal to send sextortion emails. A China-based APT targets a zero-day in Fortinet’s Windows VPN. The EPA reports on vulnerabilities in drinking water systems. A critical authentication bypass vulnerability affects a popular WordPress plugin. Researchers track a rise in the ClickFix social engineering technique. An 18 year old faces up to twenty years behind bars for swatting. Our guest is Rob Boyce, Global Lead, Cyber Resilience at Accenture, discussing SIM swapping services targeting telcos. Nuisance calls are in decline. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Today, we are joined by Rob Boyce , Global Lead, Cyber Resilience at Accenture , discussing SIM swapping services targeting telcos. Selected Reading CISA Director Jen Easterly to depart on Inauguration Day (Nextgov/FCW) DHS Releases Secure AI Framework for Critical Infrastructure (Dark Reading) Palo Alto firewalls exploited after critical zero-day vulnerability (Cybernews) Microsoft 365 Admin portal abused to send sextortion emails (Bleeping Computer) Fortinet VPN Zero-Day Exploited in Malware Attacks Remains Unpatched: Report (SecurityWeek) 300 Drinking Water Systems in US Exposed to Disruptive, Damaging Hacker Attacks (SecurityWeek) Security plugin flaw in millions of WordPress sites gives admin access (Bleeping Computer) <a href="https
Bonus · Mon, November 18, 2024
Cyber-entrepreneurship in the age of CyberAI. [CSO Perspectives]
Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, turns over hosting duties to Kevin Magee, the Global Director of Cybersecurity Startups at Microsoft to discuss Cyber-entrepreneurship in the age of CyberAI. For a complete reading list and even more information, check out Rick’s more detailed essay on the topic. References: Andrew McCarty, Emma Eschweiler, Natalie Fratto, Andrew Pardo, Jake Ledbetter, 2024. The Rise of CyberAI [Analysis]. Silicon Valley Bank. Camille Périssère, 2024. 2024 cybersecurity market trends [Analysis]. AXA Venture Partners. Jeffrey Grabow, 2024. AI continues to drive venture capital activity [Analysis]. EY. Kaloyan Andonov, 2024. Energy companies increase investment in cybersecurity startups [Analysis]. Global Corporate Venturing. Staff, 2024. Cybersecurity Market Size, Share, Analysis Analysis]. Fortune Business Insights. Staff, 2024. RBC FinSec Incubator [Analysis]. Rogers Cybersecure Catalyst. Staff, 2024. Microsoft Digital Defense Report 2024 [White Paper]. Microsoft. Steve Morgan, 2022. Cybercrime To Cost The World 8 Trillion Annually In 2023 [Analysis]. Cybercrime Magazine. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sun, November 17, 2024
Teresa Shea: The challenge of adapting new technologies. [Intelligence] [Career Notes]
Please enjoy this encore episode where Vice President of Raytheon's Cyber Offense, Defense Expert Teresa Shea speaks of her journey from math to adapting new technologies on the cutting edge, With a love of math, Teresa was offered a scholarship by the Society of Women Engineering and decided to pursue a degree in electrical engineering. Unsurprisingly, there were few other women in her program, Teresa interned with and then proceeded to work for the National Security Agency becoming their SIGINT director. Following her government career, Teresa worked to help bring new technologies to government through her work at Raytheon. We thank Teresa for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E354 · Sat, November 16, 2024
Credential harvesters in the cloud. [Research Saturday]
This week we are joined by, Blake Darché , Head of Cloudforce One at Cloudflare , to discuss their work on "Unraveling SloppyLemming’s Operations Across South Asia." Cloudforce One's investigation into the advanced threat actor "SloppyLemming" reveals an extensive espionage campaign targeting South and East Asia, with a focus on Pakistan's government, defense, telecommunications, and energy sectors. Leveraging multiple cloud service providers, SloppyLemming employs tactics like credential harvesting, malware delivery, and command-and-control (C2) operations, often relying on open-source adversary emulation tools like Cobalt Strike. Despite its activities, the actor's poor operational security (OPSEC) has allowed investigators to gain valuable insights into its infrastructure and tooling. The research can be found here: Unraveling SloppyLemming’s operations across South Asia Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E2191 · Fri, November 15, 2024
One tap, total access: Pegasus exploits unveiled.
Unredacted court filings from WhatsApp’s 2019 lawsuit against NSO Group reveal the scope of spyware infections. Glove Stealer can bypass App-Bound Encryption in Chromium-based browsers. Researchers uncover a new zero-day vulnerability in Fortinet’s FortiManager. Rapid7 detects an updated version of LodaRAT. CISA warns of active exploitation of Palo Alto Networks’ Expedition tool. Misconfigured Microsoft Power Pages accounts expose sensitive data. Iranian state hackers mimic North Koreans in fake job scams. Australia warns its critical infrastructure providers about state sponsored embedded malware. An especially cruel cybercriminal gets ten years in the slammer. Guest Ambuj Kumar, Co-founder and CEO of Simbian, joins us to discuss how AI Agents may change the cyber landscape. We’re countin’ down the top ten least secure passwords. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest Ambuj Kumar , Co-founder and CEO of Simbian , joins us to discuss how AI Agents are going to change the cyber landscape. Selected Reading 1,400 Pegasus spyware infections detailed in WhatsApp’s lawsuit filings (The Record) Glove Stealer Malware Bypasses Chrome's App-Bound Encryption (SecurityWeek) watchTowr Finds New Zero-Day Vulnerability in Fortinet Products ( Infosecurity Magazine) LodaRAT: Established malware, new victim patterns (Rapid7 Blog) CISA Warns of Two More Palo Alto Expedition Flaws Exploited in Attacks (SecurityWeek) Microsoft Power Pages misconfigs exposing sensitive data (The Register) Iranian Threat Actors Mimic North Korean Job Scam Techniques (BankInfo Security) Hackers Lurking in Criti
S8 E2190 · Thu, November 14, 2024
Eavesdropping on America’s eyes and ears.
The Feds confirm Chinese penetration of U.S. telecom wiretap systems. Anne Neuberger outlines top cybersecurity challenges facing the upcoming Trump administration. Former Air National Guardsman Jack Teixeira gets a 15-year prison sentence for leaking classified U.S. military documents. A Chinese national faces up to 20 years in prison after pleading guilty to money laundering for “pig-butchering” scams. Researchers say a popular pregnancy app has serious, unaddressed security vulnerabilities. NIST misses its deadline for clearing the NVD backlog. A B2B demand generation company confirms a leak affecting 122 million people. HHS warns healthcare organizations to be on the lookout for Godzilla. Moody’s designates the industries at highest risk of cyber attack. Guest Sarah Hutchins, Partner at Parker Poe, discusses the growing number of state data privacy laws. An AI grandma keeps scammers on the line. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest Sarah Hutchins , Partner at Parker Poe , discusses the growing number of state data privacy laws. You can listen to Sarah’s full conversation including litigation trends related to targeted advertising and wiretapping, and key takeaways for companies on cybersecurity practices and risk reporting on today’s Caveat episode . Selected Reading FBI confirms China-backed hackers breached US telecom giants to steal wiretap data (TechCrunch) Top White House cyber official urges Trump to focus on ransomware, China (The Record) Chinese national faces 20 years in US prison for laundering pig-butchering proceeds (The Record) IT specialist Jack Teixeira jailed for 15 years after leaking classified military documents on Discord (Bitdefender) Pregnancy Tracking App ‘What to Expect’
S8 E2189 · Wed, November 13, 2024
‘Bitcoin Jesus’ and Sheboygan face problems.
Federal agencies and Five Eyes partners list the past year’s most exploited vulnerabilities. U.S. authorities hand down indictments in the Snowflake customer breach. Patch Tuesday updates. Zoom discloses multiple vulnerabilities. A China-linked hacker group has compromised Tibetan media and university websites. A cyberattack on a Dutch company affects over 2,000 U.S. grocery stores. Sheboygan suffers a ransomware attack. The White House plans to support a controversial UN cybercrime treaty. On today’s CertByte segment, N2K’s Chris Hare is joined by Dan Neville to break down a question from the CompTIA® Security+ certification Practice Test. Bitcoin Jesus faces $48 million in tax fraud charges. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CertByte Segment On CertByte, host Chris Hare , content developer and project management specialist at N2K , shares practice questions and a study tip to help you achieve the professional certifications you need to fast-track your career growth in IT, cyber security, or project management. In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by Dan Nevllie to break down a question targeting the CompTIA® Security+ (SY0-701) certification. Today’s question comes from N2K’s CompTIA® Security+ Practice Test . According to CompTIA®, Security+ is "the most widely adopted ISO/ANSI-accredited early career cybersecurity certification on the market." The exam is geared towards anyone who already holds a Network+ cert, and has two years of experience in a security or a systems admin role.To learn more about this and other related topics under this objective, please refer to the following resources: CompTIA Security+ Study Guide with over 500 Practice Test Questions (Sybex Study Guide), Chapter 17: Risk Management and Privacy and CompTIA Security+ Get Certified Get Ahead: SY0-701 Study Guide Chapter 11: Implementing Policies to Mitigate Risk. Have a question that you’d like to see covered? Email us at certbyte@n2k.com. Please note: The questions and answers provided here and on our site are not actual current or prior questions and answers from these certification publishers or providers. Additional sources
S8 E2188 · Tue, November 12, 2024
Ransomware as a public health crisis.
At the U.N. Anne Neuberger frames ransomware as a growing public health crisis. Amazon confirms a MOVEit-related data breach. SAP provides patches and mitigations for a variety of flaws. Researchers identify North Korean hackers embedding malware in macOS applications. Form I-9 Compliance reports a data breach impacting over 193,000 individuals. Hot Topic confirms a breach affecting over 54 million customers. Halliburton reports a $35 million ransomware event. Ymir ransomware follows in the footsteps of RustyStealer. Threat actors prepare for a second Trump presidency. A Venezuelan man gets 25 years for romance scam kidnappings. Our guest is Tim Starks from CyberScoop sharing what he’s hearing from Washington insiders as they prepare for the next Trump administration. The Secret Service wonders if warrants are really required. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest is Tim Starks from CyberScoop sharing what he’s hearing from Washington insiders as they prepare for the next Trump administration. Selected Reading White House Slams Russia Over Ransomware's Healthcare Hits (BankInfo Security) Amazon employee data stolen by hacker, company confirms (Silicon Republic) SAP Patches High-Severity Vulnerability in Web Dispatcher (SecurityWeek) North Korean-linked hackers were caught experimenting with new macOS malware (CyberScoop) Form I-9 Compliance Data Breach Impacts Over 190,000 People (SecurityWeek) Hot Topic Data Breach: A Massive Leak Exposes Millions of Customer Records (SOCRadar) Energy Giant Halliburton Reveals $35m Ransomware Loss (Infosecurity Magazine) <a href="https://www.bleepingcomputer.com/news/security/new-ymir-ransomware-partners-with-rustystealer-in-attacks
Bonus · Mon, November 11, 2024
Veterans Day Special. [CSO Perspectives]
Rick Howard, The CyberWire’s Chief Analyst, CSO, and Senior Fellow, and the cast of the entire CyberWire team, honor our U.S. veterans on this special day. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sun, November 10, 2024
Kevin Magee: Focus on the archer. [CSO] [Career Notes]
Enjoy this special encore episode where we are joined by Chief Security Officer of Microsoft Canada Kevin Magee, he's sharing his background as a historian and how it applies to his work in cybersecurity. Likening himself to a dashing Indiana Jones, Kevin talks about how he sees history unfolding and the most interesting things right now are happening in security. Spending time tinkering with things in the university's computer room under the stairs gave way to Kevin's love affair with technology. As Chief Security Officer, Kevin says he uses an analogy: "I think we focus on the arrows, not the the archer" meaning there's too much focus on the attacks rather than the ones mounting them. As a historian and witness to our current history, Kevin sees the changes all affecting cybersecurity. We thank Kevin for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sun, November 10, 2024
Solution Spotlight: Rebuilding trust in the wake of tech calamities. [Special Edition]
In this special edition of our podcast, Simone Petrella sits down with cybersecurity luminary Alex Stamos , Chief Information Security Officer at SentinelOne , to delve into one of the most challenging years in tech history. 2024 has seen unprecedented breaches of multinational corporations, high-stakes attacks from state actors, massive data leaks, and the largest global IT failure on record. As both a seasoned security executive and respected thought leader, Stamos offers a firsthand perspective on how the security landscape is evolving under these pressures. In this exclusive keynote discussion , Stamos draws from his extensive experience to share hard-won lessons from the upheavals of 2024, discussing how companies can build — and rebuild — trust amidst this environment of constant threat. What new responsibilities do organizations have to their customers, employees, shareholders, and society? And what major shifts can we expect across cybersecurity and IT practices in response to these cascading challenges? Tune in for a deep dive into how security professionals are rising to meet their roles in a world brimming with motivated and capable adversaries. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, November 09, 2024
A firewall wake up call. [Research Saturday]
Enjoy this special encore episode, where we are joined by Jon Williams from Bishop Fox, as he is sharing their research on "It’s 2024 and Over 178,000 SonicWall Firewalls are Publicly Exploitable." SonicWall published advisories for CVE-2022-22274 and CVE-2023-0656 a year apart after finding that NGFW series 6 and 7 devices are affected by two unauthenticated denial-of-service vulnerabilities. The research states "Our research found that the two issues are fundamentally the same but exploitable at different HTTP URI paths due to reuse of a vulnerable code pattern." They also found that when they scanned SonicWall firewalls with management interfaces exposed to the internet, they found that 76% are vulnerable to one or both issues. The research can be found here: It’s 2024 and Over 178,000 SonicWall Firewalls are Publicly Exploitable Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E2187 · Fri, November 08, 2024
CISA issues urgent warning.
CISA issues a warning about a critical security flaw in Palo Alto Networks’ Expedition tool. A federal agency urges employees to limit phone use in response to Chinese hacking. Law enforcement is perplexed by spontaneously rebooting iPhones. A key supplier for oilfields suffers a ransomware attack. Hewlett Packard Enterprise (HPE) patches multiple vulnerabilities in its Aruba Networking access points. Cybercriminals use game-related apps to distribute Winos4.0. Germany proposes legislation protecting security researchers. The TSA proposes new cybersecurity regulations for critical transportation infrastructure. Our guest is Aaron Griffin, Chief Architect from Sevco Security, sharing the discovery of a significant Apple iOS bug involving iPhone Mirroring. AI tries to wing it in a Reddit group, but moderators put a fork in it. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest is Aaron Griffin , Chief Architect from Sevco Security , sharing the discovery of a significant Apple iOS 18 and macOS Sequoia privacy bug that exposes employee personal iPhone apps and data to companies through iPhone Mirroring. Read Sevco’s blog on the topic. Selected Reading CISA warns of Critical Palo Alto Networks Vulnerability Exploited in Attacks (GB Hackers) U.S. Agency Warns Employees About Phone Use Amid Ongoing China Hack (Wall Street Journal) Host of House panels getting briefed on major Chinese hacker telecom breaches (CyberScoop) Police Freak Out at iPhones Mysteriously Rebooting Themselves, Locking Cops Out (404 Media) Texas-based oilfield supplier faces disruptions following ransomware attack (The Record) HPE Patches Critical Vulnerabilities in Aruba Access Points (SecurityWeek)<
S8 E2186 · Thu, November 07, 2024
Canada cuts TikTok ties.
Canada orders ByteDance to shut down local operations. Cisco releases urgent patches for multiple vulnerabilities. SteelFox malware delivers a crypto-miner and info-stealer. North Korean campaigns pursue fake jobs and remote workers. A suspected cyber intrusion disrupts Washington state court systems. Over 200,000 customers of SelectBlinds have their credit card info stolen. Cyber experts encourage congress to pursue bipartisan readiness studies despite DoD pushback. On our Industry Voices segment, we welcome guest Jeremy Huval, Chief Innovation Officer at HITRUST®, discussing the AI explosion and the need to consider the risks before implementation. Curiosity killed the cat lover’s computer. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On our Industry Voices segment, we welcome guest Jeremy Huval , Chief Innovation Officer at HITRUST® , discussing the AI explosion and the need to consider the risks before implementation. Learn more about how robust your AI risk management program is here . Selected Reading Canada Orders Shutdown of Local TikTok Branch Over Security Concerns (Infosecurity Magazine) Cisco Patches Critical Vulnerability in Industrial Networking Solution (SecurityWeek) Cisco Desk Phone Series Vulnerability Lets Remote Attacker Access Sensitive Information (GB Hackers) ‘SteelFox’ Miner and Information Stealer Bundle Emerges (SecurityWeek) North Korean Hackers Employing New Tactic To Acquire Remote Jobs (Cyber Security News) Outages impact Washington state courts after ‘unauthorized activity’ detected on network (The Record) SelectBlinds says 200,000 customers impacted after hackers embed malware on site (The Record) <a href="https://cyberscoop.com/cyber-force-study-congress-departmen
S8 E2185 · Wed, November 06, 2024
That’s a wrap on election day.
Election day wrap-up. The FBI issues a warning about cybercriminals selling government email credentials. Google issues an emergency update for Chrome. An Interpol operation nets dozens of arrests and IP takedowns. Microchip Technology disclosed $21.4 million in expenses related to a cybersecurity breach. Ransomware makes a Georgia hospital revert to paper records. South Korea fines Meta $15 million over privacy violations. A cyberattack disables panic alarms on British prison vans. A small city in Kansas recovers from a devastating pig butchering scheme. Our guest today is Javed Hasan, CEO and Co-Founder of Lineaje, discussing the growing risks within open source ecosystems. Sending data down the compressed air superhighway. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest today is Javed Hasan , CEO and Co-Founder of Lineaje , discussing the growing risks within open source ecosystems. Selected Reading Top US cyber official says 'no evidence of malicious activity' impacting election (The Record) FBI Warns Gmail, Outlook Users Of $100 Government Emergency Data Email Hack (Forbes) Chrome Security Update: Patch for Multiple High Severity Vulnerabilities (Cyber Security News) Interpol disrupts cybercrime activity on 22,000 IP addresses, arrests 41 (Bleeping Computer) Microchip Technology Reports $21.4 Million Cost From Ransomware Attack (SecurityWeek) Ransomware Attack Disrupts Georgia Hospital's Access to Health Records (SecurityWeek) South Korea Fines Meta $15 Million for Illegal Data Collection on Facebook Users (CEO Today) <a href="https://therecord.media/british-prison-vans-cybera
S8 E2184 · Tue, November 05, 2024
Confidence on election day.
On election day U.S. officials express confidence. A Virginia company is charged with violating U.S. export restrictions on technology bound for Russia. Backing up your GMail. Google mandates MFA. Google claims an AI-powered vulnerability detection breakthrough. Schneider Electric investigates a cyberattack on its internal project tracking platform. A Canadian man suspected in the Snowflake-related data breaches has been arrested. On our Threat Vector segment, David Moulton sits down with Christopher Scott, from Unit 42 to explore the essentials of crisis leadership and management. I spy air fry? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . Threat Vector Segment In this segment of the Threat Vector podcast, host David Moulton sits down with Christopher Scott , Managing Partner at Unit 42 by Palo Alto Networks , to explore the essentials of crisis leadership and management in cybersecurity. You can hear the full discussion here and catch new episodes of Threat Vector every Thursday on your favorite podcast app. Selected Reading In final check-in before Election Day, CISA cites low-level threats, and not much else (The Record) Joint ODNI, FBI, and CISA Statement (FBI Federal Bureau of Investigation) Exclusive: Nakasone says all the news about influence campaigns ahead of Election Day is actually 'a sign of success' (The Record) Virginia Company and Two Senior Executives Charged with Illegally Exporting Millions of Dollars of U.S. Technology to Russia (United States Department of Justice) Gmail 2FA Cyber Attacks—Open Another Account Before It’s Too Late (Forbes) <a href="https://cloud.google.com/blog/products/identity-security/mandat
S8 E2183 · Mon, November 04, 2024
FBI fights fake news.
The FBI flags fake videos claiming to be from the agency. Okta patches an authentication bypass vulnerability. Microsoft confirms Windows Server 2025 Blue Screen of Death issues. Scammers exploit DocuSign’s APIs to send fake invoices that bypass spam filters. Hackers use smart contracts for command and control. ICS suppliers face challenges convincing customers to secure their environments. Barracuda tracks a phishing campaign impersonating OpenAI. X-Twitter makes controversial changes to its block feature. A Nigerian man gets 26 years in prison for email fraud. On our Solution Spotlight, N2K's Simone Petrella interviews Alex Stamos, CISO at SentinelOne, at the ISC2 Security Congress 2024 about lessons learned in 2024 and what that means for 2025. For a South Dakota plastic surgeon, ransomware was just the beginning of his financial woes. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On our Solution Spotlight, N2K 's Simone Petrella interviews Alex Stamos , CISO at SentinelOne , at the ISC2 Security Congress 2024 about lessons learned in 2024 and what that means for 2025. Selected Reading FBI flags false videos impersonating agency, claiming Democratic ballot fraud (CyberScoop) Okta security bug affects those with really long usernames (The Register) Microsoft confirms Windows Server 2025 blue screen, install issues (Bleeping Computer) Scammers Use DocuSign API to Evade Spam Filters with Phishing Invoices (Hackread) Supply Chain Attack Uses Smart Contracts for C2 Ops (Infosecurity Magazine) Siemens and Rockwell Tackle Industrial Cybersecurit
Bonus · Mon, November 04, 2024
State of security automation. [CSO Perspectives]
Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, turns over hosting duties to William MacMillan, the Chief Product Officer at Andesite, to discuss the Cybersecurity First Principle of automation: current state and what happens now with AI as it applies to SOC Operations. For a complete reading list and even more information, check out Rick’s more detailed essay on the topic. Check out Rick's 3-part election mini-series: Part 1: Election Propaganda Part 1: How Does Election Propaganda Work? In this episode, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses personal defensive measures that every citizen can take—regardless of political philosophy—to resist the influence of propaganda. This foundational episode is essential for understanding how to navigate the complex landscape of election messaging. Part 2: Election Propaganda: Part 2: Modern propaganda efforts. In preparation for the US 2024 Presidential Election, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses recent international propaganda efforts in the form of nation state interference and influence operations as well as domestic campaigns designed to split the target country into opposing camps. Guests include Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. Part 3: Election Propaganda: Part 3: Efforts to reduce the impact of future elections. Thinking past the US 2024 Presidential Election, In part three of the series, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses reducing the impact of propaganda in the future elections with Perry Carpenter, Chief Human Risk Management Strategist at KnowBe4 and host of the 8th Layer Insights Podcast, Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project, and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. References: Bob Violino, 2022. 7 top challenges of security tool integration [Analysis]. CSO Online. Bruce Japsen, 2024. UnitedHealth Group Cyberattack Costs To Hit $2.3 Billion This Year [News]. Forbes. Clay Chun, 2019. JOHN BOYD AND THE “OODA” LOOP (GREAT STRATEGISTS) [Explainer]. War Ro
Bonus · Sun, November 03, 2024
Dinah Davis: Building your network. [R&D] [Career Notes]
Please enjoy this encore episode, where we are joined by VP of R&D at Arctic Wolf Networks Dinah Davis, as she shares how she arrived in the cybersecurity industry after finding her niche. Dinah recalls how at a time of indecision, a computer course at university and a job with the Canadian government helped to solidify her career direction. Dinah mentions how "security and cryptography specifically was this perfect mix of real world problem solving and mathematics and computer science all combined into one ball of happiness." Networking played a key role in Dinah's journey. She recommends that those interested in joining the field to go for what they believe in. And, we thank Dinah for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, November 02, 2024
Velvet Ant's silent invasion. [Research Saturday]
This week, we are joined by, Amnon Kushnir from Sygnia , who is sharing their work on "China-Nexus Threat Group ‘Velvet Ant’ Leverages a Zero-Day to Deploy Malware on Cisco Nexus Switches." In early 2024, Sygnia observed the ‘Velvet Ant’ threat group exploiting a zero-day vulnerability (CVE-2024-20399) to infiltrate Cisco Switch appliances and operate undetected within enterprise networks. This attack enables threat actors to escape Cisco’s command interface and install malware directly on the device’s OS, bypassing standard security tools. The incident underscores the risks posed by third-party appliances and the importance of enhanced monitoring and threat detection to counter advanced persistent threats. The research can be found here: China-Nexus Threat Group ‘Velvet Ant’ Leverages a Zero-Day to Deploy Malware on Cisco Nexus Switches Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E2182 · Fri, November 01, 2024
A push to debunk election disinformation.
Georgia’s Secretary of State Pushes Social Media to Remove Russian Disinformation. CISA introduces its first international strategic plan. Microsoft issues a warning about the Quad7 botnet. Researchers uncover a zero-click vulnerability in Synology devices. CISA warns of critical ICS vulnerabilities. The U.S.and Israel outline the latest cyber activities of an Iranian threat group. Researchers track an online shopping scam operation called “Phish ‘n’ Ships.” A Colorado Pathology lab notifies 1.8 million patients of a data breach. Our guest is Gary Barlet, Public Sector CTO at Illumio, with a timely look at election security. Packing a custom PC full of meth. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest is Gary Barlet , Public Sector CTO at Illumio , discussing where elections are most vulnerable and the potential dangers beyond national elections. Selected Reading Georgia official asks social media sites to take down Russian disinformation video (The Record) CISA Strategic Plan Targets Global Cooperation on Cybersecurity (Security Boulevard) Microsoft: Chinese hackers use Quad7 botnet to steal credentials (Bleeping Computer) Microsoft delays Windows Recall again, now by December (Bleeping Computer) Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack (WIRED) CISA Warns of Critical Software Vulnerabilities in Industrial Devices (Infosecurity Magazine) US, Israel Describe Iranian Hackers' Targeting of Olympics, Surveillance Cameras (SecurityWeek) Fake product listings on real shopping sites lead to st
S8 E2181 · Thu, October 31, 2024
Guarding the Vote
CISA spins up an election operations war room. Microsoft neglected to restrict access to gender-detecting AI. Yahoo uncovers vulnerabilities in OpenText’s NetIQ iManager. QNAP issues urgent patches for its NAS devices. Sysdig uncovers Emerald Whale. A malvertising campaign exploits Meta’s ad platform to spread the SYS01 infostealer. Senator Ron Wyden wants to tighten rules aimed at preventing U.S. technologies from reaching repressive regimes. Researchers use AI to uncover an IoT zero-day. Sophos reveals a five year battle with firewall hackers. Our guest is Frederico Hakamine, Technology Evangelist from Axonius, talking about how threats both overlap and differ across individuals and critical infrastructure. Be afraid of spooky data. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest is Frederico Hakamine , Technology Evangelist from Axonius , talking about how threats both overlap and differ across individuals and critical infrastructure. Selected Reading CISA Opens Election War Room to Combat Escalating Threats (GovInfo Security) Agencies face ‘inflection point’ ahead of looming zero-trust deadline, CISA official says (CyberScoop) Microsoft Provided Gender Detection AI on Accident (404 Media) Yahoo Discloses NetIQ iManager Flaws Allowing Remote Code Execution (SecurityWeek) QNAP patches critical SQLi flaw (Beyond Machines) EMERALDWHALE: 15k Cloud Credentials Stolen in Operation Targeting Exposed Git Config Files (Sysdig) Fake Meta Ads Hijacking Facebook Accounts to Spread SYS01 Infostealer (Hackread) Exclusive: Senator calls on Commerce to tighten proposed rules on exporting surveillance, hacking tech to problematic nations (Cyb
Bonus · Thu, October 31, 2024
The Malware Mash
Happy Halloween from the team at N2K Networks! We hope you share in our Halloween tradition of listening to the Malware Mash. You can check out our video here . Lyrics I was coding in the lab late one night when my eyes beheld an eerie sight for my malware threat score began to rise and suddenly to my surprise... It did the Mash It did the Malware Mash The Malware Mash It was a botnet smash It did the Mash It caught on 'cause of Flash The Malware Mash It did the Malware Mash From the Stuxnet worm squirming toward the near east to the dark web souqs where the script kiddies feast the APTs left their humble abodes to get installed from rootkit payloads. They did the Mash They did the Malware Mash The Malware Mash It was an adware smash They did the Mash It caught on 'cause of Flash The Malware Mash They did the Malware Mash The botnets were having fun The DDoS had just begun The viruses hit the darknet, with ransomware yet to come. The keys were logging, phishing emails abound, Snowden on chains, backed by his Russian hounds. The Shadow Brokers were about to arrive with their vocal group, "The NotPetya Five." They did the Mash They played the Malware Mash The Malware Mash It was a botnet smash They did the Mash It caught on 'cause of Flash The Malware Mash They played the Malware Mash Somewhere in Moscow Vlad's voice did ring Seems he was troubled by just one thing. He opened a shell then shook his fist and said, "Whatever happened to my Turla Trojan twist." It's now the Mash It's now the Malware Mash The Malware Mash And it's a botnet smash It's now the Mash It caught on 'cause of Flash The Malware Mash It's now the Malware Mash Now everything's cool, Vlad's a part of the band And the Malware Mash is the hit of the land. For you, defenders, this mash was meant to when you get to my door, tell them Creeper sent you. Then you can Mash Then you can Malware Mash The Malware Mash And be a botnet smash It is the Mash Don't you dare download Flash The Malware Mash Just do the Malware Mash Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E2180 · Wed, October 30, 2024
Password snafu sparks election security questions.
Colorado election officials downplay a partial password leak. Over 22,000 CyberPanel instances were targeted in a ransomware attack. Google issues a critical security update for Chrome. Microsoft says Russia’s SVR is conducting a wide-ranging phishing campaign. The FakeCall Android banking trojan gains advanced evasion and espionage capabilities. A New 0patch Fix Blocks Malicious Theme Files. iOS malware LightSpy adds destructive features. LinkedIn faces class-action lawsuits over alleged privacy violations. The U.S. charges a Russian national as part of Operation Magnus. On this week’s CertByte segment, Chris Hare is joined by Dan Neville to break down a question targeting the Certified Associate in Project Management (CAPM)® certification. An Ex-Disney Staffer Allegedly Adds a Side of Sabotage to Park Menus. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CertByte Segment In this segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by Dan Neville to break down a question targeting the Certified Associate in Project Management (CAPM)® certification by the Project Management Institute®. Today’s question comes from N2K’s PMI® Certified Associate in Project Management (CAPM®) Practice Test . If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro. Please note: The questions and answe r s provid e d here, and on our site, are not actual current or p ri or ques t ions and answer s f r o m these ce r tification publishers or providers. A dditional so ur c e s: The 9 Most In-Demand Professional Certifications You Can Get Right Now </p
Bonus · Tue, October 29, 2024
Solution Spotlight: Cultivating cybersecurity culture. [Special Edition]
In this Solution Spotlight episode, our very own Simone Petrella sits down with Chris Porter , the Chief Information Security Officer at Fannie Mae . As a seasoned expert in the financial and cybersecurity sectors, Chris shares insights into how Fannie Mae navigates the complexities of securing one of the nation's most critical financial institutions. Together, they discuss Fannie Mae's evolving cybersecurity posture, balancing innovation with risk management, and the critical strategies employed to protect sensitive data in an increasingly digital and interconnected world. Chris also delves into the importance of collaboration across the industry, highlighting partnerships and intelligence-sharing as vital components in mitigating cyber threats. Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E2179 · Tue, October 29, 2024
Securing democracy.
Chinese hacking into US telecoms draws federal scrutiny. ESET examines Evasive Panda’s CloudScout toolset. A new ChatGPT jailbreak bypassed security safeguards. Nintendo warns users of a phishing scam. The Five Eyes launch the Secure Innovation initiative for startups. CISA releases “Product Security Bad Practices” guidelines. Apple’s new bug bounty program offers a million bucks for critical vulnerabilities. The City of Columbus drops its suit of a cybersecurity researcher. On our Solution Spotlight today, N2K’s Simone Petrella speaks with Chris Porter, CISO at Fannie Mae, on cultivating cybersecurity culture and talent. Spooky spam is back. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On our Solution Spotlight today, N2K ’s Simone Petrella speaks with Chris Porter , CISO at Fannie Mae , on cultivating cybersecurity culture and talent. You can hear Simone’s and Chris’ full conversation in this special edition podcast. Selected Reading Key Federal Cyber Panel to Probe Chinese Telecoms Hacking (Bank Info Security) CloudScout: Evasive Panda scouting cloud services (We Live Security) ChatGPT Jailbreak: Researchers Bypass AI Safeguards Using Hexadecimal Encoding and Emojis (SecurityWeek) Nintendo Warns of Phishing Attack Mimics Company Email Address (gbhackers) Five Eyes Agencies Launch Startup Security Initiative (Infosecurity magazine) CISA sees elimination of ‘bad practices’ as next secure-by-design step (CyberScoop ) Apple Launches 'Apple Intelligence' and Offers $1M Bug Bounty for Security</a
S8 E2178 · Mon, October 28, 2024
Operation Magnus strikes back.
Operation Magnus disrupts notorious infostealers. Pennsylvania officials debunk election disinformation attributed to Russia. TeamTNT targets Docker daemons. Delta sues CrowdStrike. NVIDIA released a critical GPU Display Driver update. Fog and Akira ransomware exploit SonicWall VPNs. A researcher demonstrates Downgrade attacks against Windows systems. Qilin ransomware grows more evasive and disruptive. Pwn2Own Ireland awards over $1 million for more than 70 zero-day vulnerabilities. Our guest is Grant Geyer, Chief Strategy Officer at Claroty, talking about safeguarding our nation's critical food infrastructure. At long last, it’s legal to fix your McFlurry. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest is Grant Geyer , Chief Strategy Officer at Claroty , talking about safeguarding our nation's critical food infrastructure. The FBI recently held an Agriculture Threats Symposium in Nebraska, spotlighting growing concerns over the security of the nation's critical food infrastructure amid rising threats. As cyberattacks and bioterrorism increasingly target agriculture, the event highlighted urgent calls for stronger safety measures to protect the food supply chain. Selected Reading Operation Magnus Disrupted Redline and Meta Infostealer Malware (Cyber Security News) Pennsylvania officials rebut false voter fraud claims from home and abroad (CyberScoop) TeamTNT Exploits 16 Million IPs in Malware Attack on Docker Clusters (Hackread) Delta sues CrowdStrike for $500 million in damages caused by massive airline cancelations (The Independent) NVIDIA GPU Vulnerabilities Allow Attackers To Execute Remote Code on Windows & Linux (Cyber Security News) Fog ran
Bonus · Mon, October 28, 2024
How to turn tech insights into real advantages. [CSO Perspectives]
Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, turns over hosting duties to Dr. Rebecca Wynn, the Click Solutions Group Global Chief Security Strategist & CISO. She interviews Justin Daniels, a Baker Donelson lawyer and podcast host with expertise in cyber operations, M&A, and investment capital transactions, on the current state of cyber law and compliance. Check out Rick's 3-part election mini-series: Part 1: Election Propaganda Part 1: How Does Election Propaganda Work? In this episode, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses personal defensive measures that every citizen can take—regardless of political philosophy—to resist the influence of propaganda. This foundational episode is essential for understanding how to navigate the complex landscape of election messaging. Part 2: Election Propaganda: Part 2: Modern propaganda efforts. In preparation for the US 2024 Presidential Election, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses recent international propaganda efforts in the form of nation state interference and influence operations as well as domestic campaigns designed to split the target country into opposing camps. Guests include Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. Part 3: Election Propaganda: Part 3: Efforts to reduce the impact of future elections. Thinking past the US 2024 Presidential Election, In part three of the series, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses reducing the impact of propaganda in the future elections with Perry Carpenter, Chief Human Risk Management Strategist at KnowBe4 and host of the 8th Layer Insights Podcast, Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project, and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. References: Tatiana Rice, Keir Lamont, Jordan Francis, 2024. The Colorado Artificial Intelligence Act: An FPF U.S. Legislation Policy Brief [Explainer]. Colorado General Assembly. Dr Rebecca Wynn. Soulful CXO [Podcast]. Soulful CXO. Jodi Daniels, Justin Daniels. She Said Privacy/He Said Security [Podcast]. Apple Podcasts. Learn more about your ad choices. Visit <a href="https://megaphone.fm/adchoice
Bonus · Sun, October 27, 2024
Stephen Hamilton: Getting the mission to the next level. [Military] [Career Notes]
Enjoy this special encore episode where we are joined by Army Cyber Institute Technical Director and Chief of Staff Colonel Stephen Hamilton, as he takes us on his computer science journey. Fascinated with computers since the second grade, Stephen chose West Point after high school to study computer science. Following graduation he moved into the signal branch as it most closely matched his interest in ham radio as no branch related directly to computing. He was pulled from the motor pool to help with another area's computing needs and then worked his way to teaching computer science at. West Point and US Cyber Command. Stephen recommends coding it first to help realize the nuances, and then code it again. We thank Stephen for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sun, October 27, 2024
Mission possible? Navigating tech adoption in the DoD. [Special Edition]
In this episode, N2K's Brandon Karpf interviews Pete Newell , CEO and Founder of BMNT , about the challenges facing technology adoption within the Department of Defense (DoD). They discuss the concept of “mission acceleration,” focusing on the DoD’s struggle to keep pace with rapid changes on the battlefield and the importance of a human-centered approach to technology adaptation. Newell emphasizes that true innovation in defense is more of a "people problem" than a technology issue, requiring shifts in organizational culture and internal education. Tune in to hear insights on accelerating change in defense through better problem articulation and training. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, October 26, 2024
LLM security 101. [Research Saturday]
This week, we are pleased to be joined by Mick Baccio , global security advisor for Splunk SURGe , sharing their research on "LLM Security: Splunk & OWASP Top 10 for LLM-based Applications." The research dives into the rapid rise of AI and Large Language Models (LLMs) that initially seem magical, but behind the scenes, they are sophisticated systems built by humans. Despite their impressive capabilities, these systems are vulnerable to numerous cyber threats. Splunk's research explores the OWASP Top 10 for LLM Applications, a framework that highlights key vulnerabilities such as prompt injection, training data poisoning, and sensitive information disclosure. The research can be found here: LLM Security: Splunk & OWASP Top 10 for LLM-based Applications Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E2177 · Fri, October 25, 2024
UnitedHealth breach numbers confirmed.
UnitedHealth confirms breach numbers. Patient privacy pains. Amazon vs. APT29. CDK vulnerability threatens user security. Fog and Akira take aim at SonicWall. Level up or log off. LinkedIn in hot water. Open source, closed doors. Watt's the risk? Today, we are joined by Itzik Alvas, Entro Security’s CEO and Co-Founder, discussing their research team's work on non-human identities and secrets management. And Muni Metro hits Ctrl+Alt+Delete on floppy disks! Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Today, we are joined by Itzik Alvas , Entro Security ’s CEO and Co-Founder, discussing their research team's work on non-human identities and secrets management. You can learn more here . Selected Reading UnitedHealth: 100 Million Individuals Affected by the Change Healthcare Data Breach (Heimdal) OnePoint Patient Care data breach impacted 795916 individuals (Security Affairs) Amazon identified internet domains abused by APT29 (AWS Security Blog) RDP configuration files as a means of obtaining remote access to a computer or "Rogue RDP" (CERT-UA#11690) (CERT-UA) AWS Cloud Development Kit flaw exposed accounts to full takeover (The Register) Arctic Wolf Labs Observes Increased Fog and Akira Ransomware Activity Linked to SonicWall SSL VPN (Arctic Wolf) Lazarus Group Exploits Chrome 0-Day for Crypto with Fake NFT Game (Hackread) LinkedIn hit with $335 million fine for using member data for ad targeting without consent (The Record) Linux creator approves de-listing of
S8 E2176 · Thu, October 24, 2024
A giant FortiJump for cybercriminals.
Fortinet confirms a recently rumored zero-day. Officials investigate how restricted chips ended up in products from Huawei. The White House unveils a coordinated AI strategy for national security. Researchers jailbreak LLMs with Deceptive Delight. A new ransomware group exploits vulnerable device drivers. Sensitive documents from a UN trust fund are leaked online. Penn State pays over a millions dollars to settle allegations of inadequate security in government contracts. CISA adds a SharePoint vulnerability to its Known Exploited Vulnerabilities Catalog. A Microsoft report warns of growing election disinformation. On our industry voices segment, Eric Herzog, CMO of Infinidat, discusses merging cybersecurity and cyber storage resilience. China is shocked - shocked! - that its space program has drawn the attention of foreign spies. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On our industry voices segment, Eric Herzog , CMO of Infinidat , discusses merging cybersecurity and cyber storage resilience. Selected Reading Mandiant says new Fortinet flaw has been exploited since June (Bleeping Computer) TSMC Cuts Off Client After Discovering Chips Sent to Huawei (Bloomberg) White House unveils plan for US government to keep its edge on AI development (The Record) FACT SHEET: Biden-Harris Administration Outlines Coordinated Approach to Harness Power of AI for U.S. National Security (The White House) New LLM jailbreak method with 65% success rate developed by researchers (SC Media) Embargo Ransomware Disables Security Defenses (GovInfo Security) <a href="https://ha
S8 E2175 · Wed, October 23, 2024
NotLockBit takes a bite out of macOS.
NotLockBit mimics its namesake while targeting macOS. Symantec uncovers popular mobile apps with hardcoded credentials. Avast releases a Mallox ransomware decryptor. Akira ransomware reverts to tactics tried and true. Lawmakers ask the DOJ to prosecute tax prep firms for privacy violations. The SEC levies fines for misleading disclosures following the SolarWinds breach. Software liability remains a sticky issue. Updated guidance reiterates the feds’ commitment to the Traffic Light Protocol. A task force has cybersecurity recommendations for the next U.S. president. Today’s guest is Jérôme Segura, Sr. Director of Research at Malwarebytes, sharing their work on "Scammers advertise fake AppleCare+ service via GitHub repos." Warrantless surveillance, powered by your favorite apps. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Today’s guest is Jérôme Segura , Sr. Director of Research at Malwarebytes , sharing their work on "Scammers advertise fake AppleCare+ service via GitHub repos." You can learn more about this research here . Selected Reading NotLockBit Ransomware Can Target macOS Devices (SecurityWeek) Millions of iOS and Android Users at Risk as Popular Apps Expose Cloud Keys (Hackread) Mallox Ransomware Flaw Let Victims Recover Files Without Ransom Payment (Cyber Security News) Akira ransomware pivots back to double extortion, C++ code (SC Media) Lawmakers ask DOJ to prosecute tax prep firms for sharing customer data with big tech (The Record) SEC fines four companies $7M for 'misleading cyber disclosures' regarding SolarWinds hack (TechCrunch) The struggle for software liability: I
S8 E2174 · Tue, October 22, 2024
Zero-day exploited in the wild.
A zero-day affects Samsung mobile processors. A critical vulnerability is discovered in the OneDev DevOps platform. German authorities warn against vulnerable industrial routers. The Bumblebee loader buzzes around corporate networks. Ghostpulse hides payloads in PNG files. A Michigan chain of dental centers agrees to a multimillion dollar data breach settlement. A White House proposal tamps down international data sharing. Fortinet is reportedly patching an as-yet undisclosed severe vulnerability. In our Threat Vector segment, host David Moulton speaks with Nathaniel Quist about cloud extortion operations, the rise of ransomware attacks, and the challenges businesses face in securing public cloud environments. Russian deepfakes spread election misinformation. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . Threat Vector Segment In this segment of the Threat Vector podcast, host David Moulton , Director of Thought Leadership at Palo Alto Networks, speaks with Nathaniel Quist , Manager of Cloud Threat Intelligence at Cortex & Unit 42 . David and Nathaniel discuss recent cloud extortion operations, the rise of ransomware attacks, and the challenges businesses face in securing public cloud environments. You can hear the full discussion here and catch new episodes of Threat Vector every Thursday on your favorite podcast app. Selected Reading Google Warns of Samsung Zero-Day Exploited in the Wild (SecurityWeek) Critical OneDev DevOps Platform Vulnerability Let Attacker Read Sensitive Data (Cyber Security News) Critical Vulnerabilities Expose mbNET.mini, Helmholz Industrial Routers to Attacks (SecurityWeek) Hackers Use Bumblebee Malware to Gain Access to Corporate Networks (GB Hackers) CISA Adds Sciencelogic SL1
S8 E2173 · Mon, October 21, 2024
On the run, caught on arrival.
An alleged Australian scammer wanted by the FBI gets nabbed in Italy. The Internet Archive has been breached again. Researchers discover vulnerabilities in encrypted cloud storage platforms. Cisco confirms stolen files but insists it’s not a data breach. A Chinese disinformation group targets Senator Marco Rubio. Malicious chatbot prompts can hide inside harmless ones. The DoD wants to offer senior cyber executives part-time roles as military reservists. Six years out, the specter of Spectre remains. Russian prosecutors seek prison for REvil operators. Guest Pete Newell, Founder and CEO of BMNT, talks with N2K's Brandon Karpf about challenges associated with technology adoption and change in the DoD. Microsoft uses clever deception to reel in phishers. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest Pete Newell , Founder and CEO of BMNT , talks with N2K 's Brandon Karpf about challenges associated with technology adoption and change in the DoD. Selected Reading Australian wanted by FBI over alleged $46 million scam arrested in Italy (The Sydney Morning Herald) Internet Archive breached again through stolen access tokens (Bleeping Computer) Severe flaws in E2EE cloud storage platforms used by millions (Bleeping Computer) Cisco Confirms Security Incident After Hacker Offers to Sell Data (SecurityWeek) Report: China’s Spamouflage disinformation campaign testing techniques on Sen. Marco Rubio (The Record) This Prompt Can Make an AI Chatbot Identify and Extract Personal Details From Your Chats (WIRED) Wanted: Weekend Warriors in Tech (Wall Street Journal) <a href="http
Bonus · Mon, October 21, 2024
Identity 3.0. [CSO Perspectives]
Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, turns over hosting responsibilities to Kim Jones, the Managing Director at Ursus Security Consulting. He takes a first principles look at the idea of identity. Check out Rick's 3-part election mini-series: Part 1: Election Propaganda Part 1: How Does Election Propaganda Work? In this episode, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses personal defensive measures that every citizen can take—regardless of political philosophy—to resist the influence of propaganda. This foundational episode is essential for understanding how to navigate the complex landscape of election messaging. Part 2: Election Propaganda: Part 2: Modern propaganda efforts. In preparation for the US 2024 Presidential Election, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses recent international propaganda efforts in the form of nation state interference and influence operations as well as domestic campaigns designed to split the target country into opposing camps. Guests include Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. Part 3: Election Propaganda: Part 3: Efforts to reduce the impact of future elections. Thinking past the US 2024 Presidential Election, In part three of the series, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses reducing the impact of propaganda in the future elections with Perry Carpenter, Chief Human Risk Management Strategist at KnowBe4 and host of the 8th Layer Insights Podcast, Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project, and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. References: Olivia Gulin, Tomberry., Peter Steiner, Alan David Perkins, 2012. On the Internet, Nobody Knows You’re a Dog [History]. Know Your Meme. Staff, 2019. US Patent for Mutual authentication of computer systems over an insecure network Patent Patent]. Justia Patents Search. Staff, 2023. Federal Bureau of Investigation: Internet Crime Report [Report]. Internet Crime Complaint Center (IC3). Staff, 2024. Data Breach Investigations Report [Report]. Verizon Business. Learn more about your ad choices. Visit <a href="
Bonus · Sun, October 20, 2024
Aarti Borkar: Make your own choices. [Product] [Career Notes]
Enjoy this special encore episode where we are joined by the Head of Product for IBM Security Aarti Borkar, who shares her journey which included going after her lifelong love of math rather than following in her parents' footsteps in the medical field. In following her passions, Aarti found herself studying computer engineering and computer science, and upon taking a pause from her studies, she found a niche working at IBM in a mix of databases and networking. In her current position, Aarti describes her favorite discussion topics very often involve being around the use of AI for converting security into predictive domains. Aarti reminds us that you should pause and see if you are on the right path. Staying on a path just because you started there can be a bad idea. And, we thank Aarti for sharing her story. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, October 19, 2024
New targets, new tools, same threat. [Research Saturday]
This week we are joined by Chester Wisniewski , Global Field CTO from Sophos X-Ops team, to discuss their work on " Crimson Palace returns: New Tools, Tactics, and Targets ." Sophos X-Ops has observed a resurgence in cyberespionage activity, tracked as Operation Crimson Palace , targeting Southeast Asian government organizations. After a brief lull, Cluster Charlie resumed operations in September 2023, using new tactics such as web shells and open-source tools to bypass detection, re-establish access, and map target network infrastructure, demonstrating ongoing efforts to exfiltrate data and expand their foothold. The research can be found here: Crimson Palace returns: New Tools, Tactics, and Targets Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E2172 · Fri, October 18, 2024
No more “cyber Snorlax” naps.
Microsoft describes a macOS vulnerability. A trio of healthcare organizations reveal data breaches affecting nearly three quarters a million patients. Group-IB infiltrates a ransomware as a service operation. Instagram rolls out new measures to combat sextortion schemes. Updates from Bitdfender address Man-in-the-Middle attacks. An Alabama man is arrested for allegedly hacking the SEC. In our Industry Voices segment, Gerry Gebel, VP of Strata Identity, describes how to ensure identity continuity during IDP disrupted, disconnected and diminished environments. CISOs want to see their role split into two positions. Game Freak’s Servers Take Critical Hit. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Today, we have our Industry Voices segment with Gerry Gebel , VP of Products and Standards at Strata Identity , discussing how to ensure identity continuity during IDP disrupted, disconnected and diminished environments. Resources to learn more: Identity Continuity™: How to have uninterrupted IDP access Resilience in extreme conditions: Why DDIL environments need continuous identity access Selected Reading macOS Vulnerability Could Expose User Data, Microsoft Warns (Infosecurity Magazine) Microsoft warns it lost some customer's security logs for a month (Bleeping Computer) 3 Longtime Health Centers Report Hacks Affecting 740,000 (GovInfo Security) Cicada3301 ransomware affiliate program infiltrated by security researchers (SC Media) Instagram Rolls Out New Sextortion Protection Measures (Infosecurity Magazine) <a href="https:/
S8 E2171 · Thu, October 17, 2024
Authorities bring down another hacker.
Brazilian authorities arrest the alleged “USDoD” hacker. The DoJ indicts the alleged operators of Anonymous Sudan. CISA and its partners warn of Iranian brute force password attempts. A new report questions online platforms’ ability to detect election disinformation. Recent security patches address critical vulnerabilities in widely-used platforms. North Korean threat actors escalate their fake IT worker schemes. CISA seeks comment on Product Security Bad Practices. Dealing effectively with post-breach stress. Tim Starks, Senior Reporter at CyberScoop, joins us to discuss “What’s new from this year’s Counter Ransomware Initiative summit.” Redbox DVD rental machines get a reboot. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest We welcome back Tim Starks , Senior Reporter at CyberScoop , to discuss “ What’s new from this year’s Counter Ransomware Initiative summit, and what’s next .” Selected Reading Hacker allegedly behind attacks on FBI, Airbus, National Public Data arrested in Brazil (The Record) Two Sudanese Nationals Indicted for Alleged Role in Anonymous Sudan Cyberattacks on Hospitals, Government Facilities, and Other Critical Infrastructure in Los Angeles and Around the World (US Department of Justice) Iranian Hackers Using Brute Force on Critical Infrastructure (GovInfo Security) Before US election, TikTok and Facebook fail to block harmful disinformation. YouTube succeeds (Global Witness) F5 BIG-IP Updates Patch High-Severity Elevation of Privilege Vulnerability (Security Week) Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters (Security Week) <a href="https://cyber
S8 E2170 · Wed, October 16, 2024
Sri Lanka says ‘no more’ to financial fakers!
Authorities arrest over 200 Chinese nationals in Sri Lanka over financial scams. Officials in Finland take down an online drug market. Cisco investigates an alleged data breach. A major apparel provider suffers a data breach. Oracle’s latest patch update includes 35 critical issues. Microsoft has patched several high-severity vulnerabilities. The NCSC’s new boss calls for global collaboration to fight cybercrime. CISA warns of critical vulnerabilities affecting software from Microsoft, Mozilla, and SolarWinds.Hackers steal data from Verizon’s push-to-talk (PTT) system. On our CertByte segment, Chris Hare is joined by resident Microsoft SME George Monsalvatge to break down a question from N2K's Microsoft Azure Administrator (AZ-104) Practice Test. Robot vacuums go rogue. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare , a content developer and project management specialist at N2K , we share practice questions from our suite of industry-leading content and a study tip to help you achieve the professional certifications you need to fast-track your career growth. In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by resident Microsoft SME George Monsalvatge to break down a question from N2K's Microsoft Azure Administrator (AZ-104) Practice Test . Candidates for the Microsoft Azure Administrator exam are Azure Administrators who manage cloud services that span storage, security, networking, and compute cloud capabilities. Candidates should be proficient in using PowerShell, the Command Line Interface, Azure Portal, ARM templates, operating systems, virtualization, cloud infrastructure, storage structures, and networking. Have a question that you’d like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify . Please note: The questions and answers provided here and on our site are not actual current or prior questions and answers from these certification publishers or providers.
S11 E5575 · Wed, October 16, 2024
Election Propaganda: Part 3: Efforts to reduce the impact of future elections.
Thinking past the US 2024 Presidential Election, In part three of the series, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses reducing the impact of propaganda in the future elections with Perry Carpenter, Chief Human Risk Management Strategist at KnowBe4 and host of the 8th Layer Insights Podcast, Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project, and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. Check out Part 1 & 2! Part 1: Election Propaganda Part 1: How Does Election Propaganda Work? In this episode, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses personal defensive measures that every citizen can take—regardless of political philosophy—to resist the influence of propaganda. This foundational episode is essential for understanding how to navigate the complex landscape of election messaging. Part 2: Election Propaganda: Part 2: Modern propaganda efforts. In preparation for the US 2024 Presidential Election, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses recent international propaganda efforts in the form of nation state interference and influence operations as well as domestic campaigns designed to split the target country into opposing camps. Guests include Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. References: Rick Howard, 2024. Election Propaganda Part 1: How does election propaganda work? [3 Part Podcast Series]. The CyberWire. Rick Howard, 2024. Election Propaganda: Part 2: Modern propaganda efforts. [3 Part Podcast Series]. The CyberWire. Christopher Chabris, Daniel Simons, 2010. The Invisible Gorilla: And Other Ways Our Intuitions Deceive Us [Book]. Goodreads. Chris Palmer, 2010. TFL Viral - Awareness Test (Moonwalking Bear) [Explainer]. YouTube. David Ehl, 2024. Why Meta is now banning Russian propaganda [News]. Deutsche Welle. Eli Pariser, 2011. The Filter Bubble: What the Internet is Hiding From You [Book]. Goodreads. Kara Swisher, Julia Davis, Alex Stamos, Brandy Zadrozny, 2024. Useful Idiots? How Right-Win
S8 E2169 · Tue, October 15, 2024
A “must patch” list in the making.
CISA adds a Fortinet flaw to its “must patch” list. Splunk releases fixes for 11 vulnerabilities in Splunk Enterprise. ErrorFather is a new malicious Android banking trojan. New evidence backs secure-by-design practices. CISA warns that threat actors are exploiting unencrypted persistent cookies. The FIDO Alliance standardizes passkey portability. Cybercriminals linger on Telegram. On our Industry Voices segment today, our guest is Matt Radolec, Vice President, Incident Response and Cloud Operations at Varonis, discussing how AI amplifies the need for data privacy regulation and opens doors for abuse. We mark the passing of the co creator of the BBS. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On our Industry Voices segment today, our guest is Matt Radolec , Vice President, Incident Response and Cloud Operations at Varonis , discussing how AI amplifies the need for data privacy regulation and opens doors for abuse. Selected Reading Tens of thousands of IPs vulnerable to Fortinet flaw dubbed 'must patch' by feds (CyberScoop) Fortinet FortiGuard Labs Observes Darknet Activity Targeting the 2024 United States Presidential Election (Fortinet) Splunk Enterprise Update Patches Remote Code Execution Vulnerabilities (SecurityWeek) Cerberus Android Banking Trojan Deployed in New Multi-Stage Malicious Campaign (Infosecurity Magazine) Organizations can substantially lower vulnerabilities with secure-by-design practices, report finds (CyberScoop) Eight Million Users Download 200+ Malicious Apps from Google Play (Infosecurity Magazine) TrickMo malware steals Android PINs using fake lock screen (Bleeping Computer) <a href="http
Bonus · Mon, October 14, 2024
Solution Spotlight: A first look at ISC2's 2024 Cybersecurity Workforce Study. [Special Edition]
In this special edition of Solution Spotlight , join us for an exclusive conversation between ISC2 's Executive Vice President of Corporate Affairs, Andy Woolnough , and N2K 's Simone Petrella . Together, they take a deep dive into ISC2's 2024 Cybersecurity Workforce Study , offering a first look at the most pressing findings. Discover insights from a survey of 15,852 cybersecurity professionals and decision-makers across the globe, including the size of the current workforce, the demand for more professionals, and alarming trends around layoffs, budget cuts, and skills shortages. Andy and Simone also explore the growing disconnect between the skills in high demand by hiring managers and those that cybersecurity pros are prioritizing. Learn why organizations must take immediate action to foster talent and bridge these skills gaps to meet the industry's evolving needs. Plus, today marks the start of the ISC2 Security Congress 2024! Whether attending in person or virtually, this event is packed with opportunities to engage with industry experts and further your knowledge in cybersecurity. Tune in for actionable insights and exclusive details on the state of the cybersecurity workforce and how your organization can stay ahead. For more information on ISC2 Security Congress 2024, visit the event page here . Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sun, October 13, 2024
Billy Wilson: Translating language skills to technical skills. [HPC] [Career Notes]
Enjoy this special encore episode, where we are joined by a High Performance Computing Systems Administrator at Brigham Young University. Billy Wilson tells his cybersecurity career story translating language skills to technical skills. According to Billy's employer, moving to a technical position at his alma mater occurred because Billy showed this potential and a thirst for learning. He is currently pursuing his master's degree from SANS Technology Institute for Information Security Engineering while working to secure BYU's data for their computationally-intensive research. Billy notes that not everyone has one overarching passion which gives him variety in his work. And, we thank Billy for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, October 12, 2024
Ransomware on repeat. [Research Saturday]
In this episode, Trevor Hilligoss , VP of SpyCloud Labs , discusses the increasing threat of ransomware, emphasizing the role of infostealer malware in facilitating these attacks. He draws from SpyCloud's 2024 Malware and Ransomware Defense Report , highlighting how compromised identity data from infostealers creates opportunities for ransomware operators. With 75% of organizations experiencing multiple ransomware attacks in the past year, Trevor explores findings from over 500 security leaders in the US and UK, discussing the challenges businesses face and how they can use insights from this research to defend against ransomware and other cybercrimes. The research can be found here: MALWARE AND RANSOMWARE DEFENSE REPORT Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E2168 · Fri, October 11, 2024
Patient portals down, ransomware up.
A Colorado health system’s patient portal has been compromised. Malicious uploads to open-source repositories surge over the past year. Octo2 malware targets Android devices. A critical vulnerability in Veeam Backup & Replication software is being exploited. The U.S. and U.K. team up for kids online safety. The European Council adopts the Cyber Resilience Act. New York State adopts new cyber regulations for hospitals. The FBI created its own cryptocurrency to help thwart fraudsters. Our guest Dr. Bilyana Lilly joins us to talk about her new novel "Digital Mindhunters." Getting dumped via AI. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest Dr. Bilyana Lilly joins us to talk about her new novel " Digital Mindhunters ." Selected Reading Cyberattack targets healthcare nonprofit overseeing 13 Colorado facilities (The Record) Malicious packages in open-source repositories are surging (CyberScoop) Octo2 Malware Uses Fake NordVPN, Chrome Apps to Infect Android Devices (HackRead) Hackers Exploiting Veeam RCE Vulnerability to Deploy Ransomware (Cybersecuritynews) Britain, US set up working group to improve children’s online safety (Reuters) European Council Adopts Cyber Resilience Act (BankInfoSecurity) New York State Enacts New Cyber Requirements for Hospitals (BankInfoSecurity) FBI created a crypto token so it could watch it being abused (The Register) Man learns he’s being dumped via “dystopian” AI summary of texts (Ars Technica) Share your feedback. We want
S8 E2167 · Thu, October 10, 2024
Hacked, attacked, and sued.
The Internet Archive gets breached and DDoSed. Dutch police arrest the alleged proprietors of an illicit online market. Fidelity Investments confirms a data breach. Marriott settles for $52 million over a multi-year data breach. Critical updates from Mozilla, FortiNet, Palo Alto Networks, VMWare, and Apple. Mongolian Skimmer targets Magento installations. On our Industry Voices segment, we speak with Ben April, Chief Technology Officer at Maltego Technologies GMBH, about "Overcoming information overload: Challenges in social media investigations." Bankruptcy pulls back the curtain on a data brokerage firm. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On our Industry Voices segment, we speak with Ben April , Chief Technology Officer at Maltego Technologies GMBH , about "Overcoming information overload: Challenges in social media investigations." Selected Reading Internet Archive Breach Exposes 31 Million Users (WIRED) Dutch cops reveal takedown of 'largest dark web market' Fidelity says data breach exposed personal data of 77,000 customers (TechCrunch) Marriott Agrees $52m Settlement for Massive Data Breach (Infosecurity Magazine) Mozilla releases patches for actively exploited Firefox bug (The Register) CISA says critical Fortinet RCE flaw now exploited in attacks (Bleeping Computer) Palo Alto Warns of Critical Flaw That Let Attackers Takeover Firewalls (Cyber Security News) VMware NSX Vulnerabilities Allow Hackers To Execute Arbitrary Commands (Cyber Security News) <a href="https://www.cyfirma.com/research/itunes-local-privilege-escalation-cve-2024-44193-vulnerabilit
S8 E2166 · Wed, October 09, 2024
Attacks amidst anniversaries.
Hackers target Russia’s court information system. Patch Tuesday rundown. GoldenJackal targets government and diplomatic entities in Europe, the Middle East, and South Asia.Cybercriminals are exploiting Florida’s disaster relief efforts. Australia introduced its first standalone cybersecurity law. CISA and the FBI issue guidance against Iranian threat actors. Mamba 2FA targets Microsoft 365 accounts. Casio reports a data breach. On our Solution Spotlight, Simone Petrella speaks with Andy Woolnough from ISC2's about their 2024 Cybersecurity Workforce Study. Keeping the AI slop off Wikipedia. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On our Solution Spotlight today, our guest is Andy Woolnough , ISC2 's Executive Vice President Corporate Affairs Executive Vice President Corporate Affairs. Andy shares a first look at ISC2's 2024 Cybersecurity Workforce Study with N2K 's Simone Petrella . You can catch Simone and Andy’s full conversation on Monday, October 14th in our CyberWire Daily feed. That is also the day the ISC2 Security Congress 2024 kicks off. You can find out more about the event that has a virtual option here . Selected Reading For a second day, Ukrainian hackers hit Russian institutions (Washington Post) Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (Bleeping Computer) GoldenJackal APT Group Breached Air-Gapped European Government Systems (The Cyber Express) Scammers Hit Florida Hurricane Victims with Fake FEMA Claims, Malware Files (Hackread) Australia Introduces First Standalone Cybersecurity Law (Infosecurity Magazine) <
S11 E5574 · Wed, October 09, 2024
Election Propaganda: Part 2: Modern propaganda efforts.
In preparation for the US 2024 Presidential Election, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses recent international propaganda efforts in the form of nation state interference and influence operations as well as domestic campaigns designed to split the target country into opposing camps. Guests include Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. References: Scott Small, 2024. Election Cyber Interference Threats & Defenses: A Data-Driven Study [White Paper]. Tidal Cyber. Renee DiResta, 2024. Invisible Rulers: The People Who Turn Lies into Reality [Book]. Goodreads. Nina Jankowicz, 2020. How to Lose the Information War: Russia, Fake News and the Future of Conflict [Book]. Goodreads. Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E2165 · Tue, October 08, 2024
Key player unmasked in global ransomware takedown.
Western authorities I.D. a key member of Evil Corp. A major U.S. water utility suffers a cyberattack. ODNI warns of influence campaigns targeting presidential and congressional races. A California deepfakes law gets blocked. Europol leads a global effort against human trafficking. Trinity ransomware targets the healthcare industry. Qualcomm patches a critical zero-day in its DSP service. ADT discloses a breach of encrypted employee data. North Korean hackers use stealthy Powershell exploits. On our Threat Vector segment, David Moulton and his guests tackle the pressing challenges of securing Operational Technology (OT) environments. Machine Learning pioneers win the Nobel Prize. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . Threat Vector Segment In this segment of Threat Vector, David Moulton , Director of Thought Leadership at Palo Alto Networks , hosts cybersecurity experts Qiang Huang Chung hwang, Palo Alto Networks VP of Product Management for Cloud Delivered Security Services, and Michela Menting , Senior Research Director in Digital Security at ABI Research , discuss the pressing challenges of securing Operational Technology (OT) environments. Join us each Thursday for a new episode of Threat Vector on the N2K CyberWire network. To hear David, Michela and Qiang’s full discussion, check it out here . Selected Reading Police unmask Aleksandr Ryzhenkov as Evil Corp member and LockBit affiliate (The Record) American Water, the largest water utility in US, is targeted by a cyberattack (Associated Press) US Warns of Foreign Interference in Congressional Races (Infosecurity Magazine) US Judge Blocks California's Law Curbing Election Deepfakes (BankInfo Security) <a href="https://www.infosecurity-magazine.co
S8 E2164 · Mon, October 07, 2024
Tapped and trapped.
Chinese hackers breach U.S. telecom wiretap systems. A third-party debt collection provider exposes sensitive information of Comcast customers. Homeland Security’s cybercrime division chronicles their success. Google removes Kaspersky antivirus from the Play store. Ukrainian hackers take down Russian TV and Radio channels. A crypto-thief pleads guilty to wire fraud and money laundering. A pig-butchering victim gets his money back. On our Industry Voices segment, Jeff Reed, Chief Product Officer at Vectra AI, joins us to talk about how modern attackers don't hack in, they log in. AI knows - the truth is out there. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On our Industry Voices segment, Jeff Reed , Chief Product Officer at Vectra AI , joins us to talk about how modern attackers don't hack in, they log in. Selected Reading Chinese hackers breached US court wiretap systems, WSJ reports (Reuters) Comcast says customer data stolen in ransomware attack on debt collection agency (TechCrunch) Cyber Cops Stopped 500 Ransomware Hacks Since 2021, DHS Says (Bloomberg) Google removes Kaspersky's antivirus software from Play Store (Bleeping Computer) Ukraine Claims Cyberattack Blocked Russian State TV Online on Putin’s Birthday (Bloomberg) Crypto Hacker Pleads Guilty for Stealing Over $37 Million in Cryptocurrency (Cyber Security News) A victim of a crypto ‘pig butchering’ scam just got his $140,000 back (N
Bonus · Mon, October 07, 2024
Making security decisions around AI use. [CSO Perspectives]
Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, has a free-wheeling conversation with Merritt Baer, Reco AI’s CISO, about how infosec professionals should think about AI, Machine Learning, and Large Language Models (LLMs). Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sun, October 06, 2024
Dr. Jessica Barker: Cybersecurity has a huge people element to it. [Socio-technical] [Career Notes]
Enjoy this encore episode where we are joined by Co-founder and socio-technical lead at Cygenta, Dr. Jessica Barker, as she shares her story from childhood career aspirations of becoming a farmer to her accidental pivot to working in cybersecurity. With a PhD in civic design, Jessica looked at the creation of social and civic places until she was approached by a cybersecurity consultancy interested in the human side of cybersecurity. She jumped in and the rest is history. Having experienced some negativity as a woman in cybersecurity, Jessica is a strong proponent of diversity in the field. She suggests that newcomers to the industry follow what interests them and jump in. And, we thank Jessica for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E349 · Sat, October 05, 2024
Podcast bait, malware switch. [Research Saturday]
Joshua Miller from Proofpoint is discussing their work on "Best Laid Plans: TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset." Proofpoint identified Iranian threat actor TA453 targeting a prominent Jewish figure with a fake podcast interview invitation, using a benign email to build trust before sending a malicious link. The attack attempted to deliver new malware called BlackSmith, containing a PowerShell trojan dubbed AnvilEcho, designed for intelligence gathering and exfiltration. This malware consolidates all of TA453's known capabilities into a single script rather than the previously used modular approach. The research can be found here: Best Laid Plans: TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E2167 · Fri, October 04, 2024
Caught red-handed.
Interpol arrests eight in an international cybercrime crackdown. A MedusaLocker variant targets financial organizations. Cloudflare mitigates a record DDoS attempt. Insights from the Counter Ransomware Initiative summit. Fin7 uses deepnudes as a lure for malware. Researchers discovered critical vulnerabilities in DrayTek routers. CISA issues urgent alerts for products from Synacor and Ivanti. A former election official gets nine years in prison for a voting system data breach. Microsoft and the DOJ seize domains used by Russia’s ColdRiver hacking group. On our Industry Voices segment, we are joined by Eric Olden, Founder and CEO of Strata Identity. to learn how the modern enterprise can orchestrate the 7 A's of identity security to achieve zero trust. Harvard students demonstrate glasses that can see through your privacy. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . Industry Voices Segment On our Industry Voices segment, we are joined by Eric Olden , Founder and CEO of Strata Identity . Eric talks about how the modern enterprise can orchestrate the 7 A's of identity security to achieve zero trust. You can check out Strata’s blog on “ Understanding the 7 A’s of IAM ” and their book on “ Identity Orchestration for Dummies ”. Selected Reading International police dismantle cybercrime group in West Africa (The Record) New MedusaLocker Ransomware Variant Deployed by Threat Actor (Infosecurity Magazine) Cloudflare Mitigates Record Breaking 3.8 Tbps DDoS Attack (Hackread) Recently patched CUPS flaw can be used to amplify DDoS attacks (Bleeping Computer) More frequent disruption operations needed to dent ransomware gangs, officials say (CyberScoop) <a href="https://www.bleepingco
S8 E75 · Thu, October 03, 2024
The Global Race for the 21st Century
In this episode, Dmitri Alperovitch discusses his book World on the Brink: How America Can Beat China in the Race for the Twenty-First Century with host Ben Yelin . Alperovitch highlights the rising tensions between the U.S. and China, focusing on Taiwan as a critical flashpoint that could ignite a new Cold War. He shares insights on the strategies America must adopt to maintain its status as the world’s leading superpower while addressing the challenges posed by China. By examining both strengths and weaknesses, as well as providing a timely blueprint for navigating the complexities of global relations in the 21st century. Learn more about your ad choices. Visit megaphone.fm/adchoices
S10 E5573 · Wed, October 02, 2024
Election Propaganda Part 1: How does election propaganda work?
Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses personal defensive measures that an average citizen, regardless of political philosophy, can take in order to not succumb to propaganda. References: David Ehl, 2024. Why Meta is now banning Russian propaganda [News]. Deutsche Welle. Jeff Berman, Renée DiResta, 2023. Disinformation & How To Combat It [Interview]. Youtube. Niha Masih, 2024. Meta bans Russian state media outlet RT for acts of ‘foreign interference’ [News]. The Washington Post. Quentin Hardy, Renée DiResta, 2024. The Invisible Rulers Turning Lies Into Reality [Interview]. YouTube. Rob Tracinski, Renée DiResta, 2024. The Internet Rumor Mill [Interview]. YouTube. Robin Stern, Marc Brackett, 2024. 5 Ways to Recognize and Avoid Political Gaslighting [Explainer]. The Washington Post. Sarah Ellison, Amy Gardner, Clara Ence Morse, 2024. Elon Musk’s misleading election claims reach millions and alarm election officials [News]. The Washington Post. Scott Small, 2024. Election Cyber Interference Threats & Defenses: A Data-Driven Study [White Paper]. Tidal Cyber. Staff, 2021. Foreign Threats to the 2020 US Federal Elections [Intelligence Community Assessment]. DNI. Staff, 2024. Election Cyber Interference Threats & Defenses: A Data-Driven Study [White Paper]. Tidal. Stuart A. Thompson, Tiffany Hsu, 2024. Left-Wing Misinformation Is Having a Moment [Analysis. The New York Times. Stuart A. Thompson, 2024. Elon Musk’s Week on X: Deepfakes, Falsehoods and Lots of Memes [News]. The New York Times. Will Oremus, 2024. Zuckerberg expresses regrets over covid misinformation crackdown [News]. The Washington Post. Yascha Mounk, Renée DiResta, 20
S8 E2162 · Tue, October 01, 2024
Breaking news blocked.
A global news agency suffers a cyberattack. CISA and the FBI provide guidance on cross site scripting attacks. A Texas health system diverts patients following a ransomware attack. Western Digital patches a critical vulnerability in network attached storage devices. California passes a law protecting domestic abuse survivors from being tracked. Verizon and PlayStation each suffer outages. CISA responds to critiques from the OIG. T-Mobile settles with the FCC over multiple data breaches. The DOJ indicts a Minnesota man on charges of selling counterfeit software license keys. On our Industry Voices segment kicking off Cybersecurity Awareness Month, we are joined by Chad Raduege [RAD-uh-gee], Executive Director of the Oklahoma Cyber Innovation Institute at The University of Tulsa, discussing the Institute’s K-12 outreach initiatives. A Crypto Criminal Stretches His Limits—And His Legs. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . Industry Voices Segment On our Industry Voices segment kicks off Cybersecurity Awareness Month , we are joined by Chad Raduege , Executive Director of the Oklahoma Cyber Innovation Institute at The University of Tulsa , discussing the Institute’s K-12 outreach initiatives. Selected Reading AFP News Agency's Content Delivery Systems Hit by Cyberattack (Hackread) CISA and FBI Issue Alert on XSS Vulnerabilities (Security Boulevard) UMC Health System Diverts Patients Following Ransomware Attack (SecurityWeek) Western Digital My Cloud Devices Flaw Let Attackers Execute Arbitrary Code (CyberSecurity News) California passes car data privacy law to protect domestic abuse survivors (The Record) The Playstation Network is down in a global outage (Bleeping Computer) Veri
S8 E2161 · Mon, September 30, 2024
Escape from GPU island.
A critical vulnerability has been discovered in the NVIDIA Container Toolkit. Representatives from around the world are meeting in Washington to address ransomware. The Pentagon shoots down the notion of a separate cyber service. A genetic testing company leaves sensitive information in an unsecured folder. A public accounting firm breach affects 127,000 individuals. The DOJ charges a British national with hacking U.S. companies. California’s Governor vetoes an AI safety bill. CISOs deserve a seat at the table. Tim Starks from CyberScoop describes the House Homeland Security chair’s proposed cyber workforce bill. Password laziness leaves routers vulnerable. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Tim Starks from CyberScoop talking about the House Homeland Security chair releasing and pushing forth a cyber workforce bill. Read more in Tim’s article . Selected Reading Critical flaw in NVIDIA Container Toolkit allows full host takeover (Bleeping Computer) Here's what to expect from the Counter Ransomware Initiative meeting this week (The Record) Pentagon asks lawmakers to kill third-party look at an independent cyber force (Breaking Defense) Facial DNA provider leaks biometric data via WordPress folder (Hackread) Accounting Firm WMDDH Discloses Data Breach Impacting 127,000 (SecurityWeek) British National Arrested, Charged for Hacking US Companies (SecurityWeek) California Gov. Newsom Vetoes Hotly Debated AI Safety Bill (BankInfo Security) <a href="https://www.infosecurity-magazine.com/news/pwc-boards-cisos-seat-t
S11 E99 · Mon, September 30, 2024
Security remediation automation. [CSO Perspectives]
Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, turns over hosting responsibilities to Rick Doten, the VP of Information Security at Centene and one of the original contributors to the N2K CyberWire Hash Table. He makes the case to invigorate the automation first principle cybersecurity strategy. In this case, he is specifically addressing remediation automation. References: Staff, n.d. National Pie Championships [Website]. American Pie Council. Rick Doten. Rick’s Cybersecurity Videos [Youtube Channel]. YouTube. Joe, 2020. The Unbearable Frequency of PewPew Maps [Explainer]. Stranded on Pylos. Aanchal Gupta, 2022. Celebrating 20 Years of Trustworthy Computing [Explainer]. Microsoft Security Blog. Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E74 · Sun, September 29, 2024
Steve Blank, national security, and the dilemma of technology disruption. (Part 2 of 2) [Special Edition]
In this 2-part special edition series, guest Steve Blank , co-founder of the Gordian Knot Center for National Security Innovation at Stanford University, speaks with N2K 's Brandon Karpf about national security and the dilemma of technology disruption. In this series, Steve Blank, a renowned expert in national security innovation, explores the critical challenges facing the U.S. Department of Defense in a rapidly evolving technological landscape. From the rise of global adversaries like China to the bureaucratic obstacles hindering defense innovation, Blank breaks down the “dilemma of technology disruption” in national security. Learn how the U.S. can overcome its outdated systems, accelerate innovation, and prepare for the future of defense technology. Whether you’re interested in defense tech, cybersecurity, or government innovation, this episode offers deep insights into the intersection of national security and technological disruption. For some background, you can check out Steve’s article “ Why Large Organizations Struggle With Disruption, and What to Do About It .” Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, September 28, 2024
Jason Clark: Challenge the way things are done. [Strategy] [Career Notes]
Enjoy this encore episode where we are joined by the Chief strategy officer and chief security officer for Netskope, Jason Clark, shares his journey as he challenges the status quo and works to expand diversity in cybersecurity. Jason started his career by breaking the mold and heading to the Air Force rather than his family legacy of Army service. Following his military service, he became a CISO for the New York Times at age 26 and kept building from there. Jason advises, "You should always be seeking out jobs you're actually not qualified for. I think that's how you grow. If you know you could do the job, and you've got half the skills, go for it." Jason aspires to a legacy of increasing diversity in the cybersecurity industry and founded a non-profit to do just that. And, we thank Jason for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, September 28, 2024
Beyond the permissions wall. [Research Saturday]
We are joined by Yves Younan, Senior Manager, Talos Vulnerability Discovery and Research from Cisco, discussing their work on "How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions." Cisco Talos has uncovered eight vulnerabilities in Microsoft applications for macOS that could allow attackers to exploit the system's permission model by injecting malicious libraries. By leveraging permissions already granted to these apps, attackers could gain access to sensitive resources like the microphone, camera, and screen recording without user consent. While Microsoft considers these issues low risk and has declined to fix them, the vulnerabilities pose a potential threat to user privacy and security. The research can be found here: How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E2160 · Fri, September 27, 2024
Darknet dollars exposed.
International Law Enforcement Seizes Domains of Russian Crypto Laundering Networks. The real-world risk of a recently revealed Linux vulnerability appears low. Criminal Charges Loom in the Iranian Hack of the Trump Campaign. Meta is fined over a hundred million dollars for storing users’ passwords in plaintext. Delaware’s public libraries grapple with the aftermath of a ransomware attack. Tor merges with Tails. Progress Software urges customers to patch multiple vulnerabilities. A critical vulnerability in VLC media player has been discovered. Our guests are Mark Lance, Vice President of DFIR and Threat Intelligence at GuidePoint Security, and Andrew Nelson, Principal Security Consultant at GuidePoint Security discussing their work on "Hazard Ransomware – A Successful Broken Encryptor Story." Having the wisdom to admit you just don’t know. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest is Mark Lance , Vice President DFIR and Threat Intelligence at GuidePoint Security , discussing their work on " Hazard Ransomware – A Successful Broken Encryptor Story ." Selected Reading US-led operation disrupts crypto exchanges linked to Russian cybercrime (The Record) Highly Anticipated Linux Flaw Allows Remote Code Execution, but Less Serious Than Expected (SecurityWeek) Criminal charges coming in alleged Iranian hack of Trump campaign emails: Sources (ABC News) Meta fined $101 million for storing hundreds of millions of passwords in plaintext (The Record) Hackers attack Delaware libraries, seek ransom. Here's what we know (Delaware Online) Tor Merges With Security-Focused OS Tails (SecurityW
S8 E2159 · Thu, September 26, 2024
Salt Typhoon’s cyber storm.
Salt Typhoon infiltrates US ISPs. Researchers hack the connected features in Kia vehicles.WiFi portals in UK train stations suffer Islamophobic graffiti. International partners release a joint guide for protecting Active Directory. A key house committee approves an AI vulnerability reporting bill. India’s largest health insurer sues Telegram over leaked data. HPE Aruba Networking patches three critical vulnerabilities in its Aruba Access Points. OpenAI plans to restructure into a for-profit business. CISA raises the red flag on Hurricane Helene scams. Our guest is Ashley Rose, Founder & CEO at Living Security, on the creation of Forrester’s newest cybersecurity category, Human Risk Management. The FTC says “Objection!” to the world’s first self-proclaimed robot lawyer. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest is Ashley Rose , Living Security ’s Founder & CEO, talking about the creation of Forrester’s newest cybersecurity category, Human Risk Management. Read Ashley’s blog . Learn more on The Forrester Wave™: Human Risk Management Solutions, Q3 2024 . Selected Reading China-Backed Salt Typhoon Targets U.S. Internet Providers: Report (Security Boulevard) Millions of Vehicles Could Be Hacked and Tracked Thanks to a Simple Website Bug (WIRED) Public Wi-Fi operator investigating cyberattack at UK's busiest train stations (The Rgister) ASD’s ACSC, CISA, and US and International Partners Release Guidance on Detecting and Mitigating Active Directory Compromises (CISA) House panel moves bill that adds AI systems to National Vulnerability Database (CyberScoop) <a href="https://www.reuters.com/technology/cybersecurity/indias-star-health
S8 E2158 · Wed, September 25, 2024
Blue screen blues.
CrowdStrike’s Adam Meyers testifies before congress. The State Department is set to provide nearly $35 million in foreign aid to strengthen global cybersecurity. Foreign adversaries claim ongoing access to presidential campaign documents. Researchers warn of critical vulnerabilities in fuel tank monitoring systems. Hackers claim a Chrome 2FA feature bypass takes less than ten minutes. Exploiting ChatGPT’s long-term memory. Politicians and staffers find personal data exposed on the dark web. A critical vulnerability in Ivanti’s Virtual Traffic Manager is being actively exploited. On our CertByte segment, Chris Hare is joined by resident Microsoft SME George Monsalvatge to break down a question from N2K’s CompTIA Project+ Practice Test. Don’t click the PDiddy links. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare , a content developer and project management specialist at N2K , we share practice questions from our suite of industry-leading content and a study tip to help you achieve the professional certifications you need to fast-track your career growth. In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by resident Microsoft SME George Monsalvatge to break down a question from N2K’s CompTIA Project+ (PK0-005) Practice Test. This exam is targeted for candidates who have about 1-2 years of project management experience. This is not an actual test question, but an example of one that covers an objective for the 5th version of the exam, which came out in November 2022. Have a question that you’d like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify . To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro . Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers o
S8 E2157 · Tue, September 24, 2024
PIVOTT Act drafts the next wave of digital defenders.
The House Homeland Security Chair introduces a major cyber workforce bill. Google rolls out new Gmail security tools. Telegram makes a big shift in its privacy policy. Microsoft doubles down on cybersecurity. A Kansas water treatment facility suffers a suspected cyberattack. MoneyGram reports network outages. Kaspersky antivirus users get an automatic upgrade, maybe. North Korean IT workers infiltrate Fortune 100 companies. Gartner analysts urge cybersecurity leaders to focus on prevention, response, and recovery. In this week’s Threat Vector, host David Moulton is joined by Daniel Kendzior, Global Data & AI Security Practice Lead at Accenture, to explore the seismic shifts in cybersecurity brought about by AI technologies. A lavish lifestyle exposes the duo behind a $230M crypto scam. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . Threat Vector Segment In this segment of Threat Vector , host David Moulton , Director of Thought Leadership at Palo Alto Networks Unit 42, and Daniel Kendzior , Global Data & AI Security Practice Lead at Accenture , explore the seismic shifts in cybersecurity brought about by AI technologies. Join us each Thursday for a new episode of Threat Vector on the N2K CyberWire network. To hear David and Daniel’s full discussion, check it out here . Selected Reading Exclusive: House Homeland Security chair releases, pushes forth cyber workforce bill (CyberScoop) Google Announces New Gmail Security Move For Millions (Forbes) Telegram will now provide some user data to authorities (BBC) Microsoft CEO to Cyber Team: Don’t Tell Me How Great Everything Is (Bloomberg) Kansas Water Facility Switches to Manual Operations
S8 E2156 · Mon, September 23, 2024
Can connected cars jeopardize national security?
The US is set to propose a ban on Chinese software and hardware in connected cars. Dell investigates a breach of employee data. Unit 42 uncovers a North Korean PondRAT and a red team tool called Splinter. Marko Polo malware targets cryptocurrency influencers, gamers, and developers. An Iranian state-sponsored threat group targets Middle Eastern governments and telecommunications.The alleged Snowflake hacker remains active and at large. German officials quantify fallout from the CrowdStrike incident. Apple’s latest macOS update has led to widespread issues with cybersecurity software and network connectivity. Our guest is Vincenzo Ciancaglini, Senior Threat Researcher from Trend Micro, talking about the uptick in cybercrime driven by the generative AI explosion. Supercharging your graphing calculator. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest is Vincenzo Ciancaglini , Senior Threat Researcher from Trend Micro , talking about the uptick in cybercrime driven by the generative AI explosion. Read their blog "Surging Hype: An Update on the Rising Abuse of GenAI" here . Selected Reading Exclusive: US to propose ban on Chinese software, hardware in connected vehicles (Reuters) Dell investigates data breach claims after hacker leaks employee info (Bleeping Computer) North Korea-linked APT Gleaming Pisces deliver new PondRAT backdoor via malicious Python packages (Security Affairs) Global infostealer malware operation targets crypto users, gamers (Bleeping Computer) Iranian-Linked Group Facilitates APT Attacks on Middle East Networks (Security Boulevard) <a href="https://cyberscoo
S11 E98 · Mon, September 23, 2024
Resilience. (CSO Perspectives)
Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, turns over hosting responsibilities to Roselle Safran, the CEO and Founder of KeyCaliber and one of the original contributors to the N2K CyberWire Hash Table. She interviews Tia Hopkins, the eSentire Chief Cyber Resilience Officer, to make the business case for why resilience might be the most important cyber strategy. References: Black Women in Cyber Collective, 2024. Securing Our Future: Embracing The Resilience and Brilliance of Black Women in Cyber [Book]. Goodreads. Ken Underhill, Christophe Foulon, Tia Hopkins, Mari Galloway, 2022. Hack the Cybersecurity Interview: A complete interview preparation guide for jumpstarting your cybersecurity career [Book]. Goodreads. Ron Ross, Victoria Pillitteri, Richard Graubart, Deborah Bodeau, Rosalie McQuaid, 2021. SP 800-160 Vol. 2 Rev. 1, Developing Cyber-Resilient Systems: A Systems Security Engineering Approach [Guidance]. CSRC. Roselle Safran, 2024. Who Does the CISO Work for? [Social Media Post]. LinkedIn. Staff, n.d. Empow(H)er Cyber Home [Website]. Learn more about your ad choices. Visit megaphone.fm/adchoices
S1 E34 · Sun, September 22, 2024
Kyla Guru: You are a key piece to our national security. [Education] [Career Notes]
Enjoy this special encore episode, where we are jjoined by Founder and CEO of nonprofit Bits N' Bytes Cybersecurity Education and undergraduate student at Stanford University, Kyla Guru shares her journey from GenCyber Camp to becoming a cybersecurity thought leader. Seeing the need. for cybersecurity education in her own community spurred Kyla into action engaging our civilian population in understanding their role in the cybersecurity space. Kyla recommends putting yourself out there: taking courses, getting more knowledge, getting internships, meeting people and going to conferences. Kyla thinks her generation has an inquisitive mind and feels that is where advocacy and education come in with cybersecurity. She shares for any young person "thinking about maybe starting something in security, this is definitely the time to do so." And, we thank Kyla for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
S9 E73 · Sun, September 22, 2024
Steve Blank, national security, and the dilemma of technology disruption. (Part 1 of 2)
In this 2-part special edition series, guest Steve Blank , co-founder of the Gordian Knot Center for National Security Innovation at Stanford University, speaks with N2K 's Brandon Karpf about national security and the dilemma of technology disruption. In this series, Steve Blank, a renowned expert in national security innovation, explores the critical challenges facing the U.S. Department of Defense in a rapidly evolving technological landscape. From the rise of global adversaries like China to the bureaucratic obstacles hindering defense innovation, Blank breaks down the “dilemma of technology disruption” in national security. Learn how the U.S. can overcome its outdated systems, accelerate innovation, and prepare for the future of defense technology. Whether you’re interested in defense tech, cybersecurity, or government innovation, this episode offers deep insights into the intersection of national security and technological disruption. For some background, you can check out Steve’s article “ Why Large Organizations Struggle With Disruption, and What to Do About It .” Learn more about your ad choices. Visit megaphone.fm/adchoices
Fri, September 20, 2024
They really are watching what we watch.
An FTC report confirms online surveillance and privacy concerns. Ukraine bans Telegram for state and security officials. Sensitive customer data from India’s largest health insurer is leaked. German law enforcement shuts down multiple cryptocurrency exchange services. HZ RAT sets its sights on macOS systems. Stolen VPN passwords remain a growing threat. Law enforcement dismantles the iServer phishing-as-a-service platform. Today’s guest is Steve Blank, co-founder of the Gordian Knot Center for National Security Innovation at Stanford University, talking with N2K's Brandon Karpf about national security and the dilemma of technology disruption. CISA’s boss pushes for accountability. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Today’s guest is Steve Blank , co-founder of the Gordian Knot Center for National Security Innovation at Stanford University, talking with N2K 's Brandon Karpf about national security and the dilemma of technology disruption. For some background, you can check out Steve’s article “ Why Large Organizations Struggle With Disruption, and What to Do About It. ” To listen to Brandon and Steve’s full conversation, check out our Special Edition series that will run over the next two Sundays in our CyberWire Daily podcast feed. Selected Reading FTC Staff Report Finds Large Social Media and Video Streaming Companies Have Engaged in Vast Surveillance of Users with Lax Privacy Controls and Inadequate Safeguards for Kids and Teens (Federal Trade Commission) Ukraine bans Telegram on state and military devices (The Record) Hacker selling 7 TB of Star Health Insurance’s customer data using Telegram (CSO Online) <a href="https://www.coindesk.com/business/2024/09/19/german-government-shuts-down-47-exchang
S8 E2154 · Thu, September 19, 2024
Derailing the Raptor Train botnet.
The US government disrupts China’s Raptor Train botnet. A phishing campaign abuses GitHub repositories to distribute malware.Ransomware group Vanilla Tempest targets U.S. healthcare providers.Hackers demand $6 million for stolen airport data. The FCC opens applications for a $200 million cybersecurity grant program. GreyNoise Intelligence tracks mysterious online “Noise Storms”. Scammers threaten Walmart shoppers with arrest. CISA adds five critical items to its known exploited vulnerabilities list. Craigslist founder will donate $100 million to strengthen US cybersecurity. Our guest today is Victoria Samson, Chief Director at Secure World Foundation, talking about space security and stability. Cybercriminals fall prey to very infostealers they rely on. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest today is Victoria Samson , Chief Director at Secure World Foundation , talking with N2K’s T-Minus Space Daily podcast host Maria Varmazis about space security and stability. For some additional detail about space sustainability, visit Secure World Foundation’s Space Sustainability 101 . Selected Reading US Disrupts 'Raptor Train' Botnet of Chinese APT Flax Typhoon (SecurityWeek) Clever 'GitHub Scanner' campaign abusing repos to push malware (Bleeping Computer) Microsoft warns of ransomware attacks on US healthcare (CSO Online) Sea-Tac refuses to pay 100-bitcoin ransom after August cyberattack (The Seattle Times) FCC $200m Cyber Grant Pilot Opens Applications for Schools and Libraries (Infosecurity Magazine) GreyNoise Reveals New Internet Noise S
S8 E347 · Thu, September 19, 2024
Hook, line, and sinker. [Research Saturday]
Jonathan Tanner , Senior Security Researcher from Barracuda , discussing their work on " Stealthy phishing attack uses advanced infostealer for data exfiltration ." The recent phishing attack, detailed by Barracuda, uses a sophisticated infostealer malware to exfiltrate a wide array of sensitive data. The attack begins with a phishing email containing an ISO file with an HTA payload, which downloads and executes obfuscated scripts to extract and transmit browser information, saved files, and credentials to remote servers. This advanced infostealer is notable for its extensive data collection capabilities and complex exfiltration methods, highlighting the increasing sophistication of cyber threats. The research can be found here: Stealthy phishing attack uses advanced infostealer for data exfiltration Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E2153 · Wed, September 18, 2024
High-stakes sabotage.
Exploding pagers in Lebanon are not a cyberattack. Europol leads an international effort to shut down the encrypted communications app Ghost. Microsoft IDs Russian propaganda groups’ disinformation campaigns. California’s Governor signs bills regulating AI in political ads. A multi-step zero-click macOS Calendar vulnerability is documented. A new phishing campaign targets Apple ID credentials.The US Cyber Ambassador emphasizes deterrence. Our guest is Linda Betz, Executive Vice President of Global Community Engagement at the FS-ISAC, sharing their work on maintaining security support at all levels of cyber maturity. AI tries to out-Buffett Warren Buffett. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest is Linda Betz , Executive Vice President of Global Community Engagement at the FS-ISAC , sharing their work and the recently-published guide on maintaining security support at all levels of cyber maturity. You can check out their guide “Cyber Fundamentals: Critical baseline security practices for today’s threat landscape” here . Selected Reading Israel Planted Explosives in Pagers Sold to Hezbollah, Officials Say (The New York Times) Criminal-favored Ghost messaging app busted, owners arrested (Cybernews) Russians made videos falsely accusing Harris of hit-and-run, Microsoft says (The Washington Post) California governor signs laws to crack down on election deepfakes created by AI (Associated Press) Researcher chains multiple old macOS flaws to compromise iCloud with no user interaction (Beyond Machines) <a href="https://www.forbes.com/sites/daveywinder/2024/09/18/icloud-password-attack-warning-for-iphone-15-iphone-16-gmail
S8 E2152 · Tue, September 17, 2024
One small step for scammers.
The US charges a Chinese national for spear-phishing government employees. The feds impose new sanctions on the makers of Predator spyware. Dealing with fake data breaches. Researchers discover a critical vulnerability in Google Cloud Platform. D-Link has patched critical vulnerabilities in three popular wireless router models. Snowflake ups their authentication game. A US mining company confirms a cyberattack. Researchers identify critical threats targeting construction industry accounting software. Tim Starks from CyberScoop joins us with his reporting on the US Postal Service’s ability to meet the challenges of the upcoming election. Cisco’s second round of layoffs hit hard. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest today is Tim Starks , Senior Reporter from CyberScoop , joining us to discuss his piece on " Election officials say U.S. Postal Service woes place election mail at risk. " Selected Reading DoJ: Chinese Man Used Spear-Phishing to Obtain Software From NASA, Military (SecurityWeek) US Ramps Up Sanctions on Spyware-Maker Intellexa (Infosecurity Magazine) All Smoke, no Fire: The Bizarre Trend of Fake Data Breaches and How to Protect Against Them (Security Boulevard) Google Cloud Platform RCE Flaw Let Attackers Execute Code on Millions of Google Servers (Cyber Security News) D-Link fixes critical RCE, hardcoded password flaws in WiFi 6 routers (Bleeping Computer) Breach-Weary Snowflake Moves to MFA, 14-Character Passwords (GovInfo Security) Owner of only US platinum mine confirms data breach after ransomware claims (The Record) <a hr
S8 E2151 · Mon, September 16, 2024
Agencies warn of voter data deception.
The FBI and CISA dismiss false claims of compromised voter registration data. The State Department accuses RT of running global covert influence operations. Chinese hackers are suspected of targeting a Pacific Islands diplomatic organization. A look at Apple’s Private Cloud Compute system. 23andMe will pay $30 million to settle a lawsuit over a 2023 data breach. SolarWinds releases patches for vulnerabilities in its Access Rights Manager. Browser kiosk mode frustrates users into giving up credentials. Brian Krebs reveals the threat of growing online “harm communities.” Our guest is Elliot Ward, Senior Security Researcher at Snyk, sharing insights on prompt injection attacks. How theoretical is the Dead Internet Theory? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest is Elliot Ward , Senior Security Researcher at Snyk , sharing insights on their recent work " Agent Hijacking: the true impact of prompt injection attacks ." Selected Reading FBI tells public to ignore false claims of hacked voter data (Bleeping Computer) Russia’s RT news agency has ‘cyber operational capabilities,’ assists in military procurement, State Dept says (The Record) The Dark Nexus Between Harm Groups and ‘The Com’ (Krebs on Security) China suspected of hacking diplomatic body for Pacific islands region (The Record) Apple Intelligence Promises Better AI Privacy. Here’s How It Actually Works (WIRED) Apple seeks to drop its lawsuit against Israeli spyware pioneer NSO (Washington Post) 23andMe settles data breach lawsuit for $30 million (Reuters) <a href="https://www.securityweek.com/solarwinds-patches-critical-vulnerability-in-acce
S11 E97 · Mon, September 16, 2024
Breaking the information sharing barrier.
Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, turns over hosting responsibilities to Errol Weiss, the Chief Security Officer (CSO) of the HEALTH-ISAC and one of the original contributors to the N2K CyberWire Hash Table. He will make the business case for information sharing. References: White and Williams LLP, Staff Osborne Clarke LLP , 2018. Threat Information Sharing and GDPR [Legal Review]. FS-ISAC. Senator Richard Burr (R-NC), 2015. S.754 - 114th Congress (2015-2016): To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes [Law]. Library of Congress. Staff, n.d. National Council of ISACs [Website]. NCI. Staff, 2020. Guidance to Assist Non-Federal Entities to Share Cyber Threat Indicators and Defensive Measures with Federal Entities under the Cybersecurity Information Sharing Act of 2015 [Guidance]. CISA. Staff, 2023. Information Sharing Best Practices [White paper]. Health-ISAC. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sun, September 15, 2024
Ben Yelin: A detour could be a sliding door moment. [Policy] [Career Notes]
Enjoy this encore of Carerr Notes, where the Program Director for Public Policy and External Affairs at the University of Maryland's Center for Health and Homeland Security Ben Yelin shares his journey from political junkie to Fourth Amendment specialist. Several significant life defining political developments like the disputed 2000 election, 9/11, and the Iraqi war occurred during his formative years that shaped Ben's interest in public policy and his desire to pursue a degree in law. An opportunity to be a teaching assistant turned out to be one of those sliding door scenarios that led Ben to where he is now, a lawyer in the academic and consulting worlds specializing in cybersecurity and digital privacy issues. Through his work, Ben hopes to elevate the course of the debate on these very important issues. And, we thank Ben for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, September 14, 2024
Spamageddon: Xeon Sender’s cloudy SMS attack revealed! [Research Saturday]
Alex Delamotte, Threat Researcher from SentinelOne Labs, joins to share their work on "Xeon Sender | SMS Spam Shipping Multi-Tool Targeting SaaS Credentials." SentinelOne’s Labs team has uncovered new research on Xeon Sender, a cloud hacktool used to launch SMS spam attacks via legitimate APIs like Amazon SNS. First seen in 2022, this tool has been repurposed by multiple threat actors and distributed on underground forums, highlighting the ongoing trend of SMS spam through cloud services and SaaS. The research can be found here: Xeon Sender | SMS Spam Shipping Multi-Tool Targeting SaaS Credentials Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E2150 · Fri, September 13, 2024
Mini-breach, mega-hype.
Fortinet reveals a data breach. The feds sanction a Cambodian senator for forced labor scams. UK police arrest a teen linked to the Transport for London cyberattack. New Linux malware targets Oracle WebLogic. Citrix patches critical Workspace app flaws. Microsoft unveils updates to prevent outages like the CrowdStrike incident. U.S. Space Systems invests in secure communications. Illegal gun-conversion sites get taken down. Tim Starks of CyberScoop tracks Russian hackers mimicking spyware vendors. Cybersecurity hiring gaps persist. Hackers use eye-tracking to steal passwords. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Today, we welcome back Tim Starks , senior reporter from CyberScoop , to discuss “Google: apparent Russian hackers play copycat to commercial spyware vendors.” You can read the article Tim refers to here . Selected Reading Fortinet Data Breach: What We Know So Far (SOCRadar) Cambodian senator sanctioned by US over cyber-scams (The Register) UK NCA arrested a teenager linked to the attack on Transport for London (Security Affairs) New 'Hadooken' Linux Malware Targets WebLogic Servers (SecurityWeek) Citrix Workspace App Vulnerabilities Allow Privilege Escalation Attacks (Cyber Security News) Microsoft Vows to Prevent Future CrowdStrike-Like Outages (Infosecurity Magazine) Space Systems Command Awards $188M Contract for meshONE-T Follow-on (Space Systems Command) Domains seized for allegedly importing Chinese gun switches (The Register) <a href="https://securityboulevard.com/2024/09/why-breaking-into-cyber
S8 E2149 · Thu, September 12, 2024
UK’s newest cybersecurity MVPs.
The UK designates data centers as Critical National Infrastructure. Cisco releases patches for multiple vulnerabilities in its IOS XR network operating system. BYOD is a growing security risk. A Pennsylvania healthcare network has agreed to a $65 million settlement stemming from a 2023 data breach.Google Cloud introduces air-gapped backup vaults. TrickMo is a newly discovered Android banking malware. GitLab has released a critical security update. A $20 domain purchase highlights concerns over WHOIS trust and security. Our guest is Jon France, CISO at ISC2, with insights on Communicating Cyber Risk of New Technology to the Board. And, could Pikachu be a double-agent for Western intelligence agencies? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest is Jon France , CISO at ISC2 , sharing his take on "All on "Board" for AI – Communicating Cyber Risk of New Technology to the Board." This is a session Jon presented at Black Hat USA 2024. You can check out his session’s abstract . Also, N2K CyberWire is a partner of ISC2’s Security Congress 2024. Learn more about the in-person and virtual event here . Selected Reading UK Recognizes Data Centers as Critical National Infrastructure (Infosecurity Magazine) Cisco Patches High-Severity Vulnerabilities in Network Operating System (SecurityWeek) BYOD Policies Fueling Security Risks (Security Boulevard) Healthcare Provider to Pay $65M Settlement Following Ransomware Attack (SecurityWeek) Google Unveils Air-gapped Backup Vaults to Protect Data from Ransomware Attacks (Cyber Security News) New Android Banking M
S8 E2148 · Wed, September 11, 2024
A Patch Tuesday overload.
Patch Tuesday rundown. Microsoft integrates post-quantum cryptography (PQC) algorithms into its SymCrypt cryptographic library.The FTC finalizes rules to combat fake reviews and testimonials. A payment card thief pleads guilty. On our latest CertByte segment, N2K’s Chris Hare and George Monsalvatge share questions and study tips from the Microsoft Azure Fundamentals (AZ-900) Practice Test. Hard Drive Heaven: How Iconic Music Sessions Are Disappearing. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare , a content developer and project management specialist at N2K . In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by resident Microsoft SME George Monsalvatge to break down a question from N2K’s Microsoft Azure Fundamentals (AZ-900) Practice Test . Have a question that you’d like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify . Reference: What is public cloud? (RedHat) Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Remembering 9/11 In today’s episode, we pause to honor and remember the lives lost on September 11, 2001. We pay tribute to the courageous first responders, the resilient survivors, and the families whose lives were forever altered by that tragic day. Amidst the profound loss, the spirit of unity and compassion shone brightly, reminding us of our shared humanity. Additionally, you can check out our special segment featuring personal remembrances from N2K CyberWire’s very own Rick Howard , who was in the Pentagon on that fateful day. His reflections prov
Bonus · Wed, September 11, 2024
A CSO's 9/11 Story: CSO Perspectives Bonus.
For the 20th anniversary of 9/11 in 2021, Rick Howard, the CyberWire’s CSO, Chief Analyst, and Senior Fellow, recounts his experience from inside the Pentagon running the communications systems for the Army Operations Center. Read Rick's related essay and check out his original notes of 9/11/01 written in the weeks following the attacks. Learn more about your ad choices. Visit megaphone.fm/adchoices
S9 E72 · Wed, September 11, 2024
Solution Spotlight: Mary Haigh, Global CISO of BAE Systems, on building a cybersecurity team.
On this Solution Spotlight, guest Dr. Mary Haigh , Global CISO of BAE Systems , speaks with N2K President Simone Petrella about moving beyond the technical to build a cybersecurity team. Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E2147 · Tue, September 10, 2024
Stealth, command, exfiltrate: The three-headed cyber dragon of Crimson Palace.
Crimson Palace targets Asian organizations on behalf of the PRC. Europe’s AI Convention has lofty goals and legal loopholes. The NoName ransomware gang may be working as a RansomHub affiliate. Wisconsin Physicians Service Insurance Corporation, SLIM CD, and Acadian Ambulance Service each suffer significant data breaches. CISA adds three vulnerabilities to its Known Exploited Vulnerabilities Catalog. Researchers from Ben-Gurion University in Israel develop new techniques to exfiltrate data from air-gapped computers. In our latest Threat Vector segment, David Moulton, Director of Thought Leadership at Unit 42, sits down with Ryan Barger, Director of Offensive Security Services, to explore how AI is revolutionizing offensive security. Sextortion scammers have gone to the dogs. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . Threat Vector Segment In this segment of Threat Vector, David Moulton , Director of Thought Leadership at Unit 42, sits down with Ryan Barger , Director of Offensive Security Services, to explore how AI is revolutionizing offensive security. Ryan delves into the practical applications of AI in tasks such as OSINT analysis, payload development, and evading endpoint detection systems. To listen to their full conversation, check out the episode here . You can catch new episodes of Threat Vector every Thursday on the N2K CyberWire network. Selected Reading Chinese Tag Team APTs Keep Stealing Asian Gov't Secrets (Dark Reading) The AI Convention: Lofty Goals, Legal Loopholes, and National Security Caveats (SecurityWeek) NoName ransomware gang deploying RansomHub malware in recent attacks (Bleeping Computer) Wisconsin Insurer Discloses Data Breach Impacting 950,000 Individuals (SecurityWeek) Payment Gateway
S8 E2146 · Mon, September 09, 2024
A ticking clock to exploitation.
Patch Now alerts come from Progress Software and Veeam Backup & Restoration. Car rental giant Avis notifies nearly 300,000 customers of a data breach. The UK’s National Crime Agency struggles to retain top cyber talent. Two Nigerian brothers get prison time for their roles in a deadly sextortion scheme. SpyAgent malware uses OCR to steal cryptocurrency. A Seattle area school district suffers a cybercrime snow day. Our guest is Amer Deeba, CEO of Normalyze, discussing data’s version of hide and go seek - the emergence of shadow data. A crypto leader resigns after being held at gunpoint. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest is Amer Deeba , CEO of Normalyze , discussing data’s version of hide and go seek, or the emergence of shadow data. Selected Reading Progress LoadMaster vulnerable to 10/10 severity RCE flaw (Bleeping Computer) New Veeam Vulnerability Puts Thousands of Backup Servers at Risk – PATCH NOW! (HACKREAD) Thousands of Avis car rental customers had personal data stolen in cyberattack (TechCrunch) UK National Crime Agency, responsible for fighting cybercrime, ‘on its knees,’ warns report (The Record) 2 Brothers Sentenced to More Than 17 Years in Prison in Sextortion Scheme (The New York Times) SpyAgent Android malware steals your crypto recovery phrases from images (Bleeping Computer) Highline schools closing Monday because of cyberattack (Seattle Times) Crypto Firm CEO Resigns Following Armed Robbery of Company Funds (Blockonomi) Share your feedback.<
Bonus · Sun, September 08, 2024
Ann Johnson: Trying to make the world safer. [Business Development] [Career Notes]
Enjoy this special encore episode where we are joined by, Microsoft's Corporate Vice President of Cybersecurity Business Development Ann Johnson brings us on her career journey from aspiring lawyer to cybersecurity executive. After pivoting from studying law, Ann started working with computers and found she had a deep technical aptitude for technology and started earning certifications landing in cybersecurity because she found an interest in PKI. At Microsoft, Ann says she solves some of the hardest problems every day. She recommends getting a mentor and finding your area of expertise. She leaves us with three dimensions she hopes to be her legacy: 1. diversity in more than just gender, 2. bringing a human aspect to the industry, and 3. being empathetic to the user experience. We thank Ann for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, September 07, 2024
The playbook for outpacing China. [Research Saturday]
This week, N2K 's very own Brandon Karpf sits down with Kevin Lentz , Team Leader of the Cyber Pacific Project at the Global Disinformation Lab , and they discuss the recent threatcasting report "Cyber Competition in the Indo-Pacific Gray Zone 2035." This report, developed using the Threatcasting Method, examines how the U.S. and Indo-Pacific allies can coordinate their cyber defense efforts in response to future competition with China. It presents findings, trends, and recommendations based on twenty-five scenarios simulated by a cross-functional group of experts to anticipate and address emerging threats over the next decade. The research can be found here: Cyber Competition in the Indo-Pacific Gray Zone 2035 Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E2145 · Fri, September 06, 2024
Blizzard warning: Russia’s GRU unleashes new cyber saboteurs.
Cadet Blizzard is part of Russia’s elite GRU Unit. Apache releases a security update for its open-source ERP system. SonicWall has issued an urgent advisory for a critical vulnerability. Researchers uncover a novel technique exploiting Linux’s Pluggable Authentication Modules. Google’s kCTF team has discloses a critical security vulnerability affecting the Linux kernel’s netfilter component. Predator spyware has resurfaced. US health care firm Confidant Health exposes 5.3 terabytes of sensitive health information. Dealing with the National Public Data breach. On our Solution Spotlight: Mary Haigh, Global CISO of BAE Systems, speaks with N2K's Simone Petrella about moving beyond the technical to build an effective cybersecurity team. An AI music streaming scheme strikes a sour note. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On our Solution Spotlight segment, Mary Haigh , Global CISO of BAE Systems , speaks with N2K President Simone Petrella about moving beyond the technical to build a cybersecurity team. Selected Reading Russia’s Most Notorious Special Forces Unit Now Has Its Own Cyber Warfare Team (WIRED) Apache Makes Another Attempt at Patching Exploited RCE in OFBiz (SecurityWeek) SonicWall Access Control Vulnerability Exploited in the Wild (GB Hackers) Linux Pluggable Authentication Modules Abused to Create Backdoors (Cyber Security News) PoC Exploit Released for Linux Kernel Vulnerability that Allows Root Access (Cyber Security News) Predator spyware resurfaces with signs of activity, Recorded Future says (CyberScoop) Therapy Sessions Exposed by Mental Health Care Firm’s Unsecured Database (WIRED) <a href="https://securitybou
S8 E2147 · Thu, September 05, 2024
U.S. rains on Russia’s fake news parade.
The DOJ disrupts Russia’s Doppelganger. NSA boasts over 1,000 public and private partners. The FBI warns of North Korean operatives launching “complex and elaborate” social engineering attacks. Iran pays the ransom to sure up their banking system. Cisco has disclosed two critical vulnerabilities in its Smart Licensing Utility. A Nigerian man gets five years in prison for Business Email Compromise schemes. Planned Parenthood confirms a cyberattack. Our guests are Sara Siegle and Cam Potts from NSA, Co-Hosts of the new show, No Such Podcast. OnlyFans hackers get more than they bargained for. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guests are Sara Siegle, Chief, Strategic Communications and Cam Potts , Co-Host, from NSA sharing their new podcast, No Such Podcast . The NSA launched the first two episodes of their new weekly podcast today. You can catch their trailer here . Visit their show on Libsyn . Selected Reading US Targets Russian Media and Hackers Over Election Meddling (BankInfoSecurity) NSA Eyes Global Partnerships to Combat Chinese Cyberthreats (BankInfoSecurity) North Korean scammers prep stealth attacks on crypto outfits (The Register) Iran pays millions in ransom to end massive cyberattack on banks, officials say (Politico) DrayTek Vulnerabilities Added to CISA KEV Catalog Exploited in Global Campaign (SecurityWeek) Critical Cisco Smart Licensing Vulnerabilities Let Attackers Take Over System (Cyber Security News) Nigerian man sentenced to 5 years for role in BEC operation (CyberScoop) <a href="https
S8 E2146 · Wed, September 04, 2024
From secure to clone-tastic.
Researchers find Yubikeys vulnerable to cloning. Google warns of a serious zero-day Android vulnerability. Zyxel releases patches for multiple vulnerabilities. D-Link urges customers to retire unsupported vulnerable routers. Hackers linked to Russia and Belarus target Latvian websites. The Federal Trade Commission (FTC) reports a sharp rise in Bitcoin ATM-related scams. Dutch authorities fine Clearview AI over thirty million Euros over GDPR violations. Threat actors are misusing the MacroPack red team tool to deploy malware. CISA shies away from influencing content moderation. Our guest is George Barnes, Cyber Practice President at Red Cell Partners and Fmr. Deputy Director of NSA discussing his experience at the agency and now in the VC world. Unauthorized Wi-Fi on a Navy warship Leads to Court-Martial. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest is George Barnes , Cyber Practice President and Partner at Red Cell Partners and judge at the 2024 DataTribe Challenge , discussing his experience on both sides, having been at NSA and now in the VC world. Submit your startup to potentially be selected to be part of a startup competition like no other by September 27, 2024. Selected Reading YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel (Ars Technica) Google Issues Android Under Attack Warning As 0-Day Threat Hits Users (Forbes) Zyxel Patches Critical Vulnerabilities in Networking Devices (SecurityWeek) D-Link says it is not fixing four RCE flaws in DIR-846W routers (Bleeping Computer) Hackers linked to Russia and Belarus increasingly target Latvian websites, officials say (The Record) <a href="https://www.ftc.gov/news-events/news/press-releases/2024/09/new-ftc-data-shows-massive-increase-losses-bitcoin-a
S8 E2142 · Tue, September 03, 2024
Brazil nixes Twitter’s successor.
Brazil blocks access to X/Twitter. Transport for London has been hit with a cyberattack. Threat actors have poisoned GlobalProtect VPN software to deliver WikiLoader. “Voldemort” is a significant international cyber-espionage campaign. Researchers uncover an SQL injection flaw with implications for airport security. Three men plead guilty to running an MFA bypass service. The FTC has filed a complaint against security camera firm Verkada. CBIZ Benefits & Insurance Services disclosed a data breach affecting nearly 36,000. The cybersecurity implications of a second Trump term. On our Industry Insights segment, guest Caroline Wong, Chief Strategy Officer at Cobalt, discusses application security and artificial intelligence. A Washington startup claims to revolutionize political lobbying with AI. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On our Industry Insights segment, guest Caroline Wong , Chief Strategy Officer at Cobalt , discusses application security and artificial intelligence. You can find out more from Cobalt’s The State of Pentesting Report 2024 here . Selected Reading Brazil Suspends Access to Elon Musk's X, Including via VPNs (GovInfo Security) Cyberattack hits agency responsible for London’s transport network (The Record) Hacking Poisoning GlobalProtect VPN To Deliver WikiLoader Malware On Windows (Cyber Security News) Scores of Organizations Hit By Novel Voldemort Malware (Infosecurity Magazine) Researchers find SQL injection to bypass airport TSA security checks (Bleeping Computer) Three Plead Guilty to Running MFA Bypass Site (Infosecurity Magazine) Verkada to Pay $2.95 Million Over FTC Probe Into Security Camera Hacking (S
S1 E10 · Mon, September 02, 2024
AWS in Orbit: Building Opportunity with Axiom Space. [AWS in Orbit]
You can learn more about AWS in Orbit at space.n2k.com/aws . Our guests today are Jason Aspiotis , Global Director, In-Space Data & Security at Axiom Space and Jay Naves , Sr. Solutions Architect at AWS Aerospace & Satellite Solutions . AWS in Orbit is a podcast collaboration between N2K Networks and AWS to offer listeners an in-depth look at the transformative intersection of cloud computing, space technologies, and generative AI. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space , and you’ll never miss a beat. And be sure to follow T-Minus on LinkedIn and Instagram . Selected Reading AWS Aerospace and Satellite Audience Survey We want to hear from you! Please complete our short survey . It’ll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit . Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
S1 E31 · Sun, September 01, 2024
Tom Gorup: Fail fast and fail forward. [Operations]
Enjoy this encore episode with Vice President of Security and Support Operations of Alert Logic Tom Gorup shares how his career path led him from tactics learned in Army infantry using machine guns and claymores to cybersecurity replacing the artillery with antivirus and firewalls. Tom built a security automation solution called the Grunt (in recollection of his role in the Army) that automated firewall blocks. He credits his experience in battle-planning for his expertise in applying strategic thinking to work in cybersecurity, noting that communication is key in both scenarios. Tom advises that those looking into a new career shouldn't shy away from failure as failure is just another opportunity to learn. We thank Tom for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
S9 E71 · Sun, September 01, 2024
The impact of CISO Circles and cultivating a security culture.
In this Special Edition podcast, N2K 's Executive Editor Brandon Karpf speaks with Danielle Ruderman , Senior Manager for Wordwide Security Specialists at AWS , and Adam Mikeal , CISO at Texas A&M , about CISO Circles, security challenges faced in higher education, and fostering the culture of security. Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E344 · Sat, August 31, 2024
Pop goes the developer. [Research Saturday]
Tim Peck, a Senior Threat Researcher at Securonix, is discussing their work on "Threat actors behind the DEV#POPPER campaign have retooled and are continuing to target software developers via social engineering." The DEV#POPPER campaign continues to evolve, now targeting developers with malware capable of operating on Linux, Windows, and macOS systems. The threat actors, believed to be North Korean, employ sophisticated social engineering tactics, such as fake job interviews, to deliver stealthy malware that gathers sensitive information, including browser credentials and system data. The research can be found here: Research Update: Threat Actors Behind the DEV#POPPER Campaign Have Retooled and are Continuing to Target Software Developers via Social Engineering Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E2141 · Fri, August 30, 2024
High stakes for high tech: California's AI safety regulations take center stage.
AI regulations move forward in California. DDoS attacks are on the rise. CISA releases a joint Cybersecurity Advisory on the RansomHub ransomware. A persistent malware campaign has been targeting Roblox developers. Two European men are indicted for orchestrating a widespread “swatting” campaign. Critical vulnerabilities in an enterprise network monitoring solution could lead to system compromise. An Ohio judge issues a restraining order against a cybersecurity expert following a ransomware attack. Our guest is Dr. Zulfikar Ramzan, Chief Scientist at Aura, sharing his take on AI's growing role with online criminals. Admiral Hopper's lost lecture is lost no more. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest is Dr. Zulfikar Ramzan , Chief Scientist at Aura , sharing his take on the RockYou2024 breach and AI's growing role with online criminals. Selected Reading California Advances Landmark Legislation to Regulate Large AI Models (SecurityWeek) Radware Report Surfaces Increasing Waves of DDoS Attacks (Security Boulevard) CISA and Partners Release Advisory on RansomHub Ransomware (CISA) Year-Long Malware Campaign Exploits NPM to Attack Roblox Developers (HackRead) 2 Men From Europe Charged With 'Swatting' Plot Targeting Former US President and Members of Congress (SecurityWeek) Critical Flaws in Progress Software WhatsUp Gold Expose Systems to Full Compromise (SecurityWeek) Ahead of mandatory rules, CISA unveils new cyber incident reporting portal (Federal News Network) Frank
S8 E2140 · Thu, August 29, 2024
Crime, compliance, and controversy.
French authorities outline the allegations against Telegram’s CEO. Google finds familiar spyware in Mongolian government websites. The Mirai botnet leverages obsolete security cameras. Iran’s Peach Sandstorm targets the space industry. A federal appeals court says platforms may be liable to algorithmically recommended content. Scam cycles are getting shorter. McDonald’s officials are grimacing after hackers take over their Instagram account. Our guests today are Dave DeWalt, Founder and CEO of NightDragon, and Nicole Bucala, CEO and GM at DataBee, sharing their joint initiative which aims to propel future cybersecurity innovations. A would-be extortionist fails to cover his tracks. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guests today are Dave DeWalt , Founder and CEO of NightDragon , and Nicole Bucala , CEO and GM at DataBee , sharing their joint initiative to propel future cybersecurity innovations. Learn more . Selected Reading French authorities charge Telegram's Durov in probe into organized crime on app (Reuters) Russian government hackers found using exploits made by spyware companies NSO and Intellexa (TechCrunch) Old CCTV cameras provide a fresh opportunity for a Mirai botnet variant (The Record) Notorious Iranian Hackers Have Been Targeting the Space Industry With a New Backdoor (WIRED) Appeals court revives TikTok ‘blackout challenge’ death suit (The Register) Online scam cycles are getting shorter and more effective, Chainalysis finds (CyberScoop) Cisco Patches Multiple NX-OS Software Vulnerabilities (SecurityWeek) <a href="
S8 E2139 · Wed, August 28, 2024
From screen share to spyware.
Threat actors use a malicious Pidgin plugin to deliver malware. The BlackByte ransomware group is exploiting a recently patched VMware ESXi vulnerability. The State Department offers a $2.5 million reward for a major malware distributor. A Swiss industrial manufacturer suffers a cyberattack. The U.S. Marshals Service (USMS) responds to claims of data theft by the Hunters International ransomware gang. Park’N Fly reports a data breach affecting 1 million customers. Black Lotus Labs documents the active exploitation of a zero-day vulnerability in Versa Director servers. Federal law enforcement agencies warn that Iran-based cyber actors continue to exploit U.S. and foreign organizations. We kick off our new educational CertByte segment with hosts Chris Hare and George Monsalvatge. Precrime detectives root out election related misinformation before it happens. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On today’s show, our guests are N2K 's Chris Hare and George Monsalvatge introducing our new bi-weekly CertByte segments that kick off today on the CyberWire Daily podcast. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare , a content developer and project management specialist at N2K , we share practice questions from our suite of industry-leading content and a study tip to help you achieve the professional certifications you need to fast-track your career growth. In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by George Monsalvatge to break down a question targeting the Project Management Professional (PMP)® certification by the Project Management Institute®. Today’s question comes from N2K’s PMI® Project Management Professional (PMP®) Practice Test . The PMP® is the global gold standard certification typically targeted for those who have about three to five years of project management experience. To learn more about this and other related topics under this objective, please refer to the following resource: Project Management Institute - Code of Ethics and Professional Conduct . Have a question that you’d like to see c
S8 E2141 · Tue, August 27, 2024
Cyber revolt or just digital ruckus?
Hacktivists respond to the arrest of Telegram’s CEO in France. Stealthy Linux malware stayed undetected for two years. Versa Networks patches a zero-day vulnerability. Google has patched its tenth zero-day vulnerability of 2024. Researchers at Arkose labs document Greasy Opal. A flaw in Microsoft 365 Copilot allowed attackers to exfiltrate sensitive user data. Gafgyt targets crypto mining in cloud native environments. Microsoft investigates an Exchange Online message quarantine issue. Our guest is Bar Kaduri, research team leader at Orca Security talking about AI Goat, the first open source AI security learning environment based on the OWASP top 10 ML risks. Kentucky Prisoners Trick Tablets to Generate Fake Money. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest is Bar Kaduri , research team leader at Orca Security talking about AI Goat, the first open source AI security learning environment based on the OWASP top 10 ML risks. Available on GitHub, AI Goat is an intentionally vulnerable AI environment built in Terraform that includes numerous threats and vulnerabilities for testing and learning purposes. Learn more . Selected Reading Arrest of Telegram CEO sparks cyberattacks against French websites (SC Media) Unveiling sedexp: A Stealthy Linux Malware Exploiting udev Rules (AON) Stealthy 'sedexp' Linux malware evaded detection for two years (Bleeping Computer) Google tags a tenth Chrome zero-day as exploited this year (Bleeping Computer) Versa fixes Director zero-day vulnerability exploited in attacks (Bleeping Computer) Greasy Opal: Greasing the Skids for Cybercrime (Arkose Labs) Microsoft Copilot Prompt Injection Vulnerability Let Hackers Exfil
S8 E2137 · Mon, August 26, 2024
From secret chats to public spats.
Telegram’s CEO is arrested by French police, presumably over moderation failures. A cyberattack disrupted services at Seattle-Tacoma International Airport and the Port of Seattle. SonicWall has warned customers of a critical vulnerability that could lead to unauthorized access or a firewall crash. Dutch and French regulators fined Uber €290 million for failing to protect the privacy of EU drivers. Microsoft will host a cybersecurity conference next month in response to the disastrous CrowdStrike software update. Radio Free Europe/Radio Liberty looks at Iran’s active attempts to interfere in the upcoming U.S. presidential election. Our guests are Danielle Ruderman, Senior Manager for Worldwide Security Specialists at AWS, and Adam Mikeal, CISO at Texas A&M. They spoke with N2K’s Brandon Karpf about CISO Circles, security challenges faced in higher education, and fostering the culture of security. Pig Butchering devastates a small town bank. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guests are Danielle Ruderman , Senior Manager for Worldwide Security Specialists at AWS , and Adam Mikeal , CISO at Texas A&M . They spoke with N2K ’s Brandon Karpf about CISO Circles, security challenges faced in higher education, and fostering the culture of security. Brandon spoke with Danielle and Adam at AWS’ re: Inforce 2024. Selected Reading Telegram CEO Pavel Durov arrested at French airport (BBC) Is Telegram really an encrypted messaging app? – A Few Thoughts on Cryptographic Engineering (Cryptography Engineering) The Port of Seattle and Sea-Tac Airport say they’ve been hit by ‘possible cyberattack’ (TechCrunch) Nearly 32 Million Documents, Invoices, Contracts, and Agreements Exposed Online by Global Field Service Management Provider (Website Planet) SonicWall Patches Critical SonicOS Vulnerabi
S1 E30 · Sun, August 25, 2024
Ellen Sundra: Actions speak louder than words. [Engineering] [Career Notes]
Enjoy this special encore episode, where we are joined by Vice President of Global Systems Engineering Ellen Sundra and she shares her career path from life as a college grad who found her niche by creating a training program to a leader in cybersecurity. She realized that training and educating people was her passion. Ellen sees her value in providing soft skills as a natural balance to her technical team at Forescout Technologies. Being a woman in a male-dominated world proved to be a challenge and gaining her confidence to share her unique point of view helped her excel in it. Ellen recommends keeping your eyes open for how your skill set fits into cybersecurity. Find your perspective and really embrace it! We thank Ellen for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
S9 E70 · Sun, August 25, 2024
Quantum-proof and ready: NIST unveils the future of encryption. [Special Edition]
In this Special Edition podcast, N2K 's Executive Editor Brandon Karpf speaks with Dustin Moody , mathematician at NIST , about their first 3 recently finalized post-quantum encryption standards. NIST finalized a key set of encryption algorithms designed to protect against future cyberattacks from quantum computers, which operate in fundamentally different ways from traditional computers. Listen as Brandon and Dustin discuss these algorithms and how quantum computing will change the way we view encryption and cyber attacks in the future. Resources: NIST Releases First 3 Finalized Post-Quantum Encryption Standards (NIST) FIPS 203 FIPS 204 FIPS 205 What is Post Quantum Cryptography? (NIST) National Cybersecurity Center of Excellence (NCCoE) Post-Quantum Cryptography Standardization Project (NIST) Need to know: NIST finalizes post-quantum encryption standards essential for cybersecurity. (N2K CyberWire) Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, August 24, 2024
MaaS infrastructure exposed. [Research Saturday]
Robert Duncan, VP of Product Strategy from Netcraft, is discussing their work on "Mule-as-a-Service Infrastructure Exposed." Netcraft's new threat intelligence reveals the intricate connections within global fraud networks, showing how criminals use specialized services like Mule-as-a-Service (MaaS) to launder scam proceeds. By mapping the cyber and financial infrastructure, including bank accounts, crypto wallets, and phone numbers, Netcraft exposes how different scams are interconnected and identifies weak points that can be targeted to disrupt these operations. This insight provides an opportunity to prevent fraud and protect against financial crimes like pig butchering, investment scams, and romance fraud. The research can be found here: Mule-as-a-Service Infrastructure Exposed Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E2136 · Fri, August 23, 2024
Hackers strike LiteSpeed cache again.
The exploitation of the LiteSpeed Cache Wordpress plugin has begun. Halliburton confirms a cyberattack. Velvet Ant targets Cisco Switch appliances. The Qilin ransomware group harvests credentials stored in Google Chrome. Ham radio enthusiasts pay a million dollar ransom. SolarWinds releases a hotfix to fix a hotfix. A telecom company will pay a million dollar fine over President Biden deepfakes. The Justice Department is suing the Georgia Institute of Technology and an affiliated company for allegedly failing to meet required cybersecurity standards for Pentagon contracts. Today’s guest is Dustin Moody, mathematician at NIST, speaking with N2K's Brandon Karpf about post-quantum encryption standards. When it comes to phishing simulations, sometimes the cure is scarier than the disease. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Today’s guest Dustin Moody , mathematician at NIST , talks with N2K 's Brandon Karpf about their first 3 finalized post-quantum encryption standards. You can hear more of Brandon and Dustin’s conversation as they go into more detail on the individual standards on Sunday in our Special Edition podcast. Stay tuned. You can read more on the newly-released standards here . Want to learn more about what post-quantum cryptography is? Check out this resource from NICE. Selected Reading Hackers are exploiting critical bug in LiteSpeed Cache plugin (Bleeping Computer) Oil industry giant Halliburton confirms 'issue' following reported cyberattack (The Record) China-Nexus Threat Group ‘Velvet Ant’ Exploits Zero-Day on Cisco Nexus Switches (Sygnia) Qilin ransomware now steals credentials from Chrome
S8 E2135 · Thu, August 22, 2024
Almost letting hackers rule the web.
A Wordpress plugin vulnerability puts 5 million sites at risk. Google releases an emergency Chrome update addressing an actively exploited vulnerability. Cisco patches multiple vulnerabilities. Researchers say Slack AI is vulnerable to prompt injection. Widely used RFID smart cards could be easily backdoored. The FAA proposes new cybersecurity rules for airplanes, engines, and propellers. A member of the Russian Karakurt ransomware group faces charges in the U.S. The Five Eyes release a guide on Best Practices for Event Logging and Threat Detection. The Kremlin claims widespread online outages are due to DDoS, but experts think otherwise. In our Threat Vector segment, guest host Michael Sikorski speaks with Jason Healey, Senior Research Scholar at Columbia University's School of International and Public Affairs. A deadbeat dad dodges debt through death. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . Threat Vector Segment In this Threat Vector segment, guest host Michael Sikorski , CTO of Unit 42, engages in a thought-provoking conversation about the historical challenges and advances in cyber conflict with Jason Healey , Senior Research Scholar at Columbia University's School of International and Public Affairs. To listen to their full conversation, check out the episode here . You can catch new episodes of Threat Vector every Thursday on the N2K CyberWire network. Selected Reading Critical Privilege Escalation in LiteSpeed Cache Plugin (Patchstack) Google fixes ninth Chrome zero-day exploited in attacks this year (The Register) Cisco Patches High-Severity Vulnerability Reported by NSA (SecurityWeek) Slack AI can leak private data via prompt injection (The Register) Major Backdoor in Millions of RFID Cards Allows Instant Cloning (SecurityWeek) FAA pr
S8 E2134 · Wed, August 21, 2024
Cyberattack cripples major American chipmaker.
A major American chipmaker discloses a cyberattack. Cybercriminals exploit Progressive Web Applications (PWAs) to bypass iOS and Android defenses. Mandiant uncovers a privilege escalation vulnerability in Microsoft Azure Kubernetes Services. ALBeast hits ALB. Microsoft’s latest security update has caused significant issues for dual-boot systems. The DOE’s new SolarSnitch program aims to sure up solar panel security. Researchers uncover LLM poisoning techniques. An Iranian-linked group uses a fake podcast to lure a target. Our guest is Parya Lotfi, CEO of DuckDuckGoose, discussing the increasing problem of deepfakes in the cybersecurity landscape. Return to sender - AirTag edition. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest Parya Lotfi , CEO of DuckDuckGoose , discusses the increasing relevance of deepfakes in the cybersecurity landscape. Selected Reading Microchip Technology discloses cyberattack impacting operations (Bleeping Computer) Android and iOS users targeted with novel banking app phishing campaign (Cybernews) Azure Kubernetes Services Vulnerability Exposed Sensitive Information (SecurityWeek) ALBeast: Misconfiguration Flaw Exposes 15,000 AWS Load Balancers to Risk (HACKREAD) Microsoft’s latest security update has ruined dual-boot Windows and Linux PCs (The Verge) DOE debuts SolarSnitch technology to boost cybersecurity in solar energy systems (Industrial Cyber) Researchers Highlight How Poisoned LLMs Can Suggest Vulnerable Code (Dark Reading) Best Laid Plans: TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackS
S8 E2133 · Tue, August 20, 2024
Cybersecurity on the ballot.
The Dem’s 2024 party platform touches on cybersecurity goals. The feds warn of increased Iranian influence operations. A severe security flaw has been discovered in a popular WordPress donation plugin. The Lazarus Group exploits a Windows zero-day to install a rootkit. Krebs on Security takes a closer look at the significant data breach at National Public Data. Toyota confirms a data breach after their data shows up on a hacking forum. A critical Jenkins vulnerability is added to CISA’s Known Exploited Vulnerabilities catalog. Cybercriminals steal credit card info from the Oregon Zoo. Guest CJ Moses, CISO at Amazon, discussing partnership and being a good custodian of the community in threat intel and information sharing. CISA gets new digs. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest CJ Moses , CISO at Amazon , speaks with N2K ’s Brandon Karpf about partnership and being a good custodian of the community in threat intel and information sharing at re:Inforce 2024 . Selected Reading Democratic Party Platform Contains Three Cyber Goals (Metacurity) US warns of Iranian hackers escalating influence operations (Bleeping Computer) Critical WordPress Plugin RCE Vulnerability Impacts 100k+ Sites (Cyber Security News) Windows driver zero-day exploited by Lazarus hackers to install rootkit (Bleeping Computer) National Public Data Published Its Own Passwords (Krebs on Security) Toyota confirms breach after stolen data leaks on hacking forum (Bleeping Computer) Critical Jenkins vulnerability added to CISA’s known vulnerabilities catalog (SC Media) <a href="https://therecor
S8 E2132 · Mon, August 19, 2024
Mic, camera, and more at risk.
Cisco Talos discovers vulnerabilities in Microsoft applications for macOS. OpenAI disrupts an Iranian influence campaign. Jewish Home Lifecare discloses a data breach affecting over 100,000. Google tests an auto-redaction feature in Chrome for Android. Unicoin informs the SEC that it was locked out of G-Suite for four days. House lawmakers raise concerns over China-made WiFi routers. Moody’s likens the switch to post-quantum cryptography to the Y2K bug. Diversity focused tech nonprofits grapple with flagging support. Tim Starks of CyberScoop is back to discuss his investigation of a Russian hacking group targeting human rights groups. Smart phones get some street smarts. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest We welcome Tim Starks of CyberScoop back to discuss his story " Russian hacking campaign targets rights groups, media, former US ambassador. " Selected Reading Vulnerabilities in Microsoft’s macOS apps could help hackers access microphones and cameras (The Record) OpenAI Disrupts Iranian Misinformation Campaign (The New York Times) 100,000 Impacted by Jewish Home Lifecare Data Breach (SecurityWeek) Chrome will redact credit cards, passwords when you share Android screen (Bleeping Computer) Crypto firm says hacker locked all employees out of Google products for four days (The Record) House lawmakers push Commerce Department to probe Chinese Wi-Fi router company (CyberScoop) Moody's sounds alarm on quantum computing risk, as transition to PQC ‘will be long and costly’ (Industrial Cyber) The movement to diversify Silicon Valley is crumbling amid a
Bonus · Sun, August 18, 2024
Robert Lee: Keeping the lights on. [ICS] [Career Notes]
Enjoy this special encore with CEO and co-founder of Dragos Robert Lee, as he talks about how he came to cybersecurity through industrial control systems. Growing up with parents in the Air Force, Robert's father tried to steer him away from military service. Still Rob chose to attend the Air Force Academy where he had greater exposure to computers through ICS. Robert finds his interest lies in things that impact the physical world around us. In his work, Dragos focuses on identifying what people are doing bad and helping people understand how to defend against that. Rob describes the possibility of making a jump to control system security from another area recommending you bring something to the table. Rob talks about the world he would like to leave to his son and his hopes for the future. We thank Rob for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, August 17, 2024
Essential tools with critical security challenges. [Research Saturday]
Snir Ben Shimol from ZEST Security on their work, "How we hacked a cloud production environment by exploiting Terraform providers." In this blog, ZEST discusses the security risks associated with Terraform providers, particularly those from community sources. The research highlights the importance of carefully vetting providers, regular scanning, and following best practices like version pinning to mitigate potential vulnerabilities in cloud infrastructure management. The research can be found here: The hidden risks of Terraform providers Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E2131 · Fri, August 16, 2024
Demo-lition derby: iVerify and Google clash over pixel app pitfalls.
Google and iVerify clash over the security implications of an Android app. CISA has issued a warning about a critical vulnerability in SolarWinds Web Help Desk. Ransomware attacks targeting industrial sectors surge. Microsoft is rolling out mandatory MFA for Azure. Banshee Stealer is a new macOS-targeted malware developed by Russian threat actors. A popular flight tracking website exposes users’ personal and professional information. San Francisco goes after websites generating deepfake nudes. Daniel Blackford, Director of Threat Research at Proofpoint, joins us to discuss emerging tactics used by threat actors and trends in e-crime tied to nation states. Scammers Use Google to Scam Google. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Daniel Blackford , Director of Threat Research at Proofpoint , joined us while he was out at Black Hat to discuss emerging tactics used by threat actors and trends in e-crime tied to nation states. Selected Reading Google to remove app from Pixel devices following claims that it made phones vulnerable (The Record) Nearly All Google Pixel Phones Exposed by Unpatched Flaw in Hidden Android App (WIRED) SolarWinds Web Help Desk Vulnerability Possibly Exploited as Zero-Day (SecurityWeek) Microsoft Mandates MFA for All Azure Sign-Ins (Infosecurity Magazine) New Banshee Stealer macOS Malware Priced at $3,000 Per Month (SecurityWeek) Dragos reports resurgence of ransomware attacks on industrial sectors, raising likelihood of targeting OT networks (Industrial Cyber) CISA Releases Eleven Industrial Control Systems Advisories (CISA) FlightAware Exposed Pilots’ and Users’ Info (404 Media)<
S8 E2130 · Thu, August 15, 2024
Weeding out 'worms' for Window's users.
Microsoft urges users to patch a critical TCP/IP remote code execution vulnerability. Texas sues GM over the privacy of location and driving data. Google says Iran’s APT42 is responsible for recent phishing attacks targeting presidential campaigns. Doppelgänger struggles to sustain its operations. Sophos X-Ops examines the Mad Liberator extortion gang. Fortra researchers document a potential Blue Screen of Death vulnerability on Windows. China’s Green Cicada Network creates over 5,000 AI-controlled inauthentic X(Twitter) accounts. Kim Dotcom is being extradited to the United States. Our guest is Rui Ribeiro, CEO at JScrambler, to discuss how the extensive use of first and third-party JavaScript is a blessing and a curse. Wireless shifting can really grind your gears. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Today’s guest Rui Ribeiro , JScrambler 's CEO, joins us to discuss how the extensive use of first and third-party JavaScript is both a blessing and a curse. Selected Reading Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now (Bleeping Computer) Texas sues General Motors over car data tracking (POLITICO) Google: Iranian Group APT42 Behind Trump, Biden Hack Attempts (Security Boulevard) Doppelgänger operation rushes to secure itself amid ongoing detections, German agency says (The Record) Palo Alto Networks Patches Unauthenticated Command Execution Flaw in Cortex XSOAR (SecurityWeek) A new extortion crew, Mad Liberator, emerges on the scene (The Register) Beware, Windows users. Newly-spotted CVE-2024-6768 vulnerability can cause blue screen (MSPoweruser) Cybe
S8 E2132 · Wed, August 14, 2024
A health bot’s security slip-up.
Researchers at Tenable uncovered severe vulnerabilities in Microsoft’s Azure Health Bot Service. Scammers use deepfakes on Facebook and Instagram. Foreign influence operations target the Harris presidential campaign. An Idaho not-for-profit healthcare provider discloses a data breach. Research reveals a troubling trend of delayed and non-disclosure of ransomware attacks by organizations. Patch Tuesday roundup. Palo Alto Networks’ Unit 42 revealed a significant security risk in open-source GitHub projects. Enzo Biochem will pay $4.5 million to settle charges of inadequate security protocols. Our guest is Stephanie Schneider, Cyber Threat Intelligence Analyst at LastPass, joins us to discuss the ongoing Snowflake account attacks driven by exposed legitimate credentials. Mining for profits on Airbnb. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest Stephanie Schneider , Cyber Threat Intelligence Analyst at LastPass , joins us to discuss the ongoing Snowflake account attacks driven by exposed legitimate credentials and how enterprises can boost their defenses against these types of attacks. Selected Reading Critical Vulnerability Found in Microsoft’s AI Healthcare Chatbot (Infosecurity Magazine) UK Prime Minister Keir Starmer and Prince William deepfaked in investment scam campaign (Bitdefender) FBI told Harris campaign it was target of 'foreign actor influence operation,' official says (Reuters) 3AM ransomware stole data of 464,000 Kootenai Health patients (Bleeping Computer) Report reveals lag in disclosure of ransomware attacks in 2023 (Security Brief) Fortinet, Zoom Patch Multiple Vulnerabilities (SecurityWeek) Chipmaker Patch Tuesd
S8 E2128 · Tue, August 13, 2024
From dispossessor to disposed.
The FBI is the repossessor of Dispossessor. The NCA collars and extradites a notorious cybercriminal. A German company loses sixty million dollars to business email compromise. DeathGrip is a new Ransomware-as-a-Service (RaaS) platform. Russia blocks access to Signal. NIST publishes post-quantum cryptography standards. DARPA awards $14 million to teams competing in the AI Cyber Challenge. On our Solution Spotlight, N2K President Simone Petrella talks with Lee Parrish, CISO of Newell Brands, about his book "The Shortest Hour: An Applied Approach to Boardroom Governance of Cyber Security". AI generates impossible code - for knitters and crocheters. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On our Solution Spotlight, N2K President Simone Petrella talks with Lee Parrish , CISO of Newell Brands , about his book " The Shortest Hour: An Applied Approach to Boardroom Governance of Cyber Security " and security relationship management. Coming tomorrow, stay tuned for a special edition with Simone and Lee’s full conversation. Selected Reading FBI strikes down rumored LockBit reboot (CSO Online) Suspected head of prolific cybercrime groups arrested and extradited (National Crime Agency) Orion SA says scammers conned company out of $60 million (The Register) DeathGrip Ransomware Expanding Services Using RaaS Service (GB Hackers) Swiss manufacturer investigating ransomware attack that shut down IT network (The Record) Russia Blocks Signal Messaging App as Authorities Tighten Control Over Information (SecurityWeek) Post-Quantum Cryptography Standards Officially Announced by NIST – a History and Explanation (SecurityWeek) <a href="http
S9 E69 · Tue, August 13, 2024
Solution Spotlight: Simone Petrella talking with Lee Parrish, CISO of Newell Brands, about his book and security relationship management. [Special Edition]
On this Solution Spotlight, guest Lee Parrish , author and CISO at Newell Brands , joins N2K President Simone Petrella to discuss his book " The Shortest Hour: An Applied Approach to Boardroom Governance of Cyber Security " and security relationship management. Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E2127 · Mon, August 12, 2024
Confidential or compromised?
The Trump campaign claims its email systems were breached by Iranian hackers. A Nashville man is arrested as part of an alleged North Korean IT worker hiring scam. At Defcon, researchers reveal significant vulnerabilities in Google’s Quick Share. Ransomware attacks hit an Australian gold mining company as well as multiple U.S. local governments. GPS spoofing is a matter of time. Cisco readies another round of layoffs. Nearly 2.7 billion records of personal information for people in the United States have been shared on a hacking forum. Our own Rick Howard speaks with Mark Ryland, Director of Amazon Security, about formal verification. A hacker hacks the hackers. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On today’s guest slot, N2K ’s CSO Rick Howard speaks with Mark Ryland , Director of Amazon Security at AWS , about formal verification, which is logical proofs about correctness of systems, at AWS re:Inforce. Rick and Mark caught up at AWS re:Inforce 2024 . Selected Reading Experts warn of election disruptions after Trump says campaign was hacked (Washington Post) Nashville man arrested for running “laptop farm” to get jobs for North Koreans (Ars Technica) Google Patches Critical Vulnerabilities in Quick Share After Researchers' Warning (Hackread) Australian gold mining company Evolution Mining announces ransomware attack (The Record) GPS spoofers 'hack time' on commercial airlines, researchers say (Reuters) Exclusive: Cisco to lay off thousands more in second job cut this year (Reuters) Hackers leak 2.7 billion data records with Social Security numbers (Bleeping C
S10 E96 · Mon, August 12, 2024
What does materiality mean exactly?
Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses the meaning of cybersecurity materiality. References: Amy Howe, 2024. Supreme Court strikes down Chevron, curtailing power of federal agencies [Blog] Cydney Posner, 2023. SEC Adopts Final Rules on Cybersecurity Disclosure [Explainer]. The Harvard Law School Forum on Corporate Governance. Cynthia Brumfield, 2022. 5 years after NotPetya: Lessons learned Analysis]. CSO Online. Eleanor Dallaway, 2023. Closed for Business: The Organisations That Suffered Fatal Cyber Attacks that Shut Their Doors For Good [News]. Assured . Gary Cohen, 2021. Throwback Attack: Chinese hackers steal plans for the F-35 fighter in a supply chain heist [Explainer]. Industrial Cybersecurity Pulse. James Pearson, 2022. Russia downed satellite internet in Ukraine [News]. Reuters. Katz, D., 2021. Corporate Governance Update: “Materiality” in America and Abroad [Essay]. The Harvard Law School Forum on Corporate Governance. Kim Zetter, 2014. Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon [Cybersecurity Canon Hall of Fame Book]. Goodreads. Lizárraga, C.J., 2023. Improving the Quality of Cybersecurity Risk Management Disclosures [Essay]. U.S. Securities and Exchange Commission. MATTHEW DALY, 2024. Supreme Court Chevron decision: What it means for federal regulations [WWW Document]. AP News. Rick Howard. Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon [Book Review]. Cybersecurity Canon Project. Rick Howard, 2021. Using cyber sand
Bonus · Sun, August 11, 2024
Andrea Little Limbago: Look at the intersection of the of humans and technology. [Social Science]
Enjoy this special encore episode: Computational Social Scientist Andrea Little Limbago shares her journey as a social scientist in cybersecurity. Andrea laments that she wishes she'd known there is no straight line between what you think you want to do and then where you end up going. Beginning her career in international relations and courted by the Department of Defense's Joint Warfare Analysis Center while teaching at New York University, Andrea began her work in cybersecurity. Her team was one of the first to start thinking about the intersection of cybersecurity and geopolitics and quantitative modeling. Andrea reminds us there are many paths and skills needed in cybersecurity and hopes she's opened some doors for others. We thank Andrea for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E341 · Sat, August 10, 2024
Prompts gone rogue. [Research Saturday]
Shachar Menashe, Senior Director of Security Research at JFrog, is talking about "When Prompts Go Rogue: Analyzing a Prompt Injection Code Execution in Vanna.AI." A security vulnerability in the Vanna.AI tool, called CVE-2024-5565, allows hackers to exploit large language models (LLMs) by manipulating user input to execute malicious code, a method known as prompt injection. This poses a significant risk when LLMs are connected to critical functions, highlighting the need for stronger security measures. The research can be found here: When Prompts Go Rogue: Analyzing a Prompt Injection Code Execution in Vanna.AI Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E2126 · Fri, August 09, 2024
The 18-year stowaway.
Deep firmware vulnerabilities affect chips from AMD. CISA warns of actively exploited Cisco devices. Solar inverters are found vulnerable to disruption. Iran steps up efforts to interfere with U.S. elections. The UN passes its first global cybercrime treaty. ADT confirms a data breach. A longstanding browser flaw is finally fixed. Crash reports help unlock the truth. Rob Boyce of Accenture shares his thoughts live from Las Vegas at the Black Hat conference. These scammers messed with the wrong guy. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest We are joined by podcast partner Rob Boyce of Accenture sharing his thoughts as our man on the street from the Black Hat USA 2024 . Selected Reading ‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections (WIRED) Warnings Issued Over Cisco Device Hacking, Unpatched Vulnerabilities (SecurityWeek) Series Of Solar Power System Vulnerabilities Impacts Millions Of Installations (Cyber Security News) Microsoft: Iran makes late play to meddle in U.S. elections (CyberScoop) UN cybercrime treaty passes in unanimous vote (The Record) ADT confirms data breach after customer info leaked on hacking forum (Bleeping Computer) It's 2024 and we're just getting round to stopping browsers insecurely accessing 0.0.0.0 (The Register) Computer Crash Reports Are an Untapped Hacker Gold Mine (WIRED) USPS Text Scammers Duped His Wife, So He Hacked Their Operation (WIRED) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please ta
S8 E2129 · Thu, August 08, 2024
Cybersecurity leaders gear up for the ultimate test.
Black Hat kicks off with reassurances from global cyber allies. Researchers highlight vulnerabilities in car head units, AWS and 5G basebands. Alleged dark web forum leaders are charged in federal court. Tens of thousands of ICS devices are vulnerable to weak automation protocols. Kimsuky targets universities for espionage. Ransomware claims the life of a calf and its mother. A look at job risk in the face of AI. In our Threat Vector segment, host David Moulton speaks with Nir Zuk, Founder and CTO of Palo Alto Networks, about the future of cybersecurity. An alleged cybercrime rapper sees his Benjamins seized. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . Threat Vector Segment In this Threat Vector segment, host David Moulton , Unit 42 Director of Thought Leadership, converses with Nir Zuk , Founder and CTO of Palo Alto Networks , about the future of cybersecurity. They discuss the pressing challenges organizations face today and the pivotal shift from traditional defense strategies to a mindset that assumes breaches. To listen to their full conversation, check out the episode here . You can catch new episodes of Threat Vector every Thursday on the N2K CyberWire network. Selected Reading US elections have never been more secure, says CISA chief (The Register) Black Hat USA 2024: vehicle head unit can spy on you, researchers reveal (Cybernews) AWS Patches Vulnerabilities Potentially Allowing Account Takeovers (SecurityWeek) Hackers could spy on cell phone users by abusing 5G baseband flaws, researchers say (TechCrunch) Exclusive: Massive Criminal Online Platform Disrupted (Court Watch) Web-Connected Industrial Control Systems Vulnerable to Attack (Security Boulevard) <a href="https://www.infosecurity-mag
S8 E2124 · Wed, August 07, 2024
When updates attack.
Crowdstrike releases a postmortem. LoanDepot puts a multimillion dollar price tag on their ransomware incident. RHADAMANTHYS info stealer targets Israelis. Zola ransomware is an advanced evolution of the Proton family. Firefox fixes several high-severity vulnerabilities. Researchers at Certitude uncover a vulnerability in Microsoft 365’s anti-phishing measures. Threat actors exploit legitimate anti-virus software for malicious purposes. Samsung’s new bug bounty program offers rewards up to a million dollars. Guest Adam Marré, CISO at Arctic Wolf, joining us to share his observations on the ground at Black Hat USA 2024. Ransomware gangs turn the screws and keep up with the times. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest Adam Marré , CISO at Arctic Wolf , joining us to share his observations as our man on the street from Black Hat USA 2024 . Selected Reading CrowdStrike Publishes Technical Root Cause Analysis of Faulty Falcon Update (Cyber Security News) Ransomware Attack Cost LoanDepot $27 Million (SecurityWeek) RHADAMANTHYS Stealer Weaponizing RAR Archive To Steal Login Credentials (Cyber Security News) New Zola Ransomware Using Multiple Tools to Disable Windows Defender (GB Hackers) Firefox Patches Multiple High Severity Vulnerabilities (Cyber Security News) Exploring Anti-Phishing Measures in Microsoft 365 (Certitude Blog) Hackers Hijack Anti-Virus Software Using SbaProxy Hacking Tool (Cyber Security News) Samsung to pay $1,000,000 for RCEs on Galaxy’s secure vault (Bleeping Computer) Turning the screws: The pressure tactics of ransomware gangs (Sophos News) Share
S8 E2123 · Tue, August 06, 2024
Cyberattack calls for an early dismissal.
Thousands of education sector devices have been maliciously wiped after an attack on a UK MDM firm. A perceived design flaw in Microsoft Authenticator leaves users locked out of accounts. SharpRino charges ahead to deploy ransomware. North Korea’s Stressed Pungsan provides initial access points for malware distribution. Magniber ransomware targets home users and SMBs. Google patches an Android zero-day. A new Senate bill aims to treat ransomware as terrorism. Microsoft ties security to employee compensation. Guest Kim Kischel, Director of Cybersecurity Product Marketing at Microsoft, discusses how AI is impacting the unified security operations center. A victim of business email compromise gets some good news. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest Kim Kischel , Director of Cybersecurity Product Marketing at Microsoft , discusses how AI is impacting the unified security operations center and how it's changing the way defenders defend. Selected Reading Over 13,000 phones wiped clean as cyberattack cripples Mobile Guardian (CSO Online) Design Flaw Has Microsoft Authenticator Overwriting MFA Accounts, Locking Users Out (Slashdot) Network Admins Beware! SharpRhino Ransomware Attacking Mimic as Angry IP Scanner (Cyber Security News) North Korean Hackers Attacking Windows Users With Weaponized npm Files (Cyber Security News) Surge in Magniber ransomware attacks impact home users worldwide (Bleeping Computer) Google Patches Android Zero-Day Exploited in Targeted Attacks (SecurityWeek) Intelligence bill would elevate ransomware to a terrorist threat (CyberScoop) Microsoft is binding employee bonuses and promo
S8 E2122 · Mon, August 05, 2024
TikTok in the hot seat...again.
The justice department sues TikTok over alleged violations of children’s online privacy laws. Bad blood between Crowdstrike and Delta Airlines. The UK once again delays upgrades to their cybercrime reporting center. Apache OFBiz users are urged to patch a critical vulnerability. SLUBStick is a newly discovered Linux Kernel attack. CISA releases a handy guide to help software suppliers manage security risk. StormBamboo poisons DNS queries to deliver targeted malware. The White House looks to help close the cybersecurity skills gap with $15 million in scholarships. Our guest US Congressional candidate from Oklahoma, Madison Horn, speaking with my Caveat co host Ben Yelin about national security and cyberwarfare. Chewing on rumors of Olympic sabotage. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest US Congressional candidate from Oklahoma, Madison Horn , speaks with Caveat co host Ben Yelin about national security and cyberwarfare. You can hear the full interview on our latest episode of Caveat here . CSO Perspectives This week on N2K Pro’s CSO Perspectives podcast , host and N2K CSO Rick Howard focuses on “Cybersecurity is radically asymmetrically distributed.” Rick and Dave do a preview. You can find the full episode here if you are an N2K Pro subscriber, otherwise check out an extended sample here . Selected Reading Justice Department Sues TikTok, Accusing the Company of Illegally Collecting Children's Data (SecurityWeek) CrowdStrike says it’s not to blame for Delta’s days-long outage (The Verge) Replacement for Action Fraud, UK’s cybercrime reporting service, delayed again until 2025 (The Record) Apache O
S10 E95 · Mon, August 05, 2024
Cybersecurity is radically asymmetrically distributed.
Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses the idea that Cybersecurity is radically asymmetrically distributed. It means that cybersecurity risk is not the same for all verticals and knowing that may impact the first principle strategies you choose to protect your enterprise. For a complete reading list and even more information, check out Rick’s more detailed essay on the topic. References: André Munro, 2024. Liberal democracy [Explainer]. Encyclopedia Britannica. David Weedmark, 2017. Why do some states require emissions testing? [Explainer]. Autoblog. Kara Rogers, 2020. What Is a Superspreader Event? [Explainer]. Encyclopedia Britannica. Lara Salahi, 2021. 1 Year Later: The ‘Superspreader’ Conference That Sparked Boston’s COVID Outbreak [News]. NBC10 Boston. Malcolm Gladwell, 2002. The Tipping Point: How Little Things Can Make a Big Difference [Book]. Goodreads. Malcolm Gladwell, 2005. Blink: The Power of Thinking Without Thinking [Book]. Goodreads. Malcolm Gladwell, 2008. Outliers: The Story of Success [Book]. Goodreads. Malcolm Gladwell, 2019. Talking to Strangers: What We Should Know About the People We Don’t Know [Book]. Goodreads. Malcolm Gladwell, 2021. The Bomber Mafia: A Dream, a Temptation, and the Longest Night of the Second World War [Book]. Goodreads. Malcom Gladwell, 2024. Medal of Honor: Stories of Courage [Podcast]. Pushkin Industries. Malcolm Gladwell. Revisionist History [Podcast]. Pushkin Industries. Michael Lewis, 2003. Moneyball: The Art of Winning an Unfair Game [Book]. Goodreads. Michael Lewis. Against the Rules [Podcast]. Pushkin Industries. <a href="https://
S8 E340 · Sat, August 03, 2024
Spinning the web of tangled tactics. [Research Saturday]
This week, we are joined by Jason Baker, Senior Threat Consultant at GuidePoint Security, and he is discussing their work on "Worldwide Web: An Analysis of Tactics and Techniques Attributed to Scattered Spider." In early 2024, a current RansomHub RaaS affiliate was identified as a former Alphv/Black Cat affiliate and is believed to be linked to the Scattered Spider group, known for using overlapping tools, tactics, and victims. The high-confidence assessment by GuidePoint’s DFIR and GRIT teams is supported by the consistent use of tools like ngrok and Tailscale, social engineering tactics, and systematic playbooks in intrusions. The research can be found here: Worldwide Web: An Analysis of Tactics and Techniques Attributed to Scattered Spider Learn more about your ad choices. Visit megaphone.fm/adchoices
S1 E27 · Sat, August 03, 2024
Ron Brash: Problem fixer in critical infrastructure. [OT] [Career Notes]
Director of Cyber Security Insights at Verve Industrial aka self-proclaimed industrial cybersecurity geek Ron Brash shares his journey through the industrial cybersecurity space. From taking his parents 286s and 386s to task to working for the "OG of industrial cybersecurity," Ron has pushed limits. Starting off in technical testing, racing through university at 2x speed, and taking a detour through neuroscience with machine learning, Ron decided to return to critical infrastructure working with devices that keep the lights on and the water flowing. Ron hopes his work makes an impact and his life is memorable for those he cares about. We thank Ron for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E2121 · Fri, August 02, 2024
A high-stakes swap.
Notorious Russian cybercriminals head home after an historic prisoner exchange. An Israeli hacktivist group claims responsibility for a cyberattack that disrupted internet access in Iran. The U.S. Copyright Office calls for federal legislation to combat deep fakes. Cybercriminals are using a Cloudflare testing service for malware campaigns. The GAO instructs the EPA to address rising cyber threats to water and wastewater systems. Claroty reports a vulnerability in Rockwell Automation’s ControlLogix devices. Apple has open-sourced its homomorphic encryption (HE) library. CISA warns of a high severity vulnerability in Avtech Security cameras, and the agency appoints its first Chief AI Officer. We welcome Tim Starks of CyberScoop back to the show today to discuss President Biden's cybersecurity legacy. Can an AI chatbot recognize its own reflection? Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guests Welcoming Tim Starks of CyberScoop back to the show today to discuss Biden's cybersecurity legacy. For more information, you can check out Tim’s article “ Biden’s cybersecurity legacy: ‘a big shift’ to private sector responsibility. ” The National Cybersecurity Strategy can be found here . Dave also sits down with Errol Weiss , CSO of Health-ISAC , sharing their reaction to the ransomware attacks against healthcare. Health-ISAC and the American Hospital Association (AHA) have issued an advisory to raise awareness of the potential cascading impacts of cyberattacks on healthcare suppliers and the importance of mitigating single points of failure in supply chains. Recent ransomware attacks on OneBlood, Synnovis, and Octapharma by Russian cybercrime gangs have caused significant disruptions to patient care, emphasizing the need for healthcare organizations to incorporate mission-critical third-party suppliers into their risk and emergency management plans. Selected Reading Jailed cybercriminals returned to Russia in historic prisoner swap (Cyber
S8 E2120 · Thu, August 01, 2024
Ransomware strikes a nerve.
The U.S. blood supply is under pressure from a ransomware attack. CrowdStrike shareholders sue the company. There’s a critical vulnerability in Bitdefender’s GravityZone Update Server. BingoMod RAT targets Android users. Hackers use Google Ads to trick users into a fake Google Authenticator app. Western Sydney University confirms a major data breach. Marylands leads the way in gift card scam prevention. NSA is all-in on AI. My guest is David Moulton, host of Palo Alto Networks' podcast Threat Vector. Attention marketers: AI isn’t the buzzword you think it is. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest David Moulton , host of Palo Alto Networks ' podcast Threat Vector and Director of Thought Leadership, discussing the evolution of his show and what we can expect to see coming next. You can catch the latest episode of Threat Vector where David welcomes Palo Alto Networks Founder and CTO Nir Zuk here . Selected Reading Ransomware attack on major US blood center prompts hundreds of hospitals to implement shortage protocols (The Record) CrowdStrike sued by shareholders over global outage (BBC) Bitdefender Flaw Let Attackers Trigger Server-Side Request Forgery Attacks (GB Hackers) BingoMod Android RAT Wipes Devices After Stealing Money (SecurityWeek) Google being impersonated on Google Ads by scammers peddling fake Authenticator (Cybernews) Western Sydney University reveals full scope of January data breach (Cyber Daily) Maryland becomes first state to pass law against gift card draining (CBS News) More than 7,000 NSA analysts are using generative AI tools, director says (Defense One) <a href="https://futur
S8 E2119 · Wed, July 31, 2024
When DDoS and defense collide.
A global Microsoft outage takes down Outlook and Minecraft. The US Senate passes The Kids Online Safety and Privacy Act. Lame Duck domain names are targets for takeovers. A GeoServer vulnerability exposes thousands to remote code execution. China proposes a national internet ID. Email attacks surge dramatically in 2024. Columbus Ohio thwarts a ransomware attack. When it comes to invading your privacy, the Paris 2024 Olympics app goes for the gold. Our guest is Rakesh Nair, Senior Vice President of Engineering and Product at Devo, discussing the issues that security teams face when dealing with data control and data orchestration. Was it really Windows 3.1 that saved Southwest Airlines? Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest is Rakesh Nair , Senior Vice President of Engineering and Product at Devo , discussing the issues that security teams face when dealing with data control and data orchestration. You can read more here . Selected Reading Microsoft apologises after thousands report new outage (BBC News) Microsoft: Ransomware gangs exploit VMware ESXi auth bypass in attacks (Bleeping Computer) Senate Passes Bill to Protect Kids Online and Make Tech Companies Accountable for Harmful Content (SecurityWeek) Don’t Let Your Domain Name Become a “Sitting Duck” (Krebs on Security) Hackers Actively Exploiting GeoServer RCE Flaw, 6635 Servers Vulnerable (Cyber Security News) China Wants to Start a National Internet ID System (The New York Times) Email Attacks Surge, Ransomware Threat Remains Elevated (Security Boulevard) <a href="https://www.dispatch.com/story/news/local/2024/07/29/columbus-email-restored-tech-cyber-
S8 E2118 · Tue, July 30, 2024
Breaking Bad (records).
ZScaler uncovers the largest ransomware payment to date. IBM says the average cost of a breach is closing in on five million dollars. Hackers exploited Proofpoint's email protection platform to send millions of phishing emails. NIST launches Dioptra to test ML models. AcidPour targets Linux data storage devices for wiping. WhatsApp for Windows allows Python to run wild. The White House releases the National Standards Strategy for Critical and Emerging Technology (USG NSSCET) Implementation Roadmap. A bipartisan Senate bill aims to fund cybersecurity apprenticeships. CISA adds three exploits to its vulnerability catalog. Ben Yelin joins us today to discuss a U.S. District Court judge’s recent dismissal of charges against SolarWinds. Loose lips sink ships, but leaky HDMI cables flood the airwaves with digital data. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Ben Yelin , co-host of our Caveat podcast and Program Director, Public Policy & External Affairs at University of Maryland Center for Health and Homeland Security , joins us today to discuss the U.S. District Court judge dismissing most charges against SolarWinds. For more detail on the SolarWinds decision, check out this article . Selected Reading Zscaler just uncovered what could be the largest ransomware payment of all time (ITPro) Hackers exploit Proofpoint to send millions of phishing emails (Tech Monitor) Average data breach cost jumps to $4.88 million, collateral damage increased (Help Net Security) NIST releases open-source platform for AI safety testing (SC Media) AcidPour Malware Attacking Linux Data Storage Devices To Wipe Out Data (GB Hackers) WhatsApp for Windows lets Python, PHP scripts execute with no warning (Bleeping Computer) <a href="https://industrialc
S8 E2117 · Mon, July 29, 2024
Are North Korean hackers going 'Seoul' searching?
South Korea investigates a substantial leak of military intelligence to the north. Google fixes a Workspace authentication weakness. Wiz identifies an API authentication vulnerability in Selenium Grid. The UK’s Science Secretary warns Britain is highly vulnerable to cyber threats. Global shipping faces a surge in cyber attacks. Apple has resolved the iCloud Private Relay outage. Google Chrome offers to scan encrypted archives for malware. Barath Raghavan and Bruce Schneier examine the brittleness of modern IT infrastructure. Guest Brian Gumbel, President and COO at Dataminr, joins us to discuss the convergence of cyber-physical realms. Rick Howard previews his latest CSO Perspectives episode on the state of Zero Trust. Teaching AI crawlers some manners. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest Brian Gumbel , President and COO at Dataminr , joins us to discuss the convergence of cyber-physical realms. Cybersecurity is no longer just a matter of protecting data on servers or computers, a cyber-attack can have tangible, real-world consequences. CSO Perspectives This week on N2K Pro’s CSO Perspectives podcast , host and N2K CSO Rick Howard focuses on “The current state of zero trust.” Hear a bit about it from Rick and Dave. You can find the full episode here if you are an N2K Pro subscriber, otherwise check out an extended sample here . Selected Reading South Korea Reports Leak From Its Military Intelligence Command (New York Times) Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services (Krebs on Security) Selenium Grid Instances Exploited for Cryptomining (SecurityWeek) UK ‘desperately exposed’ to
S10 E94 · Mon, July 29, 2024
The current state of the zero trust.
Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses the current state of zero trust with CyberWire Hash Table guest John Kindervag, the originator of the zero trust idea. References: Jonathan Jones, 2011. “Six Honest Serving Men” by Rudyard Kipling [Video]. YouTube. Dave Bittner, Rick Howard, John Kindervag, Kapil Raina, 2021. Zeroing in on zero trust. [Podcast]. CyberWire-X Podcast - N2K Cyberwire. Dawn Cappelli, Andrew Moore, Randall Trzeciak, 2012. The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud) [Book]. SEI Series in Software Engineering). Goodreads. Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads. John Kindervag, 2010. No More Chewy Centers: Introducing The Zero Trust Model Of Information Security [White Paper]. Palo Alto Networks. Learn more about your ad choices. Visit megaphone.fm/adchoices
S1 E24 · Sun, July 28, 2024
Encore: Camille Stewart: Technology becomes more of an equalizer. [Legal] [Career Notes]
Cybersecurity attorney Camille Stewart shares how her childhood affinity for making contracts pointed to her eventual career as an attorney. Having a computer scientist father contributed to Camille's technical acumen and desire to include technology in her life's work. Camille has worked various facets of cybersecurity law from the private sector, federal government, on the Hill and in the Executive Branch, and now as part of Big Tech as Head of Security Policy and Election Integrity for Google Play and Android where she creates policy geared towards making sure users are safe on their platform and equipped to make informed decisions.. We thank Camille for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
S9 E68 · Sun, July 28, 2024
Streamlining the US Navy's innovation process: A conversation with Acting CTO Justin Fanelli. [Special Edition]
N2K ’s Brandon Karpf speaks with guest Justin Fanelli , Acting CTO of the US Navy , about the US Navy streamlining the innovation process. For some background, you can refer to this article . Additional resources: PEO Digital Innovation Adoption Kit Atlantic Council’s Commission on Defense Innovation Adoption For industry looking to engage with PEO Digital: Industry Engagement Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E339 · Sat, July 27, 2024
The Black Basta ransomware riddle. [Research Saturday]
Dick O'Brien from Symantec Threat Hunter team is talking about their work on "Ransomware Attackers May Have Used Privilege Escalation Vulnerability as Zero-day." Also going to provide some background/history on Black Basta. CVE-2024-26169 in the Windows Error Reporting Service, patched on March 12, 2024, allowed privilege escalation. Despite initial claims of no active exploitation, recent analysis indicates it may have been exploited as a zero-day before the patch. The research can be found here: Ransomware Attackers May Have Used Privilege Escalation Vulnerability as Zero-day Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E2116 · Fri, July 26, 2024
FBI and DOJ thwart North Korean cyber scheme.
A North Korean hacker is indicted for major cyberattacks. CrowdStrike’s in recovery mode. Phishing thrives in the wake of BSOD chaos. Wiz spells out no to Alphabet's $23bn offer. France goes full clean-up. Israel's secret shield in spyware saga. KOSA and COPPA 2.0 promise safer surfing for kids. N2K’s CSO Rick Howard speaks with Steve Schmidt, CSO of Amazon, about the culture of security and what it means to the CSO role. And last but not least, hacking can happen to anyone. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On today’s guest slot, N2K ’s CSO Rick Howard speaks with Steve Schmidt , CSO of Amazon , about the culture of security and what it means to the CSO role. They touch upon the SEC reporting requirements and how testing is never done. Rick and Steve caught up at AWS re:Inforce 2024 . Selected Reading US indicts alleged North Korean state hacker for ransomware attacks on hospitals (The Record) North Korean Military Hacker Indicted for String of US Attacks (Metacurity) CrowdStrike says over 97% of Windows sensors back online (Reuters) Threat Actors leveraging the recent CrowdStrike update outage (FortiGuard Labs) Cyber-security firm rejects $23bn Google takeover (BBC) ECB's cyber security test shows 'room for improvement' for banks (Reuters) France launches large-scale operation to fight cyber spying ahead of Olympics (The Record) Israel Maneuvered to Prevent Disclosure of State Secrets amid WhatsApp vs NSO Lawsuit (Forbidden Stories) <a href="https://www.insideprivacy.com/childrens-privacy/kos
S8 E2115 · Thu, July 25, 2024
Playing doctor with cyberattacks.
A North Korean hacking group targets healthcare, energy and finance. Leaked Leidos documents surface on the dark web. A Middle Eastern financial institution suffered a record-breaking DDoS attack. The latest tally on the fallout from the Crowdstrike outage. A cybersecurity audit of HHS reveals significant cloud security gaps. Docker patches a critical vulnerability for the second time. Google announced enhanced protections for Chrome users. In our latest Threat Vector segment, David Moulton speaks with Sama Manchanda, a Consultant at Unit 42, to explore the evolving landscape of social engineering attacks. If you’re heading to Paris for the Summer Olympics, smile for the AI cameras. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest In this segment of Threat Vector, David Moulton , Director of Thought Leadership at Unit 42 , engages with Sama Manchanda , a Consultant at Unit 42, to explore the evolving landscape of social engineering attacks, particularly focusing on vishing and smishing. As election season heats up, these threats are becoming more sophisticated, exploiting our reliance on mobile devices and psychological tactics. Sama provides expert insights into the latest trends, the psychological manipulations used in these attacks, and the specific challenges they pose to individuals and the democratic process. You can listen to Threat Vector every Thursday starting next week on the N2K CyberWire network. Check out the full episode with David and Sama here . Selected Reading Mandiant: North Korean Hackers Targeting Healthcare, Energy (BankInfo Security) Data pilfered from Pentagon IT supplier Leidos (The Register) DDoS Attack Lasted for 6 Days, Record created for the duration of the Cyberattack (Cyber Security News) Threat Actor Distributes Python-Based Information Stealer Using a Fake Falcon Sensor Update Lure (CrowdStrike) Fortune 500 stands to lost $5bn plus from
S8 E2114 · Wed, July 24, 2024
Ghost accounts haunt GitHub.
Stargazer Goblin hosts malicious code repositories on GitHub. Crowdstrike blames buggy validations checks for last week’s major incident. The Breachforums database reveals threat actor OPSEC. Windows Hello for Business (WHfB) was found vulnerable to downgrade attacks. A medical center in the U.S. Virgin Islands is hit with ransomware. Interisle analyzes the phishing landscape. The FTC orders eight companies to explain algorithmic pricing. Meta cracks down on the Nigerian Yahoo Boys. A fake IT worker gets caught in the act. My conversation with Nic Fillingham and Wendy Zenone, co-hosts of Microsoft Security's "The Bluehat Podcast.” Researchers wonder if proving you’re human proves profitable for Google. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Nic Fillingham and Wendy Zenone , co-hosts of Microsoft Security's " The Bluehat Podcast ," talking about what to expect on Bluehat on the N2K media network. You can catch the podcast every other Wednesday. Their latest episode launching today can be found here . Selected Reading A Hacker ‘Ghost’ Network Is Quietly Spreading Malware on GitHub (WIRED) CrowdStrike blames test software for taking down 8.5 million Windows machines (The Verge) BreachForums v1 database leak is an OPSEC test for hackers (Bleeping Computer) Goodbye? Attackers Can Bypass 'Windows Hello' Strong Authentication (Dark Reading) Schneider Regional Medical Center hit by ransomware attack (Beyond Machines) New phishing report names and shames TLDs, registrars (The Verge) FTC Issues Orders to Ei
S8 E2113 · Tue, July 23, 2024
Don't mess with the NCA.
UK law enforcement relieves DigitalStress. Congress summons Crowdstrike’s CEO to testify. FrostyGoop malware turned off the heat in Ukraine. EvilVideo is a zero-day exploit for Telegram. Daggerfly targets Hong Kong pro-democracy activists. Google has abandoned its plan to eliminate third-party cookies. The FCC settles with Tracfone Wireless over privacy and cybersecurity lapses. Wiz says no to Google and heads toward an IPO. N2K’s Brandon Karpf speaks with guest Justin Fanelli, Acting CTO of the US Navy, about streamlining the fleet’s innovation process. Target’s in-store AI misses the mark. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest N2K ’s Brandon Karpf speaks with guest Justin Fanelli , Acting CTO of the US Navy , about the US Navy streamlining the innovation process. For some background, you can refer to this article . Additional resources: PEO Digital Innovation Adoption Kit Atlantic Council’s Commission on Defense Innovation Adoption For industry looking to engage with PEO Digital: Industry Engagement Selected Reading Prolific DDoS Marketplace Shut Down by UK Law Enforcement (Infosecurity Magazine) Congress Calls for Tech Outage Hearing to Grill CrowdStrike C.E.O. (The New York Times) How Russia-Linked Malware Cut Heat to 600 Ukrainian Buildings in Deep Winter (WIRED) Telegram zero-day for Android allowed malicious files to masquerade as videos (The Record) Chinese Cyberespionage Group Expands Malware Arsenal (GovInfo Security) <a href="h
S8 E2112 · Mon, July 22, 2024
CrowdStrike and Microsoft battle blue screens across the globe.
Mitigation continues on the global CrowdStrike outage. UK police arrest a suspected member of Scattered Spider. A scathing report from DHS says CISA ignored a directive to cut ties with a faulty contractor. Huntress finds SocGholish distributing AsyncRAT. Ransomware takes down the largest trial court in the U.S. A US regulator finds many major banks inadequately manage cyber risk. CISA adds three critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Australian police forces combat SMS phishing attacks. Our guest Chris Grove, Director of Cybersecurity Strategy at Nozomi Networks, shares insights on the challenges of protecting the upcoming Summer Olympics. Rick Howard looks at Cyber Threat Intelligence. Appreciating the value of internships. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest The 2024 Summer Olympics start later this week in Paris. Our guest Chris Grove , Director of Cybersecurity Strategy at Nozomi Networks , discusses how, in addition to consumer issues, the actual events, games and facilities at the Olympics could be at risk of an attack. This week on CSO Perspectives This week on N2K Pro’s CSO Perspectives podcast , host and N2K CSO Rick Howard focus on “The current state of Cyber Threat Intelligence.” Hear a bit about it from Rick and Dave. You can find the full episode here if you are an N2K Pro subscriber, otherwise check out an extended sample here . Selected Reading Special Report: IT Disruptions Continue as CrowdStrike Sees Crisis Receding (Metacurity) Suspected Scattered Spider Member Arrested in UK (SecurityWeek) DHS watchdog rebukes CISA and law enforcement training center for failing to protect data (The Record) SocGholish malware used to spread AsyncRAT
S10 E93 · Mon, July 22, 2024
The current state of Cyber Threat Intelligence.
Rick Howard, The CSO, Chief Analyst, and Senior Fellow at N2K Cyber, discusses the current state of Cyber Threat Intelligence with CyberWire Hash Table guest John Hultquist, Mandiant’s Chief Analyst. References: Andy Greenberg, 2022. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book]. Goodreads. Josephine Wolff, October 2023. How Hackers Swindled Vegas [Explainer]. Slate. Rick Howard, 2023. Cybersecurity First Principles Book Appendix [Book Support Page]. N2K Cyberwire. Staff, September 2023. mWISE Conference 2023 [Conference Website]. Mandiant. Staff, n.d. VirusTotal Submissions Page [Landing Zone]. VirusTotal. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sun, July 21, 2024
Encore: James Hadley: Spend time on what interests you. [CEO] [Career Notes]
Founder and CEO of Immersive Labs James Hadley takes us through his career path from university to cybersecurity startup. James tells us about his first computer and how he liked to push it to its limits and then some. He joined GCHQ after college and consulted across government departments. Teaching in GCHQ's cyber summer school was where James felt a shift in his career. As a company founder, he shares that he is very driven, very fast and also very caring. James offers advice to those looking to get into the industry recommending they chase what interests them rather than certifications. We thank James for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, July 20, 2024
Olympic scammers go for gold. [Research Saturday]
This week, we are joined by Selena Larson, Staff Threat Researcher, Lead Intelligence Analysis and Strategy at Proofpoint, as well as host of the "Only Malware in the Building" podcast, as she is discussing their research on "Scammers Create Fraudulent Olympics Ticketing Websites." Proofpoint recently identified a fraudulent website selling fake tickets to the Paris 2024 Summer Olympics and quickly suspended the domain. This site was among many identified by the French Gendarmerie Nationale and Olympics partners, who have shut down 51 of 338 fraudulent websites, with 140 receiving formal notices from law enforcement. The research can be found here: Security Brief: Scammers Create Fraudulent Olympics Ticketing Websites Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E2111 · Fri, July 19, 2024
Cybersecurity snow day.
A Crowdstrike update takes down IT systems worldwide. A U.S. District Court judge dismissed most charges against SolarWinds. Sophos examines the ransomware threat to the energy sector. European web hosting companies suspend Doppelgänger propaganda. An Australian digital prescription services provider confirms a ransomware attack affecting nearly 13 million. A pair of Lockbit operators plead guilty. N2K’s CSO Rick Howard speaks with AWS’ CISO Chris Betz about strong security cultures and AI. A look inside the world’s largest live-fire cyber-defense exercise. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guests Dave is joined by Andy Ellis , to discuss today’s top story on the CrowdStrike-induced Microsoft outage. N2K ’s CSO Rick Howard recently caught up with AWS ’ CISO Chris Betz at the AWS re:Inforce 2024 event. They discuss strong security cultures and AI. You can watch Chris’ keynote from the event here . Read Chris’ blog post, “ How the unique culture of security at AWS makes a difference. ” Selected Reading Huge Microsoft Outage Linked to CrowdStrike Takes Down Computers Around the World (WIRED) Counting the Costs of the Microsoft-CrowdStrike Outage (The New York Times) Major Microsoft 365 outage caused by Azure configuration change (Bleeping Computer) Most of SolarWinds hacking suit filed by SEC dismissed (SC Magazine) Ransomware Remains a Major Threat to Energy (BankInfoSecurity) Investigation prompts European hosting companies to suspend accounts linked t
S8 E2110 · Thu, July 18, 2024
SSM On-Prem Flaw is a 10/10 disaster.
Cisco has identified a critical security flaw in its SSM On-prem. The world's largest recreational boat and yacht retailer reports a data breach. The UK’s NHS warns of critically low blood stocks after a ransomware attack. Port Shadow enables VPN person in the middle attacks. Ivanti patches several high-severity vulnerabilities. FIN7 is advertising a security evasion tool on underground forums. Indian crypto exchange WazirX sees $230 million in assets suspiciously transferred. Wiz documents vulnerabilities in SAP AI Core. DDoS for hire team faces jail time. Guest Tomislav Pericin, Founder and Chief Software Architect of ReversingLabs, joins us to discuss their "Free Resource to Conduct Risk Assessments on Open-Source Software." Playing red-light green-light with traffic light controllers. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest Tomislav Pericin , Founder and Chief Software Architect of ReversingLabs , joins us to discuss their " Free Resource to Conduct Risk Assessments on Open-Source Software. " Selected Reading Cisco discloses a 10.0 CVSS rating vulnerability in SSM On-Prem (Stack Diary) Yacht giant MarineMax data breach impacts over 123,000 people (Bleeping Computer) UK national blood stocks in 'very fragile' state following ransomware attack (The Record) Port Shadow Attack Allows VPN Traffic Interception, Redirection (SecurityWeek) Ivanti Issues Hotfix for High-Severity Endpoint Manager Vulnerability (SecurityWeek) Cybercrime group FIN7 advertises new EDR bypass tool on hacking forums (Security Affairs) <a href="htt
S8 E2109 · Wed, July 17, 2024
Criminal networks crumble.
Interpol pursues West African cybercrime groups. Bassett Furniture shuts down manufacturing following a ransomware attack. A gastroenterologist group notifies patients of a data breach. An Apache HugeGraph flaw is being actively exploited. Octo Tempest updates its toolkit. Satori uncovers evil twin campaigns on Google Play. The cost of the Change Healthcare breach crosses the two billion dollar mark. Cybersecurity venture funding saw a surge last quarter. Cyber regulatory agencies face legal challenges. On our Industry Insights segment, Trevor Hilligoss, Vice President of SpyCloud Labs at SpyCloud, joins us to talk about exploring the intricate world of cybercrime enablement services. Fighting disinformation is easier said than done. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On our Industry Insights segment, Trevor Hilligoss , Vice President of SpyCloud Labs at SpyCloud , joins Dave to talk about exploring the intricate world of cybercrime enablement services. You can find out more about SpyCloud’s “How the Threat Actors at SpaxMedia Distribute Malware Globally” here . Selected Reading Global Police Swoop on Black Axe Cybercrime Syndicate (Infosecurity Magazine) Furniture giant shuts down manufacturing facilities after ransomware attack (The Record) MNGI Digestive Health Data Breach Impacts 765,000 Individuals (SecurityWeek) Apache HugeGraph Vulnerability Exploited in Wild (SecurityWeek) Octo Tempest group adds RansomHub and Qilin ransomware to its arsenal (Security Affairs) Report Identifies More Than 250 Evil Twin Mobile Applications (Security Boulevard) Change Healthcare's Breach Costs Could Reach $2.5 Billion (
S8 E2111 · Tue, July 16, 2024
Squarespace's square off with hijacked domains.
Some Squarespace users see their domains hijacked. Kaspersky Lab is shutting down US operations. BackPack APKs break malware analysis tools. Hackers use 7zip files to deliver Poco RAT malware. CISA’s red-teaming reveals security failings at an unnamed federal agency. Microsoft fixes an Outlook bug triggering false security alerts. Switzerland mandates open source software in the public sector. On our Industry Voices segment, N2K’s Rick Howard speaks with Alex Lawrence and Matt Stamper from Sysdig about their 555 Cloud Security Benchmark. Bellingcat sleuths pinpoint an alleged cartel member. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On our Industry Voices segment, N2K ’s Rick Howard speaks with Alex Lawrence and Matt Stamper from Sysdig about their 555 Cloud Security Benchmark. Learn more about the /555 benchmark. Selected Reading Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks (Krebs on Security) Kaspersky Lab Closing U.S. Division; Laying Off Workers (Zero Day) Beware of BadPack: One Weird Trick Being Used Against Android Devices (Palo Alto Networks Unit 42) New Poco RAT Weaponizing 7zip Files Using Google Drive (GB Hackers) CISA broke into a US federal agency, and no one noticed for a full 5 months (The Register) Organizations Warned of Exploited GeoServer Vulnerability (Security Week) Microsoft finally fixes Outlook alerts bug caused by December updates (Bleeping Computer) New Open Source law in Switzerland (Joinup) <
S8 E2107 · Mon, July 15, 2024
Conspiracy theories in politics.
The assassination attempt on former President Trump sparks online disinformation. AT&T pays to have stolen data deleted. Rite Aid recovers from ransomware. A hacktivist group claims to have breached Disney’s Slack. Checkmarx researchers uncover Python packages exfiltrating user data. HardBit ransomware gets upgraded with enhanced obfuscation. Threat actors can weaponize proof-of-concept (PoC) exploits in as little as 22 minutes. Google may be in the market for Wiz. Rick Howard previews his analysis of the MITRE ATT&CK framework. Blockchain sleuths follow the money. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . This Week on CSO Perspectives Dave chats with Rick Howard , The CSO, Chief Analyst, and Senior Fellow at N2K Cyber, about his latest episode of CSO Perspectives which focuses on the current state of MITRE ATT&CK. If you are a N2K Pro subscriber, you can find this installment of CSO Perspectives here . The accompanying essay is available here . If you’re not a subscriber and want to check out a sample of the discussion Rick has with his Hash Table members about MITRE ATT&CK, you can find it here . Selected Reading Conspiracy theories spread swiftly in hours after Trump rally shooting (The Washington Post) AT&T Paid a Hacker $370,000 to Delete Stolen Phone Records (WIRED) Pharmacy Giant Rite Aid Hit By Ransomware (Infosecurity Magazine) Disney's Internal Slack Breached? NullBulge Leaks 1.1 TiB of Data (HackRead) Malicious Python packages found exfiltrating user data to Telegram bot (Computing) HardBit ransomware version 4.0 supports new obfuscation techniques (Security Affairs)</p
S10 E92 · Mon, July 15, 2024
The current state of MITRE ATT&CK.
Rick Howard, The CSO, Chief Analyst, and Senior Fellow at N2K Cyber, discusses the current state of MITRE ATT&CK with CyberWire Hash Table guests Frank Duff, Tidal Cyber’s Chief Innovation Officer, Amy Robertson, MITRE Threat Intelligence Engineer and ATT&CK Engagement lead, and Rick Doten, Centene’s VP of Information Security. References: Amy L. Robertson, 2024. ATT&CK 2024 Roadmap [Essay]. Medium. Blake E. Strom, Andy Applebaum, Doug P. Miller, Kathryn C. Nickels, Adam G. Pennington, Cody B. Thomas, 2018. MITRE ATT&CK: Design and Philosophy [Historical Paper]. MITRE. Eric Hutchins, Michael Cloppert, Rohan Amin, 2010. Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains [Historic Paper]. Lockheed Martin Corporation. Nick Selby, 2014. One Year Later: The APT1 Report [Essay]. Dark Reading. Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads. Rick Howard, 2020. Intrusion kill chains: a first principle of cybersecurity. [Podcast]. The CyberWire. Rick Howard, 2022. Kill chain trifecta: Lockheed Martin, ATT&CK, and Diamond. [Podcast]. The CyberWire. Rick Howard, 2020. cyber threat intelligence (CTI) (noun) [Podcast]. Word Notes: The CyberWire. Kevin Mandia, 2014. State of the Hack: One Year after the APT1 Report [RSA Conference Presentation]. YouTube. SAHIL BLOOM, 2023. The Blind Men & the Elephant [Website]. The Curiosity Chronicle. Sergio Caltagirone, Andrew Pendergast, and Christopher Betz. 05 July 2011. The Diamond Model of Intrusion Analysis. Center for Cyber Threat Intelligence and Threat Research.[Historical Paper] Staff, n.d. Home Page [Website]. Tidal Cyber. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, July 13, 2024
On the prowl for mobile malware. [Research Saturday]
This week, we are joined by Asheer Malhotra and Vitor Ventura from Cisco Talos, and they are discussing "Operation Celestial Force employs mobile and desktop malware to target Indian entities." Cisco Talos revealed Operation Celestial Force, an espionage campaign by the Pakistani threat group "Cosmic Leopard," targeting Indian defense, government, and technology sectors. Active for at least six years, the operation has recently increased its use of mobile malware and commercial spyware for surveillance. The research can be found here: Operation Celestial Force employs mobile and desktop malware to target Indian entities Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, July 13, 2024
Encore: Malek Ben Salem: Taking those challenges. [R&D] [Career Notes]
Americas Security R&D Lead for Accenture Malek Ben Salem shares how she pivoted from her love of math and background in electrical engineering to a career in cybersecurity R&D. Malek talks about her interest in astrophysics as a young girl, and how her affinity for math and taking on challenges lead her to a degree in electrical engineering. She grew her career using math for data mining and forecasting eventually pursuing a masters and PhD in computer science where she shifted her focus to cybersecurity. Malek now develops and applies new AI techniques to solve security problems at Accenture. We thank Malek for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E2106 · Fri, July 12, 2024
AT&T's not so LOL hack.
AT&T wireless announces a massive data breach. NATO will build a cyber defense center in Belgium. The White House outlines cybersecurity budget priorities.A popular phone spyware app suffers a major data breach.Some Linksys routers are sending user credentials in the clear. Sysdig describes Crystalray malware. A massive phishing campaign is exploiting Microsoft SharePoint servers. Germany strips Huawei and ZTE from 5G infrastructure. Our guest is Brigid Johnson, Director of AWS Identity, on the importance of identity management. The EU tells X-Twitter to clean up its act or pay the price. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest At the recent AWS re:Inforce 2024 conference, N2K ’s Brandon Karpf spoke with Brigid Johnson , Director of AWS Identity, about the importance of identity and where we need to go. You can watch a replay of Brigid’s session at the event, IAM policy power hour, here . Selected Reading AT&T Details Massive Breach of Customers' Call and Text Logs (Data Breach Today) NATO Set to Build New Cyber Defense Center (Infosecurity Magazine) New Presidential memorandum sets cybersecurity priorities for FY 2026, tasking OMB and ONCD to evaluate submissions (Industrial Cyber) mSpy Data Breach: Millions of Customers’ Data Exposed (GB Hackers) Advance Auto Parts’ Snowflake Breach Hits 2.3 Million People (Infosecurity Magazine) These Linksys routers are likely transmitting cleartext passwords (TechSpot) Known SSH-Snake bites more victims with multiple OSS exploitation (CSO Online) <a href="https://cybersecu
S8 E2108 · Thu, July 11, 2024
Inside the crypto scam empire.
A major Pig Butchering marketplace has ties to the Cambodian ruling family. Lulu Hypermarket suffers a data breach. GitLab patches critical flaws. Palo Alto Networks addresses BlastRadius. ViperSoftX malware variants grow ever more stealthy. A New Mexico man gets seven years for SWATting. State and local government employees are increasingly lured in by phishing attacks. Hackers impersonate live chat agents from Etsy and Upwork. The GOP’s official platform looks to roll back AI regulation. On today’s Threat Vector, David Moulton from Palo Alto Networks Unit 42 discusses the evolving threats of AI-generated malware with experts Rem Dudas and Bar Matalon. NATO brings the social media influencers to Washington. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . Threat Vector Segment In this segment of Threat Vector , hosted by David Moulton , Director of Thought Leadership at Palo Alto Networks Unit 42 , he explores the evolving world of AI-generated malware with guests, Rem Dudas , Senior Threat Intelligence Analyst, and Bar Matalon , Threat Intelligence Team Lead. From exploring the vulnerabilities in AI models to discussing the potential implications for cybersecurity, this episode offers a deep dive into the challenges and opportunities posed by this emerging threat. You can listen to the full episode here . Selected Reading The $11 Billion Marketplace Enabling the Crypto Scam Economy (WIRED) Hackers steal data of 200k Lulu customers in an alleged breach (CSO Online) GitLab update addresses pipeline execution vulnerability (Developer Tech News) Palo Alto Networks Addresses BlastRADIUS Vulnerability, Fixes Critical Bug in Expedition Tool (SecurityWeek) ViperSoftX
S8 E2104 · Wed, July 10, 2024
Old school, new threat.
Blast-RADIUS targets a network authentication protocol. The US disrupts a Russian disinformation campaign. Anonymous messaging app NGL is slapped with fines and user restrictions. The NEA addresses AI use in classrooms. Gay Furry Hackers release data from a conservative think tank. Microsoft and Apple change course on OpenAI board seats. Australia initiates a nationwide technology security review. A Patch Tuesday rundown. Guest Jack Cable, Senior Technical Advisor at CISA, with the latest from CISA's Secure by Design Alert series. Our friend Graham Cluley ties the knot. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest Jack Cable , Senior Technical Advisor at CISA , joins us to share an update on CISA's Secure by Design Alert series. For some background , you can find CISA’s Secure by Design whitepaper here . Details on today’s update can be found here . Selected Reading New Blast-RADIUS attack breaks 30-year-old protocol used in networks everywhere (Ars Technica) US Disrupts AI-Powered Russian Bot Farm on X (SecurityWeek) FTC says anonymous messaging app failed to stop ‘rampant cyberbullying’ (The Verge) NEA Approves AI Guidance, But It’s Vital for Educators to Tread Carefully (EducationWeek) Hackvists release two gigabytes of Heritage Foundation data (CyberScoop) Microsoft and Apple ditch OpenAI board seats amid regulatory scrutiny (The Verge) Australia instructs government entities
S8 E2106 · Tue, July 09, 2024
Uniting against APT40.
The UK’s NCSC highlights evolving cyberattack techniques used by Chinese state-sponsored actors.A severe cyberattack targets Frankfurt University of Applied Sciences. Russian government agencies fall under the spell of CloudSorcerer. CISA looks to Hipcheck Open Source security vulnerabilities. Avast decrypts DoNex ransomware. Neiman Marcus data breach exposes over 31 million customers. Lookout spots GuardZoo spyware. Cybersecurity funding surges. Our guest is Caroline Wong, Chief Strategy Officer at Cobalt, to discuss the state of pentesting and adapting to the impact of AI in cybersecurity. Scalpers Outsmart Ticketmaster’s Rotating Barcodes. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On our Industry Voices segment, Dave Bittner is joined by Caroline Wong, Chief Strategy Officer at Cobalt, to discuss the state of pentesting and adapting to the impact of AI in cybersecurity. You can learn more about the state of pentesting from Cobalt’s State of Pentesting 2024 report here . Selected Reading The NCSC and partners issue alert about evolving techniques used by China state-sponsored cyber attacks (NCSC) ‘Serious hacker attack’ forces Frankfurt university to shut down IT systems (The Record) New group exploits public cloud services to spy on Russian agencies, Kaspersky says (The Record) Continued Progress Towards a Secure Open Source Ecosystem (CISA) Decrypted: DoNex Ransomware and its Predecessors (Avast Threat Labs) Neiman Marcus data breach: 31 million email addresses found exposed (Bleeping Computer) GuardZoo spyware used by Houthis to target military personnel (Help Net Security) Cybersecurity Funding Surges in Q2 2024: Pinpoint Search Group Report Highlights Year-Over-Year Growth
S8 E2105 · Mon, July 08, 2024
The age old battle between iPhone and Android.
Microsoft is phasing out Android use for employees in China. Mastodon patches a security flaw exposing private posts. OpenAI kept a previous breach close to the vest. Nearly 10 billion passwords are leaked online. A Republican senator presses CISA for more information about a January hack. A breach of the Egyptian Health Department impacts 122,000 individuals. South Africa's National Health Laboratory Service (NHLS) suffers a ransomware attack. Eldorado is a new ransomware-as-a-service offering. CISA adds a Cisco command injection vulnerability to its Known Exploited Vulnerabilities catalog. N2K’s CSO Rick Howard catches up with AWS’ Vice President of Global Services Security Hart Rossman to discuss extending your security around genAI. Ransomware scrambles your peace of mind. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Recently N2K ’s CSO Rick Howard caught up with AWS ’ Vice President of Global Services Security Hart Rossman at the AWS re:Inforce event. They discussed extending your security around genAI. Watch Hart’s presentation from AWS re:Inforce 2024 - Securely accelerating generative AI innovation . Selected Reading Microsoft Orders China Staff to Switch From Android Phones to iPhones for Work (Bloomberg) Mastodon: Security flaw allows unauthorized access to posts (Stack Diary) A Hacker Stole OpenAI Secrets, Raising Fears That China Could, Too (The New York Times) “A treasure trove for adversaries”: 10 billion stolen passwords have been shared online in the biggest data leak of all time (ITPro) Senate leader demands answers from CISA on Ivanti-enabled hack of sensitive systems (The Record) Egyptian Health Department Data Breach: 120,000 User
Bonus · Sun, July 07, 2024
Encore: Richard Clarke: From presidential inspiration to cybersecurity policy pioneer. [Policy] [Career Notes]
CEO and consultant Richard Clarke took his inspiration from President John F Kennedy and turned it into the first cybersecurity position in federal government. Determined to help change the mindset of war, Richard went to work for the Department of Defense at the Pentagon following college during the Vietnam War. From Assistant Secretary of the State Department, he moved to the White House to work for President George W. Bush's administration where he kept an eye on Al-Qaeda and was tasked to take on cybersecurity. Lacking any books or courses to give him a basic understanding of cybersecurity, Richard made it his mission to raise the level of cybersecurity knowledge. Currently as Chairman and CEO at Good Harbor Security Risk Management, Richard advises CISOs. We thank Richard for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, July 06, 2024
Encore: Welcome to New York, it's been waitin' for you. [Research Saturday]
Joshua Miller from Proofpoint joins Dave to discuss findings on "Welcome to New York: Exploring TA453's Foray into LNKs and Mac Malware." In mid May, TA453, also known as Charming Kitten, APT42, Mint Sandstorm, and Yellow Garuda, was found sending a benign conversation lure masquerading as a senior fellow with the Royal United Services Institute (RUSI) to the public media contact for a nuclear security expert at a US-based think tank focused on foreign affairs. The research states that "the email solicited feedback on a project called “Iran in the Global Security Context” and requested permission to send a draft for review." Proofpoint shares it's findings and what you can expect from the threat group. The research can be found here: Welcome to New York: Exploring TA453's Foray into LNKs and Mac Malware Learn more about your ad choices. Visit megaphone.fm/adchoices
Fri, July 05, 2024
Deep dive into the 2024 Incident Response Report with Unit 42's Michael "Siko" Sikorski [Threat Vector]
As our team is offline taking an extended break for the July 4th Independence Day holiday in the US, we thought you'd enjoy an episode from one of N2K Network shows, Threat Vector . This episode of Threat Vector outlines a conversation between host David Moulton , Director of Thought Leadership at Palo Alto Networks Unit 42 , and Michael "Siko" Sikorski , Unit 42's CTO and VP of Engineering, discussing the Unit 42's 2024 Incident Response Report . They provide insights into key cyber threats and trends, including preferred attack vectors, the escalating use of AI by threat actors, software vulnerabilities, the concept of 'living off the land' attacks, and the importance of robust incident response strategies. They also address the rising trend of business disruption supply chain attacks and share recommendations for mitigating these cyber threats. Resources: Read the 2024 Unit 42 Incident Response report . Listen to Beyond the Breach: Strategies Against Ivanti Vulnerabilities . Join the conversation on our social media channels: Website : https://www.paloaltonetworks.com/unit42 Threat Research: https://unit42.paloaltonetworks.com/ Facebook: https://www.facebook.com/LifeatPaloAltoNetworks/ LinkedIn: https://www.linkedin.com/company/unit42/ YouTube: @PaloAltoNetworksUnit42 Twitter: https://twitter.com/PaloAltoNtwks About Threat Vector Unit 42 Threat Vector is the compass in the world of cyberthreats. Hear about Unit 42’s unique threat intelligence insights, new threat actor TTPs, real-world case studies, and learn how the team works together to discover these threats. Unit 42 will equip listeners with the knowledge and insight to proactively prepare and stay ahead in the ever-evolving threat landsc
Bonus · Thu, July 04, 2024
Encore: The curious case of the missing IcedID. [Only Malware in the Building]
Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson , Proofpoint intelligence analyst and host of their podcast DISCARDED . Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about "The curious case of the missing IcedID." IcedID is a malware originally classified as a banking trojan and was first observed in 2017. It also acts as a loader for other malware, including ransomware, and was a favored payload used by multiple cybercriminal threat actors until fall 2023. Then, it all but disappeared. In its place, a new threat crawled: Latrodectus. Named after a spider, this new malware, created by the same people as IcedID, is now poised to take over where IcedID melted off. Today we look back at what happened to the once prominent payload, and what its successor’s spinning web of activity means for the overall landscape. And be sure to check out the latest episode of Only Malware in the Building here . Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E2101 · Wed, July 03, 2024
The Supreme Court is bringing a judicial shakeup.
The Supreme Court overturning Chevron deference brings uncertainty to cyber regulations. Stolen credentials unmask online sex abusers. CISA updates online maritime resilience tools. Patelco Credit Union suffers a ransomware attack. Spanish and Portuguese police arrested 54 individuals involved in a vishing fraud scheme. Splunk patches critical vulnerabilities in their enterprise offerings. HHS fines a Pennsylvania-based Health System $950,000 for potential HIPAA violations related to NotPetya. CISOs look to mitigate personal risks. On the Learning Layer we reveal the long-awaited results of Joe Carrigan’s CISSP certification journey. Avoiding an Independence Day grill-security flare-up. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . Learning Layer On today's Learning Layer segment, we share the results of Joe Carrigan 's CISSP exam attempt! Hint: the test ended at 100 questions...Tune in to hear host Sam Meisenberg and Joe reflect on his test day experience and what advice he has for others who are in the homestretch of their studies. Note, Joe's ISC2 CISSP certification journey used N2K’s comprehensive CISSP training course . Selected Reading US Supreme Court ruling will likely cause cyber regulation chaos (CSO Online) Stolen credentials could unmask thousands of darknet child abuse website users (The Record) CISA updates MTS Guide with enhanced tools for resilience assessment in maritime infrastructure (Industrial Cyber) American Patelco Credit Union suffered a ransomware attack (Security Affairs) Dozens of Arrests Disrupt €2.5m Vishing Gang (Infosecurity Magazine)</
S8 E2100 · Tue, July 02, 2024
Take a trip down regreSSHion lane.
A new OpenSSH vulnerability affects Linux systems. The Supreme Court sends social media censorship cases back to the lower courts. Chinese hackers exploit a new Cisco zero-day. HubSpot investigates unauthorized access to customer accounts. Japanese media giant Kadokawa confirmed data leaks from a ransomware attack. FakeBat is a popular malware loader. Volcano Demon is a hot new ransomware group. Google launches a KVM hypervisor bug bounty program. Johannes Ullrich from SANS Technology Institute discusses defending against API attacks. Goodnight, Sleep Tight, Don’t Let the Hackers Byte! Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest is Johannes Ullrich from SANS Technology Institute talking about defending against attacks affecting APIs and dangerous new attack techniques you need to know about. This conversation is based on Johannes’ presentations at the 2024 RSA Conference. You can learn more about them here: Attack and Defend: How to Defend Against Three Attacks Affecting APIs The Five Most Dangerous New Attack Techniques You Need to Know About Selected Reading New regreSSHion OpenSSH RCE bug gives root on Linux servers (Bleeping Computer) US Supreme Court sidesteps dispute on state laws regulating social media (Reuters) China’s ‘Velvet Ant’ hackers caught exploiting new zero-day in Cisco devices (The Record) HubSpot accounts breach under investigation (SC Media) Japanese anime and gaming giant admits data leak following ransomware attack (The Record) Exposing FakeBat loader: distribution methods and adversary infrastructure (Sekoia.io blog) <a href="https://www.halcy
S8 E2099 · Mon, July 01, 2024
A swift fix for a serious router bug.
Juniper issues an emergency patch for its routers. A compromised helpdesk portal sends out phishing emails. Prudential updates the victim count in their February data breach. Rapid7 finds trojanized software installers in apps from a popular developer in India. Australian authorities arrest a man for running a fake mile-high WiFi network. Florida Man's Violent Bid for Bitcoin Ends Behind Bars. N2K’s CSO Rick Howard for a preview of his latest CSO Perspectives podcast episode on The Current State of Identity and Access Management (IAM). A scholarship scammer gets a one-way ticket home. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CSO Perspectives preview N2K’s CSO Rick Howard for a preview of his latest CSO Perspectives podcast episode on The Current State of Identity and Access Management (IAM): A Rick-the-Toolman episode. N2K CyberWire Pro members can find the full episode here. Rick’s accompanying essay can be found here. If you are not yet an N2K CyberWire Pro member, you can get a preview of the episode here. Selected Reading Juniper Networks Warns of Critical Authentication Bypass Vulnerability (SecurityWeek) Router maker's support portal hacked, replies with MetaMask phishing (Bleeping Computer) Prudential Financial Data Breach Impacts 2.5 Million (SecurityWeek) Supply Chain Compromise Leads to Trojanized Installers for Notezilla, RecentX, Copywhiz (Rapid7 Blog) Police allege ‘evil twin’ in-flight Wi-Fi used to steal info (The Register) Inside a violent gang’s ruthless crypto-stealing home invasion spree (ARS Technica) Cyber insurance costs finally stabilising, says Howden (Tech Monitor) AI Transcript, Fake School Website: Student’s US Scholarship Scam Exposed on Reddit (Hackread) <br
S10 E91 · Mon, July 01, 2024
The current state of IAM: A Rick-the-toolman episode.
Rick Howard, The CSO, Chief Analyst, and Senior Fellow at N2K CyberWire, discusses the current state of Identity and Access Management (IAM) with CyberWire Hash Table guests Ted Wagner, SAP National Security Services, and Cassio Sampaio Chief Product Officer for Customer Identity, at Okta. References: John Kindervag, 2010. No More Chewy Centers: Introducing The Zero Trust Model Of Information Security [White Paper]. Palo Alto Networks. Kim Key, 2024. Passkeys: What They Are and Why You Need Them ASAP [Explainer]. PCMag. Lance Whitney, 2023. No More Passwords: How to Set Up Apple’s Passkeys for Easy Sign-ins [Explainer]. PCMag. Rick Howard, 2022. Two-factor authentication: A Rick the Toolman episode [Podcast]. CSO Perspectives Podcast - The CyberWire. Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads. Rick Howard, 2023. Cybersecurity First Principles Appendix [Book Page]. N2K CyberWire. Rick Howard, 2023. passkey (noun) [Podcast]. Word Notes Podcast - The CyberWire. Staff, 2023. 2023 Gartner® Magic QuadrantTM for Access Management [Report]. Okta. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sun, June 30, 2024
Encore: Carole Theriault: Constantly learning new things. [Media] [Career Notes]
Communications consultant and podcaster Carole Theriault always loved radio and through her career dabbled in many areas .She landed in a communications and podcasting role where she helps technical firms create audio and digital content. In fact, Carole is the CyberWire's UK Correspondent. She says cybersecurity is good place to go because of the many different avenues available and "you don't even have to be a tech head" (though Carole has quite a technical pedigree). Our thanks to Carole for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, June 29, 2024
APT36's cyber blitz on India. [Research Saturday]
Ismael Valenzuela, Vice President Threat Research & Intelligence, from Blackberry Threat Research and Intelligence team is discussing their work on "Transparent Tribe Targets Indian Government, Defense, and Aerospace Sectors Leveraging Cross-Platform Programming Languages." BlackBerry has identified Transparent Tribe (APT36), a Pakistani-based advanced persistent threat group, targeting India's government, defense, and aerospace sectors from late 2023 to April 2024, using evolving toolkits and exploiting web services like Telegram and Google Drive. Evidence such as time zone settings and spear-phishing emails with Pakistani IP addresses supports their attribution, suggesting alignment with Pakistan's interests. The research can be found here: Transparent Tribe Targets Indian Government, Defense, and Aerospace Sectors Leveraging Cross-Platform Programming Languages Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E2095 · Fri, June 28, 2024
TeamViewer and APT29 go toe to toe.
TeamViewer tackles APT29 intrusion. Microsoft widens email breach alerts. Uncovering a malware epidemic. Google's distrust on Entrust. Safeguarding critical systems. FTC vs. MGM. Don’t forget to backup your data. Polyfill's accidental exposé. Our guest is Caitlyn Shim, Director of AWS Cloud Governance, and she recently joined N2K’s Rick Howard at AWS re:Inforce event. They're discussing cloud governance, the growth and development of AWS, and diversity. And a telecom titan becomes telecom terror. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest Caitlyn Shim , Director of AWS Cloud Governance , joined N2K ’s Rick Howard at AWS re:Inforce event recently in Philadelphia, PA. They spoke about cloud governance, the growth and development of AWS, and diversity. Caitlyn was part of the Women of Amazon Security Panel at the event. You can read more about Caitlyn and her colleagues as they discuss their diverse paths into security and offer advice for those looking to enter the field here . Selected Reading TeamViewer investigating intrusion of corporate IT environment (The Record) Microsoft reveals further emails compromised by Russian hack (Engadget) Chicago Children's Hospital Says 791,000 Impacted by Ransomware Attack (SecurityWeek) Unfurling Hemlock: New threat group uses cluster bomb campaign to distribute malware (Outpost 24) Google to block sites using Entrust certificates in bombshell move (The Stack) <a href="https://industrialcyber.co/news/u
S9 E67 · Fri, June 28, 2024
Solution Spotlight: Progress on the National Cyber Workforce and Education Strategy. [Special Edition]
On this Solution Spotlight, guest Seeyew Mo , Assistant National Cyber Director, Office of the National Cyber Director at the White House, shares the nuances of the White House's skills-based approach (and how it's not only about hiring) with N2K President Simone Petrella . Seeyew shares a progress report on the National Cyber Workforce and Education Strategy nearly one year out. For more information, you can visit the press release: National Cyber Director Encourages Adoption of Skill-Based Hiring to Connect Americans to Good-Paying Cyber Jobs . The progress report Seeyew and Simone discuss can be found here: National Cyber Workforce and Education Strategy: Initial Stages of Implementation . Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E2097 · Thu, June 27, 2024
E-commerce or E-spying?
Arkansas sues Temu over privacy issues. Polyfil returns and says they were wronged. An NYPD database was found vulnerable to manipulation. Google slays the DRAGONBRIDGE. Malwarebytes flags a new Mac stealer campaign. Patch your gas chromatographs. Microsoft warns of an AI jailbreak called Skeleton Key. CISA tracks exploited vulnerabilities in GeoServer, the Linux kernel, and Roundcube Webmail. In our 'Threat Vector' segment, host David Moulton speaks with Jim Foote, CEO of First Ascent Biomedical, about his transition from Chief Information Security Officer (CISO) to leading a biotech company utilizing AI to personalize cancer treatments. Metallica is not hawking metal crypto. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . Threat Vector Segment In this segment of the Palo Alto Networks podcast ' Threat Vector ,' host David Moulton speaks with Jim Foote , CEO of First Ascent Biomedical , about his transition from Chief Information Security Officer (CISO) to leading a biotech company utilizing AI to personalize cancer treatments. They discuss how Foote's personal experience with his son's cancer diagnosis drove him to apply cybersecurity principles in developing an innovative approach, called Functional Precision Medicine, which tailors cancer treatment to individual patients. The conversation also covers the role of mentorship, the importance of interdisciplinary skills, and the transformative potential of AI in both cybersecurity and medical fields. You can listen to the full episode here . Selected Reading Arkansas AG lawsuit claims Temu’s shopping app is ‘dangerous malware’ (The Verge) Polyfill claims it has been 'defamed', returns after domain shut down (Bleeping Computer) <a href="https://www.cityandstateny.com/politics/2024/06/nypd-officer-database-had-se
S9 E66 · Thu, June 27, 2024
2024 Cyber Talent Study by N2K and WiCyS. [Special Edition]
Maria Varmazis , N2K host of T-Minus Space Daily , talks with WiCyS Executive Director Lynn Dohm and N2K 's Simone Petrella , Dr. Heather Monthie , and Jeff Welgan about the 2024 Cyber Talent Study. N2K and WiCyS have come together under a common mission to attract, retain, and advance more women in cybersecurity. Together, we strive to support women throughout their career journey, and secure the future of our industry. This groundbreaking report leverages skills data from the professional members of Women in CyberSecurity (WiCyS), and offers valuable insights into cybersecurity competencies within the industry. The Cyber Talent Study establishes a new benchmark for understanding the capabilities and potential of women in cybersecurity, and can be used to inform both individual training needs and organizational strategies for career advancement and skills enhancement. Resources: Landing page: WiCyS Partners with N2K to deepen understanding of cyber competencies within the industry. Study Launch article: WiCyS Partners with N2K Networks for Pioneering Cyber Talent Study. Key Takeaways: Outstanding Performance: WiCyS members have demonstrated exceptional performance across several key areas of the NICE Framework, underscoring the importance of WiCyS’s training and development programs. Strategic Insights: Analysis revealed remarkable strengths and areas for development, providing WiCyS with actionable data to tailor future programs and initiatives and ensure its members remain at the forefront of cybersecurity excellence. Actionable Insights for Cybersecurity Workforce Development: The study revealed critical areas for targeted development to enhance cybersecurity workforce readiness. This insight empowers WiCyS to tailor its programs specifically to meet the diverse needs of its members, ensuring all participants are prepared to take on significant roles and lead in the cybersecurity industry. Leadership Readiness Among WiCyS Members: The study highlights that WiCyS members are highly skilled and uniquely prepared for leadership roles within the cybersecurity industry. Proven Expertise in Critical Cybersecurity Domains: The data s
S8 E2096 · Wed, June 26, 2024
LockBit picks a brawl with banks.
LockBit drops files that may or may not be from the Federal Reserve. Progress Software patches additional flaws in MOVEit file transfer software. A popular polyfil open source library has been compromised. DHS starts staffing up its AI Corps. Legislation has been introduced to evaluate the manual operations of critical infrastructure during cyber attacks. Researchers discover a new e-skimmer targeting CMS platforms. A breach at Neiman Marchus affects nearly 65,000 people. South African health services grapple with ransomware amidst a monkeypox outbreak. Medusa is back. On the Learning Layer, Sam and Joe discuss the CISSP's CAT format and how to walk into test day with confidence. The VA works to clear the backlog caused by the ransomware attack onChange Healthcare. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey using N2K’s comprehensive CISSP training course , which includes a simulated Computer Adaptive Test (CAT) final exam. Sam and Joe discuss the CISSP's CAT format and how to walk into test day with confidence. Good luck Joe! Selected Reading Lockbit Leaks Files for Evolve Bank & Trust in Its Alleged ‘Federal Reserve’ Data Dump (Metacurity) Progress Software warns of new vulnerabilities in MOVEit Transfer and MOVEit Gateway (Cyber Daily) <a href="https://sansec.io/research/polyfill-supply-chain
S8 E2095 · Tue, June 25, 2024
U.S. and China dance the telecom tango.
The US scrutinizes Chinese telecoms. Indonesia’s national datacenter is hit with ransomware. RedJulliett targets organizations in Taiwan. Researchers can tell where you are going by how fast you get there. A previously dormant botnet targeting Redis servers becomes active. Thousands of customers may have had info compromised in an attack on Levi’s. A new industry alliance hopes to prevent memory-based cyberattacks. Guest Seeyew Mo, Assistant National Cyber Director, Office of the National Cyber Director at the White House, shares the nuances of the White House's skills-based approach with N2K President Simone Petrella. Assange agrees to a plea deal. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On our Solution Spotlight, guest Seeyew Mo , Assistant National Cyber Director, Office of the National Cyber Director at the White House, shares the nuances of the White House's skills-based approach (and how it's not only about hiring) with N2K President Simone Petrella . Seeyew shares a progress report on the National Cyber Workforce and Education Strategy nearly one year out. For more information, you can visit the press release: National Cyber Director Encourages Adoption of Skill-Based Hiring to Connect Americans to Good-Paying Cyber Jobs . The progress report Seeyew and Simone discuss can be found here: National Cyber Workforce and Education Strategy: Initial Stages of Implementation . Selected Reading Exclusive: US probing China Telecom, China Mobile over internet, cloud risks (Reuters) <a href="https://www.theregister.com/2024/06/24/indonesia_datacenter_ranso
S8 E2094 · Mon, June 24, 2024
The claim heard ‘round the world.
LockBit claims to have hit the Federal Reserve. CDK Global negotiates with BlackSuit to unlock car dealerships across the U.S. Treasury proposes a rule to restrict tech investments in China. An LA school district confirms a Snowflake related data breach. Rafel RAT hits outdated Android devices. The UK’s largest plutonium stockpiler pleads guilty to criminal charges of inadequate cybersecurity. Clearview AI settles privacy violations in a deal that could exceed fifty million dollars. North Korean hackers target aerospace and defense firms. Rick Howard previews CSOP Live. Our guest is Christie Terrill, CISO at Bishop Fox, discussing how organizations can best leverage offensive security tactics. Bug hunting gets a little too real. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest Christie Terrill, CISO at Bishop Fox, joins to discuss how organizations can leverage offensive security tactics not just as strategies to prevent cyber incidents, but as a critical component of a cyberattack recovery process. Rick Howard sits down with Dave to share a preview of what’s to come at our upcoming CSOP Live event this Thursday, going beyond the headlines with our panel of Hash Table experts for an insightful discussion on emerging industry trends, recent threats and events, and the evolving role of executives in our field. Selected Reading LockBit claims the hack of the US Federal Reserve (securityaffairs) Why are threat actors faking data breaches? (Help Net Security ) CDK Global outage caused by BlackSuit ransomware attack (bleepingcomputer) <a href="https://apnews.com/article/china-technology-biden-outbound-invest-treasury-5710f7446
Bonus · Sun, June 23, 2024
Encore: Sal Aurigemma: How things work. [Education] [Career Notes]
Associate Professor of Computer Information Systems at the University of Tulsa Sal Aurigemma shares how his interest in how things worked shaped his career path in nuclear power and computers, Being introduced to computers in high school and learning about the Chernobyl event led Sal to study nuclear engineering followed by time in the Navy as a submarine officer. On the submarine, Sal had to understand how systems worked from soup to nuts and that let him back to IT. As a computer engineer, Sal spent a lot of time on network troubleshooting and was eventually introduced to cybersecurity. Following 9/11, cybersecurity took on greater importance. Sal's research focuses on behavioral cybersecurity. To newcomers, he suggests heading into things with an open mind and doesn't recommend giving users 24-character passwords that have two upper, two lower, and two special characters that cannot be written down. We thank Sal for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E335 · Sat, June 22, 2024
Piercing the through the fog. [Research Saturday]
Kerri Shafer-Page from Arctic Wolf joins us to discuss their work on "Lost in the Fog: A New Ransomware Threat." Starting in early May, Arctic Wolf's Incident Response team investigated Fog ransomware attacks on US education and recreation sectors, where attackers exploited compromised VPN credentials to access systems, disable Windows Defender, encrypt files, and delete backups. Despite the uniformity in ransomware payloads and ransom notes, the organizational structure of the responsible groups remains unknown. The research can be found here: Lost in the Fog: A New Ransomware Threat Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E2093 · Fri, June 21, 2024
U.S. tightens the cybersecurity belt.
Biden bans Kaspersky over security concerns. Accenture says reports of them being breached are greatly exaggerated. SneakyChef targets diplomats in Africa, the Middle East, Europe and Asia. A serious firmware flaw affects Intel CPUs. More headaches for car dealerships relying on CDK Global. CISA Alerts Over 100,000 Individuals of Potential Data Breach in Chemical Security Tool Hack. SquidLoader targets Chinese organizations through phishing. A new nonprofit aims to establish certification standards in maritime cybersecurity. A sneak peek of our latest podcast, Only Malware in the Building. Using the court system for customer support. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest Selena Larson, joined by Dave Bittner and Rick Howard, hosts the new podcast "Only Malware in the Building." This monthly collaboration between N2K CyberWire and Proofpoint delves into the most impactful and intriguing malware stories. Selena makes complex cybersecurity info fun and digestible, offering tech professionals clear, actionable insights. Selected Reading Biden bans US sales of Kaspersky software over Russia ties (Reuters ) Exclusive: Accenture says data leak claims false, only 3 affected (Cyber Daily ) Chinese-aligned hacking group targeted more than a dozen government agencies, researchers find (CyberScoop ) Intel-powered computers affected by serious firmware flaw (CVE-2024-0762) (Help Net Security ) CDK warns: threat actors are calling customers, posing as support (bleepingcomputer) Personal and Chemical Facility Information Potentially Accessed in CISA Hack (SecurityWeek ) <a href="https://gbhackers.com/squidloader-ma
S8 E2092 · Thu, June 20, 2024
Cyberattack leaves dealerships feeling stuck in neutral.
Over 15,000 car dealerships hit the brakes after a software supplier cyber incident. The EU’s Chat Control gets put on hold. A hacker leaks contact details of over 33,000 Accenture employees. A major forklift manufacturer shuts down operations in the wake of a ransomware attack. IntelBroker claims to have leaked source code from Apple. An investigation questions the ethics of AI firm Perplexity. A radiology practice notifies over half a million people of a data breach. Federal contractors pay millions in fines for inadequate cyber security during the COVID-19 pandemic. Stolen files from the Kansas City Police department are posted online. On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey. Remembering the work of MIT’s Arvind. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . Learning Layer On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey using N2K’s comprehensive CISSP training course , CISSP practice test , and CISSP practice labs . With all eight domains wrapped up, Sam and Joe pivot to the homestretch of Joe's studies. With the test about two weeks away, Joe discusses his approach to retaining the information and filling any remainin
Bonus · Wed, June 19, 2024
T-Minus Overview- Our Moon [T-Minus Radio Program]
Please enjoy this bonus episode from our T-Minus Space Daily team. The N2K CyberWire team is observing the Juneteenth holiday here in the US. Welcome to the T-Minus Overview Radio Show. In this program we’ll feature some of the conversations from our daily podcast with the people who are forging the path in the new space era, from industry leaders, technology experts and pioneers, to educators, policy makers, research organizations, and more. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space , and you’ll never miss a beat . And be sure to follow T-Minus on LinkedIn and Instagram . T-Minus Guest Our guests are Science Writer and Author Rebecca Boyle , and CEO and Founder, Chair and CEO of Lonestar Space Holdings, Chris Stott . T-Minus Crew Survey We want to hear from you! Please complete our 4 question survey . It’ll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit . Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E2091 · Tue, June 18, 2024
Servers seized, terrorists teased.
Europol and partners shut down 13 terrorist websites. A data breach at the LA County Department of Public Health affects over two hundred thousand. The Take It Down act targets deepfake porn. The Five Eyes alliance update their strategies to protect critical infrastructure. VMware has disclosed two critical-rated vulnerabilities in vCenter Server. The alleged heads of the "Empire Market" dark web marketplace are charged in Chicago federal court. A new malware campaign tricks users into running malicious PowerShell “fixes.”Researchers thwart Memory Tagging Extensions in Arm chips. A major e-learning platform discloses a breach. On our Industry Voices segment, we are joined by Guy Guzner, CEO and Co-Founder of Savvy to discuss "Reimagining app and identity security for SaaS." Clearview AI offers plaintiffs a piece of the pie. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On our Industry Voices segment, we are joined by Guy Guzner , CEO and Co-Founder of Savvy to discuss "Reimagining app and identity security for SaaS." Selected Reading Europol Taken Down 13 Websites Linked to Terrorist Operations (GB Hackers) Los Angeles Public Health Department Discloses Large Data Breach (Infosecurity Magazine) New AI deepfake porn bill would require big tech to police and remove images (CNBC) Five Eyes' Critical 5 nations focus on adapting to evolving cyber threats to boost critical infrastructure security, resilience (Industrial Cyber) VMware by Broadcom warns of critical vCenter flaws (The Register) Empire Market owners charged for enabling $430M in dark web transactions</a
S8 E2090 · Mon, June 17, 2024
Scattered Spider hacker snagged in Spain.
Spanish authorities snag a top Scattered Spider hacker. HC3 issues an alert about PHP. WIRED chats with ShinyHunters about the breach affecting Snowflake customers. Meta delays LLM training over European privacy concerns. D-Link urges customers to upgrade routers against a factory installed backdoor. A new Linux malware uses emojis for command and control. Vermont’s Governor vetoes a groundbreaking privacy bill. California fines Blackbaud millions over a 2020 data breach. Guest Patrick Joyce, Proofpoint's Global Resident CISO, sharing some key challenges, expectations and priorities of chief information security officers (CISOs) worldwide. N2K’s CSO Rick Howard for a preview of his latest CSO Perspectives podcast episode on The Current State of XDR: A Rick-the-Toolman episode. Be sure to change those virtual locks. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest Patrick Joyce , Proofpoint 's Global Resident CISO, sharing some key challenges, expectations and priorities of chief information security officers (CISOs) worldwide. You can learn more from their 2024 Voice of the CISO report. CSO Perspectives Dave is joined by N2K ’s CSO Rick Howard for a preview of his latest CSO Perspectives podcast episode on The Current State of XDR: A Rick-the-Toolman episode . You can find the accompanying essay here . If you are not an N2K CyberWire Pro subscriber, you can catch the first half of the episode as a preview here . Selected Reading Alleged Scattered Spider ringleader taken down in Spain after law enforcement crackdown (ITPro)<
S10 E90 · Mon, June 17, 2024
The current state of XDR: A Rick-the-toolman episode.
Rick Howard, The CSO, Chief Analyst, and Senior Fellow at N2K Cyber, discusses the current state of “eXtended Detection and Response” (XDR) with CyberWire Hash Table guests Rick Doten, Centene’s VP of Security, and Milad Aslaner , Sentinel One’s XDR Product Manager. References: Alexandra Aguiar, 2023. Key Trends from the 2023 Hype Cycle for Security Operations [Gartner Hype Cycle Chart]. Noetic Cyber. Daniel Suarez, 2006. Daemon [Book]. Goodreads. Dave Crocker, 2020. Who Invented Email, Email History, How Email Was Invented [Websote]. LivingInternet. Eric Hutchins, Michael Cloppert, Rohan Amin, 2010, Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains [Paper] Lockheed Martin Corporation. Jon Ramsey, Mark Ryland, 2022. AWS co-announces release of the Open Cybersecurity Schema Framework (OCSF) project [Press Release]. Amazon Web Services. Nir Zuk, 2018. Palo Alto Networks Ignite USA ’18 Keynote [Presentation]. YouTube. Raffael Marty, 2021. A Log Management History Lesson – From syslogd(8) to XDR [Youtube Video]. YouTube . Raffael Marty, 2021. A history lesson on security logging, from syslogd to XDR [Essay]. VentureBeat. Rick Howard, 2020. Daemon [Podcast]. Word Notes. Rick Howard, 2021. XDR: from the Rick the Toolman Series. [Podcast and Essay]. CSO Perspectives, The CyberWire. Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads. Staff, n.d. Open Cybersecurity Schema Framework [Standard]. GitHub. Staff, 2019. What is EDR? Endpoint Detection & Response Defined [Explainer]. CrowdStrike. Staff, 2020. L
Bonus · Sun, June 16, 2024
Encore: Rosa Smothers: Secure the planet. [Intelligence] [Career Notes]
Senior VP of Cyber Operations at KnowBe4, Rosa Smothers, talks about her career as an early cybersecurity professional in what she describes as the Wild, Wild West to her path through government intelligence work. Rosa shares how she always knew she wanted to be involved with computers and how being a big Star Trek nerd and fan particularly of Spock and Uhura helped shape her direction. Following 9/11, Rosa wanted to work for the government and pursue the bad guys and she did just that completing her bachelor's degree and starting in the Defense Intelligence Agency as a cyber threat analyst focusing on extremist groups. She joined the CIA and worked on things you see in the movies, things that are science fictionesque. Rosa recommends talking with people to get your feet wet to find your passion. We thank Rosa for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, June 15, 2024
Exploring the mechanics of Infostealer malware. [Research Saturday]
This week, we are joined by a Security Researcher from SpyCloud Labs, James, who is discussing their work on "Unpacking Infostealer Malware: What we’ve learned from reverse engineering LummaC2 and Atomic macOS Stealer." Infostealer malware has become highly prevalent, with SpyCloud tracking over 50 families and finding that 1 in 5 digital identities are at risk. This research analyzes the workings and intentions behind infostealers like LummaC2 and Atomic macOS Stealer, focusing on the types of data extracted and the broader security implications. The research can be found here: Reversing LummaC2 4.0: Updates, Bug Fixes Reversing Atomic macOS Stealer: Binaries, Backdoors & Browser Theft How the Threat Actors at SpaxMedia Distribute Malware Globally Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E2089 · Fri, June 14, 2024
A hacking keeps you humble.
Microsoft’s President admits security failures in congressional testimony. Paul Nakasone joins OpenAI’s board. The feds hold their first AI tabletop exercise. CISA reports on the integration of space-based infrastructure. Cleveland city hall remains closed after a cyber attack. Truist commercial bank confirms a data breach. Rockwell Automation patches three high-severity vulnerabilities. University of Illinois researchers develop autonomous AI hacking agents. Arynn Crow, Sr Manager of AWS User Authentication Products, talks with N2K’s Brandon Karpf about security through MFA and FIDO Alliance passkeys, and her work on the Digital Identity Advancement Foundation. Can an AI run for mayor? Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest In the first of our interviews captured during the AWS re:Inforce event this past week, guest Arynn Crow , Senior Manager of AWS User Authentication Products, talks with N2K ’s Brandon Karpf about security through MFA and FIDO Alliance passkeys, and her work on the Digital Identity Advancement Foundation . Selected Reading Microsoft Admits Security Failings Allowed China's US Government Hack (Infosecurity Magazine) OpenAI adds Trump-appointed former NSA director Paul M. Nakasone to its board (The Washington Post) CISA leads first tabletop exercise for AI cybersecurity (CyberScoop) New CISA report addresses zero trust in space, boosting security for satellites and ground infrastructure (Industrial Cyber) <a href="https://securityaffairs.com/164525/security/cisa-adds-android-pixel-microsoft-windows-progress-telerik-report-server-known-exploited-vulnerabilities-cat
S8 E2088 · Thu, June 13, 2024
Whistleblower warns of profit over protection.
A whistleblower claims that Microsoft prioritized profit over security. U.S. warnings of global election interference continue to rise. Cyber insurance claims hit record levels. Location tracking firm Tile suffers a data breach. A new phishing kit creates Progressive Web Apps. Questioning the government’s cyber silence. On today’s Threat Vector segment, host David Moulton, Director of Thought Leadership at Unit 42, is joined by Data Privacy Attorney Daniel Rosenzweig. Together, they unravel the complexities of aligning data privacy and cybersecurity laws with technological advancements. AI powered cheating lands one student in hot water. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . Threat Vector Segment In this segment of Threat Vector, host David Moulton , Director of Thought Leadership at Unit 42 , is joined by Data Privacy Attorney Daniel Rosenzweig . Together, they unravel the complexities of aligning data privacy and cybersecurity laws with technological advancements. Daniel shares his insights on the critical partnership between legal and tech teams. To hear David and Daniel’s full conversation and learn how a deep understanding of both legal and tech realms can empower businesses to navigate evolving legal frameworks, particularly in light of emerging AI technologies, listen here . Check out Threat Vector every other Thursday in your favorite podcast app. The information provided on this segment is not intended to constitute legal advice. All information presented is for general informational purposes only. The information contained may not constitute the most update, legal or interpretative compliance guidance. Contact your own attorney to obtain advice with respect to any particular legal matter. Selected Reading Microsoft Chos
S8 E2087 · Wed, June 12, 2024
COATHANGER isn’t hanging up just quite yet.
Dutch military intelligence warns of the Chinese Coathanger RAT. Pure Storage joins the growing list of Snowflake victims. JetBrains patches a GitHub IDE vulnerability. A data broker hits the brakes on selling driver location data. Flaws in VLC Media player allow remote code execution. Patch Tuesday updates. On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey, taking on Domain 8, Software Development Security. Farewell, computer engineering legend Lynn Conway. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . Learning Layer On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey using N2K’s comprehensive CISSP training course , CISSP practice test , and CISSP practice labs . Sam and Joe take on Domain 8, Software Development Security, and tackle the following question: At which step of the SDLC should security considerations be first integrated? Functional requirements defining Project initiation and planning Testing and evaluation control System design specification Selected Reading Dutch
S8 E2086 · Tue, June 11, 2024
Hijacking your heritage.
23andMe’s looming bankruptcy could pause class-action privacy lawsuits. The FCC focuses on BGP. The White House looks to big tech to help secure rural hospitals. Cylance confirms a data breach. Arm warns of GPU kernel driver vulnerabilities. The world's largest law firm faces class action over the MOVEit hack. SAP releases high priority patches. Apple redefines AI - literally - and offers up Private Cloud Compute at their developer’s conference. Guest Chris Novak, Senior Director of Cyber Security Consulting at Verizon, shares highlights and key takeaways of their recently published 2024 Data Breach Investigations Report (DBIR). Share your love — but not your passwords. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest Chris Novak , Senior Director of Cyber Security Consulting at Verizon , shares highlights and key takeaways of their recently published 2024 Data Breach Investigations Report (DBIR) . Selected Reading UK and Canada Launch Joint Probe Into 23andMe Breach While District Judge Says Bankruptcy Is Imminent (Metacurity) FCC Advances BGP Security Rules for Broadband Providers (bankinfosecurity) White House enlists Microsoft, Google for rural hospital cyberdefense (Beckers Health IT) Cylance confirms data breach linked to 'third-party' platform (bleepingcomputer) Arm warns of actively exploited flaw in Mali GPU kernel drivers (bleepingcomputer) <a href="https://www.reuters.com/legal/litigation/law-firm-kirkland-sued-class-action-over-moveit-data-breach-2024-06
S8 E2085 · Mon, June 10, 2024
Rethinking recalls.
Microsoft makes Recall opt-in. The Senate holds hearings on federal cybersecurity standards. Snowflake’s scrutiny snowballs. New York Times source code is leaked online. Ransomware leads to British hospitals' desperate need for blood donors. Cisco Talos finds 15 serious vulnerabilities in PLCs. Sticky Werewolf targets Russia and Belarus. Frontier Communications warns 750,000 customers of a data breach. Chinese nationals get prison time in Zambia for cybercrimes. N2K’s CSO Rick Howard speaks with Danielle Ruderman, Security GTM Leader, AWS about what keeps CISOs up at night. DIY cell towers can land you in hot water. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest N2K’s CSO Rick Howard speaks with Danielle Ruderman, Security GTM Leader, AWS about what keeps CISOs up at night and learnings from AWS CISO Circles. Today, our team is at the AWS re:Inforce this week. Stay tuned for our coverage. Selected Reading Windows won’t take screenshots of everything you do after all — unless you opt in (The Verge) US Senate Committee holds hearing on harmonizing federal cybersecurity standards to address business challenges (Industrial Cyber) What Snowflake isn't saying about its customer data breaches (TechCrunch) New York Times source code stolen using exposed GitHub token (Bleeping Computer) London Hospitals Seek Biologics Backup After Ransomware Hit (GovInfo Security) Cisco Finds 15 Vulnerabilities in AutomationDirect PLCs (SecurityWeek) Sticky Werewolf targets the aviatio
Bonus · Sun, June 09, 2024
Encore: Geoff White: Suddenly all of the pieces start to line up. [Journalism] [Career Notes]
Investigative journalist and author Geoff White talks about tracing a line through the dots of his career covering technology. Geoff shares that he has always been "quite geeky," but came to covering technology after several roles in the journalism industry. Newspapers, magazines and television were all media Geoff worked in before covering technology. Geoff got into journalism not due to the glamour sometimes associated with it, but because he wanted to fight for the public to cover stories that helped those who didn't have massive amounts of money, power or a huge lobbying campaign in political circles. When writing his book, Crime Dot Com, Geoff reflected on the cybercrime and cybersecurity stories he's covered and saw how things started falling into place. Our thanks to Geoff for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E333 · Sat, June 08, 2024
Riding the hype for new Arc browser. [Rsearch Saturday]
Jérôme Segura, Senior Director of Threat Intelligence at Malwarebytes, is discussing their work on "Threat actors ride the hype for newly released Arc browser." The Arc browser, newly released for Windows, has quickly garnered positive reviews but has also attracted cybercriminals who are using deceptive Google search ads to distribute malware disguised as the browser. These malicious campaigns exploit the hype around Arc, using techniques like embedding malware in image files and utilizing the MEGA cloud platform for command and control, highlighting the need for caution with sponsored search results and the effectiveness of Endpoint Detection and Response (EDR) systems. The research can be found here: Threat actors ride the hype for newly released Arc browser Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E2084 · Fri, June 07, 2024
A snapshot of security woes.
Microsoft's recall raises red flags. SolarWinds fixes flaws unearthed by NATO. Ukraine's CERT sounds alarm. Russian hacktivists cause trouble in EU elections. DEVCORE uncovers critical code execution flaw. LastPass leaves users locked out. Apple commits to five years of iPhone security. An AI mail fail. Inside the FCC's plan to strengthen BGP protocol. Dave sits down with our guest Camille Stewart Gloster, Former Deputy National Cyber Director at the White House, as she shares a retrospective of her public service career. And let’s all Cheers to cybersecurity. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest Camille Stewart Gloster , Former Deputy National Cyber Director at the White House, shares a retrospective of her public service career. Camille’s full conversation with Dave can be found on our weekly cybersecurity law, policy and privacy podcast, Caveat . You can listen to it here . Selected Reading Microsoft’s Recall Feature Is Even More Hackable Than You Thought (WIRED) Microsoft Research scientist gives non-answer when asked about Windows Recall privacy concerns (TechSpot) TotalRecall: A New Tool that Extracts Data From Windows 11 Recall Feature (Cyber Security News) Exclusive: Senators express "serious concern" with Pentagon's Microsoft plan (Axios) SolarWinds Patches High-Severity Vulnerability Reported by NATO Pentester (SecurityWeek) UAC-0020 used SPECTR Malware to target Ukraine defense forces (Security Affairs) Russian hackt
Thu, June 06, 2024
CISA's calls for a JCDC makeover.
CSAC recommends key changes to the Joint Cyber Defense Collaborative. Cloud vendor Snowflake says single-factor authentication is to blame in their recent breach. Publishers sue Google over pirated ebooks. The FBI shares LockBit decryption keys. V3B is a phishing as a service campaign targeting banking customers. Commando Cat targets Docker servers to deploy crypto miners. Our guest is Danny Allen, Snyk's CTO, discussing how in the rush to implement GenAI, some companies are bypassing best practices and security policies. Club Penguin fans stumble upon a cache of secrets in the house of mouse. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest is Danny Allen , Snyk 's CTO, discussing how in the rush to implement GenAI, companies bypass best practices and security policies. This highlights a clear gap between those in leadership looking to adopt AI tools and the teams who are utilizing them. Learn more in Snyk Organizational AI Readiness Report . Selected Reading CISA advisors urge changes to JCDC's goals, operations, membership criteria (The Record) CISA says 'patch now' to 7-year-old Oracle WebLogic bug (The Register) Snowflake says users with single-factor authentication targeted in attack (SC Media) Advance Auto Parts stolen data for sale after Snowflake attack (Bleeping Computer) Major Publishers Sue Google Over Ads for Pirated Ebooks (Publishing Perspectives) FBI unveils 7,000 decryption keys to aid LockBit victims (Silicon Republic) Hac
S8 E2082 · Wed, June 05, 2024
Opening up on hidden secrets.
OpenAI insiders describe a culture of recklessness and secrecy. Concerns over Uganda’s biometric ID system. Sophos uncovers a Chinese cyberespionage operation called Crimson Palace. Poland aims to sure up cyber defenses against Russia. Zyxel warns of critical vulnerabilities in legacy NAS products. Arctic Wolf tracks an amateurish ransomware variant named Fog. A TikTok zero-day targets high profile accounts. Cisco patches a Webex vulnerability that exposed German government meetings. On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey, diving into Domain 7, Security Operations. A Canadian data breach leads to a class action payday. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . Learning Layer On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey using N2K’s comprehensive CISSP training course , CISSP practice test , and CISSP practice labs . Sam and Joe dive into Domain 7, Security Operations, and tackle the following question: Which of the following is the MOST important goal of Disaster Recovery Planning? Business continuity Critical infrastructure restoration Human Safety Regulatory compliance Selected Reading OpenAI Whistle-Blowers Describe Reckless and Secretive Culture (The New York Times) Uganda: Yoweri Museveni's Critics Targeted Via Biometric ID System (Bloomberg) <a href="https://www.govinfosecurity.com/
S8 E2081 · Tue, June 04, 2024
Ransomware hit causes pathology paralysis.
Ransomware disrupts London hospitals. Researchers discover serious vulnerabilities in Progress' Telerik Report Server and Atlassian Confluence Data Center and Server. Over three million people are affected by a breach at a debt collection agency. A report finds Rural hospitals vulnerable to ransomware. An Australian mining firm finds some of its data on the Dark Web. Google patches 37 Android vulnerabilities. Russian threat actors target the Summer Olympics in Paris. On our Industry Voices segment, we are joined by Sandy Bird, CTO at Sonrai. Sandy discusses the risks of unused identity infrastructure. The Amazon rainforest goes online. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On our Industry Voices segment, we are joined by Sandy Bird , CTO at Sonrai. Sandy discusses the risks of unused identity infrastructure. You can learn more about Sonrai’s work in this area by reviewing their Quantifying Cloud Access Risk: Overprivileged Identities and Zombie Identities report. Selected Reading Critical incident declared as ransomware attack disrupts multiple London hospitals (The Record) CVE-2024-4358, CVE-2024-1800: Exploit Code Available for Critical Exploit Chain in Progress Telerik Report Server (Tenable) Atlassian’s Confluence hit with critical remote code execution bugs (CSO Online) Debt collection agency FBCS leaks information of 3 million US citizens (Malwarebytes) Rural hospitals are particularly vulnerable to ransomware, report finds (CyberScoop) Australian rare earths miner hit by cybersecurity breach (Mining Weekly) <
S8 E2080 · Mon, June 03, 2024
Things aren’t looking so Shiny(Hunters) at cloud provider Snowflake.
Signs point to a major cybersecurity event at cloud provider Snowflake. Hugging Face discloses "unauthorized access" to its Spaces platform. Australian legislation seeks jail time for deepfake porn. CISA adds two vulnerabilities to the KEV catalog. Spanish police investigate a potential breach of drivers license info. NSA shares mobile device best practices. Everbridge crisis management software company reports a data breach. N2K’s CSO, Chief Analyst, and Senior Fellow, Rick Howard joins us to preview CSO Perspectives Season 14 which launches today! Google tries to explain those weird AI search results. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest N2K ’s CSO, Chief Analyst, and Senior Fellow, Rick Howard joins Dave to preview CSO Perspectives Season 14 which launches today! The first episode explores SolarWinds and the SEC . This episode of CSO Perspectives has a companion essay. You can find it here . Not an N2K Pro subscriber? You can catch the first half of the episode here . Selected Reading The Ticketmaster Data Breach May Be Just the Beginning (WIRED) Hugging Face says it detected 'unauthorized access' to its AI model hosting platform (TechCrunch) Jail time for those caught distributing deepfake porn under new Australian laws (The Guardian) CISA warns of actively exploited Linux privilege elevation flaw (Bleeping Computer) <a href="https://www.reuters.com/technology/cybers
S10 E89 · Mon, June 03, 2024
SolarWinds and the SEC.
Rick Howard, N2K’s CSO and The CyberWire’s Chief Analyst and Senior Fellow, presents the argument for why the SEC was misguided when it charged the SolarWinds CISO, Tim Brown, with fraud the after the Russian SVR compromised the SolarWinds flagship product, Orion. Our guests are, Steve Winterfeld, Akamai’s Advisory CISO, and Ted Wagner, SAP National Security Services CISO. References: Andrew Goldstein, Josef Ansorge, Matt Nguyen, Robert Deniston, 2024. Fatal Flaws in SEC’s Amended Complaint Against SolarWinds [Analysis]. Crime & Corruption. Anna-Louise Jackson, 2023. Earnings Reports: What Do Quarterly Earnings Tell You? [Explainer]. Forbes. Brian Koppelman, David Levien, Andrew Ross Sorkin, 2016 - 2023. Billions [TV Show]. IMDb. Dan Goodin, 2024. Financial institutions have 30 days to disclose breaches under new rules [News]. Ars Technica. David Katz, 021. Corporate Governance Update: “Materiality” in America and Abroad [Essay]. The Harvard Law School Forum on Corporate Governance. Jessica Corso, 2024. SEC Zeroes In On SolarWinds Exec In Revised Complaint [Analysis]. Law360. Johnathan Rudy, 2024. SEC files Amended complaint against SolarWinds and CISO [Civil Action]. LinkedIn. Joseph Menn, 2023. Former Uber security chief Sullivan avoids prison in data breach case [WWW DocumentNews]. The Washington Post. Kim Zetter, 2014. Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon [Book]. Goodreads. Kim Zetter, 2023. SEC Targets SolarWinds’ CISO for Rare Legal Action Over Russian Hack [WWW Document]. ZERO DAY. Kim Zetter, 2023. SolarWinds: The Untold Story of the Boldest Supply-Chain Hack [Essay]. WIRED. Rick Howard, 2022. Cyber sand table series: OPM [Podcas
S9 E65 · Mon, June 03, 2024
Solution Spotlight on the 2024 NICE Conference Keynote: A Journey with No Destination: A CISO’s Pathway to a Cybersecurity Career. [Special Edition]
As part of our series on the 2024 NICE Conference , we turn our focus to the one of the keynote speakers of the conference. This year’s conference theme “Strengthening Ecosystems: Aligning Stakeholders to Bridge the Cybersecurity Workforce Gap” highlights the collective effort to strengthen the cybersecurity landscape. By joining forces with key partners, we can foster a more robust cybersecurity ecosystem to bridge the workforce gap. In her keynote coming up on Tuesday, June 4th, Deneen DiFiore , Chief Information Security Officer of United Airlines , will discuss "A Journey with No Destination: A CISO’s Pathway to a Cybersecurity Career." Prior to the conference, Simone Petrella , N2K President, caught up with Deneen DiFiore. They discussed Deneen's history with NICE, the importance of prioritizing cyber talent and workforce issues, what stakeholders need to more effectively tackle the cyber skills and experience gap across the profession, and more. Find out more about the The Workforce Framework for Cybersecurity (NICE Framework) (NIST Special Publication 800-181, revision 1). Listen to our podcast about the update . Stay tuned for our coverage of the 2024 NICE Conference.
S9 E64 · Sun, June 02, 2024
Solution Spotlight on the 2024 NICE Conference: Business Roundtable.
As part of our series on the 2024 NICE Conference , we turn our focus to the Business Roundtable . This year’s conference theme “Strengthening Ecosystems: Aligning Stakeholders to Bridge the Cybersecurity Workforce Gap” highlights the collective effort to strengthen the cybersecurity landscape. By joining forces with key partners, we can foster a more robust cybersecurity ecosystem to bridge the workforce gap. Business Roundtable is an association of chief executive officers of America’s leading companies working to promote a thriving U.S. economy and expanded opportunity for all Americans through sound public policy. The Business Roundtable launched its Cybersecurity Workforce Corporate Initiative in December of 2022. In coordination with its members and inputs from experts at Department of Commerce’s National Initiative for Cybersecurity Education (NICE), it recently released a Cybersecurity Workforce Playbook to help employers create entry points to cybersecurity careers and strengthen cybersecurity talent pipelines across various industries and sectors. Simone Petrella , N2K President, speaks with Erin White , Business Roundtable's Senior Director, Corporate Initiatives, about the Cybersecurity Workforce Corporate Initiative, the recently released Cybersecurity Workforce Playbook, key takeaways for the private sector, and how the Business Roundtable and NICE are working together to support these initiatives. Find out more about the The Workforce Framework for Cybersecurity (NICE Framework) (NIST Special Publication 800-181, revision 1). Stay tuned for our coverage of the 2024 NICE Conference.
Bonus · Sat, June 01, 2024
Encore: Diane M. Janosek: It's only together that we are going to rise. [Education] [Career Notes]
Commandant for the National Security Agency's National Cryptologic School Diane M. Janosek shares the story of her career going global Diane explains how she's always been drawn to doing things that could help and raise the nation. From a position as a law clerk during law school, to the role of a judicial clerk, and joining the White House Counsel's office, Diane was exposed to many things and felt she experienced the full circle. Moving on to the Pentagon and finally, the NSA, Diane transitioned into her current role where she orchestrates the educational environment for military and civilian cyber and cryptologists worldwide for the nation. Diane encourages those who love to learn to join the multidisciplinary cybersecurity field. Our thanks to Diane for sharing her story with us.
Bonus · Sat, June 01, 2024
1700 IPs and counting. [Research Saturday]
Amit Malik, Director of Threat Research at Uptycs, is sharing their work on "New Threat Detected: Inside Our Discovery of the Log4j Campaign and Its XMRig Malware." The Uptycs Threat Research Team has discovered a large-scale Log4j campaign involving over 1700 IPs, aiming to deploy XMRig cryptominer malware. This ongoing operation was initially detected through the team's honeypot collection, prompting an in-depth analysis of the campaign. The research says "The JNDI plugin is particularly useful to attackers because it allows them not only to fetch the values of environment variables in the target system but also to freely define the URL and protocol resource for the JNDI network connection." The research can be found here: New Threat Detected: Inside Our Discovery of the Log4j Campaign and Its XMRig Malware
S8 E2079 · Fri, May 31, 2024
New cybersecurity bill aims to untangle federal regulations.
Draft legislation looks to streamline federal cybersecurity regulations. Clarity.fm exposed personal information of business leaders and celebrities. Researchers find european politicians’ personal info for sale on the dark web. The BBC’s pension scheme suffers a breach. OpenAI disrupts covert influence operations making use of their platform. Hackers brick over 600,000 routers. Cracked copies of Microsoft office deliver a malware mix. A senator calls for accountability in the Change Healthcare ransomware attack. On our Industry Voices segment, we hear from SpyCloud’s Chip Witt, on navigating the threat of digital identity exposure. Florida man becomes Moscow’s fake-news puppet. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On our Industry Voices segment, we hear from Chip Witt , SpyCloud 's SVP, Product Management, discussing navigating the threat of digital identity exposure. To learn more, check out SpyCloud’s Annual Identity Exposure Report 2024 . Selected Reading Senate chairman wants new White House-led panel to streamline federal cyber rules (The Record) Data Leak Exposes Business Leaders and Top Celebrity Data (Hackread) Information of Hundreds of European Politicians Found on Dark Web (SecurityWeek) BBC Pension Scheme Breached, Exposing Employee Data (Infosecurity Magazine) OpenAI accuses Russia, China, Iran, and Israel of misusing its GenAI tools for covert Ops (CSO Online) Mystery malware destroys 600,000 routers from a single ISP during 72-hou
S8 E2078 · Thu, May 30, 2024
Operation Endgame: Hackers' hideouts exposed.
Operation Endgame takes down malware operations around the globe. A major botnet operator is arrested. Ticketmaster’s massive data breach is confirmed, and so is Google’s SEO algorithm leak. Journalists and activists in Europe were targeted with Pegasus spyware. Okta warns users of credential stuffing attacks. NIST hopes to clear out the NVD backlog. On our Threat Vector segment, host David Moulton speaks with Greg Jones, Chief Information Security Officer at Xavier University of Louisiana. Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA, joins us to discuss software security. LightSpy surveillance malware comes to macOS. ChatGPT briefly gets a god mode. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Eric Goldstein , Executive Assistant Director for Cybersecurity at CISA , joins us to discuss software security. Threat Vector In this Threat Vector segment, host David Moulton speaks with Greg Jones , Chief Information Security Officer at Xavier University of Louisiana . Greg brings a wealth of knowledge from his military background and applies a disciplined, adaptive approach to securing one of America's most vibrant educational institutions. You can listen to David and Greg’s full discussion here . Selected Reading Police seize malware loader servers, arrest four cybercriminals (Bleeping Computer) Is Your Computer Part of ‘The Largest Botnet Ever?’ (Krebs on Security) Ticketmaster hacked. Breach affects more than half a billion users. (Mashable) Google confi
S8 E2077 · Wed, May 29, 2024
Alleged leaked files expose a dirty secret.
An alleged leak of Google’s search algorithm contradicts the company’s public statements. German researchers discover a critical vulnerability in a TP-Link router. Breachforums is back…maybe. The Seattle Public Library suffers a ransomware attack. A Georgia man gets ten years for money laundering and romance scams, and the Treasury department sanctions a group of botnet operators. 44,000 individuals are affected by the breach of a major U.S. title insurance company. Microsoft describes North Korea’s Moonstone Sleet. Advocating for a more architectural approach to cybersecurity. Maria Varmazis speaks with WiCyS Executive Director Lynn Dohm and a panel of N2K experts about the 2024 Cyber Talent Study. A cracked password results in a multimillion dollar windfall. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . Learning Layer On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey using N2K’s comprehensive CISSP training course , CISSP practice test , and CISSP practice labs . Sam and Joe dive into Domain 6: Security Assessment and Testing and tackle the following question together: You are hiring a vendor to perform a penetration test that would simulate a breach from an insider threat. What type of test would be BEST to perform? Blue Box Black Box White-hat hack White box CyberWire Guest Maria Varmazis , N2K host of T-Minus Space Daily , talks with WiCyS Executive Director Lynn Dohm and N2K 's Simone Petrell
S8 E2076 · Tue, May 28, 2024
FBI untangles the web that is Scattered Spider.
The FBI untangles Scattered Spider. The RansomHub group puts a deadline on Christie’s. Prescription services warn customers of data breaches. Personal data from public sector workers in India is leaked online. Check Point says check your VPNs. The Internet Archive suffers DDoS attacks. A Minesweeper clone installs malicious scripts. N2K T-Minus Space Daily podcast host Maria Varmazis speaks with guest Carrie Hernandez Marshall, CEO and Co-Founder from Rebel Space Technologies, about the need to extend cybersecurity into space. If you can’t beat ‘em, troll ‘em. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest N2K T-Minus Space Daily podcast host Maria Varmazis speaks with guest Carrie Hernandez Marshall , CEO and Co-Founder from Rebel Space Technologies , about the need to extend cybersecurity into space. Selected Reading Potent youth cybercrime ring made up of 1,000 people, FBI official says (CyberScoop) Christie’s given Friday ransom deadline after threat group claims responsibility for cyber attack (ITPro) <a href="https://www.securityweek.com/data-stolen-from-medisecure-for-sa
S10 E5571 · Mon, May 27, 2024
Memorial Day special.
Rick Howard, N2K CyberWire’s Chief Analyst, CSO, and Senior Fellow, commemorates Memorial Day. References: Abraham Lincoln, 1863. The Gettysburg Address [Speech]. Abraham Lincoln Online. Amanda Onion, Original 2009, Updated 2023. Memorial Day 2022: Facts, Meaning & Traditions [Essay]. HISTORY. Brent Hugh, 2021. A Brief History of “John Brown’s Body” [Essay]. Digital History. Bob Zeller, 2022. How Many Died in the American Civil War? [Essay]. HISTORY. General George Marshall, 2014. President Lincoln’s Letter to Mrs Bixby [Movie Clip - Saving Private Ryan]. YouTube. JOHN LOGAN, 1868. Logan’s Order Mandating Memorial Day [Order]. John A. Logan College. John Williams, Chicago Symphony Orchestra, 2012. The People’s House: Lincoln (Original Motion Picture Soundtrack) [Song]. Apple Music. John Williams, Chicago Symphony Orchestra, 2012. The Blue and the Grey: Lincoln (Original Motion Picture Soundtrack) [Song]. Apple Music - Web Playe. Livia Albeck-Ripka, 2023. A Brief History of Memorial Day [Essay]. The New York Times. Paul Robeson, 2021. John Brown’s Body [Song]. YouTube. Robert Rodat (Writer), Steven Spielberg (Director), Harve Presnell (Actor), 1998. Saving Private Ryan [Movie]. IMDb. Staff, 2020. A Brief Biography of General John A. Logan [Biography]. John A. Logan College. Staff, 2024. Civil War Timeline [WWW Document], American Battlefield Trust. Thomas Jefferson, 1776. Declaration of Independence: [Transcription]. National Archives. Winston Churchil, 1940. Never was so much owed by so many to so few - Winston Churchill Speeches [Speech]. YouTube.
S1 E17 · Sun, May 26, 2024
Encore: Richard Torres: Getting that level of experience is going to be crucial. [Security Operations] [Career Notes]
Director of security operations at Syntax Richard Torres talks about his path leading him working in juvenile justice to becoming a private investigator to physical security at a nuclear power plant to cybersecurity presently. Always a fan of police shows, Richard became a member of the Air Force Junior ROTC in high school and began his path there. Richard shares the challenges of working in several facets of the security industry including his transition from SWAT team member to cybersecurity. He notes the role that diplomacy plays when you're trying to get honesty and be steered in the right direction. Our thanks to Richard for sharing his story with us.
S8 E331 · Sat, May 25, 2024
International effort dismantles LockBit. [Research Saturday]
Jon DiMaggio, a Chief Security Strategist at Analyst1, is sharing his work on "Ransomware Diaries Volume 5: Unmasking LockBit." On February 19, 2024, the National Crime Agency (NCA), a UK sovereign law enforcement agency, in collaboration with the FBI, Europol, and nine other countries under "Operation Cronos," disrupted the LockBit ransomware gang’s data leak site used for shaming, extorting, and leaking victim data. The NCA greeted visitors to LockBit’s dark web leak site with a seizure banner, revealing they had been controlling LockBit’s infrastructure for some time, collecting information, acquiring victim decryption keys, and even compromising the new ransomware payload intended for LockBit 4.0. The research can be found here: Ransomware Diaries Volume 5: Unmasking LockBit
S8 E2075 · Fri, May 24, 2024
Cybercriminals target London drugs.
LockBit drops 300 gigabytes of data from London Drugs. Video software used in courtrooms worldwide contains a backdoor. Google patches another Chrome zero-day. The EU seeks collaboration between research universities and intelligence agencies. Atlas Lion targets retailers with gift card scams. Researchers explore an Apple reappearing photo bug. Hackers access a Japanese solar power grid. Congress floats a bill to enhance cyber workforce diversity. Ben Yelin joins us with a groundbreaking legal case involving AI generated CSAM. Whistling past the expired domain graveyard. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Ben Yelin , co host of our Caveat podcast and Program Director for Public Policy & External Affairs at the University of Maryland Center for Health and Homeland Security , discusses " FBI Arrests Man For Generating AI Child Sexual Abuse Imagery ." Selected Reading Hackers release corporate data stolen from London Drugs, company says (The Star) Crooks plant backdoor in software used by courtrooms around the world (Ars Technica) Google fixes eighth actively exploited Chrome zero-day this year (Bleeping Computer) EU wants universities to work with intelligence agencies to protect their research (The Record) US retailers under attack by gift card-thieving cyber gang (Help Net Security) Apple wasn’t storing deleted iOS photo
S8 E2074 · Thu, May 23, 2024
Checkmate at check in.
Spyware is discovered on U.S. hotel check in systems. A Microsoft outage affects multiple services. Bitdefender uncovers Unfading Sea Haze. University of Maryland researchers find flaws in Apple’s Wi-Fi positioning system. Scotland’s NRS reveals a sensitive data leak. Rapid7 tracks the rise in zero-day exploits and mass compromise events. The SEC hits the operator of the New York Stock Exchange with a ten million dollar fine. Operation Diplomatic Specter targets political entities in the Middle East, Africa, and Asia. The FCC considers AI disclosure rules for political ads. N2K T-Minus Space Daily podcast host Maria Varmazis speaks with guests Brianna Bace and Unal Tatar PhD sharing their work on Legal Perspectives on Cyberattacks Targeting Space Systems. Tone-blasting underwater data centers. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest N2K T-Minus Space Daily podcast host Maria Varmazis speaks with guests Brianna Bace and Unal Tatar PhD sharing their work on their paper: Law in Orbit: International Legal Perspectives on Cyberattacks Targeting Space Systems. You can learn more about their work in this post . Check out T-Minus Space Daily for your daily space intelligence. Selected Reading Spyware found on US hotel check-in computers ( TechCrunch) Microsoft outage aff
S8 E2073 · Wed, May 22, 2024
Privacy nightmare or useful tool?
Some say Microsoft’s Recall should be. A breach of a Texas healthcare provided affects over four hundred thousand. Police in the Philippines shut down services following a breach. Ivanti patches multiple products. GitHub fixes a critical authentication bypass vulnerability. Researchers discover critical vulnerabilities in Honeywell’s ControlEdge Unit Operations Controller. The DoD releases their Cybersecurity Reciprocity Playbook. Hackers leak a database with millions of Americans’ criminal records. Mastercard speeds fraud detection with AI. On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey, diving into Domain 5: Identity and Access Management. Remembering a computing visionary. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . Learning Layer On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey using N2K’s comprehensive CISSP training course , CISSP practice test , and CISSP practice labs . Joe and Sam dive into Domain 5: Identity and Access Management (IAM) and tackle a question together about biometric configuration. Try the question yourself before listening to the discussion! You are configuring a biometric hand scanner to secure your data center. Which of the following practices is BEST to follow? Decrease the reader sensitivity Increase the FAR Decrease the FRR Increase the reader sensitivity Selected Reading UK watchdog looking into Microsoft AI taking screenshots (BBC) How the new Microsoft Recall f
S8 E2072 · Tue, May 21, 2024
The secrets of a dark web drug lord.
The alleged operator of Incognito Market is collared at JFK. The UK plans new ransomware reporting regulations. Time to update your JavaScript PDF library. CISA adds a healthcare interface engine to its Known Exploited Vulnerabilities (KEV) catalog. HHS launches a fifty million dollar program to help secure hospitals. A Fluent Bit vulnerability impacts major cloud platforms. The EPA issues a cybersecurity alert for drinking water systems. BiBi Wiper grows more aggressive. Siren is a new threat intelligence platform for open source software. On our Industry Voices segment, guest Amit Sinha, CEO of DigiCert, joins N2K’s Rick Howard to discuss “Innovation: balancing the good with the bad.” And is it just me, or does that AI assistant sound awfully familiar? Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On our Industry Voices segment, guest Amit Sinha , CEO of DigiCert , joins N2K ’s Rick Howard to discuss “Innovation: balancing the good with the bad.” Rick caught up with Amit at the recent RSA Conference in San Francisco. Selected Reading “Incognito Market” Owner Arrested for Operating One of the Largest Illegal Narcotics Marketplaces on the Internet (United States Department of Justice) Exclusive: UK to propose mandatory reporting for ransomware attacks and licensing regime for all payments (The Record) CVE-2024-4367 in PDF.js Allows JavaScript Execution, Potentially Affecting Millions of Websites: Update Now (SOCRadar) CISA Warns of Attacks Exploiting NextGen Healthcare Mirth Connect Flaw (SecurityWeek) Fluent Bit flaw discov
S8 E2071 · Mon, May 20, 2024
Double key encryption debate.
Germany’s BSI sues Microsoft for more information on recent security incidents. Julian Assange can appeal his U.S. extradition. AI chatbots may have itchy trigger fingers. CISA warns of vulnerabilities affecting Google Chrome and D-Link routers. Ham Radio’s association suffers a data breach. New underground marketplaces pop up to replace BreachForums. An updated banking trojan targets users in Central and South America. Cybercom’s founders share its origin story. Examining gender bias in open source software contributors. For our Industry Voices segment, guest Chris Pierson, CEO at BlackCloak, met up with N2K’s Brandon Karpf at the 2024 RSA Conference to discuss personal cybersecurity risks for executives. College students unlock free laundering — no money required. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On our Industry Voices segment, guest Chris Pierson , CEO at BlackCloak , met up with N2K ’s Brandon Karpf at the 2024 RSA Conference . Chris and Brandon discussed personal cybersecurity risks for executives. Selected Reading BSI sues Microsoft for disclosure of information on security disaster (Ground News) Assange Can Appeal U.S. Extradition, English Court Rules (The New York Times) ChatGPT likes to fight. For military AI researchers, that’s a problem (Tech Brew) CISA warns of hackers exploiting Chrome, EoL D-Link bugs (Bleeping Computer) Amer
Sat, May 18, 2024
10 years on: The 10th anniversary of the first indictment of Chinese PLA actors. [Special Edition]
On this Special Edition podcast, Dave Bittner speaks with guest Dave Hickton , Founding Director, Institute for Cyber Law, Policy, and Security at the University of Pittsburgh , and former US Attorney, on this 10th Anniversary of the first indictment of Chinese PLA actors. Hear directly from Mr. Hickton what lead to the indictment, the emotions that went along with this unprecedented action, and the legacy of the event. On May 19, 2014, a grand jury in the Western District of Pennsylvania (WDPA) indicted five Chinese military hackers for computer hacking, economic espionage and other offenses directed at six American victims in the U.S. nuclear power, metals and solar products industries. The indictment alleges that the defendants conspired to hack into American entities, to maintain unauthorized access to their computers and to steal information from those entities that would be useful to their competitors in China, including state-owned enterprises (SOEs). In some cases, it alleges, the conspirators stole trade secrets that would have been particularly beneficial to Chinese companies at the time they were stolen. In other cases, it alleges, the conspirators also stole sensitive, internal communications that would provide a competitor, or an adversary in litigation, with insight into the strategy and vulnerabilities of the American entity. US Attorney Dave Hickton represented the Western District of Pennsylvania and was the signatory on the indictment. His team worked with the FBI Cyber Team in Pittsburgh, PA to bring about this historic action. Resources: Press Release: U.S. Charges Five Chinese Military Hackers for Cyber Espionage Against U.S. Corporations and a Labor Organization for Commercial Advantage Indictment
S8 E330 · Sat, May 18, 2024
From secret images to encryption keys. [Research Saturday]
This week, we are joined by Hosein Yavarzadeh from the University of California San Diego, as he is discussing his work on "Pathfinder: High-Resolution Control-Flow Attacks Exploiting the Conditional Branch Predictor" This paper introduces new methods that let attackers read from and write to specific parts of high-performance CPUs, such as the path history register (PHR) and prediction history tables (PHTs). These methods allow two main types of attacks. One can reveal a program's control flow history, as shown by recovering a secret image through the libjpeg routines. The other enables detailed transient attacks, demonstrated by extracting an AES encryption key, highlighting significant security risks for these systems. The research can be found here: Graph: Growing number of threats leveraging Microsoft API
S1 E16 · Sat, May 18, 2024
Encore: Monica Ruiz: Moving ahead when not many look like you. [Policy] [Career Notes]
Cyber Initiative and Special Projects Fellow at the Hewlett Foundation Monica Ruiz shares her career development from aspirations of being a weather woman to her current role as a grantmaker and connector in cybersecurity. Monica discusses how her international study experience changed her outlook and brought her to the field of security. She shares the difficulties she faced as a woman of color when when not that many people look like you, and how she used that as her reason to move forward and better the cybersecurity field through her work. Our thanks to Monica for sharing her story with us.
S8 E2070 · Fri, May 17, 2024
MediSecure data breach hits Aussie healthcare.
Australia warns of a large-scale ransomware data breach. The justice department charges five with helping North Korean IT workers evade sanctions. The FCC wants to beef up BGP. Antidot is a new Android banking trojan. The SEC enhances disclosure obligations. Researchers uncover vulnerabilities in GE ultrasound devices. A Baltimore neo-nazi pleads guilty to conspiring to take down an electrical grid. On our Solution Spotlight: N2K’s Simone Petrella speaks with Alicja Cade, Director in Google Cloud's Office of the CISO, about the CISO role, board communication, and cyber workforce development. “Tanks” for the warm water, but you can keep the vulnerabilities. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On our Solution Spotlight: N2K ’s Simone Petrella speaks with Alicja Cade , Director in Google Cloud 's Office of the CISO, about the CISO role, board communication, and cyber workforce development. Simone and Alicja spoke at the 2024 RSA Conference . Selected Reading Australian government warns of 'large-scale ransomware data breach' (The Record) US exposes scheme enabling North Korean IT workers to bypass sanctions (Help Net Security) FCC proposes BGP security measures (Network World) BGP: What is border gateway protocol, and how does it work? (Network World ) New 'Antidot' Android Trojan Allows Cybercriminals to Hack Devices, Steal Data <a href="https://www.securityweek.com/new-antidot-android-trojan-allows-cybercriminals-to-hack-devices-st
S8 E2069 · Thu, May 16, 2024
FBI strikes against a cybercrime syndicate.
The FBI seizes BreachForums. NCSC rolls out a 'Share and Defend' initiative. ESports gaming gets a level up in their security. The spammer becomes the scammer. Bitdefender is sounding the alarm. The city of Wichita gets a wake-up call. In our Threat Vector segment, host David Moulton discusses the challenges and opportunities of AI adoption with guest Mike Spisak, the Managing Director of Proactive Security at Unit 42. And no one likes a cyber budgeting blunder. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest In our Threat Vector segment, David Moulton , Director of Thought Leadership at Unit 42 , discusses the challenges and opportunities of AI adoption with guest Mike Spisak , Managing Director of Proactive Security at Unit 42. They emphasize the importance of early security involvement in the AI development lifecycle and the crucial role of inventorying AI usage to tailor protection measures. You can listen to the full episode here . Selected Reading FBI seize BreachForums hacking forum used to leak stolen data (Bleeping Computer) New UK system will see ISPs benefit from same protections as government networks (The Record) Riot Games, Cisco to Connect and Protect League of Legends Esports Through Expanded Global Partnership (Cisco) To the Moon and back(doors): Lunar landing in diplomatic missions (WeLiveSecurity) New Black Basta Social Engineering Scheme (ReliaQuest) IoT Cameras Exposed by Chainable Exploits, Millions Affected (Hac
S8 E2068 · Wed, May 15, 2024
A bipartisan blueprint for American leadership.
U.S. Senators look to enhance American leadership in AI. Federal Agencies Warn of Rising Cyberattacks on Civil Society. The Pentagon says they’re satisfied with Microsoft’s post-breach security pivots. Patch Tuesday updates. A Mississippi health system alerts users of a post-ransomware data breach. The FTC cautions automakers over data collection. CISOs feel pressure to understate cyber risks. On the Learning Layer, Sam and Joe continue their certification journey. Guest Sarah Powazek of UC Berkeley's Center for Long-Term Cybersecurity (CLTC) speaks with N2K’s Brandon Karpf about cyber civil defense clinics. A crypto mixing service developer finds himself behind bars. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest Sarah Powazek of UC Berkeley's Center for Long-Term Cybersecurity (CLTC) speaks with N2K’s Brandon Karpf at 2024 RSA Conference about cyber civil defense clinics and the CLTC. Learn about their upcoming Cyber Civil Defense Summit being held at the International Spy Museum in Washington DC next month. Learning Layer On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey using N2K’s comprehensive CISSP training course , CISSP practice test , and CISSP practice labs . Sam and Joe discuss how to use the midterm exam and Test Day Strategy video. Selected Reading Senators Propose $32 Billion in Annual A.I. Spending but Defer Regulation (The New York Times) Civil
S8 E2067 · Tue, May 14, 2024
Google strikes back.
Google patches another Chrome zero-day. UK insurance agencies and the NCSC team up to reduce ransom payments. The FCC designates a robocall scam group. Vermont passes strong data privacy laws. A malicious Python package targets macOS users. ESET unpacks Ebury malware. Don’t answer Jenny’s email. Guest is author Barbara McQuade discussing her book "Attack from Within: How Disinformation is Sabotaging America.” The White House says, “Keep your crypto mining away from our missile silos!” Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest Barbara McQuade joins us to discuss her book " Attack from Within: How Disinformation is Sabotaging America " with Caveat co host Ben Yelin . You can hear Barbara and Ben’s full conversation on last week’s episode of Caveat here . You can catch Caveat on your favorite podcast app each Thursday where hosts Dave and Ben examine the latest in surveillance, digital privacy, cybersecurity law and policy. Selected Reading Google Patches Second Chrome Zero-Day in One Week (SecurityWeek) UK Insurance and NCSC Join Forces to Fight Ransomware Payments (Infosecurity Magazine) FCC Warns of 'Royal Tiger' Robocall Scammers (SecurityWeek) Vermont passes data privacy law allowing consumers to sue companies (The Record) PyPi package backdoors Macs using the Sliver pen-testing suite (Bleeping Computer) Apple backports fix for RTKit iOS zero-day to older iPhones (Bleeping Computer) <a
S8 E2066 · Mon, May 13, 2024
A battle for digital sovereignty.
IntelBroker claims to have breached a Europol online platform. The U.S. and China are set to discuss AI security. U.S. agencies warn against BlackBasta ransomware operators. A claimed Russian group attacks British local newspapers. Cinterion cellular modems are vulnerable to malicious SMS attacks. A UK IT contractor allegedly failed to report a major data breach for months. Generative AI is a double edged sword for CISOs. Reality Defender wins the RSA Conference's Innovation Sandbox competition. Our guest is Chris Betz, CISO of AWS, discussing how to build a strong culture of security. Solar storms delay the planting of corn. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest Chris Betz , CISO of AWS , discussing how to build a strong culture of security. In his blog , Chris writes about how AWS’s security culture starts at the top, and it extends through every part of the organization. Selected Reading Europol confirms web portal breach, says no operational data stolen (Bleeping Computer) US and China to Hold Discussions on AI Risks and Security (BankInfo Security) CISA, FBI, HHS, MS-ISAC warn critical infrastructure sector of Black Basta hacker group; provide mitigations (Industrial Cyber) 'Russian' hackers deface potentially hundreds of local British news sites (The Record) Cinterion IoT Cellular Modules Vulnerable to SMS Compromise (GovInfo Security) MoD hack: IT contrac
S1 E15 · Sun, May 12, 2024
Encore: Brandon Robinson: Built from the ground up. [Sales Engineer] [Career Notes]
Cybersecurity Sales Engineer Brandon Robinson shares how he built his career in technology and the barriers he experienced along the way. He talks about how his job involves him interacting with customers at the highest levels making sure their solution is meeting needs. In addition, Brandon describes how as a black man and a trailblazer, he's been met with resistance. His positive spin on moving ahead involves relying on himself. Brandon's advice: find your passion, don't be intimidated and you will be met with success. Our thanks to Brandon for sharing his story with us.
S8 E329 · Sat, May 11, 2024
The double-edged sword of cyber espionage. [Research Saturday]
Dick O'Brien from Symantec Threat Hunter team is discussing their research on “Graph: Growing number of threats leveraging Microsoft API.” The team observed an increasing number of threats that have begun to leverage the Microsoft Graph API, usually to facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services. The research states "the technique was most recently used in an attack against an organization in Ukraine, where a previously undocumented piece of malware used the Graph API to leverage Microsoft OneDrive for C&C purposes." The research can be found here: Graph: Growing number of threats leveraging Microsoft API
S8 E2065 · Fri, May 10, 2024
Treasury's offensive in financial defense.
Project Fortress looks to protect the US financial system. News from San Francisco as RSA Conference winds down. Dell warns customers of compromised data. Google updates Chrome after a zero day is exploited in the wild. Colleges in Quebec are disrupted by a cyberattack. CopyCop uses generative AI for misinformation. The FBI looks to snag members of Scattered Spider. Betsy Carmelite, Principal at Booz Allen, shares our final Woman on the Street today from the 2024 RSA Conference. Guest Deepen Desai, Chief Security Officer at Zscaler, joins us to offer some highlights on their AI security report. A solar storm’s a-comin’. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Betsy Carmelite , Principal at Booz Allen , shares our final Woman on the Street today. N2K ’s Brandon Karpf caught up with Betsy to share insights from the 2024 RSA Conference . Guest Deepen Desai , Chief Security Officer at Zscaler , joins us to offer some highlights on their AI security report . Selected Reading Treasury launches ‘Project Fortress,’ an alliance with banks against hackers (CNN Business) Cyberthreat landscape permanently altered by Chinese operations, US officials say (The Record) White House to Push Cybersecurity Standards on Hospitals (Bloomberg) Dell warns of “incident” that may have leaked customers’ personal info (Ars Technica) <a href="https://www.bleepingcomputer.com/news/security/google-fixes-fifth-chrome-zero-day-vulnerability-exploited-in-att
S8 E2064 · Thu, May 09, 2024
Healthcare in the crosshairs.
Ascension healthcare shuts down systems following a cybersecurity event. Updates from RSA Conference. The FDA recalls an insulin pump app. Polish officials blame Russia for recent cyber attacks. IntelBroker claims to have compromised a pair of UK banks. New Mexico’s top cop accuses Meta of failing to protect kids. British Columbia reports "sophisticated cybersecurity incidents" on government networks. Researchers uncover a vulnerability in UPS software affecting critical infrastructure. Zscaler investigates a claimed data breach. On the Learning Layer, host Sam Meisenberg and N2K’s Urban Alliance Intern, David Nguyen, discuss David's AZ-900 exam experience. The Library of Congress stands strong. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Caleb Barlow , CEO at Cyberbit , is our Man on the Street today. N2K ’s Brandon Karpf caught up with Caleb to talk about the 2024 RSA Conference . Learning Layer On our bonus Learning Layer segment, host Sam Meisenberg and N2K ’s Urban Alliance Intern, David Nguyen , discuss David's AZ-900 exam experience, including some remote proctoring issues. David gives tips and strategies for those gearing up for their own exam. Selected Reading Ascension healthcare takes systems offline after cyberattack (Bleeping Computer) With nation-state threats in mind, nearly 70 software firms agree to Secure by Design pledge (The Record) CISA starts CVE "vulnrichment" program (Help Net Security) Cyber director sees potential for a new era in White House office (The Record) <a href="https://www.theverge.com/2024/5/9/24152633/fda-recall-tandem-diabetes-care-insulin-pum
S8 E2063 · Wed, May 08, 2024
The takedown of a ransomware ringleader.
International law enforcement put a leash on a LockBit leader. Updates from RSA Conference, including our Man on the Street Rob Boyce, Managing Director at Accenture. TikTok sues the U.S. government. The Commerce Department restricts chip sales to Huawei. A third-party breach exposes payroll records of Britain’s armed forces. BogusBazaar operates over 75,000 fake webshops. Android security updates address 26 vulnerabilities. A Philadelphia real estate investment trust gets hit with ransomware. BetterHelp will pay $7.8 million to settle FTC charges of health data misuse. On the Learning Layer, Sam and Joe dive into CISSP Domain 4, Communication and Network Security, and discuss networking, the OSI model, and firewalls. AI steals the Met Gala spotlight. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Rob Boyce , Managing Director at Accenture is our Man on the Street today. Rob stops by to share his thoughts on the 2024 RSA Conference . Learning Layer On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey using N2K’s comprehensive CISSP training course , CISSP practice test , and CISSP practice labs . Sam and Joe dive into CISSP Domain 4, Communication and Network Security, and discuss networking, the OSI model, and firewalls, which includes: 4.1 Assess and implement secure design principles in network architectures 4.2 Secure network components 4.3 Implement secure communication channels according to design Selected Reading International law enforcement put a leash on a LockBit leader. Updates from RSA Conference, including our Man on the Street Rob Boyce, Managing Director at Accenture. TikTok sues the U.S. government. The Commerce Department restricts chip sales to Huawei. A third-party breach exposes payroll records of Britain’s armed forces. BogusBazaar operates over 75,000 fake webshops. Android secur
S8 E2062 · Tue, May 07, 2024
Hack-proofing the future to shape cyberspace.
Secretary Blinken and Senator Warner weigh in on cybersecurity at RSA Conference. Ransomware profits are falling. Proton Mail is under scrutiny for information sharing. A senior British lawmaker blames China for a UK cyberattack. Medstar Health notifies patients of a potential data breach. A study finds cybersecurity education programs across the U.S vary wildly. Brandon Karpf, N2K Man on the Street, stops by to share his thoughts on the 2024 RSA Conference. An Australian pension fund gets lost in the clouds. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guests Brandon Karpf , N2K Man on the Street, stops by to share his thoughts on the 2024 RSA Conference . Selected Reading Blinken unveils State Dept. strategy for ‘vibrant, open and secure technological future’ (The Record) Warner: Lawmakers 'in process' of finding Section 702 fix (The Record) Ransomware operations are becoming less profitable (Help Net Security) Proton Mail Discloses User Data Leading to Arrest in Spain (Restore Privacy) UK says defence ministry targeted in cyberattack (Digital Journal) Novel attack against virtually all VPN apps neuters their entire purpose (Ars Technica) MedStar Health data breach affects 183,079 patients (WUSA9) Researchers say cybersecurity education varies widely in US (Tech Xplore) System outage affecting UniSuper services (UniSuper) Uni
S10 E5570 · Tue, May 07, 2024
Bonus Episode: 2024 Cybersecurity Canon Hall of Fame Inductee: Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us by Eugene Spafford, Leigh Metcalf, Josiah Dykstra and Illustrated by Pattie Spafford. [CSOP]
Rick Howard, N2K’s CSO and The CyberWire’s Chief Analyst and Senior Fellow, interviews Eugene Spafford about his 2024 Cybersecurity Canon Hall of Fame book: “Cybersecurity Myths and Misconceptions.” References: Eugene Spafford, Leigh Metcalf, Josiah Dykstra, Illustrator: Pattie Spafford. 2023. Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us [Book]. Goodreads. Helen Patton, 2024. Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us [Book Review]. Cybersecurity Canon Project. Staff, 2024. CERIAS - Center for Education and Research in Information Assurance and Security [Homepage]. Purdue University. Rick Howard Cybersecurity Canon Concierge Cybersecurity Canon Committee members will be in the booth outside the RSA Conference Bookstore to help anybody interested in the Canon’s Hall of Fame and Candidate books. If you’re looking for recommendations, we have some ideas for you. RSA Conference Bookstore JC Vega: May 6, 2024 | 02:00 PM PDT Rick Howard: May 7, 2024 | 02:00 PM PDT Helen Patton: May 8, 2024 | 02:00 PM PDT Rick Howard RSA Birds of a Feather Session: I'm hosting a small group discussion called “ Cyber Fables: Debating the Realities Behind Popular Security Myths .” We will be using Eugene Spafford’s Canon Hall of Fame book, “ “Cyber Fables: Debating the Realities Behind Popular Security Myths” as the launchpad for discussion. If you want to engage in a lively discussion about the infosec profession, this is the event for you. May. 7, 2024 | 9:40 AM - 10:30 AM PT Rick Howard RSA Book Signing I published my book at last year’s RSA Conference. If you’re looking to get your copy signed, or if you just want to tell me how I got it completely wrong, come on by. I would love to meet you. RSA Conference Bookstore May 8, 2024 | 02:00 PM PDT Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads. Rick Howard Cyware Panel: The Billiard Room at the Metreon | 175 4th Street | San Francisco, CA 94103 May 8, 2024 | 8:30am-11am PST Simone Petrella and Rick Howard RSA Presentation: Location: Moscone South Esplanade level May. 9, 2024 | 9:40 AM - 10:30 AM PT <a href="https://www.rsaconference.com/USA/agenda/session/The%20Moneyball%20Approach%20to%20Buying%20Down%20Risk%20Not%20Sup
S8 E2061 · Mon, May 06, 2024
Charting the course: Biden's blueprint for global cybersecurity.
Secretary of State Antony Blinken is set to unveil a new international cybersecurity strategy at the RSA Conference in San Francisco. Paris prepares for Olympic-sized cybersecurity threats. Wichita, Kansas is recovering from a ransomware attack. A massive data breach hits citizens of El Salvador. Researchers steal cookies to bypass authentication. Cuckoo malware targets macOS systems. Iranian threat actors pose as journalists to infiltrate network targets. A former Microsoft insider analyzes the company’s recommitment to cybersecurity. Guest Mark Terenzoni, Director of Risk Management at AWS, joins N2K’s Rick Howard to discuss the benefits of security lakes in a post-AI world. Ukrainian officials introduce an AI generated spokesperson. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest Mark Terenzoni , Director of Risk Management at AWS , joins N2K’s Rick Howard to discuss the benefits of security lakes and other security considerations for a post-AI world. Selected Reading Biden administration rolls out international cybersecurity plan (POLITICO) Paris 2024 gearing up to face unprecedented cybersecurity threat (Reuters) Wichita government shuts down systems after ransomware incident (The Record) El Salvador suffered a massive leak of biometric data (Security Affairs) Stealing cookies: Researchers describe how to bypass modern authentication (CyberScoop) Malware: Cuckoo Behaves Like Cross Between Infostealer and Spyware (Kandji) Iranian hackers pose as journalists to push backdoor malware (Bleeping Computer) Breaking down M
S10 E5569 · Mon, May 06, 2024
Bonus Episode: 2024 Cybersecurity Canon Hall of Fame Inductee: Tracers in the Dark by Andy Greenberg. [CSOP]
Rick Howard, N2K’s CSO and The Cyberwire’s Chief Analyst and Senior Fellow, interviews Andy Greenberg about his 2024 Cybersecurity Canon Hall of Fame book: “Tracers in the Dark.” References: Andy Greenberg, 2022. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book]. Goodreads. Larry Pesce, 2024. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book Review]. Cybersecurity Canon Project. Rick Howard, 2024. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book Review]. Cybersecurity Canon Project. Ben Rothke, 2024. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book Review]. Cybersecurity Canon Project. TheScriptVEVO, 2012. The Script - Hall of Fame (Official Video) ft. will.i.am [Music Video]. YouTube. Satoshi Nakamoto, 2008. Bitcoin: A Peer-to-Peer Electronic Cash System [Historic and Important Paper]. Bitcoin . Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads. RSA Presentation: May. 9, 2024 | 9:40 AM - 10:30 AM PT Rick Howard, Simone Petrella , 2024. The Moneyball Approach to Buying Down Risk, Not Superstars [Presentation]. RSA 2024 Conference.
Bonus · Sun, May 05, 2024
Encore: Elizabeth Wharton: Strong shoulders for someone else to stand on. [Legal] [Career Notes]
Technology attorney and startup chief of staff Elizabeth Wharton shares her experiences and how she came to work with companies in technology. Elizabeth talks about how she always liked solving problems and Nancy Drew mysteries, but not litigation. These morphed finding into her home in the policy legal world and some time later, technology law. Elizabeth describes how she loves planning and strategy in her work and encourages others to ask questions and absorb all of the information. Our thanks to Elizabeth for sharing her story with us.
S8 E328 · Sat, May 04, 2024
Geopolitical tensions rise with China. [Research Saturday]
Adam Marré, CISO at Arctic Wolf, is diving deep into geopolitical tension with China including APT31, iSoon and TikTok with Dave this week. They also discuss some of the history behind China cyber operations. Adam shares information on how different APT groups are able to create spear phishing campaigns, and provides info on how to combat these groups.
S8 E2060 · Fri, May 03, 2024
Ransomware attack turns legal attack.
A Texas operator of rehab facilities faces multiple lawsuits after a ransomware attack. Microsoft warns Android developers to steer clear of the Dirty Stream. The Feds warn of North Korean social engineering. A flaw in the R programming language has been patched. Zloader borrows stealthiness from ZeuS. The GAO highlights gaps in NASA’s cybersecurity measures. Indonesia is a spyware hot-spot. Germany summons a top Russian envoy to address cyber-attacks linked to Russian military intelligence. An Israeli PI is arrested in London following allegations of a cyberespionage campaign. In our Industry Voices segment, Allison Ritter, Senior Product Manager from Cyberbit shares her career journey, off the bench and onto the court. A cybersecurity consultant allegedly attempts to extort a one-point-five million dollar exit package. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On our Industry Voices segment, Allison Ritter , Senior Product Manager from Cyberbit , shares her cybersecurity journey: “Off the bench and onto the court.” Selected Reading Rehab Hospital Chain Hack Affects 101,000; Facing 6 Lawsuits (GovInfo Security) Microsoft Warns of 'Dirty Stream' Vulnerability in Popular Android Apps (SecurityWeek) U.S. Govt Warns of Massive Social Engineering Attack from North Korean Hackers (GB Hackers) R-bitrary Code Execution: Vulnerability in R's Deserialization (HiddenLayer) ZLoader Malware adds Zeus's anti-analysis feature (Security Affairs) GAO report indicates that NASA should update spacecraft acquisition policies and standards for cybersecurity (Industrial Cyber) Indonesia is a Spyware Haven, Amnesty International Finds (InfoSecurity Magazine) <a href="https://www.theguardian.com/world/artic
S8 E2059 · Thu, May 02, 2024
Dropbox sign breach exposes secrets.
Dropbox’s secure signature service suffers a breach. CISA is set to announce a voluntary pledge toward enhanced security. Five Eyes partners issue security recommendations for critical infrastructure. Microsoft acknowledges VPN issues after recent security updates. LockBit releases data from a hospital in France. One of REvil’s leaders gets 14 years in prison. An Phishing-as-a-Service provider gets taken down by international law enforcement. China limits Teslas over security concerns. In our Threat Vector segment, David Moulton from Unit 42 explores Adversarial AI and Deepfakes with two expert guests, Billy Hewlett, and Tony Huynh. NightDragon founder and CEO Dave Dewalt joins us with a preview of next week’s NightDragon Innovation Summit 2024 at RSAC. And celebrating the 60th anniversary of the BASIC programming language. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest In our Threat Vector segment, David Moulton , Director of Thought Leadership at Unit 42, explores Adversarial AI and Deepfakes as part of the ongoing series “AI’s Impact in Cybersecurity'' with two expert guests, Billy Hewlett , Senior Director of AI Research at Palo Alto Networks, and Tony Huynh , a Security Engineer specializing in AI and deepfakes. They unpack the escalating risks posed by adversarial AI in cybersecurity. You can catch Threat Vector every other Thursday on the N2K CyberWire network and where you get all of your favorite podcasts. Listen to David’s full discussion with Billy and Tony here . Plus, NightDragon Founder and CEO Dave Dewalt joins us with a preview of next week’s NightDragon Innovation Summit 2024 at RSAC including a look into his “State of the Cyber Union” keynote. Selected Reading Security Breach Exposes Dropbox Sign Users (Infosecurity Magazine) The US Government Is Asking Big Tech to Promise Better Cybersecurity (WIRED) CISA adds
S8 E2058 · Wed, May 01, 2024
Retirement plan breach shakes financial giant.
A breach at J.P. Morgan Chase exposes data of over 451,000 individuals. President Biden Signs a National Security Memorandum to Strengthen and Secure U.S. Critical Infrastructure. Verizon’s DBIR is out. Cornell researchers unveil a worm called Morris II. A prominent newspaper group sues OpenAI. Marriott admits to using inadequate encryption. A Finnish man gets six years in prison for hacking a psychotherapy center. Qantas customers had unauthorized access to strangers’ travel data. The Feds look to shift hiring requirements toward skills. In our Industry Voices segment, Steve Riley, Vice President and Field CTO at Netskope, discusses generative AI and governance. Major automakers take a wrong turn on privacy. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Today on Industry Voices, Steve Riley , Vice President and Field CTO at Netskope , discusses generative AI and governance. For more of Steve’s insights into gen AI, check out his article in Forbes . Selected Reading Breach at J.P. Morgan Exposes Data of 451,000 Plan Participants (PLANADVISER) White House releases National Security Memorandum on critical infrastructure security and resilience (Industrial Cyber) DBIR Report 2024 - Summary of Findings (Verizon) Experimental Morris II worm can exploit popular AI services to steal data and spread malware (Computing) Major U.S. newspapers sue OpenAI, Microsoft for copyright infringement (Axios) Marriott admits it falsely claimed for five years it was using encryption during 2018 breach (CSO Online) <a h
S8 E2057 · Tue, April 30, 2024
Ransomware is just a prescription for chaos.
UnitedHealth’s CEO testimony before congress reveals details of the massive data breach. Major US mobile carriers are hit with hefty fines for sharing customer data. Muddling Meerkat manipulates DNS. A report from Sophos says ransomware payments skyrocketed this past year. The DOE addresses risks and benefits of AI. LightSpy malware targets macOS. A crucial Kansas City weather and traffic system is disabled by a cyberattack. A Canadian pharmacy chain shuts down temporarily following a cyberattack. Guest Kayla Williams, CISO from Devo, joins us to share CISO insights into the pressure of their roles they feel mounting on them and gives us a look into their plans for RSAC 2024. Pay attention - that AWS meter may be running. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest Kayla Williams, CISO from Devo, joins us to share CISO insights into the pressure of their roles they feel mounting on them and gives us a look into their plans for RSAC 2024. Selected Reading Change Healthcare hackers broke in using stolen credentials — and no MFA, says UHG CEO (TechCrunch) FCC Fines Carriers $200m For Selling User Location Data (Infosecurity Magazine) Muddling Meerkat hackers manipulate DNS using China’s Great Firewall (Bleeping Computer) Ransom Payments Surge by 500% to an Average of $2m (Infosecurity Magazine) US DOE rolls out initial assessment report on AI benefits and risks for critical energy infrastructure (Industrial Cyber) LightSpy malware has made a comeback, and this time it's coming after your macOS devices (ITPro) Kansas City system providing roadside weather, traffic info taken down by cyberattack (The Record) <a href="https://www.bleepingcomputer.com/news/security/london-drugs-pharmacy-chain-closes-stores-after-cybe
S8 E2056 · Mon, April 29, 2024
An unprecedented surge in credential stuffing.
Okta warns of a credential stuffing spike. A congressman looks to the EPA to protect water systems from cyber threats. CISA unveils security guidelines for critical infrastructure. Researchers discover a stealthy botnet-as-a-service coming from China. The UK prohibits easy IoT passwords. New vulnerabilities are found in Intel processors. A global bank CEO shares insights on cybersecurity. Users report mandatory Apple ID resets. A preview of N2K CyberWire activity at RSA Conference. Police in Japan find a clever way to combat gift card fraud. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest It’s the week before the 2024 RSA Conference. Today, we have N2K ’s own Rick Howard , Brandon Karpf , and Dave Bittner previewing N2K’s upcoming activities and where you can find our team at RSAC 2024 . Special Edition: Threat Vector Understanding the Midnight Eclipse Activity and CVE 2024-3400 : Host David Moulton and Andy Piazza, Sr. Director of Threat Intelligence at Unit 42, dive into the critical vulnerability CVE-2024-3400 found in PAN-OS software of Palo Alto Networks, emphasizing the importance of immediate patching and mitigation strategies for such vulnerabilities, especially when they affect edge devices like firewalls or VPNs. Selected Reading Okta warns customers about credential stuffing onslaught (Help Net Security) Crawford puts forward bill on cybersecurity risks to water systems (The Arkansas Democrat-Gazette) CISA unveils guidelines for AI and critical infrastructure (FedScoop) Chinese Botnet As-A-Service Bypasses Cloudflare & Other DDoS Protection Services (GB Hackers) UK becomes first country to ban default bad passwords on IoT devices (The Record) <a href="https://www.helpnetsecurity.com/2024
Bonus · Sun, April 28, 2024
Encore: Jack Rhysider: Get your experience points in everything. [Media] [Career Notes]
Host of Darknet Diaries podcast Jack Rhysider shares his experiences from studying computer engineering at university to his strategy of using gamification on his career that led to him landing in the security space. Jack talks about how his wide experiences came together in security and what prompted him to learn podcasting. Jack endeavors to share the whole story through his podcasts while making them entertaining, enlightening and inspirational. Our thanks to Jack for sharing his story with us.
Bonus · Sat, April 27, 2024
Cerber ransomware strikes Linux. [Research Saturday]
Christopher Doman, Co-Founder and CTO at Cado Security, is talking about their research on "Cerber Ransomware: Dissecting the three heads." This research delves into Cerber ransomware being deployed onto servers running the Confluence application via the CVE-2023-22518 exploit. The research states "Cerber emerged and was at the peak of its activity around 2016, and has since only occasional campaigns, most recently targeting the aforementioned Confluence vulnerability." The research can be found here: Cerber Ransomware: Dissecting the three heads
S8 E2055 · Fri, April 26, 2024
Kaiser Permanente's privacy predicament.
Healthcare providers report breaches affecting millions. PlugX malware is found in over 170 countries. Hackers exploit an old vulnerability to launch Cobalt Strike. A popular Wordpress plugin is under active exploitation. Developing nations may serve as a test bed for malware developers. German authorities question Microsoft over Russian hacks. CISA celebrates the success of their ransomware warning program. Our guest is Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA, discussing open source software. Password trends are a mixed bag. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest is Eric Goldstein , Executive Assistant Director for Cybersecurity at CISA , discussing open source software. Selected Reading Kaiser Permanente data breach may have impacted 13.4 million patients (Security Affairs) LA County Health Services: Patients' data exposed in phishing attack (Bleeping Computer) China-linked PlugX malware infections found in more than 170 countries (The Record) Hackers Exploit Old Microsoft Office 0-day to Deliver Cobalt Strike (GB Hackers) Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors (SecurityWeek) Cybercriminals are using developing nations as test beds for ransomware attacks (TechSpot) Microsoft Questioned by German Lawmakers About Russian Hack (GovInfo Security) More than 800 vulnerabilities resolved through CISA ransomware notification pilot (The Record) Most people still rely on memory or pen
S9 E62 · Fri, April 26, 2024
Cyber Talent Insights: Strengthening the cyber talent pipeline apparatus. (Part 3 of 3) [Special Edition]
Join us for this special three-part series where the N2K Cyber Talent Insights team guides you through effective strategies to develop your cybersecurity team, helping you stay ahead in the constantly changing cybersecurity landscape. In this episode, we center our conversation around the Cyber Workforce Pipeline. We discuss where the next great wave of talent is going to come. We talk more about these sources of new talent, such as K-12 programs, higher education, and trade school programs, transitioning military, and other initiatives and programs focused on cultivating the next generation of cyber professionals. Explore Cyber Talent Insights N2K’s Cyber Talent Insights provides security leaders measurable and actionable insights on your organization’s current cyber roles and capabilities to maximize your talent investments and build a business case for better hiring, developing, maintaining, and retaining your technical talent pools. Learn how at n2k.com/talent-insights. Connect with the N2K Cyber Workforce team on Linkedin: Dr. Sasha Vanterpool , Cyber Workforce Consultant Dr. Heather Monthie , Cybersecurity Workforce Consultant Jeff Welgan , Chief Learning Officer Resources for developing your cybersecurity teams: N2K Cyber Workforce Strategy Guide Workforce Media Resources Strategic Cyber Workforce Intelligence resources for your organization Cyber Talent Acquisition Woes for Enterprises Workforce Intelligence: What it is and why you need it for cyber teams webinar Setting Better Cyber Job Expectations to Attract & Retain Talent webinar
S8 E2054 · Thu, April 25, 2024
The shadowy adversary in Cisco's crosshairs.
Cisco releases urgent patches for their Adaptive Security Appliances. Android powered smart TVs could expose Gmail inboxes. The FTC refunds millions to Amazon Ring customers. The DOJ charges crypto-mixers with money laundering. A critical vulnerability has been disclosed in the Flowmon network monitoring tool. A Swiss blood donation company reopens following a ransomware attack. Multiple vulnerabilities are discovered in the Brocade SANnav storage area network management application. Brokewell is a new Android banking trojan. Meta’s ad business continues to face scrutiny in the EU. Ann Johnson, host of Microsoft Security’s Afternoon Cyber Tea podcast speaks with LinkedIn's CISO Geoff Belknap. And an AI Deepfake Sparks a Community Crisis. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest We are joined by Ann Johnson , host of Microsoft Security ’s Afternoon Cyber Tea podcast talking with Geoff Belknap sharing "Insights from LinkedIn 's CISO." You can listen to their full discussion here . Selected Reading 'ArcaneDoor' Cyberspies Hacked Cisco Firewalls to Access Government Networks (WIRED) Cisco Releases Security Updates Addressing ArcaneDoor Campaign, Exploited Vulnerabilities in ASA and FTD (NHS England Digital) Android TVs Can Expose User Email Inboxes (404 Media) FTC Sending $5.6 Million in Refunds to Ring Customers Over Security Failures (SecurityWeek) Southern District of New York | Founders And CEO Of Cryptocurrency Mixing Service Arrested And Charged With Money Laundering And Unlicensed Money Transmitting Offenses (United States Department of Justice) <a href="https://www.
S8 E2053 · Wed, April 24, 2024
Iran's covert cyber operations exposed.
The DOJ indicts four Iranian nationals on hacking charges. Legislation to ban or force the sale of TikTok heads to the President’s desk. A Russian hack group claims a cyberattack on an Indiana water treatment plant. A roundup of dark web data leaks. Mandiant monitors dropping dwell times. Bcrypt bogs down brute-forcing. North Korean hackers target defense secrets. On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey. On our Industry Voices segment, Tony Velleca, CEO of CyberProof, joins us to explore some of the pain points that CISOs & CIOs are experiencing today, and how they can improve their cyber readiness. Ransomware may leave the shelves in Sweden’s liquor stores bare. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guests Learning Layer On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey using N2K’s comprehensive CISSP training course , CISSP practice test , and CISSP practice labs . Sam and Joe discuss content and study strategies for CISSP Domain 3 Security Architecture and Engineering, and discuss encryption and non-repudiation. Specifically they cover sub-domain 3.6, "Select and determine cryptographic solutions," which includes: Cryptographic life cycle Cryptographic method Public key infrastructure (PKI). Industry Voices On our Industry Voices segment, Tony Velleca , CEO of CyberProof , joins us to explore some of the pain points that CISOs & CIOs are experiencing today, and how they can improve their cyber readiness. Selected Reading Rewards Up to $10 Million for Information on Iranian Hackers (GB Hackers) <a href="https://www.washingtonpost.com/technology/2024/04/23/tiktok-ban-senate-vote-sale-biden/
S8 E2052 · Tue, April 23, 2024
Visa crackdown against spyware swindlers.
The State Department puts visa restrictions on spyware developers. UnitedHealth says its recent breach could affect tens of millions of Americans. LockBit leaks data allegedly stolen from the DC government. Microsoft says APT28 has hatched a GooseEgg. The White House and HHS update HIPAA rules to protect private medical data. Keyboard apps prove vulnerable. A New Hampshire hospital suffers a data breach. Microsoft’s DRM may be vulnerable to compromise. On our Industry Voices segment, Ian Leatherman, Security Strategist at Microsoft, discusses raising the bar for security in the software supply chain. GoogleTeller just can’t keep quiet. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On our Industry Voices segment, Ian Leatherman , Security Strategist at Microsoft , discusses raising the bar for security in the software supply chain. Selected Reading U.S. Gov imposed Visa restrictions on 13 individuals linked to commercial spyware activity (Security Affairs) UnitedHealth Group Previews Massive Change Healthcare Breach (GovInfo Security) Ransomware Gang Leaks Data Allegedly Stolen From Government Contractor (SecurityWeek) Russian APT28 Group in New “GooseEgg” Hacking Campaign (Infosecurity Magazine) HHS strengthens privacy protections for reproductive health patients and providers (The Record) The not-so-silent type: Vulnerabilities across keyboard apps reveal keystrokes to network eavesdroppers (The Citizen Lab) Records of almost 2,800 CMC patients vulnerable in 'data security incident': hospital | Crime <a href="https://www.unionleader.com/news/crime/records-of-almost-2
S8 E2051 · Mon, April 22, 2024
Renewed surveillance sparks controversy.
Section 702 gets another two years. MITRE suffers a breach through an Ivanti VPN. CrushFTP urges customers to patch an actively exploited flaw. SafeBreach researchers disclose vulnerabilities in Windows Defender that allow remote file deletion. Ukrainian soldiers see increased attention from data-stealing apps. GitHub’s comments are being exploited to distribute malware. VW confirms legacy Chinese espionage and data breaches. CISA crowns winners of the President’s Cup Cybersecurity Competition. Cecilia Marinier, Director, Innovation and Programs at RSA Conference, and Niloo Razi Howe, Senior Operating Partner at Energy Impact Partners & judge, review the top Innovation Sandbox contest finalists in anticipation of RSAC 2024. Targeting kids online puts perpetrators in the malware crosshairs. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest We have two guests today. Cecilia Marinier , Director, Innovation and Programs at RSA Conference , and Niloo Razi Howe , Senior Operating Partner at Energy Impact Partners & judge, review the top Innovation Sandbox contest finalists and what to look for on the innovation front at RSAC 2024. For 18 years, cybersecurity's boldest new innovators have competed in the RSAC Innovation Sandbox contest to put the spotlight on their potentially game-changing ideas. This year, 10 finalists will once again have three minutes to make their pitch to a panel of judges. Since the start of the contest, the Top 10 Finalists have collectively seen over 80 acquisitions and $13.5 billion in investments. Innovation Sandbox will take place on Monday, May 6th at 10:50am PT. Selected Reading Warrantless spying powers extended to 2026 with Biden’s signature (The Record) MITRE breached by nation-state threat actor via Ivanti zero-days (Help Net Security) CrushFTP File Transfer Vulnerability Lets Attackers Download System Fi les (Infosecurity Magazine) Researchers Claim that Windows Defender Can Be Bypassed<
Bonus · Sun, April 21, 2024
Encore: Kiersten Todt: problem solving and building solutions. [Policy] [Career Notes]
Managing director of the Cyber Readiness Institute Kiersten Todt shares how she came to be in the cybersecurity industry helping to provide free tools and resources for small businesses through a nonprofit. She describes how her work on the Hill prior to and just after 9/11 changed. Kiersten talks about the diversity of skills that benefit work in cybersecurity and offers her advice on going after what you want to do. Our thanks to Kiersten for sharing her story with us.
S1 E50 · Sun, April 21, 2024
Cloud Architect vs Detection Engineer: Mutual benefit. [CyberWire-X]
In this episode of CyberWire-X, N2K CyberWire’s Podcast host Dave Bittner is joined by Brian Davis , Principal Software Engineer, and Thomas Gardner , Senior Detection Engineer, both from Red Canary. They engage in a cloud architect vs. detection engineer discussion. Through the conversation, they illustrate how one person benefits the other's work and how they work together. Red Canary is our CyberWire-X episode sponsor.
Bonus · Sat, April 20, 2024
The art of information gathering. [Research Saturday]
Greg Lesnewich, senior threat researcher at Proofpoint, sits down to discuss "From Social Engineering to DMARC Abuse: TA427’s Art of Information Gathering." Since 2023, TA427 has directly solicited foreign policy experts for their opinions on nuclear disarmament, US-ROK policies, and sanction topics via benign conversation starting emails. The research states "While our researchers have consistently observed TA427 rely on social engineering tactics and regularly rotating its email infrastructure, in December 2023 the threat actor began to abuse lax Domain-based Message Authentication, Reporting and Conformance (DMARC) policies to spoof various personas and, in February 2024, began incorporating web beacons for target profiling." The research can be found here: From Social Engineering to DMARC Abuse: TA427’s Art of Information Gathering
S8 E2050 · Fri, April 19, 2024
Swift responses to cyberattacks.
Two swift responses to recent cyberattacks. Frontier Communications discloses cyberattack. Texas town repels water system cyberattack by unplugging. List of undesirables falls into the wrong hands. CryptoChameleon phishing kit impersonates LastPass. Ransomware payments trending down in Q1 2024 and a warning for small to medium-sized businesses. US auto manufacturers targeted by FIN7. Akira ransomware has made $42 million since March 2023. No more WhatsApp or Threads in China. Concerning drop in US cybersecurity job listings. Our guest is Zscaler’s Chief Security Officer Deepen Desai exploring encrypted attacks amidst the AI revolution. Meghan Markle hacked by Kate supporters. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest Deepen Desai , Chief Security Officer and SVP Security Engineering & Research at Zscaler , joins us to talk about exploring encrypted attacks amidst the AI revolution. Selected Reading Frontier Communications Shuts Down Systems Following Cyberattack (SecurityWeek) Tiny Texas City Repels Russia-Tied Hackers Eyeing Water System (Bloomberg) Cybercriminals threaten to leak all 5 million records from stolen database of high-risk individuals (The Register) Advanced Phishing Kit Adds LastPass Branding for Use in Phishing Campaigns (LastPass) Ransomware in Q1 2024: Frequency, size of payments trending downwards, SMBs beware! (Help Net Security) FIN7 cybercriminals targeted large U.S. automotive manufacturer last year (The Record) Akira Ransomware Made Over $42 Million in One Year: Agencies (SecurityWeek) Apple pulls WhatsApp, Threads from China App Store
S9 E61 · Fri, April 19, 2024
Cyber Talent Insights: Charting your path in cybersecurity. (Part 2 of 3) [Special Edition]
Join us for this special three-part series where the N2K Cyber Talent Insights team guides you through effective strategies to develop your cybersecurity team, helping you stay ahead in the constantly changing cybersecurity landscape. In this episode, we shift our point of view to provide guidance for an individual's first career or perhaps considering a career change transitioning into the field. We discuss a market-driven approach to career development. We also explore how to discover one’s niche in cybersecurity, including how to stand out in this competitive market and align personal interests with career goals. Lastly, we examine the role certifications play when navigating your path throughout the talent acquisition, development, and retention of the cybersecurity workforce management lifecycle. Explore Cyber Talent Insights N2K’s Cyber Talent Insights provides security leaders measurable and actionable insights on your organization’s current cyber roles and capabilities to maximize your talent investments and build a business case for better hiring, developing, maintaining, and retaining your technical talent pools. Learn how at n2k.com/talent-insights. Connect with the N2K Cyber Workforce team on Linkedin: Dr. Sasha Vanterpool , Cyber Workforce Consultant Dr. Heather Monthie , Cybersecurity Workforce Consultant Jeff Welgan , Chief Learning Officer Resources for developing your cybersecurity teams: N2K Cyber Workforce Strategy Guide Workforce Media Resources Cyber Talent Acquisition Woes for Enterprises Workforce Intelligence: What it is and why you need it for cyber teams webinar Setting Better Cyber Job Expectations to Attract & Retain Talent webinar
S8 E2049 · Thu, April 18, 2024
From phishing to felony.
A major Phishing-as-a-service operation gets taken down by international law enforcement. US election officials are warned of nation-state influence operations. The house votes to limit the feds’ purchase of citizens personal data. A Michigan healthcare provider suffered a ransomware attack. Critical infrastructure providers struggle to trust cybersecurity tools. Cloudflare reports on DDoS. Kaspersky uncovers new Android banking malware. Kubernetes cryptominers leverage previously patched flaws. The Massachusetts Attorney General emphasizes the responsible use of AI. Our guest Caleb Barlow, CEO of Cyberbit, joins us to talk about badge swipe fraud as more are returning to the office. Colorado passes a law to keep big tech out of our heads. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest and podcast partner Caleb Barlow , CEO of Cyberbit , joins us to talk about badge swipe fraud as more are returning to the office. Are your employees faking their badge swipes? Selected Reading LabHost phishing service with 40,000 domains disrupted, 37 arrested (Bleeping Computer) US Election Officials Told to Prepare for Nation-State Influence Campa (Infosecurity Magazine) House votes in favor of curtailing government transactions with data brokers (The Record) 180k Impacted by Data Breach at Michigan Healthcare Organization (SecurityWeek) Trust in Cyber Takes a Knock as CNI Budgets Flatline (Infosecurity Magazine) DDoS threat report for 2024 Q1 (Cloudflare) SoumniBot malware exploits Android bugs to evade detection (Bleeping Computer) Hackers hijack OpenMetadata apps in Kubernetes
S8 E2048 · Wed, April 17, 2024
The rebirth of Russia's cyber warfare.
A Russian hacker group boldly targets critical infrastructure. The Change Healthcare ransomware attack is projected to cost over a billion dollars. Three hundred bucks is the going rate for a SIM swap. PuTTY potentially reveals private keys. Cisco Talos reports a surge in brute-force attacks. Ivanti updates its MDM product. Omni Hotels & Resorts confirm a data breach. Financially motivated hackers target Businesses in Latin America with steganography. A prolific cryptojacker faces decades in prison. On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey. The ransomware equivalent of a Saturday night special. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey using N2K’s comprehensive CISSP training course , CISSP practice test , and CISSP practice labs . Sam and Joe discuss content and study strategies for Domain 2, Asset Security. Resources: Domain 2, Asset Security Identify and securely provision information assets, establish handling requirements, manage the data lifecycle, and apply data security controls to comply with applicable laws. 2.1 Identify and classify information and assets 2.2 Establish information and asset handling requirements 2.3 Provision resources securely 2.4 Manage data lifecycle 2.5 Ensure appropriate asset retention (e.g., End-of-Life (EOL), End-of-Support (EOS)) 2.6 Determine data security controls and compliance requirements Are you studying for the CISSP exam, considering taking the test soon, or did you have an unsuccessful exam experience? Here are some CISSP exam pitfalls to avoid so that you’re confident and successful on exam day. Selected Reading <a href="https:/
S1 E2047 · Tue, April 16, 2024
Weathering the phishing front.
Cisco Dou warns of a third-party MFA-related breach. MGM Resorts sues to stop an FTC breach investigation. Meanwhile the FTC dings another mental telehealth service provider. Open Source foundations call for caution after social engineering attempts. The NSA shares guidance for securing AI systems. IntelBroker claims to have hit a US geospatial intelligence firm. The UK clamps down on deepfakes. Hard-coded passwords provide the key to smart-lock vulnerabilities. On our Industry Voices segment, Ryan Lougheed, Director of Product Management at Onspring, discusses the benefits of artificial intelligence in governance, risk and compliance (GRC). A Law Firm’s Misclick Ends 21 Years of Matrimony. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On our Industry Voices segment, Ryan Lougheed , Director of Product Management at Onspring , discusses the benefits of artificial intelligence in governance, risk and compliance (GRC). Selected Reading Cisco Duo MFA logs exposed in third-party data breach (ITPro) Casino operator MGM sues FTC to block probe into 2023 hack (Reuters) Open Source Leaders Warn of XZ Utils-Like Takeover Attempts (Infosecurity Magazine) FTC Bans Online Mental Health Firm From Sharing Certain Data (GovInfo Security) New NSA guidance identifies need to update AI systems to address changing risks, bolster security (Industrial Cyber) IntelBroker Claims Space-Eyes Breach, Targeting US National Security Data (HackRead) Creating sexually explicit deepfakes to become a criminal offence (BBC) CISA warns of critical vulnerability in Chirp smart locks (The Register) <a href="https://ww
S8 E2046 · Mon, April 15, 2024
Hunting vulnerabilities.
Palo Alto Networks releases hotfixes for an exploited zero-day. Delinea issues an urgent update for a critical flaw. Giant Tiger data is leaked online. A European semiconductor manufacturer deals with a data breach. Roku suffers its second breach of the year. Operators of the Hive RAT face charges. A former Amazon security engineer gets three years in prison for hacking cryptocurrency exchanges. Zambian officials arrest 77 in a scam call center crack down. Our guest Deputy Assistant Director Cynthia Kaiser from the FBI Cyber Division describes dual ransomware. And Rob Boyce, Managing Director at Accenture, shares his thoughts on security testing of generative AI. And selling Pokemon cheats leaves one man in Japan feeling like he had a run-in with a Scaldiburn. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Today, we have two guests, Deputy Assistant Director Cynthia Kaiser from the FBI Cyber Division discussing dual ransomware. Followed by Rob Boyce , Managing Director at Accenture , sharing some thoughts on security testing of generative AI. Selected Reading Palo Alto Networks Releases Fixes for Firewall Zero-Day as First Attribution Attempts Emerge (SecurityWeek) A critical vulnerability in Delinea Secret Server allows auth bypass, admin access (Help Net Security) Hacker claims Giant Tiger data breach, leaks 2.8M records online (Bleeping Computer) Press statement: Nexperia IT Breach (Nexperia) Roku issues warning over massive customer account breach (ITPro) Two People Arrested in Australia and US for Development and Sale of Hive RAT (SecurityWeek) <a href="https://www.bleepingcomputer.com
S1 E9 · Mon, April 15, 2024
AWS in Orbit: Extending the resilient edge to space. [T-Minus AWS in Orbit]
You can learn more about AWS in Orbit at space.n2k.com/aws . N2K Space is working with AWS to bring the AWS in Orbit podcast series to the 39th Space Symposium in Colorado Springs from April 8-11. Our guests today are Clint Crosier , Director at AWS Aerospace and Satellite, and Jim Tran , Vice President of Government Solutions at Iridium . AWS in Orbit is a podcast collaboration between N2K Networks and AWS to offer listeners an in-depth look at the transformative intersection of cloud computing, space technologies, and generative AI. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space , and you’ll never miss a beat. And be sure to follow T-Minus on LinkedIn and Instagram . Selected Reading AWS Aerospace and Satellite Audience Survey We want to hear from you! Please complete our short survey . It’ll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit . Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.
Bonus · Sun, April 14, 2024
Encore: Stu Sjouwerman: Trying for a win, win, win game. [CEO] [Career Notes]
Founder and CEO Stu Sjouwerman takes us on a journey of how his career developed from starting a software service company to currently focusing on the infosec side of the business where his team essentially helps to create human firewalls. Stu talks about learning all aspects of the business while creating startups and suggests you learn to speak the language of the area you are looking to get into. He even touches on predicting the future and taking over the world. Our thanks to Stu for sharing his story with us.
S1 E8 · Sun, April 14, 2024
AWS in Orbit: Building a resilient outernet. [T-Minus AWS in Orbit]
You can learn more about AWS in Orbit at space.n2k.com/aws . N2K Space is working with AWS to bring the AWS in Orbit podcast series to the 39th Space Symposium in Colorado Springs from April 8-11. Our guests today are Salem El Nimri , Chief of Space Technology at AWS Aerospace and Satellite, and Declan Ganley , Chairman and CEO at Rivada Space Networks. AWS in Orbit is a podcast collaboration between N2K Networks and AWS to offer listeners an in-depth look at the transformative intersection of cloud computing, space technologies, and generative AI. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space , and you’ll never miss a beat. And be sure to follow T-Minus on LinkedIn and Instagram . Selected Reading AWS Aerospace and Satellite Audience Survey We want to hear from you! Please complete our short survey . It’ll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit . Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.
Bonus · Sat, April 13, 2024
Breaking down a a high-severity vulnerability in Kubernetes. [Research Saturday]
Tomer Peled, a Security & Vulnerability Researcher from Akamai is sharing their work on "What a Cluster: Local Volumes Vulnerability in Kubernetes." This research focuses on a high-severity vulnerability in Kubernetes, allowing for remote code execution with system privileges on all Windows endpoints within a Kubernetes cluster. The research states "The discovery of this vulnerability led to the discovery of two others that share the same root cause: insecure function call and lack of user input sanitization." The research can be found here: What a Cluster: Local Volumes Vulnerability in Kubernetes
S8 E2045 · Fri, April 12, 2024
Privacy, power, and the path forward.
Section 702 edges closer to a vote. CISA provides guidance on Sisense and Microsoft breaches. A major conservative think tank reports a breach. Obsolete D-Link devices are under active exploitation, and Palo Alto warns of a zero-day. Raspberry Robin grows more stealthy. A lastpass employee thwarts a deepfake phishing attempt. Are AI models growing more persuasive? Our guest Kevin Magee from Microsoft Canada joins us to talk about cross domain prompt injection and AI. Floppies keep the trains running on time. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest and podcast partner Kevin Magee from Microsoft Canada joins us to talk about cross domain prompt injection and AI. Selected Reading Compromise of Sisense Customer Data (CISA) ED 24-02: Mitigating the Significant Risk from Nation-State Compromise of Microsoft Corporate Email System (CISA) US think tank Heritage Foundation hit by cyberattack (TechCrunch) Exploitation of Unpatched D-Link NAS Device Vulnerabilities Soars (SecurityWeek) Palo Alto Networks Warns About Critical Zero-Day in PAN-OS (Infosecurity Magazine) Hackers are using Windows script files to spread malware and swerve antivirus software ( ITPro) LastPass Employee Targeted With Deepfake Calls (SecurityWeek) Anthropic says its AI models are as persuasive as humans (Axios) 5.25-inch floppy disks expected to help run San Francisco trains until 2030 (Ars
S9 E60 · Fri, April 12, 2024
Cyber Talent Insights: Navigating the landscape for enterprise organizations. (Part 1 of 3) [Special Edition]
Join us for this special three-part series where the N2K Cyber Talent Insights team guides you through effective strategies to develop your cybersecurity team, helping you stay ahead in the constantly changing cybersecurity landscape. In the first episode of the series on cybersecurity workforce development, we dive into the complex world of cyber workforce management and planning, particularly as it pertains to the perspective of the enterprise. We explore the current state of the cybersecurity workforce, navigate various challenges in talent acquisition, and explore the nuances of job classifications, titles, compensation, and the dynamics of remote, onsite, and hybrid work environments. Our experts further address talent development strategies like professional development, training, conferences, mentorship programs, communities of interest, and corporate cyber academies. Finally, we touch upon the critical aspect of talent retention, an essential component in closing the cybersecurity talent gap. We hope you will join us on this journey. Connect with the N2K Cyber Workforce team on Linkedin: Dr. Sasha Vanterpool , Cyber Workforce Consultant Dr. Heather Monthie , Cybersecurity Workforce Consultant Jeff Welgan , Chief Learning Officer Resources for developing your cybersecurity teams: N2K Cyber Workforce Strategy Guide Workforce Media Resources Strategic Cyber Workforce Intelligence resources for your organization Cyber Talent Acquistion Woes for Enterprises Workforce Intelligence: What it is and why you need it for cyber teams webinar Setting Better Cyber Job Expectations to Attract & Retain Talent webinar
S8 E2044 · Thu, April 11, 2024
Apple's worldwide warning on mercenary attacks.
Apple warns targeted users of mercenary spyware attacks. CISA expands its Malware Next-Gen service to the private sector. US Cyber Command chronicles their “hunt forward” operations. Taxi fleets leak customer data. Trend Micro tracks DeuterBear malware. The BatBadBut vulnerability enables command injection on Windows. Cybercriminals manipulate GitHub's search functionality. Scully Spider may be utilizing AI generated Powershells scripts. A study from ISC2 shed’s light on salary disparities. On our Threat Vector segment, host David Moulton, Director of Thought Leadership at Unit 42, welcomes Donnie Hasseltine, VP of Security at Second Front Systems and a former Recon Marine, as they delve into the indispensable role of a military mindset in cybersecurity. Guest Dr. Sasha Vanterpool, Cyber Workforce Consultant with N2K, introducing the new podcast series Cyber Talent Insights. And AI music sings the license. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guests On our Threat Vector segment, host David Moulton , Director of Thought Leadership at Unit 42 , welcomes Donnie Hasseltine , VP of Security at Second Front Systems and a former Recon Marine, as they delve into the indispensable role of a military mindset in cybersecurity. You can listen to the full conversation here . Guest Dr. Sasha Vanterpool , Cyber Workforce Consultant with N2K , introducing the new podcast series Cyber Talent Insights that is launching on Friday, April 12, 2024. You can read more about Cyber Talent Insights here . Selected Reading iPhone users in 92 countries received a spyware attack warning from Apple (Engadget) CISA to expand automated malware analysis system beyond government agencies (The Record) <a href="https://www.securityweek.com/us-cyb
S8 E2043 · Wed, April 10, 2024
From deadlock to debate on a revised Section 702 bill.
The House moves forward on Section 702 reauthorization. Ukraine suspends a top cybersecurity official. A Wisconsin health coop suffers a data breach. Sophos uncovers a malicious backdoor. Fortinet issues patches for critical and high severity vulnerabilities. A Microsoft server exposed employee passwords, keys, and credentials. LG releases patches to secure smart TVs. The IMF warns of cyberattacks potential to trigger bank runs. It was a busy patch Tuesday. On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's CISSP study journey and how to avoid frustration when you get a practice question wrong. X marks the spot where Elon’s impulsiveness turns chaotic. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's CISSP study journey and discuss Domain 1, Security and Risk Management. They cover note-taking best practices and how to avoid getting frustrated when you get a practice question wrong. Selected Reading House sets up debate on Section 702 bill, along with votes on proposed changes (The Record) Ukrainian security service’s cyber chief suspended following media investigation (The Record) 530k Impacted by Data Breach at Wisconsin Healthcare Organization (SecurityWeek) Smoke and (screen) mirrors: A strange signed backdoor (Sophos News) Fortinet reports FortiClient critical flaw and issues in FortiOS and FortiProxy (Beyond Machines) Microsoft left internal passwords exposed in latest security blunder (The Verge) <a href="https://therecord.med
S8 E2042 · Tue, April 09, 2024
Unraveling a healthcare ransomware web.
Change Healthcare gets hit with another ransom demand. A French football team warns fans of a cyberattack. The Home Depot breach is chalked up to a misconfigured SaaS application. The FCC looks to sure up car connectivity security to protect survivors of domestic violence. Targus reports a disruptive cyberattack. A massive doxxing event hits El Salvador. India's top audio and wearables brand investigates a customer data breach. The Israeli military jams GPS. Microsoft Security’s Ann Johnson, host of Afternoon Cyber Tea podcast, shares a segment of her latest episode featuring Jason Healey, founding scholar and director for cyber efforts at Columbia's School of International and Public Affairs. They discuss nurturing trust in cybersecurity. And, I’ll have a burger with a side of surveillance. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Today, Microsoft Security ’s Ann Johnson , host of Afternoon Cyber Tea podcast , shares a segment of her latest episode featuring Jason Healey , founding scholar and director for cyber efforts at Columbia's School of International and Public Affairs . They discuss nurturing trust in cybersecurity. You can listen to the full episode here . Selected Reading Change Healthcare breach data may be in hands of new ransomware group (SC Media) French football club PSG says ticketing system targeted by cyberattack (The Record) Misconfigured SaaS applications led to the Home Depot data breach, and experts say it’s no surprise (ITPro) FCC opens rulemaking to probe connected car stalking (The Record) Targus discloses cy
S8 E2041 · Mon, April 08, 2024
A possible breakthrough in data privacy legislation.
Might there be motion from Congress on data privacy legislation? Maryland passes a pair of privacy bills. A database allegedly from the EPA shows up on Russian cybercrime forums. HHS issues an alert for the Healthcare and Public Health sectors. CISA gears up for their Cyber Storm. A leading UK veterinary service provider suffers a cyber incident. A hardcoded backdoor is discovered in deprecated Network Attached Storage devices. NSA’s new cybersecurity director takes the reins. Guest Caleb Barlow, CEO of Cyberbit, shares his insights on the evolving role of the CISO. The bull market for Zero-days. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest Caleb Barlow , CEO of Cyberbit , discussing how we need to think about the role and position of the CISO. Selected Reading A Breakthrough Online Privacy Proposal Hits Congress (WIRED) Maryland Passes 2 Major Privacy Bills, Despite Tech Industry Pushback (The New York Times) US Environmental Protection Agency Allegedly Hacked, 8.5M User Data Leaked (HACKREAD) U.S. Department of Health warns of attacks against IT help desks (Security Affairs) CISA’s ‘Cyber Storm’ will help it update National Cyber Incident Response Plan (Federal News Network) Veterinary Giant CVS Reveals Major Cyber-Attack (Infosecurity Magazine) Over 92,000 exposed D-Link NAS devices have a backdoor account (Bleeping Computer) NSA Appoints Dave Luber as Cybersecurity Director (SecurityWeek) <a href="https://techcrunch.com/2024
Bonus · Sun, April 07, 2024
Encore: Selena Larson: The Green Goldfish and cyber threat intelligence. [Analyst] [Career Notes]
Cyber threat intelligence analyst Selena Larson takes us on her career journey from being a journalist to making the switch to industrial security. As a child who wrote a book about a green goldfish who dealt with bullying, Selena always liked investigating and researching things. Specializing in cybersecurity journalism led to the realization of how closely aligned or similar skills are required from an investigative journalist and a cyber threat intelligence analyst. Our thanks to Selena for sharing her story with us.
Bonus · Sat, April 06, 2024
Leaking your AWS API keys, on purpose? [Research Saturday]
Noah Pack, a SANS Internet Storm Center Intern, sits down to discuss research on "What happens when you accidentally leak your AWS API keys?" This research is a guest diary from Noah and shares a project he worked on after seeing an online video of someone who created a python script that emailed colleges asking for free swag to be shipped to him. The research states "In this article, I will share some research, resources, and real-world data related to leaked AWS API keys." In this research, Noah shares what he learned while implementing his experiment. The research can be found here: What happens when you accidentally leak your AWS API keys? [Guest Diary]
S8 E2040 · Fri, April 05, 2024
Deciphering the Acuity cybersecurity incident.
Acuity downplays its recent breach. IcedID gives way to a new malware strain. Russia arrests alleged credit card thieves. Wiz uncovers security flaws in Hugging Face AI models. NERC and the E-ISAC review lessons learned from simulated attacks on the electrical grid. UK police track honey traps targeting MPs. Microsoft says China is actively trying to influence US elections. A major global lens maker suffers a cyber attack. Guest Dick O'Brien from the Symantec Threat Hunter Team shares how ransomware operators adapt to disruption. And SEO under threat of legal action. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest Dick O'Brien from Symantec Threat Hunter Team by Broadcom shares how ransomware operators adapt to disruption. Get more details in the blog: Ransomware: Attacks Continue to Rise as Operators Adapt to Disruption . Selected Reading Acuity Responds to US Government Data Theft Claims, Says Hackers Obtained Old Info (SecurityWeek ) New Latrodectus malware replaces IcedID in network breaches (bleepingcomputer) Magecart-style hackers charged by Russia in theft of 160,000 credit cards (The Record) Wiz Discovers Flaws in GenAI Models Enabling Customer Data Theft (Infosecurity Magazine ) Lessons learned from electrical grid security exercise (nerc) British police investigating ‘honey trap’ WhatsApp messages sent to MPs (The Record) China is trying to influence US elections with AI, Mi
S8 E2039 · Thu, April 04, 2024
Securing secrets: The State Department's cyber hunt.
The State Department investigates an alleged breach. The FCC looks at regulating connected vehicles. A big-tech consortium hopes to mitigate AI-related job losses. Google aims to thwart cookie-thieves. SurveyLama exposes sensitive info of over four millions users. Omni Hotels & Resorts is recovering from a cyberattack. A national cancer treatment center suffers a breach. How cyber is approached on both sides of the pond. In our Industry Voices segment , George Jones, CISO at Critical Start, discusses strategies for maximizing cybersecurity investments to achieve optimal risk reduction. Playing the identity theft long-game. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On Industry Voices, guest George Jones , CISO at Critical Start , joins us to share thoughts on the topic "Spend Smarter, Risk Less: Cybersecurity ROI Strategies for Security Leaders." George discusses strategies for maximizing cybersecurity investments to achieve optimal risk reduction. Selected Reading Threat Actor Claims Classified Five Eyes Data Theft (Infosecurity Magazine) Automakers and FCC square off over potential regulations for connected cars (The Record) Big tech companies form new consortium to allay fears of AI job takeovers (TechCrunch) Amazon is cutting hundreds of jobs in its cloud computing unit AWS (NPR) Google Proposes Method for Stopping Multifactor Runaround (GovInfo Security) Google fixes two Pixel zero-day flaws exploited by forensics firms (Bleeping Computer) SurveyLama data breach exposes info of 4.4 million users (Bleeping Computer) O
S8 E2038 · Wed, April 03, 2024
Biden administration brings down the hammer.
The Cyber Safety Review Board hands Microsoft a scathing report. Jackson County, Missouri declares a state of emergency following a ransomware attack. The concerning growth of Chinese brands in U.S. critical infrastructure. Malware campaigns make use of YouTube. OWASP issues a data breach warning. Trend Micro tracks LockBit’s faltering rebound. India’s government cloud service leaks personal data. ChatGPT jailbreaks spread on popular hacker forums. On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's CISSP study journey and focus on the when and how of studying for Domain 1. And you can no longer just walk out of an Amazon grocery store. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's CISSP study journey and focus on the when and how of studying for Domain 1. Resources for this session: Effect of sunlight exposure on cognitive function among depressed and non-depressed participants: a REGARDS cross-sectional study Selected Reading Scathing federal report rips Microsoft for shoddy security, insincerity in response to Chinese hack (AP News) Missouri county declares state of emergency amid suspected ransomware attack (Ars Technica) Forescout research finds surge in Chinese-manufactured devices on US networks, including critical infrastructure (Industrial Cyber) YouTube channels found using pirated video games as bait for malware campaign (The Record) OWASP issues data breach alert
S8 E2037 · Tue, April 02, 2024
From lawsuit to logoff: Google's incognito mode makeover.
Google agrees to delete billions of user records. NIST addresses the NVD backlog. India rescues hundreds of citizens from scam jobs in Cambodia. The UK and US agree to collaborate on AI safety. The FTC tracks an explosion in impersonation fraud. A PandaBuy breach exposes over 1.3 million customers. Prudential Financial informs over 36,000 customers of a data breach. A look at safeguarding sensitive data. Our guest is Jeff Reich, Executive Director of the Identity Defined Security Alliance (IDSA), with insights on identity security best practices. A dash of curiosity reveals a hotel chain vulnerability. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest Jeff Reich , Executive Director of the Identity Defined Security Alliance (IDSA) , sharing insights on identity security best practices, identity and access sprawl, and how Generative AI is helping and hurting identity management. The IDSA’s Identity Management Day 2024 is coming up on April 9, 2024. Selected Reading Google agreed to erase billions of browser records to settle a class action lawsuit (Security Affairs) Vulnerability database backlog due to increased volume, changes in 'support,' NIST says (The Record) India rescues 250 citizens enslaved by Cambodian cybercrime gang (Bleeping Computer) The US and UK are teaming up to test the safety of AI models (Engadget) Impersonation Scams Net Fraudsters $1.1bn in a Year ( Infosecurity Magazine) PandaBuy data breach allegedly impacted +1.3M customers (Security Affairs) Prudential Financial Data Breach Impacts 36,000 (SecurityWeek) <a href="https://www.scmagazine.com/perspective/how-to-bridge-the-gap-bet
S8 E2036 · Mon, April 01, 2024
Unmasking the xzploitation.
The xz backdoor sets the open source community back on its heels. AT&T resets passwords on millions of customer accounts. Researchers track a macOS infostealer. Poland investigates past internal use of Pegasus spyware. The latest Vultur banking trojan grows trickier than ever. We note the passing of a security legend. On our Solution Spotlight, N2K President Simone Petrella talks about “Bits, Bytes, and Loyalty: How to Improve Team Retention” with Yameen Huq of the Aspen Institute. A ghost ship trips Africa’s internet. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On our Solution Spotlight, N2K President Simone Petrella talks about “ Bits, Bytes, and Loyalty: How to Improve Team Retention ” with Yameen Huq of the Aspen Institute . Selected Reading What we know about the xz Utils backdoor that almost infected the world (Ars Technica) AT&T resets account passcodes after millions of customer records leak online (TechCrunch) Info stealer attacks target macOS users (Security Affairs) Poland launches inquiry into previous government’s spyware use (The Guardian) Vultur banking malware for Android poses as McAfee Security app (Bleeping Computer) Ross Anderson, professor and famed author of ‘Security Engineering,’ passes away (The Record) A Ghost Ship’s Doomed Journey Through the Gate of Tears (WIRED) Swapping scripts nightmare. (N2K) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please
Bonus · Sun, March 31, 2024
Encore: Liji Samuel: Leaping beyond the barrier. [Certification] [Career Notes]
Liji Samuel from NSA sits down to share her exciting career path through the years until she found a job working for as Chief of Standards and Certification at NSA's Cyber Collaboration Center. She starts by sharing that she had always wanted to work in the STEM field, explaining that growing up she was surrounded with older cousins who were choosing STEM careers and it became an interesting topic for her. She accounts working for a number of companies that helped her grow into the role she is in now. Cybersecurity became a big buzzword for her, causing her to step out of the agency into US cyber command to help take up a management position for the architecture and engineering division. From there, she continued her cybersecurity journey first as the exploration director before moving into where she is now. Liji shares that there were barriers along the way that she had to endure and hop over to get to the right path. She says "So there are challenges and barriers that come across constantly with our work. Um, one just has to pause and reflect on how we can work with it, around it, or influence like our stakeholders and jointly create a vision around it." We thank Liji for sharing her story with us.
S8 E323 · Sat, March 30, 2024
The supply chain in disarray. [Research Saturday]
Elad, a Senior Security Researcher from Cycode is sharing their research on "Cycode Discovers a Supply Chain Vulnerability in Bazel." This security flaw could let hackers inject harmful code, potentially affecting millions of projects and users, including Kubernetes, Angular, Uber, LinkedIn, Databricks, DropBox, Nvidia, Google, and many more. The research states "We reported the vulnerability to Google via its Vulnerability Reward Program, where they acknowledged our discovery and proceeded to address and fix the vulnerable components." Please take a moment to fill out an audience survey ! Let us know how we are doing! The research can be found here: Cycode Discovers a Supply Chain Vulnerability in Bazel
S8 E2035 · Fri, March 29, 2024
Pentagon’s cybersecurity roadmap.
The Pentagon unveils its cybersecurity roadmap. A major Massachusetts health insurer reveals a massive data breach. Hot Topic reports credential stuffing. Cisco warns of password spraying targeting VPNs. The FS-ISAC highlights the risk of generative AI to financial institutions. The FEC considers efforts to combat deceptive artificial intelligence. A look at Thread Hijacking attacks. Guests Linda Gray Martin and Britta Glade from RSA Conference join us to discuss what's new and what to look forward to at this year’s big show. Plus my conversation with Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA, with insights on their recent Notice of Proposed Rulemaking. And Baltimore’s tragic bridge collapse lays bare the degeneration of X-Twitter. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guests Linda Gray Martin , Senior Vice President for Operations, and Britta Glade , Vice President for Content and Curation, join us to discuss what's new and what to look forward to at RSA Conference 2024 . This year’s theme is the Art of Possible . Also joining us is Eric Goldstein , Executive Assistant Director for Cybersecurity at CISA, sharing their CIRCIA Notice of Proposed Rulemaking . Selected Reading Pentagon lays out strategy to improve defense industrial base cybersecurity (The Record) Massachusetts Health Insurer Data Breach Impacts 2.8 Million (SecurityWeek) American fast-fashion firm Hot Topic hit by credential stuffing attacks (Security Affairs) Cisco Warns of Password Spraying Attacks Exploiting VPN Services (Cybersecurity News) AI abuse and misinformation campaigns threat
S1 E3 · Fri, March 29, 2024
AWS in Orbit: Monitoring critical road infrastructure at scale with Alteia and the World Bank. [T-Minus AWS in Orbit]
You can learn more about AWS in Orbit at space.n2k.com/aws . Baptiste Tripard is the Chief Marketing Officer at Alteia. Aiga Stokenberga is the Senior Transport Economist at the World Bank. We explore how Alteia and the World Bank are leveraging AWS's cloud, AI, and space capabilities to monitor critical road networks at scale to support large scale infrastructure investments. From road networks to bridges, they share real-world applications that are making a difference in emerging economies. AWS in Orbit is a podcast collaboration between N2K and AWS to offer listeners an in-depth look at the transformative intersection of cloud computing, space technologies, and generative AI. You can learn more about AWS in Orbit at space.n2k.com/aws . Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space , and you’ll never miss a beat . And be sure to follow T-Minus on LinkedIn and Instagram . Selected Reading AWS Aerospace and Satellite AWS re:Invent Alteia and the World Bank assess and enhance road infrastructure data quality at scale using AWS Audience Survey We want to hear from you! Please complete our short survey . It’ll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit . Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.
S8 E2034 · Thu, March 28, 2024
A battle against malware.
PyPI puts a temporary hold on operations. OMB outlines federal AI governance. Germany sounds the alarm on Microsoft Exchange server updates. Cisco patches potential denial of service vulnerabilities. The US puts a big bounty on BlackCat. Darcula and Tycoon are sophisticated phishing as a service platforms. Don’t dilly-dally on the latest Chrome update. On our Threat Vector segment, host David Moulton has guest Sam Rubin, VP and Global Head of Operations at Unit 42, to discuss Sam's testimony to the US Congress on the multifaceted landscape of ransomware attacks, AI, and automation, the need for more cybersecurity education. And Data brokers reveal alleged visitors to pedophile island. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On the Threat Vector segment, host David Moulton has guest Sam Rubin , VP and Global Head of Operations at Unit 42 . They discuss Sam's testimony to the US Congress on the multifaceted landscape of ransomware attacks, AI, and automation, the need for more cybersecurity education and more. Listen to the full episode with David and Sam's in-depth discussion. Read Sam Rubin's testimony . Selected Reading PyPi Is Under Attack: Project Creation and User Registration Suspended (Malware News) OMB Issues First Governmentwide AI Risk Mitigation Rules (GovInfo Security) German cyber agency warns 17,000 Microsoft Exchange servers are vulnerable to critical bugs (The Record) Cisco Patches DoS Vulnerabilities in Networking Products (Security Week) US offers a $10 million bounty for information on UnitedHealth hackers (ITPro) IPhone Users Beware! Dar
Bonus · Thu, March 28, 2024
Jennifer Walsmith: Pioneering and defining possible. [Cyber Solutions] [Career Notes]
Vice President for Cyber and Information Solutions within Mission Systems at Northrop Grumman, Jennifer Walsmith takes us on her pioneering career journey. Following in her father's footsteps at the National Security Agency, Jennifer began her career out of high school in computer systems analysis. Jennifer notes she saw the value of a college degree and at her parents' urging attended night school. She completed her bachelors in computer science at University of Maryland, Baltimore County with the support of the NSA. Jennifer talks about the support of her team at NSA where she was one of the first women to have a career and a family, raising two children while working. Upon retirement from government service, Jennifer chose an organization with values that closely matched her own and uses her position to help her team define possible where they sometimes think they can't. We thank Jennifer for sharing her story with us.
S8 E2033 · Wed, March 27, 2024
If there's something strange in your neighborhood, don't call Facebook.
Facebook's Secret Mission to Unmask Snapchat. The White House wants AI audits. Hackers exploit the open-source Ray AI framework. Finnish Police ID those responsible for the 2021 parliament breach. Operation FlightNight targets Indian government and energy sectors. Chinese APT groups target ASEAN entities. A notorious robocaller is rung up for nearly ten million dollars. In our latest Learning Layer, join Sam Meisenberg as he unpacks the intricacies of the CISSP diagnostic with Joe Carrigan from Johns Hopkins University. And Ann Johnson from Microsoft's Afternoon Cyber Tea visits the world of Smashing Security with Graham Cluley and Carole Theriault . And the UK’s watchers need watching. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guests Join us for part three as this Learning Layer special series continues. Learning Layer host Sam Meisenberg talks with Joe Carrigan from Johns Hopkins University Information Security Institute , and co-host of Hacking Humans podcast. In this segment, they continue to discuss the results of Joe's CISSP diagnostic and dive deep into one of the assessment questions. Learn more about ISC2’s Certified Information Systems Security Professional (CISSP) certification , and explore our online certification courses, practice tests, and labs that ensure that you’re ready for exam day. Microsoft Security ’s Ann Johnson , host of the Afternoon Cyber Tea podcast, goes inside the Smashing Security podcast with Graham Cluley and Carole Theriault . Selected Reading Facebook snooped on users’ Snapchat traffic in secret project, documents reveal (TechCrunch) NTIA Pushes for Independent Audits of AI Systems (GovInfo Security) <a href="https://therecor
S1 E3 · Wed, March 27, 2024
Exposing Muddled Libra's meticulous tactics with Incident Responder Stephanie Regan [Threat Vector]
In honor of Women's History Month, please enjoy this episode of the Palo Alto Networks Unit 42's Threat Vector podcast featuring host David Moulton's discussion with Jacqueline Wudyka about the SEC's Cybersecurity Law. In this episode, join host David Moulton as he speaks with Stephanie Regan, a senior consultant at Unit 42. Stephanie, with a background in law enforcement, specializes in compromise assessment and incident response. Discover her insights into combating the Muddled Libra threat group and similar adversaries. Stephanie highlights the crucial role of reconnaissance in investigations and the importance of strong multi-factor authentication (MFA) to counter phishing and social engineering attacks. She delves into techniques like domain typo squatting and shares how domain monitoring can thwart attackers. Learn how Unit 42 assists clients in recovering from attacks, especially those by Muddled Libra. Stephanie emphasizes rapid response and coordination, including using out-of-band communications to outmaneuver threat actors. You can learn more about Muddled Libra at https://unit42.paloaltonetworks.com/muddled-libra/ where Kristopher was the lead author for the Threat Group Assessment: Muddled Libra. Join the conversation on our social media channels: Website: https://www.paloaltonetworks.com/unit42 Threat Research: https://unit42.paloaltonetworks.com/ Facebook: https://www.facebook.com/LifeatPaloAltoNetworks/ LinkedIn: https://www.linkedin.com/company/unit42/ YouTube: @PaloAltoNetworksUnit42 Twitter: https://twitter.com/PaloAltoNtwks About Threat Vector Unit 42 Threat Vector is the compass in the world of cyberthreats. Hear about Unit 42’s unique threat intelligence insights, new threat actor TTPs, real-world case studies, and learn how the team works together to discover these threats. Unit 42 will equip listeners with the knowledge and insight to proactively prepare and stay ahead in the ever-evolving threat landscape. PALO ALTO NETWORKS Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. http://paloaltonetworks.com
S8 E2032 · Tue, March 26, 2024
The great firewall breached: China's covert cyber assault on America exposed.
An alleged sinister hacking plot by China. CISA and the FBI issued a 'secure-by-design' alert. Ransomware hits municipalities in Florida and Texas. The EU sets regulations to safeguard the upcoming European Parliament elections. ReversingLabs describe a suspicious NuGet package. Senator Bill Cassidy questions a costly breach at HHS. A data center landlord sues over requests to reveal its customers. On our Industry Voices segment, Jason Kikta, CISO & Senior Vice President of Product at Automox, discusses ways to increase IT efficiency while avoiding tool overload & complexity. And Google's AI Throws Users a Malicious Bone. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On our Industry Voices segment, Jason Kikta , CISO & Senior Vice President of Product at Automox , discusses ways to increase IT efficiency including automation & tool streamlining, IT automation/automated patching, and tool overload & complexity. You can learn more in Automox’s 2024 State of IT Operations Research Report . Selected Reading Millions of Americans caught up in Chinese hacking plot (BBC) US Government Urges Software Makers to Eliminate SQL Injection Vulnerabilities (SecurityWeek) CISA adds FortiClient EMS, Ivanti EPM CSA, Nice Linear eMerge E3-Series bugs to its Known Exploited Vulnerabilities catalog (Security Affairs) St. Cloud most recent in string of Florida cities hit with ransomware (The Record) Hackers demand $700K in ransomware attack on Tarrant Appraisal District (MSN) The impact of compromised backups on ransomware outcomes (Sophos News) EU sets rules for
S8 E2031 · Mon, March 25, 2024
Python developers under attack.
A supply chain attack targets python developers. Russia targets German political parties. Romanian and Spanish police dismantle a cyber-fraud gang. Pwn2Own prompts quick patches from Mozilla. President Biden nominates the first assistant secretary of defense for cyber policy at the Pentagon. An influential think tank calls for a dedicated cyber service in the US. Unit42 tracks a StrelaStealer surge. GM reverses its data sharing practice. Our guest is Anna Belak, Director of the Office of Cybersecurity Strategy at Sysdig, who shares trends in cloud-native security. And a Fordham Law School professor suggests AI creators take a page from medical doctors. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest Anna Belak , Director of the Office of Cybersecurity Strategy at Sysdig , shares trends in cloud-native security. To learn more, you can check out Sysdig’s 2024 Cloud-Native Security and Usage Report . Selected Reading Top Python Developers Hacked in Sophisticated Supply Chain Attack (SecurityWeek) Russian hackers target German political parties with WineLoader malware (Bleeping Computer) Police Bust Multimillion-Dollar Holiday Fraud Gang (Infosecurity Magazine) Mozilla Patches Firefox Zero-Days Exploited at Pwn2Own (SecurityWeek) Biden nominates first assistant defense secretary for cyber policy (Nextgov/FCW) Pentagon, Congress have a ‘limited window’ to properly create a Cyber Force (The Record) StrelaStealer targeted over 100 organizations across the EU and US (Security Affairs) General Motors
Bonus · Sun, March 24, 2024
Encore: Marcelle Lee: Cyber sleuth detecting emerging threats. [Research] [Career Notes]
Senior security researcher from Secureworks Marcelle Lee shares her career journey into cybersecurity and how she helps solve hard problems in her daily work. Marcelle came into cybersecurity not through any traditional path. She describes her route from a different field and starting in cyber at her local community college through a grant program. Marcelle took full advantage of the opportunities she had and grew her career from there. She recommends finding your specialty, but continue to build other skills. As a woman in the field, she is a strong proponent of diversity and encouraging others to find what excites them. And, we thank Marcelle for sharing her story with us.
Bonus · Sat, March 23, 2024
HijackLoader unleashed: Evolving threats and sneaky tactics. [Research Saturday]
Liviu Arsene from CrowdStrike joins to discuss their research "HijackLoader Expands Techniques to Improve Defense Evasion." The research has found that HijackLoader continues to become increasingly popular among adversaries for deploying additional payloads and tooling. In their analysis of a recent HijackLoader sample, CrowdStrike researchers discovered new techniques designed to increase the defense evasion capabilities of the loader. Researchers state "this new approach has the potential to make defense evasion stealthier." Please take a moment to fill out an audience survey ! Let us know how we are doing! The research can be found here: HijackLoader Expands Techniques to Improve Defense Evasion And be sure to join our live webinar: CISOs are the new Architects (of the Workforce) Join N2K’s Simone Petrella and Intuit’s Kim Jones on Wednesday, March 27th for an online discussion about the pivotal role security leaders play in shaping the security workforce landscape, and how we can start showing up for the future of our industry. Learn more and register on the event page .
S8 E2030 · Fri, March 22, 2024
When it rains, it pours.
Advanced wiper malware hits Ukraine. Nemesis gets dismantled. Apple deals with an unpatchable vulnerability. FortiGuard rises to the rescue. CISA and FBI join forces against DDoS attacks. US airlines data security and privacy policies are under review. Hackers hit thousands in Jacksonville Beach. Geoffrey Mattson, CEO of Xage Security sits down to discuss CISA's 2024 JCDC priorities. And Hotel keycard locks can’t be that hard to crack. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest Geoffrey Mattson, CEO of Xage Security, joins us to discuss CISA's 2024 JCDC priorities. You can connect with Geoff on LinkedIn and learn more about Xage Security on their website and read about the JCDC 2024 Priorities here . Geoff’s interview first appeared on March 21st’s episode of T-Minus Space Daily. Check out T-Minus here . Selected Reading Sandworm-linked group likely knocked down Ukrainian internet providers (The Record) AcidPour wiper suspected to be used against Ukrainian telecom networks (SC Media) Never-before-seen data wiper may have been used by Russia against Ukraine (Ars Technica) AcidPour | New Embedded Wiper Variant of AcidRain Appears in Ukraine (SentinelOne) F5, ScreenConnect vulnerabilities leveraged in global Chinese cyberattacks (SC Media) Nemesis darknet marketplace raided in Germany-led operation (The Record) Unpatchable vulnerability in Apple chip leaks secret encryption keys (Ars Technica) Exploi
Fri, March 22, 2024
A CIA Psychologist on the Minds of World Leaders, Pt. 2 with Dr. Ursula Wilder [SpyCast]
In honor of Women's History Month, please enjoy this episode of the International Spy Museum's SpyCast podcast featuring part 2 of Andrew Hammond's discussion with Dr. Ursula Wilder of the Central Intelligence Agency. Summary Dr. Ursula Wilder ( LinkedIn ) joins Andrew ( X ; LinkedIn) to discuss the intersections between psychology and intelligence. Ursula is a clinical psychologist with over two decades of experience working at the Central Intelligence Agency. What You’ll Learn Intelligence How psychology can be useful to national security Historical examples of leadership analysis Leadership personality assessments & the Cuban Missile Crisis Psychoanalytic theory and espionage Reflections Human nature throughout history History repeating itself And much, much more … Quotes of the Week “Together, these documents are quite powerful. The psych assessments are very, very carefully, tightly held and are classified at a high level. Every intelligence officer has this fantasy about seeing the file that's kept on them by the opponents.” – Dr. Ursula Wilder. Resources SURFACE SKIM *SpyCasts* Agent of Betrayal, FBI Spy Robert Hanssen with CBS’ Major Garrett and Friends (2023) The North Korean Defector with Former DPRK Agent Kim, Hyun Woo (2023) SPY@20 – “The Spy of the Century” with Curators Alexis and Andrew on Kim Philby (2022) “How Spies Think” – 10 Lessons in Intelligence with Sir David Omand (2020) *Beginner Resources* What is Psychoanalysis? Institute of Psychoanalysis, YouTube (2011) [3 min. video] Psychologists in the CIA , American Psychological Association (2002) [Short article] 7 Reasons to Study Psychology , University of Toronto (n.d.) [Short article] DEEPER DIVE Books Freud and Beyond , S. A. Mit
S8 E2029 · Thu, March 21, 2024
Safeguarding American data from foreign hands.
The House Unanimously Passes a Bill to Halt Sale of American Data to Foreign Foes. The U.S. Sanctions Russian Individuals and Entities for a Global Disinformation Campaign. China warns of cyber threats from foreign hacking groups. A logistics firm isolates its Canadian division after a cyber attack. Ivanti warns of another critical vulnerability. Researchers find hundreds of vulnerable Firebase instances. Microsoft phases out weaker encryption. Formula One fans fight phishing in the fast lane. Glassdoor is accused of adding real names to profiles without user consent. Our guest is Adam Meyers, SVP of Counter Adversary Operations at CrowdStrike, discussing how adversaries are attacking cloud environments and why it’s an increasingly popular attack surface. And Pwn2Own winners take home their second Tesla. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest Adam Meyers , SVP of Counter Adversary Operations at CrowdStrike , discussing how adversaries are attacking cloud environments and why it’s an increasingly popular attack surface – especially as more companies implement AI. For more information, check out CrowdStrike’s 2024 Global Threat Report . Selected Reading House unanimously passes bill to block data brokers from selling Americans’ info to foreign adversaries (The Record) Treasury Sanctions Actors Supporting Kremlin-Directed Malign Influence Efforts (US Treasury Department) China warns foreign hackers are infiltrating ‘hundreds’ of business and government networks (SCMP) International freight tech firm isolates Canada operations after cyberattack (The Record) Ivanti urges customers to fix critical RCE flaw in Standalone Sentry solution (Security Affairs) 19 million plaintext passwo
Bonus · Thu, March 21, 2024
Sloane Menkes: What is the 2%? [Consultant] [Career Notes]
Principal in PricewaterhouseCoopers Cyber Risk and Regulatory Practice, Sloane Menkes, shares her story of how non-linear math helped to shape her life and career. Sloane credits a high school classmate for inspiring her mantra "What is the 2%?" that she employs when she feels like things are shutting down. She talks about her experiences in calculus class at the US AIr Force Academy that helped to enlighten her and inform the intuitive problem solving skill or way of thinking that she'd been employing in her life. She joined Office of Special Investigations and working with Howard Schmidt is where Sloane first started to get interested in cybersecurity. She shares what she loves about the consulting role is that the environment is constantly changing, and she offers some advice for women interested in cybersecurity. We thank Sloane for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E2028 · Wed, March 20, 2024
Biden's cyber splash in protecting the nation's water systems.
The White House Mobilizes a National Effort to Shield Water Systems from Cyber Threats and Announces Major Investment in U.S. Chip Manufacturing. The U.S. and Allies Issue Fresh Warnings on China's Volt Typhoon Cyber Threats to Critical Infrastructure. Microsoft Streamlines 365 Services with a Unified Cloud Domain. Ukrainian authorities take down a credential theft operation. LockBit claims another pharmaceutical company. A popular Wordpress plugin puts tens of thousands of websites at risk. A breach at Mintlify compromises GitHub tokens. An Idaho man pleads guilty to online extortion. The SEC fines firms for AI washing. We’ve got part two of our continuing Learning Layer series with Joe Carrigan and Sam Meisenberg logging Joe’s journey toward his CISSP certification. And password stuffing Pokemon. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Join us as part two of the Learning Layer special series kicks off. Over the next several weekly episodes of the Learning Layer, host Sam Meisenberg talks with Joe Carrigan from Johns Hopkins University Information Security Institute , and co-host of Hacking Humans podcast. On this episode, they continue to discuss Joe's journey to becoming a CISSP as well as discussing step one of Joe's study journey: the diagnostic assessment. Selected Reading White House Calls on States to Boost Cybersecurity in Water Sector (SecurityWeek ) Five Eyes issue another China Volt Typhoon warning (The Register ) Biden to Tout Government Investing $8.5 Billion in Intel's Computer Chip Plants in Four States (VoaNews) Microsoft Notifies DevOps Teams That Major Domain Change Is Coming (Cybersecurity News) U
S2 E17 · Wed, March 20, 2024
The SEC's Cybersecurity Law, a New Compliance Era with Jacqueline Wudyka. [Threat Vector]
In honor of Women's History Month, please enjoy this episode of the Palo Alto Networks Unit 42's Threat Vector podcast featuring host David Moulton's discussion with Jacqueline Wudyka about the SEC's Cybersecurity Law. In this episode of Threat Vector, we dive deep into the new SEC cybersecurity regulations that reshape how public companies handle cyber risks. Legal expert and Unit 42 Consultant Jacqueline Wudyka brings a unique perspective on the challenges of defining 'materiality,' the enforcement hurdles, and the impact on the cybersecurity landscape. Whether you're a cybersecurity professional, legal expert, or just keen on understanding the latest in cyber law, this episode is packed with insights and strategies for navigating this new terrain. Tune in to stay ahead in the world of cybersecurity compliance! If you're interested to learn more about Unit 42's world-class visit https://www.paloaltonetworks.com/unit42 Join the conversation on our social media channels: Website : https://www.paloaltonetworks.com/unit42 Threat Research: https://unit42.paloaltonetworks.com/ Facebook: https://www.facebook.com/LifeatPaloAltoNetworks/ LinkedIn: https://www.linkedin.com/company/unit42/ YouTube: @PaloAltoNetworksUnit42 Twitter: https://twitter.com/PaloAltoNtwks Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E2027 · Tue, March 19, 2024
SIM swap scammer pleads guilty.
A SIM-swapper faces prison and fines. Here come the class action suits against UnitedHealth Group. Aviation and Aerospace find themselves in the cyber crosshairs. A major mortgage lender suffers a major data breach. A look at election misinformation. The UK shares guidance on migrating SCADA systems to the cloud. Collaborative efforts to contain Smoke Loader. Trend Micro uncovers Earth Krahang. Troy Hunt weighs in on the alleged AT&T data breach. Ben Yelin unpacks the case between OpenAI and the New York Times. And fool me once, shame on you… Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Ben Yelin , Program Director at University of Maryland’s Center for Health and Homeland Security and cohost of our Caveat podcast, discusses the article on how “ OpenAI says New York Times ‘hacked’ ChatGPT to build copyright lawsuit .” Selected Reading District of New Jersey | Former Telecommunications Company Manager Admits Role in SIM Swapping Scheme (United States Department of Justice ) Cash-Strapped Women's Clinic Sues UnitedHealth Over Attack (Gov Info Security) Nations Direct Mortgage Data Breach Impacts 83,000 Individuals (SecurityWeek ) Preparing Society for AI-Driven Disinformation in the 2024 Election Cycle (SecurityWeek ) NCSC Publishes Security Guidance for Cloud-Hosted SCADA <a href="https://www.infosecurity-magazine.com/news/ncsc
Bonus · Tue, March 19, 2024
Roselle Safran: So much opportunity. [Entrepreneur] [Career Notes]
CEO and Founder of KeyCaliber, Roselle Safran, takes us on her circuitous career journey from startup to White House and back to startup again. With a degree in civil engineering, Roselle veered off into a more technical role at a startup and she says "caught the startup bug." After convincing a hiring manager that she could learn on the job, she transitioned to computer forensics and started on the path of cybersecurity. Roselle worked in government for the Department of Homeland Security and then to the Executive Office of the President leading all of the security operations. She jumped back into the world of startups and has stayed there. Roselle tells people interested in a career in cybersecurity to just apply. Learn as much as you can and go for it. We thank Roselle for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E2026 · Mon, March 18, 2024
The hot pursuit of Volt Typhoon.
Volt Typhoon retains the attention of US investigators. The IMF reports a cyber breach. Fujitsu finds malware on internal systems. Securonix researchers describe DEEP#GOSU targeting South Korea. Subsea cable breaks leave West and Central Africa offline. Health care groups oppose enhanced cyber security regulations. A Pennsylvania school district grapples with a ransomware attack. AT&T denies a data leak. Our guest Kevin Magee of Microsoft Canada shared his experiments with board reporting. And Apex Legends eSports competitors get some unexpected upgrades. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest today is Kevin Magee of Microsoft Canada sharing his experiments using N2K ’s CSO Rick Howard 's forecasting methodology from his Cybersecurity First Principles book regarding board reporting. Selected Reading US is still chasing down pieces of Chinese hacking operation, NSA official says (The Record) IMF Investigates Serious Cybersecurity Breach (Infosecurity Magazine ) Tech giant Fujitsu says it was hacked, warns of data breach (TechCrunch ) Analysis of New DEEP#GOSU Attack Campaign Likely Associated with North Korean Kimsuky Targeting Victims with Stealthy Malware (securonix) Ghana says repairs on subsea cables could take five weeks (Reuters ) Health care groups
Bonus · Sun, March 17, 2024
Encore: Dawn Cappelli: Becoming the cyber fairy godmother. [OT] [Career Notes]
Dawn Cappelli, OT CERT Director at Dragos, sits down to share what she has learned after her 25+ year career in the industry. She recalls wanting to have been a rockstar when she grew up, now she refers to herself as the fairy godmother of security. She shares some of the amazing things she got to work on throughout her career, including working with the Secret Service when the Olympics came to Salt Lake City, Utah in 2002. She shares how she was able to rise through the ranks to get to where she is now. Dawn talks about how she wasn't ready to retire quite yet because she loved the industry so much, saying "I retired, but I knew I still loved security. I have this passion for protection and so Dragos came along and they offered me this role of Director of OT CERT. I feel like I'm the security fairy godmother." She shares words of wisdom for all trying to get into the industry, saying that you need to always take the risk like she did when she first started her career. We thank Dawn for sharing her story with us.
Bonus · Sun, March 17, 2024
Unveiling the updated NICE Framework & cybersecurity education’s future. [Special Edition]
The Workforce Framework for Cybersecurity (NICE Framework) (NIST Special Publication 800-181, revision 1) provides a set of building blocks for describing the Tasks, Knowledge, and Skills (TKS) that are needed to perform cybersecurity work by individuals or teams. Through these building blocks, the NICE Framework enables organizations to develop their workforces to perform cybersecurity work, and it helps learners to explore cybersecurity work and to engage in appropriate learning activities to develop their knowledge and skills. On this Special Edition podcast, N2K CyberWire's Dave Bittner is joined by the team at NIST and FIU's Jack D. Gordon Institute for Public Policy to delve into the history of the NICE Framework through its latest update and looking into the future. Brian Fonseca , Director at the Jack D. Gordon Institute for Public Policy, shares an introduction to the NICE Framework. Karen Wetzel , NICE Framework Manager, discusses the updates to the framework. Rodney Petersen , Director of NICE, talks about what these updates mean to cybersecurity education's future. Resources: NICE Framework Resource Center Getting Started with the NICE Framework 2024 NICE Conference and Expo : Strengthening Ecosystems: Aligning Stakeholders to Bridge the Cybersecurity Workforce Gap Take advantage of the early bird pricing until March 19, 2024. Don’t miss out on this opportunity! Jack D. Gordon Institute for Public Policy at Florida International University (FIU) Veterans and First Responders Training Initiative Intelligence Fellowship And be sure to check out our live webinar: CISOs are the new Architects (of the Workforce) Join N2K’s Simone Petrella and Intuit’s Kim Jones on Wednesday, March 27th for an online discussion about the pivotal role security leaders play in shaping the security workforce landscape, and how we can start showing up for the future of our industry. Learn more and register on the <a href="https://www.brighttalk.com/webcast/18820/607438?bt_tok=%7B%
Bonus · Sat, March 16, 2024
Inside SendGrid's phishy business. [Research Saturday]
Robert Duncan from Netcraft is sharing their research on "Phishception - SendGrid abused to host phishing attacks impersonating itself." Netcraft has recently observed that criminals abused Twilio SendGrid’s email delivery, API, and marketing services to launch a phishing campaign impersonating itself. Hackers behind this novel phishing campaign used SendGrid’s Tracking Settings feature, which allows users to track clicks, opens, and subscriptions with SendGrid. The malicious link was masked behind a tracking link hosted by SendGrid. Please take a moment to fill out an audience survey ! Let us know how we are doing! The research can be found here: Phishception – SendGrid is abused to host phishing attacks impersonating itself
S8 E2025 · Fri, March 15, 2024
Flight fiasco: UK Defence Minister's jet faces GPS jamming.
Russia’s accused of jamming a jet carrying the UK’s defense minister. Senators introduce a bipartisan Section 702 compromise bill. The Cybercrime Atlas initiative seeks to dismantle cybercrime. StopCrypt ransomware grows stealthier. A Scottish healthcare provider is under cyber attack. Workers in France are at risk of data exposure. CERT-BE warns of critical vulnerabilities in Arcserve UDP software. The FCC approves IoT device labeling. Researchers snoop on AI chat responses. A MITRE-Harris poll tracks citizens’ concern over critical infrastructure. On our Solution Spotlight, N2K President Simone Petrella discusses the shortage of ethical hackers against the rise of AI with IOActive's CTO Gunter Ollmann. The FTC fines notorious tech support scammers. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On our Solution Spotlight, N2K President Simone Petrella discusses the shortage of ethical hackers against the rise of AI with IOActive 's CTO Gunter Ollmann . Coming this weekend Tune in to the CyberWire Daily Podcast feed on Sunday for a Special Edition podcast we produced in collaboration with our partners at NICE, “Unveiling the updated NICE Framework & cybersecurity education’s future.” We delve into the history of the NICE Framework, dig into its latest update, and look into the future of cybersecurity education. Selected Reading Defence Secretary jet hit by an electronic warfare attack in Poland (Security Affairs) Russia believed to have jammed signal on UK defence minister's plane - source (Reuters ) Senators propose a compromise over hot-button Section 702 renewal (The Record) WEF effort to disrupt cybercrime moves into operations phase (The Register ) StopCrypt: Most widely distributed ransomware now evades detection
Fri, March 15, 2024
A CIA Psychologist on the Minds of World Leaders, Pt. 1 with Dr. Ursula Wilder [SpyCast]
In honor of Women's History Month, please enjoy this episode of the International Spy Museum's SpyCast podcast featuring part 1 of Andrew Hammond's discussion with Dr. Ursula Wilder of the Central Intelligence Agency. Summary Dr. Ursula Wilder ( LinkedIn ) joins Andrew ( X ; LinkedIn) to discuss the intersections between psychology and intelligence. Ursula is a clinical psychologist with over two decades of experience working at the Central Intelligence Agency. What You’ll Learn Intelligence How psychology can be useful to national security Historical examples of leadership analysis Leadership personality assessments & the Cuban Missile Crisis Psychoanalytic theory and espionage Reflections Human nature throughout history History repeating itself And much, much more … Quotes of the Week “Together, these documents are quite powerful. The psych assessments are very, very carefully, tightly held and are classified at a high level. Every intelligence officer has this fantasy about seeing the file that's kept on them by the opponents.” Resources SURFACE SKIM *SpyCasts* Agent of Betrayal, FBI Spy Robert Hanssen with CBS’ Major Garrett and Friends (2023) The North Korean Defector with Former DPRK Agent Kim, Hyun Woo (2023) SPY@20 – “The Spy of the Century” with Curators Alexis and Andrew on Kim Philby (2022) “How Spies Think” – 10 Lessons in Intelligence with Sir David Omand (2020) *Beginner Resources* What is Psychoanalysis? Institute of Psychoanalysis, YouTube (2011) [3 min. video] Psychologists in the CIA , American Psychological Association (2002) [Short article] 7 Reasons to Study Psychology , University of Toronto (n.d.) [Short article] DEEPER DIVE Books Freud and Beyond , S. A. Mitchell (Basic Books, 2016) <li
S8 E2024 · Thu, March 14, 2024
TikTok showdown: U.S. lawmakers target privacy and security.
The US House votes to enact restrictions on TikTok. HHS launches an investigation into Change Healthcare. An Irish Covid-19 portal puts over a million vaccination records at risk. Google distributes $10 million in bug bounty rewards. Nissan Oceana reports a data breach resulting from an Akira ransomware attack. Meta sues a former VP for alleged data theft. eSentire sees Blind Eagle focusing on the manufacturing sector. Claroty outlines threats to health care devices. A major provider of yachts is rocked by a cyber incident. In our Threat Vector segment, David Moulton explores the new SEC cybersecurity regulations with legal expert and Unit 42 Consultant Jacqueline Wudyka. And ransomware victims want their overtime pay. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On the Threat Vector segment, host David Moulton explores the new SEC cybersecurity regulations that reshape how public companies handle cyber risks with legal expert and Unit 42 Consultant Jacqueline Wudyka . They discuss the challenges of defining 'materiality,' the enforcement hurdles, and the impact on the cybersecurity landscape. Selected Reading Bill that could spur TikTok ban gains House OK (SC Media ) What would a TikTok ban look like for users? (NBC News) HHS to investigate UnitedHealth and ransomware attack on Change Healthcare (The Record) How a user access bug in Ireland’s vaccination website exposed more than a million records <a href="https://www.itpro.com/securit
Bonus · Thu, March 14, 2024
Teresa Rothaar: Outwork the competition. [Analyst] [Career Notes]
Teresa Rothaar, a governance, risk, and compliance (GRC) analyst at Keeper Security sits down to share her story, from performer to cyber. She fell in love with writing as a young girl, she experimented with writing fanfiction which made her want to grow up to be in the arts. After attending college she found that she was good at math, lighting the way for her to start her cyber career. Teresa moved to being a writer at Keeper, finding she wanted to spread out and try more, so she ended up becoming an analyst while still doing writing on the side. She quotes David Duchovny in an interview once, explaining how sometimes you need to keep your head down and outwork others. Teresa said this resonated with her, saying, "that's how I went from a foreclosure box on the porch to where I am now. I have a good job and, and I have a career and I have a really good career and I absolutely love it." We thank Teresa for sharing her story.
S8 E2023 · Wed, March 13, 2024
The usual suspects are up to their usual tricks.
ODNI’s Annual Threat Assessment highlights the usual suspects. The White House meets with UnitedHealth Group’s CEO. A convicted LockBit operator gets four years in prison. The Clop ransomware group leaks data from major universities. Equilend discloses a data breach. Fortinet announces critical and high-severity vulnerabilities. GhostRace exploits speculative race conditions in popular CPUs. Incognito Market pulls the rug and extorts its users. Patch Tuesday notes. On the Learning Layer, Sam Meisenberg talks with Joe Carrigan from Johns Hopkins University Information Security Institute, and co-host of Hacking Humans podcast. They explore Joe's journey on the road to taking his CISSP test. And, I do not authorize Facebook, Meta or any of its subsidiaries to use this podcast. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Join us as a Learning Layer special series kicks off. Over the next several weekly episodes of the Learning Layer, host Sam Meisenberg talks with Joe Carrigan from Johns Hopkins University Information Security Institute , and co-host of Hacking Humans podcast. On this episode, they explore Joe's journey as he embarks on the road to taking his CISSP test after fourteen years in the cyber industry, and why he decided to get it now. Learn more about ISC2’s Certified Information Systems Security Professional (CISSP) certification , and explore our online certification courses, practice tests, and labs that ensure that you’re ready for exam day. Selected Reading ODNI's 2024 Threat Assessment: China, Russia, North Korea pose major cyber threats amid global instability - Industrial Cyber (Industrial Cyber) <a href="https://www.reuters.com/world/us/white-house-summons-unitedhealth-ceo-over-hack-washington-post-r
S8 E2022 · Tue, March 12, 2024
Biden's budget boost for cybersecurity.
Biden’s budget earmarks thirteen billion bucks for cybersecurity. DOJ targets AI abuse. A US trade mission to the Philippines includes cyber training. CISA and OMB release a secure software attestation form. CyberArk explores AI worms. Russia arrests a South Korean on cyber espionage charges. French government agencies are hit with DDoS attacks. Jessica Brandt is named director of the Foreign Malign Influence Center. Afternoon Cyber Tea host Ann Johnson speaks with her guest Keren Elazari about the hacker mindset. Google builds itself the Bermuda Triangle of Broadband. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Afternoon Cyber Tea host Ann Johnson talks with her guest Keren Elazari about the hacker mindset. To hear the full conversation, please listen to the episode of Afternoon Cyber Tea . Selected Reading US Federal Budget Proposes $27.5B for Cybersecurity (GovInfo Security) Justice Department Beefs up Focus on Artificial Intelligence Enforcement, Warns of Harsher Sentences (SecurityWeek) Microsoft to train 100,000 Philippine women in AI, cybersecurity (South China Morning Post) US launches secure software development attestation form to enhance federal cybersecurity (Industrial Cyber) The Rise of AI Worms in Cybersecurity (Security Boulevard) South Korean detained earlier this year is accused of espionage in Russia, state news agency says (Associated Press) Massive cyberattacks hit French government agencies (Security
Bonus · Tue, March 12, 2024
Kyla Guru: You are a key piece to our national security. [Education] [Career Notes]
Founder and CEO of nonprofit Bits N' Bytes Cybersecurity Education and undergraduate student at Stanford University, Kyla Guru shares her journey from GenCyber Camp to becoming a cybersecurity thought leader. Seeing the need. for cybersecurity education in her own community spurred Kyla into action engaging our civilian population in understanding their role in the cybersecurity space. Kyla recommends putting yourself out there: taking courses, getting more knowledge, getting internships, meeting people and going to conferences. Kyla thinks her generation has an inquisitive mind and feels that is where advocacy and education come in with cybersecurity. She shares for any young person "thinking about maybe starting something in security, this is definitely the time to do so." And, we thank Kyla for sharing her story with us.
S8 E2021 · Mon, March 11, 2024
CISA’s news trifecta.
A roundup of news out of CISA. California reveals data brokers selling the sensitive information of minors. Permiso Security shares an open-source cloud intrusion detection tool. Darktrace highlights a campaign exploiting DropBox. EU's Cyber Solidarity Act forges ahead. A White House committee urges new economic incentives for securing OT systems. Paysign investigates claims of a data breach. Our guest is Alex Cox, Director Threat Intelligence, Mitigation, and Escalation at LastPass, to discuss what to expect after LockBit. And Axios highlights the clowns and fools behind ransomware attacks. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest Alex Cox , Director, Threat Intelligence, Mitigation, Escalation (TIME) at LastPass , joins us to discuss what to expect after LockBit. Selected Reading Top US cybersecurity agency hacked and forced to take some systems offline (CNN Politics) CISA’s open source software security initiatives detailed (SC Media) GAO uncovers mixed feedback on CISA's OT cybersecurity services when it comes to addressing risks (Industrial Cyber) Dozens of data brokers disclose selling reproductive healthcare info, precise geolocation and data belonging to minors (The Record) New Open Source Tool Hunts for APT Activity in the Cloud (SecurityWeek) Dropbox Abused in New Phishing, Malspam Scam to Steal SaaS Logins (HACKREAD) Everything you need to know about the EU's Cyber Solidarity Act (ITPro) White House advisory group says market forces ‘insufficient’ to drive cybersecurity in critical infrastructure (CyberScoop) <a href="http
Bonus · Sun, March 10, 2024
Encore: Swati Shekhar: Challenges increase your risk appetite. [Engineering] [Career Notes]
Ground Labs' Head of Engineering, Swati Shekhar, shares her circuitous route from and back to engineering. Always being interested in leveraging the tools available to solve problems, Swati talks about how she found her place in engineering. She mentions how she had her first real experience with a computer when she was 17 in her first year at college. Aside from being one of 30 young women in a sea of 500 young men there, Swati described it as a "good culture shock because anything that takes you out of your comfort zone actually makes you learn and grow." She notes that challenges experienced in life increase your risk appetite so significantly. Swati advises those looking to make a job change to be certain of what is attracting them and to be yourself. We thank Swati for sharing her story with us.
S9 E58 · Sun, March 10, 2024
Setting better cyber job expectations to attract and retain talent. [Special Edition]
In honor of Women's History Month, please enjoy this encore of Dr. Sasha Vanterpool's webinar. In this webinar, N2K Networks Cyber Workforce Consultant Dr. Sasha Vanterpool shares how to update job descriptions to better reflect cyber role expectations to improve hiring, training, and retention. To view the original webinar on demand, visit here .
Bonus · Sat, March 09, 2024
Understanding the multi-tiered impact of ransomware. [Research Saturday]
This week we are joined by Jamie MacColl and Dr. Pia Hüsch from RUSI discussing their work on "Ransomware: Victim Insights on Harms to Individuals, Organisations and Society." The research reveals some of the harms caused by ransomware, including physical, financial, reputational, psychological and social harms. Researchers state "Based on interviews with victims and incident responders, this paper outlines the harm ransomware causes to organisations, individuals, the UK economy, national security and wider society." The research can be found here: Ransomware: Victim Insights on Harms to Individuals, Organisations and Society
S8 E2020 · Fri, March 08, 2024
From breach to battle: The escalating threat of Midnight Blizzard.
Russian hackers persist against Microsoft’s internal systems. Change Healthcare systems are slowly coming back online. Russian propaganda sites masquerade as local news. Swiss government info is leaked on the darknet. Krebs on Security turns the tables on the Radaris online data broker. The NSA highlights the fundamentals of Zero Trust. The British Library publishes lessons learned from their ransomware attack. Researchers run a global prompt hacking competition. CheckPoint looks at Magnet Goblin. Experts highlight the need for psychological safety in cyber security. Our guest is Dinah Davis, Founder and Editor-In-Chief of Code Like A Girl, sharing the work they do to inspire young women to consider a career in technology. And the I-Soon leak reveals the seedy underbelly of Chinese cyber operations. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest is Dinah Davis , Founder and Editor-In-Chief of Code Like A Girl , sharing the work they do to inspire young women to consider a career in technology. Selected Reading Microsoft says Russian-state sponsored hackers have been able to access internal systems (Reuters ) Change Healthcare brings some systems back online after cyberattack (The Record) Spate of Mock News Sites With Russian Ties Pop Up in U.S (The New York Times ) Play ransomware attack on Xplain exposed 65,000 files containing data relevant to the Swiss Federal Administration (Security Affairs) A Close Up Look at the Consumer Data Broker Radaris (krebsonsecurity) NSA Details Seven Pillars Of Zero Trust (GB Hackers) <a href="https://www.bl.uk/home/british-library-cyber-incident-review-8-march-2024.
S8 E56 · Fri, March 08, 2024
Encore: Breaking Through: Securing the advancement of women in cybersecurity. {Special Editions]
In honor of International Women's Day, please enjoy this encore of our 2023 Women in Cyber panel. In the dynamic field of cybersecurity, it’s well established that creating more opportunities for diversity and inclusion is essential for developing a highly skilled workforce. As an industry, we are starting to see the fruits of that labor, but there is a growing need for diverse leadership to nurture continuous innovation and resilience in cybersecurity. As part of N2K’s 2023 Women in Cyber content series, we’re excited to host an engaging virtual panel discussion moderated by N2K's President Simone Petrella featuring insights, experiences, and strategies for advancing more women into leadership roles within the field. This virtual discussion explores different areas including: Navigating the Cybersecurity Landscape: Gain insights into our guests' career journeys, including mentors, challenges, and success, and how the evolving landscape may present different challenges and opportunities for women. Building a Supportive Ecosystem: Explore the importance of mentorship, allyship, and a strong network in propelling women into leadership, and how to create an environment where everyone can thrive. Closing the Gender Gap: Delve into actionable strategies and best practices for organizations to promote gender diversity in their cybersecurity leadership teams. The Future of Cybersecurity Leadership: Gain a forward-looking perspective on the evolving role of women in shaping the future of cybersecurity. This panel discussion is a must-listen event for professionals, leaders, and aspiring cybersecurity experts who are committed to promoting diversity and empowering women to excel in cybersecurity leadership. Don't miss the opportunity to be part of this inspiring conversation and drive positive change in the industry. Panelists: Abisoye Ajayi , Cyber & Analytics Manager at Tulsa Innovation Labs Koma Gandy , VP, Leadership & Business at Skillsoft Lauren Zabierek , Sr. Advisor at CISA
S8 E2019 · Thu, March 07, 2024
A secret scheme resulting in stolen secrets.
A former Google software engineer is charged with stealing AI tech for China. State attorneys general from forty-one states call out Meta over account takeover issues. Researchers demonstrate a Stuxnet-like attack using PLCs. Buyer beware - A miniPC comes equipped with pre installed malware. A Microsoft engineer wants the FTC to take a closer look at Copilot Designer. There’s a snake in Facebook’s walled garden. Bruce Schneier wonders if AI can strengthen democracy. On our Industry Voices segment, guest Jason Lamar, Senior Vice President of Product at Cobalt, joins us to discuss offensive security strategy. And NIST works hard to keep their innovations above water. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On our Industry Voices segment, guest Jason Lamar , Senior Vice President of Product at Cobalt , joins us to discuss offensive security strategy. You can find out more from Cobalt’s OffSec Shift report here . Selected Reading Former Google Engineer Charged With Stealing AI Secrets (Infosecurity Magazine ) Several States Attorneys General have written to Meta demanding better account recovery (NY gov) Remote Stuxnet-Style Attack Possible With Web-Based PLC Malware: Researchers (SecurityWeek ) Whoops! ACEMAGIC ships mini PCs with free bonus pre-installed malware (Graham Cluley ) Microsoft AI engineer warns FTC about Copilot Designer safety concerns <a href="https://www.theverge.com/2024/3/6/24092191/
Bonus · Thu, March 07, 2024
Encore: Dinah Davis: Building your network. [R&D] [Career Notes]
Coming from her love of math, VP of R&D at Arctic Wolf Networks Dinah Davis shares how she arrived in the cybersecurity industry after finding her niche. Dinah recalls how at a time of indecision, a computer course at university and a job with the Canadian government helped to solidify her career direction. Dinah mentions how "security and cryptography specifically was this perfect mix of real world problem solving and mathematics and computer science all combined into one ball of happiness." Networking played a key role in Dinah's journey. She recommends that those interested in joining the field to go for what they believe in. And, we thank Dinah for sharing her story with us.
S8 E2018 · Wed, March 06, 2024
No cyber blues on Super Tuesday.
CISA says Super Tuesday ran smoothly. The White House sanctions spyware vendors. The DoD launches its Cyber Operational Readiness Assessment program. NIST unveils an updated NICE Framework. Apple patches a pair of zero-days. The GhostSec and Stormous ransomware gangs join forces. Cado Security tracks a new Golang-based malware campaign. Google updates its search algorithms to fight spammy content. Canada's financial intelligence agency suffers a cyber incident. On our Industry Voices segment, our guest Amitai Cohen, Attack Vector Intel Lead at Wiz joins us to discuss cloud threats. Moonlighting on the dark side. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On our Industry Voices segment, our guest Amitai Cohen , Attack Vector Intel Lead at Wiz and host of their Crying Out Cloud podcast, joins us to discuss cloud threats. Learn more in Wiz's State of the AI Cloud report . Selected Reading No security issues as Super Tuesday draws to a close, CISA official says (The Record) Biden administration sanctions makers of commercial spyware used to surveil US (CNN Business) US DoD launches CORA program to revolutionize cybersecurity strategy (Industrial Cyber) Unveiling NICE Framework Components v1.0.0: Explore the Latest Updates Today! (NIST) Update your iPhones and iPads now: Apple patches security vulnerabilities in iOS and iPadOS (Malwarebytes) Watch out, GhostSec and Stourmous groups jointly conducting ransomware attacks (Security Affairs) <a href="https://www.bleepingcomputer.com/news/security/hackers-target-docker-hadoop-redis-confluence-with-new-golang-malw
S1 E5 · Tue, March 05, 2024
From Nation States to Cybercriminals: AI's Influence on Attacks with Wendi Whitmore [Threat Vector]
In honor of Women's History Month, please enjoy this episode of the Palo Alto Networks' Unit 42 podcast, Threat Vector, featuring David Moulton's discussion with Wendi Whitmore about the evolving threat landscape. In this conversation, David Moulton from Unit 42 discusses the evolving threat landscape with Wendi Whitmore, SVP of Unit 42. Wendi highlights the increasing scale, sophistication, and speed of cyberattacks, with examples like the recent Clop ransomware incident, and emphasizes that attackers, including nation-state actors and cybercriminals, are leveraging AI, particularly generative AI, to operate faster and more effectively, especially in social engineering tactics. To protect against these threats, businesses must focus on speed of response, automated integration of security tools, and operationalized capabilities and processes. The conversation underscores the importance of staying vigilant and leveraging technology to defend against the rapidly changing threat landscape. Theat Group Assessments https://unit42.paloaltonetworks.com/category/threat-briefs-assessments/ Please share your thoughts with us for future Threat Vector segments by taking our brief survey . Join the conversation on our social media channels: Website: https://www.paloaltonetworks.com/unit42 Threat Research: https://unit42.paloaltonetworks.com/ Facebook: https://www.facebook.com/LifeatPaloAltoNetworks/ LinkedIn: https://www.linkedin.com/company/unit42/ YouTube: @PaloAltoNetworksUnit42 Twitter: https://twitter.com/PaloAltoNtwks About Threat Vector Unit 42 Threat Vector is the compass in the world of cyberthreats. Hear about Unit 42’s unique threat intelligence insights, new threat actor TTPs, real-world case studies, and learn how the team works together to discover these threats. Unit 42 will equip listeners with the knowledge and insight to proactively prepare and stay ahead in the ever-evolving threat landscape. PALO ALTO NETWORKS Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. http://paloaltonetworks.com
S8 E2017 · Tue, March 05, 2024
Change Healthcare hackers cash in $22 million ransom.
Is the ALPHV gang pulling up a twenty two million dollar rug? Meta platforms are experiencing outages. Ukraine claims a cyberattack on the Russian Ministry of Defense. Malicious phishers hope to hook hashes. TeamCity users are warned of critical vulnerabilities. The Discord leaker pleads guilty. AmEx suffers a third-party data breach. Amazon is flooded with fake copycat publications. Our guest is Deputy Assistant Director Cynthia Kaiser from the FBI Cyber Division to discuss Volt Typhoon. And, Dude, she is just not that into you. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest Deputy Assistant Director Cynthia Kaiser from the FBI Cyber Division joins us to discuss Volt Typhoon. Selected Reading Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment (WIRED ) Ukraine claims it hacked Russian Ministry of Defense servers (Bleeping Computer) Hundreds of orgs targeted with emails aimed at stealing NTLM authentication hashes (Help Net Security) TeamCity Users Urged to Patch Critical Vulnerabilities (Infosecurity Magazine) Pentagon leak defendant Jack Teixeira pleads guilty, faces years in prison (Reuters) American Express credit cards exposed in third-party data breach (Bleeping Computer) Tech writer Kara Swisher has a new book. Enter the AI-generated scams. (Bleeping Computer) Retired Army officer charged with sharing classified information
Bonus · Tue, March 05, 2024
Encore: Monica Ruiz: Moving ahead when not many look like you. [Policy]
Cyber Initiative and Special Projects Fellow at the Hewlett Foundation Monica Ruiz shares her career development from aspirations of being a weather woman to her current role as a grantmaker and connector in cybersecurity. Monica discusses how her international study experience changed her outlook and brought her to the field of security. She shares the difficulties she faced as a woman of color when when not that many people look like you, and how she used that as her reason to move forward and better the cybersecurity field through her work. Our thanks to Monica for sharing her story with us.
S8 E2016 · Mon, March 04, 2024
Cyberattack causes a code red on US healthcare.
The US healthcare sector is struggling to recover from a cyberattack. Russia listens in via Webex. The former head of NCSC calls for a ransomware payment ban. An Indian content farm mimics legitimate online news sites. The FTC reminds landlords that algorithmic price fixing is illegal. FCC employees are targeted by a phishing campaign. Experts weigh in on NIST’s updated cybersecurity framework. Police shut down the largest German-speaking cybercrime market. Guest Mike Hanley, Chief Security Officer and the Senior Vice President of Engineering at GitHub, shares insights with Ann Johnson of Afternoon Cyber Tea. And celebrating the most inspiring women in cyber. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest Mike Hanley , Chief Security Officer and the Senior Vice President of Engineering at GitHub , shares insights with Ann Johnson of Afternoon Cyber Tea. You can hear their full discussion here , and tune in to Microsoft Security’s Afternoon Cyber Tea every other Tuesday on the N2K’s CyberWire Network. Selected Reading Health-care hack spreads pain across hospitals and doctors nationwide (Washington Post) Russia’s chief propagandist leaks intercepted German military Webex conversation (The Record) Cyber ransoms are too profitable. Let’s make paying illegal (The Times UK) News farm impersonates 60+ major outlets: BBC, CNN, CNBC, Guardian… (Bleeping Computer) Price fixing by algorithm is still price fixing (Federal Trade Commission) FCC Employees Targeted in Sophisticated Phishing Attacks (SecurityWeek) <a href="https://www.securityweek.com/industry-reactions-to-nist-cybersecurity-framework
Bonus · Sun, March 03, 2024
Encore: Pattie Dillon: Take the leap. [Anti-fraud] [Career Notes]
Product Manager in Anti-Fraud Solutions at SpyCloud, Pattie Dillon shares her journey from raising her family to specializing in the anti-fraud space. Upon reentering the workforce, Pattie worked on identity verification and developed a system with privacy concerns in mind. She moved to work in gift cards and was exposed to money laundering. Traveling along the fraud spectrum, Pattie learned about underground data and feels that this data can be leveraged to actually prevent and fight online fraud. Pattie believes if you don't try, you'll never know. We know we appreciate Pattie sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, March 02, 2024
The return of a malware menace. [Research Saturday]
This week we are joined by, Selena Larson from Proofpoint, who is discussing their research, "Bumblebee Buzzes Back in Black." Bumblebee is a sophisticated downloader used by multiple cybercriminal threat actors and was a favored payload from its first appearance in March 2022 through October 2023 before disappearing. After a four month hiatus, Proofpoint researchers found that the downloader returned. Its return aligns with a surge of cybercriminal threat activity after a notable absence of many threat actors and malware. The research can be found here: Bumblebee Buzzes Back in Black Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E2015 · Fri, March 01, 2024
WhatsApp's legal triumph cracks the spyware vault.
A court orders NSO Group to hand over their source code. The Five Eyes reiterate warnings about Ivanti products. Researchers demonstrate a generative AI worm. Fulton County calls LockBit’s bluff. SMS codes went unprotected online. Golden Corral serves up a buffet of personal data. Ransom demands continue to climb. A US Senator calls on the FTC to investigate auto industry privacy practices. Dressing up data centers. Our guest is Dominic Rizzo, founder and director of OpenTitan and CEO at zeroRISC, discussing the first open-source silicon project to reach commercial availability. And Cops can’t keep their suspects straight. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest is Dominic Rizzo , founder and director of OpenTitan and CEO at zeroRISC, discussing the first open-source silicon project to reach commercial availability. You can find the press release here . Selected Reading Five Eyes Warn of Ivanti Vulnerabilities Exploitation, Detection Tools Insufficient (Infosecurity Magazine) A leaky database spilled 2FA codes for the world’s tech giants (TechCrunch) Report: Average Initial Ransomware Demand in 2023 Reached $600K (Security Boulevard) Here Come the AI Worms (WIRED) Golden Corral restaurant chain data breach impacts 183,000 people (Bleeping Computer) Hackers stole 'sensitive' data from Taiwan telecom giant: ministry (Tech Xplore) CISA adds Microsoft Streaming Service bug to its Known Exploited Vulnerabilities catalog (Security Affairs) Senator asks FTC to investigate automakers’ data privacy practices (The Record) <a href="https://www.datacen
S8 E2014 · Thu, February 29, 2024
Iran's cyber quest in Middle Eastern aerospace.
Iran-Linked Cyber-Espionage Targets Middle East's Aerospace and Defense. SpaceX is accused of limiting satellite internet for US troops. Savvy Seahorse' Floods the Net with Investment Scams. GUloader Malware draws on a crafty graphic attack vector. Repo confusion attacks persist. European consumer groups question Meta’s data collection options. Allegations of Russia targeting civilian critical infrastructure in Ukraine. Cisco patches high-severity flaws. The US puts a Canadian cyber firm on its Entity List. On the Threat Vector segment, we have a conversation between host David Moulton and Michael "Siko" Sikorski, Unit 42's CTO and VP of Engineering, discussing Unit 42's 2024 Incident Response Report. And the counter-productive messaging in anti-piracy campaigns. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On the Threat Vector segment, we have a conversation between host David Moulton , Director of Thought Leadership at Palo Alto Networks Unit 42 , and Michael "Siko" Sikorski , Unit 42's CTO and VP of Engineering, discussing the Unit 42's 2024 Incident Response Report . Selected Reading Suspected Iranian cyber-espionage campaign targets Middle East aerospace, defense industries (The Record) US tells Musk to allow service in Taiwan (Taipei Times ) SpaceX Refutes Claim It’s Withholding Starshield in Taiwan (Bloomberg ) Beware the Shallow Waters: Savvy Seahorse Lures Victims to Fake Investment Platforms Through Facebook Ads (infoblox) <a href="https://www.mcafee.com/blogs/other-blogs/mcafee-labs/guloader-unmasked-decrypting-the-threat-of-malicious-svg-files/"
S8 E2013 · Wed, February 28, 2024
Protecting American data.
President Biden is set to sign an executive order restricting overseas sharing by data brokers. US Federal agencies warn of exploited Ubiquiti EdgeRouters. A new ransomware operator claims to have hacked Epic Games. A cross-site scripting issue leaves millions of Wordpress sites vulnerable. The Rhysida ransomware group posts a multi-million dollar ransom demand on a Children’s Hospital in Chicago. Mandiant tracks Chinese threat actors targeting Ivanti VPNs. The former head of DHS weighs in on a federal cyber insurance backstop. Domain Registrars offer bulk name blocking for brands. Our guest is Magpie Graham, Principal Adversary Hunter Technical Director at Dragos, reviews the key findings of Dragos’ Cybersecurity Year in Review report. Cameo celebrities are taken out of context for political gains. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest Magpie Graham , Principal Adversary Hunter Technical Director at Dragos , reviews the key findings of Dragos’ Cybersecurity Year in Review report. You can download a copy of the report here . To hear the full interview with Magpie, check out Control Loop . Selected Reading Biden Executive Order Targets Bulk Data Transfers to China (GovInfo Security) FBI Alert: Russian Hackers Target Ubiquiti Routers for Data, Botnet Creation (HACKREAD) Fortnite game developer Epic Games allegedly hacked (Cyber Daily) LiteSpeed Cache Plugin XSS Flaw Exposes 4M+ Million Sites to Attack (Cyber Security News) Ransomware gang seeks $3.4 million after attacking children’s hospital (The Record) Chinese Cyberspies Use New Malware in Ivanti VPN Attacks (SecurityWeek)
S8 E2012 · Tue, February 27, 2024
Out with the old, in with the new.
NIST’s Cybersecurity Framework gets an upgrade. ONCD makes a case against memory-related software bugs. A recent cyberattack targets Canada's Royal Canadian Mounted Police. US dethrones Russia as top target in cyber breaches. Caveat podcast cohost Ben Yelin discusses remedies in the generative AI copyright cases.And, Reggaeton Be Gone, a creative way to deal with your neighbors’ music choices. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Ben Yelin , cohost of Caveat podcast and Program Director, Public Policy & External Affairs at University of Maryland Center for Health and Homeland Security , thinking about remedies in the generative AI copyright cases. You can find the Lawfare article Ben references here . Selected Reading NIST Releases Version 2.0 of Landmark Cybersecurity Framework (NIST) After decades of memory-related software bugs, White House calls on industry to act (The Record) Canada's RCMP, Global Affairs Hit by Cyberattacks (SecurityWeek) A cyber attack hit the Royal Canadian Mounted Police (Security Affairs) UK email mistake put ‘lives at risk’ for Afghans who had worked with British military (The Record) Russia and Belarus targeted by at least 14 nation-state hacker groups, researchers say (The Record) Number of data breaches falls globally, triples in the US (TechSpot) Steel giant ThyssenKrupp confirms cyberattack on automotive division (Bleeping Computer) <a href="https://www.f
S8 E2011 · Mon, February 26, 2024
LockBit reloaded: Unveiling the next chapter in cybercrime.
LockBits reawakening. China's ramp up to safety for vital sectors. Data leak leaves China feeling exposed. Malware hidden by North Korea in fake developer job listings. UK Watchdog rebukes firm for biometric scanning of staff at leisure centers. SVR found adapting for the cloud environment. DOE proposes cybersecurity guidelines for the electric sector. Wideness of breach in the financial industry revealed. Moving on to better things. Things are looking up in the cybersecurity startup ecosystem. UK's National Cyber Security Centre announced they are launching a Cyber Governance Training Pack for boards. N2K’s President Simone Petrella talks with Elastic's CISO Mandy Andress about the CISO role and the intersection of cybersecurity, law, and organizational strategy. And, there’s a facial recognition battle going on at Waterloo, the University of Waterloo that is. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Simone Petrella , N2K ’s President, talks with Mandy Andress , Elastic 's CISO, about the CISO role and the intersection of cybersecurity, law, and organizational strategy. Selected Reading LockBit Ransomware Gang Resurfaces With New Site (SecurityWeek) LockBit ransomware gang attempts to relaunch its services following takedown (The Record) China to increase protections against hacking for key industries (Reuters) The I-Soon data leak unveils China's cyber espionage tactics, techniques, procedures, and capabilities. (N2K CyberWire) Fake Developer Jobs Laced With Malware (Phylum Blog) Data watchdog tells off outsourcing giant for scanning staff biometrics despite 'power imbalance' (The Register) <a href="https://www.ncsc.gov.uk/news/svr-cyber-actors-adapt-tactics-fo
Bonus · Sun, February 25, 2024
Encore: Chris Cochran: Rely on your strengths in the areas of the unknown. [Engineering] [Career Notes]
Director of Security Engineering at Marqeta and Host of Hacker Valley Studio podcast Chris Cochran describes his transitions throughout the cybersecurity industry, from an intelligence job with the Marine Corps, to starting the intelligence apparatus for the House of Representatives, then on to leading Netflix's threat intelligence capability. Chris points out that when pivoting to different roles and responsibilities, you must rely on your own strengths to move forward and bring value to your work Our thanks to Chris for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, February 24, 2024
Web host havoc: Unveiling the Manic Menagerie campaign. [Research Saturday]
Assaf Dahan and Daniel Frank from Palo Alto Networks Cortex sit down with Dave to talk about their research "Manic Menagerie 2.0: The Evolution of a Highly Motivated Threat Actor." From late 2020 to late 2022, Unit 42 researchers discovered an active campaign that targeted several web hosting and IT providers in the United States and European Union. The research states "They have further deepened their foothold in victims’ environments by mass deployment of web shells, which granted them sustained access, as well as access to internal resources of the compromised websites." The research can be found here: Manic Menagerie 2.0: The Evolution of a Highly Motivated Threat Actor Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E2010 · Fri, February 23, 2024
Crackdown on privacy leads to a multi-million dollar fine.
The FTC fines Avast over privacy violations. ConnectWise's ScreenConnect is under active exploitation. AT&T restores services nationwide. An Australian telecom provider suffers a data breach. EU Member States publish a cybersecurity and resilience report. Microsoft unleashes a PyRIT. A new infostealer targets the oil and gas sector. A cyberattack cripples a major US healthcare provider. Our guest is Kevin Magee from Microsoft Canada with insights on why cybersecurity startups in Ireland are having so much success building new companies there. And a USB device is buzzing with malware. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest Kevin Magee from Microsoft Canada talks about recently meeting 15 cybersecurity startups in Ireland and finding out why they are having so much success building new companies there. Selected Reading FTC Order Will Ban Avast from Selling Browsing Data for Advertising Purposes, Require It to Pay $16.5 Million Over Charges the Firm Sold Browsing Data After Claiming Its Products Would Block Online Tracking (FTC) Cybercriminal groups actively exploiting ‘catastrophic’ ScreenConnect bug (The Record) AT&T services resume, company blames "incorrect process" (Data Center Dynamics) 230k Individuals Impacted by Data Breach at Australian Telco Tangerine (SecurityWeek) EU releases comprehensive risk assessment report on cybersecurity, resilience of communication networks (Industrial Cyber) Microsoft Releases Red Teaming Tool for Generative AI (SecurityWeek) New Infostealer Malware Attacking Oil and Gas Industry (GB Hackers on Security) <a href="http
S8 E2009 · Thu, February 22, 2024
AT&T outage leaves major cities offline.
AT&T experiences a major outage. The LockBit takedown continues. An updated Doppelgänger is spreading misinformation. A roundup of critical infrastructure initiatives. Toshiba and Orange make a quantum leap. An eyecare provider hack comes into focus. A phony iphone repair scheme leads to convictions. In our Learning Layer segment, Sam Meisenberg shares the latest learning science research. And we are shocked - shocked! - to discover that phone chargers can be used to attack our devices. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On this month’s Learning Layer segment, host Sam Meisenberg of N2K discusses learning science research. Sam breaks down research about quizzes and their impact on learner motivation and long term retention. Want to know more? Sam suggests you check out The Value of Using Tests in Education as Tools for Learning—Not Just for Assessment . Selected Reading AT&T, Verizon and T-Mobile customers hit by widespread cellular outages in U.S. (NBC News) US Offering $10M for LockBit Leaders as Law Enforcement Taunts Cybercriminals (SecurityWeek) LockBit Group Prepped New Crypto-Locker Before Takedown (Gov Info Security) Ukraine arrests father-son duo in Lockbit cybercrime bust (Reuters) Russian Cyberwarfare campaign (ClearSky Cyber Security) US Coast Guard issues cybersecurity directive for Chinese-made cranes after Biden's Executive Order (Industrial Cyber) US agencies release joint fact sheet to strengthen cybersecurity in water and wa
S8 E2008 · Wed, February 21, 2024
Anchoring security for US ports.
President Biden to sign EO to bolster maritime port security. Apple announces post-quantum encryption for iMessage. Malwarebytes examines the i-Soon data leak. Law enforcement airs LockBit’s dirty laundry. Varonis highlights vulnerabilities affecting Salesforce platforms. An appeals court overturns a $1 billion piracy verdict. NSA’s Rob Joyce announces his retirement. Anne Neuberger chats with WIRED. A leading staffing firm finds its data for sale on the dark web. In our sponsored Industry Voices segment, Navneet Singh, VP of Marketing Network Security at Palo Alto Networks, discusses the transition to the cloud and shares some examples from healthcare. Hackers and hobbyists push back on the proposed Flipper Zero ban. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On our Industry Voices segment, Navneet Singh , VP of Marketing Network Security at Palo Alto Networks , discusses the transition to the cloud and shares some examples in healthcare. Selected Reading Biden to sign executive order to give Coast Guard added authority over maritime cyber threats (CyberScoop) Apple Announces 'Groundbreaking' New Security Protocol for iMessage (MacRumors) A first analysis of the i-Soon data leak (Malwarebytes) Cops turn LockBit ransomware gang's countdown timers against them (The Register) Security Vulnerabilities in Apex Code Could Leak Salesforce Data (Varonis) Court blocks $1 billion copyright ruling that punished ISP for its users’ piracy (Ars Technica) NSA cyber director to step down after 34 years of service (Nextgov/FCW) Anne Neuberger, a Top White House Cyber Official, Is Staying Surprisingly Optimistic (WIRED) <a href="https
S8 E2007 · Tue, February 20, 2024
The reign of digital terror ends.
Operation Cronos leaves LockBit operations on borrowed time. An alleged leak reveals internal operations from the Chinese Ministry of Public Security. An Israeli airline thwarts communications hijacking attempts. The alleged Raccoon Infostealer operator has been extradited to the US. ConnectWise patches critical vulnerabilities. Schneider Electric confirms a Cactus ransomware attack. Alleged Maryland money launderers face indictments. Russian hackers target media outlets in Ukraine. Our guest is Tomislav Pericin, Chief Software Architect at Reversing Labs , on the rise of software supply chain attacks. and Tinder hopes to reel in the catfish. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest is Tomislav Pericin , ReversingLabs Chief Software Architect, talking about the rise of software supply chain attacks. Learn more in their 2024 State of Software Supply Chain Security Report . Selected Reading Police arrests LockBit ransomware members, release decryptor in global crackdown (BleepingComputer) U.S. and U.K. Disrupt LockBit Ransomware Variant (US Justice Department) Chinese Ministry Of Public Security Breach: Data On GitHub (The Cyber Express) Massive “i-Soon” leak reveals Chinese firm's hacking tools, targets, including NATO (The Stack) I-S00N Leaked Chinese foreign government infiltration intel on Github : r/cybersecurity (Reddit) Israeli Aircraft Survive “Cyber-Hijacking” Attempts (Infosecurity Magazine) Raccoon Infostealer operator extradited to the United States (Malwarebytes) <a href="https:
Bonus · Mon, February 19, 2024
AWS in Orbit: Leveraging generative AI to do more at the rugged space edge with AWS. [T-Minus]
Kathy O’Donnell is the leader of Space Solutions Architecture for AWS Aerospace and Satellite . In this extended conversation, we dive into how AWS is supporting generative AI in the space domain. She walks us through some incredible case studies with AWS customers who are using generative AI and space technologies to improve life here on Earth. Learn more about generative AI use cases for space at AWS re:Invent . AWS in Orbit is a podcast collaboration between N2K Networks and AWS to offer listeners an in-depth look at the transformative intersection of cloud computing, space technologies, and generative AI. You can learn more about AWS in Orbit at space.n2k.com/aws . Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space , and you’ll never miss a beat . And be sure to follow T-Minus on LinkedIn and Instagram . Selected Reading AWS successfully runs AWS compute and machine learning services on an orbiting satellite in a first-of-its kind space experiment | AWS Public Sector Blog AWS re:Invent 2022 - Accelerate Geospatial ML with Amazon SageMaker (AER204) AWS re:Invent 2023 Audience Survey We want to hear from you! Please complete our 4 question survey . It’ll help us get better and deliver you the most mission-critical space intel every day. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
S1 E49 · Mon, February 19, 2024
What’s a CNAPP: Cloud-Native Application Protection Platform? [CyberWire-X]
In this episode of CyberWire-X, N2K’s CSO, Chief Analyst, and Senior Fellow, Rick Howard , is joined by Tim Miller , Technical Marketing Engineer for Panoptica, Cisco's Cloud Application Security solution, (Panoptica is the result of Cisco's incubation engine (Outshift) for new products and markets), and Kevin Ford , Esri’s CISO. They discuss the complexity reduction need that Cloud-Native Application Protection Platforms (CNAPPs) provide. Outshift by Cisco is our CyberWire-X episode sponsor. To learn more about Cloud-Native Application Protection Platforms, check out Panoptica’s website at https://panoptica.app and consider attending the Cisco Live EMEA in Amsterdam, February 5-8, 2024. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sun, February 18, 2024
Encore: Dominique Shelton Leipzig: No matter the statistics, even if against the odds, focus on what you want. [Legal] [Career Notes]
Privacy and data security lawyer, Dominique Shelton Leipzig shares that she has always wanted to be a lawyer, ever since she was a little girl. She talks about what her role is with clients in protecting and managing their data, sometimes adhering to up to 134 different data protection laws for global companies. Learn that not a lot has changed for an African-American woman partner at an Amlaw 100 firm as far as diversity during Dominique's career, and how Dominique suggests young lawyers should address those odds. Our thanks to Dominque for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, February 17, 2024
Hackers come hopping back. [Research Saturday]
Ori David from Akamai is sharing their research "Frog4Shell — FritzFrog Botnet Adds One-Days to Its Arsenal." FritzFrog takes advantage of the fact that only internet facing applications were prioritized for Log4Shell patching and targets internal hosts, meaning that a breach of any asset in the network by FritzFrog can expose unpatched internal assets to exploitation. The research states "FritzFrog has traditionally hopped around by using SSH brute force, and has successfully compromised thousands of targets over the years as a result." Over the years Akamai has seen more than 20,000 FritzFrog attacks, and 1,500+ victims. The research can be found here: Frog4Shell — FritzFrog Botnet Adds One-Days to Its Arsenal Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E2006 · Fri, February 16, 2024
FBI initiates router revolution.
The FBI kicks Moobot out of small business routers. Sensitive data has been stolen from a state government network. AMC proposes a multi-million-dollar settlement after improperly sharing subscriber’s viewing habits. The U.S. targets an Iranian military ship in the Red Sea with a cyberattack. Lawmakers propose transparency in the use of algorithms in criminal trials. CERT-EU highlights a spear phishing spike. An infamous Zeus and IcedID operator pleads guilty. Our guests are Dr. Josh Brunty, Head Coach, and Brad Wolfenden, Program Director, of US Cyber Games join us to share the details of how their 2024 season is shaping up. And AI comes to video. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Dr. Josh Brunty , Head Coach, and Brad Wolfenden , Program Director, of US Cyber Games join us to share the details of how the 2024 season is shaping up. Selected Reading US disrupts Russian hacking campaign that infiltrated home, small business routers: DOJ (ABC News) U.S. State Government Network Hacked Via Former Employee Account (Cyber Security News) CISA Urges Patching of Cisco ASA Flaw Exploited in Ransomware Attacks (SecurityWeek) AMC to pay $8M for allegedly violating 1988 law with use of Meta Pixel (Ars Technica) U.S. conducted cyberattack on suspected Iranian spy ship (NBC News) New bill would let defendants inspect algorithms used against them in court (The Verge) Hackers Exploit EU Agenda in Spear Phishing Campaigns (Infosecurity Magazine) Ukrainian Hacker Pleads Guilty for Leading Zeu
S8 E2005 · Thu, February 15, 2024
An AI arms race.
Microsoft highlights adversaries experiments with AI LLMs. A misconfiguration exposes a decades worth of emails. SentinelOne describes Kryptina ransomware as a service. The European Court of Human Rights rules against backdoors. Senator Wyden calls out a location data broker. GoldFactory steals facial scans to bypass bank security. The Glow fertility app exposes the data of twenty five million users. Qakbot returns. Our Guest Rob Boyce from Accenture talks about tailored extortion. And hacking the airport taxi line leads to prison. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest Rob Boyce from Accenture talks about tailored extortion as actors continue to shift to pure data extortion, with old and new tactics. Selected Reading State-backed hackers are experimenting with OpenAI models (Cyberscoop) Staying ahead of threat actors in the age of AI (Microsoft) U.S. Internet Leaked Years of Internal, Customer Emails (Krebs on security) Kryptina RaaS | From Underground Commodity to Open Source Threat (SentinelOne) Backdoors that let cops decrypt messages violate human rights, EU court says (Arstechnica) A company tracked visits to 600 Planned Parenthood locations for anti-abortion ads, senator says (POLITICO) Cybercriminals are stealing Face ID scans to break into mobile banking accounts (theregister) Fertility tracker Glow fixes bug that exposed users’ personal data (TechCrunch) New Qbot malware variant uses fake
S8 E2004 · Wed, February 14, 2024
It’s always DNS, but that may just be FUD.
It’s always DNS, but that may just be FUD. The DoD notifies victims of a cloud email server leak. New Jersey cops sue online data brokers. Crooks use WiFi jammers to thwart security systems. A copyright case against OpenAI is partially dismissed. Patch Tuesday includes two actively exploited zero days. CharmingCypress gathers political intelligence. Ann Johnson from Microsoft Security’s Afternoon Cyber Tea podcast talks with Frank Cilluffo, Director for Cyber and Critical Infrastructure Security at the McCrary Institute of Auburn University, about cyber and critical infrastructure. And beware Cupid’s misleading arrow. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Ann Johnson from Microsoft Security ’s Afternoon Cyber Tea podcast talks with Frank Cilluffo , Director for Cyber and Critical Infrastructure Security at the McCrary Institute of Auburn University, about cyber and critical infrastructure. Check out the episode with the full conversation between Ann and Frank here . Selected Reading KeyTrap DNS Attack Could Disable Large Parts of Internet: Researchers (SecurityWeek) US military notifies 20,000 of data breach after cloud email leak (TechCrunch) New Jersey law enforcement officers sue 118 data brokers for not removing personal info (The Record) Minnesota burglars are using Wi-Fi jammers to disable home security systems (TechSpot) Sarah Silverman’s lawsuit against OpenAI partially dismissed (The Verge) Microsoft February 2024 Patch Tuesday fixes 2 zero-days, 73 flaws (BleepingComputer) <
S8 E2003 · Tue, February 13, 2024
Phishing threats unleashed.
Attackers lock up Azure accounts with MFA. Bank of America alerts customers to a third party data breach. Malicious cyber activity targets elections worldwide. CISA highlights a vulnerability in Roundcube Webmail. Lawmakers introduce a bipartisan bill to enhance healthcare cybersecurity. Siemens and Schneider Electric address multiple industrial vulnerabilities. Perception in tech gender parity still has a ways to go. Dave Bittner speaks with Guests Andrew Scott, Associate Director of China Operations at CISA, and Brett Leatherman, Section Chief for Cyber at the FBI, about Chinese threat actor Volt Typhoon. And the scourge of online obituary spam. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guests Andrew Scott , Associate Director of China Operations at CISA, and Brett Leatherman , Section Chief at FBI, discussing PRC/Volt Typhoon advisory and living off the land guidance. Read the press release on “U.S. and International Partners Publish Cybersecurity Advisory on People’s Republic of China State-Sponsored Hacking of U.S. Critical Infrastructure.” Selected Reading Ongoing campaign compromises senior execs’ Azure accounts, locks them using MFA (Ars Technica) Bank of America warns customers of data breach after vendor hack (BleepingComputer) Global Malicious Activity Targeting Elections is Skyrocketing (Security Affairs) CISA Warns Of Active Attacks on Roundcube Webmail XSS Vulnerability (CISA) Bipartisan Senate Bill Requires HHS to Bolster Cyber Efforts (Gov Info Security) ICS Patch Tuesday: Siemens Addresses 270 Vulnerabilities (SecurityWeek) <a href="https://www.euronew
S8 E2002 · Mon, February 12, 2024
DOJ strikes justice.
The DOJ shuts down the Warzone rat. Ransomware hits over twenty Romanian hospitals, and Rysida gets a decryptor. Canada may ban the Flipper Zero. Chinese espionage claims against the US are light on facts. Australia looks to criminalize doxxing. Federal IT leaders seek better coordination with CISA and the JCDC. Wired looks at the effect of cyberattacks on inequality. Our guest is Manny Felix, Founder and CEO of US Cyber Initiative, sharing their work in unlocking cyber career opportunities for young people. And this thumb drive will self-destruct in five seconds. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Manuel "Manny" Felix , Founder and CEO of US Cyber Initiative , sharing their work in unlocking career opportunities for young people who are interested in cyber and emergent technology. US Cyber Initiative grew out of AZ Cyber. Learn more about AZ Cyber here . Selected Reading DOJ shuts down ‘Warzone’ malware vendor and charges two in connection (The Record) Ransomware attack forces 18 Romanian hospitals to go offline (BleepingComputer) Decryptor for Rhysida ransomware is available (Help Net Security) Canada moves to ban the Flipper Zero amid rising auto theft concerns (TECHSPOT) China’s Cyber Revenge | Why the PRC Fails to Back Its Claims of Western Espionage (SentinelOne) ‘Doxxing’ laws to be brought forward after Jewish WhatsApp leak (The Sydney Morning Herald) Exclusive: Duke Energy to remove Chinese battery giant
Bonus · Sun, February 11, 2024
Encore: Graham Cluley: Have to be able to communicate to everybody. [Media] [Career Notes]
Computer security writer, podcaster and public speaker Graham Cluley describes learning to program on his own from magazines, creating text adventure games for donations, and his journey from programming to presenting and writing with a bit of tap dancing on the side. Along the way, Graham collaborated with others and learned to communicate so that all could understand, not just techies. Our thanks to Graham for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, February 10, 2024
Ransomware is coming. [Research Saturday]
Jon DiMaggio, Chief Security Strategist for Analyst1, is discussing his research on "Ransomware Diaries Volume 4: Ransomed and Exposed - The Story of RansomedVC." While there is evidence to support that RansomedVC runs cybercrime operations, Jon questions the claims it made regarding the authenticity of the data it stole and the methods it used to extort victims. The research states "I uncovered sensitive information about the group's leader, Ransomed Support (also known as Impotent), relating to secrets from his past." In this episode John shares his 6 key findings after spending months engaging with the lead criminal who runs RansomedVC. The research can be found here: Ransomware Diaries Volume 4: Ransomed and Exposed - The Story of RansomedVC Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E2001 · Fri, February 09, 2024
Imitation game: LastPass vs LassPass.
A LastPass imitator sneaks its way past Apple’s app store review. Bitdefender identifies a new macOS backdoor. The Air Force and Space Force collaborate for stronger cyber defense. CISA offers an election security advisory program. The FCC bans AI robocalls. The Feds put a bounty on the Hive ransomware group. Senators introduce a bipartisan drone security act. Cisco Talos IDs a new cyber espionage campaign. Fighting the good fight against software bloat. On our Solution Spotlight, N2K President Simone Petrella talks with Amy Kardel, Senior Vice President for Strategic Workforce Relationships at CompTIA about the cyber talent gap. And sports fans check your passwords. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On our Solution Spotlight, N2K President Simone Petrella talks with Amy Kardel , Senior Vice President for Strategic Workforce Relationships at CompTIA about their perspectives and initiatives in response to the cyber talent gap. Selected Reading Fake LastPass App Sneaks Past Apple's Review Team (MacRumors) Warning: Fraudulent App Impersonating LastPass Currently Available in Apple App Store (LastPass) New Rust-Based macOS Backdoor Steals Files, Linked to Ransomware Groups (HACKREAD) New Department of Air Force partnership brings cyber, space and information units closer (DefenseScoop) Federal Cybersecurity Agency Launches Program to Boost Support for State, Local Election Offices (SecurityWeek) FCC votes to outlaw scam robocalls that use AI-generated voices (CNN Business) US offers $10 mil
S8 E2000 · Thu, February 08, 2024
Volt Typhoon’s stealthy threat to US critical infrastructure.
A joint advisory warns of Volt Typhoon’s extended network infiltration. Check your Cisco devices for patches. Fortinet clarifies its latest vulnerabilities. Internet outages plague Pakistan on election day. Kaspersky describes the new Coyote banking trojan. Cyber insurance is projected to reach new heights. The White House appoints a leader for the AI Safety Institute, and sees pushback on proposed reporting regulations. Can we hold AI liable for its foreseeable harms? Joe Carrigan joins us with insights on the Mother of All Data Breaches. The potential of Passkeys versus the comfort of passwords. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Podcast partner and Hacking Humans co-host Joe Carrigan stops by today to discuss the mother of all data breaches. Selected Reading Chinese hackers hid in US infrastructure network for 5 years (BleepingComputer) Akira, LockBit actively searching for vulnerable Cisco ASA devices (Help Net Security) Cisco fixes critical Expressway Series CSRF vulnerabilities (SecurityAffairs) Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure (BleepingComputer) Pakistani telcos suffer widespread Internet blackouts on election day (DCD) Coyote: A multi-stage banking Trojan abusing the Squirrel installer (Securelist) Cyber insurance market growing dramatically, Triple-I Finds (AI-TechPark) Biden Administration Names a Director of the New AI Safety Institute (SecurityWeek) No one'
S8 E1999 · Wed, February 07, 2024
Taking a bite out of Apple.
A security researcher has been charged in an alleged multi-million dollar theft scheme targeting Apple. A House committee hearing explores OT security. Fortinet withdraws accidental CVEs. 2023 saw record highs in ransomware payments. A youtuber finds a cheap and easy bypass for Bitlocker encryption. Political pressure proves challenging for the JCDC. New Hampshire tracks down those fake Biden robocalls. European security agencies bolster warnings about Ivanti devices. HHS fines a New York medical center millions over an identity theft ring. On our sponsored Industry Voices segment, Navneet Singh, Vice President of Marketing Network Security at Palo Alto Networks, shares some practical examples of healthcare organizations transitioning to the cloud. Giving that toothbrush story the brushoff. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On our Industry Voices segment, Navneet Singh , Vice President of Marketing Network Security at Palo Alto Networks , discusses the transition to the cloud and shares some practical examples in healthcare. Selected Reading A Security Researcher Allegedly Scammed Apple (404 Media) US House Homeland Security subcommittee addresses OT threats, CISA's role in securing OT - Industrial Cyber (Industrial Cyber) Operational Technology disruptions: An eye on the water sector. Robert M. Lee’s opening statement to before the U.S. Congressional Subcommittee on Cybersecurity and Infrastructure Protection. (Control Loop podcast) Securing Operational Technology: A Deep Dive into the Water Sector (Homeland Security Events YouTube) Fortinet Patches Critical Vulnerabilities in FortiSIEM (SecurityWeek) Fortinet snafu: Critical FortiSIEM CVEs are duplicates, issued in error (Bleeping Computer) <a href="https://www.nbcnews.com/tech/security/ransomwar
S8 E1998 · Tue, February 06, 2024
Cracking down on spyware.
The global community confronts spyware. Canon patches critical vulnerabilities in printers. Barracuda recommends mitigations for Web Application Firewall issues. Group-IB warns of ResumeLooters. Millions are at risk after a data breach in France. Research from the UK reveals contradictory approaches to cybersecurity. Meta’s Oversight Board recommends updates to Facebook’s Manipulated Media policy. We’ve got a special segment from the Threat Vector podcast examining Ivanti's Connect Secure and Policy Secure products. And it’s time to brush up on IOT security. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest In a special segment from Palo Alto Networks’ Threat Vector podcast , host David Moulton , Director of Thought Leadership at Unit 42, along with guests Sam Rubin , VP, Global Head of Operations, and Ingrid Parker , Senior Manager of the Intel Response Unit, dives deep into the critical vulnerabilities found in Ivanti's Connect Secure and Policy Secure products. You can check out the full conversation here . Selected Reading US to restrict visas for those who misuse commercial spyware (Reuters) Britain and France assemble diplomats for international agreement on spyware (The Record) Israeli government absent from London spyware conference and pledge (The Record) Government hackers targeted iPhones owners with zero-days, Google says (TechCrunch) Google agrees to pay $350 million settlement in security lapse case (Washington Post) Canon Patches 7 Critical Vulnerabilities in Small Office Printers (SecurityWeek) <a href="https://socradar.io/barr
S8 E1997 · Mon, February 05, 2024
A serious breach showdown.
Anydesk confirms a serious breach. Clorox and Johnson Controls file cyber incidents with the SEC. There’s already a potential Apple Vision Pro kernel exploit. A $25 million deepfake scam. Akamai research hops on the FritzFrog botnet. The US sanctions Iranians for attacks on American water plants. Commando Cat targets Docker API endpoints. Pennsylvania courts fall victim to a DDoS attack. A new leader takes the reins at US Cyber Command and the NSA. Our guest is Dr. Heather Monthie from N2K Networks, with insights on the White House's recent easing of education requirements for federal contract jobs. And remembering one of the great cryptology communicators. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest Heather Monthie from N2K Networks shares some insight into the White House's recent easing of education requirements for federal contract jobs. You can find the background to that in our Selected Reading section. Selected Reading AnyDesk, an enterprise remote software platform used by major firms including Raytheon and Samsung, suffered a security breach - here’s what you need to know (IT Pro) Clorox and Johnson Controls Reveal $76m Cyber-Attack Bill (Infosecurity Magazine) MIT student claims to hack Apple Vision Pro on launch day (Cybernews) Finance worker pays out $25 million after video call with deepfake ‘chief financial officer’ (CNN) FritzFrog botnet is exploiting Log4Shell bug now, experts say (The Record) US sanctions Iranian officials over cyber-attacks on water plants (BBC) The Nine Lives of Commando Cat: Analysing a Novel Malware Campaign Targeting Docker
Bonus · Sun, February 04, 2024
Encore: Bilyana Lilly: Turn challenges into opportunities. [Policy] [Career Notes]
Cybersecurity and disinformation researcher Bilyana Lilly shares her career path from studying where she was always a foreigner to an expert on the Russian perspective. While studying international law in Kosovo, Bilyana realized there are no winners in war. Through her work, she hopes to bring a greater understanding of Russia's strategic thinking. Our thanks to Bilyana for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, February 03, 2024
Weathering the internet storm. [Research Saturday]
Johannes Ullrich from SANS talking about the Internet Storm Center and how they do research. Internet Storm Center was created as a mix of manual reports submitted by security analysts during Y2K and automated firewall collection started by DShield. The research shares how SANS used their "agile honeypots" to "zoom in" on events to more effectively collect data targeting specific vulnerabilities. Internet Storm Center has been noted on three separate attacks that were observed. The research can be found here: Jenkins Brute Force Scans Scans for Ivanti Connect "Secure" VPN Vulnerability (CVE-2023-46805, CVE-2024-21887) Scans/Exploit Attempts for Atlassian Confluence RCE Vulnerability CVE-2023-22527 Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E1996 · Fri, February 02, 2024
A digital leaker gets 40 years behind bars.
Former CIA leaker sentenced to 40 years. Interpol arrests suspected cybercriminals and takes down servers. Cloudflare discloses a Thanksgiving Day data breach. The FBI removes malware from outdated routers. President Biden plans to veto a Republican-led bill overturning cyber disclosure rules. Attackers target poorly managed Linux systems. Infected USB devices take advantage of popular websites for malware distribution. Blackbaud faces a data deletion mandate from the FTC. Our guest is Adam Marré, CISO of Arctic Wolf, to kick off our continuing discussion of 2024 election security. A cybersecurity incident in Georgia leads to a murder suspect on the run. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest Adam Marré , CISO of Arctic Wolf , joins us to begin our discussion of election security in 2024. Adam will be sharing their Election Cybersecurity Survey outlining key cybersecurity threats to the 2024 election season. Selected Reading 40 years in prison for ex-CIA coder who leaked hacking tools to WikiLeaks (Digital Journey) Interpol arrests more than 30 cybercriminals in global ‘Synergia’ operation (The Record) Cloudflare Hacked After State Actor Leverages Okta Breach (HACKREAD) FBI removes malware from hundreds of routers across the US (Malwarebytes) Biden to Veto Attempt to Overturn SEC Cyber Incident Disclosure Rules (SecurityWeek) Threat Actors Installing Linux Backdoor Accounts (ASEC) USB Malware Chained with Text Strings on Legitimate Websites Attacks Users (Cybersecurity News) FTC settles with Blackbaud over p
S8 E1995 · Thu, February 01, 2024
Defending America against China's ominous onslaught.
Directors Wray and Easterly warn congress of threats from Chinese hackers. Myanmar authorities extradite pig butchering suspects. Automation remains a challenge. Snyk Security Labs plugs holes in “Leaky Vessels.” Pegasus spyware targets human rights groups in Jordan. Subtle-paws scratch at Ukrainian military personnel. White Phoenix brings your ransomed files back from the ashes. In today’s Threat Vector, host David Moulton, Director of Thought Leadership at Unit 42, speaks with MDR Senior Manager Oded Awaskar, about how AI might change the world of security operations and threat-hunting. A wee lil trick for bypassing Chat GPT guardrails. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest In today’s segment of Threat Vector, host David Moulton , Director of Thought Leadership at Unit 42, speaks with Oded Awaskar , an MDR Senior Manager, about threat-hunting and how AI and ML might change the world of security operations and threat-hunting. Tune in to Palo Alto Networks’ biweekly Threat Vector podcast on our network for the full conversation. If you are interested to learn more about Unit 42 World-Renowned threat hunters, visit https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting and https://www.paloaltonetworks.com/unit42/respond/managed-detection-response In coming episodes, David will discuss the impact of the SEC Cyber Rules with Jacqueline Wudyka and share a conversation with Sam Rubin , Global Head of Operations for Unit 42, about his testimony at the Congressional hearing on the growing threat of ransomware . Selected Reading Wray warns Chinese hackers are aiming to 'wreak havoc' on U.S. critical infrastructure (NPR) FBI director warns Chinese hackers aim to 'wreak havoc' on U.S. critical infrastructure (NBC News) <a href="https://m.youtube.com/watch?si=VUfyigd_I8XMh2jM&
S8 E1994 · Wed, January 31, 2024
VPN compromise causes concerns.
Global Affairs Canada investigates a major data breach. New York sues Citibank over inadequate online security. Alpha ransomware launches a dedicated leak site on the dark web. A leaked database with 50 million records may or may not be real. CISA and the FBI provide guidance for SOHO routers.Patch ‘em if ya got ‘em. Krustyloader exploits Ivanti weaknesses. Unit 42 tracks a large-scale scareware campaign. Alex Stamos calls Microsoft’s security strategies “morally indefensible.” Our guests are Gianna Whitver and Maria Velasquez from the Cybersecurity Marketing Society to talk about their new podcast "Breaking Through in Cybersecurity Marketing." And do you have what it takes to protect his majesty’s royal laptop? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guests Gianna Whitver and Maria Velasquez from the Cybersecurity Marketing Society join Dave to share about their podcast " Breaking Through in Cybersecurity Marketing " that is joining the N2K network. You can listen to their newest episode on our network. Selected Reading Global Affairs investigating 'malicious' hack after VPN compromised for over one month (National Post) Lawsuit: Citibank refused to reimburse scam victims who lost “life savings” (Ars Technica) Unveiling Alpha Ransomware: A Deep Dive into Its Operations (Netenrich) Nearly 50 million Europcar customer records put up for sale on the dark web – or were they? (ITPro) Apple and Google Just Patched Their First Zero-Day Flaws of the Year (WIRED) Threat actors exploit Ivanti VPN bugs to
S8 E1993 · Tue, January 30, 2024
A Typhoon counter.
The U.S. counters a Chinese hacking campaign. Juniper issues out of band patches. Schneider Electric suffers a ransomware attack. Over a million and a half individuals are affected by an insurance consulting firm breach. AT&T finds DarkGate malware leveraging Microsoft teams. The White House is set to require AI developers to share safety test results. Resecurity finds high level credentials posted online. Zscaler says Zloader malware is back. The Georgia county prosecuting former President Trump got hit with a cyberattack. Microsoft’s Ann Johnson speaks with guest Deneen DeFiore, Vice President and Chief Information Security Officer at United Airlines, about cybersecurity at 35,000 feet. And yesterday’s airborne joker is off the hook. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Ann Johnson, host of Microsoft Security’s Afternoon Cyber Tea podcast, talks with guest Deneen DeFiore, Vice President and Chief Information Security Officer at United Airlines, about cybersecurity at 35,000 feet. Selected Reading Exclusive: US disabled Chinese hacking network targeting critical infrastructure (Reuters) China-Linked Hackers Target Myanmar's Top Ministries with Backdoor Blitz (The Hacker News) Juniper Networks Releases Urgent Junos OS Updates for High-Severity Flaws (The Hacker News) Schneider Electric confirms it was hit by ransomware attack (Silicon Republic) 1.5 Million Affected by Data Breach at Insurance Broker Keenan & Associates (SecurityWeek) DarkGate malware delivered via Microsoft Teams - detection and response (AT&T) AI companies will need to start reporting their safety tests to the US government (AP) <a href="https://securityaffairs.com/158329/cyber-crime/network-operators-credentials-fo
S8 E1992 · Mon, January 29, 2024
Seeking dismissal of SEC allegations.
Solarwinds seeks dismissal of SEC allegations. Urgent calls to implement fixes for Jenkins open-source software automation tools. A New Jersey township closes schools and offices after a cyberattack. The Centre for Cybersecurity Belgium warns of a critical vulnerability in GitLab. The FBI arrests a notorious swatter. HHS releases cybersecurity performance goals. The feds remind organizations to preserve online messaging. Mercedes-Benz exposes data after an authentication token was left unsecured. A dark web drug dealer pleads guilty. Our guest is Caleb Barlow from Cyberbit, discussing hacker celebrities and why yours truly did not make the list. And threats of airport terrorism on public WiFi is no joking matter. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Podcast partner Caleb Barlow , CEO of Cyberbit , discusses hacker celebrities and why our own Dave Bittner did not make the list. Selected Reading SolarWinds Seeks Dismissal of ‘Unfounded’ SEC Cybersecurity Suit (Bloomberg Law) Fix Available for Critical Jenkins Flaw That Leads to RCE Attacks (Security Boulevard) Freehold Township district: All schools and offices closed Monday due to cybersecurity incident (News12 New Jersey) WARNING: CRITICAL ARBITRARY FILE WRITE VULNERABILITY IN GITLAB CE/EE, PATCH IMMEDIATELY! (Centre for Cybersecurity Belgium) Police Arrest Teen Said to Be Linked to Hundreds of Swatting Attacks (WIRED) HHS debuts voluntary cybersecurity performance goals to enhance healthcare sector resilience (Industrial Cyber) Don’t Delete Slack or Signal Chats, US Agencies Warn Companies (Bloombe
Bonus · Sun, January 28, 2024
Rashmi Bharathan: Connecting is important. [Auditor] [Career Notes]
Rashmi Bharathan, an Information Technology Internal Auditor from Wintrust Financial Corporation sits down to share her story as a woman with 10 years in the IT industry and how she got her start. From childhood Rashmi always wanted to be a good leader, helping those around her, now she shares how helping people is a passion of hers and spends a lot of her time volunteering to help those coming into this industry. She says "It's all about, you should know your connections. That is more important. So I would say that networking and volunteering is really going to help you to grow in your career," sharing that community is the key to her success and working hard to network has been a great help to her to get her where she is today. We thank Rashmi for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
S1 E49 · Sun, January 28, 2024
What’s a CNAPP: Cloud-Native Application Protection Platform? [CyberWire-X]
In this episode of CyberWire-X, N2K’s CSO, Chief Analyst, and Senior Fellow, Rick Howard , is joined by Tim Miller , Technical Marketing Engineer for Panoptica, Cisco's Cloud Application Security solution, (Panoptica is the result of Cisco's incubation engine (Outshift) for new products and markets), and Kevin Ford , Esri’s CISO. They discuss the complexity reduction need that Cloud-Native Application Protection Platforms (CNAPPs) provide. Outshift by Cisco is our CyberWire-X episode sponsor. To learn more about Cloud-Native Application Protection Platforms, check out Panoptica’s website at https://panoptica.app and consider attending the Cisco Live EMEA in Amsterdam, February 5-8, 2024. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, January 27, 2024
Hooked on pirated macOS applications. [Research Saturday]
Jaron Bradley from Jamf Threat Labs is sharing their work on "Jamf Threat Labs discovers new malware embedded in pirated applications." Jamf Threat Labs has detected a series of pirated macOS applications that have been modified to communicate to attacker infrastructure. The research states "These applications are being hosted on Chinese pirating websites in order to gain victims." The discovery marks new and advanced malware, similar to the ZuRu malware, first discovered by Objective-See in 2021 within the iTerm2 application. The research can be found here: Jamf Threat Labs discovers new malware embedded in pirated applications Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E1991 · Fri, January 26, 2024
A new purchase is cause for a call out.
Senator Wyden calls out the NSA for purchasing American’s internet records. Senators look to add IT and ICS environments to federal employee cyber competitions. The FTC asks big tech about their investments in AI. Turns out the GSA bought a bunch of Chinese security cameras. Akira ransomware claims a breach of Lush cosmetics. ESET reports on the Blackwood cyberespionage group. Wired looks at Predatory Sparrow. The U.S. stands firm on the United Nations Cybercrime Treaty. Our guest is Tony Surak, CMO & Operating Partner from DataTribe, with insights on the state of venture capital in cyber. And a Trickbot gang member will be doing some time. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest Tony Surak from DataTribe joins us to share his take on the state of the VC cyber market. Selected Reading Wyden Releases Documents Confirming the NSA Buys Americans’ Internet Browsing Records; Calls on Intelligence Community to Stop Buying U.S. Data Obtained Unlawfully From Data Brokers, Violating Recent FTC Order Senate Committee debuts bipartisan bill to add OT, ICS environments to federal employee cyber competition FTC officially asks Big Tech about their AI deals | Cybernews GSA Sparks Security Fears After Buying Risky Chinese Cameras Akira ransomware gang says it stole passport scans from Lush • The Register Elusive Chinese Cyberspy Group Hijacks Software Updates to Deliver Malware - SecurityWeek How a Group of Israel-Linked Hackers Has Pushed the Limits of Cyberwar |
S8 E1990 · Thu, January 25, 2024
Another day, another Blizzard attack.
Cozy Bear breaches Hewlett Packard Enterprise. An investigation reveals global surveillance based on digital advertising. Cisco patches critical vulnerabilities. Meta aims to enhance the online safety of minors. iOS notifications are exploited for tracking. EquiLend’s systems go offline after a cyberattack. A DC theater faced financial crisis after seeing their bank account drained. Critical infrastructure is targeted in Ukraine. The latest insights on ransomware. Guest Lance Hood joins us from TransUnion to share how fraud attacks on financial industry call centers are rising. And Teslas get POwned in Tokyo. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest Lance Hood joins us from TransUnion to share how fraud attacks on financial industry call centers are rising. Selected Reading Hewlett Packard Enterprise tells SEC it was breached by Russia’s 'Cozy Bear' hackers (The Record) Inside a Global Phone Spy Tool Monitoring Billions (404 Media) Cisco Patches Critical Vulnerability in Enterprise Collaboration Products (SecurityWeek) Instagram and Facebook will now prevent strangers from messaging minors by default (The Verge) Research Reveals How iPhone Push Notifications Leak User Data (MacRumors) Financial tech firm EquiLend says recovery after cyberattack ‘may take several days’ (The Record) 'No gift is too small' | GALA Hispanic Theater asking for donations after hackers drain bank accounts (WUSA9) Ukrainian energy giant, posta
S8 E1989 · Wed, January 24, 2024
The fight against exploiting Americans.
Biden prepares executive order on foreign access to data. Britain’s NCSC warns of a significant ransomware increase. Cisco Talos confirms ransomware surge. BuyGoods.com leaks PII and KYC data. Fortra faces scrutiny over slow disclosure. AI fights financial fraud. Intel471 highlights bulletproof hosting. NSO Group lobbies to revamp their image. Tussling in Missouri over election security. Integrating cyber education. Our guests are N2K President Simone Petrella and WiCyS Executive Director Lynn Dohm talking about a new partnership for a comprehensive Cyber Talent Study. And the moral panic of Furbies. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Today’s guests are N2K President Simone Petrella and WiCyS Executive Director Lynn Dohm talking with Dave Bittner about a new partnership for a comprehensive Cyber Talent Study to deepen the collective understanding of cybersecurity competencies within the industry. Selected Reading Biden Seeks to Stop Countries From Exploiting Americans’ Data for Espionage (Bloomberg) British intelligence warns AI will cause surge in ransomware volume and impact (The Record) Significant increase in ransomware activity found in Talos IR engagements, while education remains one of the most-targeted sectors (Talos) Global Retailer BuyGoods.com Leaks 198GB of Internal and User PII, KYC data (HACKREAD) Fortra blasted over slow response to critical GoAnywhere file transfer bug (SC Media) Gen AI Expected to Bring Big Changes to Banking Sector (GovInfo Security) <a href="https://www.infosecurity-magazine.com/news
S8 E1988 · Tue, January 23, 2024
The mother of all data breaches.
The mother of all data breaches. CISA director Easterly is the victim of a swatting incident. An AI robocall in New Hampshire seeks to sway the election. Australia sanctions an alleged Russian cyber-crime operator. Atlassian Confluence servers are under active exploitation. Apple patches a webkit zero-day. Black Basta hits a major UK water provider. Hackers who targeted an Indian ISP launch and online search portal. A Massachusetts hospital suffered a Christmas day ransomware attack. Ann Johnson host of the Afternoon Cyber Tea podcast, speaks with Caitlin Sarian, known to many as Cybersecurity Girl. And HP claims bricked printers are a security feature, not a bug. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Microsoft Security’s Afternoon Cyber Tea podcast host, Ann Johnson , speaks with Caitlin Sarian , known to many as Cybersecurity Girl, a leading influencer with a cybersecurity-focused social presence. Listen to the full interview here . Selected Reading Mother of All Breaches: a Historic Data Leak Reveals 26 Billion Records (Cybernews) CISA’s Easterly the target of ‘harrowing’ swatting incident (The Record) AI robocalls impersonate President Biden in an apparent attempt to suppress votes in New Hampshire (PBS NewsHour) Hear fake Biden robocall urging voters not to vote in New Hampshire (YouTube) Medibank hack: Russian sanctioned over Australia's worst data breach (BBC) Hackers start exploiting critical Atlassian Confluence RCE flaw (BleepingComputer) iOS 17.3 and macOS Sonoma 14.3 Patch WebKit Vulnerability That May Have Been Exploited (MacRumors) <
S8 E1987 · Mon, January 22, 2024
Midnight Blizzard brings the storm.
Russian state hackers breach Microsoft. LockBit claims Subway restaurants hack. A Swedish datacenter is hit with ransomware. VMware patches a vulnerability targeted by Chinese espionage groups. Sentinel Labs warns of North Korean APTs focus on cybersecurity pros. FTC order another data broker to restrict location data. US Feds release security guidance for water and wastewater sectors. Senators question the DOJ on facial recognition technology. Ukraine’s Monobank gets DDoSed. N2K’s CSO Rick Howard joins us to share some insight into what he and the Hash Table are cooking up for the upcoming season of his CSO Perspectives podcast. The passing of a Time Lord. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest N2K’s CSO Rick Howard joins us to share some insight into what he and the Hash Table are cooking up for the upcoming season of his CSO Perspectives podcast launching next month. Selected Reading Microsoft: Russian Hackers Had Access to Executives' Emails (GovInfo Security) LockBit ransomware gang claims the attack on the sandwich chain Subway (Security Affairs) Ransomware hits cloud service Tietoevry; numerous Swedish customers affected (The Record) Chinese Espionage Group UNC3886 Found Exploiting CVE-2023-34048 Since Late 2021 (Mandiant) North Korea’s ScarCruft APT group targets infosec pros (CSO Online) FTC Order Will Ban InMarket from Selling Precise Consumer Location Data (Federal Trade Commission) US Gov Publishes Cybersecurity Guidance for Water and Wastewater Utilities (SecurityWeek) <a href="https://www.siliconrepubl
Bonus · Sun, January 21, 2024
Encore: Matt Devost: Solving hard problems and pursuing your passions. [CEO] [Career Notes]
CEO, Matt Devost, describes many firsts in his career including hacking into systems on an aircraft carrier at sea. He shares how he enjoys solving hard problems and the red teamer perspective, and how he was able to translate those into a career. For those interested in cybersecurity, Matt advises opportunities for self-directed learning including heading down to your basement and building your own lab. Our thanks to Matt for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E51 · Sun, January 21, 2024
Two viewpoints on the National Cybersecurity Strategy. [Special Edition]
Earlier this month, the White House released the National Cybersecurity Strategy, the first issued since 2018. The strategy refocuses roles, responsibilities, and resource allocations in the digital ecosystem, with a five pillar approach. Those pillars are: defending critical infrastructure, disrupting threat actors, shaping market forces to drive security and resilience, investing in a resilient future, and forging international partnerships. We wanted to delve into the strategy and its intended effects further, so Dave Bittner spoke with representatives from industry and inside government. Dave first speaks with Adam Isles , Principal and Head of Cybersecurity Practice at The Chertoff Group, sharing industry's take on the strategy. Following that conversation, Dave had a discussion with Steve Kelly , Special Assistant to the President and Senior Director for Cybersecurity and Emerging Technology at the National Security Council, for a look at the strategy from inside the White House. Links to resources: Point of View: 2023 National Cybersecurity Strategy The Chertoff Group's blog National Cybersecurity Strategy 2023 Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, January 20, 2024
A firewall wake up call. [Research Saturday]
Jon Williams from Bishop Fox is sharing their research on "It’s 2024 and Over 178,000 SonicWall Firewalls are Publicly Exploitable." SonicWall published advisories for CVE-2022-22274 and CVE-2023-0656 a year apart after finding that NGFW series 6 and 7 devices are affected by two unauthenticated denial-of-service vulnerabilities. The research states "Our research found that the two issues are fundamentally the same but exploitable at different HTTP URI paths due to reuse of a vulnerable code pattern." They also found that when they scanned SonicWall firewalls with management interfaces exposed to the internet, they found that 76% are vulnerable to one or both issues. The research can be found here: It’s 2024 and Over 178,000 SonicWall Firewalls are Publicly Exploitable Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E1986 · Fri, January 19, 2024
New malware, new threats.
Microsoft warns of an Iranian cyberespionage group. The CyberSafety Review Board receives critical reviews of its own. VMWare warns of active product exploitation. Tax info gets leaked in accounting firm breach. Kansas State University reports a cyber incident. CISA adds Citrix Netscaler vulnerabilities to its Known Exploited Vulnerabilities catalog. Councils in the UK suffer online disruptions. Cyber insurance can be a double edged sword. More email security breaches lead to firings. In our Solution Spotlight, N2K President Simone Petrella speaks with Michelle Amante of the Partnership for Public Service With an update on the Cybersecurity Talent Initiative. And it’s shields up for Generation Z. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On the Solution Spotlight, N2K President Simone Petrella speaks with Michelle Amante of the Partnership for Public Service sharing an update on the Cybersecurity Talent Initiative and how federal agencies and early career existing talent that may be interested in the program’s offerings. Selected Reading Microsoft: Iranian hackers target researchers with new MediaPl malware (Bleeping Computer) Cyber Safety Review Board needs stronger authorities, more independence, experts say (Cyberscoop) VMware vCenter Server Vulnerability Exploited in Wild (SecurityWeek) ELO accounting data breach sparks tax fraud (Cybernews) Cyber attacks on Kent councils disrupt online services (BBC) Kansas State University suffered a serious cybersecurity incident (SecurityAffairs) CISA urges urgent patching of two actively exploited Citrix NetScaler vulne
S8 E1985 · Thu, January 18, 2024
A credential dump hits the online underground.
A massive credential dump hits the online underground. CISA and the FBI issue joint guidance on drones. TensorFlow frameworks are prone to misconfigurations. Swiss federal agencies are targets of nuisance DDoS. Cybercriminals hit vulnerable Docker servers. Quarkslab identifies PixieFAIL in UEFI implementations. Google patches Chrome zero-day. The Bigpanzi botnet infects smart TVs. Proofpoint notes the return of TA866. In our Threat Vector segment, David Moulton dives into the evolving world of AI in cybersecurity with Kyle Wilhoit, director of threat research at Unit 42. And we are shocked- SHOCKED! - to learn that Facebook is tracking us. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest This segment of Threat Vector dives into the evolving world of AI in cybersecurity with Kyle Wilhoit , director of threat research at Unit 42 . This thought-provoking discussion, hosted by David Moulton , director of thought leadership at Unit 42, ffocuses on the current state and future trends of AI in cyberthreats. Discover how AI is reshaping the landscape of cyberattacks, the role of generative AI in threat actor tactics, and the challenges of attribution in AI-driven cyberattacks. Visit Unit 42 by Palo Alto Networks to learn more. Check out the Threat Vector podcast and follow it on your favorite podcast app. Selected Reading Researcher uncovers one of the biggest password dumps in recent history (Ars Technica) Troy Hunt: Inside the Massive Naz.API Credential Stuffing List (Troy Hunt) Feds warn China-made drones pose risk to US critical infrastructure (SC Media) TensorFlow CI/CD Flaw Exposed Supply Chain to Poi
Bonus · Thu, January 18, 2024
Exploring the cosmic frontier: Unveiling the future of space law. [Caveat]
Bryce Kennedy, President of the Association of Commercial Space Professionals (ACSP), is sharing what is on horizon in space law. Bryce is also a space lawyer and a regular contributor to our T-Minus daily space podcast right here on the N2K podcast network. You can hear more from the T-Minus space daily show here . While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney. Caveat Briefing A companion weekly newsletter is available CyberWire Pro members on the CyberWire's website. If you are a member, make sure you subscribe to receive our weekly wrap-up of privacy, policy, and research news, focused on incidents, techniques, tips, compliance, rights, trends, threats, policy, and influence ops delivered to you inbox each Thursday. Got a question you'd like us to answer on our show? You can send your audio file to caveat@thecyberwire.com . Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E1984 · Wed, January 17, 2024
Maximum severity vulnerability needs critical updates.
Atlassian issues critical updates. CISA and the FBI warn of AndroxGh0st. A GPU vulnerability hits major manufacturers. A Foxconn subsidiary in Taiwan gets hacked. Australians suffer breached credit cards through credential stuffing. A parade of horrible hackers and scammers. CISO accountability is highlighted at ShmooCon. Cybersecurity VC funding plummets. On the Learning Layer, N2K’s Executive Director of Product Innovation Sam Meisenberg lets us in on an A+ tutoring session. Don’t ask ChatGPT to handle your Amazon product listings. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On the Learning Layer with N2K’s Executive Director of Product Innovation Sam Meisenberg lets us in on an A+ tutoring session he held with Jaden Dicks . Selected Reading Atlassian’s Confluence Data Center and Server Affected by Critical RCE Vulnerability, CVE-2023-22527: Patch Now (SOCRadar) FBI, CISA warn of AndroxGh0st botnet for victim identification and exploitation (Security Affairs) A new vulnerability affecting Apple, AMD, and Qualcomm GPUs could expose AI data (TechSpot) Taiwan’s Foxconn subsidiary faces cyberattack (Taiwan News) 15,000 Aussies Affected After Binge, The Iconic Hacked (Pedestrian) Hackers post disturbing videos to online forum used by UC Irvine students (ABC7) Heartless scammers prey on hundreds of lost pet owners, demanding ransoms or else… (Bitdefender) As hacks worsen, SEC turns up the heat on CISOs (TechCrunch) Cybersecurity Startup Funding Hits 5-Year Low, Drops
S8 E1983 · Tue, January 16, 2024
Vulnerabilities and security risks.
Ivanti products are under active zero-day exploitation. Phemedrone is a new open-source info-stealer. Bishop Fox finds exposed SonicWall firewalls. GitLab and VMware patch critical vulnerabilities. The Secret Service foils a phishing scam. Europol shuts down a cryptojacking campaign. Ransomware hits a Majorca municipality. RUSI looks at ransomware. Ben Yelin explains the New York Times going after OpenAI over the data scraping. And the sad case of an Ohio lottery winner. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest and partner Ben Yelin joins us today to discuss “ The Most Critical Elements of the FTC’s Health Breach Rulemaking .” Ben is the Program Director for Public Policy & External Affairs at the University of Maryland Center for Health and Homeland Security and Co-Host of N2K’s Caveat Podcast. Selected Reading Ivanti Connect Secure zero-days now under mass exploitation (Bleeping Computer) Windows SmartScreen flaw exploited to drop Phemedrone malware (Bleeping Computer) Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack (Security Affairs) GitLab Fixes Password Reset Bug That Allows Account Takeover (Security Boulevard) Patches Available for a Critical Vulnerability in VMware Aria Automation: CVE-2023-34063 (Malware News) US court docs expose fake antivirus renewal phishing tactics (Bleeping Computer) Hacker spins up 1 million virtual servers to illegally mine crypto (Bleeping Computer) <a hr
Bonus · Mon, January 15, 2024
Putting a dent in the cybersecurity workforce gap. [Special Edition]
In this special edition of Solution Spotlight, N2K President, Simone Petrella is talking with ISC2 CEO Clar Rosso about putting a dent in the cybersecurity workforce gap through empowerment, breaking down barriers and expanding DE&I initiatives.
S1 E48 · Mon, January 15, 2024
Encore: Examining the current state of security orchestration. [CyberWire-X]
In this encore episode of CyberWire-X, N2K’s CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined by guest Rohit Dhamankar, Fortra's Vice President of Product Strategy, and Hash Table member Steve Winterfeld, Akamai's Advisory CISO to discuss CISO initiatives such as vendor consolidation, automation, and attack surface management as a way to determine if it’s possible to achieve both increased security maturity and decreased operational load. This session covers common mistakes when adopting security technologies, including the pros and cons of AI, and how to better collaborate together.
Bonus · Sun, January 14, 2024
Encore: Kathleen Booth: Get your foot in the door and prove your worth. [Marketing] [Career Notes]
Vice President of Marketing, Kathleen Booth, shares her career path from political science and international development to marketing for a cybersecurity company. Early dreams of acting morphed into goals of making the world a better place. Chief marketer and podcaster Kathleen is doing just that. She shares how proving your worth can lead to success. Listen for Kathleen's advice on getting your foot in the door. Our thanks to Kathleen for sharing her story with us.
Bonus · Sat, January 13, 2024
Dual Russian cyber gangs hit 23 companies. [Research Saturday]
Ryan Westman, Senior Manager, Threat Intelligence, eSentire's Threat Response Unit (TRU), is discussing their research "Two Russian-speaking cyber gangs attack employees from 23 different companies." They are using malicious Google ads, promoting popular business software such as Zoom, Slack, and Adobe. The customers targeted are companies in the manufacturing, software, legal, retail and healthcare industries. The attacking threat actors belong to the Russian-speaking Malware-as-a-Service (MaaS) groups called BatLoader and FakeBat. The research can be found here: Two Competing, Russian-Speaking Cybercrime Groups Attack Employees from 23 Companies in the Manufacturing, Software, Legal, Retail, and Healthcare Sectors Using Malicious Google Ads
S8 E1982 · Fri, January 12, 2024
Casting a wider hiring net.
The Feds look to cast a wider hiring net. Legislators focus on deepfakes. Cookie stealers bypass MFA on Google accounts. A Fast food hiring chat bot got hacked. Medusa casts her gaze toward extortion. Akira ransomware is active in Finland. GitLab patches critical vulnerabilities. Bosch thermostats are vulnerable to some hot firmware. CSAM vendors’ crypto sophistication grows. CISA released ICS advisories. On our Solution Spotlight, N2K’s Simone Petrella speaks with Kim Jones, Director of Intuit's CyberCRAFT team, about the SEC's heightened focus on cybersecurity. And a little listener feedback, Karaoke style. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On our Solution Spotlight, N2K’s Simone Petrella discusses a possible hurdle with Kim Jones, Director of Intuit's CyberCRAFT team. They talk about the SEC's heightened focus on cybersecurity. Selected Reading An analysis of cyberattacks against Danish energy infrastructure. Cryptomining campaign targets weak SSH passwords. (CyberWire) White House moves to ease education requirements for federal cyber contracting jobs (CyberScoop) State Legislators Tighten A.I. Rules to Combat Deceptive Election Ads (New York Times) Info-stealers can steal cookies for permanent access to your Google account (Malwarebytes) Hackers Break into AI Hiring Chatbot, Could Hire and Reject Fast Food Applicants (404 Media) Medusa Ransomware Turning Your Files into Stone (Unit 42 by Palo Alto Networks) Akira ransomware attackers are wiping NAS and tape backups (Help Net Security) Urgent: GitLab Releases Patch for Critical Vulnerabilities - Update ASAP (The Hacker News) Vulnerability Puts Bosch Smart Thermostats at Risk of Compromise
S8 E1981 · Thu, January 11, 2024
Unveiling the Shadow Strike: A zero-day assault on Ivanti VPN users.
A zero-day hits Ivanti VPN customers. CISA highlights an active MS Sharepoint Server flaw. Cisco patches a critical vulnerability. Atomic Stealer gets updates. Sensitive school emergency planning documents are exposed online. The FCC reports on risky communications equipment. The White House will introduce new cybersecurity requirements for hospitals. Mandiant explains their X-Twitter hack. Our guest is Palo Alto Networks’ Unit 42’s David Moulton, host of the new Threat Vector podcast. And we are shocked - shocked! - to learn that an online sex for money scheme is a scam. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest David Moulton from Palo Alto Networks joins us to talk about Threat Vector. It’s Unit 42’s segment turned podcast on the N2K media network. Selected Reading Ivanti customers urged to patch vulnerabilities allegedly exploited by Chinese state hackers (The Record) CISA Urges Patching of Exploited SharePoint Server Vulnerability (SecurityWeek) Critical Cisco Unity Connection flaw gives attackers root privileges. Patch now! (CVE-2024-20272) (Help Net Security) Atomic Stealer Gets an Upgrade - Targeting Mac Users with Encrypted Payload (The Hacker News) FCC's Reimbursement Program shows progress in removing national security risks from communication networks (Industrial Cyber) After Barrage of Hacks, Hospitals Will Face New Federal Cybersecurity Rules Tied to Funding (The Messenger) US School Shooter Emergency Plans Exposed in a Highly Sensitive Database Leak (WIRED) Mandiant’s X Account Was Hacked in Brute-Force Password Attack (Infosecurity Magazine) <a href="https://graha
S8 E1980 · Wed, January 10, 2024
A pivotal global menace.
The World Economic Forum names AI a top global threat. The SEC suffers social media breach. The FTC settles with a data broker over location data sales. A massive data leak hits Brazil. Chinese researchers claim and AirDrop hack. A major real estate firm suffers data theft. Pikabot loader is seeing use by spammers. Ukraine’s Blackhit hits Russia’s M9 Telecom. Stuxnet methods are revealed. A Patch Tuesday rundown. Our guest is Tim Eades from the Cyber Mentor Fund to discuss the growing prevalence of restoration as a part of incident response. And Hackers could screw up a wrench. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest Tim Eades from Cyber Mentor Fund joins us to discuss the growing prevalence of restoration as a part of incident response. Selected Reading AI-powered misinformation is the world's biggest short-term threat, Davos report says (AP News) NSA: Benefits of generative AI in cyber security will outweigh the bad (IT Pro) SEC account on X ‘compromised’ and regulator has not approved bitcoin ETFs (MarketWatch) SEC did not have 2FA enabled: X safety team on fake Bitcoin ETF post (Cointelegraph) FTC Order Prohibits Data Broker X-Mode Social and Outlogic from Selling Sensitive Location Data (Federal Trade Commission) Entire population of Brazil possibly exposed in massive data leak (Security Affairs) China says state-backed experts crack Apple's AirDrop (Digital Journal) <a href="https://techcru
S8 E1979 · Tue, January 09, 2024
Swatting on the rise.
Swatting is on the rise. LoanDepot, the Toronto Zoo and the World Council of Churches all confirm ransomware attacks. Iran-linked hackers target Albania. Sea Turtle focuses on espionage and information theft. Fake “security researchers” offer phony ransomware recovery services. Could AI make KYC EOL? Avast enhances Babuk decryption. Joe Carrigan looks at the human side of email security. And a group of midwives fail to deliver. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Today, we are joined by Joe Carrigan from JHU ISI on the human elements that impact email security Selected Reading Tanya Chutkan, the judge overseeing Trump's federal election interference case, appears to be victim of 'swatting' Special counsel Jack Smith was targeted by attempted swatting on Christmas Day LoanDepot Takes Systems Offline Following Ransomware Attack Toronto Zoo hit by ransomware attack | Cybernews Rhysida ransomware gang takes responsibility for attack on World Council of Churches Wiper malware found in analysis of Iran-linked attacks on Albanian institutions Turkish espionage campaigns in the Netherlands "Security researcher" offers to delete data stolen by ransomware attackers Gen AI could make KYC effectively useless | TechCrunch Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our <a href="https://ww
S8 E1978 · Mon, January 08, 2024
A conclusion on the xDedic Marketplace investigation.
The DOJ concludes its xDedic Marketplace investigation. A cyberattack shuts down a major mortgage lender. The Swiss Air Force suffers third party breach. An update on SilverRAT. The Space Force emphasizes collaboration for effective cyber growth. The DOE announces cyber resilience funding. Merck reaches a settlement on NotPetya. NIST warns of AI threats. Our guest is Dragos CEO Robert M. Lee, with a look at intellectual property theft in manufacturing. And Chump Change fines for big tech. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Today, we are joined by Robert M. Lee , founder and CEO of Dragos , to discuss intellectual property theft in manufacturing. Selected Reading AsyncRAT campaign targets US infrastructure. (CyberWire) 19 Individuals Worldwide Charged In Transnational Cybercrime Investigation Of The xDedic Marketplace (US Department of Justice) Space Force is crafting in-house cyber teams but sees need for closer work with USCYBERCOM (Nextgov/FCW) Energy Department has cyber threats to infrastructure in mind with $70 million funding offer (FedScoop) Swiss Air Force documents exposed via cyber attack on third party (BeyondMachines.net) Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD Attack (SecurityWeek) Merck settles with insurers who denied $700 million NotPetya claim (The Record) Syrian Threat Group Peddles Destructive SilverRAT (DarkReading) NIST Warn
Bonus · Sun, January 07, 2024
Encore:Johannes Ullrich: Superhero origin stories and lessons that last. [Education] [Career Notes]
Dean of Research, Johannes Ullrich, relays his experiences from studying the hard sciences to his career shift to cybersecurity. Basic principles, superhero origin stories, physics labs and radiation all figure in. And there’s a lot in common with network security best practices. Have a listen to what Johannes has learned and what he hopes to impart on his students. Our thanks to Johannes for sharing his story with us.
Bonus · Sat, January 06, 2024
Diving deep into Phobos ransomware. [Research Saturday]
Guilherme Venere from Cisco Talos joins to discuss their research on "A deep dive into Phobos ransomware, recently deployed by 8Base group." Cisco Talos discovered that 8Base’s Phobos ransomware payload contains an embedded configuration, which is a significant difference between 8Base’s Phobos variant and other Phobos samples that have been observed in the wild since 2019. In this 2-part research series, Talos conducts a deep dive into the Phobos ransomware, including its affiliate structure, activity and capabilities, as well as the one private key that could enable decryption of all the samples analyzed. The research can be found here: A deep dive into Phobos ransomware, recently deployed by 8Base group Understanding the Phobos affiliate structure and activity
S8 E1977 · Fri, January 05, 2024
Disruptions to the internet.
BGP attack disrupts Internet service. Data breach law firm breached. Remcos RAT returns. Poison packages in the PyPI repository. Hacktivist personae and GRU fronts. BreachForums impresario re-arrested. Cyber National Mission Force gets a new leader. On our Solution Spotlight, Simone Petrella talks with ISC2 CEO Clar Rosso about putting a dent in the cybersecurity workforce gap. LinkedIn as a dating platform? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On our Solution Spotlight, N2K President Simone Petrella talks with ISC2 CEO Clar Rosso about putting a dent in the cybersecurity workforce gap through empowerment, breaking down barriers and expanding Diversity, Equity and Inclusion (DE&I) initiatives. Selected Reading BGP attack disrupts Internet service. Pirated Zeppelin ransomware source code for sale in a C2C souk. BreachForums impresario re-arrested. (CyberWire) Hacker hijacks Orange Spain RIPE account to cause BGP havoc (Bleeping Computer) RIPE Account Hacking Leads to Major Internet Outage at Orange Spain (SecurityWeek) Law firm that handles data breaches was hit by data breach (TechCrunch) UAC-0050 Group Using New Phishing Tactics to Distribute Remcos RAT (The Hacker News) EXPERTS FOUND 3 MALICIOUS PACKAGES HIDING CRYPTO MINERS IN PYPI REPOSITORY (SecurityAffairs) BreachForums administrator detained after violating parole (The Record) Russian hackers wiped thousands of systems in KyivStar attack (Bleeping Computer) US military’s Cyber Nationa
S8 E1976 · Thu, January 04, 2024
Russian hackers hide in Ukraine telecoms for months.
Sandworm was in Kyivstar's networks for months. Museums face online outages. Emsisoft suggests a ransomware payment ban. An ambulance service suffers a data breach. Mandiant’s social media gets hacked. GXC Team's latest offerings in the C2C underground market. 23andMe blames their breach on password reuse. Lawyers are using outdated encryption. On today’s Threat Vector segment, David Moulton chats with Garrett Boyd, senior consultant at Palo Alto Networks Unit 42 about the importance of internal training and mentorship in cybersecurity. And in Russia, holiday cheers turn to political jeers. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On today’s Threat Vector segment with David Moulton features Garrett Boyd , a senior consultant at Unit 42 by Palo Alto Networks with a background as a Marine and professor, discusses the importance of internal training and mentorship in cybersecurity. He provides insights into how training prepares professionals for industry challenges and how mentorship fosters professional growth and innovation. Garrett emphasizes the need for a mentorship culture in organizations and the responsibility of both mentors and mentees in this dynamic. The episode highlights the transformative impact of mentorship through personal experiences and concludes with an invitation for listeners to share their stories and a reminder to stay vigilant in the digital world. Threat Vector To learn what is top of mind each month from the experts at Unit 42 sign up for their Threat Intel Bulletin . Selected Reading Compromised accounts and C2C markets. Cyberespionage and state-directed hacktivism. (CyberWire) Exclusive: Russian hackers were inside Ukraine telecoms giant for months (Reuters) Hackers linked to Russian spy agency claim cyberattack on Ukrainia
S8 E1975 · Wed, January 03, 2024
A digital disappearance in Utah.
Cyber-kidnapping in Utah. Hospitals sue for data recovery. The US Department of Homeland Security assesses cyber threats to the US. Mac malware is on the rise. Cameras hacked by Russian intelligence services provide targeting information. Ransomware roundup. An NPM dependency campaign. Google recommends enhanced safe browsing. Rob Boyce from Accenture describes the Five Families and the trend of hacker collaboration. And the FTC wants to hear your cloned voice. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Today, we are joined by Rob Boyce from Accenture talking about the Five Families, the trend of hacker collaboration. Selected Reading Missing Riverdale foreign exchange student found near Brigham City in case of ‘cyber kidnapping’ (ABC4) What is ‘cyber kidnapping’ and what can you do to stay safe online? (Deseret News) Hospitals ask courts to force cloud storage firm to return stolen data (BleepingComputer) Homeland Threat Assessment (US Department of Homeland Security) The Mac Malware of 2023 (Objective-See) SBU blocks webcams that ‘flashed’ operation of air defense during missile attack on Kyiv on Jan 2 (Interfax-Ukraine) Ukraine says Russia hacked web cameras to spy on targets in Kyiv (The Record) Akumin radiology and oncology reports ransomware attack and data breach (beyondmachines) Coop supermarket chain hit by ransomware cyberattack (beyondmachines) <a href="https:
S8 E1974 · Tue, January 02, 2024
Apple's clickless exploit.
A zero-click exploit affects iPhones belonging to Kaspersky employees. A GRU cyber campaign incorporates novel malware. The Indian government targets Apple over hacking attempts. Microsoft disables App Installer. Australian courts’ AV is compromised. A BlackBasta decryptor is released. Cyber Toufan claims attacks against Israeli targets. Patients in Oklahoma face online extortion. LoanCare customers’ data is at risk. Google settles a private browsing lawsuit. Barracuda patches a zero-day. That Chinese spy balloon was making a local call. And then Caleb Barlow, a friend of our show, shares password security tips you should know. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Caleb Barlow, CEO of Cyberbit, joins us today to share helpful tips to remember those passwords. Selected Reading 4-year campaign backdoored iPhones using possibly the most advanced exploit ever (Ars Technica) New malware found in analysis of Russian hacks on Ukraine, Poland (The Record) Russian Military Intelligence Blamed for Blitzkrieg Hacks (GovInfo Security) India targets Apple over its phone hacking notifications (Washington Post) Microsoft disables App Installer after observing financially motivated threat actor activity (Cybernews) Microsoft disables App Installer after observing financially motivated threat actor activity (Cybernews) Cyber attack on Victoria's court system may have exposed recordings of sensitive cases (ABC News) New Black Basta decryptor exploits ransomware flaw to recover files (Bleeping Computer) Pro-Palestinian operation claims dozens of data breaches against Israeli firms (The Rec
S7 E78 · Mon, January 01, 2024
Microsoft EVP Charlie Bell on the Future of Security [Afternoon Cyber Tea]
Microsoft Security EVP Charlie Bell joins Ann on this week's episode of Afternoon Cyber Tea. Charlie has over four decades in the tech industry, from developing space shuttle software to leading the creation of Amazon Web Services' decentralized engineering system and now leading Microsoft’s effort to make the digital world safe and secure for everyone on the planet. Ann and Charlie discuss AI, the Security ecosystem, and why he thinks speed and acceleration of problem-solving are so relevant today. Resources: View Charlie Bell on LinkedIn View Ann Johnson on LinkedIn Related Microsoft Podcasts: Listen to: Uncovering Hidden Risks Listen to: Security Unlocked Listen to: Security Unlocked: CISO Series with Bret Arsenault Discover and follow other Microsoft podcasts at microsoft.com/podcasts Afternoon Cyber Tea with Ann Johnson is produced by Microsoft and distributed as part of The CyberWire Network.
Bonus · Sun, December 31, 2023
Encore: Tom Quinn: The mark of making a difference. [CISO] [Career Notes]
Financial firm CISO, Tom Quinn, takes us from his first experience with modern computers in the military to his current role as a Chief Information Security Officer. It's important to understand how the technology works, but it's also important to understand how people work. And, to make a difference. Our thanks to Tom for sharing his story with us.
Bonus · Sat, December 30, 2023
Encore: What malicious campaign is lurking under the surface? [Research Saturday]
Israel Barak, CISO from Cybereason, sits down with Dave to discuss their research, "Operation CuckooBees: Cybereason Uncovers Massive Chinese Intellectual Property Theft Operation." Cybereason researchers recently found an attack lurking beneath the surface which was assessed to be the work of Chinese APT Winnti. Cybereason briefed the FBI and the DOJ on the investigation into the malicious campaign. The research states, "For years, the campaign had operated undetected, siphoning intellectual property and sensitive data." The team quickly made two reports on the campaign, one sharing an examination on the tactics and techniques. The second gives a detailed analysis of the malware and exploits used. The research can be found here: Operation CuckooBees: Cybereason Uncovers Massive Chinese Intellectual Property Theft Operation
Bonus · Fri, December 29, 2023
T-Minus Overview- Space Cybersecurity. [t-minus]
Welcome to the T-Minus Overview Radio Show. In this program we’ll feature some of the conversations from our daily podcast with the people who are forging the path in the new space era, from industry leaders, technology experts and pioneers, to educators, policy makers, research organizations, and more. In this episode we’re covering cybersecurity for space. What is it? What are the threats to space systems, why is there such an emphasis on it right now, and what are people doing about it? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space , and you’ll never miss a beat . And be sure to follow T-Minus on LinkedIn and Instagram . T-Minus Guest Our first guest is Renee Wynn, former CIO of NASA. Our second guest is Matthieu Bailly, Vice President of Space at CYSEC, a cybersecurity company based in Lausanne, Switzerland. Our third guest speaking to T-Minus Producer Alice Carruth, is Steve Luczynski, Board Chairman of the Aerospace Village. T-Minus Crew Survey We want to hear from you! Please complete our 4 question survey . It’ll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit . Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.
S2 E10 · Thu, December 28, 2023
Peter Bauer: CEO of Mimecast [Cyber CEOs Decoded]
In this episode, Marc catches up with Mimecast CEO and co-founder Peter Bauer. They cover Peter's CEO journey, including what it was like growing up in South Africa, why he opted out of attending university, highlights from Mimecast's 20-year history, and what Peter learned from taking the company public — and then private again. You'll also learn: When and how to raise capital, and how to manage meeting the board's expectations. How CEOs can overcome self-doubt and continuously reimagine their role to look at challenges with new eyes. How to view the company's history as a story with chapters and eras, and why it's important to always believe you're at the beginning of the book.
S2 E10 · Wed, December 27, 2023
NACD Accelerate, Ian Furr’s Volunteer Work, & Bidemi (Bid) Ologunde Member Spotlight [RH-ISAC Podcast]
In this episode of the Retail & Hospitality ISAC podcast, host Luke Vander Linden is joined by John Scrimsher, chief information security officer (CISO) at Kontoor Brands, Inc., and Marcel Bucsescu, senior director of credentialing and strategic engagement at NACD, to expand upon the NACD Accelerate program . Then Ian Furr, security integration engineer at RH-ISAC, talks about his volunteer work with the Information Technology Disaster Resource Center (ITDRC) and the Fairfax County Fire and Rescue Department. Finally, Luke chats with Bidemi (Bid) Ologunde, intelligence analyst at Expedia Group, about his own podcast, The Bid Picture , background, and the trajectory of cybersecurity. Thank you to Fortinet for their sponsorship of the Retail & Hospitality ISAC podcast.
Bonus · Wed, December 27, 2023
Encore: Active visibility into OT systems. [Control Loop]
Rockwell Stratix routers vulnerable to Cisco zero-day. SecurityWeek’s ICS Cyber Security Conference. Malware attacks against IoT devices increase by 400%. Nuclear power plant operator cited over cybersecurity plan. CISA’s ICS advisories. Guest Garrett Bladow , Distinguished Engineer at Dragos, joins us from the CyberCon 2023 event in Bismarck, North Dakota. Garrett discusses active visibility into OT systems. On the Learning Lab, Mark Urban shares the second part of his conversation about cyber threat intelligence with Paul Lukoskie , who is Dragos’ Director of Intelligence Services. Control Loop News Brief. Rockwell Stratix routers vulnerable to Cisco zero-day. PN1653 | Stratix® 5800 & 5200 vulnerable to Cisco IOS XE Web UI Privilege Escalation (Active Exploit) (Rockwell Automation) SecurityWeek’s ICS Cyber Security Conference. 2023 ICS Cybersecurity Conference (SecurityWeek) Malware attacks against IoT devices increase by 400%. Zscaler ThreatLabz 2023 Enterprise IoT and OT Threat Report (Zscaler) Nuclear power plant operator cited over cybersecurity plan. UK Cites Nuclear Plant Operator Over Cybersecurity Strategy (Silicon UK) Rockwell and Dragos announce partnership. Dragos and Rockwell Automation Strengthen Industrial Control System Cybersecurity for Manufacturers with Expanded Capabilities (Business Wire) CISA’s ICS advisories. CISA Releases Two Industrial Control Systems Advisories (CISA) Hitachi Energy’s RTU500 Series Product (Update B) (CISA) CISA Releases Nine Industrial Control Systems Advisories (CISA) Control Loop Interview. Guest is Garrett Bladow , Distinguished Engineer at Dragos, discussing active visibility into OT systems. Control Loop Learning Lab.<
Tue, December 26, 2023
“Espionage and the Metaverse” – with Cathy Hackl [SpyCast]
Summary Cathy Hackl ( Twitter , LinkedIn ) joins Andrew ( Twitter ; LinkedIn) to discuss the potential implications of the metaverse on intelligence. Cathy has been called the “Godmother of the Metaverse.” What You’ll Learn Intelligence What the metaverse is Security and counterintelligence in a virtual world Futurism within intelligence agencies Potential risks and consequences of the metaverse Reflections How virtual spaces can affect our physical world The necessity to evolve alongside technology And much, much more … Episode Notes The web will continue to evolve and change with time, but what’s coming next? And how will this evolution affect the ways that intelligence organizations around the world conduct their operations? This week on SpyCast, Cathy Hackl joins Andrew to explain what the metaverse is, what we can expect from living in this new virtual world, and how intelligence agencies can begin planning for the Web 3 future. Cathy Hackl has been dubbed the “Godmother of the Metaverse” Resources Featured Resource Into the Metaverse: The Essential Guide to the Business Opportunities of the Web3 Era , Cathy Hackl (Bloomsbury, 2023) Metaverse Marketing [Cathy’s podcast] *Beginner Resources* What Is the Metaverse, Exactly? , Wired (2022) [Article] Web 3.0 Explained In 5 Minutes , YouTube (2022) [5 min. Video] 12 new tech terms you need to understand the future , R. Gray, BBC (2018) * SpyCasts * How Artificial Intelligence is Changing the Spy Game – with Mike Susong (2022) Trafficking Data: The Digital Struggle with China -- with Aynne Kokas (2022) The FBI & Cyber – with Cyber Division Chief Bryan Vorndran (Part 1 of 2) <a href="https://the
Bonus · Tue, December 26, 2023
Artificial Intelligence: Insights & Oddities [8th Layer Insights]
On this episode, Perry celebrates the one year birthday of ChatGPT by taking a look at AI from technological, philosophical, and folkloric perspectives. We see how AI was formed based on human words and works, and how it can now shape the future of human legend and belief. Guests: Brandon Karpf, Vice President at N2K Networks ( LinkedIn ) ( Website ) Dr. Lynne S. McNeill, Associate Professor at Utah State University ( LinkedIn ) ( Twitter ) Dr. John Laudun, Professor at University of Louisiana at Lafayette ( LinkedIn ) ( Twitter ) ( Website ) Lev Gorelov, Research Director at Handshake Consulting ( LinkedIn ) ( Twitter ) ( Website ) Resources Interview with the AI, part one , by the Brandon Karpf / the CyberWire 'Hard Fork': An Interview With Sam Altman , by The New York Times The Exciting, Perilous Journey Toward AGI , Ilya Sutskever TED Talk Ilya: the AI scientist shaping the world , by The Guardian Meet Loab, the AI Art Woman Haunting the Internet: Is she a demon? A Cryptid? Or nothing at all... , the Guardian In 2016, Microsoft’s Racist Chatbot Revealed the Dangers of Online Conversation The bot learned language from people on Twitter—but it also learned values , IEEE Spectrum Perry's Digital Folklore episode about AI Handshake's Generative AI Masterclass on Maven Perry's Books (Amazon Associate links)
Bonus · Mon, December 25, 2023
Solution Spotlight: Simone Petrella and Camille Stewart Gloster discuss the White House's cybersecurity workforce and education strategy. [Interview Selects]
This interview from August 18th, 2023 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Simone Petrella sits down with Camille Stewart Gloster, Deputy National Cyber Director at the The White House discuss the White House's cybersecurity workforce and education strategy.
Bonus · Sat, December 23, 2023
The CyberWire: The 12 Days of Malware. [Special Edition]
Merry Christmas and Happy Holidays from the CyberWire and our friends! Enjoy our rendition of the 12 Days of Malware created by Dave Bittner and performed by Dave and friends: Rachel Tobac, Jayson Street, Ron Eddings & Chris Cochran, Ray [Redacted], Dinah Davis, Camille Stewart, Rick Howard, Michelle Dennedy, Jack Rhysider, Johannes Ullrich, and Charity Wright. Ba dum bum bum. Sing along if you are game! Check out our video for the full effect! The 12 Days of Malware lyrics On the first day of Christmas, my malware gave to me: A keylogger logging my keys. On the second day of Christmas, my malware gave to me: 2 Trojan Apps... And a keylogger logging my keys. On the third day of Christmas, my malware gave to me: 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the fourth day of Christmas, my malware gave to me: 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the fifth day of Christmas, my malware gave to me: 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the sixth day of Christmas, my malware gave to me: 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the seventh day of Christmas, my malware gave to me: 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the eighth day of Christmas, my malware gave to me: 8 Worms a wiping... 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the ninth day of Christmas, my malware gave to me: 9 Rootkits rooting... 8 Worms a wiping... 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the tenth day of C
S7 E1973 · Fri, December 22, 2023
Sentenced to hospital detention.
A Lapsus$ hacker is sentenced to hospital detention. Online ads and phishing drain crypto wallets. Cyberespionage continues. LockBit and ALPHV say they want to form a ransomware cartel. The 8220 gang's cryptojacking. DarkGate RAT's propagation. The evolution of Bandook. A prominent title insurance company takes systems offline. Rick Howard speaks with guests John Goodman & Amanda Satterwhite of Accenture Federal Services about the launch of a public sector Cybersecurity Center of Excellence. And Trump’s Dumps lead to BidenCash. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest N2K’s Rick Howard talks with guests John Goodman & Amanda Satterwhite of Accenture Federal Services about the launch of a public sector Cybersecurity Center of Excellence in conjunction with Google. Selected Reading The infamous GTA VI hacker has been convicted - and the story is simply absurd (IT Pro) Crypto drainer steals $59 million from 63k people in Twitter ad push (Bleeping Computer) Threat Actor 'UAC-0099' Continues to Target Ukraine (Deep Instinct) ‘Today FBI Got Him, Tomorrow They Will Get Me’: LockBit, BlackCat Unite to Form Cyber Cartel (The Cyber Express) Imperva Detects Undocumented 8220 Gang Activities (Imperva) BattleRoyal, DarkGate Cluster Spreads via Email and Fake Browser Updates (Proofpoint) Bandook - A Persistent Threat That Keeps Evolving (Fortinet) <a href="https://www.bleepingcomputer
S7 E1972 · Thu, December 21, 2023
Kingdom come, kingdom fall.
German officials take down a dark web market. Google patched zero-day. Terrapin attack targets SSL. A look at payment fraud. Agent Tesla is spreading through an old vulnerability. An iPhone thief explains his techniques. Ukrainian reprisals for Russia's Kyivstar attack. Israeli officials warn of data wipers. Rick Howard speaks with Scott Roberts of Interpress about Driving Intelligence with MITRE ATT&CK, and leveraging limited resources to build an evolving threat repository. And go ahead and click that like button - just don’t expect to get paid. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Today’s guest Scott Roberts of Interpres joins N2K’s Rick Howard from the recent MITRE ATT&CKcon event. They discuss driving intelligence with MITRE ATT&CK: Leveraging limited resources to build evolving threat repository. Selected Reading German police takes down Kingdom Market cybercrime marketplace (BleepingComputer) GOOGLE ADDRESSED A NEW ACTIVELY EXPLOITED CHROME ZERO-DAY (Securityaffairs) SSH protects the world’s most sensitive networks. It just got a lot weaker (Ars Technica) Annual Payment Fraud Intelligence Report: 2023 (Recorded Future) Threat Actors Exploit CVE-2017-11882 To Deliver Agent Tesla (Zscaler) iPhone Thief Explains How He Breaks Into Your Phone (Wall Street Journal) Ukrainian hackers breach Rosvodokanal, seize data of Russia's largest private water utility (RBC Ukraine) Fake F5 BIG-IP zero-day warning emails push data wipers (BleepingComputer) <a href="https://www.hackread.com
S7 E1971 · Wed, December 20, 2023
Leading the charge in cybercrime take downs.
Interpol leads cybercrime take downs. ALPHV/Blackcat is in a “tug of Tor” with the FBI. The Senate confirms a new leader for Cyber Command and NSA. Rite Aid is banned from using facial recognition. CISA prepares a new approach to information sharing. Remote encryption of ransomware. CitrixBleed is exploited to access customer data. An update on the Kyivstar cyberattack. The Tallinn Mechanism solidifies Western support for Ukraine's cybersecurity. In today’s Learning Layer segment, host Sam Meisenberg talks with Shelby Ludtke about passing the new ISC2 Certified in Cybersecurity (CC) exam. And GCHQ introduces youngsters to code breaking. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest In our Learning Layer segment today, host Sam Meisenberg talks with Shelby Ludtke about passing the new ISC2 Certified in Cybersecurity (CC) exam. For more information on practice tests, please visit N2K’s certification page . Learning Layer links Practice tests Selected Reading Interpol operation arrests 3,500 cybercriminals, seizes $300 million (Bleeping Computer) AlphV claims to have ‘unseized’ its darkweb domain from the FBI. What’s happening? (The Record) Senate confirms Biden’s pick for Cyber Command, NSA (The Record) Rite Aid Banned from Using AI Facial Recognition After FTC Says Retailer Deployed Technology without Reasonable Safeguards (Federal Trade Commission) Enabling Threat-Informed Cybersecurity: Evolving CISA’s Approach to Cyber Threat Information Sharing (CISA) <a href="https://news.sophos.com/en-us/2023/12/20/crypto
S7 E1970 · Tue, December 19, 2023
A dark web take down.
The FBI takes down ALPHV/BlackCat. Comcast reveals breach of nearly 36 million Xfinity customers. Microsoft and Cyberspace Solarium Commission release water sector security report. Malware increasingly uses public infrastructure. Iran's Seedworm and its telco targets. QR code scams. Feds release joint analysis of 2022 election integrity. Joint advisory on Play ransomware group. In today’s Mr Security Answer Person, John Pescatore considers the risks of AI. Rick Howard talks with Lauren Brennan of GuidePoint Security about evaluating and maturing your SOC. Iranian gas stations running on empty. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guests John Pescastore joins us for Mr. Security Answer Person to address the question, “Things seem to be moving quickly with AI, what is your feeling about that positioning for early 2024?” Today’s guest is Lauren Brennan of GuidePoint Security . N2K’s Rick Howard caught up with Lauren recently at the MITRE ATT&CKcon 4.0 . They discussed evaluating and maturing your SOC. Selected Reading Authorities claim seizure of notorious ALPHV ransomware gang’s dark web leak site (TechCrunch+) Comcast says hackers stole data of close to 36 million Xfinity customers (TechCrunch+) Microsoft, Cyberspace Solarium Commission propose measures to strengthen water sector cybersecurity (Industrial Cyber) Malware leveraging public infrastructure like GitHub on the rise (Reversing Labs) Seedworm: Iranian Hackers Target Telecoms Orgs in North and East Africa (Symantec) “Quishing” you a Happy Holiday Season (netcraft) <a href="https://www.securityweek.com/2022-election-not-impacted-by-chinese-russian-cyber-activity
S7 E1969 · Mon, December 18, 2023
14 million customers and stolen data.
A US mortgage company reveals major data breach. Updates from CISA. NSA provides guidance on SBOMs. MongoDB warns customers of a breach. BlackCat/ALPHV is still a market leader, but feeling competitive pressure. Reassessing the effects of Log4shell. The International Committee of the Red Cross calls for restraint in cyber warfare. Ransomware hits a cancer center. Ann Johnson, host of Microsoft Security’s Afternoon Cyber Tea podcast goes beyond basics with her guest Tanya Janca, founder of WeHackPurple. And what can I do to make you take home this chatbot today? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Host of Microsoft Security’s Afternoon Cyber Tea podcast, Ann Johnson, goes beyond basics with her guest Tanya Janca, founder of WeHackPurple. Ann’s full discussion with Tanya can be heard here. You can catch Afternoon Cyber Tea every other Tuesday on your favorite podcast apps and the N2K Network. Selected Reading Mr. Cooper reveals breach exposed 14.6 million clients (Cybernews) Enhancing Cyber Resilience: Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment (CISA) NSA Issues Guidance on Incorporating SBOMs to Improve Cybersecurity (Security Week) MongoDB says customer data was exposed in a cyberattack (Bleeping Computer) ALPHV Targeting: Ransomware & Digital Extortion (ZeroFox) A Log4Shell Retrospective - Overblown and Exaggerated (VulnCheck) We call on States to stop turning a blind eye to the participation of civilian hackers in armed conflict (ICRC) Seattle cancer center confirms cyberattack after ransomware gang threats (The Record) What can I do to make you take home this chatbot today? (Mastodon) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the s
Bonus · Sun, December 17, 2023
Oren Koren: Crossing music and cybersecurity. [Career Notes]
Oren Koren, Co-Founder and Chief Product Officer from Veriti sits down to share his amazing story. Before entering the vendor side of the cyber world, Oren served for 14 years in the Israeli 8200 unit where he led a variety of cybersecurity activities and researches that eventually earned him four 8200-unit cyber innovation awards. When he left the Israel Defense Forces, he joined Check Point Software to lead their AI-based innovations and advanced data analytics projects that redefined threat hunting and SIEM applications. This eventually inspired him to start his own company, with fellow co-founder Adi Ikan. Oren shares that he had a love for music growing up, and wanted to be a musician, saying music was the catalyst to him becoming interested in the cyber field, saying "I believe the music helped me a bit with my career in cybersecurity." We thank Oren for sharing his story with us.
Bonus · Sat, December 16, 2023
Shedding light on Fighting Ursa. [Research Saturday]
Host of the CyberWire Daily podcast segment Threat Vector, David Moulton sits down with Mike "Siko" Sikorski from Palo Alto Networks Unit 42 to discuss their research on "Fighting Ursa Aka APT28: Illuminating a Covert Campaign." Unit 42 just published new threat intelligence on Fighting Ursa (aka APT28), a group associated with Russia's military intelligence, on how they are exploiting a Microsoft Outlook vulnerability (CVE-2023-23397) to target organizations in NATO member countries, Ukraine, Jordan, and the UAE. These organizations are of strategic importance in defense, foreign affairs, economy, energy, transportation, and telecommunications. The research can be found here: Fighting Ursa Aka APT28: Illuminating a Covert Campaign
S7 E1968 · Fri, December 15, 2023
Remapping privacy.
Google boosts Maps privacy, a court shields password disclosure, feds foil a massive scam operation, Iran-Israel cyber tensions escalate, Idaho National Labs reports a significant data breach, a security engineer's cybercrime confession. N2K’s Rick Howard reports from the recent MITRE ATT&CK con, speaking with Blake Strom of Microsoft about 10 years of the MITRE ATT&CK Framework. And Brian Krebs' relentless investigation into the Target breach. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Today, N2K’s Rick Howard recently attended the MITRE ATT&CK Con. While there, Rick spoke with Blake Strom of Microsoft and they discussed 10 years of MITRE ATT&CK Framework. Selected Reading Google is rolling out new protections for our location data (The Washington Post) Four men indicted in $80 million ‘pig butchering’ scheme (CNBC) Just In: Crypto Hacker Shakeeb Ahmed Admits to $12 Million Heist (BET US) Suspects can refuse to provide phone passcodes to police, court rules (Ars Technica) Gaza Cybergang | Unified Front Targeting Hamas Opposition (Sentinal Labs) Israeli CEO recruits Muslim hackers to fight Hamas in cyberwarfare (The Jerusalem Post) Personal Information of 45,000 Individuals Stolen in Idaho National Laboratory Data Breach (Securityweek) Ten Years Later, New Clues in the Target Breach (krebsonsecurity) Share your feedback. We want to ensure that you are getting the most out of the podcast.
S7 E1967 · Thu, December 14, 2023
Taking down the storm.
Microsoft takes down the Storm-1152 cybercrime operation. “GambleForce” is a newly discovered threat actor. The SVR exploits a JetBrains TeamCity vulnerability. US Postal Service impersonation. Malicious ads associated with Zoom. An update on the cyberattack against Kyivstar. Apache issues a Struts 2 security advisory. The FCC adopts new data breach rules. In our latest Threat Vector segment, David Moulton and Palo Alto Networks Madeline Sedgwick discuss the skills and methods necessary for understanding threat actor intent and behaviors. And the State Department's Global Engagement Center is under fire. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On the Threat Vector segment with Palo Alto Networks Unit 42 ’s David Moulton , hear about decoding cyber adversaries. David discusses unveiling intent and behavior in the world of threat hunting with Madeline Sedgwick . Selected Reading Microsoft disrupts cybercrime operation selling fraudulent accounts to notorious hacking gang (TechCrunch+) New hacker group GambleForce targets government and gambling sites in Asia Pacific using SQL injections (Group-IB) Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally (Joint Advisory) Malvertisers zoom in on cryptocurrencies and initial access (MalwareBytes) Russian hacker group claims responsibility for Kyivstar cyberattack (The Kyiv Independent) New Critical RCE Vulnerability Discovered in Apache Struts 2 - Patch Now (The Hacker News) <a href="https://news.bloomberglaw.com/privacy-and-data-security/fcc-adop
S7 E1966 · Wed, December 13, 2023
The United Kingdom's catastrophic ransomware attack.
The UK faces a looming threat of a catastrophic ransomware attack. The Senate confirms a new National Cyber Director. The rivalry between malware groups BatLoader and FakeBat. BazarCall phishing attack and its unusual use of Google Forms. A serious vulnerability threatens K-12 student data. Spiderman game developer Insomniac Games becomes the latest ransomware victim. Today’s guest is Tim Starks from the Washington Post’s Cybersecurity 202 with China’s influence operations in Taiwan, along with a look back at 2023. We'll touch on Microsoft's Patch Tuesday and why outdated password policies are still a problem. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Today’s guest is Tim Starks from the Washington Post’s Cybersecurity 202. Tim and Dave discuss China’s influence operations in Taiwan, along with a look back at 2023. Selected Reading UK at high risk of ‘catastrophic ransomware attack’, report says (The Guardian) Roll Call Vote 118th Congress - 1st Session (United States Senate) How Does Access Impact Risk? (IST) API and App Security: Q3 2023 Snapshot (ThreatX) The Kids Aren’t Alright: Vulnerabilities in Edulog Portal Revealed K-12 Student Location Data (tenable) Press and pressure: Ransomware gangs and the media (Sophos) BazarCall Attack Leverages Google Forms to Increase Perceived Credibility (Abnormal) Two Competing, Russian-Speaking Cybercrime Groups Attack Employees from 23 Companies in the Manufacturing, Software, Legal, Retail, and Healthcare Sectors Using Malicious Google Ads (esentire) Spide
S7 E1965 · Tue, December 12, 2023
An internet blackout.
A cyberattack on Ukraine's largest telecom operator. Ukraine's GUR claims a hit on Russia's tax service, while the fate of the ALPHV/BlackCat group remains shrouded in mystery. The Air Force disciplines members over a classified documents breach, and Apple releases urgent security updates. From Spain, a significant arrest in the Kelvin Security hacking group. On today’s Industry Voices segment, my conversation with Andre Durand, CEO and Founder of Ping Identity, on digital experiences, brand trust and loyalty, behaviors and attitudes towards security, authentication and fraud. Plus, a cautionary tale about burning bridges. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On today’s Industry Voices segment, we speak with Andre Durand , the CEO and Founder of Ping Identity . Andre discusses the state of digital experiences. Ping recently commissioned a study to better understand the changing sentiments around digital experiences, brand trust and loyalty, behaviors and attitudes towards security, authentication and fraud, as well as digital wallets and the use of decentralized identity. Selected Reading Ukraine’s Mobile Operator Kyivstar Facing ‘Powerful’ Cyberattack (Bloomberg) Ukraine's top mobile operator hit by biggest cyber attack of war so far (Reuters) GUR says it has hacked servers of Russian tax service (Interfax-Ukraine) ALPHV/BlackCat Site Downed After Suspected Police Action (Infosecurity Magazine) BlackCat ransomware site down amidst rumours of law enforcement action (Computing) No confirmation on rumored ALPHV/BlackCat site takedown by law enforcement (SC Media) Cloudflare 2023 Year in Review (Cloudflare) <a href="https://www.bitsight.com/blog/bitsight-and-google-col
S7 E1964 · Mon, December 11, 2023
China sets sights on US critical infrastructure.
China allegedly targets US critical infrastructure, while a small Irish village goes without water due to an Iranian CyberAv3ngers attack. The EU sets a global precedent with new AI regulations. Unraveling the latest maneuvers of the Lazarus Group. The Sandman APT's links to Chinese cyber threats. "5Ghoul" vulnerabilities represent a new challenge in telecom security. The deceptive dangers of the MrAnon infostealer in a booking app. The GRU's phishing tactics lead to the spread of Headlace malware. On today’s Solution Spotlight segment, Kristie Grinnell from DXC Technology talks with N2K’s President Simone Petrella about DXC’s “All in on Cyber” program. And 23andMe's controversial update to its terms and conditions. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On today’s Solution Spotlight segment, Kristie Grinnell from DXC Technology talks with N2K’s President Simone Petrella about DXC’s “ All in on Cyber ” program. Kristie is DXC’s Senior Vice President and Chief Information Officer. Selected Reading China’s cyber army is invading critical US services (Washington Post) Hackers hit Erris water in stance over Israel (Western People) FBI: Cyberattack against Aliquippa water authority was a targeted 'escalation' on overlooked technology (Post Gazette) White House aide says Iranian hack of US waterworks is call to action (C4ISRNet) EU reaches deal on landmark AI bill, racing ahead of US (Washington Post) Operation
Bonus · Sun, December 10, 2023
Encore: Tracy Maleeff: Ask more people to dance. [Analyst] [Career Notes]
Cyber analyst, Tracy Maleeff, shares her unexpected journey from the library to cybersecurity and offers advice for those both seeking to make a change and those doing the hiring. It's not just about the invitation, it's more than that. Our thanks to Tracy for sharing her story with us.
S1 E3 · Sat, December 09, 2023
AWS in Orbit: Monitoring critical road infrastructure at scale with Alteia and the World Bank. [T-Minus AWS in Orbit]
You can learn more about AWS in Orbit at space.n2k.com/aws . Baptiste Tripard is the Chief Marketing Officer at Alteia. Aiga Stokenberga is the Senior Transport Economist at the World Bank. We explore how Alteia and the World Bank are leveraging AWS's cloud, AI, and space capabilities to monitor critical road networks at scale to support large scale infrastructure investments. From road networks to bridges, they share real-world applications that are making a difference in emerging economies. AWS in Orbit is a podcast collaboration between N2K and AWS to offer listeners an in-depth look at the transformative intersection of cloud computing, space technologies, and generative AI. You can learn more about AWS in Orbit at space.n2k.com/aws . Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space , and you’ll never miss a beat . And be sure to follow T-Minus on LinkedIn and Instagram . Selected Reading AWS Aerospace and Satellite AWS re:Invent Alteia and the World Bank assess and enhance road infrastructure data quality at scale using AWS Audience Survey We want to hear from you! Please complete our short survey . It’ll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit . Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.
Bonus · Sat, December 09, 2023
On the hunt for popping up kernel drives. [Research Saturday]
Dana Behling, researcher from Carbon Black, sharing their work on "Hunting Vulnerable Kernel Drivers." The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable drivers, six of which allow kernel memory access, accepting firmware access. TAU reported the issues to the vendors whose drivers had valid signatures at the time of discovery, but only two vendors fixed the vulnerabilities. TAU is calling for more comprehensive approaches in the future than the current banned-list method used by Microsoft. The research states "By exploiting the vulnerable drivers, an attacker without the system privilege may erase/alter firmware, and/or elevate privileges." The research can be found here: Hunting Vulnerable Kernel Drivers
S7 E1963 · Fri, December 08, 2023
Russia here, Russia there, Russia everywhere.
Legal action against Star Blizzard's FSB operators. A critical Bluetooth vulnerability has been discovered. How the GRU faked celebrity videos in its Doppelgänger campaign. The persistence of Log4j vulnerabilities. Lack of encryption as a contributor to data loss. Supply chain breaches plague the energy sector. Our guest is Allan Liska, creator of a new comic book featuring the adventures of Johnny Dollar, a hard-nosed cyber insurance investigator. And Russian activists make clever use of QR codes. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Guest Allan Liska , creator of Green Archer Comics , shares the first installment in a new comic book series: "Yours Truly, Johnny Dollar #1." The series follows the adventures of Johnny Dollar, a hard-nosed cyber insurance investigator, as he takes on ransomware attacks, insider threats and more. The series is based on a popular radio serial of the same name that ran from 1949 through 1962, now reimagined for the digital age. Selected Reading Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns (CISA) The cyberattacks also allegedly took aim at U.S. energy networks and American spies. (Wall Street Journal) Russian Star Blizzard hackers linked to efforts to hamper war crimes investigation (The Guardian) U.S. Takes Action to Further Disrupt Russian Cyber Activities (US Department of State) Rewards for Justice (Rewards for Justice) Two Russian Nationals Working with Russia’s Federal Security Service Charged with Global Computer Intrusion Campaign (US Department of Justice) United States and the United Kingdom Sanction Members of Russian State Intelligence-Sponsored Advanced Persistent Threat Group (US Department of Tre
S7 E1962 · Thu, December 07, 2023
New vulnerability packs a punch.
Unpacking LogoFAIL's threat to Windows and Linux. The US DHS's new healthcare cybersecurity strategy, and dual Russian influence campaigns. A look at supply chain risks, increased bot activity in retail, Meta's end-to-end encryption in Messenger and Android's Autospill vulnerability. On today’s Industry Voices segment, we welcome Todd Thorsen, CISO from CrashPlan, with insights on data resiliency. And the discovery of an alleged software 'kill switch' in Polish trains. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest On today’s Industry Voices segment, we welcome Todd Thorsen , CISO from CrashPlan . Todd discusses data resiliency. In an era where ransomware and malicious attacks are relentless, even the most secure organizations are not immune. These attacks can cripple organizations financially, operationally, and damage their reputation and compliance standing. My guest today is Todd Thorsen, CISO from CrashPlan. In this sponsored Industry Voices segment, we delve into crucial strategies for bolstering data resiliency. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/232 Selected Reading Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack (Ars Technica) CISA, NSA, FBI and International Cybersecurity Authorities Publish Guide on The Case for Memory Safe Roadmaps (CISA) The Case for Memory Safe Roadmaps (Joint release) HEALTHCARE SECTOR CYBERSECURITY (US Department of Health and Human Services) HHS releases cybersecurity strategy for health care sector (American Hospital Association) Fake Taylor Swift Quotes Are Being Used to Spread Anti-Ukraine Propaganda (WIRED) <a href="https://www.recordedfuture.com/russian-inf
S7 E1961 · Wed, December 06, 2023
Push notifications pushing surveillance.
Governments target push notification metadata. Dissecting the latest GRU cyber activities. A look at Russia's AI-powered Doppelgänger influence campaigns, and how cyber warfare is evolving beyond the battlefield. We've got updates on the Adobe ColdFusion vulnerability, the expanding 23andMe data breach, and insights into the financial impacts of ransomware. Our guest is Camille Stewart Gloster, Deputy National Cyber Director for Technology & Ecosystem Security from the Office of the National Cyber Director at the White House. Plus, discover how the TSA is embracing AI for future security. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guest Our guest is Camille Stewart Gloster , Deputy National Cyber Director, Technology & Ecosystem Security from the Office of the National Cyber Director at the White House. Camille shares her views on women in cybersecurity, their efforts in diversity, equity and inclusion and what she sees for the future. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/231 Selected Reading Governments spying on Apple, Google users through push notifications - US senator (Reuters) Obfuscation and AI Content in the Russian Influence Network “Doppelgänger” Signals Evolving Tactics (Recorded Future) Russian AI-generated propaganda struggles to find an audience (CyberScoop) How cybersecurity teams should prepare for geopolitical crisis spillover (CSO) Russia’s Fancy Bear launches mass credential collection campaigns (CSO) The Dragos Community Defense Pro
S7 E1960 · Tue, December 05, 2023
Sleeper malware denied at Sellafield nuclear site.
The UK Government's denial of a cyber incident at Sellafield. There’s been a surge in Iranian cyberattacks on US infrastructure. Misuse of Apple's lockdown mode, the mysterious AeroBlade's activities in aerospace, and a clever "Disney+" scam. Plus The latest application security trends, and a new cybersecurity futures study. In our Industry Voices segment, On today’s Industry Voices segment, we welcome Matt Radolec, Vice President of Incident Response and Cloud Operations at Varonis explaining the intersection of AI, cloud and insider threats. And insights on resilience from the UK's Deputy PM. CyberWire Guest On today’s Industry Voices segment, we welcome Matt Radolec . Matt is Vice President of Incident Response and Cloud Operations at Varonis . He talks about the intersection of AI, cloud and insider threats. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/230 Selected Reading Sellafield nuclear site hacked by groups linked to Russia and China (The Guardian) Response to a news report on cyber security at Sellafield (GOV.UK) Guardian news article (Office of Nuclear Regulation) Ministers pressed by Labour over cyber-attack at Sellafield by foreign groups (The Guardian) US warns Iranian terrorist crew broke into 'multiple' US water facilities (The Register) Florida water agency latest to confirm cyber incident as feds warn of nation-state attacks (The Record) AeroBlade on the Hunt Targeting the U.S. Aerospace Industry (Blackberry) Fake Lockdown Mode: A post-exploitation tampering technique (Jamf) Disney+ Impersonated in Elaborate Multi-Stage Email Attack with Personalized Attachments (Abnormal Security) Building Security in Maturity Model (BSIMM) report (Synopsis) <a href="
S7 E1959 · Mon, December 04, 2023
Iran behind attacks on PLCs.
The US and Israel attribute attacks on PLCs to Iran. Agent Raccoon backdoors organizations on three continents. XDSpy is reported to be phishing the Russian defense sector. Trends in digital banking fraud. Repojacking Go module repositories. Ann Johnson from Afternoon Cyber Tea speaks with Lynn Dohm, executive director of WiCyS, about the power of diverse perspectives. And when it comes to security, don't look to the stars. CyberWire Guest Guest is Ann Johnson from Afternoon Cyber Tea talking with Lynn Dohm , executive director of WiCyS , about the power of diverse perspectives. Tune in to Microsoft Security ’s Afternoon Cyber Tea podcast every other Tuesday on the N2K Network. You can hear Ann’s full interview with Lynn here . For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/229 Selected Reading IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities (CISA) Water and Wastewater Cybersecurity (CISA) P2Pinfect - New Variant Targets MIPS Devices (Cado) New Tool Set Found Used Against Organizations in the Middle East, Africa and the US (Palo Alto Networks Unit 42) XDSpy hackers attack military-industrial companies in Russia (The Record) Mobile Emulators Eclipse Bots in 2023 as Preferred Fraud Vector in North America (PR Newswire) Hijackable Go Module Repositories (VulnCheck)
Bonus · Sun, December 03, 2023
Bernard Brantley: Tomorrow is a new day. [CISO] [Career Notes]
Bernard Brantley, CISO from Corelight sits down to share his inspiring career path with others. Bernard started at the very bottom of the tech stack, and shares how he was extremely unclear about what it was that he wanted to do in life and how he was going to get there. Ultimately he reached a point now where he has the self confidence and an incredible level of success that allows him to be authentic and proudly share his story. Bernard overcame dropping out of the military academy and was trying to figure out how he could take these big dreams and aspirations he had as a child and turn them into something fruitful as an adult. Working his way up from the bottom he is now sharing how he overcomes those days of adversity, saying "I spend minimum time trying to like spin my wheels or, kind of stay in frustration or a down period and, and really, uh, try as quickly as possible to move from, "hey, this was a tough day" to, to, into, "all right, uh, this was a tough day because maybe I didn't commit enough time in this area, or maybe I could have had a bit better conversation with this person." We thank Bernard for sharing his story with us.
Bonus · Sat, December 02, 2023
Exploits and vulnerabilities. [Research Saturday]
Ryan from Bishop Fox joins to describe their work on "Building an Exploit for FortiGate Vulnerability CVE-2023-27997." After Lexfo published details of a pre-authentication remote code injection vulnerability in the Fortinet SSL VPN, Bishop Fox worked up a proof of concept demo. This research share how they were able to create that proof-of-concept exploit, step by step. The researchers state "Our debugging environment consisted of a FortiGate 7.2.4 virtual machine which we modified to disable some self-verification functionality. After bypassing these integrity checks, we were able to install an SSH server, BusyBox, and debugging tools such as GDB." The research can be found here: Building an Exploit for FortiGate Vulnerability CVE-2023-27997
S7 E1958 · Fri, December 01, 2023
Wyden blocks the senate vote.
Senator Wyden blocks the Senate vote on the new NSA and Cyber Command lead. GPS interference is attributed to Iran. Meta identifies and removes Chinese and Russian accounts and groups for coordinated inauthenticity. The EU Council president proposes ‘European cyber force’ with ‘offensive capabilities’. Twisted Spider is observed conducting new ransomware campaigns. Staples sustains a cyberattack. Apple releases security updates for two actively exploited zero-days. On today’s Mr. Security Answer Person segment, John Pescatore joins us to talk about Microsoft's Secure Future Initiative. And how can you tell if your bot is involved in insider trading? CyberWire Guests On today’s Mr. Security Answer Person segment, John Pescatore joins us to talk about Microsoft's Secure Future Initiative . For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/228 Selected Reading Wyden to block Senate vote on new NSA, Cyber Command lead (Politico) Meaconing, Intrusion, Jamming, and Interference Reporting (Federation of American Scientists) Commercial Flights Are Experiencing 'Unthinkable' GPS Attacks and Nobody Knows What to Do (Vice) GPS Spoofing Traced To Iran (Location Business News) Adversarial Threat Report , Third Quarter 2023 (Meta) EU Council president proposes ‘European cyber force’ with ‘offensive capabilities’ (The Record) Microsoft warns of new ransomware campaign by Twisted Spider group (Computing) Staples confirms cyberattack behind service outages, delivery issues (BleepingComputer) Technical Report: Large Language Models can Strategically Deceive their Users when Put Under Pressure (Cornell University) Want to hear your company in the show? You to
S7 E1957 · Thu, November 30, 2023
Widespread exploitation of severe vulnerability in ownCloud.
Reports of a Critical Vulnerability in ownCloud. Sites serving bogus McAfee virus alerts. Japan’s space agency reports a breach. Okta revises the impact of their recent breach. Cryptomixer gets taken down in an international law enforcement operation. "SugarGh0st" RAT prospects targets in Uzbekistan and South Korea. NATO cyber exercise runs against the background of Russia's hybrid war. On today’s Threat Vector segment, David Moulton of Palo Alto Networks’ Unit 42 talks with guest John Huebner about the intricacies of managing threat intelligence feeds. And Russian DDoS’ers are looking for volunteers. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing , and you’ll never miss a beat . And be sure to follow CyberWire Daily on LinkedIn . CyberWire Guests On today’s Threat Vector segment, David Moulton of Palo Alto Networks’ Unit 42 talks with guest John Huebner , an XSIAM Consultant at Palo Alto Networks. David and John delve into the intricacies of managing threat intelligence feeds in cybersecurity. They discuss the challenges organizations face in sifting valuable intelligence from the noise, emphasizing the importance of risk assessments in guiding the selection and tuning of these feeds. Threat Vector Please share your thoughts with us for future Threat Vector segments by taking our brief survey . To learn what is top of mind each month from the experts at Unit 42 sign up for their Threat Intel Bulletin . T-Minus commentary on JAXA’s cyber threat. Dave is joined by T-Minus Space Daily host, Maria Varmazis , to discuss the significant cyber threat faced by Japan’s Aerospace Exploration Agency, known as JAXA. Listen to yesterday’s episode of T-Minus where they covered the incident. Selected Reading ownCloud vulnerability with maximum 10 severity score comes under “mass” exploitation (Ars Technica) Associated Press, ESPN, CBS among top sites serving fake virus alerts (Malwarebyte
S7 E1956 · Wed, November 29, 2023
Major crackdown on international cybersecurity.
A major ransomware gang is taken down in an international sweep. CISA and the WaterISAC respond to the Aliquippa cyberattack. Attacks against infrastructure operators hit business systems. Qlik Sense installations are hit with Cactus ransomware. Researchers discover a Google Workspace vulnerability. A hacktivist auxiliary compromises a Russian media site. In an exclusive interview, Eric Goldstein, Executive Assistant Director at CISA, describes their new Secure by Design Alerts program launching today. Tim Starks from the Washington Post shares some insights on the latest legislation dealing with section 702 surveillance. And security teams need not polish up that resumé after a breach. CyberWire Guest We have 2 guests today. First, Dave recently spoke with Eric Goldstein , Executive Assistant Director at CISA, about their new Secure by Design Alerts program that launched today. And, Tim Starks from the Washington Post’s Cybersecurity 202 stopped by to share some insight into some of the latest trending cybersecurity headlines. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/226 Selected Reading Police dismantle ransomware group behind attacks in 71 countries (Bleeping Computer) Ransomware group dismantled in Ukraine in a major international operation supported by Eurojust and Europol (Eurojust) Water and Wastewater Cybersecurity (CISA) (TLP:CLEAR) Water Utility Control System Cyber Incident Advisory: ICS/SCADA Incident at Municipal Water Authority of Aliquippa (Water ISAC) Iran hits Pennsylvania water utility. (CyberWire) North Texas water utility serving 2 million hit with cyberattack (The Record) DAIXIN TEAM GROUP CLAIMED THE HACK OF NORTH TEXAS MUNICIPAL WATER DISTRICT (Security
S7 E1955 · Tue, November 28, 2023
Hospitals on the hotplate after ransomware attacks.
Ransomware targets healthcare organizations. WildCard deploys SysJoker malware. DPRK cryptocurrency theft. The status of Ukraine's IT Army. A Russian news outlet unmasks Killmilk. Our Industry Insights guest today is Guy Bejerano, CEO and Co-Founder of SafeBreach, discussing risk reduction in action. And there’s discord on dark markets about large language models. CyberWire Guest Our Industry Insights guest today is Guy Bejerano, CEO and Co-Founder of SafeBreach, discussing risk reduction in action: the future of BAS and continuous threat exposure management. You can connect with Guy on LinkedIn and find out more about SafeBreach on their website . For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/225 Giving Tuesday Our team offers up some suggestions for Giving Tuesday should you feel inclined to join us in sharing your time, talents or treasures on this day of giving back. Arizona Cyber Initiative Association for Women in Science BlackGirlsHack Cyber Guild Exceptional Minds G{Code} Girls Who Code Lurie Children's Hospital NFAR Melwood Tech Kids Unlimited WiCyS Women of Cyberjutsu Selected Reading Cyberattack on US hospital owner diverts ambulances from emergency rooms in multiple states (CNN) Portneuf Medical Center experienced ransomware attack. Hospital is adapting with pencils and paper (East Idaho News) Ardent Health Services Reports Information Technology Security Incident (BusinessWire) <a href="https://therecord.media/vanderbilt-university-medical-cent
S7 E1954 · Mon, November 27, 2023
Hacktivists assemble to attack Pennsylvania water utility.
Iranian hacktivists claim an attack on a Pennsylvania water utility. North Korea's increased attention to supply-chains. Rhysida's action against British and Chinese targets. Sandworm activity puts European power utilities on alert. Neanderthals and the Telekopye bot. Mirai-based botnet activity. Our guest is Chris Betz, the new CISO of AWS Security, with insights on the upcoming AWS re:Invent conference. And just how easy is it to track the comings and goings at Mar-a-Lago? CyberWire Guest Our guest today is Chris Betz, the new CISO of AWS Security giving us some insight into what to expect at the AWS re:Invent conference. You can connect with Chris on LinkedIn and find out more about AWS re:Invent on the event website . For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/224 Selected Reading Municipal Water Authority of Aliquippa hacked by Iranian-backed cyber group (KDKA News) Iranian-linked cyber army had partial control of Aliquippa water system (Beaver Countian) Cyber Av3ngers Claim Israeli MEKOROT National Water Company Hack (Cyberwarzone) A hack in hand is worth two in the bush (Securelist by Kaspersky) Diamond Sleet supply chain compromise distributes a modified CyberLink installer (Microsoft) UK and Republic of Korea issue warning about DPRK state-linked cyber actors attacking software supply chains (National Cyber Security Centre) Rhysida (SentinelOne) Rhysida, the new ransomware gang behind British Library cyber-attack (The Guardian) RHYSIDA RANSOMWARE GANG CLAIMED CHINA ENERGY HACK (Security Affairs) <a href="https://www.cisa.gov/news-events/cyberse
Bonus · Sun, November 26, 2023
Chris Hare: Find just three people. [Development] [Career Notes]
This week, we invite our very own Chris Hare, N2K's Project Management Specialist Content Developer, to join and discuss her career. Growing up, Chris shares that she wanted to be a veterinarian, which slowly turned into her becoming a writer for the first part of her career. She shares that she started off writing marketing copy for the technology and E-commerce space, writing for everyone from NASA to adopting the written voice of the comedian, Wayne Brady. She shares that she was able to come up into her career after finding three people that were willing to help her when she needed it. She says "I became what I like to think of as a Pied Piper of seeking out three types of people. First, someone who needed help. Second, a person who served as a mechanism for my self improvement through my jealousy of them. And third, a person who gave me the nudge to continuously improve." We thank Chris for sharing her story with us.
Bonus · Sat, November 25, 2023
Encore: Another infection with new malware. [Research Saturday]
Larry Cashdollar, Principal Security Intelligence Response Engineer from Akamai Technologies, joins Dave to talk about their research on "KmsdBot: The Attack and Mine Malware." Akamai's Security Research team has found a new malware that infected their honeypot, which they have dubbed KmsdBot. The research states "The malware attacks using UDP, TCP, HTTP POST, and GET, along with a command and control infrastructure (C2), which communicates over TCP." The botnet targets weak login credentials and then infects systems via an SSH connection. The research can be found here: KmsdBot: The Attack and Mine Malware
S4 E182 · Fri, November 24, 2023
Solution Spotlight: Simone Petrella is speaking with Tatyana Bolton from Google about ways to tackle the cyber talent gap. [Interview Selects]
This interview from October 20th, 2023 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, our very own Simone Petrella is speaking with Tatyana Bolton from Google about ways to tackle the cyber talent gap.
Bonus · Thu, November 23, 2023
Cops in the catfish game. [Hacking Humans Goes to the Movies]
Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe the on-screen action for you, and then they deconstruct what they saw. Grab your bowl of popcorn and join us for some fantastic scams and frauds. Links to this episode's clips if you'd like to watch along: Dave's clip from the movie: Chicago P.D. Rick's clip from the movie: The Imitation Game
S7 E1953 · Wed, November 22, 2023
On the eve of the holiday season, officials in many countries issue warnings and take action against cybercrime.
CISA issues joint Cybersecurity Advisory on Citrix Bleed. Law enforcement takes down "pig butchering" operations. Altman will return to OpenAI. Israeli honeypots deployed during the war. A renaissance in electronic warfare. And a response in the form of countermeasures. Ihab Shraim, Chief Technology Officer at CSC, shares how the growing popularity of AI is giving cybercriminals a new avenue to take advantage of some of the largest companies in the world. And online safety during the holidays. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/223 Selected reading. CISA issues joint Cybersecurity Advisory on Citrix Bleed. (CyberWire) Cyber Scam Organization Disrupted Through Seizure of Nearly $9M in Crypto (U.S. Department of Justice) China Rounds Up 31,000 Suspects in Sweeping ‘Pig-Butchering’ Crackdown (Wall Street Journal) OpenAI Says Sam Altman to Return as CEO (Wall Street Journal) Altman Agrees to Internal Investigation Upon Return to OpenAI (Information) Sam Altman, OpenAI Board Open Talks to Negotiate His Possible Return (Bloomberg) Before Altman’s Ouster, OpenAI’s Board Was Divided and Feuding (New York Times) Altman Argued With OpenAI Board Member Toner Before Ouster (Information) The Invisible War in Ukraine Being Fought Over Radio Waves (New York Times) Exclusive: This pizza box-sized equipment could be key to Ukraine keeping the lights on this winter (CNN) Commercial Flights Are Experiencing 'Unthinkable' GPS Attacks and Nobody Knows What to Do (Vice) <a href="https://thecyberwire.com/stories/9
S7 E1952 · Tue, November 21, 2023
Threat actors with mixed motives: from the political to the financial.
OpenAI's continuing turmoil. Crypto firm sustains API attack. Konni campaign phishes with a Russian document as bait. LockBit's third-party compromise of Canadian government personnel data. Ukraine removes senior security officials under suspicion of graft. Dave Bittner sits down with Steve Winterfeld from Akamai to discuss emerging threats in the financial services sector. And Idaho National Laboratory sustains data breach. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/222 Selected reading. Company that created ChatGPT is thrown into turmoil after Microsoft hires its ousted CEO (AP News) The Doomed Mission Behind Sam Altman’s Shock Ouster From OpenAI (Bloomberg) Briefing: OpenAI Execs to Continue Discussions With Altman, Board: Memo (The Information) OpenAI in ‘Intense Discussions’ to Quell Potential Staff Mutiny (Bloomberg) Microsoft Wants to Work With Altman, No Matter What, Says CEO (Bloomberg) Briefing: Microsoft CEO Nadella Says Altman Could End Up at Microsoft or OpenAI; Board Governance Should Change (The Information) Sam Altman's AI 'mission continues' at Microsoft, future of OpenAI and ChatGPT uncertain (ZDNET) OpenAI’s Customers Consider Defecting to Anthropic, Microsoft, Google (The Information) OpenAI’s Board Approached Anthropic About Merger (The Information) The Vast Majority of OpenAI Employees Ask the Board to Resign (The Information) Konni Campaign Distributed Via Malicious Document (Fortinet Blog) <a href="https://www.reuters.com/world/europe/top-ukraini
S7 E1951 · Mon, November 20, 2023
Fortunes of commerce in Silicon Valley; fortunes of war on the banks of the Dnipro.
Leadership turmoil at OpenAI. Citrix Bleed vulnerability implicated in ransomware attacks. QakBot seems to have a successor. The FSB deploys LitterDrifter in cyberespionage against Ukraine. Russian security firm says China and North Korea are the source of most cyberattacks against Russia. Privateers and auxiliaries engage targets of opportunity. Ann Johnson from Afternoon Cyber Tea talks about leading edge cyber innovation with Nadav Zafrir. And alleged war crimes may include cyber operations conducted in support of other, conventional, kinetic war crimes. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/221 Selected reading. OpenAI announces leadership transition (OpenAI) A statement from Microsoft Chairman and CEO Satya Nadella (The Official Microsoft Blog) A timeline of Sam Altman’s ouster from OpenAI and Microsoft appointment (Reuters) Sam Altman leaves OpenAI: Everything you need to know (Computing) OpenAI Employees Threaten to Quit Unless Board Resigns (Wall Street Journal) Sam Altman to Join Microsoft Following OpenAI Ouster (Wall Street Journal) Dozens of Staffers Quit OpenAI After Sutskever Says Altman Won’t Return (The Information) AI to accelerate your security defenses (IBM) OpenAI’s Board Set Back the Promise of Artificial Intelligence (The Information) A New AI Lexicon: Existential Risk (AI Now) Hackers Are Exploiting a Flaw in Citrix Software Despite Fix (Bloomberg) Medusa ransomware gang claims Toyota Financial Services hack (Security Affairs) <a
Bonus · Sun, November 19, 2023
Ian Blumenfeld: Swimming in a pool of cyber. [Research] [Career Notes]
Ian Blumenfeld, a Research Director from Two Six Technologies sits down to share his story with us. Ian begins his story by sharing he wanted to be a scientist, slowly he began to figure out and pinpoint more of what he liked about science, which ended up being math. Ian explains how math began to become a passion for him, and he eventually tried to pursue a career in it by teaching. He discovered teaching was not the thing for him and then started to move into the direction he wanted too, taking on more and more challenging roles until he landed where he is today. Ian says "If you're a smart person and you have skills in coding, you can swim. So it's okay to jump. It's okay to jump into the lake, you can swim. Something will get you out. You will have, you will be able to find a job. So, if you see something that looks cool, if you see something that advances you to the next stage of your career, if you have to take a little bit of a risk, it's okay." Ian wants to be someone who helped make the world a little better when it comes to code and wants to shares his desires and passions with the community. We thank Ian for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E56 · Sun, November 19, 2023
Breaking Through: Securing the advancement of women in cybersecurity. [Special Edition]
In the dynamic field of cybersecurity, it’s well established that creating more opportunities for diversity and inclusion is essential for developing a highly skilled workforce. As an industry, we are starting to see the fruits of that labor, but there is a growing need for diverse leadership to nurture continuous innovation and resilience in cybersecurity. As part of N2K’s 2023 Women in Cyber content series, we’re excited to host an engaging virtual panel discussion moderated by N2K's President Simone Petrella featuring insights, experiences, and strategies for advancing more women into leadership roles within the field. This virtual discussion explores different areas including: Navigating the Cybersecurity Landscape: Gain insights into our guests' career journeys, including mentors, challenges, and success, and how the evolving landscape may present different challenges and opportunities for women. Building a Supportive Ecosystem: Explore the importance of mentorship, allyship, and a strong network in propelling women into leadership, and how to create an environment where everyone can thrive. Closing the Gender Gap: Delve into actionable strategies and best practices for organizations to promote gender diversity in their cybersecurity leadership teams. The Future of Cybersecurity Leadership: Gain a forward-looking perspective on the evolving role of women in shaping the future of cybersecurity. This panel discussion is a must-listen event for professionals, leaders, and aspiring cybersecurity experts who are committed to promoting diversity and empowering women to excel in cybersecurity leadership. Don't miss the opportunity to be part of this inspiring conversation and drive positive change in the industry. Panelists: Abisoye Ajayi , Cyber & Analytics Manager at Tulsa Innovation Labs Koma Gandy , VP, Leadership & Business at Skillsoft Lauren Zabierek , Sr. Advisor at CISA Learn more about your ad choices. Visit megaphone.fm/adchoices
S1 E2 · Sat, November 18, 2023
AWS in Orbit: Securing the space frontier with AI cybersecurity solutions. [T-Minus AWS in Orbit]
Buffy Wajvoda is the Global Leader for Space Solutions Architecture at AWS Aerospace and Satellite . In this extended conversation, we dive into how AWS is supporting cybersecurity in the space domain. You can learn more at AWS re:Invent . AWS in Orbit is a podcast collaboration between N2K and AWS to offer listeners an in-depth look at the transformative intersection of cloud computing, space technologies, and generative AI. You can learn more about AWS in Orbit at space.n2k.com/aws . Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space , and you’ll never miss a beat . And be sure to follow T-Minus on LinkedIn and Instagram . Selected Reading AWS re:Invent The security attendee’s guide to AWS re:Invent 2023- AWS Blog Viasat Deploys Resilient Tactical Edge Capability with AWS- YouTube How We Sent an AWS Snowcone into Orbit- AWS Blog How to improve your security incident response processes with Jupyter notebooks- AWS Blog Supporting security assessors in the Canadian public sector with AWS and Deloitte- AWS Blog Establishing hybrid connectivity within a Canadian Centre for Cyber Security Medium Cloud reference architecture- AWS Blog Evolving cyber threats demand new security approaches – The benefits of a unified and global IT/OT SOC- AWS Blog Audience Survey We want to hear from you! Please complete our short survey . It’ll help us get better and deliver you the most mission-critic
Bonus · Sat, November 18, 2023
The malicious YoroTrooper in disguise. [Research Saturday]
Asheer Malhotra from Cisco Talos discussing their research and findings on "Kazakhstan-associated YoroTrooper disguises origin of attacks as Azerbaijan." Cisco Talos' research team, released research attributing the work of the espionage-focused threat actor, YoroTrooper, to individuals based in Kazakhstan. The research states "YoroTrooper attempts to obfuscate the origin of their operations, employing various tactics to make its malicious activity appear to emanate from Azerbaijan, such as using VPN exit nodes local to that region." They also found that the YoroTrooper continues to rely heavily on phishing emails that direct victims to credential harvesting sites. The research can be found here: Kazakhstan-associated YoroTrooper disguises origin of attacks as Azerbaijan Learn more about your ad choices. Visit megaphone.fm/adchoices
S7 E1950 · Fri, November 17, 2023
Cyber escalation in a hybrid war, and some notes on the markets, both gray and C2C.
Scattered Spider prompts warnings from CISA and the FBI. Phobos ransomware is an affiliate crimeware-as-a-service program. A "hack-for-hire" contractor. “Scama” in the C2C market. Our guest is Lee Clark from the RH-ISAC with a look at Holiday Season Cyber Threat Trends. Tim Eades from Cyber Mentor Fund shares recent trends in cyber venture capital, with tips on finding a good match. And the tempo of cyber operations in Russia's hybrid war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/220 Selected reading. FBI and CISA Release Advisory on Scattered Spider Group (Cybersecurity and Infrastructure Security Agency | CISA) FBI warns on Scattered Spider hackers, urges victims to come forward (Reuters) U.S. officials urge more information sharing on prolific cybercrime group (CyberScoop) A deep dive into Phobos ransomware, recently deployed by 8Base group (Cisco Talos Blog) Understanding the Phobos affiliate structure and activity (Cisco Talos Blog) Elephant Hunting | Inside an Indian Hack-For-Hire Group (SentinelOne) How an Indian startup hacked the world (Reuters) Scama: Uncovering the Dark Marketplace for Phishing Kits (Vade Secure) Ukraine Tracks a Record Number of Cyber Incidents During War (Bank Info Security) Russia will target other countries for web attacks, Ukraine cyber defence chief warns (The Irish Times) Sandworm Linked to Attack on Danish Critical Infrastructure (Infosecurity Magazine) Why cyber war readiness is critical for democracies (Help Net Security) Learn more about your ad choices. Visit megaphone.fm
S7 E1949 · Thu, November 16, 2023
Shopping during wartime? Focus, people.
Cyber safety for the holidays. Using regulatory risk to pressure a ransomware victim. A call for regulatory action against a supply chain threat. Rhysida malware: a warning and a description. Extending local breaches in Google Workspace. Protestware in open-source products. GRU's Sandworm implicated in campaign against Danish electrical power providers. Jason Meller, Founder & CEO of Kolide joins us as part of our sponsored Industry Voices segment to discuss the findings from The Shadow IT Report. In this Threat Vector segment, David Moulton sits down with Sama Manchanda, a consultant at Unit 42 to discuss the fascinating world of social engineering attacks. And donation scams: exploiting sympathy. In this Threat Vector segment, David Moulton engages in an enlightening conversation with Sama Manchanda, a consultant at Unit 42. The duo embarks on an exploration of the fascinating world of social engineering attacks, delving into the distinct characteristics of phishing, smishing, and vishing. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/219 Threat Vector Please share your thoughts with us for future Threat Vector segments by taking our brief survey . To learn what is top of mind each month from the experts at Unit 42 sign up for their Threat Intel Bulletin . Selected reading. New Visa Report Tells Consumers to Stay Alert this Holiday Shopping Season (Business Wire) Ransomware gang files SEC complaint over victim’s undisclosed breach (BleepingComputer) 11-14-2023 EFF Letter to FTC re: Malware on Android TV Set-Top Boxes (EFF) #StopRansomware: Rhysida Ransomware (Cybersecurity and Infrastructure Security Agency | CISA) Investigating the New Rhysida Ransomware (Fortinet Blog) Analyzing Rhysida Ransomware Intrusion (Fortinet Blog) The Chain Reaction: New Methods for Extending Local Breac
S1 E48 · Thu, November 16, 2023
Examining the current state of security orchestration. [CyberWire-X]
In this episode of CyberWire-X, N2K’s CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined by guest Rohit Dhamankar, Fortra's Vice President of Product Strategy, and Hash Table member Steve Winterfeld, Akamai's Advisory CISO to discuss CISO initiatives such as vendor consolidation, automation, and attack surface management as a way to determine if it’s possible to achieve both increased security maturity and decreased operational load. This session covers common mistakes when adopting security technologies, including the pros and cons of AI, and how to better collaborate together. Learn more about your ad choices. Visit megaphone.fm/adchoices
S7 E1948 · Wed, November 15, 2023
A quick Patch Tuesday retrospective, and then a look at what the threat groups are up to.
A look back at Patch Tuesday. BlackCat uses malicious Google ads. Social engineering in the third quarter of 2023. Are small businesses in denial about ransomware? Molerats have some new tools. Israel turns to NSO Group's Pegasus to search for hostages taken by Hamas. Tim Starks from the Washington Post examines the potential aftermath of a Russian group hitting a Chinese bank. In our Learning Layer, Sam Meisenberg helps a student understand and create a strategy for the CISSP CAT. And a cyberespionage campaign is attributed to Russia's SVR. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/218 Selected reading. Adobe Releases Security Updates for Multiple Products | CISA (Cybersecurity and Infrastructure Security Agency CISA) Fortinet Releases Security Updates for FortiClient and FortiGate (Cybersecurity and Infrastructure Security Agency | CISA) VMware Releases Security Update for Cloud Director Appliance (Cybersecurity and Infrastructure Security Agency | CISA) CISA Releases Two Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency | CISA) Microsoft Releases October 2023 Security Updates (Cybersecurity and Infrastructure Security Agency | CISA) Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws (BleepingComputer) SAP Security Patch Day for November 2023 (Onapsis) The ALPHV/BlackCat Ransomware Gang is Using Google Ads to Conduct… (eSentire) Q3 2023 Threat Landscape Report: Social Engineering Takes Center Stage (Kroll) OpenText Cybersecurity 2023 Global Ransomware Survey: The ris
S7 E1947 · Tue, November 14, 2023
The cyber underworld is getting a bit faster and a lot looser, and the gangs may be drawing some unwelcome attention.
CISA and the FBI issue an update on Royal Ransomware. A look at Smash-and-grab ransomware attacks as well as Cloud vulnerabilities. A pre-Black Friday look at card skimmers. Fences, and their place in organized cybercrime. DP World Australia restores port operations. Joe Carrigan on scammers taking advantage of the Bitrex crypto market being shut down. In our Industry Voices segment, Usama Houlila from CrossRealms International shares his insights on the pivotal role of AI in cybersecurity. And LockBit may be drawing unwelcome attention to itself. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/217 Selected reading. #StopRansomware: Royal Ransomware (Cybersecurity and Infrastructure Security Agency | CISA) FBI: Royal ransomware asked 350 victims to pay $275 million (BleepingComputer) The Song Remains the Same: The 2023 Active Adversary Report for Security Practitioners (Sophos) Why 93% of Security Leaders Say Cloud Security Requires Zero Trust Segmentation (Illumio Cybersecurity Blog) Malwarebytes Labs Reveals 50% Uptick in Credit Card Skimming in Advance of the Holiday Shopping Season (PR Newswire) Credit card skimming on the rise for the holiday shopping season (Malwarebytes) The Fencers: The Lynchpin of Organized Retail Crime Enterprise (Nisos) DP World cyberattack blocks thousands of containers in ports (BleepingComputer) Operations at Major Australian Ports Significantly Disrupted by Cyberattack (SecurityWeek) Australian Ports Recover From Cyber Incident (Bank Info Security) DP World: Australia sites back online after cyber-attack (BBC News
S7 E1946 · Mon, November 13, 2023
Ransomware and DDoS hit diverse sectors. The DDoS is a nuisance, the ransomware more serious.
Australian ports are recovering from a cyberattack. SysAid is hit by Cl0p user Lace Tempest. Ransomware targets China's largest bank. LockBit doxes Boeing as Boeing hangs tough on paying ransom. Docker Engine for DDoS. Rick Howard looks at the SEC’s targeting of SolarWinds’ CISO. And Anonymous Sudan claims attacks on ChatGPT and Cloudflare. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/216 Selected reading. Freight giant DP World recovers from cyber attack, but warns investigation and remediation is 'ongoing' (ABC) DP World port operations in Australia recovering after cyber-attack (The Loadstar) Ransomware attack against China's largest bank. (CyberWire) China's biggest lender ICBC hit by ransomware attack (Reuters) Ransomware attack on ICBC disrupts trades in US Treasury market (Financial Times) Hackers Hit Wall Street Arm of Chinese Banking Giant ICBC (Wall Street Journal) LockBit finally publishes its proof-of-hack as Boeing hangs tough. (CyberWire) SysAid On-Prem Software CVE-2023-47246 Vulnerability (SysAid) Critical Vulnerability: SysAid CVE-2023-47246 (Huntress) SysAid Zero-Day Vulnerability Exploited By Lace Tempest (Rapid7) SysAid vulnerability exploited. (CyberWire) OracleIV - A Dockerised DDoS Botnet (Cado Security) Anonymous Sudan and OpenAI. (CyberWire) <a href="https://www.bloomberg.com/news/articles/2023-11-09/russia-linked-hack
Bonus · Sun, November 12, 2023
Grace Cassy: Actions speak louder than words. [Associate Fellow] [Career Notes]
Grace Cassy, and Associate Fellow from Ten Eleven Ventures sits down to share her career path, getting her to where she is now. Grace spent 10 years in the UK Diplomatic Service, working on global security policy in Asia, Europe, and the Americas. Earlier in her career she was an advisor to Prime Minister Tony Blair, specializing in Asia and national security. She also co-founded Epsilon Advisory Partners, a strategy and growth firm working with world-leading global technology companies and investors. Now she is a Co-founder at CyLon and is an Early Stage Investor in cybersecurity companies. She says "I think we probably don't need too many more words, but we definitely need a bit more action." We thank Grace for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Fri, November 10, 2023
CSO Perspectives Bonus: Veterans Day special.
Rick Howard (The Cyberwire’s Chief Analyst, CSO, and Senior Fellow), and the cast of the entire Cyberwire team, honor our U.S. veterans on this special day. Learn more about your ad choices. Visit megaphone.fm/adchoices
S7 E1945 · Thu, November 09, 2023
Shields Ready for attacks against critical infrastructure. These may be indiscriminate, and they may be opportunistic.
CISA, FEMA, and Shields Ready. Ransomware operators exploit 3rd-party tools. A Bittrex bankruptcy phishing campaign. Spammers abuse Google Forms quizzes. Imperial Kitten in action against Israeli targets. Iranian cyberattacks against Israel are called "reactive and opportunistic." In our sponsored Industry Voices segment, Adam Bateman from Push Security outlines how attackers are targeting cloud identities. Luke Vander Linden from RH-ISAC speaks with Target's Ryan Miller and Leah Schwartzman about the evolving fraud landscape retailers are facing with the holidays approaching. And Sandworm and Ukraine's power grid: 2022 attacks may foreshadow the winter of 2023 and 2024. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/215 Selected reading. Shields Ready | CISA (Cybersecurity and Infrastructure Security Agency CISA) DHS Unveils New Shields Ready Campaign to Promote Critical Infrastructure Security and Resilience (FEMA) US Urges Critical Infrastructure Firms to Get “Shields Ready” (Infosecurity Magazine) US launches “Shields Ready” campaign to secure critical infrastructure (CSO Online) DHS Launches New Critical Infrastructure Security and Resilience Campaign (SecurityWeek) Ransomware Actors Continue to Gain Access through Third Parties and Legitimate System Tools (FBI) Phishing Attack Driven by Bittrex Bankruptcy (Abnormal) Spammers abuse Google Forms’ quiz to deliver scams (Cisco Talos Blog) IMPERIAL KITTEN Deploys Novel Malware Families in Middle East-Focused Operations (CrowdStrike) Microsoft shares threat intelligence at CYBERWARCON 2023 (Microsoft Security) <a href="https://www.washingtonpost.com/politics/2023/11/09/iran-hamas-showed-no-signs-cyber-coordination-run-up-war-researchers-say/"
S7 E1944 · Wed, November 08, 2023
No major threats showed up in yesterday’s US elections, so now we can start thinking about the risk during the holidays.
CISA claims "No credible threats" to yesterday's US elections. Criminals seek to profit from the .ai top level domain. A Singapore resort sustains a cyberattack. A look ahead at holiday cyber threats. A major Chinese cyberespionage effort against Cambodia. The four cyber phases of a hybrid war. Robert M. Lee from Dragos explains how outside forces affect OT and critical infrastructure security. Our guest is Dan Neault of Imperva sharing how organizations are behind the eight-ball when relying upon real-time analytics. Cyber and electronic threats to space systems. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/214 Selected reading. CISA Sees Smooth Election Day Operations, No ‘Credible’ Threats (Meritalk) The rise of .ai: cyber criminals (and Anguilla) look to profit (Netcraft) Singapore’s Marina Bay Sands Says It Was Hit in Data Breach (Bloomberg) Marina Bay Sands discloses data breach impacting 665,000 customers (BleepingComputer) Personal data of 665,000 Marina Bay Sands lifestyle rewards members accessed in data security breach (CNA) Report Examines Cyber Threat Trends Facing Retail and Hospitality This Holiday Season (RH-ISAC) Chinese APT Targeting Cambodian Government (Unit 42) Chinese cyberspies have widely penetrated networks of ally Cambodia (Washington Post) Cyber Escalation in Modern Conflict: Exploring Four Possible Phases of the Digital Battlefield (Flashpoint) Cyber Security of Space Systems ‘Crucial,’ As US Space Force Official Notes Recent Attacks (Via Satellite) Learn more about your ad choices. Visit megaphone.fm/adchoices
S7 E1943 · Tue, November 07, 2023
Cybercriminals at the service of the state, and an array of new underworld tools.
Data brokers offer information on active US military personnel. Current BlueNoroff activity. A new Gootloader variant is active in the wild. Atlassian vulnerabilities actively exploited. The prevalence of breaches. Update on a Barracuda vulnerability. Hacktivism and the cyber course of the Hamas-Israel war. Bot-hunting in Ukraine. Microsoft’s Ann Johnson from Afternoon Cyber Tea speaks with Sharon Barber, Chief Information Officer at Lloyds Banking Group, about cyber trends in financial services. Ben Yelin looks at the ease of purchasing US military personnel data from data brokers And election security is in the news–an off-year election is an election nonetheless. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/213 Selected reading. Researchers find sensitive personal data of US military personnel is for sale online (CNN) How foreigners can buy data on US military members, for the right price (POLITICO) GootBot - Gootloader's new approach to post-exploitation (Security Intelligence) BlueNoroff strikes again with new macOS malware (Jamf) GootBot - Gootloader's new approach to post-exploitation (Security Intelligence) Rapid7-Observed Exploitation of Atlassian Confluence CVE-2023-22518 (Rapid7) Armis Research Finds One-Third of Global Organizations Experienced Multiple Security Breaches in Last 12 Months (Armis) Technical analysis: Barracuda Email Security Gateway by Quentin Olagne (Vectra) Maccabi Tel Aviv basketball team website comes under cyber attack (The Jerusalem Post) The Digital Frontline of the Israel-Hamas Conflict Could Extend Long After the War (Inkstick) <a href="https://www.scmagazine.com/perspective/five-attack-vectors-that-businesses-should-focus-on-in-the-wake-
S7 E1942 · Mon, November 06, 2023
Precautions, preparations, and resilience against cybercrime and hacktivism.
A precautionary shutdown at a major US mortgage lender. Call centers as targets. A push to decouple data and identity. The cyber front in the Hamas-Israeli war. Hacktivism and state-sponsored cyberattacks against Israel. The instructive case of TASS and managing influence operations. Deepen Desai from Zscaler talking about the TOITOIN Trojan. Our guest is Joe Nocera, of PwC sharing their latest Global Digital Trust Insights survey and the impact of the SEC's new cybersecurity disclosure rules. And cybercrime on the side of Ukraine (or at least, cybercrime against Russia). For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/212 Selected reading. Mortgage Giant Mr. Cooper Shuts Down Systems Following Cyberattack (SecurityWeek) TransUnion Report Shows Fraud Attacks on Financial Industry Call Centers Rising (Transunion) A Bold New Plan to Make Cloud Computing More Secure (IEEE Spectrum) The Cyberwarfare Front of the Israel-Gaza War (The National Interest) Agonizing Serpens (Aka Agrius) Targeting the Israeli Higher Education and Tech Sectors (Unit 42) GhostSec offers Ransomware-as-a-Service Possibly Used to Target Israel (Uptycs) Kremlin Sacks TASS Chief for Wagner Mutiny Coverage (The Moscow Times) Russia's 2nd-Largest Insurer Rosgosstrakh Hacked; 400GB of Data Sold Online (Hackread - Latest Cybersecurity News, Press Releases & Technology Today) Learn more about your ad choices. Visit megaphone.fm/adchoices
S8 E55 · Sun, November 05, 2023
CyberCon 2023: A unique mix of critical infrastructure and cybersecurity. [Special Edition]
As we progress in this technological age, both cybersecurity and critical infrastructure continue to be at the forefront of prevention, protection, mitigation, and recovery conversation topics. From a frontline worker to the top of the C-Suite, security is something we all should be aware of and concerned about. The CyberCon event began in 2018 and provides an opportunity to learn more about cybersecurity and critical infrastructure as well as collaborate with fellow security professionals. Dave Bittner recently spoke at CyberCon 2023 at Bismarck State College in North Dakota. While there, he had the opportunity to interview 4 members of the conference planning committee (all past or current chairs of the event) for a better understanding of the event, its focus on a mix of critical infrastructure and cybersecurity, and how the event has evolved over the years. Dave speaks with: Troy Walker , Director of Sales and Marketing at Dakota Carrier Network & 2023 conference chair, sharing the history of CyberCon its unique focus on critical infrastructure and cybersecurity. Tony Aukland , Technology Outreach Manager for the State of North Dakota IT & previous conference chair, giving us the truth about CyberCon and its origin story. Bill Heinzen , Information Security Team Lead at National Information Solutions Cooperative and previous event chair, talking about developing the cybersecurity candidate pool in North Dakota. John Nagel , CEO and Founder of CYBERNET SECURITY and past event chair, discussing sustainability of the CyberCon and its critical infrastructure focus. Learn more about your ad choices. Visit megaphone.fm/adchoices
S4 E174 · Sun, November 05, 2023
Jeffrey Wheatman: Sometimes you just need to open the raincoat. [Career Notes]
Jeffrey Wheatman, Cyber Risk Evangelist, from Black Kite joins to share his amazing story. As a strategic thought leader with extensive expertise in cybersecurity, Jeffrey Wheatman is regarded foremost as an expert in guiding public sector clients and Fortune 500 companies in connection with their cyber risk management programs. In his current role as Cyber Risk Evangelist at Black Kite, Jeffrey works to get the message out about the business impact of third-party risk and solutions to treat those risks. Jeffrey shared his career, along with is passion for cyber by explaining some of the roles he did moving up into his role today. He says as a leader we all need to be aware of the fact that "We make mistakes and I I'm a, I'm a big believer in sharing those mistakes and I think it's important to open the raincoat as it were, and let people understand that we're not perfect, we all need help and then that way they feel comfortable coming to you and asking for help" We thank Jeffrey for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, November 04, 2023
Sandman doesn't slow malware down. [Research Saturday]
Aleksandar Milenkoski and JAGS from SentinelOne sits down to share their work on "Sandman APT | A Mystery Group Targeting Telcos with a LuaJIT Toolkit." After observing a new threat activity cluster by an unknown threat actor in August of this year, SentinelLabs dubbed it Sandman. The research states "Sandman has been primarily targeting telecommunication providers in the Middle East, Western Europe, and the South Asian subcontinent." Sandman has deployed a novel modular backdoor utilizing the LuaJIT platform, they call this malware "LuaDream," which exfiltrates system and user information, paving the way for further precision attacks. The research can be found here: Sandman APT | A Mystery Group Targeting Telcos with a LuaJIT Toolkit Learn more about your ad choices. Visit megaphone.fm/adchoices
S7 E1941 · Fri, November 03, 2023
In the offense-defense see-saw, the defense seems to be rising.
An Apache vulnerability is being used to install ransomware. Exploitation of Citrix vulnerability in the wild. AP sustains DDoS attack. HHS reaches settlement in HIPAA data breach incident. More evidence of OSINT's reach. On the Solution Spotlight: Simone Petrella and Rick Howard speak with Ben Rothke about his article and thoughts on "Is there really an information security jobs crisis?" Andrea Little Limbago from Interos joins us to discuss SEC and the disclosure rules. And, Microsoft draws a lesson from Russia's war: cyber defense now has the advantage over cyber offense. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/211 Selected reading. Critical Apache ActiveMQ Vulnerability Exploited to Deliver Ransomware (SecurityWeek) HelloKitty ransomware now exploiting Apache ActiveMQ flaw in attacks (BleepingComputer) Critical Vulnerability: Exploitation of Apache ActiveMQ CVE-2023-46604 (Huntress) Suspected Exploitation of Apache ActiveMQ CVE-2023-46604 (Rapid7) HHS’ Office for Civil Rights Settles Ransomware Cyber-Attack Investigation (U.S. Department of Health and Human Services) AP news site hit by apparent denial-of-service attack (AP News) Associated Press hit by Anonymous Sudan DDoS attack? (Tech Monitor) Satellites and social media offer hints about Israel's ground war strategy in Gaza (NPR) Revisiting the Gaza Hospital Explosion (New York Times) Microsoft Vows to Revamp Security Products After Repeated Hacks (Bloomberg) A new world of security: Microsoft’s Secure Futur
S7 E1940 · Thu, November 02, 2023
The beginning of an international consensus on AI governance may be emerging from Bletchley Park.
Bletchley Declaration represents a consensus starting point for AI governance. Lazarus Group prospects blockchain engineers with KANDYKORN. Boeing investigates ‘cyber incident’ affecting parts business. NodeStealer’s use in attacks against Facebook accounts. Citrix Bleed vulnerability exploited in the wild. MuddyWater spearphishes Israeli targets in the interest of Hamas. India to investigate alleged attacks on iPhones. Tim Starks from the Washington Post on the SEC’s case against Solar Winds. In today’s Threat Vector segment David Moulton from Unit 42 is joined by Matt Kraning of the Cortex Expanse Team for a look at Attack Surface Management. And Venomous Bear rolls out some new tools. On the Threat Vector segment, David Moulton, Director of Thought Leadership for Unit 42, is joined by Matt Kraning, CTO of the Cortex Expanse Team. They dive into the latest Attack Surface Management Report. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/210 Threat Vector Read the Attack Surface Management Report . Please share your thoughts with us for future Threat Vector segments by taking our brief survey . To learn what is top of mind each month from the experts at Unit 42 sign up for their Threat Intel Bulletin . Selected reading. The Bletchley Declaration by Countries Attending the AI Safety Summit, 1-2 November 2023 (GOV.UK) US Vice President Harris calls for action on "full spectrum" of AI risks (Reuters) Elastic catches DPRK passing out KANDYKORN (Elastic Security Labs) North Korean Hackers Targeting Crypto Experts with KANDYKORN macOS Malware (The Hacker News) Lazarus used ‘Kandykorn’ malware in attempt to compromise exchange — Elastic (Cointelegraph) An info-stealer campaign is now targeting Facebook users with revealing photos (Record) <a href="https://www.securityweek.com/m
S7 E1939 · Wed, November 01, 2023
Hacktivism in two hybrid wars (with an excursus on gastropods).
The Hamas-Israel war continues to be marked by hacktivism. Arid Viper's exploitation of Arabic speaker's Android devices. Iran shows improved cyberespionage capabilities. A URL shortener in the C2C market. Taking down the Mozi botnet. Ransomware in healthcare. Two are Russians arrested on treason charges, accused of hacking for Ukraine. In our sponsored Industry Voices segment, Anna Belak from Sysdig shares a new threat framework for the cloud. Rick Howard previews his new online course on cyber security first principles. And no, Russia hasn’t really replaced its currency with Arctic Ocean gastropods. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/209 Selected reading. ‘Hacktivists’ join the front lines in Israel-Hamas war (C4ISRNet) The global cyber divide between Gaza and Israel - IT-Online (IT-Online) Arid Viper disguising mobile spyware as updates for non-malicious Android applications (Cisco Talos Blog) In Cyberattacks, Iran Shows Signs of Improved Hacking Capabilities (New York Times) FBI ‘keeping a close eye’ on Iranian hackers as Israel-Hamas war intensifies (Record) Why Iran Is Gambling on Hamas (Foreign Affairs) To Aid and Abet: Prolific Puma Helps Cybercriminals Evade Detection (Infoblox Blog) Who killed Mozi? Finally putting the IoT zombie botnet in its grave (ESET) The State of Ransomware in Healthcare 2023 (Sophos) Russian security service detains two hackers allegedly working for Ukraine (Record) Pro-Ukraine group says it breached Russian card payment system (Record) Learn more about your ad choices. Visit megaphone.fm/adchoices
S7 E1938 · Tue, October 31, 2023
What would it take to get you kids into a nice, late-model malware mealkit?
Malicious packages are found attached to NuGet. Russia will establish its own substitute for VirusTotal. Commodity tools empower low-grade Russian cybercriminals. Malware mealkits, and other notes from the cyber underground. Insights from a Cybersecurity workforce study. Mr Security Answer Person John Pescatore looks at MFA. Drew Rose from Living Security on the very scary human side of cyber attacks. And more details from President Biden’s Executive Order on artificial intelligence. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/208 Selected reading. IAmReboot: Malicious NuGet packages exploit loophole in MSBuild integrations (ReversingLabs) Russia to launch its own version of VirusTotal due to US snooping fears (Record). Russian hacking tool floods social networks with bots, researchers say (Record) How Kopeechka, an Automated Social Media Accounts Creation Service, Can Facilitate Cybercrime (Trend Micro) HP Wolf Security Threat Insights Report Q3 2023 (HP Wolf Security) How the Economy, Skills Gap and Artificial Intelligence are Challenging the Global Cybersecurity Workforce (ISC2) Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (The White House) Learn more about your ad choices. Visit megaphone.fm/adchoices
S7 E1937 · Mon, October 30, 2023
Bringing AI up right–realizing its potential without its becoming a threat. (And how deepfakes might be an informational fleet-in-being.)
The Hive ransomware gang may be back, and rebranded. Coinminers exploit AWS IAM credentials. LockBit claims to have obtained sensitive information from Boeing. Ukrainian auxiliaries disrupt Internet service in Russian-occupied territory, while internet and telecoms are down in Gaza. Deepfakes have an effect even when they're not used. Joe Carrigan explains executive impersonations on social media. Our guest is David Brumley, cybersecurity professor at Carnegie Mellon and CEO of software security firm, ForAllSecure, discussing spooky zero days and vulnerabilities. And President Biden releases a US Executive Order on artificial intelligence. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/207 Selected reading. New Hunters International ransomware possible rebrand of Hive (BleepingComputer) CloudKeys in the Air: Tracking Malicious Operations of Exposed IAM Keys (Palo Alto Networks Unit 42) Boeing assessing Lockbit hacking gang threat of sensitive data leak (Reuters) Ukrainian hackers disrupt internet providers in Russia-occupied territories (Record) Israel steps up air and ground attacks in Gaza and cuts off the territory's communications (AP News) The Destruction of Gaza’s Internet Is Complete (WIRED) Rocket Alert Apps Warn Israelis of Incoming Attacks While Gaza Is Left in the Dark (WIRED). Elon Musk’s Starlink to help Gaza amid internet blackout (Record) Families of Hostages Kidnapped by Hamas Turn to Phone Pings for Proof of Life (WIRED) Israel Taps Blacklisted Pegasus Maker to Track Hostages in Gaza (Bloomberg) A.I. Muddies Israel-Hamas War in Unexpected Way (New
Bonus · Mon, October 30, 2023
The Malware Mash! [Bonus]
Enjoy this CyberWire classic. They did the Mash...they did the Malware Mash... Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sun, October 29, 2023
Nicole Sundin: Women helping women. [Chief Product Officer] [Career Notes]
Nicole Sundin, a Chief Product Officer from Axio sits down to discuss her career path and what it is like to be a woman in the cybersecurity field. As a UX leader, Nicole has devoted her entire career to building awareness around the benefits of usable security and human-centered security to the broader cybersecurity community. She also shares some of her background as she moved her way up the later to get to where she is today. As a female in a male-dominated industry, Nicole shares her unique insights on embracing the responsibility of serving as a role model to women aspiring to contribute to the cybersecurity field, and the importance of building a diverse team. She says "Really, it's about building community in your organization and outside your organization of strong women or strong friends that you have that you can lean on when you know you're the only person in the room." We thank Nicole for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, October 28, 2023
No rest for the wicked HiatusRAT. [Research Saturday]
Danny Adamitis from Lumen's Black Lotus Labs sits down to discuss their work on "No Rest For The Wicked: HiatusRAT Takes Little Time Off In A Return To Action." Last March Lumen's Black Lotus Lab researchers discovered a novel malware called HiatusRAT that targeted business-grade routers. The research states "In the latest campaign, we observed a shift in reconnaissance and targeting activity; in June we observed reconnaissance against a U.S. military procurement system, and targeting of Taiwan-based organizations." This shift in information gathering and targeting preference exhibited in the latest campaign is synonymous with the strategic interest of the People’s Republic of China according to the 2023 ODNI threat assessment. The research can be found here: No Rest For The Wicked: HiatusRAT Takes Little Time Off In A Return To Action Learn more about your ad choices. Visit megaphone.fm/adchoices
S7 E1936 · Fri, October 27, 2023
Social engineering as a blunt instrument–almost like swatting without the middleman.
Eastern European gangs overcome their reservations about working with anglophone criminals. Mirth Connect is vulnerable to a critical flaw. A look at a mercenary spyware strain. “PepsiCo” as phishbait. Ben Yelin explains the FCC’s renewed interest in Net Neutrality. Our guest is Wade Baker from the Cyentia Institute with insights on measuring risk. And Europol thinks police should take a good look at quantum computing and law enforcement. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/206 Selected reading. Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction (Microsoft Security) MGM Resorts hackers 'one of the most dangerous financial criminal groups’ (Record) Critical Mirth Connect Vulnerability Could Expose Sensitive Healthcare Data (SecurityWeek) Examining Predator Mercenary Spyware (HYAS) Fresh Phish: The Case of the PepsiCo Procurement Ploy (INKY) U.S. Tries New Tack on Russian Disinformation: Pre-Empting It (New York Times) ESET APT Activity Report Q2–Q3 2023 (We Live Security) Russian hackers claim takedown of WA’s Transperth transport agency with DDoS attack (Cyber Daily) The Second Quantum Revolution: The impact of quantum computing and quantum technologies on law enforcement (Europol Innovation Lab) Learn more about your ad choices. Visit megaphone.fm/adchoices
S7 E1935 · Thu, October 26, 2023
Some intelligence services understand the value of being underestimated.
StripedFly gets reclassified. YoroTrooper is interested in the Commonwealth of Independent States. The current state of DDoS attacks. Ukrainian hacktivists deface Russian artists' Spotify pages. Trolls amplify a Musky meme. In our Industry Voices segment, Matt Howard from Virtru explains securing data at the employee edge. Our guest is Seth Blank from Valimail, to discuss email security and DMARC. And while trolls might like Mr.Musk, the crooks heart Mr. Gosling. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/205 Selected reading. Sophisticated StripedFly Spy Platform Masqueraded for Years as Crypto Miner (Zeroday) Kazakhstan-associated YoroTrooper disguises origin of attacks as Azerbaijan (Cisco Talos Blog) DDoS threat report for 2023 Q3 (The Cloudflare Blog) Russian artists’ Spotify accounts defaced by pro-Ukraine hackers (Record) Elon Musk Mocked Ukraine, and Russian Trolls Went Wild (WIRED) Ryan Gosling Tops McAfee’s 2023 Hacker Celebrity Hot List (Business Wire) Learn more about your ad choices. Visit megaphone.fm/adchoices
S7 E1934 · Wed, October 25, 2023
AI ain’t misbehavin’, except when it does. Also, privateers and hacktivist auxiliaries get busy.
Teaching AI to misbehave. Ransomware's effect on healthcare downtime. Two reports on the state of cybersecurity in the financial services sector. Possible connections between Hamas and Quds Force. Ukrainian cyber authorities report a rise in privateering Smokeloader attacks. Russian hacktivist auxiliaries strike Czech targets. My conversation with Sherrod DeGrippo, host of The Microsoft Threat Intelligence Podcast. Jay Bhalodia from Microsoft Federal shares insights on multi-cloud security. And Winter Vivern exploits a mail service 0-day. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/204 Selected reading. AI vs. human deceit: Unravelling the new age of phishing tactics (Security Intelligence) Ransomware attacks on US healthcare organizations cost $20.8bn in 2020 (Comparitech) Cyberattack at 5 southwestern Ontario hospitals leaves patients awaiting care (CBC News) State of Security for Financial Services (Swimlane) Veracode Reveals Automation and Training Are Key Drivers of Software Security for Financial Services (Business Wire) Hamas’ online infrastructure reveals ties to Iran APT, researchers say (CSO Online) Hamas Application Infrastructure Reveals Possible Overlap With TAG-63 and Iranian Threat Activity | Recorded Future (Recorded Future) Ukraine cyber officials warn of a ‘surge’ in Smokeloader attacks on financial, government entities (Record) Bloomberg: Russia steps up cyberattacks to disrupt Ukraine’s key services (Euromaidan) Pro-Russia group behind today’s mass cyberattack against Czech institutions (Expats.cz) <a href="https://www.welivesecurity.com
S7 E1933 · Tue, October 24, 2023
Two new things to worry about: how long it takes to read the fine print, and bed bug disinformation.
DDoS activity during the Hamas-Israeli war. Insurance firm reports cyber incident. Recent arrests in cybercrime sweeps. Ukrainian hacktivist auxiliaries compromise customer data at Russia's Alfa Bank. How long does it take to read the fine print? Ann Johnson from Afternoon Cyber Tea talks with Noopur Davis from Comcast about building secure tech from the start. Antonio Sanchez of Fortra shares cybersecurity challenges for enterprises including why having too many tools creates too much complexity. And hey, Marianne–don’t let the bedbugs bite. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/203 Selected reading. Cyber attacks in the Israel-Hamas war (The Cloudflare Blog) China's crackdown on cyber scams in Southeast Asia ensnares thousands but leaves the networks intact (AP News) 12 people arrested for bank malware scam, youngest being just 17 (The Independent Singapore News) Spain arrests 34 cybercriminals who stole data of 4 million people (BleepingComputer) Police Disrupt Ragnar Locker Ransomware Group (Infosecurity Magazine) Ragnar Locker Ransomware Boss Arrested in Paris (Dark Reading) E-Root marketplace credential-selling admin extradited to US (Register) Ukraine security services involved in hack of Russia’s largest private bank (Record) NordVPN study: Privacy policy awareness (NordVPN) Russia spread bedbug panic in France, intelligence services suspect (The Telegraph) Learn more about your ad choices. Visit megaphone.fm/adchoices
S7 E1932 · Mon, October 23, 2023
How people get over on the content moderators.
Okta discloses a data exposure incident. Cisco works to fix a zero-day. DPRK threat actors pose as IT workers. The Five Eyes warn of AI-enabled Chinese espionage. Job posting as phishbait. The risk of first-party fraud. Hacktivists trouble humanitarian organizations with nuisance attacks. Content moderation during wartime. Malek Ben Salem of Accenture describes code models. Our guest is Joe Oregon from CISA, discussing the tabletop exercise that CISA, the NFL, and local partners conducted in preparation for the next Super BowI. And the International Criminal Court confirms that it’s sustained a cyberespionage incident. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/202 Selected reading. Okta says hackers used stolen credentials to view customer files (Record) Cisco discloses new IOS XE zero-day exploited to deploy malware implant (BleepingComputer) Additional Guidance on the Democratic People's Republic of Korea Information Technology Workers (IC3) A stern glance from all Five Eyes. (CyberWire) DarkGate malware campaign (WithSecure) The Fraud Next Door: First-Party Fraud Runs Rampant in America (PR Newswire) Cyberattacks Intensify on Israeli and Palestinian Human Rights Groups (Wall Street Journal) Israel's burial society website comes under cyberattack (Jerusalem Post) Sheba Medical Center Hit by Cyber Attack (Jewish Press) Health Ministry disconnects the remote connection of several hospitals following cyber attack (Jerusalem Post) EU asks Meta, TikTok to account for their response to Israel-Hamas disinformation (Record) Pro-Palestinian creators use
Bonus · Sun, October 22, 2023
Jennifer Reed: Balance the gender scales. [Principal] [Career Notes]
This week, we welcome Jennifer Reed, a Principal Solutions Architect at Amazon Web Services (AWS) to sit down and share her amazing story. After Jennifer graduated high school, she immediately went into Marine Corps training, which she shared was a shock to her because she was the only woman when she got out into the fleet and every single place that she went. She eventually moved on from the military after learning some programming tools, and went into the financial services industry doing systems engineering. She got called back to active duty, and then afterwards landed at AWS. She shares that being a woman in this industry can be challenging at time, but she says "I do feel, um, good about the things I've overcome, but I also don't want it to be so hard for the next person, if that makes sense. I don't want them to have to have those same struggles to kind of overcome any perceptions that someone might have due to their their gender or their background." We thank Jennifer for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, October 21, 2023
AMBERSQUID hides in the depths. [Research Saturday]
Sysdig's Alessandro Brucato and Michael Clark join Dave to discuss their work on "AWS's Hidden Threat: AMBERSQUID Cloud-Native Cryptojacking Operation." Attackers are targeting what are typically considered secure AWS services, like AWS Fargate and Amazon SageMaker. This means that defenders generally aren’t as concerned with their security from end-to-end. The research states "The AMBERSQUID operation was able to exploit cloud services without triggering the AWS requirement for approval of more resources, as would be the case if they only spammed EC2 instances." This poses additional challenges targeting multiple services since it requires finding and killing all miners in each exploited service. The research can be found here: AWS’s Hidden Threat: AMBERSQUID Cloud-Native Cryptojacking Operation Learn more about your ad choices. Visit megaphone.fm/adchoices
S7 E1931 · Fri, October 20, 2023
Disinformation and its often overlooked potential for denial-of-services.
Hacktivism and influence operations in the Hamas-Israel war. An OilRig cyberespionage campaign prospects a Middle Eastern government. Emailed bomb threats in the Baltic. Darkweb advertising yields insight into ExelaStealer malware. Casio discloses breach of customer data. The FCC proposes a return to net neutrality, while Consumer Financial Protection Bureau proposes data-handling rules under Dodd-Frank. Deepen Desai from ZScaler shares insights on MOVEit transfer vulnerabilities. Our own Simone Petrella speaks with Google’s Tatyana Bolton about the challenges of bridging the cyber talent gap. And RagnarLocker has been taken down by international law enforcement. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/201 Selected reading. Intel, defense officials tell senators that Israel did not strike hospital (The Hill) Early U.S. and Israeli Intelligence Says Palestinian Group Caused Hospital Blast . Cyberattacks linked to Israel-Hamas war are soaring (Fast Company) NSO, Israeli cyber firms help track missing Israelis and hostages (Haaretz) Lithuanian interior minister says emailed bomb threats are coordinated regional cyber-attack (Baltic Times) Another InfoStealer Enters the Field, ExelaStealer (Fortinet Blog) Q3 Report: Email Threat Trends Latest edition: PDF Popularity, Callback Phishing and Redline Malware (VIPRE) Casio Issues Apology and Notice Concerning Personal Information Leak Due to Unauthorized Access to Server | CASIO (CASIO Official Website) Human Error: Casio ClassPad Data Breach Impacting 148 Countries (Hackread) Casio data breach 2023 caused worldwide panic (Dataconomy) <a href="https://www.bleepingcomputer.com/news/security/casio-discloses-data-breach-impacting-customers
S7 E1930 · Thu, October 19, 2023
Vigilance isn’t purely receptive. Without criticism, it will become blind with detail.
Nation-states exploit the WinRAR vulnerability. Criminals leak more stolen 23andMe data. QR codes as a risk. NSA and partners offer anti-phishing guidance. A Ukrainian hacktivist auxiliary takes down Trigona privateers. Hacktivism and influence operations remain the major cyber features of the Hamas-Israeli war. On today’s Threat Vector, David Moulton speaks with Kate Naunheim, Cyber Risk Management Director at Unit 42, about the new cybersecurity regulations introduced by the SEC. Our own Rick Howard talks with Jen Miller Osborn about the 10th anniversary of ATT&CKcon. And the epistemology of open source intelligence: tweets, TikToks, Instagrams–they’re not necessarily ground truth. Threat Vector To delve further into this topic, check out this upcoming webinar by Palo Alto's Unit 42 team on November 9, 2023, " The Ransomware Landscape: Threats Driving the SEC Rule and Other Regulations ." Please share your thoughts with us for future Threat Vector segments by taking our brief survey . To learn what is top of mind each month from the experts at Unit 42 sign up for their Threat Intel Bulletin . For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/200 Selected reading. Government-backed actors exploiting WinRAR vulnerability (Google) The forgotten malvertising campaign (Malwarebytes) Hacker leaks millions of new 23andMe genetic data profiles (BleepingComputer) Exploring The Malicious Usage of QR Codes (SlashNext |) How to Protect Against Evolving Phishing Attacks (National Security Agency/Central Security Service) GuidePoint Research and Intelligence Team’s (GRIT) 2023 Q3 Ransomware Report Examines the Continued Surge of Ransomware Activity (GuidePoint) <a href="https://www.bleepingcomputer.com/news/s
S7 E1929 · Wed, October 18, 2023
Hacktivist discipline is inversely correlated with sincerity of commitment.
Hamas and Israel exchange accusations in a hospital strike. Using Gazan cell data to develop intelligence, and using hostages' devices to spread fear. Black Basta ransomware is out and about, again. Qubitstrike is a newly discovered cryptojacking campaign. Preparing for post-quantum security. Tim Starks from the Washington Post looks at one US Senator’s ability to gum up cyber legislation. In the Learning Layer, N2K's Sam Meisenberg explores the challenges and best practices of rolling out a large-scale corporate re-skilling program. And attention people of Pompei: that volcano alert is bogus. Probably. Learning Layer. On this segment of Learning Layer, N2K's Sam Meisenberg is joined by Phil, an N2K client who leads Talent Development at a large telecommunication company. They discuss the challenges and best practices of rolling out a large-scale corporate re-skilling program, including increasing learner engagement, accountability, and the importance of internal talent development and recognition. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/199 Selected reading. Blast kills hundreds at Gaza hospital; Hamas and Israel trade blame, as Biden heads to Mideast (AP News) In deadly day for Gaza, hospital strike kills hundreds (Reuters) Hacktivist attacks against Israeli websites mirror attacks following Russian invasion of Ukraine (ComputerWeekly.com) Growing Concern Over Role of Hacktivism in Israel-Hamas Conflict (Infosecurity Magazine) Israel-Hamas war illuminates trouble with political hacking groups (Axios) ISRAEL GAZA CONFLICT : THE CYBER PERSPECTIVE (CYFIRMA) Tracking Cellphone Data by Neighborhood, Israel Gauges Gaza Evacuation (New York Times) Hamas Hijacked Victims’ Social Media Accounts to Spread Terror (New York Times) TV advertising sales giant affected by
S7 E1928 · Tue, October 17, 2023
Notes from the cyber phases of two hybrid wars. Alerts on Cisco, Atlassian vulnerability exploitation. Updated guidance on security by design.
A bogus RedAlert app delivered spyware as well as panic. BloodAlchemy backdoors ASEAN southeast asian targets. A serious Cisco zero-day is being exploited. Valve implements additional security measures for Steam. A warning on Atlassian vulnerability exploitation. Allies update their security-by-design guide. Ukrainian telecommunications providers hit by cyberattack. Ben Yelin explains attempts to tamp down pornographic deepfakes. Our guest is Ashley Rose from Living Security with a look at measuring human risk. And, as always, criminals see misery as opportunity. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/198 Selected reading. Malicious “RedAlert - Rocket Alerts” Application Targets Israeli Phone Calls, SMS, and User Information (The Cloudflare Blog) Disclosing the BLOODALCHEMY backdoor (Elastic Security Labs) BLOODALCHEMY provides backdoor to ASEAN secrets (Register) Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerability (Cisco Talos Blog) Actively exploited Cisco 0-day with maximum 10 severity gives full network control (Ars Technica) Cisco warns of actively exploited zero-day in IOS XE software (Computing) Widespread Cisco IOS XE Implants in the Wild (VulnCheck) Steam enforces SMS verification to curb malware-ridden updates (BleepingComputer) Threat Actors Exploit Atlassian Confluence CVE-2023-22515 for Initial Access to Networks | CISA (Cybersecurity and Infrastructure Security Agency CISA) CISA, U.S. and International Partners Announce Updated Secure by Design Principles Joint Guide (Cybersecurity and Infrastructure Security Agency) CERT-UA Reports: 11 Ukrainian Telecom Providers Hit by Cyberattacks (The Hacker News) <a href="https
S7 E1927 · Mon, October 16, 2023
Cyber phases in two hybrid wars. A ransomware gang claims an attack against a major firm. Social engineering implicated in Shadow PC breach. Privateering, coin mining, and other worries.
Hacktivism and disinformation in the war between Hamas and Israel. LockBit claims an attack on CDW. Shadow PC's breach. Void Rabisu deploys a lightweight RomCom backdoor against the Brussels conference. Rick Howard describes Radical Asymmetric Distribution. Our guest is Jason Birmingham from Broadridge Financial Solutions with a look at asset management. And coin mining as a potential front for espionage or a staging area for sabotage. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/197 Selected reading. How hackers piled onto the Israeli-Hamas conflict (POLITICO) Israel-Gaza War Now Includes Accompanying Cyber Warfare (Channel Futures) How Cyberattacks Could Affect the Israel-Hamas War (Bank Info Security) Medical aid for Palestinians website under cyber attack affecting relief efforts (mint) Rumors of a ‘Global Day of Jihad’ Have Unleashed a Dangerous Wave of Disinformation (WIRED) Hamas in rare English ‘press conference’ as it tries to counter global condemnation (The Telegraph) In Israel-Hamas conflict, social media become tools of propaganda and disinformation (DFRLab) A flood of misinformation is shaping how panicked citizens, global public view the war (Washington Post) How Israel-Hamas War Misinformation Is Spreading Online (TIME) Misinformation Is Warfare (TIME) Meta responds to EU misinformation concerns regarding Israel-Hamas conflict (Engadget) Briefing: Meta Details Efforts to Remove War-Re
Bonus · Sun, October 15, 2023
Susan Hinrichs: The cross between computer science and security. [chief scientist] [Career Notes]
Susan Hinrichs, Chief Scientist at Aviatrix sits down to share her story, with over 30 years in experience spanning a variety of networking and security disciplines and has held leadership and academic roles, she sits down to discuss her amazing career. Earlier in her career, Susan served as System Architect at Cisco where she spent nine years designing and developing Centri Firewall and a variety of network security management tools. She worked as a Lecturer, Computer and Network Security for eight years at the University of Illinois at Urbana-Champaign (UIUC) where she developed a hands-on Security Lab introduction course for students in her first year, and later in her tenure, along with two colleagues, created a malware analysis course designed for senior students. With all of the amazing things she's done in her career, she shares the advice to new comers into the field, saying "I think also as you're trying to get that next job either as a student or as a professional trying to change direction a little bit, if you're coming into interviews being able to talk about a project that you worked on, even if it's not a project that really anyone uses, but if it's something that's interesting that you have in depth understanding of, uh, I think is super valuable to get you noticed." We thank Susan for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, October 14, 2023
Unwanted guests harvest your information. [Research Saturday]
Amit Malik from Uptycs joins us to discuss their research titled "Unwanted Guests: Mitigating Remote Access Trojan Infection Risk." Uptycs threat research team identified a new threat referred to as QwixxRAT. The Uptycs team discovered this tool being widely distributed by the threat actor through Telegram and Discord platforms. The research states "QwixxRAT is meticulously designed to harvest an expansive range of information from browser histories and credit card details, to keylogging insights." This newly found tool poses a risk to both businesses and individual users Unwanted Guests: Mitigating Remote Access Trojan Infection Risk Learn more about your ad choices. Visit megaphone.fm/adchoices
S7 E1926 · Fri, October 13, 2023
Hacktivism in the war between Hamas and Israel, with a possibility of escalation. Healthcare cybersecurity. Looting FTX. CISA releases resources to counter ransomware.
Hacktivism and nation-state involvement in the cyber phases of war in the Middle East, and the use of Telegram. Russian groups squabble online. Healthcare cybersecurity and its implications for patient care. The Looting of FTX on the day of its bankruptcy. Joe Carrigan shares research from the Johns Hopkins University Information Security Institute. Our guest is Mike Walters from Action1, marking the 20th anniversary of Patch Tuesday. And CISA releases two new resources against ransomware. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/196 Selected reading. Israeli Cyber Companies Rally as Digital, Physical Assaults Continue (Wall Street Journal) Israel Sees Cyber Incursions Across Digital Systems (Wall Street Journal) Hackers infiltrated Israeli smart billboards to post pro-Hamas messages, reports say (Business Insider) THE HAMAS ISRAEL : CONFLICT EXPLAINER - CYFIRMA (CYFIRMA) The First 72 Hours of the Israel-Hamas War: Hamas and PIJ Activity on Telegram (Flashpoint) Cyber Aggression Rises Following the October 2023 Israel-Hamas Conflict (Radware) EU opens probe into X over Israel-Hamas war misinformation (Financial Times) EU opens formal investigation into illegal content on X (Computing) X removes hundreds of Hamas-affiliated accounts since attack, CEO says (Reuters) US cyber agencies in 'very close contact' with Israel after unprecedented Hamas attacks (Nextgov.com) Five threats security pros everywhere need to focus on as the Middle East war escalates (SC
S7 E1925 · Thu, October 12, 2023
Hacktivism, auxiliaries, and the cyber phases of two hybrid wars. Challenges of content moderation. Cyberespionage in the supply chain. Don’t buy all the hype, but do fix your Linux libraries.
Hacktivists join both sides of Hamas's renewed war. Disinformation and content control in social media. Storm-0062 exploits an Atlassian 0-day. Curl and Libcurl vulnerabilities. Betsy Carmelite from Booz Allen on how to expand and diversify the Cyber Talent Pool. Our guest is Kuldip Mohanty, CIO of North Dakota. And some further reflections on hacktivism and the laws of war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/195 Selected reading. False Alarm of Hezbollah Aircraft Infiltration Underlines Israeli Concern of Multi-Front War (FDD) Israel-Hamas conflict extends to cyberspace (CSO Online) Hamas-Israel Cyber War Escalates: What We Know So Far (Technopedia) Israeli Cyber Companies Rally as Digital, Physical Assaults Continue (Wall Street Journal) X promises 'highest level' response on posts about Israel-Hamas war. Misinformation still flourishes (AP News) Europe gives Mark Zuckerberg 24 hours to respond about Israel-Hamas conflict and election misinformation (CNBC) Elon Musk Is Shitposting His Way Through the Israel-Hamas War (WIRED) Facebook video of Biden prompts probe into Meta content policy (Financial Times) MIDDLE EAST : A CYBER ARMS RACE (CYFIRMA) Storm0062 exploits Atlassian 0-day. (CyberWire) Curl and Libcurl vulnerabilities. (CyberWire) Ukraine at D+595: Sabotage in the Baltic Sea. (CyberWire) A Hacktivist Code of Conduct May Be Too Little Too Late
S7 E1924 · Wed, October 11, 2023
Cyber phases of two hybrid wars prominently feature influence operations. Rapid Reset is a novel and powerful DDoS vulnerability. Credential phishing resurgent. And a look back at Patch Tuesday.
Cyber operations in Hamas's war, Cryptocurrency as a source of funding, and Russian hacktivist auxiliaries shifting their focus. Not all influence operations involve disinformation. Rapid Reset is a Novel DDoS attack. A resurgent credential phishing campaign. Ann Johnson from Afternoon Cyber Tea speaks with Ram Shankar Siva Kumar and Dr. Hyrum Anderson about the promise, peril, and impact of AI. Our own Rick Howard talks cyber intelligence in the medical vertical with Taylor Lehmann of Google. And a quick look back at Patch Tuesday. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/194 Selected reading. Hackers make their mark in Israel-Hamas conflict (Axios) Hacktivists take sides in Israel-Palestinian war (Record) Cyberattacks Targeting Israel Are Rising After Hamas Assault (Time) Hacktivists stoke Israel-Gaza conflict online (Reuters) Hackers, some tied to Russia, target Israeli media and government websites (MSN) Hamas Militants Behind Israel Attack Raised Millions in Crypto (Wall Street Journal) Cryptocurrency fueled Hamas' war machine (Quartz) The Israeli police cyber unit, Lahav 433, has frozen the cryptocurrency accounts of Hamas (Odessa Journal) U.S. surging cyber support to Israel (POLITICO Pro) Savvy Israel-linked hacking group reemerges amid Gaza fighting (CyberScoop) Israeli Cyber Companies Rally as Digital, Physical Assaults Continue (Wall Street Journal) Hamas Seeds Violent Videos on Sites With Little Moderation (New York Times) <a href="https://therecord.media/social-media-platforms-foment-dis
S7 E1923 · Tue, October 10, 2023
The cyber phases of two wars show signs of intersecting. Developments in cyberespionage and cybercrime.
Disinformation and Hacktivism in the war between Hamas and Israel. KillNet and the IT Army of Ukraine say they'll follow ICRC guidelines. The current state of DPRK cyber operations. The Grayling cyberespionage group is active against Taiwan. A Magecart campaign abuses 404 pages. 23andMe suffers abreach. Voter records in Washington, DC, have been compromised. In our Solution Spotlight, Simone Petrella speaks with Raytheon’s Jon Check about supporting and shaping the next generation of the cyber workforce. Grady Summers from SailPoint outlines the importance of organizations managing and protecting access to critical data. And a look at CISOs willingness to pay ransom. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/193 Selected reading. The Israel-Hamas War Is Drowning X in Disinformation (WIRED) As false war information spreads on X, Musk promotes unvetted accounts (Washington Post) Elon Musk’s X Cut Disinformation-Fighting Tool Ahead of Israel-Hamas Conflict (The Information) US opinion divided amid battle for narrative over Hamas attack on Israel (the Guardian) Zelensky Compares Assault by Hamas on Israel to Moscow’s Invasion of Ukraine (New York Times) Russia cites ‘concern’ but does not condemn Hamas attack on Israel (Washington Post) The Israel–Hamas Conflict: Implications for the Cyber Threat Landscape (ReliaQuest) Hackers Send Fake Rocket Alerts to Israelis via Hacked Red Alert App Hacktivism erupts in Middle East as Israel declares war (Register) The Israel-Hamas War Erupts in Digital Chaos (WIRED) Hacktivists in Palestine and Israel after SCADA and other industrial control systems (Cybernews) Hackers Join In on Israel-Hamas War With
S4 E180 · Mon, October 09, 2023
Solution spotlight: Paths to cybersecurity. [Interview Select]
Solution Spotlight: Simone Petrella is talking with Diane Janosek, Executive Director of Capitol Technology University's Center for Women in Cyber, about paths to cybersecurity and ways to address cybersecurity workforce intelligence through education. You can view the video of this interview here . Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sun, October 08, 2023
Susie Squier: You're never alone. [President] [Career Notes]
Susie Squier, President of the Retail and Hospitality ISAC, or Information Sharing and Analysis Center, sits down to share her incredible story starting to get her into the cyber community. She first started getting into PR through an internship she did in college, then moved around a few times gaining experience everywhere she went. Susie shares some wise advice, discussing not only her managing style, but also how she handles situations, along with how she deals with adversity. She says "I also have realized over time that I'm never in this alone, whether that's your personal life or your work life and even here, uh, in addition to a great team, all great team." She hopes people will jump in to the world of cyber with an open mind, and though it may be frightening at first, she says you just need to dive in anyway and not be afraid to try new things. We thank Susie for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, October 07, 2023
Targets from DuckTail. [Research Saturday]
Deepen Desai from Zscaler joins to take a look into their research about "DuckTail." In May of 2023, Zscaler ThreatLabz began an intelligence collection operation to decode DuckTail’s maneuvers. Through an intensive three-month period of monitoring, Zscaler was able obtain unprecedented visibility into DuckTail’s end-to-end operations, spanning the entire kill chain from reconnaissance to post-compromise. The research states "DuckTail threat actors primarily target users working in the digital marketing and advertising space. Unfortunately, the tech layoffs occurring in 2022 and 2023 introduced more eager candidates into the digital market - meaning more prime targets for DuckTail." The research can be found here: A Look Into DuckTail Learn more about your ad choices. Visit megaphone.fm/adchoices
S7 E1922 · Fri, October 06, 2023
Advice on security, from Washington, DC and Washington State. The Predator Files have bad news on privacy. Notes on the hybrid war. And LoveGPT is not your soulmate.
NSA and CISA release a list of the ten most common misconfigurations along with Identity and access management guidelines. The Predator Files. Cyber cooperation between Russia and North Korea. Hacktivist auxiliaries hit Australia. Hacktivists and hacktivist auxiliaries scorn the application of international humanitarian law. The direction of Russian cyber operations. Dave Bittner speaks with Andrea Little Limbago from Interos to talk about geopolitics, cyber and the C-suite. Rick Howard talks with John Hultquist, Chief Analyst at Mandiant, at the mWISE 2023 Cybersecurity Conference about cyber threat intelligence. And, finally, adventures in catphishing: “LoveGPT.” For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/192 Selected reading. NSA and CISA Release Advisory on Top Ten Cybersecurity Misconfigurations (Cybersecurity and Infrastructure Security Agency CISA) CISA and NSA Release New Guidance on Identity and Access Management (Cybersecurity and Infrastructure Security Agency CISA) Microsoft Digital Defense Report 2023 (Microsoft) Predator Files | EIC (European Investigative Collaborations) Meet the ‘Predator Files,’ the latest investigative project looking into spyware (Washington Post) NORTH KOREA–RUSSIA SUMMIT : A NEW ALLIANCE IN CYBERSPACE? - CYFIRMA (CYFIRMA) Australia’s home affairs department hit by DDoS attack claimed by pro-Russia hackers (the Guardian) Pro-Russia hacktivist group targets Australian government agencies over support for Ukraine (Cyberdaily.au) Home Affairs, Administrative Appeals Tribunal websites hit by cyber attacks (SBS News) ‘War has no rules’: Hacktivists scorn Red Cross’ new
S7 E1921 · Thu, October 05, 2023
Security risks in the hardware and software supply chains. Patches and proofs-of-concept. A look at recent incidents hitting major corporations. Online surveillance and social credit in Russia.
Apple patches actively exploited iOS 17 vulnerability. Qakbot's survival of a major takedown. BADBOX puts malware into the device supply chain. LoonyTunables and a privilege-escalation risk. Scattered Spider believed responsible for cyberattack against Clorox. Sony discloses information on its data breach. In today’s Threat Vector segment, Chris Tillett, Senior Research Engineer at Palo Alto Networks and member of the Advisory Board at Titaniam Labs, joins host David Moulton to delve inside the mind of an insider threat. Dave Bittner sits down with Eric Goldstein, Executive Assistant Director at CISA, to discuss shared progress against the ransomware threat. And the Kremlin tightens control over the Russian information space. On this segment of Threat Vector, Chris Tillett , Senior Research Engineer at Palo Alto Networks and member of the Advisory Board at Titaniam Labs, joins host D a vi d Moulton to delve inside the mind of an insider threat. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/191 Selected reading. Apple emergency update fixes new zero-day used to hack iPhones (BleepingComputer) Apple releases iOS 17.0.3 to address iPhone 15 overheating issues (Computing) Apple Warns of Newly Exploited iOS 17 Kernel Zero-Day (SecurityWeek) Qakbot-affiliated actors distribute Ransom Knight malware despite infrastructure takedown (Cisco Talos Blog) HUMAN Disrupts Digital Supply Chain Threat Actor Scheme Originating from China (HUMAN) Trojans All the Way Down: BADBOX and PEACHPIT (Human) 'Looney Tunables' Bug Opens Millions of Linux Systems to Root Takeover (Dark Reading) Looney Tunables: New Linux Flaw Enables Privilege Escalation on Major Distributions (The Ha
S7 E1920 · Wed, October 04, 2023
A phishnet for the C-suite. Rootkit delivered by typosquatting. Stream-jacking in YouTube. Risk management. Hybrid war, and the laws thereof.
EvilProxy phishes for executives. Typosquatting to deliver a rootkit. Stream-jacking on YouTube. A global look at risk management. Assistance from a diverse set of international partners. In our Solution Spotlight segment, Simone Petrella speaks with Diane Janosek, Executive Director of Capitol Technology University's Center for Women in Cyber, about paths to cybersecurity and ways to address cybersecurity workforce intelligence through education. Dave Bittner previews the 3rd annual SOC Analyst Appreciation Day with Kayla Williams of Devo. And some guidelines for hacktivists engaged in hybrid war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/190 Selected reading. EvilProxy Phishing Attack Strikes Indeed (Menlo Security) Typosquatting campaign delivers r77 rootkit via npm (ReversingLabs) A Deep Dive into Stream-Jacking Attacks on YouTube and Why They're So Popular (Bitdefender Labs) The C-suite playbook: Putting security at the epicenter of innovation (PwC) European Peace Foundation (EPF) opens cyber classroom for Ukrainian Armed Forces - EU NEIGHBOURS east (EU NEIGHBOURS east) Rethinking Security When So Many Threats Are Invisible (New York Times) 8 rules for “civilian hackers” during war, and 4 obligations for states to restrain them (EJIL: Talk!) Learn more about your ad choices. Visit megaphone.fm/adchoices
S7 E1919 · Tue, October 03, 2023
Where ICS touches the Internet. BunnyLoader traded in C2C markets. Phantom Hacker scams. API risks. Cybersecurity attitudes and behavior. DHS IG reports on two cyber issues. Updates on the hybrid war.
Nearly 100,000 ICS services exposed to the Internet. BunnyLoader in the C2C market. Phantom Hacker scams. API risks. Cybersecurity attitudes and behaviors. Homeland Security IG finds flaws in TSA pipeline security programs, and privacy issues with CBP, ICE, and USSS use of commercial telemetry. Kyiv prepares for Russian attacks on Ukraine's power grid. Ben Yelin on the Department of Commerce placing guardrails on semi-conductor companies. As part of our sponsored Industry Voices segment, Dave Bittner sits down with Nick Ascoli, Founder and CTO at Foretrace, to discuss the last year in data leaks. And Russian disinformation is expected to aim at undermining US support for Ukraine. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/189 Selected reading. Bitsight identifies nearly 100,000 exposed industrial control systems (Bitsight) New BunnyLoader threat emerges as a feature-rich malware-as-a-service (BleepingComputer) "Phantom Hacker" Scams Target Senior Citizens and Result in Victims Losing their Life Savings (FBI) FBI warns of surge in 'phantom hacker' scams impacting elderly (BleepingComputer) APIs: Unveiling the Silent Killer of Cyber Security Risk Across Industries (Hacker News) Oh Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2023 (National Cybersecurity Alliance) Watchdog says pipeline security regulations, data collection safeguards not up to snuff at DHS (Washington Post) Better TSA Tracking and Follow-up for the 2021 Security Directives Implementation Should Strengthen Pipeline Cybersecurity (REDACTED) (Office of Inspector General, Department of Homeland Security) CBP, ICE, and Secret Service Did Not Adhere to Privacy Policies or Develop Sufficient Policies Before Procuring and Using Commercial Telemetry Data (REDACTED) (Office of Inspector General, Department of Homeland Security) <a href="h
S7 E1918 · Mon, October 02, 2023
Adventures of ransomware, and other developments in cybercrime. Cyberespionage and hybrid warfare. A government shutdown averted. Cybersecurity Awareness Month is underway.
Double-tapping ransomware hits the same victim twice. Exim mail servers are found exposed to attack. Iran's OilRig deploys Menorah malware against Saudi targets. North Korea's Lazarus Group targets a Spanish aerospace firm. Update your ransomware scorecards: LostTrust is a rebrand of MetaEncryptor. Increased domestic surveillance in Russia, done partly so propaganda can be more effectively targeted. Killnet claims to have hit the British Royal family with a DDoS attack. Michael Denning, CEO at SecureG for Blu Ventures, shares developments in zero trust as a part of our Industry Voices segment. Rob Boyce from Accenture Security talks about Dark Web threat actors targeting macOS. And Cybersecurity Awareness Month begins this week. Learn more about the Blu Ventures Conference here: https://www.bluventureinvestors.com/cyber-venture-forum For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/188 Selected reading. Two or More Ransomware Variants Impacting the Same Victims and Data Destruction Trends (FBI) FBI: Ransomware Actors Launching 'Dual' Attacks (Decipher) A still unpatched 0-day RCE impacts more than 3.5M Exim servers (Security Affairs) New Critical Security Flaws Expose Exim Mail Servers to Remote Attacks (The Hacker News) APT34 deploys new Menorah malware in targeted phishing attack (Candid.Technology) APT34 Deploys Phishing Attack With New Malware (Trend Micro) Iranian APT Group OilRig Using New Menorah Malware for Covert Operations (The Hacker News) Alleged Iranian hackers target victims in Saudi Arabia with new spying malware (Record) North Korean hackers posed as Meta recruiter on LinkedIn (CyberScoop) Lazarus APT Exploiting LinkedIn to Target Spanish Aerospace Firm (Hackread) North Korean Lazarus t
Bonus · Sun, October 01, 2023
Ted Wagner: Get that hands on experience. [CISO] [Career Notes]
This week, we are joined by Ted Wagner, Chief Information Security Officer at SAP National Security Services, or SAP NS2. Ted sits down to share his story on how he got introduced into the industry and why he chose this as a career path. He went straight into the Armyas a second lieutenant in the artillery field after high school, which after his time was up he decided to move on and started working for a company that allowed him to do a management training program. After that he found himself working on IT projects which got him interested in the field. Ted shares that one thing that has helped him throughout his career is teaching about very technical terms and turning it into more operational or business like terms for his students at MIT. He shares that people getting into this field should get as much hands on experience as they can, saying "I think those are all things that can really help someone who may not have all the experience, but this is a pathway to, to learn." We thank Ted for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, September 30, 2023
Downloading cracked software. [Research Saturday]
David Liebenberg from Cisco Talos joins to discussing Talos' discovery of cracked Microsoft Windows software being downloaded by enterprise users across the globe. Downloading and running this compromised software not only serves as an entry point for threat actors, but can serve as a gateway to access control systems and establish backdoors. Talos identified additional malware, including RATs, on endpoints running this cracked software, which allows an attacker to gain unauthorized remote access to the compromised system, providing the attacker with various capabilities, such as controlling the system, capturing screenshots, recording keystrokes and exfiltrating sensitive information. This research article was not published by Cisco Talos' team. Learn more about your ad choices. Visit megaphone.fm/adchoices
S7 E1917 · Fri, September 29, 2023
Malicious ads in a chatbot. A vulnerability gets some clarification. Cl0p switches from Tor to torrents. Influence operations as an adjunct to WMD. And NSA’s new AI Security Center.
Malicious ads in a chatbot. Google provides clarification on a recent vulnerability. Cl0p switches from Tor to torrents. Influence operations as an adjunct to weapons of mass destruction. Our guest Jeffrey Wells, former Maryland cyber czar and partner at Sigma7 shares his thoughts on what the looming US government shutdown will mean for the nation’s cybersecurity. Tim Eades from Cyber Mentor Fund discussing the 3 who’s a cybersecurity entrepreneur needs to consider. And NSA has a new AI Security Center. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/187 Selected reading. Malicious ad served inside Bing's AI chatbot (Malwarebytes) Critical Vulnerability: WebP Heap Buffer Overflow (CVE-2023-4863) (Huntress) Google gives WebP library heap buffer overflow a critical score, but NIST rates it as high-severity (SC Media) A new Chrome 0-day is sending the Internet into a new chapter of Groundhog Day (Ars Technica) Google "confirms" that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129) (Help Net Security) Google quietly corrects previously submitted disclosure for critical webp 0-day (Ars Technica) CL0P Seeds ^_- Gotta Catch Em All! (Unit 42) A ransomware gang innovates, putting pressure on victims but also exposing itself (Washington Post) 2023 Department of Defense Strategy for Countering Weapons of Mass Destruction (US Department of Defense) NSA chief announces new AI Security Center, 'focal point' for AI use by government, defense industry (Breaking Defense) NSA starts AI secu
S7 E1916 · Thu, September 28, 2023
Buckworm APT’s specialized tools. Cyberattack against Johnson Controls. Oversight panel reports on Section 702. Cyber in election security, and in the US industrial base. Hacktivism versus Russia.
The Budworm APT's bespoke tools. Johnson Controls sustains a cyberattack. The US Privacy and Civil Liberties Oversight Board reports on Section 702. The looming government shutdown and cyber risk. Cybersecurity in the US industrial base. X cuts back content moderation capabilities. In our Industry Voices segment, Nicholas Kathmann from LogicGate describes the struggle when facing low cost attacks. Sam Crowther from Kasada shares his team's findings on Stolen Auto Accounts. And Ukrainian hacktivists target Russian airline check-in systems. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/186 Selected reading. Budworm: APT Group Uses Updated Custom Tool in Attacks on Government and Telecoms Org (Symantec Enterprise Blogs) Johnson Controls reports data breach after severe ransomware attack (BeyondMachines) Report on the Surveillance Program Operated Pursuant to Section 702 of the Foreign Intelligence Surveillance Act (U.S. Privacy and Civil Liberties Oversight Board) Split privacy board urges big changes to Section 702 surveillance law (Washington Post) Democrats fear cyberattacks as government shutdown looms (Nextgov.com) Aprio Releases U.S. National Manufacturing Survey, Highlighting the Need for Improved Operational Excellence, Digitization and Cybersecurity Practices (Aprio) Musk's X disabled feature for reporting electoral misinformation - researcher (Reuters) Musk’s X Cuts Half of Election Integrity Team After Promising to Expand It (The Information) Aeroflot, other airlines’ flights delayed over DDoS attack (Cybernews) Learn more about your ad choices. Visit <a href="https://megaphone.fm/adchoices"
S7 E1915 · Wed, September 27, 2023
What up in the underworld’s C2C markets. An update on the Sony hack claims. Notes on cyberespionage, from Russia, China, and parts unknown. And there’s a market for bugs.
A Joint Advisory warns of Beijing's "BlackTech" threat activity. ShadowSyndicate is a new ransomware as a service operation. A Smishing Triad in the UAE. Openfire flaw actively exploited against servers. AtlasCross is technically capable and, above all, "cautious." Xenomorph malware in the wild. DDoS and API attacks hit the financial sector. In our Industry Voices segment, Joe DePlato from Bluestone Analytics demystified dark net drug markets. Our guest is Richard Hummel from Netscout with the latest trending DDoS vectors. And the FCC chair announces plans to restore net neutrality. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/185 Selected reading. CISA, NSA, FBI and Japan Release Advisory Warning of BlackTech, PRC-Linked Cyber Activity (Cybersecurity and Infrastructure Security Agency) Dusting for fingerprints: ShadowSyndicate, a new RaaS player? (Group-IB) Smishing Triad Stretches Its Tentacles into the United Arab Emirates (Security Affairs) Hackers actively exploiting Openfire flaw to encrypt servers (BleepingComputer) Vulnerability in Openfire messaging software allows unauthorized access to compromised servers (Dr.Web) Suspicious New Ransomware Group Claims Sony Hack (Dark Reading) Sony investigates cyberattack as hackers fight over who's responsible (BleepingComputer) Sony Investigating After Hackers Offer to Sell Stolen Data (SecurityWeek) Xenomorph Malware Strikes Again: Over 30+ US Banks Now Targeted (Threat Fabric) The High Stakes of Innovation: Attack Trends in Financial Services (Akamai) FACT SHEET: FCC Chairwoman Rosenworcel Proposes to Restore Net Neutrality Rules (Federal Communications Commission) Ukraine:
S7 E1914 · Tue, September 26, 2023
Crooks phish for guests; spies phish for drone operators. ZenRAT is used in an info-stealing campaign. More MOVEit-related incidents (some involving Cl0p). DeFi platforms hit. The UK hunts forward.
An advanced phishing campaign hits hospitality industry. An information-stealing campaign deploys ZenRAT. More MOVEit-related data breaches are disclosed. Mixin Network suspends deposits and withdrawals. The OpenSea NFT market warns of third-party risk to its API. Phishing for Ukrainian military drone operators. Mr. Security Answer Person John Pescatore shares thoughts in Cisco acquiring Splunk. Ann Johnson from the Afternoon Cyber Tea podcast interviews Deb Cupp sharing a lesson in leadership. And the UK adopts a hunt-forward approach to cyber war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/184 Selected reading. Luxury Hotels Major Target of Ongoing Social Engineering Attack (Cofense) ZenRAT: Malware Brings More Chaos Than Calm (Proofpoint) More MOVEit-related data breaches are disclosed. (CyberWire) Mixin Network suspends deposits and withdrawals. (CyberWire) OpenSea NFT market warns of third-party risk to its API. (CyberWire) Threat Labs Security Advisory: New STARK#VORTEX Attack Campaign: Threat Actors Use Drone Manual Lures to Deliver MerlinAgent Payloads (Securonix) Ukrainian Military Targeted in Phishing Campaign Leveraging Drone Manuals (The Hacker News) British Army general says UK now conducting ‘hunt forward’ operations (Record) Learn more about your ad choices. Visit megaphone.fm/adchoices
S7 E1913 · Mon, September 25, 2023
Cyberespionage in East and Southeast Asia, for both intelligence collection and domestic security, Spyware tools tracked. Shifting cyber targets in Russia’s hybrid war. Securing the Super Bowl.
The Gelsemium APT is active against a Southeast Asian government. A multi-year campaign against Tibetan, Uighur, and Taiwanese targets. Stealth Falcon's new backdoor. Predator spyware is deployed against Apple zero-days. An update on Pegasus spyware found in Meduza devices. There’s a shift in Russian cyberespionage targeting. A rumor of cyberwar in occupied Crimea. In our Industry Voices segment, Amit Sinha, CEO of Digicert, describes digital trust for the software supply chain. Our guest is Arctic Wolf’s Ian McShane with insights on the MGM and Caesars ransomware incident. And if you’re looking for a Super Bowl pick, go with an egg-laying animal…and, oh, the NFL and CISA are noodling cyber defense for the big game. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/183 Selected reading. Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government (Unit 42) Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government (IBM X-Force Exchange) Evasive Gelsemium hackers spotted in attack against Asian govt (BleepingComputer) Unit 42 Researchers Discover Multiple Espionage Operations Targeting Southeast Asian Government (Unit 42) EvilBamboo Targets Mobile Devices in Multi-year Campaign (Volexity) From Watering Hole to Spyware: EvilBamboo Targets Tibetans, Uyghurs, and Taiwanese (The Hacker News) Stealth Falcon preying over Middle Eastern skies with Deadglyph (We Live Security) t Deadglyph: Covertly preying over Middle Eastern skies (LABScon) New stealthy and modular Deadglyph malware used in govt attacks (BleepingComputer) Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics (The Hacker News) <a href="https://blog.google/threat-analysis-group/0-days-exploited-by-com
S8 E54 · Mon, September 25, 2023
Threat intelligence discussion with Chris Krebs. [Special Edition]
In this extended interview, Simone Petrella sits down with Chris Krebs of the Krebs Stamos Group at the mWise 2023 Cybersecurity Conference to discuss threat intelligence . Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sun, September 24, 2023
Merritt Baer: No one has to go down for you to go up. [CISO] [Career Notes]
This week our guest is Merritt Baer, a Field CISO from Lacework, and a cloud security unicorn, sits down to share her incredible story working through the ranks to get to where she is today. Before working at Lacework Merritt served in the Office of the CISO at Amazon Web Services, as part of a small elite team that formed a Deputy CISO. She provided technical cloud security guidance to AWS’ largest customers, like the Fortune 100, on security as a bottom line proposition. She also has experience in all three branches of government and the private sector and served as Lead Cyber Advisor to the Federal Communications Commission. Merritt shares some amazing advice for up and comers into the field, saying "my personal philosophy is that no one has to go down for you to go up. I'm always encouraging my colleagues, um, and other executives to be thinking about how we can, you know, steal, sharpen, steal, how we can be good for each other, how we can collaborate, how we can, um, create more strengths in one another." We thank Merritt for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, September 23, 2023
Behind the Google shopping ad masks. [Research Saturday]
Maxim Zavodchik from Akamai joins Dave to discuss their research on "Xurum: New Magento Campaign Discovered." Akamai researchers have discovered an ongoing server-side template injection campaign that is exploiting digital commerce websites. This campaign targets Magento 2 shops, and was dubbed Xurum in reference to the domain name of the attacker’s command and control (C2) server. The research states "The attacker uses an advanced web shell named “wso-ng” that is activated only when the attacker sends the cookie “magemojo000” to the backdoor “GoogleShoppingAds” component." The research can be found here: Xurum: New Magento Campaign Discovered Learn more about your ad choices. Visit megaphone.fm/adchoices
S7 E1912 · Fri, September 22, 2023
Enter the Sandman. A look at an initial access broker. Iran’s OilRig hits Israeli targets. Cyber ops and soft power. Update on casino ransomware attacks. Bermuda’s government sustains cyberattacks.
A new APT is found: enter Sandman. Tracking an initial access broker called Gold Melody. Iran’s OilRig group is active against Israeli targets. Cyber ops as an instrument of soft power. Recovery and investigation in the casino ransomware attacks. In our Solutions Spotlight, Simone Petrella speaks with MK Palmore from Google Cloud about talent retention and the cybersecurity skills gap. Our guest is Kristen Marquardt of Hakluyt with advice for cyber startups. And Bermuda points to Russian threat actors. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/182 Selected reading. Sandman APT | A Mystery Group Targeting Telcos with a LuaJIT Toolkit (SentinelOne) GOLD MELODY: Profile of an Initial Access Broker (Secureworks) OilRig’s Outer Space and Juicy Mix: Same ol’ rig, new drill pipes (We Live Security) Cyber Soft Power | China's Continental Takeover (SentinelOne) MGM Resorts computers back up after 10 days as analysts eye effects of casino cyberattacks (AP News) MGM Restores Casino Operations 10 Days After Cyberattack (Dark Reading) MGM Resorts computers back up after being down 10 days due to casino cyberattacks (CBS News) MGM says its recovered from cyberattack, employees tell different story (Cybernews) 'Power, influence, notoriety': The Gen-Z hackers who struck MGM, Caesars (Reuters) Apple emergency updates fix 3 new zero-days exploited in attacks (BleepingComputer) Russia linked to cyberattack on government services (Royal Gazette) Learn more about your ad choices. Visit <a href="https://megaphone.fm/adchoice
S7 E1911 · Thu, September 21, 2023
Don’t get snatched. Trends in phishing, cyber insurance claims, and threats to academic institutions. Hacktivism in the hybrid war. Updates on the ICC attack. MGM says its casinos are back.
CISA and the FBI warn of Snatch ransomware. A look at phishing trends. Ransomware is increasingly cited in cyber insurance claims. Trends in cyber threats to academic institutions. A Russian hacktivist auxiliary disrupts Canadian border control and airport sites. The ICC remains tight-lipped concerning cyberattack. N2K’s Simone Petrella sits down with Chris Krebs at the mWise conference. In today’s Threat Vector segment, David Moulton from Unit 42 takes a peek into the modern threat landscape with Wendi Whitmore, SVP of Uniformity. And MGM Resorts says it’s well on the way to recovery. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/181 Threat Vector links. To learn what is top of mind each month from the experts at Unit 42 sign up for their Threat Intel Bulletin . Selected reading. #StopRansomware: Snatch Ransomware (Cybersecurity and Infrastructure Security Agency CISA) 2023 .Phishing Trends (ZeroFox) Cyber Insurance Claims Frequency and Severity Both Increased For Businesses in 1H 2023, Coalition Report Finds (Business Wire) 2023 Cyber Claims Report: Mid-year Update (Coalition) Since 2018, ransomware attacks on the education sector have cost the world economy over $53 billion in downtime alone (Comparitech) Canada blames border checkpoint outages on cyberattack (Record) Cyberattack hits International Criminal Court (SC Media) International Criminal Court hacked amid Russia probe (Register) International Criminal Court under siege in cyberattack that could constitute world’s first cyber war crime (Yahoo News) Our hotels and casinos are operating normally. (FAQ - MGM Resorts) <a href="https://apnews.com/article/vegas-mgm-resorts-caesars-cyberattack-shutdown-a01b9a2606e58e702b
S7 E1910 · Wed, September 20, 2023
Hacking the ICC. ShroudedSnooper active, simple, and novel. New criminal malware used against Chinese-speakers. More on the materiality of cyberattacks.
The International Criminal Court reports a "cybersecurity incident." ShroudedSnooper intrusion activity is both novel and simple. Criminal malware targets Chinese-speaking victims. The costs of insider risk. More on the casino attacks (and related social engineering capers). In our Learning Layer segment, Sam Meisenberg drops into a CISSP tutoring session and offers some test-taking tips. Our guest is Aaron Brazelton, Dean of Admissions and Advancement at the Alabama School of Cyber Technology and Engineering. And the Clorox incident shows how one company navigates unfamiliar new SEC rules. Join Sam Meisenberg as he drops into a CISSP tutoring session talking about the difference between due diligence and due care along with some test-taking tips. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/180 Learning Layer. Learning about the CISSP certification from (ISC)² Selected reading. War crimes tribunal ICC says it has been hacked (Reuters) International Criminal Court says cybersecurity incident affected its information systems last week (AP News) Hackers breached International Criminal Court’s systems last week (BleepingComputer) New ShroudedSnooper actor targets telecommunications firms in the Middle East with novel Implants (Cisco Talos) ShroudedSnooper's HTTPSnoop Backdoor Targets Middle East Telecom Companies (The Hacker News) Chinese Malware Appears in Earnest Across Cybercrime Threat Landscape (Proofpoint) Hackers who breached casino giants MGM, Caesars also hit 3 other firms, Okta says (Reuters) Las Vegas casino ransomware attacks: Okta in the spotlight (The Stack) MGM losing up to $8.4M per day as cyberattack paralyzes slot machines, hotels for 8th straight day: analyst (New York Post) <a href="https://topclassactions.co
S7 E1909 · Tue, September 19, 2023
Ransomware in Colombia. An accidental data exposure. Cyberespionage hits unpatched systems. An attack on IT systems disrupts industrial production. Bots and bad actors.
Colombia continues its recovery from last week's cyberattacks. AI training data is accidentally published to GitHub. The cyberespionage techniques of Earth Lusca. Clorox blames product shortages on a cyber attack. Cybersecurity incidents in industrial environments. Where the wild bots are. Joe Carrigan looks at top level domain name exploitation. Our guest is Kristen Bell from GuidePoint Security with a look at vulnerability vs. exploitability. And there’s talk of potential Russia-DPRK cooperation in cyberspace. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/179 Selected reading. More than 50 Colombian state, private entities hit by cyberattack -Petro (Reuters) Colombia Mulls Legal Action Against US Firm Targeted In Cyber Attack (Barron's) Microsoft mitigated exposure of internal information in a storage account due to overly-permissive SAS token (Microsoft Security Response Center) Microsoft AI Researchers Expose 38TB of Data, Including Keys, Passwords and Internal Messages (SecurityWeek) Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement (Trend Micro) Chinese hackers have unleashed a never-before-seen Linux backdoor (Ars Technica) The Clorox Company FORM 8-K (US Securities and Exchange Commission) Clorox Warns of Product Shortages Following Cyberattack (Wall Street Journal) Clorox warns of product shortages, profit hit from August cyberattack (The Street) Can't find the right Clorox product? A recent cyberattack is causing some shortages (USA Today) <a
S7 E1908 · Mon, September 18, 2023
A quick look at some threats from China and North Korea, some engaged in collection, some in theft. BlackCat and other ransomware operators. And a view of cyberwar from Ukraine’s SSU.
Cyber threats trending from East Asia. The Lazarus Group is suspected in the CoinEx crypto theft. Pig butchering, enabled by cryptocurrency. BlackCat is active against Azure storage. a Ukrainian view of cyber warfare. A US-Canadian water commission deals with a ransomware attack. Eric Goldstein from CISA shares insights on cyber threats from China. Neil Serebryany of Calypso explains the policies, tools and safeguards in place to enable the safe use of generative AI. And more details emerge in the Las Vegas casinos’ ransomware incidents. Danny Ocean, call your office. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/178 Selected reading. Sophistication, scope, and scale: Digital threats from East Asia increase in breadth and effectiveness (Microsoft Security Compliance and Identity) Evidence points to North Korea in CoinEx cryptocurrency hack, analysts say (Record) CoinEx invites hackers to negotiate after suffering data breach (The Times of India BlackCat ransomware hits Azure Storage with Sphynx encryptor (BleepingComputer) MGM websites up, but reservation systems still affected by hack (Las Vegas Review-Journal) The chaotic and cinematic MGM casino hack, explained (Vox) Massive MGM and Caesars Hacks Epitomize a Vicious Ransomware Cycle (WIRED) US-Canada water commission confirms 'cybersecurity incident' (Register) Ukraine's Fusion of Cyber and Kinetic Warfare: Illia Vitiuk's Stand Against Russian Cyber Operations (AFCEA International) Learn more about your ad choices. Visit megaphone.fm/adchoices
S4 E167 · Sun, September 17, 2023
Karl Mattson: Defer gratification. (CISO) [Career Notes]
Karl Mattson, CISO at Noname Security, joins us to share his story. Having started out as a "military brat," traveling the world as the child of a Marine, Karl later joined the Army not long after high school. In the Army, Karl was assigned the career field of intelligence analyst and started working with the NSA. He says that was a real career break. Following the Army, Karl worked in the financial services world as a CISO. At Noname, Karl began by building out internal risk and IT functions into a strong, what he calls spectacular team. Karl recommends "deferring gratification as long as possible" when building your career. He says, "People early in their career, looking at government service, those positions don't, you know, make anybody rich overnight, but they are amazing career cornerstones to build on." He closes sharing the importance of relationships. We thank Karl for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
S7 E299 · Sat, September 16, 2023
A look into the emotions and anxieties of the highest levels of decision-making. [Research Saturday]
Guest Manuel Hepfer from ISTARI shares his research on cyber resilience which includes discussions with 37 CEOs to gain insight into how they manage cybersecurity risk. ISTARI and Oxford University's Saïd Business School dive into the minds and experiences of CEOs on how they manage cybersecurity risk. Ask any CEO to name the issues that keep them awake at night and cybersecurity risk is likely near the top of the list – with good reason. With the accelerating digitalisation of business models comes vulnerability to cyberattack. And while spending on cybersecurity increases every year, so does the number of serious incidents. Even the largest and most technologically advanced companies are not immune. CEOs must formally answer to regulators, shareholders and board members for their organisation’s cybersecurity. Yet the majority (72%) of CEOs we interviewed as part of our research said they were not comfortable making cybersecurity-related decisions. The research and associated article can be found here: Research: The CEO Report on Cyber Resilience Article: Make Cybersecurity a Strategic Asset Learn more about your ad choices. Visit megaphone.fm/adchoices
S7 E1907 · Fri, September 15, 2023
Peach Sandstorm cyberespionage. Criminal attacks against a Colombian telco and two major US casino firms. A thief in the browser. And the Greater Manchester Police are on a virtual manhunt.
"Peach Sandstorm" is an Iranian cyberespionage campaign. A Cyberattack against a telecom provider affects government and corporate online operations in Colombia. Python NodeStealer takes browser credentials. Caesars Entertainment files its 8-K. Some MGM Entertainment systems remain down. Betsy Carmelite from Booz Allen talking about how to leverage cyber psychology. Ron Reiter of Sentra outlines the threats for connected cars. And a third-party incident exposes personal data of the Manchester police. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/177 Selected reading. Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets (Microsoft) Hackers Backed by Iran Caught in Apparent Global Spy Campaign (The Messenger) BNamericas - Colombia cyberattack hits government, corpor... (BNamericas.com) Colombia's judicial branch thrown offline in major cyber attack (Colombia Reports) Casino giant Caesars Entertainment reports cyberattack; MGM Resorts says some systems still down (AP News) Casino Operators Caesars and MGM Still Reeling From Cyber Attacks (Kiplinger.com) Groups linked to Las Vegas cyber attacks are prolific criminal hacking gangs (CyberScoop) MGM still responding to wide-ranging cyberattack as rumors run rampant (Record) Ransomware in the casinos. (CyberWire) MGM Resorts shuts down some systems. (CyberWire) Manchester police officers’ data stolen following ransomware attack on supplier (Record) Contrac
S7 E1906 · Thu, September 14, 2023
Ransomware and materiality. MetaStealer hits businesses. Two looks at cloud risks. His Highness, the Large Language Model.
The MGM Resorts incident is now believed to be ransomware, and how does that inform our view of Materiality of a cyber incident? MetaStealer targets businesses. Cloud access with stolen credentials. The cloud as an expansive attack surface. Johannes Ullrich from SANS describes malware in dot-inf files. In our Industry Voices segment Dave speaks with Oliver Tavakoli, CTO at Vectra, on the complexity and challenges of cloud service security. And welcome back, or not, Your Highness the Large Language Model, Prince of Nigeria. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/176 Selected reading. Caesars Entertainment Paid Millions to Hackers in Attack (Bloomberg) Caesars Paid Ransom After Suffering Cyberattack (Wall Street Journal) The Cyberattack That Sent Las Vegas Back in Time (Wall Street Journal) Pro Take: MGM Casino Hack Shows Challenge in Defending Connected Tech (Wall Street Journal) ALPHV Ransomware Used Vishing to Scam MGM Resorts Employee, Researchers (Hackread) FBI probing MGM Resorts cyber incident as some casino systems still down (Reuters) MGM Resorts says cyberattack could have material effect on company (NBC News) MGM Resorts cybersecurity breach could cost millions, expert says (KLAS) MGM Resorts shuts down some systems because of a “cybersecurity issue.” (Updated.) (CyberWire) macOS Info-Stealer Malware 'MetaStealer' Targeting Businesses (SecurityWeek) “Authorized” to break in: Adversaries use valid credentials to compromise cloud environments (Security Intelligence)
S7 E1905 · Wed, September 13, 2023
How one access broker gets its initial access (it’s through novel phishing). Be alert for deepfakes, US authorities say. The Pentagon’s new cyber strategy. And a reminder: yesterday was Patch Tuesday.
An access broker's phishing facilitates ransomware. 3AM is fallback malware. Cross-site-scripting vulnerabilities are reported in Apache services. US agencies warn organizations to be alert for deepfakes. The US Department of Defense publishes its 2023 Cyber Strategy. Ann Johnson from the Afternoon Cyber Tea podcast speaks with with Jenny Radcliffe about the rise in social engineering. Deepen Desai from Zscaler shares a technical analysis of Bandit Stealer. And a quick reminder: yesterday was Patch Tuesday. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/175 Selected reading. Malware distributor Storm-0324 facilitates ransomware access (Microsoft Security) 3AM: New Ransomware Family Used As Fallback in Failed LockBit Attack (Symantec) Azure HDInsight Riddled With XSS Vulnerabilities via Apache Services (Orca Security) Contextualizing Deepfake Threats to Organizations (US Department of Defense) Bipartisan push to ban deceptive AI-generated ads in US elections (Reuters) DOD Releases 2023 Cyber Strategy Summary (U.S. Department of Defense) New Pentagon cyber strategy: Building new capabilities, expanding allied info-sharing (Breaking Defense) New DOD cyber strategy notes limits of digital deterrence (DefenseScoop) New Pentagon cyber strategy: Building new capabilities, expanding allied info-sharing (Breaking Defense) CISA Releases Three Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency CISA) September 2023 Security Updates (Microsoft Security Re
S7 E1904 · Tue, September 12, 2023
Phishing with Facebook Messenger bots. Redfly hits a national power grid. Nice platform you got there…shame if something happened to it. MGM Resorts grapples with a “cybersecurity issue.”
Phishing with Facebook Messenger accounts. Redfly cyberespionage targets a national grid. The exploit trade in the C2C underground market. Phishing attack exploits Baidu link. A repojacking vulnerability. A hacktivist auxiliary looks to its own interests. Ben Yelin marks the start of the Google antitrust trial. In our Industry Voices segment, Adam Bateman from Push Security explains how identities are the new perimeter. And MGM Resorts are dealing with a “cybersecurity issue.” For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/174 Selected reading. Sponsor with batch-filed whiskers: Ballistic Bobcat’s scan and strike backdoor (ESET) Charming Kitten's New Backdoor 'Sponsor' Targets Brazil, Israel, and U.A.E. (The Hacker News) Iran's Charming Kitten Pounces on Israeli Exchange Servers (Dark Reading) Iranian hackers break into networks of more than 30 companies in Israel (ynetnews) “MrTonyScam” — Botnet of Facebook Users Launch High-Intent Messenger Phishing Attack on Business Accounts (Guardio Labs, via Medium) Facebook Messenger phishing wave targets 100K business accounts per week (BleepingComputer) Vietnamese Hackers Deploy Python-Based Stealer via Facebook Messenger (The Hacker News) Redfly: Espionage Actors Continue to Target Critical Infrastructure (Symantec) Sales and Purchases of Vulnerability Exploits (Flashpoint) Phishing Attack Abuses Baidu Link Redirect, Cloudflare, and Microsoft (Vade) New Exploit Puts Thousands of GitHub Repositories and Millions of Users at Risk (Checkmarx.com) <a href="https://www.securityweek.com/after-microsoft-and-x-hackers-launch-ddos
S7 E1903 · Mon, September 11, 2023
UK's NCA and NCSC release a study of the cybercriminal underworld. HijackLoader's growing share of the C2C market. Russia's hacker diaspora in Turkey. Cyber diplomacy, free and frank..
UK's NCA and NCSC release a study of the cybercriminal underworld. HijackLoader's growing share of the C2C market. Russia's hacker diaspora in Turkey. Author David Hunt discusses his new book, “Irreducibly Complex Systems: An Introduction to Continuous Security Testing.” In our Industry Voices segment, Mike Anderson from Netskope outlines the challenges of managing Generative AI tools. And a senior Russian cyber diplomat warns against US escalation in cyberspace. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/173 Selected reading. Ransomware, extortion and the cyber crime ecosystem (NCSC) HijackLoader (Zscaler) New HijackLoader malware is rapidly growing in popularity (Security Affairs) New HijackLoader Modular Malware Loader Making Waves in the Cybercrime World (Hacker News) Spyware Telegram mod distributed via Google Play (Secure List) Millions Infected by Spyware Hidden in Fake Telegram Apps on Google Play (The Hacker News) 'Evil Telegram' Android apps on Google Play infected 60K with spyware (BleepingComputer) Influx of Russian fraudsters gives Turkish cyber crime hub new lease of life (Financial Times) Russia warns "all-out war" with US could erupt over worsening cyber clashes (Newsweek) New strategy for global cybersecurity cooperation coming soon: State cyber ambassador (Breaking Defense) Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sun, September 10, 2023
Caroline Wong: A passion for teaching. [CSO] [Career Notes]
Caroline Wong, Chief Strategy Officer from Cobalt sits down to share her story of her 15+ years in cybersecurity leadership, including practitioner, product, and consulting roles. As well as being a member of our very own Hash Table, Caroline also authored the popular textbook, Security Metrics: A Beginner's Guide and teachers cybersecurity courses on LinkedIn Learning as well as hosts the Humans of InfoSec podcast. Caroline's father pushed her to start her career in engineering, she went to UC Berkeley and got accepted into their Electrical Engineering and Computer Sciences program. As a college student, she was looking for an internship and found eBay, where she says she worked an entry level position available on the information security team, and says the rest is history. She shares that she loves to teach her peers, and how she would like to be remembered for being a good teacher, saying "I think that my favorite part of the work that I get to do is teaching. Um, and in particular, um, being able to communicate about cybersecurity concepts to a wide audience. I have such tremendous gratitude." We thank Caroline for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, September 09, 2023
No honor in being a criminal. [Research Saturday]
This week, our guest is Reece Baldwin from Kasada discussing their work on "No Honour Amongst Thieves: Unpacking a New OpenBullet Malware Campaign." The Kasada Threat Intelligence team has recently identified a malware campaign targeting users of OpenBullet, a tool popular within criminal communities to conduct credential stuffing attacks. This malware campaign was first uncovered when the team was digging around in a Telegram channel setup to share OpenBullet configurations. Reading through a few of the configurations they identified a function, ostensibly designed to bypass Google’s reCAPTCHA anti-bot solution. Th research states "While the versatility of OpenBullet’s configuration files enable complex attacks, they can also make it difficult for inexperienced attackers to fully understand what requests are being created and what data is being retrieved." The research can be found here: No Honour Amongst Thieves: Unpacking a New OpenBullet Malware Campaign Learn more about your ad choices. Visit megaphone.fm/adchoices
S7 E1902 · Fri, September 08, 2023
Apple issues an emergency patch. Aerospace sector under attack. DPRK spearsphishes security researchers. Notes from the hybrid war, including Starlink’s judgments on jus in bello.
Apple issues emergency patches. "Multiple nation-state actors" target the aerospace sector. The DPRK targets security researchers. SpaceX interrupted service to block a Ukrainian attack against Russian naval units last year. The International Criminal Court will prosecute cyber war crimes. Operation KleptoCapture extends to professional service providers. Malek Ben Salem of Accenture ponders the long-term reliability of LLM-powered applications. Our guest is Elliott Champion from CSC on how cybercriminals are taking advantage of the Threads platform. And congratulations to the SINET 16. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/172 Selected reading. BLASTPASS: NSO Group iPhone Zero-Click, Zero-Day Exploit Captured in the Wild (The Citizen Lab) Apple issues software updates after spyware discoveries (Washington Post) Apple patches two zero-days under attack (CVE-2023-41064, CVE-2023-41061) (Help Net Security) CISA, FBI, and CNMF Release Advisory on Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 | CISA (Cybersecurity and Infrastructure Security Agency CISA) Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 (Cybersecurity and Infrastructure Security Agency CISA) AA23-250A: Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 (Tenable®) CISA Warning: Nation-State Hackers Exploit Fortinet and Zoho Vulnerabilities (The Hacker News) Active North Korean campaign targeting security researchers (Google) Rigged Software and Zero-Days: North Korean APT Caught Hacking Security Researchers (SecurityWeek) Musk 'switched off Starlink in Ukraine over nuclear fears' (
S7 E1901 · Thu, September 07, 2023
Microsoft releases results of investigation into cloud email compromise. A buggy booking service. Adversary emulation for OT networks. Identity protection trends. Notes from the hybrid war.
Microsoft releases results of their investigation into cloud email compromise. A vulnerability affects a resort booking service. Adversary emulation for OT networks. Identity protection and identity attack surfaces. Sanctioning privateers (with a bonus on vacation ideas). Rob Boyce from Accenture Security tracks new trends in ransomware. Our Threat Vector segment features Mastering IR Sniping A Deliberate Approach to Cybersecurity Investigations with Chris Brewer. And Estonia warns of ongoing cyber threats. On this segment of Threat Vector, Chris Brewer , a Director at Unit 42 and expert in digital forensics and incident response, joins host D a vi d Moulton discussing Mastering IR Sniping: A Deliberate Approach to Cybersecurity Investigations. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/171 Threat Vector links. Sniper Incident Response from Cactus Con on GitHub Sniper Incident Response presentation by Chris Brewer on YouTube Selected reading. Results of Major Technical Investigations for Storm-0558 Key Acquisition (Microsoft Security Response Center) Check-Out With Extra Charges - Vulnerabilities in Hotel Booking Engine Explained (Bitdefender) Deep Dive into Supply Chain Compromise: Hospitality's Hidden Risks (Bitdefender) MITRE and CISA release Caldera for OT attack emulation (Security Affairs) MITRE Caldera for OT now available as extension to open-source platform (Help Net Security) Silverfort and Osterman Research Report Exposes Critical Gaps in Identity Threat Protection (Silverfort) United States and United Kingdom Sanction Additional Members of the Russia-Based
S7 E1900 · Wed, September 06, 2023
Agent Tesla still hits unpatched systems. Hot wallet hacks. AI and DevSecOps. Notes on Fancy Bear and NoName057(16). And some curious trends in the cyber labor market.
There’s a new Agent Tesla variant. Lost credentials and crypto wallet hacks. Tension between DevSecOps and AI. Fancy Bear makes an attempt on Ukrainian energy infrastructure. A look at NoName057(16). Tim Starks from the Washington Post's Cybersecurity 202. Simone Petrella and Helen Patton discuss People as a security first principle. And cybersecurity jobs seem to be getting tougher (say the people who are doing them). For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/170 Selected reading. New Agent Tesla Variant Being Spread by Crafted Excel Document (Fortinet Blog) World's Largest Cryptocurrency Casino Stake Hacked for $41 Million (Hackread) Crypto casino Stake.com loses $41 million to hot wallet hackers (BleepingComputer) Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach (KrebsOnSecurity) Global DevSecOps Report on AI Shows Cybersecurity and Privacy Concerns Create an Adoption Dilemma (GitLab) APT28 cyberattack: msedge as a bootloader, TOR and mockbin.org/website.hook services as a control center (CERT-UA#7469) (CERT-UA) Ukraine's CERT Thwarts APT28's Cyberattack on Critical Energy Infrastructure (The Hacker News) Ukraine says an energy facility disrupted a Fancy Bear intrusion (Record) What's in a NoName? Researchers see a lone-wolf DDoS group (Record) New Research from TechTarget’s Enterprise Strategy Group and the ISSA Reveals Continuous Struggles within Cybersecurity Professional Workforce - ISSA International (ISSA International) Life and Times 2023 Download Landing Page (ISSA International) <a href="https://www.esg-global.com/research/the-life-and-time
S7 E1899 · Tue, September 05, 2023
In today’s symposium, we talk about a new strand of Chae$ malware, some developments in social engineering, privateers in a hybrid war, cyber ops as combat support, and some default passwords.
A New variant of Chae$ malware is described. A "Smishing Triad" impersonates postal services. A MinIO storage exploit reported. Okta warns of attackers seeking senior admin privileges. LockBit compromises a UK security contractor. DDoS takes down a German financial regulator's site. Infamous Chisel as GRU combat support. Joe Carrigan on Meta uncovering a Chinese influence effort. Our guest is Connie Stack, CEO of Next DLP, discussing data breach notification procedure. And please -PLEASE- remember to change your default passwords. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/169 Selected reading. Threat Profile: Chae$ 4 Malware (Morphisec) "Smishing Triad" Targeted USPS and US Citizens for Data Theft (Resecurity) 'Smishing Triad' Targeted USPS and US Citizens for Data Theft (Security Affairs) New Attack Vector In The Cloud: Attackers caught exploiting Object Storage Services (Security Joes) Hackers exploit MinIO storage system to breach corporate networks (BleepingComputer) Okta Warns of Social Engineering Attacks Targeting Super Administrator Privileges (The Hacker News) More Okta customers trapped in Scattered Spider's web (Register) Cross-Tenant Impersonation: Prevention and Detection (Okta Security) Breaking: UK MoD attacked by LockBit (Computing) German financial agency site disrupted by DDoS attack since Friday (BleepingComputer) LogicMonitor customers hacked in reported ransomware attacks (BleepingComputer) LogicMonitor customers hit by hackers, because of defau
Bonus · Mon, September 04, 2023
Interview Select: Jeff Welgan, Chief Learning Officer at N2K Networks is expanding on the NICE framework in strategic workforce intelligence. [Interview selects]
This interview from August 25th, 2023 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Dave Bittner sits down with Jeff Welgan, Chief Learning Officer at N2K Networks, to expand on the NICE framework in strategic workforce intelligence. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sun, September 03, 2023
Rick Doten: There is a rainbow of different roles in cybersecurity. [VP] [Career Notes]
This week's guest is Rick Doten, the VP of Information Security at Centene Corporation, he sits down to share his story and provide wise words of wisdom after conquering this industry for 30 years. Rick, like many others in the field started off not knowing what he wanted to do, so he tried out a few things, including doing in-user training and desktop support, eventually evolving to do systems analysis work and designing software. Rick shares that his main day to day roles are spending time helping out the corporate global CISO, CTO, and head of platform within the organization, he shares that his nickname is the neighborhood cat because he's everywhere. Rick shares advice for people getting into the industry for the first time, saying "There is a rainbow of different roles in cyber security, and I feel like I've done all of them in the last 30 years. So there are different things that, that you, the thing that like appeal to you the most because you're going to excel and want to hyper focus on the thing that you really, really are interested in and not the thing that you're not" We thank Rick for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, September 02, 2023
Thwarting Muddled Libra. [Research Saturday]
Kristopher Russo and Stephanie Regan from Palo Alto Networks Unit 42 join Dave to talk about Threat Group Assessment: Muddled Libra. With an intimate knowledge of enterprise information technology, this threat group presents a significant risk even to organizations with well-developed legacy cyber defenses. Posing threats to organizations in the software automation, BPO, telecommunications and technology industries, Muddled Libra is a threat group that favors targeting large outsourcing firms serving high-value cryptocurrency institutions and individuals. The research can be found here: Threat Group Assessment: Muddled Libra Learn more about your ad choices. Visit megaphone.fm/adchoices
S7 E1898 · Fri, September 01, 2023
DPRK cyberespionage update. New cybercriminal TTPs. The state of DevSecOps. Hacktivism and the nation-state. Cyberwar lessons learned. A free decryptor for Key Group ransomware.
A VMConnect supply chain attack is connected to the DPRK. Reports of an aledgedly "fully undetectable information stealer." DB#JAMMER brute forces exposed MSSQL databases. A Cyberattack on a Canadian utility. The state of DevSecOps. A look at hacktivism, today and beyond. Betsy Carmelite from Booz Allen on threat intelligence as part of a third-party risk management program. Our guest is Adam Marré from Arctic Wolf Networks, with an analysis of Chinese cyber tactics. And a free decryptor is released for Key Group ransomware. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/168 Selected reading. VMConnect supply chain attack continues, evidence points to North Korea (ReversingLabs) Securonix Threat Labs Security Advisory: Threat Actors Target MSSQL Servers in DB#JAMMER to Deliver FreeWorld Ransomware (Securonix) Montreal electricity organization latest victim in LockBit ransomware spree (Record) LockBit ransomware gang targets electrical infrastructure organization in Montreal (teiss) [Analyst Report] SANS 2023 DevSecOps Survey (Synopsys) SANS 2023 DevSecOps Survey (Application Security Blog) Government Agencies Report New Russian Malware Targets Ukrainian Military (National Security Agency/Central Security Service) Russian military hackers take aim at Ukrainian soldiers' battle plans, US and allies say (CNN) Ukraine: The First Cyber Lessons (AFCEA International) The Return of Hacktivism: A Temporary Reprise or Here for Good? (ReliaQuest) Decrypting Key Group Ransomware: Emerging
S7 E1897 · Thu, August 31, 2023
GREF and Earth Estries from China. GRU’s Sandworm surfaces again, wielding “Infamous Chisel.” Hacktivist nuisances in the hybrid war. A zero-day is discovered. And the Wolverines are back online.
China deploys tools used against Uyghurs in broader espionage. The Five Eyes call out a GRU cyberespionage campaign. Russian hacktivist auxiliaries hit Czech banks and the platform formerly known as Twitter. A Spring-Kafka zero-day is discovered. Deepen Desai from Zscaler explains RedEnergy Stealer-as-a-Ransomware attacks. Luke Nelson of UHY Consulting on ransomware’s impact on schools. And, hey, go Wolverines: the University of Michigan overcomes a cyberattack that delayed the academic year. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/166 Selected reading. BadBazaar espionage tool targets Android users via trojanized Signal and Telegram apps (We Live Security) Earth Estries Targets Government, Tech for Cyberespionage (Trend Micro) Infamous Chisel Malware Analysis Report (Cybersecurity and Infrastructure Security Agency CISA) UK and allies support Ukraine calling out Russia's GRU for new malware campaign (NCSC) Hackers Attack Czech Banks, Demanding End of Support For Ukraine (Brno Daily) More Russian attacks on Czech banks: Hackers call for end of support to Ukraine (Expats.cz) Anonymous Sudan hacks X to put pressure on Elon Musk over Starlink (BBC News) Contrast Assess uncovers Spring-Kafka deserialization zero day (Contrast Security) U. Michigan restores campus internet after cyberattack disrupts first week of classes (EdScoop) Internet restored on University of Michigan campus, ongoing issues still expected (mlive) University of Michigan isn't disclosing details of internet outage cyberattack (Detroit Free Press)</p
S7 E1896 · Wed, August 30, 2023
An international hunt bags Qakbot’s infrastructure. Anticipating remediation. Adversaries in the middle. More effective phishbait. Air travel disruption was a glitch, not an attack. Hybrid war update.
An international operation takes down Qakbot. Chinese threat actors anticipated Barracuda remediations. A look at adversary-in-the-middle attacks, making phishbait more effective and the emergence of a new ransomware threat. Narrative themes in Russian influence operations. My conversation with Natasha Eastman from (CISA), Bill Newhouse from (NIST), and Troy Lange from (NSA) to discuss their recent joint advisory on post-quantum readiness. Microsoft’s Ann Johnson from Afternoon Cyber Tea speaks with Cyber Threat Alliance President and CEO Michael Daniel about the current state of cybercrime. And when toilet bowls are outlawed, only outlaws will have toilet bowls. Listen to the full conversation with Natasha Eastman, Bill Newhouse, and Troy Lange here: A joint advisory on post-quantum readiness. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/165 Selected reading. Operation Duck Hunt bags Qakbot. (CyberWire) FBI, Partners Dismantle Qakbot Infrastructure in Multinational Cyber Takedown (Federal Bureau of Investigation) Qakbot Malware Disrupted in International Cyber Takedown (US Department of Justice) Law Enforcement Takes Down Qakbot (Secureworks) Qakbot: Takedown Operation Dismantles Botnet Infrastructure (Symantec) Chinese APT Was Prepared for Remediation Efforts in Barracuda ESG Zero-Day Attack (SecurityWeek) Phishing-as-a-Service Gets Smarter: Microsoft Sounds Alarm on AiTM Attacks (The Hacker News) The Lure of Subject Lines in Phishing Emails - How Threat Actors Utilize Dates to Trick Victims (Cofense) The Emergence of Ransomed: An Uncertain Cyber Threat in the Making (Flashpoint) Cancelled flights: Air traffic disruption caused by flight data issue (BBC News) <a href="https://www.understandingwar.org/backgrounder/russian-offensive-c
Bonus · Wed, August 30, 2023
A joint advisory on post-quantum readiness. [Special Edition]
In this extended interview, Dave Bittner sits down with Natasha Eastman from the Cybersecurity and Infrastructure Security Agency (CISA), Bill Newhouse from the National Institute of Standards and Technology (NIST), and Troy Lange from the National Security Agency (NSA) to discuss their their recent joint advisory on post-quantum readiness and how to prepare for post-quantum cryptography. You can find the join advisory here: Quantum-Readiness: Migration to Post-Quantum Cryptography Quantum computing: A threat to asymmetric encryption. Learn more about your ad choices. Visit megaphone.fm/adchoices
S7 E1895 · Tue, August 29, 2023
Name collision. Spawn of LockBit. Quishing the unwary and the hasty. Trends in healthcare cybersecurity. Inquiries surrounding Russia’s hybrid war against Ukraine.
Name collision as a DNS risk. A LockBit derivative is active against targets in Spain. QR codes as phishbait. Cybersecurity trends in Healthcare. A Russian hacktivist auxiliary hits Polish organizations, while investigation of railroad incidents in Poland continues. Ben Yelin looks at the SEC cracking down on NFTs. Mr. Security Answer Person John Pescatore opens up the listener mail bag. And a look at a probably accidental glitch affecting air travel in the UK. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/164 Selected reading. What's in a name? Strange behaviors at top-level domains creates uncertainty in DNS (Cisco Talos) Spain warns of LockBit Locker ransomware phishing attacks (BleepingComputer) Think Before You Scan: The Rise of QR Codes in Phishing (Trustwave SpiderLabs) 78% of Healthcare Organizations Experienced Cyber Incidents in Past Year, 60% of Which Impacted Patient Care (Claroty) Polish stock exchange, banks knocked offline by pro-Russian hackers (Cybernews) Two Men Arrested Following Poland Railway Hacking (SecurityWeek) Century-old technology hack brought 20 trains to a halt in Poland (Cybernews) Poland investigates train mishaps for possible Russian connection (Washington Post) Flight chaos ‘to last for days’ after air traffic control failure (The Telegraph) UK flight chaos could last for days, airline passengers warned (the Guardian) Government can’t rule out cyber attack caused air traffic chaos (MSN) Learn more about your ad choices. Visit megapho
S7 E1894 · Mon, August 28, 2023
DPRK's Lazarus Group exploits ManageEngine issues. SIM swapping as a threat to organizations. Ransomware hits a cloud provider. Spawn of LockBit. Train whistling. Influence laundering.
The DPRK's Lazarus Group exploits ManageEngine issues. A Data breach at Kroll is traced to SIM swapping. Unusually destructive ransomware hits CloudNordic. Spawn of LockBit. Polish trains are disrupted by hacktivists. Rick Howard looks at the MITRE attack framework. Our guests are Andrew Hammond and Erin Dietrick from the International Spy Museum. And Influence laundering as a long-term disinformation tactic. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/163 Selected reading. North Korean APT Hacks Internet Infrastructure Provider via ManageEngine Flaw (SecurityWeek) Lazarus Group exploited ManageEngine vulnerability to target critical infrastructure (Help Net Security) Cyber scams keep North Korean missiles flying (Radio Free Asia) Claimant Data Breached in Genesis, FTX and BlockFi Bankruptcy Cases (Wall Street Journal) Kroll data breach exposes info of FTX, BlockFi, Genesis creditors (BleepingComputer) Crypto investor data exposed by a SIM swapping attack against a Kroll employee (Security Affairs) Kroll Employee SIM-Swapped for Crypto Investor Data (KrebsOnSecurity) Kroll Suffers Data Breach: Employee Falls Victim to SIM Swapping Attack (The Hacker News) FTX bankruptcy handler Kroll discloses data breach (The Stack) CloudNordic Faces Severe Data Loss After Ransomware Attack (Hackread) CloudNordic loses most customer data after ransomware attack | TechTarget (Security) Lockbit leak, research opportunities on tools leaked from TAs (SecureList) LockBit 3.0 Ransomware Builder Leak Gives Rise
Bonus · Sun, August 27, 2023
Dina Haines: Keep the boat afloat. [Partnership manager] [Career Notes]
This week, we welcome Dina Haines, an Industry Partnership Manager with the National Security Agency's Cybersecurity Collaboration Center. Dina found from a young age, she was always interested in the field, taking after her father who worked in the space industry, paving the way for her to fall in love with the field. She worked in the private sector for a bit, moving around every now and again, eventually landing the position she works now. Dina says her day to day job is helping the NSA to bend and protect cyberspace by bringing in private industry. She says "I try to spend a lot of time listening and seeing where people, where they're coming from, where they're at, you know, potentially in their career, where they're at in their job that day, and then try to, um, support them and bring them up and, and float the entire boat." We thank Dina for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, August 26, 2023
Google's not being ghosted from vulnerabilities. [Research Saturday]
Tal Skverer from Astrix Security joins to discuss their work on "GhostToken – Exploiting GCP application infrastructure to create invisible, unremovable trojan app on Google accounts." Astrix’s Security Research Group revealed a 0-day flaw in Google’s Cloud Platform (GCP) on June 19, 2022, which was found to affect all Google users. The research states "The vulnerability, dubbed “GhostToken”, could allow threat actors to change a malicious application to be invisible and unremovable, effectively leaving the victim’s Google account infected with a trojan app forever." Google issued a patch to this vulnerability in April of this year, but researchers explain why this can be severe. The research can be found here: GhostToken – Exploiting GCP application infrastructure to create invisible, unremovable trojan app on Google accounts Learn more about your ad choices. Visit megaphone.fm/adchoices
S7 E1893 · Fri, August 25, 2023
Phishing kits in the C2C market. Cyberespionage, Pyongyang and Beijing editions. Ransomware under the radar. A new hacktivist group says it doesn’t much care for NATO corruption.
Telekopye and the rise of commodified phishing kits. Lazarus Group fields new malware. Implications of China's campaign against vulnerable Barracuda appliances. Abhubllka ransomware's targeting and low extortion demands. Malek Ben Salem of Accenture outlines generative AI Implications to spam detection. Jeff Welgan, Chief Learning Officer at N2K Networks, unpacks the NICE framework and strategic workforce intelligence. And a new hacktivist group emerges, and takes a particular interest in NATO members. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/162 Selected reading. eBay Users Beware Russian 'Telekopye' Telegram Phishing Bot (Dark Reading) Telekopye: Hunting Mammoths using Telegram bot (ESET) Lazarus Group's infrastructure reuse leads to discovery of new malware (Cisco Talos Blog) FBI fingers China for attacks on Barracuda email appliances (Register) Suspected PRC Cyber ActorsContinue to Globally Exploit Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) (FBI) Identifying ADHUBLLKA Ransomware: LOLKEK, BIT, OBZ, U2K, TZW Variants (Netenrich) Ransomware ecosystem targeting individuals, small firms remains robust (Record) Ransomware With an Identity Crisis Targets Small Businesses, Individuals (Dark Reading) Hacking group KittenSec claims to 'pwn anything we see' to expose corruption (CyberScoop) Learn more about your ad choices. Visit megaphone.fm/adchoices
S7 E1892 · Thu, August 24, 2023
Trends in the cybercriminal underworld. The prosecution of Lapsus$ and Tornado Cash. More developments in Russia’s hybrid war.
There’s a new sophistication in BEC campaigns. Trends in brand impersonation–crooks still like to pretend they’re from Redmond. The future of Russian influence operations in the post-Prigozhin era. Andrea Little Limbago from Interos shares insights on the new cyber workforce strategy. In our latest Threat Vector segment David Moulton of Palo Alto Networks is joined by Stephanie Ragan, Senior Consultant at Unit 42 to discuss Muddled Libra. And more on the doxing of a deputy Duma chair, who seems to have been selling hot iPhones as a side hustle (maybe). And the growing problem of Synthetic identity fraud. On this segment of Threat Vector, Stephanie Ragan, Senior Consultant at Unit 42, joins host David Moulton to discuss Muddled Libra. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/162 Selected reading. BEC Trends: Payroll Diversion Dominates and Sneaky Multi-Persona Attacks Emerge (Trustwave) Q2 2023 Threat Landscape Report: All Roads Lead to Supply Chain Infiltrations (Kroll) Microsoft Impersonated Most in Phishing Attacks Among Nearly 350 Brands (Abnormal Security) TransUnion Analysis Finds Synthetic Identity Fraud Growing to Record Levels (TransUnion) Ukraine at D+546: Yevgeny Prigozhin dies in a plane crash. (CyberWire) Without Prigozhin, expect some changes around the edges on Russian influence operations (Washington Post) 2023 H1 Global Threat Analysis Report (Radware) Lapsus$: Court finds teenagers carried out hacking spree (BBC News) British court convicts two teen Lapsus$ members of hacking tech firms (Record) Treasury Designates Roman Semenov, Co-Founder of Sanctioned Virtual Currency Mixer Tornado Cash (U.S. Department of the T
S7 E1891 · Wed, August 23, 2023
A creepy new geolocation payload for Smoke Loader. Speed of criminal attack, malware delivery, and the evolution of malicious AI. Ransomware at a Belgian social services agency.
The Smoke Loader botnet has a creepy new payload. Ransomware gets faster. How AI has evolved in malicious directions. The Snatch ransomware gang threatens to snitch. The FSB continues to use both USBs and phishing emails as attack vectors. A ransomware attack shutters Belgian social service offices. Tim Starks from the Washington Post explains a Biden administration win in a DC court. Our guest Ben Sebree of CivicPlus describes how the public sector could combat cybercrime during cloud adoption. And the deadline for comment on US cybersecurity regulations? It’s been extended. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/161 Selected reading. Smoke Loader Drops Whiffy Recon Wi-Fi Scanning and Geolocation Malware (SecureWorks) Time keeps on slippin’ slippin’ slippin’: The 2023 Active Adversary Report for Tech Leaders (Sophos News) HP Wolf Security Threat Insights Report Q2 2023 | HP Wolf Security (HP Wolf Security) Barracuda XDR Insights: How AI learns your patterns to protect you (Barracuda) Deep Instinct Study Finds Significant Increase in Cybersecurity Attacks Fueled by Generative AI (Deep Instinct) Cyberattack on Belgian social service centers forces them to close (Record) Ukraine’s Military Hacked by Russian Backed USB Malware (Ophtek) Request for Information on Cyber Regulatory Harmonization; Request for Information: Opportunities for and Obstacles To Harmonizing Cybersecurity Regulations (Federal Register) Learn more about your ad choices. Visit megaphone.fm/adchoices
S7 E1890 · Tue, August 22, 2023
A cyberespionage operation of unclear provenance shifts its targets. Cyberattacks on voting in Ecuador. Other notes from the cyber underworld. And doxing the Duma.
HiatusRAT shifts its targets. Ecuador's difficulties with voting is attributed to cyberattacks. Carderbee is an APT targeting Hong Kong. auDA (OOO-duh) turns out not to have been breached. Ukrainian hacktivists claim to dox a senior member of Russia's Duma. Russian influence operations take aim at NATO's July summit. Joe Carrigan describes attacks on LinkedIn accounts. Our guest is John Hernandez from Quest to discuss why he believes the MOVEit flaw is a wakeup call for CISOs. Security, not by obscurity, but by typo. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/160 Selected reading. HiatusRAT Malware Resurfaces: Taiwan Firms and U.S. Military Under Attack (The Hacker News) New HiatusRAT campaign targets Taiwan and U.S. military procurement system (Security Affairs) HiatusRAT Returns after a Hiatus in a Fresh Wave of Attacks (Cyware Labs) No rest for the wicked: HiatusRAT takes little time off in a return to action (Lumen) Ecuador’s national election agency says cyberattacks caused absentee voting issues (Record) Carderbee: APT Group use Legit Software in Supply Chain Attack Targeting Orgs in Hong Kong Resolution of cyber incident (auDA) Ukrainian hackers claim to leak emails of Russian parliament deputy chief (Record) Summit Old, Summit New (Graphika) Summit Old, Summit New: Russia-Linked Actors Leverage New and Old Tactics in Influence Operations Targeting Online Conversations About NATO Summit (Graphika) The simple typo that stopped bank robbers from stealing $1 billion (LAD Bible) Learn more about your ad choices. Visit megaphone.fm/adchoices
S7 E1889 · Mon, August 21, 2023
DPRK tried to hit RoK-US military exercises. Australian domain administrator auDA may have been breached. WoofLocker's tech support scam. US warns of cyber threats to space systems.
The DPRK's Kimsuky attempts to hit joint military exercises. Australian domain administrator auDA (OW-duh) may have been breached. WoofLocker's version of a tech support scam. The US Intelligence Community warns of cyber threats to space systems. Rick Howard looks at forecasting cyber risk. Deepen Desai from Zscaler shares ransomware trends. And more wartime disinformation out of Russia. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/159 Selected reading. Suspected N. Korean Hackers Target S. Korea-US Drills (SecurityWeek) N. Korean Kimsuky APT targets S. Korea-US military exercises (Security Affairs) North Korean hackers target US-South Korea military drills, police say (The Economic Times Cyber incident update (auDA) Australia’s .au domain administrator denies data breach after ransomware posting (Record) Hackers claim to have breached auDA (iTnews) Catching up with WoofLocker, the most elaborate traffic redirection scheme to tech support scams (Malwarebytes) WoofLocker Toolkit Hides Malicious Codes in Images to Run Tech Support Scams (The Hacker News) US warns space companies about foreign spying (Reuters) Intelligence Agencies Warn Foreign Spies Are Targeting U.S. Space Companies (New York Times) US Warns Space Industry of Growing Risks of Spying and Satellite Attacks (Bloomberg) Foreign countries targeting tech from US space companies, intel agencies warn (The HIll) Pentagon urges US space companies to stay vigil
Bonus · Sun, August 20, 2023
Luke Vander Linden: With age comes knowledge. [VP] [Career Notes]
This week, our guest is Luke Vander Linden, Vice President of Membership & Marketing from RH-ISAC and host of the RH-ISAC podcast here at the CyberWire. Luke sits down to share his story all the way back to when he was a very young age where he was a child model and actor to where he is now working in the cyber industry. Luke fell into the marketing field after his time as a child actor, where he really started to find his passion. After finding his passion, he decided to branch out to different areas in the field, working in public libraries and advocacy groups, this is where he started to really enjoy the prospect of working with individuals who support organizations, which got him started in the RH-ISAC world. Luke shares that he wears many hats these days, working in the podcast business while also working on the leadership team at RH-ISAC. His advice for people getting into this industry is "I think with age comes this knowledge, but also with experiences. So, I mean, to that point, don't be afraid to go out there and fail, give it a shot." We thank Luke for sharing his story with us.
Bonus · Sat, August 19, 2023
Politicians targeted by RomCom. [Research Saturday]
Dmitry Bestuzhev from Blackberry joins to discuss their work on "RomCom Resurfaces: Targeting Politicians in Ukraine and U.S.-Based Healthcare Providing Aid to Refugees from Ukraine." Research suggests that the RomCom threat team has been tracked carefully following the geopolitical events surrounding the war in Ukraine, and are now targeting politicians in Ukraine who are working closely with Western countries. This group is different from others in that their focus is more on secrets or information which can be useful in geopolitics and specifically the war in Ukraine, instead of financial gain. The research says "Although it is unclear at this point what initial infection vector was used to kick off the execution chain, previous RomCom attacks used targeted phishing emails to point a victim to a cloned website hosting Trojanized versions of popular software." The research can be found here: RomCom Resurfaces: Targeting Politicians in Ukraine and U.S.-Based Healthcare Providing Aid to Refugees from Ukraine
S7 E1888 · Fri, August 18, 2023
Phishing for Zimbra credentials. Developments in PlayCrypt and Cuba ransomware. #NoFilter exploitation. Cyber gangs (and some services) threaten security researchers. Anglo-Saxonia update.
Phishing for Zimbra credentials. PlayCrypt ransomware described. The Cuba ransomware group adopts new tools. #NoFilter. Cyber criminals threaten security researchers. Our guest is Kevin Paige from Uptycs with thoughts on the Blackhat conference. Eric Goldstein, Executive Assistant Director at CISA joins us discussing next steps on the Secure by Design journey. And Russian disinformation takes on "Anglo-Saxonia." For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/158 Selected reading. Mass-spreading campaign targeting Zimbra users (We Live Security) PlayCrypt Ransomware Group Wreaks Havoc in Campaign Against Managed Service Providers (Adlumin SaaS Security) Cuba Ransomware Deploys New Tools: Targets Critical Infrastructure Sector in the U.S. and IT Integrator in Latin America (BlackBerry) NoFilter Attack: Sneaky Privilege Escalation Method Bypasses Windows Security (The Hacker News) Cyber security researchers become target of criminal hackers (Financial Times) Britain plotting to assassinate pro-Russian leaders in Africa, says Moscow (The Telegraph) Ukraine at D+540: Russification and disinformation. (CyberWire)
S7 E1887 · Thu, August 17, 2023
A seemingly legitimate but actually bogus host for a proxy botnet. PowerShell Gallery vulnerabilities. Cyber incident at Clorox. Scamming would be beta-testers. Cyber updates from Russia’s hybrid war.
Building a proxy botnet. Active flaws in PowerShell Gallery. A cyber incident disrupts Clorox. Scams lure would-be mobile beta-testers. Lessons learned from the Russian cyberattack on Viasat. An update on cyber threats to Starlink. Robert M. Lee from Dragos shares his thoughts on the waves of layoffs that have gone through the industry. Steve Leeper of Datadobi explains mitigating risks associated with illegal data on your network. And hey, world leader: it’s never too late to stop manifesting a chronic cranio-urological condition, as they more-or-less say in the Quantum Realm. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/157 Selected reading. ProxyNation: The dark nexus between proxy apps and malware (AT&T Alien Labs) Massive 400,000 proxy botnet built with stealthy malware infections (BleepingComputer) PowerHell: Active Flaws in PowerShell Gallery Expose Users to Attacks (Aqua Security) Clorox Operations Disrupted By Cyber-Attack (Infosecurity Magazine) Cyber Criminals Targeting Victims through Mobile Beta-Testing Applications (IC3) FBI warns about scams that lure you in as a mobile beta-tester (Naked Security) Incident response lessons learned from the Russian attack on Viasat (CSO Online) Recent Intel Report Reveals New Starlink Vulnerabilities, Increasing Concerns About the Future of Global Satellite Internet (Debrief) Hacked electronic sign declares “Putin is a dickhead” as Russian ruble slumps (Graham Cluley)
S7 E1886 · Wed, August 16, 2023
China accuses the US of cyberespionage. Backdoors found in NetScaler. Account hijacking campaigns. Raccoon Stealer gets an update. Cryptocurrency recovery scams. Narrative control in the hybrid war.
China accuses the US of installing backdoors in a Wuhan lab. NetScaler backdoors are found. A Phishing scam targets executives. LinkedIn sees a surge in account hijacking. Raccoon Stealer gets an update. Cryptocurrency recovery scams. We kick off our new Learning Layer segment with N2K’s Sam Meisenberg. And a Moscow court fines Reddit and Wikipedia, for unwelcome content about Russia's war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/156 Selected reading. Ministry warns of data security risks after US agencies identified behind cyberattack on Wuhan Earthquake Monitoring Center (Global Times) China accuses U.S. intelligence agencies as source behind Wuhan cybersecurity attack (ZDNET) China teases imminent exposé of seismic US spying scheme (Register) 2,000 Citrix NetScaler Instances Backdoored via Recent Vulnerability (SecurityWeek) Cloud Account Takeover Campaign Leveraging EvilProxy Targets Top-Level Executives at over 100 Global Organizations (Proofpoint) LinkedIn Accounts Under Attack (Cyberint) LinkedIn faces surge of account hijacking (Computing) LinkedIn accounts hacked in widespread hijacking campaign (BleepingComputer) Raccoon Stealer malware returns with new stealthier version (BleepingComputer) FBI warns of increasing cryptocurrency recovery scams (BleepingComputer) Russia slaps Reddit, Wikipedia with fines (Cybernews)
S7 E1885 · Tue, August 15, 2023
Investigating China’s Storm-0558. Monti ransomware is back. Evasive phishing. Realtors’ MLS taken down in ransomware incident. News from Russia’s hybrid war. And in-game scams.
New targets of Chinese cyberespionage are uncovered. Monti ransomware is back. An evasive phishing campaign exposed. A Realtors' network taken down by cyberattack. A closer look at NoName057(16). Perspective on cyberwar - remember Pearl Harbor, but don’t see it everywhere. Ben Yelin on the Consumer Financial Protection Bureau’s plans to regulate surveillance tech. Microsoft’s Ann Johnson and Charlie Bell ponder the future of security. And scammers are targeting kids playing Fortnite and Roblox. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/155 Selected reading. Chinese spies who read State Dept. email also hacked GOP congressman (Washington Post) Binary Ballet: China’s Espionage Tango with Microsoft (SecurityHQ) Microsoft Exchange hack to be investigated by US Cyber Safety Board (Computing) Monti ransomware targets VMware ESXi servers with new Linux locker (BleepingComputer) Evasive Phishing Campaign Steals Cloud Credentials Using Cloudflare R2 and Turnstile (Netskope) Cyberattack on Bay area vendor cripples real estate industry (The Real Deal) Intel insiders go undercover revealing fresh details into NoName hacktivist operations (Cybernews) Why the US Military Wants You To Rethink the Idea of 'Cyber War' (The Messenger) A Huge Scam Targeting Kids With Roblox and Fortnite 'Offers' Has Been Hiding in Plain Sight (WIRED)
S7 E1884 · Mon, August 14, 2023
Attacks on industrial systems in Europe and Africa. LolekHosted arrests. Notes from the hybrid war. The CSRB will investigate the cyberespionage campaign that exploited Microsoft Exchange.
An African power generator has been targeted by ransomware. The APT31 group is believed to be responsible for attacks on industrial systems in Eastern Europe. There have been arrests related to the takedown of LolekHosted. Ukraine's SBU has alleged that Russia's GRU is using specialized malware to attack Starlink. Microsoft has decided not to extend licenses for its products in Russia. Rick Howard opens his toolbox on DDOS. In our Solution Spotlight: Simone Petrella and Camille Stewart Gloster discuss the White House release of its cybersecurity workforce and education strategy. And the Cyber Safety Review Board will be investigating cases of cyberespionage against Exchange. Watch the full video of Simone and Camille here: Solution Spotlight: Simone Petrella and Camille Stewart Gloster For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/154 Selected reading. DroxiDat-Cobalt Strike Duo Targets Power Generator Network (Infosecurity Magazine) New SystemBC Malware Variant Targets Southern African Power Company (The Hacker News) Power Generator in South Africa hit with DroxiDat and Cobalt Strike (Security Affairs) Southern African power generator targeted with DroxiDat malware (Record) Common TTPs of attacks against industrial organizations. Implants for uploading data (Kaspersky ICS CERT) APT31 Linked to Recent Industrial Attacks in Eastern Europe (Infosecurity Magazine) Researchers Shed Light on APT31's Advanced Backdoors and Data Exfiltration Tactics (The Hacker News) LOLEKHosted admin arrested for aiding Netwalker ransomware gang (BleepingComputer) Russian spy agencies targeting Starlink with custom malware, Ukraine warns (The Telegraph) Russia Bans iPhone
Bonus · Sun, August 13, 2023
Dr. Georgianna Shea: Don't wait to take the initiative. [Technologist] [Career Notes]
Dr. Georgianna Shea, the Chief Technologist at the Transformative Cyber Innovation Lab at the Foundations for Defensive Democracies (FDD) sits down to share her incredible story, moving around to different roles and how that has lead her to where she is today. Her careers have taken her to many different states throughout the years, as she has learned and grew into the roles she took on, from Hawaii to D.C., Dr. Shea has done it all. Sharing some advice, Dr. Shea says "My words of wisdom are take advantage of every opportunity and don't wait for anybody. I try to mentor people and I talk to young people a lot, you know, trying to get into the field and, and I see a lot of waiting on other people." She explains that you are able to work on your own to become an expert, and taking that initiative will be the thing to get you to where you want to be. We thank Dr. Georgianna Shea for sharing her story with us.
Bonus · Sat, August 12, 2023
It's raining credentials. [Research Saturday]
Alex Delamotte from SentinelLabs joins Dave to discuss their work on "Cloudy With a Chance of Credentials | AWS-Targeting Cred Stealer Expands to Azure, GCP." As actors find more ways to profit from compromising services, SentinelLabs finds that cloud service credentials are becoming increasingly targeted. The lack of threats explicitly targeting Azure and GCP credentials up to this point means there are likely many fresh targets. The research states "These campaigns share similarity with tools attributed to the notorious TeamTNT cryptojacking crew. However, attribution remains challenging with script-based tools, as anyone can adapt the code for their own use." The research can be found here: Cloudy With a Chance of Credentials | AWS-Targeting Cred Stealer Expands to Azure, GCP
S7 E1883 · Fri, August 11, 2023
Tehran’s social engineering. CSRB reports on Lapsus$. Call for comment on open-source standards. Coping with a tight labor market. Two private sector incidents in Russia’s hybrid war.
Charming Kitten collects against Iranian expatriate dissidents. The Cyber Safety Review Board reports on Lapsus$. A Call for comment on open-source, memory-safe standards. How NSA is coping with the cyber labor market. Yandex is restructuring. The Washington Post’s Tim Starks joins us with the latest cyber security efforts from the DOD. Our guest is Dan L. Dodson, CEO of Fortified Health Security with insights on protecting patient data. And How Viasat was hacked. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/153 Selected reading. Germany says Charming Kitten hackers target Iran dissidents (Deutsche Welle) Cyber Safety Review Board Releases Report on Activities of Global Extortion-Focused Hacker Group Lapsus$ (US Department of Homeland Security) Review Of The Attacks Associated with Lapsus$ And Related Threat Groups Report (Cybersecurity and Infrastructure Security Agency CISA) Fact Sheet: Office of the National Cyber Director Requests Public Comment on Open-Source Software Security and Memory Safe Programming Languages (ONCD | The White House) Amid historic hiring surge, NSA considers hybrid, unclassified work options (Federal News Network) Exclusive: Fear of tech 'brain drain' prevents Russia from seizing Yandex for now, sources say (Reuters) Yandex co-founder Volozh slams Russia's 'barbaric' invasion of Ukraine (Reuters) Satellite hack on eve of Ukraine war was a coordinated, multi-pronged assault (CyberScoop)
S7 E1882 · Thu, August 10, 2023
A new Magecart campaign. Gootloader’s legal bait. Cryptowallet vulnerabilities. News from the hybrid war. And DARPA’s AI Cybersecurity Challenge.
A New Magento campaign is discovered. Gootloader malware-as-a-service afflicts law firms. Researchers find security flaws affecting cryptowallets. Panasonic warns of increasing attacks against IoT. A Belarusian cyberespionage campaign outlined. The five cyber phases of Russia's hybrid war, and lessons in resilience from Ukraine's experience. In our Threat Vector segment, Kristopher Russo, Senior Threat Researcher for Unit 42 joins David Moulton to discuss Muddled Libra. Kayla Williams from Devo describes their work benefiting the community at BlackHat. And a new DARPA challenge seeks to bring artificial intelligence to cybersecurity. On this segment of Threat Vector, Kristopher Russo , Senior Threat Researcher for Unit 42, joins host David Moulton to discuss part one of two Muddled Libra. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/152 Threat Vector links. Threat Group Assessment: Muddled Libra Guest: Kristopher Russo: From practitioner to researcher Kristopher Russo has spent years entrenched in various specializations of cybersecurity. As a researcher focused on ransomware and cybercrime he brings a from the trenches perspective to cyber threat intelligence. Selected reading. Xurum: New Magento Campaign Discovered (Akamai) Gootloader: Why your Legal Document Search May End in Misery (Trustwave) Fireblocks Researchers Uncover Vulnerabilities Impacting Dozens of Major Wallet Providers (Fireblocks) New BitForge cryptocurrency wallet flaws lets hackers steal crypto (BleepingCompute Panasonic Warns That IoT Malware Attack Cycles Are Accelerating (WIRED) MoustachedBouncer: Espionage against foreign diplomats in Belarus (We Live Security) Belarus hackers target foreign diplomats with help of local ISPs, researchers say</a
S7 E1881 · Wed, August 09, 2023
Cyberespionage by several intelligence services, some of contracted out. Developments in the cyber underworld. Vulnerabilities reported in CPUs. Some notes on Patch Tuesday.
Reports of a Wide-ranging cyberespionage campaign by China's Ministry of State Security. EvilProxy phishing tool targets executives, and defeats multifactor authentication. Vulnerabilities in CPUs. Yashma ransomware targets a wide range of countries. MacOS threat trends. Is there a Russian attempt to disrupt British elections? Rob Boyce from Accenture checks in from the Blackhat conference. Maria Varmazis talking with Black Hat Aerospace Village's Kaylin Trychon and Steve Luczynski. Ukraine claims to have stopped a Russian spyware campaign. And Patch Tuesday has come and gone, but the vulnerabilities remain–unless, of course, you’ve applied the patches. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/151 Selected reading. Chinese hackers targeted at least 17 countries across Asia, Europe and North America (Record) RedHotel: A Prolific, Chinese State-Sponsored Group Operating at a Global Scale (Recorded Future) Cloud Account Takeover Campaign Leveraging EvilProxy Targets Top-Level Executives at over 100 Global Organizations (Proofpoint) ‘Downfall’ vulnerability leaves billions of Intel CPUs at risk (CyberScoop) New Inception attack leaks sensitive data from all AMD Zen CPUs (BleepingComputer) New Yashma Ransomware Variant Targets Multiple English-Speaking Countries (The Hacker News) Suspected Vietnamese hacker targets Chinese, Bulgarian organizations with new ransomware (Record) Black Hat USA 2023 – Bitdefender macOS Threat Report Reveals Key Dangers for Mac Users (Bitdefender) Russia ‘tops list of suspects’ in cyber attack which exposed data of 40m UK voters (The Telegraph) Electoral Commission hack: Five things you need to know (Computing)
S7 E1880 · Tue, August 08, 2023
Challenges to intelligence-sharing. The complexity of supply-chain security. Ransomware developments. Notes on Russia’s hybrid war, including possible sensor data manipulation.
Reports on a 2020 Chinese penetration of Japan's defense networks. MOVEit-connected supply chain issues aren't over. Akamai looks at the current state of ransomware. Mallox ransomware continues its evolution. Machine identities and shadow access. Ukrainian hacktivist auxiliaries hit Russian websites. Joe Carrigan unpacks statistics recently released by CISA. Our guest is Jeffrey Wheatman from Black Kite discussing the market shift from SRS to cyber risk intelligence. And radiation sensor reports from Chernobyl may have been manipulated. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/150 Selected reading. China hacked Japan’s sensitive defense networks, officials say (Washington Post) Japan says cannot confirm leakage after report says China hacked defence networks (Reuters) MOVEit hack spawned around 600 breaches but isn't done yet - cyber analysts (Reuters) Mallox Ransomware Group Revamps Malware Variants, Evasion Tactics (Dark Reading) TargetCompany Ransomware Abuses FUD Obfuscator Packers (Trend Micro) New IAM Research by Stack Identity Finds Machine Identities Dominate Shadow Access in the Cloud, Revealing Easy Attack Vector for Hackers (Business Wire) Ukraine-Linked Group Claims It Hacked Website Of Moscow Property Registration Bureau (RadioFreeEurope/RadioLiberty) Ukraine-linked group claims it hacked Moscow property registration bureau website – RFE/RL (Euromaidan Press) Pro-Ukrainian hackers breach Moscow engineering service website (New Voice of Ukraine) Ukrainian state agencies targeted with open-source malware MerlinAgent (Record)<
S7 E1879 · Mon, August 07, 2023
Pyongyang’s new friendship with Moscow apparently only goes so far. Reptile rootkit in the wild. Cloudzy updates. Cl0p’s torrents. And notes on cyber phases of Russia’s hybrid war.
North Korean cyberespionage against a Russian aerospace firm. The Reptile rootkit is used against South Korean systems. An update on Cloudzy. Cl0p is using torrents to move data stolen in MOVEit exploitation. Andrea Little Limbago from Interos wonders about the dangers of jumping head first into new technologies? Rick Howard ponders quantum computing. And Meduza is back on Apple Podcasts. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/149 Selected reading. Exclusive: North Korean hackers breached top Russian missile maker (Reuters) North Korean hackers stole secrets of Russian hypersonic missile maker (Euractiv) Comrades in Arms? | North Korea Compromises Sanctioned Russian Missile Engineering Company (SentinelOne) Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems (The Hacker News) UPDATE: Cloudzy Command and Control Provider Report (Halcyon) Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems (The Hacker News) Clop ransomware now uses torrents to leak data and evade takedowns (BleepingComputer) Ukraine may be winning ‘world’s first cyberwar’ (The Kyiv Independent) Apple has removed Meduza’s flagship news podcast ‘What Happened’ from Apple Podcasts, without explaining the reason (Meduza)
Bonus · Sun, August 06, 2023
Manuel Hepfer: Discipline, self motivation, and steam. [Research] [Career Notes]
Manuel Hepfer a cybersecurity researcher from ISTARI sits down to share his story with us. Manuel shares as a kid he was very interested in STEM, and in school he remembered a programming class that he fell in love which made him want to pursue a career in cyber. Studying at the University of Oxford he began working towards acquiring a degree in Cybersecurity and Strategic Management. He found research to be a passion and wanted to share his passion, he decided he wanted to publish, so Manuel published an article in MIT Sloan management review that's titled "Make Cybersecurity a Strategic Asset." He shares that finding a passion, like he did, is the key to working in cyber, saying "I think what I learned at the time is the value of discipline and self motivation. And now you can always come up with a lot of discipline and self motivation, but you'll run out of steam at some point if you're not very passionate about some of the things that you're doing." We thank Manuel for sharing his story with us.
Bonus · Sat, August 05, 2023
Who is that stealing my credentials? [Research Saturday]
Aleksandar Milenkoski from SentinelOne joins to discuss their work on "Kimsuky Strikes Again | New Social Engineering Campaign Aims to Steal Credentials and Gather Strategic Intelligence." Researchers have been tracking the North Korean APT group Kimsuky and their attempt at a social engineering campaign targeting experts in North Korean affairs. The research states "The campaign has the objective of stealing Google and subscription credentials of a reputable news and analysis service focusing on North Korea, as well as delivering reconnaissance malware." Kimsuky has been tracked engaging in extensive email correspondence using spoofed URLs and extensive email correspondence, along with Office documents weaponized with the ReconShark malware. The research can be found here: Kimsuky Strikes Again | New Social Engineering Campaign Aims to Steal Credentials and Gather Strategic Intelligence
S7 E1878 · Fri, August 04, 2023
2022’s top exploited vulnerabilities are still a risk. Rilide in the wild. Abusing a legitimate tool. Malicious PyPi packages. A brief update on the cyber aspects of Russia’s hybrid war.
The Five Eyes warn against top exploited vulnerabilities. The Rilide info stealer in the wild. Malicious PyPI packages. Valerie Abend, Global Cyber Strategy Lead from Accenture, unpacks the Securities and Exchange Commission’s recently announced cyber regulations. In our Solution spotlight: Our own Simone Patrella speaks with Microsoft’s Ann Johnson on how Microsoft is attracting and retaining top cyber talent. And cyber attacks continue to gutter on both sides of Russia's war against Ukraine. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/148 Selected reading. CISA, NSA, FBI, and International Partners Release Joint CSA on Top Routinely Exploited Vulnerabilities of 2022 | CISA (Cybersecurity and Infrastructure Security Agency CISA) CISA, NSA, FBI and International Partners Issue Advisory on the Top Routinely Exploited Vu (National Security Agency/Central Security Service) New Rilide Stealer Version Targets Banking Data and Works Around Google Chrome Manifest V3 (Trustwave) Tunnel Vision: CloudflareD AbuseD in the WilD (GuidePoint Security) VMConnect: Malicious PyPI packages imitate popular open source modules (ReversingLabs) Bilyana Lilly on how cybersecurity assistance to Ukraine has helped thwart Russian cyberattacks (CyberScoop) Microsoft says Russia-linked hackers behind dozens of Teams phishing attacks (Reuters) Ukraine's invisible battle to jam Russian weapons (BBC News) How Ukraine’s cyberwarriors are upending everyday life in Russia (Times)
S7 E1877 · Thu, August 03, 2023
Action in the cybercriminal underworld. Russia’s FSB and SVR are both active, and so are their hacktivist auxiliaries. NSA offers advice on configuring next-generation firewalls.
Open Bullet malware is seen in the wild. Threat actors exploit a Salesforce vulnerability for phishing. BlueCharlie (that’s Russia’s FSB) shakes up its infrastructure. Midnight Blizzard (and that’s Russia’s SVR) uses targeted social engineering. How NoName057(16) moved on to Spanish targets. Robert M. Lee from Dragos shares his reaction to the White House’s national cybersecurity strategy. Our guest Raj Ananthanpillai of Trua warns against oversharing with ChatGPT. And NSA releases guidance on hardening Cisco next-generation firewalls. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/147 Selected reading. No Honour Amongst Thieves: A New OpenBullet Malware Campaign (Kasada) “PhishForce” — Vulnerability Uncovered in Salesforce’s Email Services Exploited for Phishing… (Medium) Hackers exploited Salesforce zero-day in Facebook phishing attack (BleepingComputer) Hackers exploit Salesforce email zero-day for Facebook phishing campaign (Computing) Russia-based hackers building new attack infrastructure to stay ahead of public reporting (Record) Midnight Blizzard conducts targeted social engineering over Microsoft Teams (Microsoft Security) Unraveling Russian Multi-Sector DDoS Attacks Across Spain (Radware) Pro-Russian Hackers Claim Cyberattacks on Italian Banks (MarketWatch) NSA Releases Guide to Harden Cisco Next Generation Firewalls (National Security Agency/Central Security Service) Cisco Firepower Hardening Guide (US National Security Agency)
S7 E1876 · Wed, August 02, 2023
An illicit market in account restoration. Resilience and the cyber workforce: a snapshot. New post-exploitation technique in Amazon Web Services.
An illicit market in account restoration. Resilience and the cyber workforce. New post-exploitation techniques in Amazon Web Services. Incursions into Norwegian government networks went on for four months. Rob Boyce from Accenture Security describes a “Perfect Storm” in the Dark Web threat landscape. Carole Theriault shares mental health social media warnings for teens. And the Russian legislation seeks to reduce or eliminate online privacy. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/146 Selected reading. Amazon employees leak secret info that marketplace sellers can buy on Telegram (CNBC) Cyber Workforce Benchmark Report (Immersive Labs) Mitiga Security Advisory: Abusing the SSM Agent as a Remote Access Trojan (Mitiga) Cado Security Labs 2023 Threat Findings Report (Cado Security) Cyberattack on Norway Ministries Lasted at Least Four Months (Bloomberg) CISA and International Partner NCSC-NO Release Joint Cybersecurity Advisory on Threat Actors Exploiting Ivanti EPMM Vulnerabilities (Cybersecurity and Infrastructure Security Agency) Putin Outlaws Anonymity: Identity Verification For Online Services, VPN Bypass Advice a Crime (TorrentFreak) Russia Is Returning to Its Totalitarian Past (Foreign Policy)
S7 E1875 · Tue, August 01, 2023
Cyberespionage tradecraft, including shopping in the C2C market. Seeking satcom resilience. Sanctions against disinformation. A quick look at current OT threats.
C2-as-a-service with APTs as the customers. Cyberespionage activity by Indian APTs. Gamers under attack. StarLink limits Ukrainian access to its systems. The EU levies new sanctions against “digital information manipulation.” Ukraine's Security Service takes down money-laundering exchanges. Ben Yelin unpacks fediverse security risks. Our guests are Mike Marty, CEO of The Retired Investigators Guild, & Tom Brennan, executive director of CREST, discussing their efforts on cybercrime investigation and cold case resolution. And Nozomi's OT IoT security report, sees a lot of opportunistic, low-grade whacking at industrial organizations. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/145 Selected reading. Cloudzy with a Chance of Ransomware: Unmasking Command-and-Control Providers (C2Ps) (Halcyon) APT Bahamut Targets Individuals with Android Malware Using Spear Messaging - CYFIRMA (CYFIRMA) Hackers steal Signal, WhatsApp user data with fake Android chat app (BleepingComputer) Patchwork Hackers Target Chinese Research Organizations Using EyeShell Backdoor (The Hacker News) Hackers exploit BleedingPipe RCE to target Minecraft servers, players (BleepingComputer) Call of Duty Self-Spreading Worm Takes Aim at Player Lobbies (Dark Reading) Call of Duty worm malware used to hack players exploits years-old bug (TechCrunch) Elon Musk 'refuses to turn on Starlink' for Crimea drone attack (The Telegraph) How Elon Musk Was Able to Exert Control in Ukraine War (The Street) EU strikes Russia again as digital infowar rages on (Cybernews) Ukraine Cracks Down on Illicit Fin
S7 E1874 · Mon, July 31, 2023
The US has a new cyber workforce and education strategy. US hunts disruptive Chinese malware staged in US networks. Malware warnings, and an update on Russia’s hybrid war.
The US issues a National Cyber Workforce and Education strategy. Hunting Chinese malware staged in US networks. CISA warns of Barracuda backdoor. WikiLoader malware is discovered. P2Pinfect is a malware botnet targeting publicly-accessible Redis servers. Johannes Ullrich from SANS describes attacks against YouTube content creators. Rick Howard previews his conversation with AWS Ciso CJ Moses. And Russia’s SVR continues cyberespionage against Ukrainian and European diplomatic services. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/144 Selected reading. FACT SHEET: Biden-Harris Administration Announces National Cyber Workforce and Education Strategy, Unleashing America’s Cyber Talent (The White House) National Cyber Workforce and Education Strategy: Unleashing America’s Cyber Talent (The White House) The White House releases the US National Cyber Workforce and Education Strategy. (CyberWire) US hunts Chinese malware staged to interfere with US military operations. (CyberWire) U.S. Hunts Chinese Malware That Could Disrupt American Military Operations (New York Times) CISA Releases Malware Analysis Reports on Barracuda Backdoors (Cybersecurity and Infrastructure Security Agency CISA) CISA: New Submarine malware found on hacked Barracuda ESG appliances (BleepingComputer) Out of the Sandbox: WikiLoader Digs Sophisticated Evasion (Proofpoint) Cado Security Labs Encounter Novel Malware, Redis P2Pinfect (Cado Security) P2PInfect: The Rusty Peer-to-Peer Self-Replicating Worm (Unit 42)
Bonus · Sun, July 30, 2023
Morgan Adamski: Seeing around corners. [Collaboration] [Career Notes]
Morgan Adamski from the National Security Agency (NSA) sits down to talk about her path to getting into cybersecurity. Remembering back to when she was a kid, she recalls using old technology to chat with friends online, that's where it all began for Morgan. She shares how in high school she fell in love with the concept of debating and being on a team. During her high school career, 9/11 occurred, and she became fascinated with who was behind the biggest attack America had seen in the 21st century, driving her to pursue a degree in National Security. Coming out of college, she was able to get a job in the DIA, after working there for two years, she found herself at the NSA, where she is now. Morgan shares how her leadership style helps her to not only connect dots on problems, but also see around corners, saying "it's not just about connecting the dots, it's about seeing around the corners and so that helps me better predict, um, how do I build an organization that's successful three to five years down the road." We thank Morgan for sharing her story with us.
Bonus · Sat, July 29, 2023
Phishing for leeches. [Research Saturday]
Ashlee Benge from ReversingLabs discussing their research titled "Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attacks." Researchers recently discovered over a dozen malicious packages published to the npm open source repository. These packages are targeting Microsoft 365 users and appear to target application end users while also supporting email phishing campaigns. Research supports that the malicious campaign encompassed more than a dozen files designed to steal sensitive user credentials. The research states "This most recent campaign caught our attention because of a number of features and characteristics in related npm packages that correlate with malicious intent." The research can be found here: Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attacks
S7 E1873 · Fri, July 28, 2023
A new joint advisory from the US and Australia. BackConnect evolution. Cl0p counts coup. Ransomware trends. DDoS for influence. It’s “dot-mil,” Nigel.
A joint warning on IDOR vulnerabilities. IcedID’s BackConnect protocol evolves over one year. Cl0p claims to have accessed data from another Big Four accounting firm. Ransomware victims increased significantly in 2023. Cyberattacks support influence operations. Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger joins us to discuss the Biden Administration's recent cyber initiatives. Eric Goldstein, Executive Assistant Director at CISA, looks at cybersecurity performance goals. And spelling counts. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/143 Selected reading. Preventing Web Application Access Control Abuse (Joint Cybersecurity Advisory: ACSC, NSA, CISA) Inside the IcedID BackConnect Protocol (Part 2) (Team Cymru) Deloitte denies Cl0p data breach impacted client data in wake of MOVEit attack (ITPro) Ransomware Report: Q2 2023 (ReliaQuest) Kenya ICT minister admits cyber-attack on eCitizen portal, insists data secure (The East African) Anonymous Sudan: the group behind recent anti-Kenya cyberattacks (TechCabal) Kenya President Ruto to skip Russia-Africa Summit (The East African) UK accidentally sent military emails meant for US to Russian ally (POLITICO)
S7 E1872 · Thu, July 27, 2023
Mirai hits the honeypots. Medical device telemetry attacked. More on infostealers in the C2C market. Third-party risk management practices. Cyber skills gaps in the UK. SiegedSec hits NATO sites
The Mirai botnet afflicts Tomcat. CardioComm services are downed by cyberattack. Uptycs calls infostealers “organization killers" as related security incidents double in a year. Legacy third-party risk management practices meet with dissatisfaction. Cyber skill gaps reported in the UK's workforce. Our guest is George Prichici of OPSWAT with a look at a Microsoft Teams vulnerability. Our new Threat Vector segment features a conversation with David Moulton and Michael Sikorski on the potential threats from LLMs and AI. And SiegedSec hits NATO sites. On this first segment of Threat Vector, Michael "Siko" Sikorski , CTO & VP of Engineering for Unit 42, joins host David Moulton to discuss LLMs & AI and the impacts to expect on social engineering, phishing, and more. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/142 Threat Vector links. Palo Alto Networks Unit 42 Selected reading. Tomcat Under Attack: Exploring Mirai Malware and Beyond (Aquasec) CardioComm, a provider of ECG monitoring devices, confirms cyberattack downed its services (TechCrunch) Detecting the Silent Threat: 'Stealers are Organization Killers' (Uptycs) Cyber security skills in the UK labour market 2023 (DSIT) NATO investigates alleged data theft by SiegedSec hackers (BleepingComputer) NATO investigating apparent breach of unclassified information sharing platform (CyberScoop) SiegedSec Compromise NATO (Cyberint)
S7 E1871 · Wed, July 26, 2023
A malign AI tool: FraudGPT. Stealer logs in the C2C market. Signs in the blockchain that some Conti alumni are working with the Akira gang. And a kinetic strike against a cyber target.
FraudGPT is a chatbot with malign intent. Stealer logs in the C2C market. Signs in the blockchain that some Conti alumni are working with the Akira gang. Tim Starks from Washington Post's Cybersecurity 202 on the White House’s new National Cyber Director nominee. Maria Varmazis speaks with David Luber, Deputy Director of NSA's Cybersecurity Directorate, on space systems as critical infrastructure. And a kinetic strike against a cyber target: Ukrainian drones may have hit Fancy Bear’s Moscow digs. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/141 Selected reading. FraudGPT: The Villain Avatar of ChatGPT (Netenrich) Stealer Logs & Corporate Access (Flare) Over 400,000 corporate credentials stolen by info-stealing malware (BleepingComputer) The Alarming Rise of Infostealers: How to Detect this Silent Threat (The Hacker News) Conti and Akira: Chained Together (Arctic Wolf) Ukraine-Russia war: Ukraine vows further drone strikes on Moscow and Crimea (The Telegraph)
S7 E1870 · Tue, July 25, 2023
Norway continues to investigate a cyberattack. The view from Russia. Trends in data breaches, ransom payments, and security self-perception. Apple patches iOS.
A zero-day attack of undetermined origin targets government offices in Norway. Russia accuses the US of cyber aggression. Data breaches exact a rising cost. 74% of survey respondents say their company would pay ransom to recover stolen or encrypted data. Executives and security teams differ in their perception of cyber threat readiness. Mr. Security Answer Person John Pescatore looks at risk metrics. Joe Carrigan on a new dark market AI tool called Worm GPT. And Apple issues urgent patches. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/140 Selected reading. Norway says Ivanti zero-day was used to hack govt IT systems (BleepingComputer) Norway investigates cyberattack affecting 12 government ministries (Record) Norwegian government IT systems hacked using zero-day flaw (BleepingComputer) Putin ally accuses US of planning cyberattacks on Russian critical infrastructure (Al Arabiya English) Cost of a Data Breach Report 2023 (IBM Security) Ransom Monetization Rates Fall to Record Low Despite Jump In Average Ransom Payments (Coveware) 2023 Cyber Threat Readiness Report (Swimlane) Apple Releases Security Updates for Multiple Products (Cybersecurity and Infrastructure Security Agency CISA) Apple fixes 16 security flaws with iOS 16.6, two actively exploited (9to5Mac) Apple Rolls Out Urgent Patches for Zero-Day Flaws Impacting iPhones, iPads and Macs (The Hacker News) Apple fixes new zero-day used in attacks against iPhones, Macs (BleepingComputer) i
S7 E1869 · Mon, July 24, 2023
DPRK’s RGB shows improved targeting and tool-sharing. Cl0p updates. Two new RATs. Weak radio encryption standard. Razzlekhan will cop a plea.
North Korea's increasingly supple cyber offensives. A look at Cl0p. The NetSupport RAT's fake update vectors. HotRat is a Trojan that accompanies illegally pirated software and games. Crackable radio encryption standard: a bug or a feature? Chris Novak from Verizon discusses ransomware through the lens of the DBIR. Carole Theriault describes a ransomware attack that hit close to home. And an alleged money-laundering crypto-rapper is back in the news. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/139 Selected reading. North Korea Leverages SaaS Provider in a Targeted Supply Chain Attack | Mandiant (Mandiant) Ransomware Roundup - Cl0p (Fortinet Blog) FakeSG enters the 'FakeUpdates' arena to deliver NetSupport RAT (Malwarebytes) Researchers Find ‘Backdoor’ in Encrypted Police and Military Radios (Vice) Unmasking HotRat: The hidden dangers in your software downloads (Avast) Researchers Find ‘Backdoor’ in Encrypted Police and Military Radios (Vice) Crypto rapper 'Razzlekhan,' husband reach plea deal over Bitfinex hack laundering (Reuters)
Bonus · Sun, July 23, 2023
Don Welch: Being a good leader. [CIO] [Career Notes]
Don Welch, Chief Information Officer from New York University sits down to share his exciting start into his cyber career. Much like many other people who started in this industry, Don went into the military, which is where it all started for him. He was told he needed to take two specialties, and so along with mechanical engineering, he decided to go into computer science as well. After taking his two crafts, he decided to leave the Army and go into the civilian world where he took a couple jobs in cyber. He landed a few jobs at different prestigious universities, including Penn State University, University of Michigan, and now New York University. He shares that being a good leader will take you far in life, saying "I will say that if you are a great leader, ultimately, you sit in your office and do nothing because you have developed your team and empowered them, and they're making all the decisions, everything runs like clockwork and you have nothing to do." We thank Don for sharing is story with us.
S1 E47 · Sun, July 23, 2023
Infostealer Malware 101: mitigating risks and strengthening defenses against this insidious threat. [CyberWire-X]
With the relentless advancements in technology and a workforce more digitally-enabled than ever before, businesses today face an unprecedented challenge of protecting their sensitive information from cybercriminals. Infostealer malware, often disguised as innocuous files or hidden within legitimate-looking emails, stealthily infiltrate employee and contractor devices – managed and unmanaged – exfiltrating all manner of data for the purposes of executing follow-on attacks including ransomware. The data at risk includes customer details, financial information, intellectual property, and R&D plans stolen from compromised applications that were accessed from infostealer-exfiltrated authentication data like credentials and active session cookies/tokens. This episode digs into the proliferation of infostealers and provides actionable steps for businesses of any size or industry to mitigate the threat. In this episode of CyberWire-X, N2K’s CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined in the first half by Hash Table member Rick Doten to discuss the early days of incident response and the current thinking of post-infection remediation (PIR) actions. In the second half of the show, CyberWire podcast host Dave Bittner talks with our episode sponsor SpyCloud’s Director of Security Research, Trevor Hilligoss. They chat about the challenges for enterprises and security leaders to identify what was stolen from malware-infected devices and how proper post-infection remediation implemented into existing incident response workflows can help prevent this data from causing ransomware. Trevor shares highlights from an industry report of over 300+ security leaders from North America and the UK on where they stand on malware identification and remediation, and what additional work can be done to minimize cybercriminals' access and impact.
Bonus · Sat, July 22, 2023
Welcome to New York, it's been waitin' for you. [Research Saturday]
Joshua Miller from Proofpoint joins Dave to discuss findings on "Welcome to New York: Exploring TA453's Foray into LNKs and Mac Malware." In mid May, TA453, also known as Charming Kitten, APT42, Mint Sandstorm, and Yellow Garuda, was found sending a benign conversation lure masquerading as a senior fellow with the Royal United Services Institute (RUSI) to the public media contact for a nuclear security expert at a US-based think tank focused on foreign affairs. The research states that "the email solicited feedback on a project called “Iran in the Global Security Context” and requested permission to send a draft for review." Proofpoint shares it's findings and what you can expect from the threat group. The research can be found here: Welcome to New York: Exploring TA453's Foray into LNKs and Mac Malware
S7 E1868 · Fri, July 21, 2023
Cyberespionage and developments in the cyber underworld, including an offering in the C2C market. Russian hacktivist auxiliaries stay busy (and so do their masters in the organs).
The Lazarus Group targets developers. Threat actors target the banking sector with fake LinkedIn profiles and open source supply chain attacks. Vulnerabilities reported in OpenMeetings. HTML smuggling is sold in the C2C market. Johannes Ullrich from SANS describes attacks against niche web apps. Our guest is Damir Brecic of Inversion6 discussing the privacy and security concerns of Meta's new Threads app. And Romania's SVR reports a pattern of Russian cyberattacks. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/138 Selected reading. GitHub warns of Lazarus hackers targeting devs with malicious projects (BleepingComputer) Cyberattack on GitHub customers linked to North Korean hackers, Microsoft says (Record) Security alert: social engineering campaign targets technology industry employees (The GitHub Blog) First Known Targeted OSS Supply Chain Attacks Against the Banking Sector (Checkmarx) A Twist in the Code: OpenMeetings Vulnerabilities through Unexpected Application State (Sonar) Fresh Phish: HTML Smuggling Made Easy, Thanks to a New Dark Web Phish Kit (INKY) KillNet Showcases New Capabilities While Repeating Older Tactics (Mandiant). Pro-Russian hacktivists increase focus on Western targets. The latest is OnlyFans. (CyberScoop). Anonymous Sudan DDoS strikes dominate attacks by KillNet collective (SC Media) Romanian Intelligence General: All Russian secret services attempted cyber attacks against Romania (ACTMedia)
S7 E1867 · Thu, July 20, 2023
Malvertising meets SEO poisoning. Fast moving on MOVEit exploit remediation. Ransomware trends. Cyberespionage, sanctions, and influence ops. Ave atque vale Kevin Mitnick.
Sophos analyzes malvertising through purchased Google Ads. The MOVEit vulnerability is remediated faster than most. The DeliveryCheck backdoor is used against Ukrainian targets. SORM is under stress. Ukrainian police roll up another bot farm working in support of Russian influence operations. AJ Nash from ZeroFox provides insights on the White House cybersecurity labeling program. David Moulton from Palo Alto Networks Unit 42 introduces his new segment "Threat Vector." And we bid farewell to Kevin Mitnick. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/137 Selected reading. Bad ad fad leads to IcedID, Gozi infections (Sophos News) New research reveals rapid remediation of MOVEit Transfer vulnerabilities (Bitsight) GRIT Ransomware Report-2023-Q2 (Guidepoint Security) Russia’s Turla hackers target Ukraine’s defense with spyware (Record) Russian Hackers Probe Ukrainian Defense Sector With Backdoor (Bank Info Security) Russia’s vast telecom surveillance system crippled by withdrawal of Western tech, report says (Record) Ukraine’s cyber police dismantled a massive bot farm spreading propaganda (Security Affairs) Kevin David Mitnick, August 6, 1963 - July 16, 2023 . (Dignity Memorial)
S7 E1866 · Wed, July 19, 2023
Patches and exploits. Watching threats develop in the dark web. Spyware vendors added to the US Entity List. WhatsApp risk. And notes from the hybrid war.
Vulnerabilities are identified and patched in Citrix Netscaler products and Adobe Coldfusion. The banking sector should be monitoring the dark web for leaked credentials and insider threats. Spyware vendors are added to the US Entity List. WhatsApp accounts may be at risk. Verizon’s Chris Novak shares insights on Log4j from this year’s DBIR. Our guest is Candid Wüest of Acronis discussing the findings of their Year-end Cyberthreats Report. Skirmishes in the cyber phases of Russia's war. And how do you demobilize cyber forces (especially the auxiliaries) once the war is over? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/136 Selected reading. Exploited 0-days, an incomplete fix, and a botched disclosure: Infosec snafu reigns New critical Citrix ADC and Gateway flaw exploited as zero-day (BleepingComputer) Citrix alerts users to critical vulnerability in Citrix ADC and Gateway (Computing) Adobe, Microsoft and Citrix vulnerabilities draw warnings from CISA (Record) Active Exploitation of Multiple Adobe ColdFusion Vulnerabilities (Rapid7) Dark Web Threats Against The Banking Sector › Searchlight Cyber (Searchlight Cyber) WhatsApp Remote Deactivation Warning For 2 Billion Users (Forbes) The United States Adds Foreign Companies to Entity List for Malicious Cyber Activities - United States Department of State (United States Department of State) Commerce Adds Four Entities to Entity List for Trafficking in Cyber Exploits (Bureau of Industry and Security) Russian hackers may be behind 'DDoS' attack on NZ Parliament website</
S7 E1865 · Tue, July 18, 2023
Some guidance from the US government (including device security labels). Supply chain security. Developments in the cyber underworld (including a gang with some perverse integrity).
The US Federal government issues voluntary security guidelines. Possible privilege escalation within Google Cloud. An APT compromises JumpCloud. FIN8 reworks its Sardonic backdoor and continues its shift to ransomware. Ben Yelin looks at privacy legislation coming out of Massachusetts. Our guest is Alastair Parr of Prevalent discussing GDPR and third party risk. And some noteworthy Russian cyber crime–they don’t seem to be serving any political masters; they just want to get paid. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/135 Selected reading. Biden-Harris Administration Announces Cybersecurity Labeling Program for Smart Devices to Protect American Consumers (The White House) The Biden administration announces a cybersecurity labeling program for smart devices (AP News) CISA Develops Factsheet for Free Tools for Cloud Environments (Cybersecurity and Infrastructure Security Agency CISA) Free Tools for Cloud Environments (CISA) NSA, CISA Release Guidance on Security Considerations for 5G Network Slicing (Cybersecurity and Infrastructure Security Agency CISA) ESF Members NSA and CISA Publish Second Industry Paper on 5G Network Slicing (National Security Agency/Central Security Service) Bad.Build: A Critical Privilege Escalation Design Flaw in Google Cloud Build Enables a Supply Chain Attack (Orca Security) Orca: Google Cloud design flaw enables supply chain attacks (Security | TechTarget) Google fixes ‘Bad.Build’ vulnerability affecting Cloud Build service (Record) <a href="https://www.bleepingcomputer.com/news/security/jumpcloud-discloses-breach-by-state-
S7 E1864 · Mon, July 17, 2023
Developments in the C2C market. Cyberespionage against Westminster. Notes from Russia’s hybrid war. And don’t take that typo to Timbuktu.
WormGPT is a new AI threat. TeamTNT seems to be back. Chinese intelligence services actively pursue British MPs. Gamaredon's quick info theft. Russia’s FSB bans Apple devices. The troll farmers of the Internet Research Agency may not yet be down for the count. Anonymous Sudan claims a "demonstration" attack against PayPal, with more to come. Carole Theriault looks at popular email lures. My conversation with N2K president Simone Petrella on the White House’s National Cybersecurity Strategy Implementation Plan. And, friends, don’t take this typo to Timbuktu. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/134 Selected reading. WormGPT, an "ethics-free" text generator. (CyberWire) TeamTNT (or someone a lot like them) may be preparing a major campaign . (CyberWire) Chinese government hackers ‘frequently’ targeting MPs, warns new report (Record) Gamaredon hackers start stealing data 30 minutes after a breach (BleepingComputer) Russia-linked APT Gamaredon starts stealing data from victims between 30 and 50 minutes after the initial compromise (Security Affairs) Armageddon in Ukraine – how one Russia-backed hacking group operates (CyberSecurity Connect) Russian hacking group Armageddon increasingly targets Ukrainian state services (Record) Russia bans officials from using iPhones in U.S. spying row (Apple Insider) Prigozhin's Media Companies May Resume Work As Mutiny Fallout Dissipates, FT Reports (Radio Free Europe | Radio Liberty) Anonymous Sudan claims it hit PayPal with 'warning' DDoS cyberattack (Tech Monitor) Typo leaks millions of US military emails to Mali web operator (Financial
Bonus · Sun, July 16, 2023
Jennifer Addie: Finding creative solutions. [COO] [Career Notes]
Jennifer Addie, COO and CWO from VentureScope and MACH37 Cyber Accelerator sits down to share her incredible story, bringing creativity into the cyber community. Growing up Jennifer always loved the human side of things, and learning that she had a knack for computers helped her to realize what type of field she wanted to pursue as an adult. She started working jobs dealing in programming, database administration, product development, and it was there in the design of those products where she felt the deep need for security, emerging as critical in her consciousness. She shares how she likes to be on a personal level with the people she works with, always wondering where people came from and why they are passionate, being a very interactive leader. Jennifer also says that she believes bringing creativity into the field is what helps her solve any form of problem the best stating "I absolutely agree with the idea that, that creativity is far more than artistic capability. It is very much centered on problem solving and in fact, the master's degree that I received in creativity focuses on creative problem solving as a process." We thank Jennifer for sharing her story with us.
Bonus · Sat, July 15, 2023
SCARLETEEL zaps back again. [Research Saturday]
Michael Clark from Sysdig joins with Dave to discuss their research on SCARLETEEL 2.0: Fargate, Kubernetes, and Crypto. New research from Sysdig threat researchers found that the group continues to thrive with improved tactics. Most recently, they gained access to AWS Fargate, a more sophisticated environment to breach, thanks to their upgraded attack tools. The research states "In their most recent activities, we saw a similar strategy to what was reported in the previous blog: compromise AWS accounts through exploiting vulnerable compute services, gain persistence, and attempt to make money using cryptominers." Had Sysdig not thwarted SCARLETEEL's attack, they estimated that they would have mined $4,000 per day until they were stopped. The research can be found here: SCARLETEEL 2.0: Fargate,Kubernetes, and Crypto
S7 E1863 · Fri, July 14, 2023
Update on Chinese cyberespionage incident. ICS vulnerabilities. USB attacks. New KEVs. Updates from Russia's hybrid war, as hacktivists swap DDoS attacks and observers draw lessons learned.
Developments in the case of China's cyberespionage against government Exchange users. Industrial controller vulnerabilities pose a risk to critical infrastructure. USB attacks have risen three-fold in the first half of 2023. CISA adds two vulnerabilities to its Known Exploited Vulnerabilities Catalog. Ghostwriter's continued activity focuses on Poland and Ukraine. Hacktivist auxiliaries swap DDoS attacks. Awais Rashid from University of Bristol shares insights on threat modeling. Our guest is Chris Cochran from Huntress on the challenges small and medium sized businesses face with cyber security. And lessons learned from cyber warfare in Russia's war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/133 Selected reading. UK says it's working with Microsoft to understand impact of Chinese email hack (Reuters) What we know (and don’t know) about the government email breach (Washington Post) Yet Another MS CVE: Don’t Get Caught In The Storm! (Cynet) China Hacking Was Undetectable for Some Who Had Less Expensive Microsoft Services (Wall Street Journal) Security flaws in Honeywell devices could be used to disrupt critical industries (TechCrunch) APT Exploit Targeting Rockwell Automation Flaws Threatens Critical Infrastructure (SecurityWeek) Rockwell Automation ControlLogix Bugs Expose Industrial Systems to Remote Attacks (The Hacker News) USB drive malware attacks spiking again in first half of 2023 (BleepingComputer) CISA Adds Two Known Vulnerabilities to Catalog (Cybersecurity and Infrastructure Security Agency CISA) Malicious campaigns target government, military and civilian entities in Ukraine, Poland (Cisco Talos
S7 E1862 · Thu, July 13, 2023
Taking steps to stop a Chinese APT. Implementing the US National Cybersecurity Strategy. LokiBot is back. Malware masquerading as a proof-of-concept. Swapping cyber ops in a hybrid war.
CISA and the FBI issue a joint Cybersecurity Advisory on exploitation of Microsoft Exchange Online. Implementing the US National Cybersecurity Strategy. FortiGuard discovers a new LokiBot campaign. Training code turns out to be malicious in a new proof-of-concept attack discovered on GitHub. Russia resumes its pursuit of a "sovereign Internet." The GRU's offensive cyber tactics. Chris Novak from Verizon discusses business email compromise and the 2023 DBIR. Our guest is Joy Beland of Summit 7 on the role of Managed Service Providers in the supply chain to the Defense Industrial Base. And a probable Ukrainian false-flag operation. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/132 Selected reading. CISA and FBI Release Cybersecurity Advisory on Enhanced Monitoring to Detect APT Activity Targeting Outlook Online (Cybersecurity and Infrastructure Security Agency CISA) Enhanced Monitoring to Detect APT Activity Targeting Outlook Online (Cybersecurity and Infrastructure Security Agency CISA) How a Cloud Flaw Gave Chinese Spies a Key to Microsoft’s Kingdom (WIRED) Chinese hackers breached U.S. and European government email through Microsoft bug (Record) FACT SHEET: Biden-Harris Administration Publishes the National Cybersecurity Strategy Implementation Plan | The White House (The White House) National Cybersecurity Strategy Implementation Plan (White House) LokiBot Campaign Targets Microsoft Office Document Using Vulnerabilities and Macros (Fortinet Blog) New PoC Exploit Found: Fake Proof of Concept with Backdoor Malware (Uptycs) Russia Is Trying to Leave the Internet and Build Its Own (Scientific American) The GRU's Disruptive Playbook (Mandiant)
S7 E1861 · Wed, July 12, 2023
Cyberespionage and used car salesmen. Email extortion through embarrassment, not encryption. The personal is the professional. And a look back at Patch Tuesday.
A Chinese threat actor hits US organizations with a Microsoft cloud exploit. Open source tools allow threat actors to exploit a loophole in Microsoft's kernel driver authentication procedures. A RomCom update. Beamer phishbait, email extortion attacks and digital blackmail. A new report concludes companies allowing personal employee devices onto their network are opening themselves to attack. Tim Starks from the Washington Post looks at Microsoft’s recent woes. Our guest is Eyal Benishti from IRONSCALES with insights on business email compromise. And a July Patch Tuesday retrospective. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/131 Selected reading. Mitigation for China-Based Threat Actor Activity (Microsoft On the Issues) Microsoft mitigates China-based threat actor Storm-0558 targeting of customer email (Microsoft Security Response Center) Chinese hackers breach U.S. government email through Microsoft cloud (Washington Post) U.S. Government Emails Hacked in Suspected Chinese Espionage Campaign (Wall Street Journal) Old certificate, new signature: Open-source tools forge signature timestamps on Windows drivers (Cisco Talos Blog) Storm-0978 attacks reveal financial and espionage motives (Microsoft Security) Microsoft: Unpatched Office zero-day exploited in NATO summit attacks (BleepingComputer) Diplomats Beware: Cloaked Ursa Phishing With a Twist (Unit 42) Russian hackers lured embassy workers in Ukraine with ad for a cheap BMW (Reuters) Threat spotlight: Extortion attacks (Barracuda) The SpyCloud Malware Readiness And Defense Report (SpyCloud) <a href="https://msrc.microsoft.com/u
S7 E1860 · Tue, July 11, 2023
Collective defense in cyberspace. Notes on gangs, privateers, and hacktivist auxiliaries. Amazon Prime Day is now a commercial holiday (like Black Friday): crooks have noticed–stay safe.
NATO considers Article 5 in cyberspace, while Cyberattacks conducted in the Russian interest target the NATO summit. Anonymous Sudan remains a nuisance-level irritant. Cl0p's surprising use of MOVEit exploits. Asylum Ambuscade is a case study in privateering. There are reports of a breach at Razer. An indictment in a cyber incident at a California water treatment facility. Genesis Market's fire sale. Carole Theriault on the data Amazon customers provide with some suggestions on curbing it. Our guest is Dmitri Bestuzhev, senior director in Cyber Threat Intelligence for Blackberry. And Amazon Prime Day is upon us–the crooks have noticed. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/130 Selected reading. A Cybersecurity Wish List Ahead of NATO Summit (SecurityWeek) NATO’s Christian-Marc Lifländer on how the alliance can take a ‘proactive’ cyber stance (Record) Ukraine has set the standard on software power (POLITICO) RomCom Threat Actor Suspected of Targeting Ukraine's NATO Membership Talks at the NATO Summit (BlackBerry) Threat group testing more sophisticated DDoS hacks, authorities warn (Cybersecurity Dive) Move It on Over: Reflecting on the MOVEit Exploitation (Huntress) Cl0p has yet to deploy ransomware while exploiting MOVEit zero-day (SC Media) Asylum Ambuscade: crimeware or cyberespionage? (WeLiveSecurity) Crimeware Group Asylum Ambuscade Ventures Into Cyber-Espionage (Infosecurity Magazine) Razer investigates data breach claims, resets user sessions (BleepingComputer) Razer Data Breach: Alleged Database and Backend Access Sold for $100k (HackRead) <a href="https://vulcanpost.com/832994/razer-potential-breach-hacker-demands-us100k-in-crypt
S7 E1859 · Mon, July 10, 2023
New phishing campaigns hit Microsoft 365 and Adobe users. Big Head ransomware. Multichain bridge compromised. CISA adds a KEV. Progress patches MOVEit. Telegram's role in Russia's war.
New phishing campaigns afflict users of Microsoft 365 and Adobe. An analysis of Big Head ransomware. Multichain reports a crypto heist with over $100 million stolen. CISA makes an addition to the Known Exploited Vulnerability Catalog. Progress Software issues additional MOVEit patches. The FBI’s Deputy Assistant Director for Cyber Cynthia Kaiser joins us with examples of the agency’s technical disruption operations. Our guest is Scott Piper Principal Cloud Security Researcher at Wiz sharing findings of their State of the Cloud 2023 report. And Telegram's role in news about Russia's war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/129 Selected reading. M365 Phishing Email Analysis – eevilcorp (Vade Secure) New Phishing Attack Spoofs Microsoft 365 Authentication System (HackRead) Tailing Big Head Ransomware’s Variants, Tactics, and Impact (Trend Micro) New ‘Big Head’ ransomware displays fake Windows update alert (BleepingComputer) Unfolding Cybersecurity Crisis: Aptos Network and Multichain Face Cyber-Attacks (CryptoMode) More than $125 million taken from crypto platform Multichain (Record) Exploit of Fantom, Moonriver and Dogechain Crypto Bridges Confirmed by Multichain Team (CoinDesk) CISA Adds One Known Vulnerability to Catalog (CISA) Google patches 43 Android Vulnerabilities Including 3 actively exploited zero-days (Cyber Security News) Progress Software Releases Service Pack for MOVEit Transfer Vulnerabilities (CISA) After Zero-Day Attacks, MOVEit Turns to Security Service Packs (SecurityWeek) Killnet as
Bonus · Sun, July 09, 2023
Eric Tillman: A creative way into cyber. [Intelligence] [Career Notes]
Eric Tillman, Chief Intelligence Officer at N2K Networks sits down and shares his incredibly creative journey. Eric loved being creative from a young age. When he started to think about a career he wanted to incorporate his love of creativity into his love for tech and turn it into an intelligence career. Eric started by joining the Navy, which set him on this path to work in cyber where he shared his talents with several big companies, including, Booz Allen Hamilton, Lockheed Martin, and Okta, eventually ending up at our very own N2K Networks. Eric shares the advice that there is something for everyone in this field, and even though he wanted to start his journey in a creative way, he found that combining his love for tech and art helped him to pave the way to where he is now. He says " A lot of people get here from a very technical background and um, it really almost doesn't matter um, where you came from, there is something in cybersecurity that takes advantage of the skills that you bring to the table and, um, either way, there's plenty of room here for everyone." We thank Eric for sharing his story with us.
S1 E12 · Sun, July 09, 2023
Moez Kamel and the cybersecurity ecosystem for New Space. [T-Minus Deep Space]
Moez Kamel, Threat Management Specialist at IBM Security, joins us on T-Minus Deep Space for a special edition all about the cybersecurity ecosystem in the New Space industry. You can follow Moez on LinkedIn and his work at IBM’s Security Intelligence blog . Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space , and you’ll never miss a beat . And be sure to follow T-Minus on Twitter and LinkedIn . Selected Reading Cybersecurity in the Next-Generation Space Age, Pt. 1: Introduction to New Space Cybersecurity in the Next-Generation Space Age, Pt. 2: Cybersecurity Threats in the New Space Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space Cybersecurity in the Next-Generation Space Age, Pt. 4: New Space Future Development and Challenges Audience Survey We want to hear from you! Please complete our 4 question survey . It’ll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit . Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.
Bonus · Sat, July 08, 2023
Creating PANDA-monium. [Research Saturday]
Thomas Etheridge from CrowdStrike sits down to discuss their work on "Business as Usual: Falcon Complete MDR Thwarts Novel VANGUARD PANDA (Volt Typhoon) Tradecraft" In May of 2023, industry and government sources detailed China-nexus activity where they found the threat actor dubbed Volt Typhoon targeted U.S. based critical infrastructure entities. CrowdStrike's Intelligence team tracked this actor as VANGUARD PANDA. With CISA’s advisory on VANGUARD PANDA and its link to Chinese adversaries who are increasingly targeting US businesses and critical infrastructure, CrowdStrike’s blog dives deeper into the risks of VANGUARD PANDA. The research says "One specific VANGUARD PANDA incident stands out to review in detail. Falcon Complete responded to a detection that was triggered by suspicious reconnaissance commands executed under an Apache Tomcat web server running ManageEngine ADSelfService Plus." The research can be found here: Business as Usual: Falcon Complete MDR Thwarts Novel VANGUARD PANDA (Volt Typhoon) Tradecraft
S7 E1858 · Fri, July 07, 2023
Joint advisory warns of Truebot. Operation Brainleaches in the supply chain. API key reset at Jumpcloud. More MOVEit vulnerability exploitation.
US and Canadian agencies warn of Truebot. A look at "Operation Brainleaches." Jumpcloud resets API keys. An update on the MOVEit vulnerability exploitation. Andrea Little Limbago from Interos shares insights on rising geopolitical instability. Our guest is Mike Hamilton from Critical Insight discussing what you need to know about NIST 2.0. OSCE trains Ukrainian students in cybersecurity. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/128 Selected reading. CISA and Partners Release Joint Cybersecurity Advisory on Newly Identified Truebot Malware Variants (Cybersecurity and Infrastructure Security Agency CISA) Increased Truebot Activity Infects U.S. and Canada Based Networks | CISA (Cybersecurity and Infrastructure Security Agency CISA) Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attacks (ReversingLabs) Mandatory JumpCloud API Key Rotation (JumpCloud) JumpCloud resets admin API keys amid ‘ongoing incident’ (BleepingComputer) JumpCloud Says All API Keys Invalidated to Protect Customers (SecurityWeek) More organizations confirm MOVEit-related breaches as hackers claim to publish stolen data (TechCrunch) Important information about MOVEit Transfer cyber security incident | Shell Global (Shell Global) Shell Confirms MOVEit-Related Breach After Ransomware Group Leaks Data (SecurityWeek) OSCE helps future generation of Ukraine’s law enforcers and emergency personnel build skills for safe work in cyberspace (OSCE)
S7 E1857 · Thu, July 06, 2023
The Port of Nagoya continues its recovery from ransomware. Charming Kitten ups its game. Spyware in the Play store. Risks to electrical infrastructure. And a quick update on hacktivist auxiliaries.
LockBit 3.0 claims responsibility for Nagoya ransomware attack. Charming Kitten sighting. Spyware infested apps found in Google Play. Threats and risks to electric vehicle charging stations. Solar panels and cyberattacks. Dave Bittner speaks with Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA, to talk about CISA’s effort for companies to build safety into tech products.Rick Howard sits down with Clarke Rodgers of AWS to discuss the mechanics of CISO roundtables. And Hacktivist auxiliaries remain active in Russia's hybrid war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/127 Selected reading. Pro-Russian hackers target Port of Nagoya, disrupting loading of Toyota parts (The Japan Times) Port of Nagoya resumes operations later than planned after Russian hack (The Japan Times) Ransomware Halts Operations at Japan's Port of Nagoya (Dark Reading) Nagoya Port Faces Disruption After Ransomware Attack (Infosecurity Magazine) Welcome to New York: Exploring TA453's Foray into LNKs and Mac Malware | Proofpoint US (Proofpoint) Two spyware tied with China found hiding on the Google Play Store (Pradeo) EV Charger Hacking Poses a ‘Catastrophic’ Risk (WIRED) Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks (SecurityWeek) The Continued Expansion of Cyber Incidents by Non-State Actors in the War in Europe (OODA Loop). Russian railway site allegedly taken down by Ukrainian hackers (Record)
S7 E1856 · Wed, July 05, 2023
Cyberespionage, extortion, and DDoS as instruments of state policy. Ransomware continues to trouble a wide range of targets across many sectors.
Chinese cyberespionage campaign against European governments. The Port of Nagoya closes over ransomware attack. BlackCat and SEO poisoning. LockBit seeks to extort a semiconductor manufacturer. Professionals in the cyber underworld. CISA issued a DDoS alert for US companies and government agencies. Microsoft debunks claims of data theft by Anonymous Sudan. Matt O'Neill from the US Secret Service speaks with Dave Bittner about sextortion. Rick Howard sits down with Michael Fuller of AWS to talk about the kill chain. And Avast releases a free decryptor for Akira. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/126 Selected reading. Chinese Threat Actors Targeting Europe in SmugX Campaign - Check Point Research (Check Point Research) Hackers target European government entities in SmugX campaign (BleepingComputer) Chinese hackers target European embassies with HTML smuggling technique (Record) Japan’s largest port stops operations after ransomware attack (BleepingComputer) BlackCat ransomware pushes Cobalt Strike via WinSCP search ads (BleepingComputer) BlackCat Operators Distributing Ransomware Disguised as WinSCP via Malvertising (The Hacker News) TSMC Says Supplier Hacked After Ransomware Group Claims Attack on Chip Giant (SecurityWeek) TSMC confirms data breach after LockBit cyberattack on third-party supplier (TechCrunch) Taiwan Semiconductor Denies LockBit's $70M Hack Claim (Bank Info Security) Semiconductor giant says IT supplier was attacked; LockBit makes related claims (Record) DoS and DDoS Attacks against Multiple Sectors (Cybersecurity and Infrastructure Security Agency CISA)
S8 E51 · Tue, July 04, 2023
Two viewpoints on the National Cybersecurity Strategy. [Special Edition]
Earlier this month, the White House released the National Cybersecurity Strategy, the first issued since 2018. The strategy refocuses roles, responsibilities, and resource allocations in the digital ecosystem, with a five pillar approach. Those pillars are: defending critical infrastructure, disrupting threat actors, shaping market forces to drive security and resilience, investing in a resilient future, and forging international partnerships. We wanted to delve into the strategy and its intended effects further, so Dave Bittner spoke with representatives from industry and inside government. Dave first speaks with Adam Isles , Principal and Head of Cybersecurity Practice at The Chertoff Group, sharing industry's take on the strategy. Following that conversation, Dave had a discussion with Steve Kelly , Special Assistant to the President and Senior Director for Cybersecurity and Emerging Technology at the National Security Council, for a look at the strategy from inside the White House. Links to resources: Point of View: 2023 National Cybersecurity Strategy The Chertoff Group's blog National Cybersecurity Strategy 2023 US GAO Snapshot: Cybersecurity: Launching and Implementing the National Cybersecurity Strategy
S4 E163 · Mon, July 03, 2023
Interview Select: Will Markow, VP of Applied Research from Lightcast, is talking with Simone Petrella about how to use data to make strategic workforce decisions.
This interview from June 16th, 2023 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Simone Petrella sits down with Will Markow, VP of Applied Research from Lightcast, to discuss how to use data to make strategic workforce decisions. You can also view the video of the full interview here: Simone Petrella and Will Markow discuss workforce management.
Bonus · Sun, July 02, 2023
Liji Samuel: Leaping beyond the barrier. [Certification] [Career Notes]
Liji Samuel from NSA sits down to share her exciting career path through the years until she found a job working for as Chief of Standards and Certification at NSA's Cyber Collaboration Center. She starts by sharing that she had always wanted to work in the STEM field, explaining that growing up she was surrounded with older cousins who were choosing STEM careers and it became an interesting topic for her. She accounts working for a number of companies that helped her grow into the role she is in now. Cybersecurity became a big buzzword for her, causing her to step out of the agency into US cyber command to help take up a management position for the architecture and engineering division. From there, she continued her cybersecurity journey first as the exploration director before moving into where she is now. Liji shares that there were barriers along the way that she had to endure and hop over to get to the right path. She says "So there are challenges and barriers that come across constantly with our work. Um, one just has to pause and reflect on how we can work with it, around it, or influence like our stakeholders and jointly create a vision around it." We thank Liji for sharing her story with us.
Bonus · Sat, July 01, 2023
The power behind artificial intelligence. [Research Saturday]
Daniel dos Santos, Forescout's Head of Security Research is sharing insights from a recent exercise his team conducted on AI-assisted attacks for OT and unmanaged devices. Using ChatGPT, Forescout’s research team converted an existing OT exploit developed in Python to run on Windows to demonstrate how easy it is to create an AI-assisted attack that converts the original exploit into alternative programming languages. The research states "our goal was to convert an existing OT exploit developed in Python to run on Windows to the Go language using ChatGPT." This would then allow it to run faster on Windows and run easily on a variety of embedded devices. The research can be found here: AI-Assisted Attacks Are Coming to OT and Unmanaged Devices – the Time to Prepare Is Now
S7 E1855 · Fri, June 30, 2023
CISA would like agencies to look to their management interfaces. Hacktivist auxiliaries and a role for OSINT in Russia’s hybrid war against Ukraine.
US Federal Government working to secure management interfaces. NoName057(16)’s DDoSia campaign grows, and targets Wagner, post-insurrection. Update: Unidentified hackers attack Russian satellite communications company, claiming to be Wagner. The role of OSINT in tracking Russia's war. Manoj Sharma of Symantec discusses trends he's hearing about generative AI. Becky Weiss from AWS talks with Rick Howard about the math behind their security. Cyber awareness over a holiday. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/125 Selected reading. CISA Wants Exposed Government Devices Remediated In 14 Days (Dark Reading) 50 US Agencies Using Unsecured Devices, Violating Policy (Bank Info Security) CISA working with agencies to pull exposed network tools from public internet (Record) Following NoName057(16) DDoSia Project’s Targets (Sekoia.io Blog) Pro-Russia DDoSia hacktivist project sees 2,400% membership increase (BleepingComputer) Hackers attack Russian satellite telecom provider, claim affiliation with Wagner Group (CyberScoop) Hackers claim to take down Russian satellite communications provider (Record) Days of Chaos: How OSINT Helps Us Understand the Putin-Prigozhin Schism (Flashpoint) Preparing for cyber threats over the Fourth of July. (CyberWire)
S7 E1854 · Thu, June 29, 2023
Something new, in ransomware. Notes on cyberespionage by the Lazarus Group and Charming Kitten. Security CI/CD operations. FINRA says hold the emojis. Dispatches from the hybrid war’s cyber front.
8base ransomware is overlooked and spiking. GuLoader targets law firms. Akira ransomware for Linux systems targets VMs. Kaspersky tracks the Lazarus group: typos and mistakes indicating an active human operator. Charming Kitten goes spearphishing. Securing continuous integration/continuous delivery operations. No emojis for the SEC, please.Unconfirmed reports say the Wagner Group hacked a Russian satellite communications provider. Our guest is Hanan Hibshi from Carnegie Mellon's picoCTF team. Chris Novak from Verizon discusses their 2023 Data Breach Investigations Report (DBIR). And Anonymous Sudan wants you to know that they’re not just a bunch of deniable Russian crooks–where’s the love, man? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/124 Selected reading. 8Base Ransomware: A Heavy Hitting Player (VMware Security Blog) GuLoader Campaign Targets Law Firms in the US (Morphisec) Akira Ransomware Extends Reach to Linux Platform (Cyble) Andariel’s Mistakes Uncover New Malware in Lazarus Group Campaign (Infosecurity Magazine) Charming Kitten Updates POWERSTAR with an InterPlanetary Twist (Volexity) CISA and NSA Release Joint Guidance on Defending Continuous Integration/Continuous Delivery (CI/CD) Environments | CISA (Cybersecurity and Infrastructure Security Agency CISA) NSA and CISA Best Practices to Secure Cloud Continuous Integration/Continuous Delivery Environments (National Security Agency/Central Security Service) Wall Street Regulators’ New Target: Emojis (Wall Street Journal) Russian satellite telecom Dozor allegedly hit by hackers (Cybernews) Hacking Group Says It Attacked Microsoft for Sudan. Experts Say Ru
S7 E1853 · Wed, June 28, 2023
Two threats in the wild, and a third in proof-of-concept. Swiss intelligence expects an uptick in Russian cyberespionage. Privateers and auxiliaries in a hybrid war.
JokerSpy afflicts Macs. ThirdEye (not so blind). Mockingjay process injection as proof-of-concept. Switzerland expects Russia to increase cyberespionage as agent networks are disrupted. The fracturing of Conti, and the rise of its successors. The Washington Post’s Tim Starks explains the security of undersea cables. Our guest is Brian Johnson of Armorblox to discuss Social Security Administration impersonation scams. And the "UserSec Collective" says it's recruiting hacktivists for the Russian cause. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/123 Selected reading. JokerSpy macOS malware used to attack Japanese crypto exchange (AppleInsider) Prominent cryptocurrency exchange infected with previously unseen Mac malware (Ars Technica) New Fast-Developing ThirdEye Infostealer Pries Open System Information (Fortinet Blog) Process Mockingjay: Echoing RWX In Userland To Achieve Code Execution (Security Joes) New Mockingjay Process Injection Technique Could Let Malware Evade Detection (The Hacker News) New Mockingjay process injection technique evades EDR detection (BleepingComputer) Ukraine war made Switzerland hub for Chinese, Russian spies: Swiss intelligence (South China Morning Post) Swiss intelligence warns of fallout in cyberspace as West clamps down on spies (Record) The rise and fall of the Conti ransomware group (Global Initiative) The Trickbot/Conti Crypters: Where Are They Now? (Security Intelligence) <a href="https://thecyberwire.com/stories/aa7bc4a94c25497a96cbb6cae12749f1/ukraine-at-d489-an-influence-co
S7 E1852 · Tue, June 27, 2023
Anatsa Trojan's new capabilities. Third-party breach hits airlines. Gas station blues. What’s up with the Internet Research Agency? Infrastructure threats. And DDoS grows more sophisticated.
Anatsa Trojan reveals new capabilities. Airlines report employee data stolen in a third-party breach. Canadian energy company SUNCOR reports a cyberattack. What of the Internet Research Agency? Microsoft warns of a rising threat to infrastructure. Joe Carrigan describes an ill-advised phishing simulation. Mr. Security Answer Person John Pescatore takes on zero days. And DDoS grows more sophisticated. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/122 Selected reading. Anatsa banking Trojan hits UK, US and DACH with new campaign (TreatFabric) Anatsa Android trojan now steals banking info from users in US, UK (BleepingComputer) Thousands of American Airlines and Southwest pilots impacted by third-party data breach (Bitdefender) American Airlines, Southwest Airlines disclose data breaches affecting pilots (BleepingComputer) American Airlines, Southwest Airlines Impacted by Data Breach at Third-Party Provider (SecurityWeek) Recruitment portal exposes data of US pilot candidates (Register) Suncor Energy says it experienced a cybersecurity incident (Reuters) Suncor Energy cyberattack impacts Petro-Canada gas stations (BleepingComputer) Canadian oil giant Suncor confirms cyberattack after countrywide outages (Record) Wagner and the troll factories (POLITICO) Cyber risks to critical infrastructure are on the rise (CEE Multi-Country News Center) The lowly DDoS attack is showing sig
S7 E1851 · Mon, June 26, 2023
Updates on Russia’s hybrid war. Transparent Tribe is back, with cyberespionage. A Trojanized version of Super Mario is out, and law enforcement seizes BreachForum’s domain.
Russian ISPs blocked Google News as tension with the Wagner Group mounted Friday. Ukrainian hacktivist auxiliaries break into Russian radio broadcasts. New EU sanctions are directed against Russian IT firms. Transparent Tribe resurfaces against Indian military and academic targets. Unauthorized access is the leading cause of data breaches for the fifth year in a row. Trojanized Super Mario Brothers game spreads SupremeBot malware. Today, guests discuss the cybersecurity skills gap. Paul Rebasti of Lockheed Martin shares what they are doing to fill cybersecurity skills gap. Jenny Brinkley joins us from AWS Re:Inforce discusses opportunities from the cybersecurity skills gap. And law enforcement agencies seize BreachForums' web domain. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/121 Selected reading. Ukraine at D+487: After the march on Moscow. (CyberWire) Ukraine at D+486: The march on Moscow is over. (CyberWire) Ukraine at D+485: “We are dying for the Russian people.” (CyberWire) U.S. spies learned in mid-June Prigozhin was planning armed action in Russia (Washington Post) Google News Blocked in Russia as Feud With Mercenary Leader Intensifies (New York Times) Air War: Pro-Ukraine Hackers Increasingly Breaking Into Russian Broadcasts With Anti-Kremlin Messages (RadioFreeEurope/RadioLiberty) Fresh EU sanctions hit Russian IT firms (Computing) Pakistan based hackers target Indian Army, education sector in new cyber attack (Telangana Today) Pakistan-based hackers target Indian Army, education sector in new cyber attack (PGURUS) ‘Transparent Tribe’ comes out of hiding (Pune Times Mirror) <a href="https://www.forgerock.com/resources/analyst-report/2023-forgeroc
Bonus · Sun, June 25, 2023
Slavik Markovich: Time is of the essence. [CEO] [Career Notes]
Slavik Markovich, CEO of Descope joins Dave to discuss his career as a serial entrepreneur. Before Descope, he co-founded and was the CEO of Demisto, a leader in the SOAR industry, which was acquired by Palo Alto Networks in 2019 for $560M, where he then served as SVP of Products. Before co-founding Demisto, Slavik was VP & CTO of database technologies at McAfee. He joined McAfee via the acquisition of Sentrigo, a database security startup he co-founded and served as CTO for. He goes into depth of his career changes throughout the years and how that has helped lead him to where he is now in his career. He shares that as a CEO and found of multiple companies he values time and hard workers. He says " I think we really stress the importance of, uh, of responsibility. So if, if you kinda take something, you, you make sure to finish it and on time, if you promise to do something, you do that. And so that's really important for us." We thank Slavik for sharing his story with us.
Bonus · Sat, June 24, 2023
Unleashing the crypto gold rush. [Research Saturday]
Ian Ahl from Permiso's PØ Labs joins Dave to discuss their research on "Unmasking GUI-Vil: Financially Motivated Cloud Threat Actor." First observing the group in 2021, they discovered GUI-vil is a financially motivated threat group primarily focused on unauthorized cryptocurrency mining activities. The research states "the group has been observed exploiting Amazon Web Services (AWS) EC2 instances to facilitate their illicit crypto mining operations." This group is dangerous because unlike many groups focused on crypto mining, GUI-Vil apply a personal touch when establishing a foothold in an environment. The research can be found here: Unmasking GUI-Vil: Financially Motivated Cloud Threat Actor
S7 E1850 · Fri, June 23, 2023
Two sets of China-linked cyberespionage activities. Mirai’s new vectors. A Cozy Bear sighting. Anonymous Sudan gets less anonymous.
An update on Barracuda ESG exploitation. Camaro Dragon’s current cyberespionage tools spread through infected USB drives. The Mirai botnet is spreading through new vectors. Midnight Blizzard is out and about . Ukraine is experiencing a "wave" of cyberattacks during its counteroffensive. Karen Worstell from VMware shares her experience with technical debt. Rick Howard speaks with CJ Moses, CISO of Amazon Web Services. And Anonymous Sudan turns out to be no more anonymous or Sudanese than your Uncle Louie. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/120 Selected reading. Barracuda ESG exploitation (Proofpoint) Beyond the Horizon: Traveling the World on Camaro Dragon’s USB Flash Drives (Check Point Research) Chinese malware accidentally infects networked storage (Register) Akamai SIRT Security Advisory: CVE-2023-26801 Exploited to Spread Mirai Botnet Malware (Akamai). Mirai botnet targets 22 flaws in D-Link, Zyxel, Netgear devices (BleepingComputer) Neuberger: Ukraine experiencing a ‘surge’ in cyberattacks as it executes counteroffensive (Record) Microsoft warns of rising NOBELIUM credential attacks on defense sector (HackRead). Anonymous Sudan: neither anonymous nor Sudanese (Cybernews)
S7 E1849 · Thu, June 22, 2023
Cyber spies and vulnerability goodbyes. RedLine Stealer and Vidar: the cryptkeepers. Social engineering TTPs.
North Korea's APT37 deploys FadeStealer to steal information from its targets. Apple patches vulnerabilities under active exploitation. Access to a US satellite is being hawked in a Russophone cybercrime forum. Russian hacktivist auxiliaries say they’ve disrupted IFC.org. Unmasking pig-butchering scams. Social engineering as a method of account takeover. Fraudsters seen abusing generative AI. Sergey Medved from Quest Software describes the “Great Cloud Repatriation”. Mark Ryland of AWS speaks with Rick Howard about software defined perimeters. And embedded URLs in malware. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/119 Selected reading. RedEyes Group Wiretapping Individuals (APT37) (Ahn Lab) Apple fixes iPhone software flaws used in widespread hacks of Russians (The Washington Post) Apple issues emergency patch to address alleged spyware vulnerability (Cyberscoop) Apple patch fixes zero-day kernel hole reported by Kaspersky – update now! (Sophos) Military Satellite Access Sold on Russian Hacker Forum for $15,000 (HackRead) Well done. Russian hackers shut down the IMF (Dzen.ru) Why Malware Crypting Services Deserve More Scrutiny (KrebsOnSecurity) Unmasking Pig-Butchering Scams And Protecting Your Financial Future (Trend Micro) Classic Account Takeover via the Direct Deposit Change (Avanan) Q2 2023 Digital Trust & Safety Index (Sift) Compromised Domains account for over 50% of Embedded URLs in Malware Phishing Campaigns (Cofense)
S7 E1848 · Wed, June 21, 2023
A “flea” on the wall conducts cyberespionage. Cl0p update. Astrology finds its way into your computer systems. Fancy Bear sighted, again.
The Flea APT sets its sights on diplomatic targets. An update on the Cl0p gang’s exploitation of a MOVEit vulnerability. Unpatched TP-Link Archer routers are meeting their match in the Condi botnet. The Muddled Libra threat group compromises companies in a variety of industries. A look into passwordless authentication. Derek Manky of Fortinet describes the Global Threat Landscape. Rick Howard speaks with Rod Wallace from AWS about data lakes. And Fancy Bear noses its way into Ukrainian servers. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/118 Selected reading. Graphican: Flea Uses New Backdoor in Attacks Targeting Foreign Ministries (Symantec) Ke3chang (MITRE) Third MOVEit vulnerability raises alarms as US Agriculture Department says it may be impacted (The Record) PwC and EY impacted by MOVEit cyber attack (Cybersecurity Hub) Norton Parent Says Employee Data Stolen in MOVEit Ransomware Attack (SecurityWeek) MOVEit hack: Gang claims not to have BBC, BA and Boots data (BBC) US govt offers $10 million bounty for info on Clop ransomware (BleepingComputer) Condi DDoS Botnet Spreads via TP-Link's CVE-2023-1389 (Fortinet) CVE-2023-1389 Detail (NIST) Download for Archer AX21 V3 (TP-Link) Threat Group Assessment: Muddled Libra (Unit 42) Axiad and ESG Survey: 82% of Respondents Indicate Passwordless Authentication is a Top Five Priority (PR Newswire) APT28 group used three Roundcube exploits (CVE-2020-35730, CVE-2021-44026, CVE-2020-12641) during another espionage campaign (CERT-UA#6805) (CERT-UA) <a href="https://www.recordedfuture.com/bluedelta-exploits-ukrainian-government-roun
S7 E1847 · Tue, June 20, 2023
Reddit sees bad luck as a BlackCat attack crosses their path. The C2C market is more mystical nowadays. Hacktivist auxiliaries and false flags in the hybrid war.
The BlackCat gang crosses Reddit’s path, threatening to leak stolen data. Mystic Stealer malware evades and creates a feedback loop in the C2C market. RDStealer is a new cyberespionage tool, seen in the wild. The United States offers a reward for information on the Cl0p ransomware gang. KillNet, REvil, and Anonymous Sudan form a "DARKNET Parliament" and “sanction” the European banking system. The British Government commits £25 million in cybersecurity aid to Ukraine. Ben Yelin explains cyber disclosure rules proposed by the SEC. Rick Howard speaks with Nancy Wang of AWS about the importance of backups and restores. And what researchers are turning up in cloud honeypots. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/117 Selected reading. Reddit: Hackers demand $4.5 million and API policy changes (Computing) Mystic Stealer – Evolving “stealth” Malware (Cyfirma) Mystic Stealer: The New Kid on the Block (Zscaler) Unpacking RDStealer: An Exfiltration Malware Targeting RDP Workloads (Bitdefender) MOVEit Transfer and MOVEit Cloud Vulnerability (Progress Software) CVE-2023-35708 Detail (NIST) U.S. Energy Dept gets two ransom notices as MOVEit hack claims more victims (Reuters) US govt offers $10 million bounty for info on Clop ransomware (BleepingComputer) Ransomware Group Starts Naming Victims of MOVEit Zero-Day Attacks (SecurityWeek) A bear in wolf’s clothing: Insights into the infrastructure used by Anonymous Sudan to attack Australian organisations (CyberCX) Anonymous Sudan: Religious Hacktivists or Russian Front Group? (Trustwave) UK to give Ukraine m
Bonus · Sun, June 18, 2023
Lorna Mahlock: Build bridges. [Combat support] [Career Notes]
Major General Lorna Mahlock, Deputy Director for Combat Support from the National Security Agency (NSA) sits down with Dave to discuss her long and impressive career leading up to he working for one of the most prestigious security agencies. Originally born in Kingston, Jamaica, Lorna immigrated to Brooklyn, New York and enlisted in the United States Marine Corps as a field radio operator. She shares how eye opening the military was for her, moving through ranks, and eventually landing into working at the Pentagon for the Chairman of the Joint Chiefs of staff. She moved around widening her array of paths, landing in her current role. Lorna shares some wisdom, mentioning how she likes to talk about ladders and how useful creating ladders in life can be, she says "I think about ladders in terms of horizontal component, in that you can create bridges, right? And, um, ways over obstacles, uh, for, for not only, uh, for yourself, but for others and an entire organization." We thank Lorna for sharing her story with us.
Bonus · Sat, June 17, 2023
Managing machine learning risks. [Research Saturday]
Our guest, Johannes Ullrich from SANS Institute, joins Dave to discuss their research on "Machine Learning Risks: Attacks Against Apache NiFi." Using their honeypot network, researchers were able to collect some interesting data about a threat actor who is currently going after exposed Apache NiFi servers. Researchers state “On May 19th, our distributed sensor network detected a notable spike in requests for ‘/nifi.’” Investigating further, they instructed a subset of their sensors to forward requests to an actual Apache NiFi instance and within a couple of hours the honeypot was completely compromised. The research can be found here: Machine Learning Risks: Attacks Against Apache NiFi
S7 E1846 · Fri, June 16, 2023
The Cl0p gang moves its way into US government systems. It’ll take multiple showers to rinse out Shampoo malware. Hybrid war update. Arrests and indictments.
The US Government discloses exploitations of MOVEit vulnerabilities, and the Department of Energy is targeted by the Cl0p gang. CISA releases an updated advisory for Telerik vulnerabilities affecting Government servers. Shampoo malware emerges with multiple persistence mechanisms. How the IT Army of Ukraine can exemplify a cyber auxiliary. Russophone gamers are being targeted with ransomware. An alleged LockBit operator has been arrested. The FBI’s Deputy Assistant Director for cyber Cynthia Kaiser joins us with cybercriminal trends and recent successes. Our guest is Will Markow from Lightcast, speaking with Simone Petrella about data-driven strategic workforce decisions. And a federal grand jury indicts the alleged Discord Papers leaker. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/116 Selected reading. US government hit by Russia's Clop in MOVEit mass attack (The Register) Energy Department among ‘several’ federal agencies hit by MOVEit breach (Federal News Network) Threat Actors Exploit Progress Telerik Vulnerabilities in Multiple U.S. Government IIS Servers (CISA) CVE-2019-18935 Detail (NIST) CVE-2017-9248 Detail (NIST) Cryptographic Weakness (Telerik) Shampoo: A New ChromeLoader Campaign (HP) Cyber attacks on Rotterdam and Groningen websites (World Cargo News) The Dynamics of the Ukrainian IT Army’s Campaign in Russia (Lawfare) Watch: Why early failures in Ukraine's counter-offensive aren't Russian victories (The Telegraph) Russian War Report: Anti-Ukrainian counteroffensive narratives fail to go viral (Atlantic Council) Threat Actor Targets Russian Gaming Community With WannaCry-Imita
Thu, June 15, 2023
Chinese threat actors reel in Barracuda appliances. Diicot: the gang formerly known as Mexals, with Romanian ties. Recent Russian cyberespionage against Ukraine and its sympathizers.
A Chinese threat actor exploits a Barracuda vulnerability. The upgraded version of the Android GravityRAT can exfiltrate WhatsApp messages. Cybercriminals pose as security researchers to propagate malware. Updates on the Vidar threat operation. A new Romanian hacking group has emerged. Shuckworm collects intelligence, and may support targeting. The Washington Post’s Tim Starks explains the section 702 debate. Our guest is Rotem Iram from At-Bay with insights on email security. And Russia's Cadet Blizzard. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/115 Selected reading. Android GravityRAT goes after WhatsApp backups (ESET) Quarterly Adversarial Threat Report (Facebook) Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China (Mandiant) GravityRAT - The Two-Year Evolution Of An APT Targeting India (Cisco Talos) Fake Security Researcher GitHub Repositories Deliver Malicious Implant (VulnCheck) Darth Vidar: The Aesir Strike Back (Team Cymru) Tracking Diicot: an emerging Romanian threat actor (Cado Security) Shuckworm: Inside Russia’s Relentless Cyber Campaign Against Ukraine (Symantec) Cadet Blizzard emerges as a novel and distinct Russian threat actor (Microsoft) Destructive malware targeting Ukrainian organizations (Microsoft)
S2 E52 · Thu, June 15, 2023
CISA Alert AA23-165A – Understanding Ransomware Threat Actors: LockBit.
CISA, FBI, the MS-ISAC, and international partners are releasing this Cybersecurity Advisory to detail LockBit ransomware incidents and provide recommended mitigations to enable network defenders to proactively improve their organization’s defenses against this ransomware operation. AA23-165A Alert, Technical Details, and Mitigations Stopransomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts. See the Center for Internet Security (CIS) Critical Security Controls (CIS Controls) https://www.cisecurity.org/insights/white-papers/cis-community-defense-model-2-0 for information on strengthening an organization’s cybersecurity posture through implementing a prescriptive, prioritized, and simplified set of best. See the CIS Community Defense Model 2.0 (CDM 2.0) for the effectiveness of the CIS Controls against the most prevalent types of attacks and how CDM 2.0 can be used to design, prioritize, implement, and improve an organization’s cybersecurity program. See Blueprint for Ransomware Defense for a clear, actionable framework for ransomware mitigation, response, and recovery built around the CIS Controls. No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment . U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov , or call (888) 282-0870, or report incidents to your local FBI field office.
S7 E1844 · Wed, June 14, 2023
A Joint Advisory on LockBit. AI chatbots: the grammarians of tomorrow. KillNet makes a deal with the Devil (Sec). The private-sector’s piece in the hybrid war puzzle.
The Five Eyes, alongside a couple of allies, issue a LockBit advisory. AI aids in proofreading phishing attacks. Anonymous Sudan mounts nuisance-level DDoS attacks against US companies. France alleges a disinformation campaign conducted by Russian actors. KillNet says it's partnered with the less-well-known Devil Sec. The private cybersecurity industry's effect on the war in Ukraine. Carole Theriault ponders oversharing on social media. Our guest is Duncan Jones from Quantinuum on the threats of Harvest Now, Decrypt Later tactics. And a note on this month’s Patch Tuesday. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/114 Selected reading. Understanding Ransomware Threat Actors: LockBit (Joint Cybersecurity Advisory) U.S. Measures in Response to the Crisis in Sudan (US Department of State) Generative AI Enables Threat Actors to Create More (and More Sophisticated) Email Attacks (Abnormal Security) France Accuses Russia of Online Disinformation Campaign (Bloomberg) The Private Sector’s Evolving Role in Conflict—From Cyber Assistance to Intelligence (R Street) Microsoft Patches Critical Windows Vulns, Warns of Code Execution Risks (SecurityWeek) Patch Tuesday: Critical Flaws in Adobe Commerce Software (SecurityWeek) Patch Tuesday fixes 4 critical RCE bugs, and a bunch of Office holes (Naked Security)
S7 E1843 · Tue, June 13, 2023
CISA's new Binding Operational Directive. “CosmicEnergy” tool doesn’t pose a cosmic threat. Hackers’ homage to fromage in attacks against the Swiss government. Industry advice for the White House.
CISA issues a new Binding Operational Directive. An update on CosmicEnergy. Hackers’ homage to fromage in attacks against the Swiss government. Ukraine's Cyber Police shut down a pro-Russian bot farm. Clothing and footwear retailers see impersonation and online fraud. A 2021 ransomware attack contributed to a hospital closing. A proof-of-concept exploit of a patched MOVEit vulnerability. An industry letter calls for a new framework on the White House cybersecurity strategy. Joe Carrigan examines a ChatGPT fueled phishing scam. Our guest is Neha Rungta, Applied Science Director at AWS Identity discussing Amazon Verified Permissions. And trends in cyber risks for small and medium businesses. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/113 Selected reading. Binding Operational Directive 23-02 (US Cybersecurity and Infrastructure Security Agency) COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises (Mandiant) Dragos Analysis Determines COSMICENERGY Is Not an Immediate Threat (Dragos) More than 4,000 bots to discredit the Defense Forces of Ukraine and spread propaganda in favor of Russia: the police of Vinnytsia eliminated a large-scale bot farm (Ukraine Cyber Police) Ukraine police raid social media bot farm accused of pro-Russia propaganda (The Record) Widespread Brand Impersonation Scam Campaign Targeting Hundreds of the Most Popular Apparel Brands (Bolster) An Illinois hospital is the first health care facility to link its closing to a ransomware attack (NBC News) Ransomware attack causes Illinois hospital to close (Becker’s Hospital Review) New BlackFog research: 61% of SMBs were victims of a cyberattack in the last year (BlackFog) Switzerland warns that a ransomware gang may have accessed governmen
S7 E1842 · Mon, June 12, 2023
Unpatched instances and vulnerabilities rear their ugly heads. Russian telecom provider targeted in an act of “cyber anarchy.” Alleged crypto heist conspirators face charges.
Attacks against unpatched versions of Visual Studio and win32k continue. Progress Software patches two MOVEit vulnerabilities. The Cyber Anarchy Squad claims to have taken down a Russian telecommunications provider's infrastructure. RomCom resumes its activity in the Russian interest. Deepen Desai of Zscaler describes Nevada ransomware. Our guest is Clarke Rodgers from Amazon Web services with insights on what CISOs say to each other when no one else is listening?. And the Mt. Gox hacking indictment has been unsealed. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/112 Selected reading. Online muggers make serious moves on unpatched Microsoft bugs (The Register) Analysis of CVE-2023-29336 Win32k Privilege Escalation Vulnerability (with POC) (Numen) MOVEit Transfer and MOVEit Cloud Vulnerability (Progress Software) MDE Affected by Global Data Breach (Minnesota Department of Education) Hackers Use Stolen Student Data Against Minneapolis Schools in Brazen New Threat (The 74) Ofcom statement on MOVEit cyber attack (Ofcom) Ukrainian hackers take down service provider for Russian banks (BleepingComputer) Pro-Ukraine hackers claim to take down Russian internet provider (The Record) Pro-Ukraine Cyber Anarchy Squad claims the hack of the Russian telecom provider Infotel JSC (Security Affairs) RomCom Resurfaces: Targeting Politicians in Ukraine and U.S.-Based Healthcare Providing Aid to Refugees from Ukraine (BlackBerry) Mt. Gox's Hackers Are 2 Russian Nationals, U.S. DOJ Alleges in Indictment (CoinDesk) Russian nationals accused of Mt. Gox bitcoin heist, shifting stolen funds to BTC-e (The Record
Bonus · Sun, June 11, 2023
Nadir Izrael: Play to your strengths. [CTO] [Career Notes]
Nadir Izrael, co-founder and CTO from Armis, sits down to share his story. Nadir started his love of cyber when he became a software developer at the age of 12. He always had a passion for making things work better and asking questions. Once he joined the 8200 unit in Israel, he was able to focus his interests on physics, which led him to making the discovery of wanting to start his own business. After he started building his company is when he learned to take smart and innovative risks at work and making it a way of life. Nadir shares advice, saying "Playing to your strengths, maximizes the odds of success and every other consideration lowers them inevitably, or at least, uh, um, kind of shrinks, I guess the, the probability space for success." He thinks playing to ones strengths is the best a leader can do to create the most success for their team. We thank Nadir for sharing his story with us.
Bonus · Sat, June 10, 2023
A new botnet takes a frosty bite out of the gaming industry. [Research Saturday]
Our guest, Allen West from Akamai's SIRT team, joins Dave to discuss their research on "The Dark Frost Enigma: An Unexpectedly Prevalent Botnet Author Profile." Akamai found this new botnet was targeting the gaming industry, modeled after Qbot, Mirai, and other malware strains. The botnet has expanded to encompass hundreds of compromised devices. The research states "through reverse engineering and patching the malware binary, our analysis determined the botnet's attack potential at approximately 629.28 Gbps with its UDP flood attacks." Akamai researchers do a deep dive into the motives behind the attacks, the effectiveness of the attack, and how the law has been handling similar cases. The research can be found here: The Dark Frost Enigma: An Unexpectedly Prevalent Botnet Author Profile
S7 E1841 · Fri, June 09, 2023
“Better Minecraft” improves gameplay, while also lifting your data. Hallucinations, defamation, and legal malpractice, oh my! Asylum Ambuscade and other wartime notes.
Barracuda Networks urges replacement of their gear. Fractureiser infects Minecraft mods. ChatGPT sees a court date over hallucinations and defamation. Asylum Ambuscade engages in both crime and espionage. The US delivers Ukraine Starlink connectivity. DDoS attacks hit the Swiss parliament's website. My conversation with Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA. Our guest is Delilah Schwartz from Cybersixgill discussing how the Dark Web is evolving with new technologies like ChatGPT. And BEC crooks see their day in court. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/111 Selected reading. Barracuda Email Security Gateway Appliance (ESG) Vulnerability (Barracuda) CVE-2023-2868 (MITRE) ACT government falls victim to Barracuda’s ESG vulnerability (CSO Online) CVE-2023-2868: Total Compromise of Physical Barracuda ESG Appliances (Rapid7) CVE-2023-2868 Detail (National Institute of Standards and Technology) Infected Minecraft Mods Lead to Multi-Stage, Multi-Platform Infostealer Malware (Bitdefender) New Fractureiser malware used CurseForge Minecraft mods to infect Windows, Linux (BleepingComputer) IN THE SUPERIOR COURT OF FULTON COUNTY (Superior Court of Fulton County) OpenAI Hit With First Defamation Suit Over ChatGPT Hallucination (Bloomberg Law)
Bonus · Fri, June 09, 2023
CISA Alert AA23-158A – #StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability.
FBI and CISA are releasing this joint CSA to disseminate known CL0P ransomware IOCs and TTPs identified through FBI investigations as recently as June 2023. AA23-158A Alert, Technical Details, and Mitigations Stopransomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts. Resource to mitigate a ransomware attack: CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide . Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft | Mandiant MOVEit Transfer Critical Vulnerability (May 2023) - Progress Community MOVEit Transfer Critical Vulnerability CVE-2023-34362 Rapid Response (huntress.com) No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment . U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov , or call (888) 282-0870, or report incidents to your local FBI field office.
S7 E1840 · Thu, June 08, 2023
ChatGPT continues to become more human, this time through hallucinations. Following Cl0p. Instagram works against CSAM. And data protection advice from an expert in attacking it.
ChatGPT takes an unexpectedly human turn in having its own version of hallucinations. Updates on Cl0p’s ransom note, background, and recent promises. Researchers look at Instagram’s role in promoting CSAM. A look at KillNet's reboot. Andrea Little Limbago from Interos shares insight on cyber’s human element. Our guest is Aleksandr Yampolskiy from SecurityScorecard on how CISOs can effectively communicate cyber risk to their board. And a hacktivist auxiliary’s stellar advice for protecting your data. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/110 Selected reading. Can you trust ChatGPT’s package recommendations? (Vulcan) Ransomware group Clop issues extortion notice to ‘hundreds’ of victims (The Record) MOVEit cyber attack: Cl0p sparks speculation that it’s lost control of hack (ITpro) Responding to the Critical MOVEit Transfer Vulnerability (CVE-2023-34362) (Kroll) MOVEit Transfer Critical Vulnerability (May 2023) (Progress) Cybergang behind N.S. breach says it erased stolen data, but experts urge caution (CBC Canada) Most SMBs admit to paying ransomware demands - here's why (TechRadar) Instagram Connects Vast Pedophile Network (Wall Street Journal) Addressing the distribution of illicit sexual content by minors online (Stanford University) Rebooting Killnet, a New World Order and the End of the Tesla Botnet (Radware)
S7 E1839 · Wed, June 07, 2023
PowerDrop’s capabilities are up in the air. A Russian cyberespionage campaign channels their inner 007. A disconnect between law firms and cybersecurity protections.
A new PowerShell remote access tool targets a US defense contractor. Current Russian cyber operations against Ukraine are honing in on espionage. CISA and its partners have released a Joint Guide to Securing Remote Access Software. A bug has been reported in Visual Studio’s UI. Awais Rashid from University of Bristol discussing Privacy in health apps. Our guest is Jim Lippie of SaaS Alerts with insights on software as a service Application Security. And are there disconnects between cybersecurity and the legal profession? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/109 Selected reading. PowerDrop: A New Insidious PowerShell Script for Command and Control Attacks Targets U.S. Aerospace Defense Industry (Adlumin) UAC-0099: cyberespionage against state organizations and media representatives of Ukraine (CERT-UA#6710) (CERT-UA) Guide to Securing Remote Access Software (Joint Guide) Imposter Syndrome: UI Bug in Visual Studio Lets Attackers Impersonate Publishers (Varonis) Press Release | ILTA and Conversant Group Release First Cybersecurity Benchmarking Survey of the Legal Industry (International Legal Technology Association)
S7 E1838 · Tue, June 06, 2023
Cl0p moves their way into the systems of major European companies. Notes from a highly active cyber underworld. And hybrid war updates.
The Cl0p gang claims responsibility for the MOVEit file transfer vulnerability. Verizon’s DBIR is out. Palo Alto Networks takes a snapshot of last year’s threat trends. A new criminal campaign targets Android users wishing to install modified apps. A smishing campaign is expanding into the Middle East. Cisco observes compromised vendor and contractor accounts as an access point for network penetration. Cyclops ransomware acts as a dual threat. Anonymous Sudan demands $1 million to stop attacks on Microsoft platforms. Ben Yelin explains a groundbreaking decision on border searches. Our guest is Matt Caufield of Oort with insights on identity security. And a deepfaked martial law announcement airs on Russian provincial radio stations. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/108 Selected reading. Clop ransomware claims responsibility for MOVEit extortion attacks (BleepingComputer) CVE-2023-34362 Detail (National Institute of Standards and Technology) Microsoft links Clop ransomware gang to MOVEit data-theft attacks (BleepingComputer) BA, BBC and Boots hit by cyber security breach with contact and bank details exposed (Sky News) 2023 Data Breach Investigations Report (Verizon) 2023 Unit 42 Network Threat Trends Research Report (Unit 42) Tens of Thousands of Compromised Android Apps Found by Bitdefender Anomaly Detection Technology (Bitdefender) Chinese-speaking phishing ring behind latest fake fee scam targeting Middle East; another campaign exposed (Group-IB) Adversaries increasingly using vendor and contractor accounts to infiltrate networks (Cisco Talos) Cyclops Ransomware and Stealer Combo: Exploring a Dual Threat (Uptycs) U.S. Measures in Response to the Crisis in Sudan (US Department of State)
S7 E1837 · Mon, June 05, 2023
Need a Lyft? Not if Anonymous Sudan has anything to say about it. Closing time, open all the doors and let KillNet into the world.
Anonymous Sudan responds to remarks from the US Secretary of State by targeting Lyft and American hospitals. NSA releases an advisory on North Korean spearphishing campaigns. The US government’s Moonlighter satellite will test cybersecurity in orbit. "Operation Triangulation" offers an occasion for Russia to move closer to IT independence. The SEC drops cases over improper access to Adjudication Memoranda. Executives and board members are easy targets for threat actors trolling for sensitive information. Rick Howard targets Zero Trust. The FBI’s Deputy Assistant Director for Cyber Cynthia Kaiser shares trends from the IC3 Annual Report. And KillNet seems to say it's disbanding…or is it? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/107 Selected reading. U.S. Measures in Response to the Crisis in Sudan (US Department of State) U.S., ROK Agencies Alert: DPRK Cyber Actors Impersonating Targets to Collect Intelligence (US National Security Agency) North Korea Using Social Engineering to Enable Hacking of Think Tanks, Academia, and Media (Joint Cybersecurity Advisory) CISA Adds One Known Exploited Vulnerability to Catalog (Cybersecurity and Infrastructure Security Agency) CVE-2023-34362 Detail (National Institute of Standards and Technology) Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft (Mandiant) SpaceX launch sends upgraded solar arrays to International Space Station (Spaceflight Now) Moonlighter Fact Sheet (The Aerospace Corporation) Uncle Sam wants DEF CON hackers to pwn this Moonlighter satellite in space (The Register) Russia wants 2 million phones with home-grown Aurora OS for use by officials (The Record) Russia accuses U.S. of hacking thousands of iPhones (Axios) <a href="https://securelist.com/operation-triangulation/1
Bonus · Sun, June 04, 2023
Galit Lubetzky Sharon: Doing your chores brings the best out in you. [CTO] [Career Notes]
Galit Lubetzky Sharon, Co-Founder and CTO of Wing Security sits down to share her story and how years in the business lead her to be where she is now. Galit shares her insights from her experiences co-founding her company and bringing it out of stealth mode in early 2022, including why she saw the need for Wing Security and what lessons she learned in the process of founding and launching the company. She started her career as a Colonel in the 8200 Unit gives her a unique perspective on the cyber industry. Galit also shares what she does when things get stressful to help calm her down in the moment and help her clear her head. She says "I think it's very important to do things that you love. It should be something that you come and you bring yourself and your passion and, uh, finding yourself the occupation, the chores, the, the tasks that you love to do brings the, the best out of you." We thank Galit for sharing her story with us.
S6 E284 · Sat, June 03, 2023
Lancefly screams bloody Merdoor.
Brigid O Gorman from Symantec joins Dave to discuss their research, “Lancefly: Group Uses Custom Backdoor to Target Orgs in Government, Aviation, Other Sectors." Researchers discovered in 2020 that Lancefly, an APT group, is using a custom-written backdoor in attacks targeting government, aviation, educations, and telecoms organizations in South and Southeast Asia. The research states "The backdoor is used very selectively, appearing on just a handful of networks and a small number of machines over the years, with its use appearing to be highly targeted." These targets, though observed in some activity in 2020 and 2021, started in 2022 and have continued into 2023. The research can be found here: Lancefly: Group Uses Custom Backdoor to Target Orgs in Government, Aviation, Other Sectors
S7 E1836 · Fri, June 02, 2023
Hackers like to move it, move it. Skimmers observed targeting Americas and Europe. Hybrid war activity.
MOVEit Transfer software sees exploitation. A website skimmer has been employed against targets in the Americas and Europe. A look into XeGroup's recent criminal activity. Apple denies the FSB’s allegations of collusion with NSA. Kaspersky investigates compromised devices. Johannes Ullrich from SANS describes phony YouTube "live streams". Our guest is Sherry Huang from William and Flora Hewlett Foundation to discuss their grants funding cyber policy studies. And the US Department of Defense provides Starlink services to Ukraine. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/106 Selected reading. MOVEit Transfer Critical Vulnerability (May 2023) (Progress Software) Rapid7 Observed Exploitation of Critical MOVEit Transfer Vulnerability (Rapid7) New MOVEit Transfer zero-day mass-exploited in data theft attacks (BleepingComputer) Hackers use flaw in popular file transfer tool to steal data, researchers say (Reuters) New Magecart-Style Campaign Abusing Legitimate Websites to Attack Others (Akamai) Not your average Joe: An analysis of the XeGroup’s attack techniques (Menlo Security) Unmasking XE Group: Experts Reveal Identity of Suspected Cybercrime Kingpin (The Hacker News) Apple denies surveillance claims made by Russia's FSB (Reuters) FSB uncovers US intelligence operation via malware on Apple mobile phones (TASS) Kaspersky Says New Zero-Day Malware Hit iPhones—Including Its Own (WIRED) Operation Triangulation: iOS devices targeted with previously unknown malware (Kaspersky) Lithuania becomes first to designate Russia as terrorist
S7 E1835 · Thu, June 01, 2023
Firmware comes in through the back door. Leveraging Adobe for credential harvesting. C2C market notes. Hybrid war updates.
A backdoor-like issue has been found in Gigabyte firmware. A credential harvesting campaign impersonates Adobe. The Dark Pink gang is active in southeastern Asia. Mitiga discovers a “significant forensic discrepancy” in Google Drive. "Spyboy" is for sale in the C2C market. A look at Cuba ransomware. Ukrainian hacktivists target the Skolkovo Foundation. The FSB says NSA breached iPhones in Russia. Carole Theriault examines Utah's social media bills aimed at kids online. Our guest is Tucker Callaway of Mezmo to discuss the rise of telemetry pipelines. And spoofing positions and evading sanctions. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/105 Selected reading. Supply Chain Risk from Gigabyte App Center backdoor (Eclypsium) Ado-be-gone: Armorblox Stops Adobe Impersonation Attack (Armorblox) Dark Pink back with a bang: 5 new organizations in 3 countries added to victim list (Group-IB) Southeast Asian hacking crew racks up victims, rapidly expands criminal campaign (CyberScoop) Suspected State-Backed Hackers Hit Series of New Targets in Europe, SE Asia (Insurance Journal) Mitiga Security Advisory: Lack of Forensic Visibility with the Basic License in Google Drive (Mitiga) 2023-05-31 // SITUATIONAL AWARENESS // Spyboy Defense Evasion Tool Advertised Online (Reddit) An In-Depth Look at Cuba Ransomware (Avertium) Russia’s ‘Silicon Valley’ hit by cyberattack; Ukrainian group claims deep access (The Record) Russia says U.S. accessed thousands of Apple phones in spy plot (Reuters) Fake Signals and American Insurance: How a Dark Fleet Moves Russian Oil (The New York Times
S7 E1834 · Wed, May 31, 2023
Two RAT infestations. Ghosts of sites past. Trends in identity security. Detecting deepfakes may prove more difficult than you think.
SeroXen is a new elusive evolution of the Quasar RAT that seems to live up to its hype, and DogeRAT is a cheap Trojan targeting Indian Android users. Salesforce ghost sites see abuse by malicious actors. A look into identity security trends. People may be overconfident in their ability to detect deepfakes. Deepen Desai from Zscaler describes a campaign targeting Facebook users. CW Walker from Spycloud outlines identity exposure in the Fortune 1000. And a blurring of the lines between criminal, hacktivist, and strategic motivations. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/104 Selected reading. SeroXen RAT for sale (AT&T Cybersecurity) Sneaky DogeRAT Trojan Poses as Popular Apps, Targets Indian Android Users (The Hacker News) DogeRAT: The Android Malware Campaign Targeting Users Across Multiple Industries (CloudSek) Ghost Sites: Stealing Data From Deactivated Salesforce Communities (Varonis) 2023 Trends in Securing Digital Identities (Identity Defined Security Alliance) Jumio 2023 Online Identity Consumer Study (Jumio) Void Rabisu’s Use of RomCom Backdoor Shows a Growing Shift in Threat Actors’ Goals (Trend Micro) Ukraine's DELTA Military System Users Under Attack from Info Stealing Malware (The Hacker News)
S7 E1833 · Tue, May 30, 2023
Mirai’s new variant targets IoT devices. Volt Typhoon investigation continues. Hacktivism in Senegal. Lessons learned from Ukraine.
New Mirai malware uses low-complexity exploits to expand its botnet in IoT devices. The latest on Volt Typhoon. DDoS hits government sites in Senegal. The Pentagon's cyber strategy incorporates lessons from Russia's war, while the EU draws lessons from Ukraine's performance against Russia. Joe Carrigan explains Mandiant research on URL obfuscation. Mr. Security Answer Person John Pescatore plays security whack-a-mole. And NoName disrupts a British airport. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/103 Selected reading. Old Wine in the New Bottle: Mirai Variant Targets Multiple IoT Devices (Unit 42) US officials believe Chinese hackers may still have access to key US computer networks (CNN) Chinese state-sponsored hackers infiltrated U.S. naval infrastructure, secretary of the Navy says (CNBC) US military intelligence also targeted by Chinese hackers behind critical infrastructure compromise (SC Magazine) Senegalese government websites hit with cyber attack (Reuters) DOD Transmits 2023 Cyber Strategy (US Department of Defense) Fact Sheet: 2023 DOD Cyber Strategy (US Department of Defense) Lessons from the war in Ukraine for the future of EU defence (European Union External Action) Investigation Launched After London City Airport Website Hacked (Simple Flying) Maryland high school listed on Zillow for $42K in ‘creative’ senior prank (New York Post)
Bonus · Sun, May 28, 2023
Stacy Dunn: My superpower and my kryptonite. [Engineer] [Career Notes]
Stacy Dunn, a Senior Solutions Engineer from the SANS Institute sits down and shares what it is like to work through her own adversity to get to be where she is today. Stacy shares some of her experiences as a woman with ADHD working in an IT career and explains her tips for other neurodiverse people in the field. After working in a wide array of positions in different fields, she wanted to go back to school to get her degree in management information systems and information assurance. Eventually she started working her way up the ladder, and became a very successful woman in the IT world. She shares her struggles with ADHD as she was making the climb and says "It's both a superpower and kryptonite because I think something that is a fundamental misunderstanding of most people, and maybe even some people that do have ADHD, is that it's not just the aspect of not being able to focus, it's also an aspect of focusing too much." We thank Stacy for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Sat, May 27, 2023
8 GoAnywhere MFT breaches and counting. [Research Saturday]
This week, our guests are Emily Austin and Himaja Motheram from Censys and their sharing their research - "Months after first GoAnywhere MFT zero-day attacks, Censys still sees about 180 public admin panels." In early February 2023, Censys researchers discovered a zero-day RCE vulnerability in Fortra’s “GoAnywhere MFT” (Managed File Transfer) software. After finding this the Clop ransomware gang claimed that they exploited this vulnerability to breach the data of 130 organizations and Censys found other ransomware groups were jumping on the bandwagon. They said " A single vulnerable instance has the potential to serve as a gateway to a data breach that could potentially impact millions of individuals." The research can be found here: Months after first GoAnywhere MFT zero-day attacks, Censys still sees ~180 public admin panels Learn more about your ad choices. Visit megaphone.fm/adchoices
S7 E1832 · Fri, May 26, 2023
CosmicEnergy: OT and ICS malware from Russia, maybe for red teaming. Updates on Volt Typhoon. Legion malware upgraded for the cloud. Natural-disaster-themed online fraud.
CosmicEnergy is OT and ICS malware from Russia, maybe for red teaming, maybe for attack. Updates on Volt Typhoon, China’s battlespace preparation in Guam and elsewhere. In the criminal underworld, Legion malware has been upgraded for the cloud. Johannes Ullrich from SANS examines time gaps in logging. Our guest is Kevin Kirkwood from LogRhythm with a look at extortion attempts and ransomware. And Atlantic hurricane season officially opens next week: time to batten down those digital hatches. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/102 Selected reading. COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises (Mandiant) People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection (Joint Advisory) Volt Typhoon targets US critical infrastructure with living-off-the-land techniques (Microsoft) China hits back at 'the empire of hacking' over Five Eyes US cyber attack claims (ABC) Updates to Legion: A Cloud Credential Harvester and SMTP Hijacker (Cado) Legion Malware Upgraded to Target SSH Servers and AWS Credentials (Hacker News) CISA Warns of Hurricane/Typhoon-Related Scams (Cybersecurity and Infrastructure Security Agency CISA)
S7 E1831 · Thu, May 25, 2023
Volt Typhoon goes undetected by living off the land. New gang, old ransomware. KillNet says no to slacker hackers.
China's Volt Typhoon snoops into US infrastructure, with special attention paid to Guam. Iranian cybercriminals are seen conducting ops against Israeli targets. A new ransomware gang uses recycled ransomware. A persistent Brazilian campaign targets Portuguese financial institutions. A new botnet targets the gaming industry. Phishing attempts impersonate OpenAI. Pro-Russian geolocation graffiti. Andrea Little Limbago from Interos addresses the policy implications of ChatGPT. Our guest is Jon Check from Raytheon Intelligence & Space, on cybersecurity and workforce strategy for the space community. And KillNet says no to slacker hackers. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/101 Selected reading. People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection (Joint Advisory) Volt Typhoon targets US critical infrastructure with living-off-the-land techniques (Microsoft) Chinese hackers spying on US critical infrastructure, Western intelligence says (Reuters) Agrius Deploys Moneybird in Targeted Attacks Against Israeli Organizations (Check Point) Iran-linked hackers Agrius deploying new ransomware against Israeli orgs (The Record) Iranian Hackers Set Sights On Israeli Shipping & Logistics Firms (Information Security Buzz) Fata Morgana: Watering hole attack on shipping and logistics websites (ClearSky Security) Iran suspect in cyberattack targeting Israeli shipping, financial firms (Al-Monitor) Buhti: New Ransomware Operation Relies on Repurposed Payloads (Symantec) Operation Magalenha | Long-Running Campaign Pursues Portuguese Credentials and PII</
S2 E50 · Thu, May 25, 2023
CISA Alert AA23-144A – People's Republic of China state-sponsored cyber actor living off the land to evade detection. [CISA Cybersecurity Alerts]
Cybersecurity authorities are issuing this joint Cybersecurity Advisory to highlight a recent cluster of activity associated with a People’s Republic of China state-sponsored cyber actor, also known as Volt Typhoon. AA23-144A Alert, Technical Details, and Mitigations Active Directory and domain controller hardening: Best Practices for Securing Active Directory | Microsoft Learn CISA regional cyber threats: China Cyber Threat Overview and Advisories Microsoft Threat Intelligence blog: Volt Typhoon targets US critical infrastructure with living-off-the-land techniques | Microsoft Security Blog No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment . U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov , or call (888) 282-0870, or report incidents to your local FBI field office.
S7 E1830 · Wed, May 24, 2023
Cybercriminals favor cyberespionage in North Korea, Russia, and parts unknown. Movements and activity in the cyber underworld.
Kimsuky's tailored reconnaissance tools. GoldenJackal is an APT quietly active since 2019. Criminals target Youtube viewers with free cracked software. Rheinmetall’s data was posted to BlackBasta's extortion site. The "Cuba" gang claims credit for the attack on the Philadelphia Inquirer. CERT-UA identifies a probable Russian cyberespionage campaign. Ireland views cyber assistance to Ukraine as a contribution to collective security. Ann Johnson from Afternoon Cyber Tea speaks with Tyrance Billingsley about Black Tech. Our guest is Oz Alashe from CybSafe on raising VC money amidst a down economy. And KillNet's underperforming hacktivists. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/100 Selected reading. Kimsuky | Ongoing Campaign Using Tailored Reconnaissance Toolkit (SentinelOne) North Korean Kimsuky Hackers Strike Again with Advanced Reconnaissance Malware (The Hacker News) Meet the GoldenJackal APT group. Don’t expect any howls (Kaspersky) Follina — a Microsoft Office code execution vulnerability (DoublePulsar) YouTube Pirated Software Videos Deliver Triple Threat: Vidar Stealer, Laplas Clipper, XMRig Miner (FortiGuard Labs) Arms maker Rheinmetall confirms BlackBasta ransomware attack (Bleeping Computer) Inquirer and forensics team investigating computer disruptions to publishing (Philadelphia Inquirer) Cuba ransomware claims cyberattack on Philadelphia Inquirer (Bleeping Computer) Espionage activity UAC-0063 in relation to Ukraine, Kazakhstan, Kyrgyzstan, Mongolia, Israel, India (CERT-UA#6549) (CERT-UA) Ukraine Identifies Central Asian Cyberespionage Campaign (BankInfoSecurity) Ir
S7 E1829 · Tue, May 23, 2023
BlackCat gang crosses your path and evades detection. You’re just too good to be true, can’t money launder for you. Commercial spyware cases.
AhRat exfiltrates files and records audio on Android devices. The BlackCat ransomware group uses a signed kernel driver to evade detection. GUI-Vil in the cloud. Unwitting money mules. Ben Yelin unpacks the Supreme Court’s section 230 rulings. Our guest is Mike DeNapoli from Cymulate with insights on cybersecurity effectiveness. And a trio of commercial spyware cases. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/99 Selected reading. Android app breaking bad: From legitimate screen recording to file exfiltration within a year (ESET) Love scam or espionage? Transparent Tribe lures Indian and Pakistani officials (ESET) BlackCat Ransomware Deploys New Signed Kernel Driver (Trend Micro) Unmasking GUI-Vil: Financially Motivated Cloud Threat Actor (Permiso) Uncle Sam strangles criminals' cashflow by reining in money mules (The Register) German prosecutors charge four over violating trade act to sell spyware to Turkey (Washington Post) Israel Torpedoed Morocco Spyware Deal - and NSO Competitor QuaDream Shut Down (Haaretz) He Was Investigating Mexico’s Military. Then the Spying Began. (New York Times)
S7 E1828 · Mon, May 22, 2023
Record GDPR fine. Movements in the cyber underworld. FBI found to have overstepped surveillance authorities.
The EU fines Meta for transatlantic data transfers. FIN7 returns, bearing Cl0p ransomware. Python Package Index temporarily suspends new registrations due to a spike in malicious activity. Typosquatting and TurkoRAT. UNC3944 uses SIM swapping to gain access to Azure admin accounts. A Turla retrospective. Rick Howard tackles workforce development. Our guest is Andrew Peterson of Fastly to discuss the intricate challenges of secure software development. And the FBI was found overstepping its surveillance authorities. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/98 Selected reading. Meta Fined $1.3 Billion Over Data Transfers to U.S. (Wall Street Journal) Meta fined record $1.3 billion and ordered to stop sending European user data to US (AP News) Notorious Cyber Gang FIN7 Returns With Cl0p Ransomware in New Wave of Attacks (The Hacker News) Researchers tie FIN7 cybercrime family to Clop ransomware (The Record) Cybercrime gang FIN7 returned and was spotted delivering Clop ransomware (Security Affairs) PyPI new user and new project registrations temporarily suspended. (Python) PyPI repository restored after temporarily suspending new activity (Computing) RATs found hiding in the NPM attic (ReversingLabs) Legitimate looking npm packages found hosting TurkoRat infostealer (CSO Online) SIM Swapping and Abuse of the Microsoft Azure Serial Console: Serial Is Part of a Well Balanced Attack (Mandiant) Mozilla Explains: SIM swapping (Mozilla) The Underground History of Russia’s Most Ingenious Hacker Group (WIRED) <a href="https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-disruption-snake-malwar
Bonus · Mon, May 22, 2023
Cybersecurity moneyball: First principles applied to the workforce gap. [CSO Perspectives]
Rick Howard, N2K’s CSO and The CyberWire’s Chief Analyst and Senior Fellow, the cybersecurity workforce skills gap with N2K’s President, Simone Petrella regarding how security professionals might learn from the movie “Moneyball” about how to train their team in the aggregate about first principles.
Bonus · Sun, May 21, 2023
Dawn Cappelli: Becoming the cyber fairy godmother. [OT] [Career Notes]
Dawn Cappelli, OT CERT Director at Dragos, sits down to share what she has learned after her 25+ year career in the industry. She recalls wanting to have been a rockstar when she grew up, now she refers to herself as the fairy godmother of security. She shares some of the amazing things she got to work on throughout her career, including working with the Secret Service when the Olympics came to Salt Lake City, Utah in 2002. She shares how she was able to rise through the ranks to get to where she is now. Dawn talks about how she wasn't ready to retire quite yet because she loved the industry so much, saying "I retired, but I knew I still loved security. I have this passion for protection and so Dragos came along and they offered me this role of Director of OT CERT. I feel like I'm the security fairy godmother." She shares words of wisdom for all trying to get into the industry, saying that you need to always take the risk like she did when she first started her career. We thank Dawn for sharing her story with us.
Bonus · Sat, May 20, 2023
Dangerous vulnerabilities in H.264 decoders. [Research Saturday]
Willy R. Vasquez from The University of Texas at Austin discussing research on "The Most Dangerous Codec in the World - Finding and Exploiting Vulnerabilities in H.264 Decoders." Researchers are looking at the marvel that is modern video encoding standards such as H.264 for vulnerabilities and ultimately hidden security risks. The research states "We introduce and evaluate H26FORGE, domain-specific infrastructure for analyzing, generating, and manipulating syntactically correct but semantically spec-non-compliant video files." Using H26FORCE, they were able to uncover insecurities in depth across the video decoder ecosystem, including kernel memory corruption bugs in iOS and video accelerator and application processor kernel memory bugs in Android devices. The research can be found here: The Most Dangerous Codec in the World: Finding and Exploiting Vulnerabilities in H.264 Decoders
S7 E1827 · Fri, May 19, 2023
Section 230 survives court tests. Pre-infected devices. IRS cyber attachés. DraftKings hack indictment. Notes on the hybrid war.
Section 230 survives SCOTUS. Lemon Group's pre-infected devices. The IRS is sending cyber attachés to four countries in a new pilot program. A Wisconsin man is charged with stealing DraftKings credentials. Russian hacktivists conduct DDoS attacks against Polish news outlets. An update on RedStinger. Grayson Milbourne from OpenText Cybersecurity discusses IoT and the price we pay for convenience. Our guest is Matthew Keeley with info on an open source domain spoofing tool, Spoofy. And war principles and hacktivist auxiliaries. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/97 Selected reading. “Honey, I’m Hacked”: Ethical Questions Raised by Ukrainian Cyber Deception of Russian Military Wives (Just Security) A Mysterious Group Has Ties to 15 Years of Ukraine-Russia Hacks (Wired) CloudWizard APT: the bad magic story goes on (SecureList) Ukraine at D+441: Skirmishing along the line of contact, and in cyberspace. (The CyberWire) Russian dissident gets three years in prison colony for DDoS attacks on military website (Cybernews) Europe: The DDoS battlefield (Help Net Security) Russian hackers hit Polish news sites in DDoS attack (Cybernews) 18-year-old charged with hacking 60,000 DraftKings betting accounts (Bleeping Computer) Garrison Complaint (Department of Justice) IRS-CI deploys 4 cyber attachés to locations abroad to combat cybercrime (IRS) IRS deploys cyber attachés to fight cybercrime abroad (The Hill) Cybercrime gang pre-infects millions of Android devices with malware (Bleeping Computer) <a href="https://theh
S7 E1826 · Thu, May 18, 2023
BEC attack exploits Dropbox services. Ransomware in the name of charity. API protection trends. Hybrid war hacktivism. Executive digital protection.
Business email compromise (BEC) exploits legitimate services. A hacktivist ransomware group demands charity donations for encrypted files. Trends and threats in API protection. The effects of hacktivism on Russia's war against Ukraine. Executive digital protection. Deepen Desai of Zscaler explains security risks in OneNote. Our guest is Ajay Bhatia of Veritas Technologies with advice for onboarding new employees. And news organizations as attractive targets. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/96 Selected reading. Leveraging Dropbox to Soar Into Inbox (Avanan) MalasLocker ransomware targets Zimbra servers, demands charity donation (Bleeping Computer) Shadow API Usage Surges 900%, Revealing Alarming Lack of API Visibility Among Enterprises (Business Wire) APIs are Top Cybersecurity Priority for Most Organizations, Yet 40% Do Not Have an API Security Solution (PR Newswire) Evolving Cyber Operations and Capabilities (CSIS) Following the long-running Russian aggression against Ukraine. (The CyberWire) Executive Digital Protection whitepaper (Agency) The Philadelphia Inquirer’s operations continue to be disrupted by a cyber incident (The Philadelphia Inquirer) Cyberattack at the Philadelphia Inquirer. (The CyberWire)
S2 E49 · Thu, May 18, 2023
CISA Alert AA23-136A – #StopRansomware: BianLian Ransomware Group. [CISA Cybersecurity Alerts]
FBI, CISA, and the Australian Cyber Security Centre are releasing this joint Cybersecurity Advisory to disseminate known BianLian ransomware and data extortion group IOCs and TTPs identified through FBI and ACSC investigations as of March 2023. AA23-136A Alert, Technical Details, and Mitigations AA23-136A.STIX_.xml Stopransomware.gov , a whole-of-government approach with one central location for U.S. ransomware resources and alerts. cyber.gov.au for the Australian Government’s central location to report cyber incidents, including ransomware, and to see advice and alerts. The site also provides ransomware advisories for businesses and organizations to help mitigate cyber threats. CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide for guidance on mitigating and responding to a ransomware attack No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment . See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening MSP and customer infrastructure. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov , or call (888) 282-0870, or report incidents to your local FBI field office.
S7 E1825 · Wed, May 17, 2023
A joint warning on BianLian ransomware. Fleeceware offers AI as bait for the gullible. Cyberespionage updates. And Ukraine formally joins NATO’s CCDCOE.
Cyber agencies warn of BianLian ransomware. There’s a new gang using leaked Baduk-based ransomware. Chinese government-linked threat actors target TP-link routers with custom malware. ChatGPT-themed fleeceware is showing up in online stores. Ukraine is now a member of NATO's Cyber Centre. Tim Starks from the Washington Post shares insights on section 702 renewal. Our guest is Ismael Valenzuela from BlackBerry sharing the findings from their Global Threat Intelligence Report. And the CIA's offer to Russian officials may have had some takers. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/95 Selected reading. #StopRansomware: BianLian Ransomware Group (Cybersecurity and Infrastructure Security Agency CISA) Newly identified RA Group compromises companies in U.S. and South Korea with leaked Babuk source code (Cisco Talos Blog) The Dragon Who Sold His Camaro: Analyzing Custom Router Implant (Check Point Research) Fake ChatGPT Apps Scam Users Out of Thousands of Dollars, Sophos Reports (GlobeNewswire News Room) Ukraine joins NATO Cyber Centre (Computing) Russian Officials Unnerved by Ukraine Bloodshed Are Contacting CIA, Agency Says (Wall Street Journal)
S1 E46 · Wed, May 17, 2023
What is data centric security and why should anyone care? [CyberWire-X]
In today’s world, conventional cyber thinking remains largely focused on perimeter-centric security controls designed to govern how identities and endpoints utilize networks to access applications and data that organizations possess internally. Against this backdrop, a group of innovators and security thought leaders are exploring a new frontier and asking the question: shouldn’t there be a standard way to protect sensitive data regardless of where it resides or who it’s been shared with? It’s called “data-centric” security and it’s fundamentally different from “perimeter-centric” security models. Practicing it at scale requires a standard way to extend the value of “upstream” data governance (discovery, classification, tagging) into “downstream” collaborative workflows like email, file sharing, and SaaS apps. In this episode of CyberWire-X, the CyberWire’s Rick Howard and Dave Bittner explore modern approaches for applying and enforcing policy and access controls to sensitive data which inevitably leaves your possession but still deserves just as much security as the data that you possess internally. Rick and Dave are joined by guests Bill Newhouse, Cybersecurity Engineer at National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence (NCCoE), and Dana Morris, Senior Vice President for Product and Engineering of our episode sponsor Virtru.
S7 E1824 · Tue, May 16, 2023
DDoS trends. Asia sees a Lancefly infestation. Lessons from cyber actuaries. Infostealers in the C2C market. False flags.
DDoS "carpet bombing." Lancefly infests Asian targets. Cyber insurance trends. Infostealers in the C2C market. A Russian espionage service is masquerading as a criminal gang. KillNet’s running a psyop radio station of questionable quality. Joe Carrigan describes baiting fraudsters with fake crypto. Our guest is Gemma Moore of Cyberis talking about how red teaming can upskill detection and response teams. And geopolitical DDoS. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/94 Selected reading. 2023 DDoS Threat Intelligence Report (Corero) Lancefly: Group Uses Custom Backdoor to Target Orgs in Government, Aviation, Other Sectors (Symantec) 2023 Cyber Claims Report (Coalition) The Growing Threat from Infostealers (Secureworks) Cybercriminals who targeted Ukraine are actually Russian government hackers, researchers say (TechCrunch) DDoS Attacks Targeting NATO Members Increasing (Netscout) Following the long-running Russian aggression against Ukraine. (The CyberWire)
S7 E1823 · Mon, May 15, 2023
Ransomware, doxxing, and data breaches, oh my! State fronts and cyber offensives.
Discord sees a third-party data breach. Black Basta conducts a ransomware attack against technology company ABB. Intrusion Truth returns to dox APT41. Anonymous Sudan looks like a Russian front operation. Attribution and motivation of "RedStinger" remain murky. CISA summarizes Russian cyber offensives. Remote code execution exploits Ruckus in the wild. Our guest is Dave Russell from Veeam with insights on data protection. Matt O'Neill from the US Secret Service on their efforts to thwart email compromise and romance scams. And espionage by way of YouTube comments. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/93 Selected reading. Discord discloses data breach after support agent got hacked (Bleeping Computer) Discord suffered a data after third-party support agent was hacked (Security Affairs) Multinational tech firm ABB hit by Black Basta ransomware attack (Bleeping Computer) Breaking: ABB confirms cyberattack; work underway to restore operations (ET CISO) Black Basta conducts ransomware attack against Swiss technology company ABB (The CyberWire) They dox Chinese hackers. Now, they’re back. (Washington Post) What’s Cracking at the Kerui Cracking Academy? (Intrusion Truth) Posing as Islamists, Russian Hackers Take Aim at Sweden (Bloomberg) Anonymous Sudan: Threat Intelligence Report (TrueSec) Uncovering RedStinger - Undetected APT cyber operations in Eastern Europe since 2020 (Malwarebytes) Russian ‘Red Stealer’ cyberattacks target breakaway territories in Ukraine (Cybernews) <a href="https://www.cisa.go
Bonus · Sun, May 14, 2023
Steve Benton: Mixing like a DJ. [VP] [Career Notes]
Steve Benton, Vice President at Anomali Threat Research & GM Belfast, sits down to share his story as a cybersecurity expert with a surplus of strategic leadership experience across cyber and physical security rooted in substantial operational directorship and accountability. Steve shares his beginnings, where he wanted to grow up to be a rockstar, slowly moving into the world of tech with his first ever computer and falling in love with it. After graduating from Queens University with a degree in information technology, he joined British Telecommunications or BT, where he got to put his new found skills to use. Steve mentions how his job is kind of like being a DJ almost and says " a typical day for me is looking at the intelligence that we're bringing in, mixing it as it were to think of a slight, like DJs with a set of headphones on creating the right kind of mixes of intelligence for our clients." We thank Steve for sharing his story with us.
Bonus · Sat, May 13, 2023
Running away from operation Tainted Love. [Research Saturday]
Aleksandar Milenkoski and Juan Andres Guerrero-Saade from SentinelOne's SentinelLabs join Dave to discuss their research "Operation Tainted Love | Chinese APTs Target Telcos in New Attacks." Researchers found initial phases of attacks against telecommunication providers in the Middle East in Q1 in 2023. The research states "We assess that this activity represents an evolution of tooling associated with Operation Soft Cell." While the exact grouping is unclear, researchers think it is highly likely that the threat actor is a Chinese cyberespionage group in the nexus of Gallium and APT41. The research can be found here: Operation Tainted Love | Chinese APTs Target Telcos in New Attacks
Bonus · Fri, May 12, 2023
CISA Alert AA23-131A – Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG.
FBI and CISA are releasing this joint Cybersecurity Advisory in response to the active exploitation of CVE-2023-27350. This vulnerability occurs in certain versions of PaperCut NG and PaperCut MF, software applications that help organizations manage printing services, and enables an unauthenticated actor to execute malicious code remotely without credentials. AA23-131A Alert, Technical Details, and Mitigations PaperCut: URGENT | PaperCut MF/NG vulnerability bulletin (March 2023) Huntress: Critical Vulnerabilities in PaperCut Print Management Software No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment . See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening MSP and customer infrastructure. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov , or call (888) 282-0870, or report incidents to your local FBI field office.
S7 E1822 · Fri, May 12, 2023
Babuk resurfaces for criminal inspiration. Alert on PaperCut vulnerability exploitation. Too many bad bots. Phishing-as-a-service in the C2C market. KillNet's PMHC regrets.
Babuk source code provides criminal inspiration. CISA and FBI release a joint report on PaperCut. There are more bad bots out there than anyone would like. Phishing-as-a-service tools in the C2C market. CISA’s Eric Goldstein advocates the adoption of strong controls, defensible networks and coordination of strategic cyber risks. Our cyberwire producer Liz Irvin speaks with Crystle-Day Villanueva, Learning and Development Specialist for Lumu Technologies. And KillNet’s short-lived venture, with a dash of regret. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/92 Selected reading. Babuk code used by 9 ransomware gangs to encrypt VMWare ESXi servers (Bleeping Computer) Ransomware actors adopt leaked Babuk code to hit Linux systems (Decipher) Hypervisor Ransomware | Multiple Threat Actor Groups Hop on Leaked Babuk Code to Build ESXi Lockers (SentinelOne) Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG (CISA) CVE-2023-27350 Detail (NIST) Proofpoint Emerging Threats Rules (Proofpoint) 2023 Imperva Bad Bot Report (Imperva) New phishing-as-a-service tool “Greatness” already seen in the wild (Cisco Talos) Ukraine at D+442: Russians say the Ukrainian counteroffensive has begun. (CyberWire)
S7 E1821 · Thu, May 11, 2023
Ransomware and social engineering trends. Expired certificate addressed. Ransomware groups target schools. Cyber updates in the hybrid war.
A Ransomware report highlights targeting and classification. Phishing remains a major threat. Cisco addresses an expired certificate issue. LockBit and Medusa hit school districts with ransomware. US and Canadian cyber units wrap up a hunt-forward mission in Latvia. Ben Yelin on NYPD surveillance. Our CyberWire producer Liz Irvin interviews Damien Lewke, a graduate student at MIT. And an unknown threat actor is collecting against both Russia and Ukraine. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/90 Selected reading. GRIT Ransomware Report: April 2023 (GuidePoint Security) DNSFilter State of Internet Security - Q1 2023 (DNSFilter) Identify vEdge Certificate Expired on May 9th 2023 (Cisco) The State of Ransomware Attacks in Education 2023: Trends and Solutions (Veriti) US Cyber Command 'Hunts Forward' in Latvia (Voice of America) US cyber team unearths malware during ‘hunt-forward’ mission in Latvia (C4ISRNET) Uncovering RedStinger - Undetected APT cyber operations in Eastern Europe since 2020 (Malwarebytes) Bad magic: new APT found in the area of Russo-Ukrainian conflict (Kaspersky)
Bonus · Thu, May 11, 2023
CISA Alert AA23-129A – Hunting Russian intelligence “Snake” malware.
The Snake implant is considered the most sophisticated cyber espionage tool designed and used by Center 16 of Russia’s Federal Security Service, or FSB, for long-term intelligence collection on sensitive targets. AA23-129A Alert, Technical Details, and Mitigations For more information on FSB and Russian state-sponsored cyber activity, please see the joint advisory Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure and CISA’s Russia Cyber Threat Overview and Advisories webpage . No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment . See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening MSP and customer infrastructure. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov , or call (888) 282-0870, or report incidents to your local FBI field office.
S7 E1820 · Wed, May 10, 2023
Five Eyes disrupt FSB’s Snake malware. From DDoS to cryptojacking. Ransomware trends. Yesterday’s Patch Tuesday is in the books.
The Five Eyes disrupt Russia’s FSB Snake cyberespionage infrastructure. Shifting gears: from DDoS to cryptojacking. Trends in ransomware. Our guest is Steve Benton from Anomali with insights on potential industry headwinds. Ann Johnson from Afternoon Cyber Tea speaks with Roland Cloutier about risk and resilience in the modern era. And yesterday’s Patch Tuesday is now in the books, including a work-around for a patch from this past March. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/90 Selected reading. Patch Tuesday notes. (The CyberWire) U.S. Agencies and Allies Partner to Identify Russian Snake Malware Infrastructure Worldwide (US National Security Agency) Hunting Russian Intelligence “Snake” Malware (Joint Cybersecurity Advisory) RapperBot DDoS Botnet Expands into Cryptojacking (Fortinet) The State of Ransomware 2023 (Sophos) From One Vulnerability to Another: Outlook Patch Analysis Reveals Important Flaw in Windows API (Akamai) Windows MSHTML Platform Security Feature Bypass Vulnerability (Microsoft)
S7 E1819 · Tue, May 09, 2023
State-sponsored and state-promoted cyber campaigns. A look at Royal ransomware. A new wave of BEC. Man-in-the-middle attacks rising.
An analysis of Royal ransomware. PaperCut vulnerability detection methods can be bypassed. Man-in-the-middle phishing attacks are on the rise. A new wave of BEC attacks from an unexpected source. Thomas Etheridge from CrowdStrike, has the latest threat landscape trends. Our guest is Dan Amiga of Island with insights on the enterprise browser category. And a look into recent Russian cyberattacks against Ukraine. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/89 Selected reading. Threat Assessment: Royal Ransomware (Unit 42) PaperCut Exploitation - A Different Path to Code Execution (VulnCheck) New PaperCut RCE exploit created that bypasses existing detections (Bleeping Computer) Man-in-the-Middle (MitM) attacks reaching inboxes increase 35% since 2022 (Cofense) Exploring the Rise of Israel-Based BEC Attacks (Abnormal Security) Russians launch mass cyber attack on online service for queueing to cross border by trucks (Ukrainska Pravda) Reverting UAC-0006: Mass distribution of SmokeLoader using the "accounts" theme (CERT-UA#6613) (CERT-UA)
S7 E1818 · Mon, May 08, 2023
Developments in the ransomware underworld: ALPHV, Akira, Cactus, and Royal. Some organizations remain vulnerable to problems with unpatched Go-Anywhere instances.
ALPHV claims responsibility for a cyberattack on Constellation Software. A new Akira ransomware campaign spreads. CACTUS is a new ransomware leveraging VPNs to infiltrate its target. Many organizations are still vulnerable to the Go-Anywhere MFT vulnerability. Russian hacktivists interfere with the French Senate's website. Keith Mularski from EY, details their "State of the Hack" report. Emily Austin from Censys discusses the State of the Internet. And ransomware gangs target local governments in Texas and California. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/88 Selected reading. ALPHV gang claims ransomware attack on Constellation Software (BleepingComputer) Constellation Software hit by cyber attack, some personal information stolen (IT World Canada) Press Release of Constellation Software Inc. (GlobeNewswire News Room) Meet Akira — A new ransomware operation targeting the enterprise (BleepingComputer) New Cactus ransomware encrypts itself to evade antivirus (BleepingComputer) Pro-Russian Hackers Claim Downing of French Senate Website (SecurityWeek) Dallas cyberattack highlights ransomware’s risks to public safety, health (Washington Post) Hacked: Dallas Ransomware Attack Disrupts City Services (Dallas Observer) City of Dallas Continues Battling Ransomware Attack for Third Day (NBC 5 Dallas-Fort Worth) San Bernardino County pays hackers $1.1 million ransom after cyber attack (Victorville Daily Press) San Bernardino County pays $
Bonus · Sun, May 07, 2023
Shelley Ma: The mystery behind cybersecurity. [Response Lead] [Career Notes]
Shelley Ma, Incident Response Lead at Coalition sits down to share her story, starting all the way back when she was a kid and fell in love with playing the game "NeoPets" that ended up paving the way for her future in cybersecurity. After starting this journey, she shares how she became intrigued with crime and mystery shows, which ultimately spawned an interest in forensic science. She ended up signing up for an internship program that she was able to get into, which she says was a pivotal change for her that provided her the chance to begin her career. She shares the advice that if anyone is looking to get into this career, she highly recommends looking into the career before beginning. Following some advise given to her by a professor and mentor, she says that telling the truth helps her deal with adversity in the workplace. Shelley says "In our industry, there are so many opportunities for our opinions and testimonies to be coerced and swayed. I refuse to do that and every time I come back to what my professor said, if you don't want to spend the rest of your life looking over your shoulders, just simply tell the truth." We thank Shelley for sharing her story with us.
Bonus · Sat, May 06, 2023
Phishing campaign takes the energy out of Chinese nuclear industry. [Research Saturday]
Ryan Robinson from Intezer to discuss his team's work on "Phishing Campaign Targets Chinese Nuclear Energy Industry." The research team discovered activity targeting the nuclear energy industry in China. Researchers attributed the activity to Bitter APT, a South Asian APT that is known to target the energy, manufacturing and government sectors, mainly in Pakistan, China, Bangladesh, and Saudi Arabia. The article states "We identified seven emails pretending to be from the Embassy of Kyrgyzstan, being sent to recipients in the nuclear energy industry in China. In some emails, people and entities in academia are also targeted, also related to nuclear energy." By luring recipients in, invites them to join conferences on subjects that are relevant to them, they are then able to social engineer the victims. The research can be found here: Phishing Campaign Targets Chinese Nuclear Energy Industry
S7 E1817 · Fri, May 05, 2023
DPRK's Kimsuki spearphishes. A standards strategy for AI. Ransomware Task Force retrospective. KillNet's new menu. Ex Uber CSO sentenced for data breach cover-up.
Kimsuki has a new reconnaissance tool. The Biden administration shares plans for AI. Reports on the ransomware taskforce report. KillNet recommits to turning a profit. Deepen Desai from Zscaler has the latest stats on Phishing. Our guest is Karen Worstell from VMware with a conversation about inclusivity. And the former CSO at Uber is sentenced. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/87 Selected reading. Kimsuky Evolves Reconnaissance Capabilities in New Global Campaign (SentinelOne) Ransomware Task Force Gaining Ground - May 2023 Progress Report (Ransomware Task Force) Influential task force takes stock of progress against ransomware (Washington Post) For Money and Attention: Killnet Apparently Reorganizes Again (Flashpoint) Killnet Ostracizes Leader of Anonymous Russia, Adding New Chapter to Pro-Kremlin Hacktivist Drama (Flashpoint) Former Uber CSO Joe Sullivan Avoids Prison Time Over Data Breach Cover-Up (Security Week) Former Uber security chief Sullivan avoids prison in data breach case (Washington Post)
S7 E1816 · Thu, May 04, 2023
Cyberespionage, straight out of Beijing, Teheran, and Moscow. Developments in the criminal underworld. Indictment in a dark web carder case.
An APT41 subgroup uses new techniques to bypass security products. Iranian cyberespionage group MuddyWater is using Managed Service Provider tools. Wipers reappear in Ukrainian networks. Meta observes and disrupts the new NodeStealer malware campaign. The City of Dallas is moderately affected by a ransomware attack. My conversation with Karin Voodla, part of the US State Department’s Cyber fellowship program. Lesley Carhart from Dragos shares Real World Stories of Incident Response and Threat Intelligence. And there’s been an indictment and a takedown in a major dark web carder case. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/86 Selected reading. Attack on Security Titans: Earth Longzhi Returns With New Tricks (Trend Micro) APT groups muddying the waters for MSPs (ESET) Russian hackers use WinRAR to wipe Ukraine state agency’s data (BleepingComputer) WinRAR as a "cyberweapon". Destructive cyberattack UAC-0165 (probably Sandworm) on the public sector of Ukraine using RoarBat (CERT-UA#6550) (CERT-UA) The malware threat landscape: NodeStealer, DuckTail, and more (Engineering at Meta) Facebook disrupts new NodeStealer information-stealing malware (BleepingComputer) NodeStealer Malware Targets Gmail, Outlook, Facebook Credentials (Decipher) City of Dallas likely targeted in ransomware attack, city official says (Dallas News) Cybercriminal Network Fueling the Global Stolen Credit Card Trade is Dismantled (US Department of Justice) Secret Service, State Department Offer Up To $10 Million Dollar Reward For Information On Wanted International Fugitive (US Secret Service) <a href="https://www.bleepingcomputer.com/news/security/police-dismantles-try2check-credit-card-verifier-used-by-da
S7 E1815 · Wed, May 03, 2023
Iran integrates influence and cyber operations. ChatGPT use and misuse. Trends in the cyber underworld. Hybrid warfare and cyber insurance war clauses.
Iran integrates influence and cyber operations. ChatGPT use and misuse. Phishing reports increased significantly so far in 2023, while HTML attacks double. An update on the Discord Papers. Cyberstrikes against civilian targets. My conversation with our own Simone Petrella on emerging cyber workforce strategies. Tim Starks from the Washington Post joins me with reflections on the RSA conference. And, turns out, a war clause cannot be invoked in denying damage claims in the NotPetya attacks (at least not in the Garden State). For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/85 Selected reading. Rinse and repeat: Iran accelerates its cyber influence operations worldwide (Microsoft On the Issues) ChatGPT Confirms Data Breach, Raising Security Concerns (Security Intelligence) Samsung Bans Generative AI Use by Staff After ChatGPT Data Leak (Bloomberg) Malicious email campaigns abusing Telegram bots rise tremendously in Q1 2023, surpassing all of 2022 by 310% (Cofense) Threat Spotlight: Proportion of malicious HTML attachments doubles within a year (Barracuda) Zelensky says White House told him nothing about Discord intelligence leaks (Washington Post) Russia attacks civilian infrastructure in cyberspace just as it does on ground - watchdog (Ukrinform) Merck’s Insurers On the Hook in $1.4 Billion NotPetya Attack, Court Says (Wall Street Journal) Merck entitled to $1.4B in cyberattack case after court rejects insurers' 'warlike action' claim (Fierce Pharma)
S7 E1814 · Tue, May 02, 2023
From cryptostealers to CCTV exploits, from Magecart enhancements to coronation phishbait, cybercriminals have been active. (But so have law enforcement agencies.)
LOBSHOT is a cryptowallet stealer abusing Google Ads. Coronation phishbait. A known CCTV vulnerability is currently being exploited. T-Mobile discloses another, smaller data breach. New Magecart exploits. Preliminary lessons from cyber operations during Russia's war. Rob Boyce from Accenture shares insights from RSA Conference. Our special guest is NSA Director of Cybersecurity Rob Joyce. And Europol announces a major dark web market takedown. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/84 Selected reading. New LOBSHOT malware gives hackers hidden VNC access to Windows devices (BleepingComputer) New 'Lobshot' hVNC Malware Used by Russian Cybercriminals (SecurityWeek) Elastic Security Labs discovers the LOBSHOT malware (Elastic Blog) Researchers see surge in scam websites linked to coronation (Computer Weekly) TBK DVR Authentication Bypass Attack (FortiGuard) T-Mobile discloses second data breach since the start of 2023 (BleepingComputer) T-Mobile discloses 2nd data breach of 2023, this one leaking account PINs and more (Ars Technica) T-Mobile Announces Another Data Breach (CNET) Magecart threat actor rolls out convincing modal forms (Malwarebytes) Cyber lessons from Ukraine: Prepare for prolonged conflict, not a knockout blow (Breaking Defense) 288 dark web vendors arrested in major marketplace seizure (Europol)
S7 E1813 · Mon, May 01, 2023
FDA warns of biomed device vulnerability. Ransomware's effects continue at US Marshals Service fugitive tracking. US DoJ shifts to disruption of cybercrime. GRU phishing. KillNet’s ask-me-anything.
The FDA warns of a vulnerability affecting biomedical devices. Ransomware's effects continue to trouble the US Marshals Service. The US Justice Department shifts how it deals with large scale cybercrime. Fresh phish from the GRU. Caleb Barlow looks at unicorns and zombiecorns. Our guest Manoj Sharma from Symantec explains the differences between Zero Trust and SASE. And KillNet runs an ask-me-anything session. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/83 Selected reading. Illumina cyber vulnerability may present risks for patient results (U.S. Food and Drug Administration) CISA, FDA warn of new Illumina DNA device vulnerability (Record Key law enforcement computers still down 10 weeks after breach (Washington Post) Feds Prioritizing Disruptions Over Arrests in Cyberattack Cases (PCMAG) "Ashamed" LockBit ransomware gang apologises to hacked school, offers free decryption tool (Hot for Security) APT28 cyberattack: distribution of emails with "instructions" on "updating the operating system" (CERT-UA#6562) (CERT-UA) Hackers use fake ‘Windows Update’ guides to target Ukrainian govt (BleepingComputer) Ukraine at D+431: Drone strikes and phishing expeditions. (CyberWire)
Bonus · Sun, April 30, 2023
Perry Carpenter: Turning composition into computing. [Strategy] [Career Notes]
Perry Carpenter, Chief Evangelist and Strategy Officer at KnowBe4 and host of the 8th Layer Insights podcast, sits down to share his story trying different paths, before ultimately switching over to the cyber industry. After trying to go down the paths of music and law and finding neither were what he wanted to do, he decided to take an internship to get more into computer programming. That led him to getting his first job. After his first job, he moved onto other big name companies like Walmart, Alltel, and Gartner, and landing finally with KnowBe4. He compares his work to working with music, when he initially wanted to begin making music early in his career. He says "I think for me, when it was the kind of the connection between music and computing is that whenever you're kind of joining things together or at a, a musical scale to make chords, or whenever you're adding different, um, instruments and octaves together or timbers together to get some kind of bigger result." We thank Perry for sharing his story.
Bonus · Sat, April 29, 2023
HinataBot focuses on DDoS attack. [Research Saturday]
This week our guests are, Larry Cashdollar, Chad Seaman and Allen West from Akamai Technologies, and they are discussing their research on "Uncovering HinataBot: A Deep Dive into a Go-Based Threat." The team discovered a new Go-based, DDoS-focused botnet. They found it was named after the popular anime show "Naruto," they are calling it "HinataBot" In the research it says "HinataBot was seen being distributed during the first three months of 2023 and is actively being updated by the authors/operators." Akamai was able to get a deep look into the malware works by using a combination of reverse engineering the malware and imitating the command and control (C2) server. The research can be found here: Uncovering HinataBot: A Deep Dive into a Go-Based Threat
S7 E1812 · Fri, April 28, 2023
What’s now being traded in the C2C markets. CISA would like comments on its software self-attestation form. And in Russia’s hybrid war, are there cyber war crimes, or real hacktivists?
Cl0p and LockBit exploit PaperCut vulnerability in ransomware campaigns. Infostealer traded in the C2C market. All ads are trying to get your money, but some just take it. CISA requests comment on software self-attestation form. Our guest is Marcin Kleczynski, CEO of Malwarebytes, sharing thoughts on the current threat landscape, attacks on students and academic institutions. Betsy Carmelite from Booz Allen, discussing themes from the RSAC tied into critical infrastructure resilience. Ukraine argues that cyberattacks against civilian infrastructure should be classified as war crimes. And are there any genuine disinterested hacktivists on Russia's side, or are they all fronts? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/82 Selected reading. Microsoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware (The Hacker News) Microsoft: Clop and LockBit ransomware behind PaperCut server hacks (BleepingComputer) New 'Atomic macOS Stealer' Malware Offered for $1,000 Per Month (SecurityWeek) “Malverposting” — With Over 500K Estimated Infections, Facebook Ads Fuel This Evolving Stealer… (Guardio) Request for Comment on Secure Software Self-Attestation Common Form (CISA) OMB, CISA set to release common form for software self-attestation (FCW) Pro-Russian hacktivism isn’t real, top Ukrainian cyber official says (CyberScoop) Pro-Russian hacktivism isn't real, top Ukrainian cyber official says (CyberScoop)
S7 E1811 · Thu, April 27, 2023
Waging lawfare against criminal infrastructure. Notes from the cyber underworld. Hybrid war, and cyber ops across the spectrum of conflict. And what do the bots want? (Hint: kicks.)
Google targets CryptBot malware infrastructure. FIN7 attacked Veeam servers to steal credentials. Ransomware-as-a-service offering threatens Linux systems. Evasive Panda targets NGOs in China. Anonymous Sudan is active against targets in Israel. Russian ransomware operations aim at disrupting supply chains into Ukraine. Our guest is Stuart McClure, CEO of Qwiet AI. Microsoft’s Ann Johnson stops by with her take on the RSA conference. And bots want new kicks. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/81 Selected reading. Continuing our work to hold cybercriminal ecosystems accountable (Google) Google Disrupts Massive CryptBot Malware Operation (Decipher) Google disrupts malware that steals sensitive data from Chrome users (TechCrunch) FIN7 Hackers Caught Exploiting Recent Veeam Vulnerability (SecurityWeek) RTM Locker Ransomware as a Service (RaaS) Now on Linux (Uptycs) Evasive Panda APT group delivers malware via updates for popular Chinese software (WeLiveSecurity) NSA sees 'significant' Russian intel gathering on European, U.S. supply chain entities (CyberScoop) Ukraine at D+427: Russian cyberattacks and disinformation before Ukraine's spring offensive. (CyberWire) Releasing leak suspect a national security risk, feds say (AP NEWS) Pentagon leak suspect may still have access to classified info, court filings allege (the Guardian) Netacea Quarterly Index: Top 5 Scalper Bot Targets of Q1 2023 (Netacea)
S7 E1810 · Wed, April 26, 2023
BellaCiao from Tehran; PingPull from Beijing: two cyberespionage tools. SLP exploitation. Ransomware as an international threat. The state of hacktivism. Digital evidence or war crimes.
BellaCiao is malware from Iran's IRGC, while PingPull is malware used by the Chinese government affiliated Tarus Group. Ransomware continues to be a pervasive international threat. An overview of hacktivism. Our guest is CyberMindz founder Peter Coroneos, discussing the importance of mental health in cybersecurity. Johannes Ullrich shares insights from his RSAC panel discussions. And Ukraine continues to collect evidence of Russian war crimes. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/80 Selected reading. Unpacking BellaCiao: A Closer Look at Iran’s Latest Malware (Bitdefender Blog) Chinese Alloy Taurus Updates PingPull Malware (Unit 42) Abuse of the Service Location Protocol May Lead to DoS Attacks (Cybersecurity and Infrastructure Security Agency CISA) #RSAC: Ransomware Poses Growing Threat to Five Eyes Nations (Infosecurity Magazine) Hacktivism Unveiled, April 2023 Insights into the footprints of hacktivists (Radware) FBI aiding Ukraine in collection of digital and physical war crime evidence (CyberScoop)
S7 E1809 · Tue, April 25, 2023
BlackCat follows Cl0p to GoAnywhere. Mirai gets an upgrade. Deterring cyber war. Homeland Secrity’s cyber priorities. Action against DPRK cryptocrooks. What KillNet’s up to.
BlackCat (ALPHV) follows Cl0p, exploiting the GoAnywhere MFA vulnerability. The Mirai botnet exploits a vulnerability disclosed at Pwn2Own. An RSAC presentation describes US response to Russian prewar and wartime cyber operations. The US Department of Homeland Security outlines cyber priorities. Andrea Little Limbago from Interos shares insights from her RSAC 2023 panels. US indicts, sanctions DPRK operators in crypto-laundering campaign. My guest is Marc van Zadelhoff, CEO of Devo, with insights from the conference. And the latest on KillNet. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/79 Selected reading. BlackCat Ransomware Group Exploits GoAnywhere Vulnerability (At-Bay) Zero Day Initiative — TP-Link WAN-side Vulnerability CVE-2023-1389 Added to the Mirai Botnet Arsenal (Zero Day Initiative) Years after discovery of SolarWinds breach, Russian hackers could be struggling (Washington Post) U.S. deploys more cyber forces abroad to help fight hackers (Reuters) DHS Outlines Cyber Priorities in Release of Delayed Review (Nextgov.com) US sanctions supporters of North Korean hackers, Iranian cyberspace head (Record) North Korean Foreign Trade Bank Rep Charged for Role in Two Crypto Laundering Conspiracies (Department of Justice. U.S. Attorney's Office District of Columbia) Treasury Targets Actors Facilitating Illicit DPRK Financial Activity in Support of Weapons Programs (U.S. Department of the Treasury)
S7 E1808 · Mon, April 24, 2023
Supply-chain attack's effects spread. CISA makes new KEV entries. Bumblebee malware loader describes. Decoy Dog toolset discovered. Discord Papers were shared earlier and more widely.
3CX is not the only victim in the recent supply chain attack. The PaperCut critical vulnerability is under active exploitation. The Bumblebee malware loader is buzzing around in the wild. A new unique malware toolkit called Decoy Dog. Our guest Theresa Lanowitz from AT&T Cybersecurity shares insights on Securing the Edge. And the alleged Discord Papers leaker shared earlier and more widely than previously known. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/78 Selected reading. 3CX Hackers Also Compromised Critical Infrastructure Firms (Infosecurity Magazine) That 3CX supply chain attack keeps getting worse (Register) Energy sector orgs in US, Europe hit by same supply chain attack as 3CX (Record) Even more victims found in complex 3CX supply chain attack (CybersecurityConnect) X_Trader Supply Chain Attack Affects Critical Infrastructure Organizations in U.S. and Europe (Symantec Enterprise Blogs) URGENT | PaperCut MF/NG vulnerability bulletin (March 2023) (PaperCut) PaperCut CVE-2023-27350 Deep Dive and Indicators of Compromise (Horizon3.ai) Russian Hackers Suspected in Ongoing Exploitation of Unpatched PaperCut Servers (The Hacker News) CISA KEV Breakdown | April 21, 2023 (Nucleus Security) CISA Adds Three Known Exploited Vulnerabilities to Catalog (Cybersecurity and Infrastructure Security Agency CISA) CISA Adds 3 Actively Exploited Flaws to KEV Catalog, including Critical PaperCut Bug (The Hacker News) CISA adds printer bug, Chrome zero-day and ChatGPT issue to exploited vulnerabilities catalog (Record) Bumblebee Malware Distributed Via Trojaniz
S1 E16 · Sun, April 23, 2023
Master Gunnery Sergeant Scott Stalker from US Space Command: goals and risks in the digital space operating environment.
T-Minus Deep Space Guest Scott Stalker, Command Senior Enlisted Leader at US Space Command , shares how the combatant command is adapting to new challenges in the digital era of space operations, new operational concepts, and building the force to deter aggression. You can follow US Space Command on LinkedIn and Twitter , and you can follow MGySgt Scott Stalker on LinkedIn . Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence briefing, Signals and Space , and you’ll never miss a beat . Audience Survey We want to hear from you! Please complete our wicked fast 4 question survey . It’ll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders in the industry. Here’s a link to our media kit . Contact us at space@n2k.com to request more info about sponsoring T-Minus. Want to join us for an interview? Please send your interview pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal, and our editor will get back to you for scheduling. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.
Bonus · Sun, April 23, 2023
Maria Varmazis: Combining cyber and space. [Space] [Career Notes]
Maria Varmazis, N2K's Space Correspondent and host of N2K's newest podcast T-Minus, sits down to share her journey on combining her two passions of space and cyber. Maria grew up wanting to be an astronomer, in school she focused on joining anything with technology and enjoyed the classes that made her think. After transferring to a new college, she went into journalism, absolutely falling in love with the new career path she had made for herself. She got herself a job at Sophos and that's where she learned about cybersecurity. Now she discusses cyber and space in her new podcast, combining her two passions into one for all to understand. Maria discusses some of the setbacks she overcame in this industry and shares the wise advice of "I would never pretend that failure isn't painful, but it is an incredible teaching tool. So if you feel like you've had a huge career fail or a really big misstep, you can still pivot from that and you can make that into something." We thank Maria for sharing her story with us.
Bonus · Sat, April 22, 2023
Don't let the Elon Musk crypto giveaway scam swindle you. [Research Saturday]
Shiran Guez from Akamai sits down with Dave to discuss their research on "Chatbots, Celebrities, and Victim Retargeting and Why Crypto Giveaway Scams Are Still So Successful." Researchers at Akamai have been on the lookout for crypto giveaway scams. These scams have been impersonating celebrities and brands, most notably Elon Musk and his associated companies. The research states "the scams are delivered through various social media platforms as well as direct messaging apps such as WhatsApp or Telegram." These scams have helped add to the existing damages that exceed $1 billion caused by crypto fraud. The research can be found here: Chatbots, Celebrities, and Victim Retargeting: Why Crypto Giveaway Scams Are Still So Successful
S7 E1807 · Fri, April 21, 2023
Daggerfly swarms African telco. EvilExtractor described. Patriotic hacktivism in East Asia. Updates on Russia's hybrid war suggest that cyber warfare has some distinctive challenges.
Daggerfly APT targets an African telecommunications provider. EvilExtractor is an alleged teaching tool apparently gone bad. A Chinese speaking threat group is active against Taiwan and South Korea. Europe’s air traffic control is under attack. Cecilia Marinier from RSAC and Barmak Meftah, a judge of ISB, discuss the RSA innovation sandbox. Awais Rashid from University of Bristol on the cybersecurity of smart farming. Forget about those evil maids. What about these evil sys admins? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/77 Selected reading. Daggerfly: APT Actor Targets Telecoms Company in Africa (Symantec) EvilExtractor – All-in-One Stealer (Fortinet Blog) Chinese-language threat group targeted a dozen South Korean institutions (Record) Xiaoqiying/Genesis Day Threat Actor Group Targets South Korea, Taiwan (Recorded Future) WSJ News Exclusive | Europe’s Air-Traffic Agency Under Attack From Pro-Russian Hackers (Wall Street Journal) Intelligence Leaks Cast Spotlight on a Recurring Insider Threat: Tech Support (Wall Street Journal) Russia’s invasion of Ukraine is also being fought in cyberspace (Atlantic Council) CFP European Cybersecurity Seminar 2023-2024 (European Cyber Conflict Research Initiative) #CYBERUK23: Russian Cyber Offensive Exhibits ‘Unprecedented’ Speed and Agility (Infosecurity Magazine)
S7 E1806 · Thu, April 20, 2023
Two-step supply-chain attack. Plugging leaks, in both Mother Russia and the Land of the Free and the Home of the Brave. Belarus remains a player in the cyber war.
The 3CX compromise involved a two-stage supply-chain attack. Impersonating ChatGPT. Russia's security organs say they're cracking down on leaks. Updates on the Discord Papers case. Belarus arrests a pro-Russian hacktivist. Rob Boyce from Accenture Security on Dark Web cyber criminals targeting CRM systems. Our guest is Mike Loewy from the Tide Foundation, with an innovative approach to distributed key security. And, is Minsk going wobbly on Moscow? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/76 Selected reading. 3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible (Mandiant) ChatGPT-Themed Scam Attacks Are on the Rise (Palo Alto Networks Unit 42) Russian Offensive Campaign Assessment, April 19, 2023 (Institute for the Study of War) Belarus-linked hacking group targets Poland with new disinformation campaign (Record) Killnet Ostracizes Leader of Anonymous Russia, Adding New Chapter to Pro-Kremlin Hacktivist Drama (Flashpoint) Belarus-linked hacking group targets Poland with new disinformation campaign (Record)
Bonus · Thu, April 20, 2023
CISA Alert AA23-108A – APT28 exploits known vulnerability to carry out reconnaissance and deploy malware on Cisco routers.
The UK National Cyber Security Centre (NCSC), NSA, CISA, and FBI are releasing this joint advisory to provide TTPs associated with APT28’s exploitation of Cisco routers in 2021. AA23-108A Alert, Technical Details, and Mitigations Malware Analysis Report Resource to mitigate a ransomware attack: CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide . No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment . See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening MSP and customer infrastructure. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov , or call (888) 282-0870, or report incidents to your local FBI field office.
S7 E1805 · Wed, April 19, 2023
Play ransomware's new tools. A look at what the GRU’s been up to. US Air Force opens investigation into alleged leaker's Air National Guard wing. KillNet’s new hacker course: “Dark School.”
Play ransomware's new tools. Fancy Bear is out and about. Updates on Sandworm. Ransomware in Russia's war against Ukraine. The US Air Force opens an investigation into the alleged leaker's Air National Guard wing. The Washington Post’s Tim Starks joins us with insights on the Biden administration's attempts to better secure the water supply. Carole Theriault chats with Cisco Talos' Vanja Svacjer about the threat landscape, now and tomorrow. And KillNet’s in the education business with a new hacker course: “Dark School.” For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/75 Selected reading. Play Ransomware Group Using New Custom Data-Gathering Tools (Symantec) NCSC-UK, NSA, and Partners Advise about APT28 Exploitation of Cisco Routers (National Security Agency/Central Security Service) APT28 exploits known vulnerability to carry out reconnaissance and deploy malware on Cisco routers (NCSC) State-sponsored campaigns target global network infrastructure (Cisco Talos Blog) Ukraine remains Russia’s biggest cyber focus in 2023 (Google) Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape (Google Threat Analysis Group) M-Trends 2023: Cybersecurity Insights From the Frontlines (Mandiant) Faltering against Ukraine, Russian hackers resort to ransomware: Researchers (Breaking Defense) Air Force unit in document leaks case loses intel mission (AP NEWS) Pentagon Details Review of Policies for Handling Classified Information (New York Times) Ukra
S1 E11 · Wed, April 19, 2023
A Symposium, a wet dress, a new fund, and it’s only Monday. [T-Minus Space Daily]
Brace yourselves, it’s Space Symposium week! Wet dress rehearsal for Starship. UK launches the International Bilateral Fund. Orbit Fab gets a series A round. Boeing announces their anti-jam payload for WGS. The FAA wants to balance air travel and space travel. Our interview with Steve Luczynski, Board Chair of the Aerospace Village, on their mission, programs, and upcoming activities at the RSA Conference next week. All this and more. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence briefing, Signals and Space , and you’ll never miss a beat . T-Minus Guest Our featured guest is Steve Luczynski, Board Chair of the Aerospace Village, on the Aerospace Village nonprofit, their mission, their programs, and their upcoming activities at the RSA Conference next week. You can follow Steve on LinkedIn and Twitter . Selected Reading SpaceX's launch of Starship could remake space exploration | Washington Post UK Space Agency funding for international space partnerships | GOV.UK . SpaceX launches seventh Transporter rideshare mission | SpaceNews Exolaunch’s 21 rideshare smallsats deployed during the SpaceX Transporter-7 mission | SatNews HawkEye 360’s nexgen Cluster 7 smallsats are successfully launched | SatNews TrustPoint Announces Launch of First Commercially-Funded, Purpose-Built PNT Microsatellite | Business Wire China claims its Space Station has achieved 100% oxygen regeneration
S7 E1804 · Tue, April 18, 2023
Iranian threat actor exploits N-day vulnerabilities. Subdomain hijacking vulnerabilities. The Discord Papers. An update on Russia’s NTC Vulkan. And weather reports, not a Periodic Table.
An Iranian threat actor exploits N-day vulnerabilities. CSC exposes subdomain hijacking vulnerabilities. More on the Discord Papers. An update on Russia’s NTC Vulkan. Joe Carrigan on the aftermath of a $98M online investment fraud. Our guest is Blake Sobczak from Synack , host of the podcast WE'RE IN! And threat actor nomenclature: a scorecard, and a Periodic Table no more. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/74 Selected reading. Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets (Microsoft Security) An Iranian hacking group went on the offensive against U.S. targets, Microsoft says (Washington Post) New CSC Research Finds One in Five DNS Records are Susceptible to Subdomain Hijacking Due to Insufficient Cyber Hygiene | CSC (CSC) DOD Assessing Document Disclosures and Implementing Mitigation Measures (U.S. Department of Defense) After leak, Pentagon purges some users' access to classified programs, launches security review (Breaking Defense) Why Did a 21-Year-Old Guardsman Have Access to State Secrets? (Vice) U.S. officials have examined whether alleged doc leaker had foreign links (POLITICO) The Air Force Loves War Gamers Like Alleged Leaker Teixeira (Military.com) FBI Investigating Ex-Navy Noncommissioned Officer Linked to Pro-Russia Social-Media Account (Wall Street Journal) Pentagon leak suggests Russia honing disinformation drive – report (the Guard
S7 E1803 · Mon, April 17, 2023
Developments in the Discord Papers, including notes on influencers and why they seek influence. Tax season scams. KillNet’s selling, but is anyone buying?
The alleged Discord Papers leaker has been charged. We look at how the Papers spread online. A life lived online as a security risk. US tax season scams, at the 11th filing hour. Caleb Barlow from Cylete on the layoffs in security that many thought would never happen. Maria Varmazis and Brandon Karpf share the launch of the new space podcast, T-Minus. And KillNet says it’s open for business. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/73 Selected reading. Inside the furious week-long scramble to hunt down a massive Pentagon leak (CNN Politics) Massachusetts Air National Guard’s Intelligence Mission in the Spotlight (New York Times) Leaker of U.S. secret documents worked on military base, friend says (Washington Post) WSJ News Exclusive | Social-Media Account Overseen by Former Navy Noncommissioned Officer Helped Spread Secrets (Wall Street Journal). A Russian Disinformation Empire in Oak Harbor, Washington (Malcontent News) Pro-Russia propagandist unmasked as New Jersey tropical fish seller (The Telegraph) Suspect charged in case involving leaked classified military documents (Washington Post) Jack Teixeira, suspect in Pentagon leaks, charged under Espionage Act (the Guardian) Leak suspect appears in court as US spells out its case (AP NEWS) Airman in Pentagon intel leak charged (Military Times) Airman charged in Pentagon intel leak regretted joining the military (Military Times) <a href="https://www.washingtonpost.com/national-security/2023/04/13/jack-teixeira-discord-documen
Bonus · Sun, April 16, 2023
Jack Chapman: Shielding against the bad guys. [Threat Intelligence] [Career Notes]
Jack Chapman, VP of Threat Intelligence at Egress sits down to share his story on how he found his way into the cybersecurity field as well as his journey creating a cybersecurity company that was successfully acquired. Jack previously co-founded anti-phishing company Aquilai and served as its Chief Technology Officer, working closely with the UK’s intelligence and cyber agency GCHQ to develop cutting-edge product capabilities. Aquilai was acquired by Egress in 2021. Now he is working with Egress as what he calls their "chief bad guy," helping to shield his team from threats. He says "I'm probably what you call a servant leader, my mission is to enable and shield my teams from things that will prevent them from succeeding in their missions, whatever that might look like." Jack hopes to be remembered for making a meaningful impact to help drive the field forward. We thank Jack for sharing his story with us.
Bonus · Sat, April 15, 2023
New Dero cryptojacking operation concentrates on locating Kubernetes. [Research Saturday]
Scott Fanning, Senior Director of Product Management, Cloud Security at CrowdStrike, sits down to talk about the first-ever Dero cryptojacking operation targeting Kubernetes infrastructure. The research defines Dero as "a cryptocurrency that claims to offer improved privacy, anonymity and higher and faster monetary rewards compared to Monero, which is a commonly used cryptocurrency in cryptojacking operations." CrowdStrike was the first organization to discover Dero, and has been observing the cryptojacking operation since the beginning of February 2023. The operation focuses mainly on locating Kubernetes clusters with anonymous access enabled on a Kubernetes API and listening on non-standard ports accessible from the internet. The research can be found here: CrowdStrike Discovers First-Ever Dero Cryptojacking Campaign Targeting Kubernetes
S7 E1802 · Fri, April 14, 2023
"Read the Manual" and the ransomware-as-a-service market. Bitter APT against energy companies. Cozy Bear sighting. Hacktivist auxiliaries hit Canadian targets. Aan arrest in the Discord Papers case.
"Read the Manual" and the ransomware-as-a-service market. Bitter APT may be targeting Asia-Pacific energy companies. A Cozy Bear sighting. Hacktivist auxiliaries hit Canadian targets. Deepen Desai of Zscaler describes job scams following tech layoffs. Our guest is Kelly Shortridge from Fastly with insights on the risks from bots. And there’s been an arrest in the Discord Papers case. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/71 Selected reading. Read The Manual Locker: A Private RaaS Provider (Trellix) Phishing Campaign Targets Chinese Nuclear Energy Industry (Intezer) Espionage campaign linked to Russian intelligence services (Baza wiedzy) Russian cyberspies hit NATO and EU organizations with new malware toolset (CSO Online) Pro-Russia hackers say they were behind Hydro-Quebec cyberattack (Montreal CTV News - 04-13-2023) Cyberattack knocks out website and mobile app for Quebec’s hydro utility (Toronto Star) F.B.I. Arrests National Guardsman in Leak of Classified Document (New York Times) DOD Calls Document Leak 'a Criminal Act' (U.S. Department of Defense)
S7 E1801 · Thu, April 13, 2023
Transparent Tribe seems to want people’s lab notes, and other stories of cyberespionage. The FBI warns of juicejacking. And the Discord leaker seems to have been a 20-something influencer.
Transparent Tribe expands its activity against India's education sector. A Lazarus sub-group is after defense sector targets. The FBI's Denver office warns of potential juicejacking. Legion: a Python-based credential harvester. The source of leaked US intelligence may be closer to identification. Johannes Ullrich from SANS explains upwork scams. Our guest is Charlie "Tuna" Moore of Vanderbilt University on the cyber lessons from Russia’s war on Ukraine. Canada responds to claims of Russian cyberattacks. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/71 Selected reading. Transparent Tribe (APT36) | Pakistan-Aligned Threat Actor Expands Interest in Indian Education Sector (SentinelOne) Following the Lazarus group by tracking DeathNote campaign (Securelist) DPRK threat actors target C3X and defense sector at large. (CyberWire) FBI office warns against using public phone charging stations at airports or malls, citing malware risk (CBS News) The FBI warns of juicejacking and other risks of public tech. (CyberWire) Legion: an AWS Credential Harvester and SMTP Hijacker (Cado Security) The Legion credential harvester. (CyberWire) Leaker of U.S. secret documents worked on military base, friend says (Washington Post) U.S. may change how it monitors the web after missing leaked documents for weeks (NBC News) Cyberattacks on Canada’s gas infrastructure left ‘no physical damage,’ Trudeau says (Global News) Russian attacks on Ukrainian infrastructure cause internet outages, cutting off a valuable wartime tool (CyberScoop) <a href="https://www.voanews.com/a/
S7 E1800 · Wed, April 12, 2023
Patch Tuesday notes. Cyber mercenaries described. Voice security and fraud. CISA’s update to its Zero Trust Maturity Model. Updates on Russia’s hybrid war against Ukraine.
Patch Tuesday update. Another commercial surveillance company is outed. Voice security and the challenge of fraud. CISA updates its Zero Trust Maturity Model. Effects of the US intelligence leaks. Our guest Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA, outlines CISA's role in the cybersecurity community. André Keartland of Netsurit makes the case for DevSecOps. Russian cyber auxiliaries believed responsible for disrupting the Canadian PM's website. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/70 Selected reading. Patch Tuesday overview. (CyberWire) DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia (Microsoft Threat Intelligence) Threat Report on the Surveillance-for-Hire Industry (Meta) Sweet QuaDreams: A First Look at Spyware Vendor QuaDream’s Exploits, Victims, and Customers (The Citizen Lab) Voice Intelligence and Security Report (Pindrop) CISA Releases updated Zero Trust Maturity Model (Cybersecurity and Infrastructure Security Agency) CISA Releases Zero Trust Maturity Model Version 2 (Cybersecurity and Infrastructure Security Agency CISA) A leak of files could be America’s worst intelligence breach in a decade (The Economist) Interagency Effort Assessing Impact of Leaked Documents, Strategizing Way Forward (U.S. Department of Defense) What we know about the Pentagon document leak (Axios) The ongoing scandal over leaked US intel documents, explained<
S7 E1799 · Tue, April 11, 2023
IAM trends. RagnarLocker as a critical infrastructure threat. AI hype as phishbait. Updates on the hybrid war: leaks and hacks.
Key trends in Identity Access Management. RagnarLocker and critical infrastructure. Cyber criminals capitalize on the AI hype. Updates on the leaked US classified documents, and speculation of whether Russian hackers compromised a Canadian gas pipeline. Ben Yelin describes a multimillion dollar settlement over biometric data. Microsoft’s Ann Johnson from Afternoon Cyber Tea talking about cyber paradigm shifts with Samir Kapuria. And a welcome to GCHQ's new boss. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/69 Selected reading. 4 key trends from the Gartner IAM Summit 2023 (Venture Beat) Threat Actor Spotlight: Ragnarlocker Ransomware (Sygnia) From Chatgpt To Redline Stealer: The Dark Side Of Openai And Google Bard (Veriti) Biden administration doesn't know extent of classified Pentagon document leak (CBS News) Ukraine ‘alters counter-offensive plans’ after Pentagon leak (The Telegraph) Ukraine had to change military plans because of US Pentagon leak, source says (CNN) Leaked Pentagon documents claim that hackers breached a Canadian gas network. Here’s what to know. (Washington Post) Pro-Russia Hackers Say They Breached Canadian Pipeline, but Experts Are Skeptical (Wall Street Journal) Leaked US intel: Russia operatives claimed new ties with UAE (AP NEWS) Egypt secretly planned to supply rockets to Russia, leaked U.S. document says (Washington Post) How the Latest Leaked Documents Are Different From Past Breaches (New York Times) <a href="https://www.washingtonpost.com/world/2023/04/10/reactions-pentagon-documents
S7 E1798 · Mon, April 10, 2023
A look at Iran’s MERCURY APT. Updates on Russia's hybrid war, including some apparent leaks and some apparent doxing. And notes on cloud security trends.
An Iranian APT MERCURY exploits known vulnerabilities. The US investigates apparent leaks of classified information about Russia's war against Ukraine. KillNet claims it has paralyzed NATO websites. More apparent doxing of the GRU. Britta Glade and Monica Koshgarian of RSA Conference talking about content curation. Grayson Milbourne from OpenText Cybersecurity hopes to remove shame from cyber attacks. And, finally, some notes on cloud security trends. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/68 Selected reading. MERCURY and DEV-1084: Destructive attack on hybrid environment (Microsoft Threat Intelligence) Leaked US battlefield intelligence on Ukraine is fake, says Kyiv (The Telegraph) Russia Claims Leaked Pentagon Intelligence on Ukraine is U.S. Disinformation (US News and World Report) Leaked US secret NATO-Ukraine war docs likely altered, say experts (SC Media) Ukraine’s air defences could soon run out of missiles, apparent Pentagon leak suggests (the Guardian) Russia nearly shot down British spy plane near Ukraine, leaked document says (Washington Post) Justice Dept. will investigate leak of classified Pentagon documents (Washington Post) US investigating whether Ukraine war documents were leaked (Military Times) U.S. Reviewing Online Appearance Of Sensitive Documents Related To Ukraine, Pentagon Says (RadioFreeEurope/RadioLiberty) WSJ News Exclusive | Pentagon Investigates More Social-Media Posts Purporting to Include Secret U.S. Documents (Wall Street Journal) <a href="https
Bonus · Sun, April 09, 2023
Karen Worstell: Keep your feet planted. [Strategy] [Career Notes]
Karen Worstell, Senior Cybersecurity Strategist from VMware sits down to share her journey and discusses her experience as a woman in cyber. Starting her career off as a chemist, after graduating with a bachelor's degree in chemistry and a bachelor's degree in molecular biology, she took some time off to be with her family, she came back to a science field that was far more advanced than before she had left. She decided to go in another direction which led her to cyber. She started teaching herself programming and found she was very good at it. Now that she works in cyber, she says "You, you have to know yourself, know what you want, and know where you're, know where you plant your feet. I used to use a phrase a lot that said, uh, don't be afraid to take a stand but know where your feet are planted." We thank Karen for sharing her story with us.
Bonus · Sat, April 08, 2023
A dark side to LLMs. [Research Saturday]
Sahar Abdelnabi from CISPA Helmholtz Center for Information Security sits down with Dave to discuss their work on "A Comprehensive Analysis of Novel Prompt Injection Threats to Application-Integrated Large Language Models." There is currently a large advance in the capabilities of Large Language Models or LLMs, as well as being integrated into many systems, including integrated development environments (IDEs) and search engines. The research states, "The functionalities of current LLMs can be modulated via natural language prompts, while their exact internal functionality remains implicit and unassessable." This could lead them to be susceptible to targeted adversarial prompting, as well as making them adaptable to even unseen tasks. Researchers demonstrated these said attacks to see if the LLMs needed new techniques for more defense. The research can be found here: More than you've asked for: A Comprehensive Analysis of Novel Prompt Injection Threats to Application-Integrated Large Language Models
S7 E1797 · Fri, April 07, 2023
Stopping Cobalt Strike abuse. Leaks are mingled with disinformation. Google offers advice for board members. Securing cars and their garages. CISA releases ICS advisories.
Preventing abuse of the Cobalt Strike pentesting tool. US investigates a leak of sensitive documents related to the war in Ukraine. Hacktivist activity continues. Google's advice for boards. Electronic lockpicks for electronic locks. Nexx security devices may have security flaws. Tesla employees reportedly shared images and videos from Teslas in the wild. Matt O'Neill from US Secret Service discussing investment crypto scams. Our guest is James Campbell of Cado Security on the challenges of a cloud transition. And CISA releases seven ICS advisories. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/67 Selected reading. Stopping cybercriminals from abusing security tools (Microsoft On the Issues) Microsoft leads effort to disrupt illicit use of Cobalt Strike, a dangerous hacking tool in the wrong hands (CyberScoop) Ukraine War Plans Leak Prompts Pentagon Investigation (New York Times) DDoS attacks rise as pro-Russia groups attack Finland, Israel (TechRepublic) Perspectives on Security for the Board (Google Cloud) Thieves Use CAN Injection Hack to Steal Cars (SecurityWeek) How thieves steal cars using vehicle CAN bus (Register) Own a Nexx “smart” alarm or garage door opener? Get rid of it, or regret it (Graham Cluley). Hack and enter! The “secure” garage doors that anyone can open from anywhere – what you need to know (Naked Security) Special Report: Tesla workers shared sensitive images recorded by customer cars (Reuters) CISA Releases Seven Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency CISA)
S7 E1796 · Thu, April 06, 2023
New phishing techniques. Arrests in the Genesis Market case. APT43’s Archipelago. Disinformation at the UN, and drop-shipping for Mother Russia.
New phishing techniques. Arrests in the Genesis Market case. APT43’s Archipelago. Russia's turn in the Security Council chair immediately becomes an occasion for disinformation. Our guest is Nick Tausek from Swimlane to discuss supply chain attack trends. Tim Starks from the Washington Post has the latest on the DOJ’s attempts to disrupt cyber crime. And, make robo-love, not robo-war: nuisance-level hacktivism in the interest of Ukraine. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/66 Selected reading. New Phishing Campaign Exploits YouTube Attribution Links, Cloudflare Captcha (Vade Security) Criminal Marketplace Disrupted in International Cyber Operation (U.S. Department of Justice) Takedown of notorious hacker marketplace selling your identity to criminals | Europol (Europol) Notorious criminal marketplace selling victim identities taken down in international operation (National Crime Agency) Check your hack (Politie) Carr Announces Investigation into Suspected Users of Genesis Dark Web Marketplace Following FBI Takedown of Illicit Site (Office of Attorney General of Georgia Chris Carr) U.S., European Police Shut Down Hacker Marketplace, Make 119 Arrests (Wall Street Journal) 120 Arrested as Cybercrime Website Genesis Market Seized by FBI (SecurityWeek) International cops put the squeeze on Genesis Market users (Register) FBI obtained detailed database exposing 60,000 users of the cybercrime bazaar Genesis Market (CyberScoop) Genesis Black Market Dismantled, But Experts Warn of Potential Vacuum (Nextgov.com) <a href="https
S7 E1795 · Wed, April 05, 2023
Genesis Market taken down. Proxyjackers exploit Log4j. Fast-encrypting Rorschach ransomware. More Killnet DDoS. Patch Zimbra now. Soft power and Russia’s hybrid war.
Genesis Market gets taken down. Proxyjackers exploit Log4j vulnerabilities. Fast-encrypting Rorschach ransomware uses DLL sideloading. Killnet attempts DDoS attacks against the German ministry. Carole Theriault ponders AI assisted cheating. Johannes Ullrich tracks malware injected in a popular tax filing website. Soft power and Russia’s hybrid war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/65 Selected reading. 'Operation Cookie Monster': International police action seizes dark web market (Reuters) Stolen credential warehouse Genesis Market seized by FBI (Register) FBI Seizes Bot Shop ‘Genesis Market’ Amid Arrests Targeting Operators, Suppliers (KrebsOnSecurity) Genesis Market, one of world’s largest platforms for cyber fraud, seized by police (Record) 'Operation Cookie Monster': FBI seizes popular cybercrime forum used for large-scale identity theft (CNN) Cybercrime marketplace Genesis Market shut by FBI, international law enforcement (CNBC) FBI seizes stolen credentials market Genesis in Operation Cookie Monster (BleepingComputer) Notorious Genesis Market cybercrime forum seized in international law enforcement operation (CyberScoop) Proxyjacking has Entered the Chat (Sysdig) Rorschach – A New Sophisticated and Fast Ransomware (Check Point Research) Russian hackers attack German ministry’s website (TVP World) Zimbra Flaw Exploited by Russia Against NATO Countries Added to CISA 'Must Patch' List (SecurityWeek) Zimbra
S7 E1794 · Tue, April 04, 2023
Cyber appeasement? Western Digital discloses cyberattack. Rilide malware is in active use. Mantis has new mandibles. Challenges of threat hunting. Small, medium, and large criminal enterprises.
Did "appeasement" embolden Russia's cyber operators? Western Digital discloses a cyberattack. Rilide is a new strain of malware in active use. The Mantis cyberespionage group uses new, robust tools and tactics. The challenges of threat hunting. Joe Carrigan has thoughts on public school systems making cyber security part of the curriculum. Our guest May Mitchell of Open Systems addresses closing the talent gap. And when it comes to criminal enterprise, size matters. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/64 Selected reading. Russia's shadow war: Vulkan files leak show how Putin's regime weaponises cyberspace (The Conversation) Russia's Invasion of Ukraine Heralds New Era of Warfare (VOA) West’s Cyber Appeasement Gave Putin Green Light: James Stavridis (Bloomberg Law) Western Digital Provides Information on Network Security Incident (Business Wire) Western Digital confirms breach, shuts down systems (Computing) Western Digital discloses network breach, My Cloud service down (BleepingComputer) WD says law enforcement probing breach of internal systems (Register) Western Digital investigating MyCloud data breach affecting Mac desktop drives (Macworld) Users fume after My Cloud network breach locks them out of their data (Ars Technica) Typhon Reborn V2: Updated stealer features enhanced anti-analysis and evasion capabilities (Cisco Talos Blog) Mantis: New Tooling Used in Attacks Against Palestinian Targets (Symantec) <a href="https://www.accesswire.com/747402/Insid
S7 E1793 · Mon, April 03, 2023
"Cylance" ransomware (no relation to Cylance). Update on the 3CX incident. The FSB's arrest of Evan Gershkovich. Ukrainian hacktivist social engineering in the hybrid war.
"Cylance" the ransomware (with no relation to Cylance, the security company). An update on the 3CX incident. The FSB's arrest of a Wall Street Journal reporter. Simone Petrella from N2K Networks unpacks 2023 cybersecurity training trends. Deepen Desai from Zscaler has the latest on cloud security. And Hacktivists claim to have tricked wives of Russian combat pilots into revealing personal information. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/63 Selected reading. "Cylance" ransomware (no relation to Cylance). (CyberWire Pro) New Cylance Ransomware Targets Linux and Windows, Warn Researchers (HackRead) New Cylance Ransomware strain emerges, experts speculate about its notorious members (IT PRO) More evidence links 3CX supply-chain attack to North Korean hacking group (Record) 3CX supply chain attack: the unanswered questions (Computing) 3CX Desktop App Compromised (CVE-2023-29059) (Fortinet Blog) Evan Gershkovich Loved Russia, the Country That Turned on Him (Wall Street Journal) The Ukrainian hoax that revealed the Russian pilots who bombed Mariupol theatre (The Telegraph) Ukrainian Hacktivists Trick Russian Military Wives for Personal Info (HackRead)
Bonus · Sun, April 02, 2023
Alon Jackson: Sometimes you feel like an octopus. [CEO] [Career Notes]
Alon Jackson, chief executive and Co-founder of Astrix Security, sits down to share his story to rising success. Before being on the vendor side of things, Jackson served in various strategic roles in the Cyber Security Division of the Israeli Military Intel Unit 8200 for more than 8 years, including leading the Cloud Security division and serving as the Head of the Cyber Security R&D Department. His experience in the military inspired him to learn more about the industry and jump to the private sector. Fast forward years later, he co-founded his company to help address security gaps seen in the industry. He mentions how being a start up CEO can be difficult sometimes, and how it may feel as though you're an octopus with all the multitasking that comes with the job. Alon says that one of his main goals as a contributor in this industry is making sure people remember him and his company for years to come, saying he wants to help by " building a company that people kind of know about, remember, and is important in the world." We thank Alon for sharing his story with us.
Bonus · Sat, April 01, 2023
Blackfly flies back again. [Research Saturday]
Dick O'Brien from Symantec’s Threat Hunter team discusses their research on "Blackfly - Espionage Group Targets Materials Technology." Researchers say the Blackfly espionage group (aka APT41), has been mounting attacks against Asian materials and composite organizations in attempts to steal intellectual property. This group has been known as one of the longest known Chinese advanced persistent threat (APT) groups since at least 2010. The research shares that "early attacks were distinguished by the use of the PlugX/Fast (Backdoor.Korplug), Winnti/Pasteboy (Backdoor.Winnti), and Shadowpad (Backdoor.Shadowpad) malware families." The research can be found here: Blackfly: Espionage Group Targets Materials Technology
S7 E1792 · Fri, March 31, 2023
A glimpse into Mr. Putin’s cyber war room. 3CXDesktopAppsupply chain risk. XSS flaw in Azure SFX can lead to remote code execution. AlienFox targets misconfigured servers.
The Vulkan papers offer a glimpse into Mr. Putin’s cyber war room. The 3CXDesktopApp vulnerability and supply chain risk. A cross site scripting flaw in Azure Service Fabric Explorer can lead to remote code execution. Rob Boyce from Accenture Security on threats toEV charging stations. Our guest is Steve Benton from Anomali Threat Research, sharing a ‘less is more’ approach to cybersecurity. And AlienFox targets misconfigured servers. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/62 Selected reading. A Look Inside Putin's Secret Plans for Cyber-Warfare (Spiegel) Secret trove offers rare look into Russian cyberwar ambitions (Washington Post) 7 takeaways from the Vulkan Files investigation (Washington Post) ‘Vulkan files’ leak reveals Putin’s global and domestic cyberwarfare tactics (the Guardian) Contracts Identify Cyber Operations Projects from Russian Company NTC Vulkan (Mandiant) 3CX DesktopApp Security Alert - Mandiant Appointed to Investigate (3CX) Information on Attacks Involving 3CX Desktop App (Trend Micro) 3CX Confirms Supply Chain Attack as Researchers Uncover Mac Component (SecurityWeek) There’s a new supply chain attack targeting customers of a phone system with 12 million users (TechCrunch) Super FabriXss: From XSS to an RCE in Azure Service Fabric Explorer by Abusing an Event Tab Cluster Toggle (CVE-2023-23383) (Orca Security) Dissecting AlienFox | The Cloud Spammer’s Swiss Army Knife (SentinelOne)
S7 E1791 · Thu, March 30, 2023
A major supply chain attack is underway. Ms Connor, call your office. Combosquatting. False positives fixed. Tanks don’t work, so Russia tries more cyber. And, sadly. some official hostage-taking.
The 3CXDesktopApp is under exploitation in a supply chain campaign. An open letter asks for a pause in advanced AI development. All your grammar and usage are belong us. Combosquatting might fool even the wary. Defender had flagged Zoom and other safe sites as dangerous. Recognizing the importance of OSINT. Matt O'Neill from US Secret Service discussing his agency’s cybersecurity mission. Our guest is Ping Li from Signifydwith a look at online fraud. And the FSB arrests a US journalist. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/61 Selected reading. 3CX DesktopApp Security Alert (3CX) Supply Chain Attack Against 3CXDesktopApp (CISA) Pause Giant AI Experiments: An Open Letter (Future of Life Institute) In Sudden Alarm, Tech Doyens Call for a Pause on ChatGPT (WIRED AI chatbots making it harder to spot phishing emails, say experts (the Guardian) The Most Common Combosquatting Keyword Is “Support” (Akamai) False positives in Microsoft Defender. (CyberWire) Exploitation is a Dish Best Served Cold: Winter Vivern Uses Known Zimbra Vulnerability to Target Webmail Portals of NATO-Aligned Governments in Europe (Proofpoint) ESET Research Podcast: A year of fighting rockets, soldiers, and wipers in Ukraine (WeLiveSecurity) Russia Ramping Up Cyberattacks Against Ukraine (VOA) A new age of spying gives Kyiv the upper hand (The Telegraph) Russia arrests Wall Street Journal reporter on spying charge (AP NEWS) <a href="https://www.nytimes.com/2023/03/30/world/europe/russia-wsj-reporter-detained-ger
S7 E1790 · Wed, March 29, 2023
Traffers and the threat to credentials. WiFi protocol flaw. Cross-chain bridge attacks. A shift in Russian cyber operations. Piracy is patriotic.
Traffers and the threat to credentials. A newly discovered WiFi protocol flaw. Cross-chain bridge attacks. A shift in Russian cyber operations. Ann Johnson from Afternoon Cyber Tea chats with EY principal Adam Malone. Our guest is Toni Buhrke from Mimecast with a look at the State of Email Security. And is piracy patriotic? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/60 Selected reading. Traffers and the growing threat against credentials (Outpost24 blog) WiFi protocol flaw allows attackers to hijack network traffic (BleepingComputer) Cross-chain bridge attacks. (CyberWire) 2023 Annual State of Email Security Report (Cofense) From Ukraine to the whole of Europe:cyber conflict reaches a turning point (Thales Group) Russia Ramps Up Cyberattacks On Ukraine Allies: Analysts (Barron's) Pro-Russian hackers shift focus from Ukraine to EU countries (Radio Sweden) Russian hackers attack Slovak governmental websites after country supplies Mig-29s to Ukraine (Ukrainska Pravda) Ukraine's Defense Ministry says Russia is encouraging online piracy (The Jerusalem Post)
S7 E1789 · Tue, March 28, 2023
Twitter looks for a leaker. Insider risks. The state of resilience. Russian auxiliaries briefly disrupt a French National Assembly website. Cyber trends in the hybrid war. DPRK hacking, as it is.
Twitter gets a subpoena for a source-code leaker’s information. The insider risk to data. Russian hacktivist auxiliaries target the French National Assembly. Recent trends in cyberattacks sustained by Ukraine. Ben Yelin unpacks the White House executive order on spyware. Mr. Security Answer Person John Pescatore ponders the permanence of ransomware. And Cyberespionage and cybercrime in the interest of Pyongyang’s weapons programs. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/59 Selected reading. GitHub Suspends Repository Containing Leaked Twitter Source Code (SecurityWeek) Twitter takes down source code leaked online, hunts for downloaders (BleepingComputer) Annual Data Exposure Report 2023 (Code 42) Russian Hackers Target French National Assembly Website (Privacy Affairs) Pro-Russian Hacktivists: A Reaction to a Western Response to a Russian Aggression (Radware Blog) Ukraine at D+397: Cyberespionage and battlespace preparation. (CyberWire) APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations (Mandiant)
S7 E1788 · Mon, March 27, 2023
Evolution of criminal scams (especially BEC). Law enforcement honeypots. ChatGPT data leak. Hybrid war updates.
IcedID is evolving away from its banking malware roots. An Emotet phishing campaign spoofs IRS W9s. The FBI warns of BEC scams. A Fake booter service as a law enforcement honeypot. Phishing in China's nuclear energy sector. Reports of an OpenAI and a ChatGPT data leak. Does Iran receive Russian support in cyberattacks against Albania? My conversation with Linda Gray Martin and Britta Glade from RSAC with a preview of this year's conference. Our own Rick Howard takes a field trip to the National Cryptologic Museum. And De-anonymizing Telegram. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/58 Selected reading. Fork in the Ice: The New Era of IcedID (Proofpoint) Emotet malware distributed as fake W-9 tax forms from the IRS (BleepingComputer) Internet Crime Complaint Center (IC3) | Business Email Compromise Tactics Used to Facilitate the Acquisition of Commodities and Defrauding Vendors (IC3) Phishing Campaign Targets Chinese Nuclear Energy Industry (Intezer) 'Bitter' espionage hackers target Chinese nuclear energy orgs (BleepingComputer) UK Sets Up Fake DDoS-for-Hire Sites to Trap Hackers (PCMag Middle East) UK National Crime Agency reveals it ran fake DDoS-for-hire sites to collect users’ data (Record) OpenAI: ChatGPT payment data leak caused by open-source bug (BleepingComputer) OpenAI says a bug leaked sensitive ChatGPT user data (Engadget) March 20 ChatGPT outage: Here’s what happened (OpenAI) How Albania Became a Target for Cyberattacks (Foreign Policy) Russia’s Rostec allegedly can de-anonymize Telegram users (BleepingComputer)
Bonus · Mon, March 27, 2023
An introduction to the National Cryptologic Museum. [Special Edition]
Rick Howard, N2K’s CSO and The CyberWire’s Chief Analyst and Senior Fellow, sits down with Director of the National Cryptologic Museum, Dr. Vince Houghton. The National Cryptologic Museum is the NSA's affiliated museum sharing the nation's best cryptologic secrets with the public. In this special episode, Rick interviews Dr. Houghton from within the walls of the National Cryptologic Museum, discussing the new and improved museum along with the new exhibits they uncovered during the pandemic.
Bonus · Sun, March 26, 2023
Two viewpoints on the National Cybersecurity Strategy. [Special Edition]
Earlier this month, the White House released the National Cybersecurity Strategy, the first issued since 2018. The strategy refocuses roles, responsibilities, and resource allocations in the digital ecosystem, with a five pillar approach. Those pillars are: defending critical infrastructure, disrupting threat actors, shaping market forces to drive security and resilience, investing in a resilient future, and forging international partnerships. We wanted to delve into the strategy and its intended effects further, so Dave Bittner spoke with representatives from industry and inside government. Dave first speaks with Adam Isles , Principal and Head of Cybersecurity Practice at The Chertoff Group, sharing industry's take on the strategy. Following that conversation, Dave had a discussion with Steve Kelly , Special Assistant to the President and Senior Director for Cybersecurity and Emerging Technology at the National Security Council, for a look at the strategy from inside the White House. Links to resources: Point of View: 2023 National Cybersecurity Strategy The Chertoff Group's blog National Cybersecurity Strategy 2023
Bonus · Sun, March 26, 2023
Tanya Janca: Find a community who supports you. [CEO] [Career Notes]
Tanya Janca, CEO and Founder of We Hack Purple, sits down to talk about her exciting path into the field of cybersecurity. Trying several different paths in high school, she soon found she was good at computer science. When it came to picking a college, she knew that was the field she wanted to get into. After college, she was able to use her skills to work at a couple of different organizations, eventually getting into the Canadian government. While there, she held the position of CISO for the Canadian election in 2015 when Justin Trudeau was elected, but she knew she wanted to try something new. She switched from programming to security and after working at Microsoft as a presenter, she eventually found that she wanted to start her own company, saying "at first it was just me presenting, but now we have community members present to each other and it's just been really beautiful to see that grow." She hopes that with her and her community's help, nobody is left feeling unsafe when it comes to being online.
S7 E274 · Sat, March 25, 2023
Popunders are not the good kind of ads. [Research Saturday]
On this episode, Jérôme Segura, senior threat researcher at Malwarebytes, shares his team's work, "WordPress sites backdoored with ad fraud plugin." WordPress is an immensely popular content management system (CMS) powering over 43% of all websites. Many webmasters will monetize their sites by running ads and need to draw particular attention to search engine optimization (SEO) techniques to maximize their revenues. The Malwarebytes team discovered a few dozen WordPress blogs using the same plugin that mimics human activity by automatically scrolling a page and following links within it, all the while a number of ads were being loaded and refreshed. The blogs would only exhibit this invalid traffic behavior when launched from a specific URL created by this plugin, otherwise they appeared completely legitimate. The research can be found here: WordPress sites backdoored with ad fraud plugin
S7 E1787 · Fri, March 24, 2023
Tools, alerts, and advisories from CISA. Reply phishing scams. Cl0p goes everywhere with GoAnywhere. EW in the hybrid war, and shields stay up.
A CISA tool helps secure Microsoft clouds.JCDC and pre-ransomware notification. CISA releases six ICS advisories. Reply phishing. Cl0p goes everywhere exploiting GoAnywhere. Russian electronic warfare units show the ability to locate Starlink terminals. Betsy Carmelite from Booz Allen Hamilton on the DoD's zero trust journey. Analysis of the National Cybersecurity strategy from our special guests, Adam Isles, Principal at the Chertoff Group and Steve Kelly, Special Assistant to the President and Senior Director for Cybersecurity and Emerging Technology with the National Security Council. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/57 Selected reading. JCDC Cultivates Pre-Ransomware Notification Capability (Cybersecurity and Infrastructure Security Agency CISA) US cyber officials make urgent push to warn businesses about vulnerabilities to hackers (CNN) Untitled Goose Tool Aids Hunt and Incident Response in Azure, Azure Active Directory, and Microsoft 365 Environments | CISA (Cybersecurity and Infrastructure Security Agency CISA) New CISA tool detects hacking activity in Microsoft cloud services (BleepingComputer) CISA Releases Six Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency CISA) The Microsoft Reply Attack (Avanan) More victims emerge from Fortra GoAnywhere zero-day attacks (Security | More Clop GoAnywhere attack victims emerge (SC Media) Mass-Ransomware Attack on GoAnywhere File Transfer Tool Exposes Companies Worldwide (Medium) City of Toronto confirms data theft, Clop claims responsibility (BleepingComputer) <
S7 E1786 · Thu, March 23, 2023
Pyongyang’s intelligence services have been busy in cyberspace. Hacktivists exaggerate the effects of their attacks on OT. Ghostwriter is back. A twice-told tale: ineffective cyberwar campaigns.
DPRK threat actor Kimsuky uses a Chrome extension to exfiltrate emails, while ScarCruft prospects South Korean organizations. Hacktivists' claims of attacks on OT networks may be overstated. Ghostwriter remains active in social engineering attempts to target Ukrainian refugees. Joe Carrigan has cyber crime by the numbers. Our guest is Christian Sorensen from SightGain with analysis of the cyber effects of Russia’s war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/56 Selected reading. North Korean hackers using Chrome extensions to steal Gmail emails (BleepingComputer) Joint Cyber Security Advisory (Korean) (BundesamtfuerVerfassungsschutz) North Korean APT group ‘Kimsuky’ targeting experts with new spearphishing campaign (Record) ScarCruft's Evolving Arsenal: Researchers Reveal New Malware Distribution Techniques (The Hacker News) The Unintentional Leak: A glimpse into the attack vectors of APT37 (Zscaler) CHM Malware Disguised as Security Email from a Korean Financial Company: Redeyes (Scarcruft) (ASEC BLOG) A Propaganda Group is Using Fake Emails to Target Ukrainian Refugees (Bloomberg) We (Did!) Start the Fire: Hacktivists Increasingly Claim Targeting of OT Systems | Mandiant (Mandiant) Fact or fiction, hacktivists' claims of industrial sabotage in Russia or Ukraine get attention online (CyberScoop) The 5×5—Conflict in Ukraine's information environment (Atlantic Council) How the Russia-Ukraine conflict has impacted cyber-warfare (teiss) CommonMagic APT gang attacking orga
S7 E1785 · Wed, March 22, 2023
Detecting sandbox emulations. VEC supply chain attacks. Updates from the hybrid war. CISA and NSA offer IAM guidance. Other CISA advisories. Baphomet gets cold feet after all.
Malware could detect sandbox emulations. A VEC supply chain attack. A new APT is active in Russian-occupied sections of Ukraine. An alleged Russian patriot claims responsibility for the D.C. Health Link attack. CISA and NSA offer guidance on identity and access management (IAM). Tim Starks from the Washington Post has analysis on the BreachForums takedown. Our guest is Ryan Heidorn from C3 Integrated Solutions with a look at the CMMC compliance timeline. And Baphomet backs out. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/55 Selected reading. ZenGo uncovers security vulnerabilities in popular Web3 Transaction Simulation solutions: The red pill attack (ZenGo) Stopping a $36 Million Vendor Fraud Attack (Abnormal Intelligence) Bad magic: new APT found in the area of Russo-Ukrainian conflict (Securelist) Unknown actors target orgs in Russia-occupied Ukraine (Register) New 'Bad Magic' Cyber Threat Disrupt Ukraine's Key Sectors Amid War (The Hacker News) Partisan suspects turn on the cyber-magic in Ukraine (Cybernews) Hacker tied to D.C. Health Link breach says attack 'born out of Russian patriotism' (CyberScoop) CISA and NSA Release Enduring Security Framework Guidance on Identity and Access Management | CISA (Cybersecurity and Infrastructure Security Agency CISA) ESF Partners, NSA, and CISA Release Identity and Access Management Recommended Best Practi (National Security Agency/Central Security Service) Identity and Access Management: Recommended Best Practices for Administrators (NSA and CISA) <a href="https://www.cisa.gov/news-events/alerts/2023/03/21/cisa-releases-updated-cybersecurity-performance-
S7 E1784 · Tue, March 21, 2023
Threat group with novel malware operates in SE Asia. Data theft extortion rises. Key findings of Cisco's Cybersecurity Readiness Index. iPhones no longer welcome in Kremlin. Russian cyber auxiliaries & privateers devote increased attention to healthcare.
Threat group with novel malware operates in Southeast Asia. Data theft extortion on the rise. Key findings of Cisco's Cybersecurity Readiness Index. iPhones are no longer welcome in the Kremlin. Russian cyber auxiliaries and privateers devote increased attention to the healthcare sector. Chris Eng from Veracode shares findings of their Annual Report on the State of Application Security. Johannes Ullrich from SANS Institute discusses scams after the failure of Silicon Valley Bank. And BreachForums seems to be under new management. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/54 Selected reading. NAPLISTENER: more bad dreams from developers of SIESTAGRAPH (Elastic Blog) Unit 42 Ransomware and Extortion Report Highlights: Multi-Extortion Tactics Continue to Rise (Palo Alto Network) Ransomware and extortion trends. (CyberWire) Cisco Cybersecurity Readiness Index (Cisco) A look at resilience: companies' ability to fight off cyberattacks. (CyberWire) Putin to staffers: throw out your iPhones over security (Register) Black Basta, Killnet, LockBit groups targeting healthcare in force (SC Media) After BreachForums arrest, new site administrator says the platform will live on (Record)
S7 E1783 · Mon, March 20, 2023
Cl0p ransomware at Hitachi Energy. Alleged TikTok surveillance of journalists. Hacktivist auxiliary hits Indian healthcare records. Cyberattack on Latitude: update. BreachForums arrest.
Cl0p ransomware hits Hitachi Energy. The US Department of Justice investigates ByteDance in alleged surveillance of journalists. A Hacktivist auxiliary hits Indian healthcare records. Pirated software is used to carry malware. The Effects of cyberattack on Latitude persist. Adam Meyers from CrowdStrike shares findings from the 2023 CrowdStrike Global Threat Report. Rick Howard has the latest preview of CSO Perspectives. And Pompompurin is arrested for an alleged role in BreachForums. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/53 Selected reading. Hitachi Energy confirms data breach after Clop GoAnywhere attacks (BleepingComputer) Hitachi Energy Group hit by cyber-attack, says network operations not compromised (cnbctv18.com) Justice Department Probes TikTok’s Tracking of U.S. Journalists (Wall Street Journal) The FBI And DOJ Are Investigating ByteDance’s Use Of TikTok To Spy On Journalists (Forbes) KillNet and affiliate hacktivist groups targeting healthcare with DDoS attacks (Azure Network Security Team) Pro-Russia hackers are increasingly targeting hospitals, researchers warns (Record) Russian hacktivist group targets India’s health ministry (CSO Online) Russian Hacktivist group Phoenix targets India’s Health Ministry Website (Threat Intelligence | CloudSEK) Ukraine warns that hacked software can be infected with Russian viruses (Kyiv Independent) Russian hackers spread infected software through torrents (SSSCIP) <a href="https://www.reuters.com/technology/australias-latitude-takes-systems-offline-federal-police-investigate-cyberattack-2023-03-20
Bonus · Sun, March 19, 2023
Kathleen Smith: Translating the cyber world. [CMO] [Career Notes]
Kathleen Smith, CMO from ClearedJobs.Net, sits down to share her story as she remembers having big shoes to fill in her childhood. She strived for greatness at an early age, as her parents told her she would be going to college and would follow strong guidelines to become successful. Kathleen can remember being into the hard sciences when she was in school, which sparked an interest in becoming a biochemist and law student. Eventually she found her passion as a translator, saying that "doing the translator role, I wanted to get into international marketing and I was going on to get my degree on that." She found her way to ClearedJobs.Net and fell in love with it. She had sought to find a workplace that wouldn't burn her out, where she can also be a part of the team. Kathleen found what she was passionate about and made it a reality for herself, and now she just wants young women starting in the field to know the importance of finding something they are passionate about. We thank Kathleen for sharing her story.
S2 E45 · Sat, March 18, 2023
CISA Alert AA23-075A – #StopRansomware: LockBit 3.0.
CISA, FBI, and the Multi-State Information Sharing and Analysis Center are releasing this joint advisory to share known LockBit 3.0 ransomware IOCs and TTPs identified through FBI investigations as recently as March 2023. AA23-075A Alert, Technical Details, and Mitigations Stopransomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts. Resource to mitigate a ransomware attack: CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide . No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment . See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening MSP and customer infrastructure. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov , or call (888) 282-0870, or report incidents to your local FBI field office.
Bonus · Sat, March 18, 2023
ChatGPT grants malicious wishes? [Research Saturday]
Bar Block, Threat Intelligence Researcher at Deep Instinct, joins Dave to discuss their work on "ChatGPT and Malware - Making Your Malicious Wishes Come True." Deep Instinct goes into depth on just how dangerous ChatGPT can be in the wrong hands as well as how artificial intelligence is better at creating malware than providing ways to detect it. Researchers go on to explain how the AI app can be used in the wrong hands saying "Examples of malicious content created by the AI tool, such as phishing messages, information stealers, and encryption software, have all been shared online." The research can be found here: ChatGPT and Malware: Making Your Malicious Wishes Come True
S7 E1782 · Fri, March 17, 2023
Some movement in the cyber underworld. Vishing impersonates the US Social Security Administration. More SVB-themed phishing. And compromise without user interaction.
BianLian gang’s pivot. HinataBot is a Go-based threat. The US Social Security Administration is impersonated in attempted vishing attacks. BlackSnake in the RaaS criminal market. More Silicon Valley Bank-themed phishing. Caleb Barlow from Cylete on security implications you need to consider now about Chat GPT. Our guest is Isaac Roth from LeakSignal with advice on securing the microservices application layer. And Russian operators exploit an Outlook vulnerability. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/52 Selected reading. BianLian Ransomware Gang Continues to Evolve ([redacted]) Uncovering HinataBot: A Deep Dive into a Go-Based Threat (Akamai) Social InSecurity: Armorblox Stops Attack Impersonating Social Security Administration (Armorblox) Netskope Threat Coverage: BlackSnake Ransomware (Netskope) Fresh Phish: Silicon Valley Bank Phishing Scams in High Gear (INKY) Outlook zero day linked to critical infrastructure attacks (Cybersecurity Dive) CVE-2023-23397: Exploitations in the Wild – What You Need to Know (Deep Instinct) Everything We Know About CVE-2023-23397 (Huntress) Microsoft Mitigates Outlook Elevation of Privilege Vulnerability (Microsoft Security Response Center)
S7 E1781 · Thu, March 16, 2023
CISA warns of Telerik vulnerability exploitation. Cloud storage re-up attacks. Phishing tackle so convincing it will deceive the many. Cyber developments in Russia's hybrid war.
Telerik exploited, for carding (probably) and other purposes. Cloud storage re-up attacks. Cybercriminals use new measures to avoid detection of phishing campaigns. "Winter Vivern" seems aligned with Russian objectives. Microsoft warns of a possible surge in Russian cyber operations. Boss Sandworm. Johannes Ullrich from SANS talking about malware spread through Google Ads. Our guest is David Anteliz from Skybox Security with thoughts on federal government cybersecurity directives. And don't fear the Reaper. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/51 Selected reading. Threat Actors Exploited Progress Telerik Vulnerability in U.S. Government IIS Server (Cybersecurity and Infrastructure Security Agency CISA) Threat Actors Exploit Progress Telerik Vulnerability in U.S. Government IIS Server | CISA (Cybersecurity and Infrastructure Security Agency CISA) CISA: Federal civilian agency hacked by nation-state and criminal hacking groups (CyberScoop) US govt web server attacked by 'multiple' criminal gangs (Register) The Cloud Storage Re-Up Attack (Avanan) Threat Spotlight: 3 novel phishing tactics (Barracuda) Winter Vivern | Uncovering a Wave of Global Espionage (SentinelOne) Is Russia regrouping for renewed cyberwar? (Microsoft On the Issues) A year of Russian hybrid warfare in Ukraine (Microsoft Threat Intelligence) Russian hackers preparing new cyber assault against Ukraine - Microsoft report (Reuters) Microsoft Warns Russia May Plan More Ransomware Attacks Beyond Ukraine (Bloomberg) <a href="https://www.wired.com/story/russia-gru-sandworm-serebria
S2 E44 · Thu, March 16, 2023
CISA Alert AA23-074A – Threat actors exploit progress telerik vulnerability in U.S. government IIS server. [CISA Cybersecurity Alerts]
CISA, FBI, and the Multi-State Information Sharing and Analysis Center are releasing this joint Cybersecurity Advisory to provide IT infrastructure defenders with TTPs, IOCs, and methods to detect and protect against recent exploitation against Microsoft Internet Information Services web servers. AA23-074A Alert, Technical Details, and Mitigations AA23-074A STIX XML MAR-10413062-1.v1 Telerik Vulnerability in U.S. Government IIS Server Telerik: Exploiting .NET JavaScriptSerializer Deserialization (CVE-2019-18935) ACSC Advisory 2020-004 Bishop Fox CVE-2019-18935: Remote Code Execution via Insecure Deserialization in Telerik UI Volexity Threat Research: XE Group GitHub: Proof-of-Concept Exploit for CVE-2019-18935 Microsoft: Configure Logging in IIS GitHub: CVE-2019-18935 No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment . See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening MSP and customer infrastructure. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at <a href="mailto:report@cis
S7 E1780 · Wed, March 15, 2023
Patch Tuesday notes. SVB's and the cybersecurity sector. SVR's APT29 is phishing for access to information. Trends in the Russo-Ukraine cyberwar. LockBit counts coup (says LockBit).
Patch Tuesday notes. Silicon Valley Bank's collapse and its effects on the cybersecurity sector. SVR's APT29 used a Polish state visit to the US as phishbait. Regularizing hacktivist auxiliaries. Our guest is Crane Hassold from Abnormal Security with a look at threats to email. Grayson Milbourne from OpenText Cybersecurity addresses chaos within the supply chain. And LockBit claims to have compromised an aerospace supply chain. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/50 Selected reading. March 2023 Patch Tuesday: Updates and Analysis (CrowdStrike) Microsoft Releases March 2023 Security Updates (Cybersecurity and Infrastructure Security Agency CISA) Adobe Releases Security Updates for Multiple Products (Cybersecurity and Infrastructure Security Agency CISA) Mozilla Releases Security Updates for Firefox 111 and Firefox ESR 102.9 (Cybersecurity and Infrastructure Security Agency CISA) SAP Security Patch Day for March 2023 (Onapsis) March Patch Tuesday review. (CyberWire) What the collapse of Silicon Valley Bank means for cyber and the tech startup ecosystem. (CyberWire) NOBELIUM Uses Poland's Ambassador’s Visit to the U.S. to Target EU Governments Assisting Ukraine (BlackBerry) Ukraine Tracks Increased Russian Focus on Cyberespionage (Bank Info Security) Ukraine scrambles to draft cyber law, legalizing its volunteer hacker army (Newsweek) Ransomware Group Claims Theft of Valuable SpaceX Data From Contractor (SecurityWeek)
S7 E1779 · Tue, March 14, 2023
Silicon Valley Bank as phishbait. An “attack superhighway.” Unauthorized software in the workplace. YoroTrooper, a new cyberespionage threat actor. Hacktivists game, too. How crime pays.
Expect phishing, BEC scams, and other social engineering to use Silicon Valley Bank lures. An "attack superhighway." Unauthorized software in the workplace. A new cyberespionage group emerges. Squad up (but not IRL). Ben Yelin unpacks the FBI director’s recent admission of purchasing location data. Ann Johnson from Afternoon Cyber Tea speaks with Jason Barnett from HCA Healthcare about cyber resilience. And, not that you’d consider a life of crime, but what are the gangs paying cyber criminals, nowadays? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/49 Selected reading. SVB's collapse and the potential for fraud. (CyberWire) State-of-the-Internet: malicious DNS traffic. (CyberWire) Unauthorized software in the workplace. (CyberWire) Talos uncovers espionage campaigns targeting CIS countries, including embassies and EU health care agency (Cisco Talos Blog) STALKER 2 game developer hacked by Russian hacktivists, data stolen (BleepingComputer) GSC Game World suffers Stalker 2 leak after latest cyber attack (GamesIndustry.biz) Threat Groups Offer $240k Salary to Tech Jobseekers (Security Intelligence)
S7 E1778 · Mon, March 13, 2023
Coping with Silicon Valley Bank's collapse. BatLoader's abuse of Google Search Ads. More on Emotet’s re-emergence. Medusa rising. NetWire collared. More-or-less quiet on the cyber front.
Coping with Silicon Valley Bank's collapse. BatLoader's abusing Google Search Ads. More on Emotet’s re-emergence. Reflections on Medusa rising. An international law enforcement action against NetWire. Rob Shapland from Falanx Cyber on ethical hacking and red teaming. Bryan Ware from LookingGlass looks at exploited vulnerabilities in the US financial sector. And in Ukraine, it’s more-or-less quiet on the cyber front (but in Estonia and Georgia, not so much). For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/48 Selected reading. One of Silicon Valley's top banks fails; assets are seized (AP NEWS) US, UK try to stem fallout from Silicon Valley Bank collapse (AP NEWS) In abrupt reversal, regulators to cover Silicon Valley Bank, Signature uninsured deposits (American Banker) Silicon Valley Bank collapse will not trigger new financial crisis, insists Sunak (The Telegraph) ‘Banking system is safe’: Joe Biden reassures markets in address on Silicon Valley Bank collapse – live updates (the Guardian) BatLoader Continues to Abuse Google Search Ads to Deliver Vidar Stealer and Ursnif (eSentire) BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads (The Hacker News) Emotet Again! The First Malspam Wave of 2023 (Deep Instinct) Emotet attempts to sell access after infiltrating high-value networks (SC Media) Medusa ransomware gang picks up steam as it targets companies worldwide (BleepingComputer) Alleged seller of NetWire RAT arrested in Croatia (Help Net Security) FBI and international cops catch a
Bonus · Sun, March 12, 2023
Bat El Azerad: Find your niche to bring to the table. [CEO] [Career Notes]
Bat El Azerad, CEO and Co-founder of mobile phishing protection company novoShield, shares her personal account of her experience as a female leader in the cybersecurity field as well as some insights into how far the industry has come and where it is headed in terms of the gender gap. Bat El speaks about how she grew into her role of becoming a CEO, by sharing where she started and how she got involved with novoShield. She share's that being a woman in this industry can be tough and so she shares some advice, saying "so you have to be very focused and to find the right niche to bring something to the table because the competition in this industry and the level of innovation, um, is, is great." Bat El hopes that throughout her time in the industry she hopes people remember her for her vision, and the mission she is helping to create and maintain at her company. We thank Bat El for sharing her story.
Bonus · Sat, March 11, 2023
Files stolen from a sneaky SymStealer. [Research Saturday]
Ron Masas of Imperva discusses their work, the "Google Chrome “SymStealer” Vulnerability. How to Protect Your Files from Being Stolen." By reviewing the ways the browser handles file systems, specifically searching for common vulnerabilities relating to how browsers process symlinks, the Imperva Red Team discovered that when files are dropped onto a file input, it’s handled differently. Dubbing it as CVE-2022-40764, researchers found a vulnerability that "allowed for the theft of sensitive files, such as crypto wallets and cloud provider credentials." In result, over 2.5 billion users of Google Chrome and Chromium-based browsers were affected. The research can be found here: Google Chrome “SymStealer” Vulnerability: How to Protect Your Files from Being Stolen
S7 E1777 · Fri, March 10, 2023
Cybercrime and cyberespionage: IceFire, DUCKTAIL, LIGHTSHOW, Remcsos, and a tarot card reader. US cyber budgets, strategy, and a DoD cyber workforce approach. Five new ICS advisories.
New IceFire version is out. A DUCKTAIL tale. Social engineering by Tehran. DPRK's LIGHTSHOW cyberespionage. The President's Budget and cybersecurity. The US Department of Defense issues its cyber workforce strategy. Remcos surfaces in attacks against Ukrainian government agencies. DDoS at a Ukrainian radio station. Dave Bittner sits down with Beth Robinson of Bishop Fox to share their 2023 Offensive Security Resolutions. Caleb Barlow from Cylete on the security implications of gigapixel images. And CISA releases five ICS advisories. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/47 Selected reading. IceFire Ransomware Returns | Now Targeting Linux Enterprise Networks (SentinelOne) DUCKTAIL: Threat Operation Re-emerges with New LNK, PowerShell, and Other Custom Tactics to Avoid Detection (Deep Instinct) Iran-linked hackers used fake Atlantic Council-affiliated persona to target human rights researchers (CyberScoop) Iranian APT Targets Female Activists With Mahsa Amini Protest Lures (Dark Reading). Iran threat group going after female activists, analyst warns (Cybernews) Stealing the LIGHTSHOW (Part One) — North Korea's UNC2970 (Mandiant) Stealing the LIGHTSHOW (Part Two) — LIGHTSHIFT and LIGHTSHOW (Mandiant) Cybersecurity in the US President's Budget for Fiscal Year 2024. (CyberWire) Biden’s budget proposal underscores cybersecurity priorities (Washington Post) Biden Budget Proposal: $200M for TMF, CISA With 4.9% Budget Boost (Meritalk) Cybersecurity Poised for Spending Boost in Biden Budget (Gov Info Security)
S7 E1776 · Thu, March 09, 2023
PlugX is now wormable. Compromised webcams found. Emotet is back. AI builds a keylogger. Cyber in the hybrid war. BEC comes to productivity suites.
A wormable version of the PlugX USB malware is found. Compromised webcams as a security threat. Emotet botnet out of hibernation. Proof-of-concept: AI used to generate polymorphic keylogger. Turning to alternatives as conventional tactics fail. Dave Bittner speaks with Eve Maler of ForgeRock to discuss how digital identity can help create a more secure connected car experience. Johannes Ullrich from SANS on configuring a proper time server infrastructure. And Phishing messages via legitimate Google notifications. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/46 Selected reading. A border-hopping PlugX USB worm takes its act on the road (Sophos News) BitSight identifies thousands of global organizations using insecure webcams and other IoT devices, finding many susceptible to eavesdropping (BitSight) Emotet malware attacks return after three-month break (BleepingComputer) BlackMamba: Using AI to Generate Polymorphic Malware (HYAS) Russian Cyberwar in Ukraine Stumbles Just Like Conventional One (Bloomberg) Australian official demands Russia bring criminal hackers ‘to heel’ (The Record by Recorded Future) Russia will have to rely on nukes, cyberattacks, and China since its military is being thrashed in Ukraine, US intel director says (Business Insider) BEC 3.0 - Legitimate Sites for Illegitimate Purposes (Avanan)
S7 E1775 · Wed, March 08, 2023
Data breaches and IP. Current cyberespionage campaigns. A warning that the cyber phases of the hybrid war can’t be expected to be over, yet. Exfiltration via machine learning inference.
CISA adds three known exploited vulnerabilities to its Catalog. A data breach at Acer exposes intellectual property. Sharp Panda deploys SoulSearcher malware in cyberespionage campaigns. US Cyber Command’s head warns against underestimating Russia in cyberspace. Dave Bittner sits down with Simone Petrella of N2K Networks to discuss the recently-released Defense Cyber Workforce Framework. Betsy Carmelite from Booz Allen Hamilton speaks about CISA's year ahead. And are large language models what the lawyers call an attractive nuisance. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/45 Selected reading. CISA Adds Three Known Exploited Vulnerabilities to Catalog (Cybersecurity and Infrastructure Security Agency CISA) March 7 CISA KEV Breakdown | Zoho, Teclib, Apache (Nucleus Security) Acer Confirms Breach After Hacker Offers to Sell Stolen Data (SecurityWeek) Acer confirms breach after 160GB of data for sale on hacking forum (BleepingComputer) “Sharp Panda”: Check Point Research puts a spotlight on Chinese origined espionage attacks against southeast asian government entities (Check Point Software) Pandas with a Soul: Chinese Espionage Attacks Against Southeast Asian Government Entities (Check Point Research) What can security teams learn from a year of cyber warfare? (Computer Weekly) Russian cyberattacks could intensify during spring offensives in Ukraine, US Cyber Command general says (Stars and Stripes) US Bracing for Bolder, More Brazen Russian Cyberattacks (VOA) Russia remains a ‘very capable’ cyber adversary, Nakasone says (C4ISRNet) <a href="ht
S7 E1774 · Tue, March 07, 2023
A new threat to routers. DoppelPaymer hoods collared. Ransomware hits a Barcelona hospital. Phishing in productivity suites. Espionage, hacktiism, and prank phone calls.
HiatusRAT exploits business-grade routers. International law enforcement action against the DoppelPaymer gang. Ransomware hits a major Barcelona hospital. Productivity suites are increasingly attractive as phishing grounds. Transparent Tribe’s romance scams. Cyberattacks briefly disrupt Russian websites and media outlets. Ashley Leonard, CEO of Syxsense, sits down with Dave to discuss their "Advancing Zero Trust Priorities'' report. Joe Carrigan on a warning from Microsoft about a surge in token theft. And trolling for disinfo raw material. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/44 Selected reading. Black Lotus Labs uncovers another new malware that targets compromised routers (Lumen Newsroom) Germany and Ukraine hit two high-value ransomware targets | Europol (Europol) European Police, FBI Bust International Cybercrime Gang (VOA) German police lift lid on worldwide cyber blackmail gang (Deutsche Welle) Europol Hits Alleged Members of DoppelPaymer Ransomware Group (Decipher) An international sting brings another win against ransomware gangs (Washington Post) European police move in on DoppelPaymer (Computing) Police Looking for Russian Suspects Following DoppelPaymer Ransomware Crackdown (SecurityWeek) Cyberattack hits major hospital in Spanish city of Barcelona (AP NEWS). Cyberattack Hits Major Hospital in Spanish City of Barcelona (SecurityWeek) Barcelona's Hospital Clinic hit by ransomware cyberattack 'from outside Spain' (Euro Weekly News) <a href="https://www.vadesecure.com/en/ebook-phishers-favo
S7 E1773 · Mon, March 06, 2023
That crane might know what you’re shipping. Addressing the cybersecurity of water systems. Oakland’s ransomware incident is now a breach. Hybrid war. Investment scams.
Cranes as a security threat. EPA memo addresses cybersecurity risks to water systems. Oakland's ransomware incident becomes a data breach. Carding rises in the Russian underworld. Sandworm's record in Russia's war. Rick Howard sits down with Andy Greenberg from Wired to discuss how Ukraine suffered more data-wiping malware last year than anywhere, ever. Dave Bittner speaks with Kathleen Smith of ClearedJobs.Net to talk about hiring veterans and setting them (and yourself) up for success. And AI’s latest misuse: bogus investment schemes. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/43 Selected reading. WSJ News Exclusive | Pentagon Sees Giant Cargo Cranes as Possible Chinese Spying Tools (Wall Street Journal) EPA Takes Action to Improve Cybersecurity Resilience for Public Water Systems (US EPA) EPA presses states to include cybersecurity in water safety reviews (SC Media) EPA Calls on States to Improve Public Water Systems’ Cybersecurity (Meritalk) EPA issues water cybersecurity mandates, concerning industry and experts (CyberScoop) City of Oakland Targeted by Ransomware Attack, Work Continues to… (City of Oakland). Ransomware gang leaks data stolen from City of Oakland (BleepingComputer) Ransomware hackers release some stolen Oakland data (CBS News) Oakland officials say ransomware group may release personal data on Saturday (The Record from Recorded Future News) Cybercrime site shows off with a free leak of 2 million stolen card numbers (The Record from Recorded Future News) A year of wipers: How the Kremlin-backed Sandworm has attacked
Bonus · Sun, March 05, 2023
Gabriela Smith-Sherman: Thriving in the chaos. [Cyber governance] [Career Notes]
Gabriela Smith-Sherman, a former Federal agency CISO with over 15 years of experience in leading and implementing comprehensive enterprise cybersecurity programs and initiatives, sits down to share her journey. She is a U.S. combat disabled veteran who understands the importance of mission and is dedicated to delivering high-quality results and value to customers through innovative solutions. Gabriela shares about her time in the military and how her being apart of the service was one of the best decisions she made and dedicates all her hard work to her time in the military. She also shares how it was tough getting out of the routine of the military and being a civilian now was a hard transition, but she says that she thrives in the chaos of the IT world and that the military helped her to prepare for the cyber industry. She said "I think my military experience has prepared me, uh, to be in those kind of chaotic positions and be very calm about the approach." We thank Gabriela for sharing her story with us.
Bonus · Sat, March 04, 2023
New exploits are tricking Chrome. [Research Saturday]
Dor Zvi, Co-Founder and CEO from Red Access to discuss their work on "New Chrome Exploit Lets Attackers Completely Disable Browser Extensions." A recently patched exploit is tricking Chrome browsers on all popular OSs to not only give attackers visibility of their targets’ browser extensions, but also the ability to disable all of those extensions. The research states the exploit consists of a bookmarklet exploit that allows threat actors to selectively force-disable Chrome extensions using a handy graphical user interface making Chrome mistakenly identify it as a legitimate request from the Chrome Web Store. The research can be found here: New Chrome Exploit Lets Attackers Completely Disable Browser Extensions
S7 E1772 · Fri, March 03, 2023
More on how the US will implement its new National Cybersecurity Strategy. Emissary Panda and Mustang Panda are back. Responding to phishing. Royal ransomware. Water utility security.
Implementing the US National Cybersecurity Strategy. The US National Cybersecurity Strategy was informed by lessons from Russia's war. Two threat actors from China up their game. Responding to a phishing campaign. #StopRansomware: Royal Ransomware. CISA releases five ICS advisories. Sameer Jaleel, Kent State University Associate CIO on closing functionality gaps and creating a safer digital environment for students.Johannes Ullrich from SANS on establishing an "End of Support" inventory.EPA issues a memo on water system cybersecurity. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/42 Selected reading. National Cybersecurity Strategy (The White House) US cyber leaders discuss the new National Cyber Strategy. (CyberWire) Biden vows to wield ‘all instruments’ in fighting cyberthreats (Defense News) Chinese state-backed hackers Iron Tiger target Linux devices with new malware (Tech Monitor) Chinese hackers use new custom backdoor to evade detection (BleepingComputer) Scam alert: Trezor warns users of new phishing attack (Cointelegraph) FBI and CISA Release #StopRansomware: Royal Ransomware | CISA (Cybersecurity and Infrastructure Security Agency CISA) CISA Releases Five Industrial Control Systems Advisories | CISA (Cybersecurity and Infrastructure Security Agency CISA) EPA Takes Action to Improve Cybersecurity Resilience for Public Water Systems (US EPA)
S2 E43 · Fri, March 03, 2023
CISA Alert AA23-061A – #StopRansomware: Royal ransomware.
CISA and FBI are releasing this joint advisory to disseminate known Royal ransomware IOCs and TTPs identified through recent FBI threat response activities. AA23-061A Alert, Technical Details, and Mitigations AA23-061A STIX XML Royal Rumble: Analysis of Royal Ransomware (cybereason.com) DEV-0569 finds new ways to deliver Royal ransomware, various payloads - Microsoft Security Blog 2023-01: ACSC Ransomware Profile - Royal | Cyber.gov.au See Stopransomware.gov , a whole-of-government approach, for ransomware resources and alerts. No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment . See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening MSP and customer infrastructure. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov , or call (888) 282-0870, or report incidents to your local FBI field office.
S2 E42 · Fri, March 03, 2023
CISA Alert AA23-059A – CISA red team shares key findings to improve monitoring and hardening of networks. [CISA Cybersecurity Alerts]
The Cybersecurity and Infrastructure Security Agency is releasing this Cybersecurity Advisory detailing activity and key findings from a recent CISA red team assessment—in coordination with the assessed organization—to provide network defenders recommendations for improving their organization's cyber posture. AA23-059A Alert, Technical Details, and Mitigations No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment . See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening MSP and customer infrastructure. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov , or call (888) 282-0870, or report incidents to your local FBI field office.
S8 E50 · Fri, March 03, 2023
CyberWire commentary: Ukraine one year on. [Special Edition]
CyberWire Daily podcast host Dave Bittner is joined by CyberWire editor John Petrik for an extended discussion about the Russian invasion of Ukraine and its effect on cybersecurity at the one year anniversary. John and his team have covered the Ukrainian conflict with daily news stories since the invasion began, and in fact, had quite a lot of coverage prior to the invasion. They take stock of where things stand, what has happened, and what we expected versus reality.
S7 E1771 · Thu, March 02, 2023
The US National Cybersecurity Strategy is out, and we have a preliminary look. CISA red-teams critical infrastructure. A new cryptojacker is out. Russia bans messaging apps. Hacktivist auxiliaries.
The White House releases its US National Cybersecurity Strategy. Red-teaming critical infrastructure. Redis cryptojacker discovered. Russia bans several messaging apps. Our guest is Kapil Raina from CrowdStrike with the latest on Threat Hunting. Dinah Davis from Arctic Wolf on the top healthcare industry cyber attacks. And hacktivist auxiliaries continue their nuisance-level activities. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/41 Selected reading. National Cybersecurity Strategy (The White House) FACT SHEET: Biden-Harris Administration Announces National Cybersecurity Strategy (The White House) Biden administration releases new cybersecurity strategy (AP NEWS) White House pushes for mandatory regulations, more offensive cyber action under National Cyber Strategy (The Record from Recorded Future News) Here's why Biden's new cyber strategy is notable (Washington Post) How the U.S. National Cyber Strategy Reaches Beyond Government Agencies (Wall Street Journal) Biden National Cyber Strategy Seeks to Hold Software Firms Liable for Insecurity (Wall Street Journal) CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks (Cybersecurity and Infrastructure Security Agency CISA) CISA red-teamed a 'large critical infrastructure organization' and didn't get caught (The Record from Recorded Future News) Redis Miner Leverages Command Line File Hosting Service (Cado Security | Cloud Investigation) Russia bans foreign messaging apps (Computing) <a
S7 E1770 · Wed, March 01, 2023
How an attack led to a breach that enabled further social engineering. Forensic visibility in the Google Cloud Platform. Hacktivist auxiliaries. Two 8Ks and a free decryptor.
The LastPass data breach built on an earlier attack. Forensic visibility and the Google Cloud Platform. An overview of hacktivist auxiliaries in Russia's war against Ukraine. Dish acknowledges sustaining a cyberattack. MKS Instruments discloses a ransomware incident. Carole Theriault has a lesson about ChatGPT and school systems. Ann Johnson from Afternoon Cyber Tea speaks with Stacy Hughes from Voya Financial about her journey to being CISO. And Bitdefender releases a decryptor for MortalKombat ransomware. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/40 Selected reading. LastPass sustains a second data breach. (CyberWire) Incident 2 – Additional details of the attack (LastPass Support) LastPass Says DevOps Engineer Home Computer Hacked (SecurityWeek) LastPass: Keylogger on home PC led to cracked corporate password vault (Naked Security) LastPass data was stolen by hacking an employee’s home computer (The Verge) LastPass says employee’s home computer was hacked and corporate vault taken (Ars Technica) LastPass is in Big Trouble (Gizmodo) LastPass: DevOps engineer hacked to steal password vault data in 2022 breach (BleepingComputer) The LastPass security breach is still going from bad to worse (Cybersecurity Connect) Mitiga on forensic visibility and the Google Cloud Platform. (CyberWire) Mitiga Security Advisory: Insufficient Forensic Visibility in GCP Storage (Mitiga) <a href="https://www.mitiga.io/blog/google-cloud-platf
S7 E1769 · Tue, February 28, 2023
Data breach at the US Marshals Service. Blind Eagle phishes in the service of espionage. Dish investigates its outages. Qakbot delivered via OneNote files. Memory-safe coding.
The US Marshals Service sustains a data breach. Blind Eagle is a phish hawk. Dish continues to work toward recovery. OneNote attachments are used to distribute Qakbot. Ben Yelin has analysis on the Supreme Court’s hearing on a section 230 case. Mr Security Answer Person John Pescatore has thoughts on Chat GPT. And CISA Director Easterly urges vendors to make software secure-by-design. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/39 Selected reading. U.S. Marshals Service investigating ransomware attack, data theft (BleepingComputer) US Marshals says prisoners’ personal information taken in data breach (TechCrunch) Blind Eagle Deploys Fake UUE Files and Fsociety to Target Colombia's Judiciary, Financial, Public, and Law Enforcement Entities (BlackBerry) Dish hit by multiday outage after reported cyberattack (TechCrunch) DISH says ‘system issue’ affecting internal servers, phone systems (The Record from Recorded Future News) Take Note: Armorblox Stops OneNote Malware Campaign (Armorblox) Ukraine & Intelligence: One Year on – with Shane Harris (SpyCast) U.S. cyber official praises Apple security and suggests Microsoft, Twitter need to step it up (CNBC) U.S. cyber chief warns tech companies to curb unsafe practices (CBS News) Tech manufacturers are leaving the door open for Chinese hacking, Easterly warns (The Record from Recorded Future News) CISA Director Calls Out Industry Using Consumers as Cyber 'Crash Test Dummies' (Nextgov.com) The Designed-in Dangers of Technology and What We Can Do About It (Cybersecurity and Infrastructure Security Agency)
S7 E1768 · Mon, February 27, 2023
Artificial intelligence behaving badly? Or just tastelessly? Third-party risks. Signs that the advantage may be tilting toward the defender.
Social engineering with generative AI. Mylobot and BHProxies. PureCrypter is deployed against government organizations and staged through Discord. Dish Network reports disruption. Third-party app and software as a service risk. Further assessments of the cyber phase of Russia's war so far, with warnings to stay alert. Are tough times coming in gangland? Comments on NIST's revisions to its Cybersecurity Framework are due this Friday. AJ Nash from ZeroFox on Mis/Dis/and Malinformation. Rick Howard digs into Zero Trust. And get this—AI is writing science fiction! For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/38 Selected reading. Social engineering with generative AI. (CyberWire) Who’s Behind the Botnet-Based Service BHProxies? (KrebsOnSecurity) Mylobot: Investigating a proxy botnet (Bitsight) PureCrypter targets government entities through Discord (Menlo Security) PureCrypter malware hits govt orgs with ransomware, info-stealers (BleepingComputer) Uncovering the Risks & Realities of Third-Party Connected Apps: 2023 SaaS-to-SaaS Access Report (Adaptive Shield) Ukraine war anniversary likely to bring ‘disruptive’ cyberattacks on West, agencies warn (Global News) How the Ukraine War Has Changed Russia’s Cyberstrategy (Foreign Policy) A year of wiper attacks in Ukraine (WeLiveSecurity) Russia's yearlong cyber focus on Ukraine (Axios) A year after Russia's invasion, cyberdefenses have improved around the world (Washington Post) One year on, how is the war playing out in cyberspace? (WeLiveSecurity) <a href="https://www.itworldcanada.com/article/the-rus
Bonus · Sun, February 26, 2023
Mike Fey: Highs are high and lows are low. [CEO] [Career Notes]
Mike Fey, CEO and co-founder of Island.io, joins to share his story, falling in love with technology and being fascinated by it at a young age. Mike quickly started working for companies where he grew in his role, becoming CTO of McAfee and then GM of the Enterprise business, stepping out to then become president and COO of Blue Coat, which was eventually acquired by Symantec, eventually wanting to get into his own business. He shares that being a small business owner is a lot of hard work and very tiring at times, he says "especially in a startup, the highs are very high and the lows are very low." Mike also mentions how easy it is to get knocked down when being in charge of your own business, but that teamwork is what helps to bring him back up. Mike says he wants to eventually help change the world and hopefully his legacy will help him to do that some day. We thank Mike for sharing his story with us.
Bonus · Sat, February 25, 2023
The next hot AI scam. [Research Saturday]
Andy Patel from WithSecure Labs joins with Dave to discuss their study that demonstrates how GPT-3 can be misused through malicious and creative prompt engineering. The research looks at how this technology, GPT-3 and GPT-3.5, can be used to trick users into scams. GPT-3 is a user-friendly tool that employs autoregressive language to generate versatile natural language text using a small amount of input that could inevitably interest cybercriminals. The research is looking for possible malpractice from this tool, such as phishing content, social opposition, social validation, style transfer, opinion transfer, prompt creation, and fake news. The research can be found here: Creatively malicious prompt engineering
S7 E1767 · Fri, February 24, 2023
A look at the cyber aspects of Russia’s war, on the first anniversary of the invasion of Ukraine. And a few notes from elsewhere in cyberspace.
CISA advises increased vigilance on the first anniversary of Russia's war. CERT-UA reports current Russian cyberattacks were prepared in December 2021. How the war has changed the cyber underworld. Air raid alerts sound in nine Russian cities; Russia blames hacking. Our space correspondent Maria Varmazis speaks with Zhanna Malekos Smith at the Center for Strategic & International Studies about a new security agreement between Japan and the US. Kathleen Smith of ClearedJobs.Net clears misperceptions about the cleared space. And Dole continues recovery from ransomware. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/37 Selected reading. CISA Urges Increased Vigilance One Year After Russia's Invasion of Ukraine (Cybersecurity and Infrastructure Security Agency | CISA) Ukraine says Russian hackers backdoored govt websites in 2021 (BleepingComputer) Ukraine suffered more data-wiping malware than anywhere, ever (Ars Technica) The First Crypto War? Assessing the Illicit Blockchain Ecosystem One Year Into Russia's Invasion of Ukraine (TRM Insights) Ransomware Gang Conti Has Re-Surfaced and Now Operates as Three Groups: TRM Labs (CoinDesk). Ukraine suffered more data-wiping malware than anywhere, ever (Ars Technica) Russia-Ukraine War: 3 Cyber Threat Effects, 1 Year In (ReliaQuest) Russian cybercrime alliances upended by Ukraine invasion (Register) Study: Old pacts ditched the moment Moscow moved in How the Russia-Ukraine war has changed cyberspace (The Hill) Authorities blame hackers after air raid sirens sound over radio in multiple Russian cities (Meduza)
S7 E1766 · Thu, February 23, 2023
Hybrid war and cyber espionage. Ransomware in the produce aisle. Bypassing security filters in a BEC campaign. Identity-based attacks. Avoid pirated software. And what the bots have been scalping.
Cyberattacks in Russia's war so far, and their future prospects. The Lazarus Group may be employing a new backdoor. Clasiopa targets materials research organizations. Ransomware interferes with food production. Evernote is used in a BEC campaign to bypass security filters. Identity-based cyberattacks. Pirated versions of Final Cut Pro deliver cryptominers. Caleb Barlow has thoughts on Twitter, Mudge, and lessons learned. Marc Van Zadelhoff from Cyber CEOs Decoded podcast speaks with Amanda Renteria, CEO of Code for America, about attracting diverse talent. And what have the scalperbots been up to, lately. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/36 Selected reading. A year into Ukraine, looking back at 5 prewar predictions (Breaking Defense) Dutch intelligence: Many cyberattacks by Russia are not yet public knowledge (The Record from Recorded Future News) WinorDLL64: A backdoor from the vast Lazarus arsenal? (WeLiveSecurity) Clasiopa: New Group Targets Materials Research (Symantec) Cyberattack on food giant Dole temporarily shuts down North America production, company memo says (CNN Business) Business Email Compromise Scam Leads to Credential Harvesting Evernote Page (Avanan) The 2023 State of Identity Security Report (Oort) Beware of macOS cryptojacking malware. (Jamf Threat Labs) Quarterly Index: Top 5 Scalper Bot Targets of Q4 2022 (Netacea)
S7 E1765 · Wed, February 22, 2023
Vulnerabilities newly exploited in the wild. A new cyberespionage campaign. Trends in the C2C marketplace. Hacktivists, other auxiliaries, and the laws of armed conflict.
CISA adds three entries to its Known Exploited Vulnerabilities Catalog. "Hydrochasma" is a new cyberespionage threat actor. IBM claims the biggest effect of cyberattacks in 2022 was extortion. Social network hijacking in the C2C market. A credential theft campaign against data centers. LockBit claims an attack on a water utility in Portugal. Tim Starks from the Washington Post describes calls to focus on harmonizing cyber regulations. Our guest is Luke Vander Linden, host of the RH-ISAC Podcast. Disrupting Mr. Putin's speech, online, and what the hybrid war suggests about the future of cyber auxiliaries. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/35 Selected reading. CISA Adds Three Known Exploited Vulnerabilities to Catalog (CISA) Hydrochasma: Previously Unknown Group Targets Medical and Shipping Organizations in Asia (Symantec) IBM Security X-Force Threat Intelligence Index 2023 (IBM) S1deload Stealer – Exploring the Economics of Social Network Account Hijacking (Bitdefender Labs) Cyber Attacks on Data Center Organizations (Resecurity) Hackers Scored Data Center Logins for Some of the World's Biggest Companies (Bloomberg) LockBit gang takes credit for attack on water utility in Portugal (The Record from Recorded Future News) Ukraine Suffered More Data-Wiping Malware Last Year Than Anywhere, Ever (WIRED) Ukrainian hackers claim disruption of Russian TV websites during Putin speech (The Record from Recorded Future News) Ukraine's volunteer cyber army could be model for other nations: experts (Newsweek) Ukraine's largest charity wants to raise $1.3 million for ‘cyber offensive’ (The Reco
S7 E1764 · Tue, February 21, 2023
GoDaddy's compromise. Twitter disables SMS authentication for all but blue-checked users. Deutsche DDoS. Is Bing channeling Tay?
GoDaddy has discovered a compromise of its systems. Twitter disables SMS authentication for those not subscribed to Twitter Blue. Last week’s cyber incident impacting German airports was confirmed to be DDoS. The consequences of cyber irregular participation in cyber wars. Semiconductor tech giant Applied Materials sees significant financial losses from a cyberattack. Joe Carrigan on scammers dangling fake job offers to students. Our guests are Max Shuftan & Monisha Bush from the SANS Institute, on the reopening of their HBCU Cyber Academy application window. And is Bing channeling Tay? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/34 Selected reading. GoDaddy Inc. - Statement on recent website redirect issues (GoDaddy) GoDaddy: Hackers stole source code, installed malware in multi-year breach (Bleeping Computer) GoDaddy SEC Filing (SEC) An update on two-factor authentication using SMS on Twitter (Twitter) Twitter Limits SMS-Based 2-Factor Authentication to Blue Subscribers Only (The Hacker News) SMS-Based 2FA Will Be Limited to Twitter Blue Users (HackRead) Twitter will limit uses of SMS 2-factor authentication. What does this mean for users? (NPR) Twitter's Two-Factor Authentication Change 'Doesn't Make Sense' (WIRED) Twitter Shuts Off Text-Based 2FA for Non-Subscribers (SecurityWeek) Official: Twitter will now charge for SMS two-factor authentication (The Verge) German airport websites downed by DDoS attacks (Register) German airports hit by DDoS attack, ‘Anonymous Russia’ claims responsibility (The Record from Recorded Future) <a href="https://bre
S8 E48 · Mon, February 20, 2023
Modernizing the U.S. Navy's cybersecurity posture. [Special Edition]
Dave Bittner had a conversation with Commander Brandon Campbell of US Navy Cyber Defense Operations Command and Captain Steve Correia , Commanding Officer of Naval Network Warfare Command. They discussed the Navy’s cybersecurity advances and how they have implemented them. Commander Brandon Campbell is the former Operations Director at Navy Cyber Defense Operations Command and Task Force 1020 where they protect, detect, and respond to global cyber threats against Navy networks. Captain J. Steve Correia is the Commanding Officer of Naval Network Warfare Command and the Commander of Task Force 1010 under the U.S. Navy’s Fleet Cyber Command where they execute tactical-level command and control to direct, operate, maintain and secure Navy communication and network systems.
Bonus · Sun, February 19, 2023
Rachel Tobac: Find a way to laugh. [CEO] [Career Notes]
Rachel Tobac, CEO from SocialProof Security sits down to share her amazing story on becoming what's known in the industry as an ethical hacker and CEO of a company. Rachel shares how she was always fascinated with spy movies and as she grew older that fascination turned into a real desire. Finding out she liked learning how the human brain works, she decided to start off in neuroscience. Wanting a change and with the help of her husband she was able to start getting more into hacking, finding she loved the fact that she was pretending to be someone to hack into a company and finding the weak spots. She shares how as a leader now she likes to be authentic with her team. She says "I think in the security world sometimes we take ourselves pretty seriously and a lot of times it's because we're dealing with really serious topics, and so in the moment we have to be extremely serious, but when you get a five minute break in between your crisis meetings, find a way to laugh if you can." We thank Rachel for sharing her story with us.
Bonus · Sat, February 18, 2023
Implementing and achieving security resilience. [Research Saturday]
Wendy Nather from Cisco sits down with Dave to discuss their work on "Cracking the Code to Security Resilience: Lessons from the Latest Cisco Security Outcomes Report." The report describes what security resilience is, while also going over how companies can achieve this resilience. Wendy talks through some of the key findings based off of the report, and after surveying 4,751 active information security and privacy professionals from 26 countries, we find out some of the top priorities to achieving security resilience. From there the research goes on to explain from the findings which data-backed practices lead to the outcomes that can be implemented in cybersecurity strategies. The research can be found here: Cracking the Code to Security Resilience: Lessons from the Latest Cisco Security Outcomes Report Achieving Security Resilience
S7 E1763 · Fri, February 17, 2023
FBI Investigates a network incident. Developments in cybercrime. DDoS against German airports. US forms a Disruptive Technology Strike Force. CISA releases 15 ICS advisories.
The FBI is investigating incidents on its networks. Frebniis backdoors Microsoft servers. ProxyShell vulnerabilities are used to install a cryptominer. Havoc's post-exploitation framework. Atlassian discloses a data breach. German airports sustain a cyber incident. An Aspen Institute report concludes that cyber assistance benefits Ukraine. US announces "Disruptive Technology Strike Force." Robert M. Lee from Dragos on the value of capture the flag events. Our guests are Commander Brandon Campbell of US Navy Cyber Defense Operations Command and Captain Steve Correia, Commanding Officer of Naval Network Warfare Command. And CISA releases fifteen ICS advisories. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/33 Selected reading. Exclusive: FBI says it has 'contained' cyber incident on bureau's computer network (CNN) Frebniis: New Malware Abuses Microsoft IIS Feature to Establish Backdoor (Symantec, by Broadcom Software) ProxyShellMiner Campaign Creating Dangerous Backdoors (Morphisec) Attacks with novel Havoc post-exploitation framework identified (SC Media) Atlassian says recent data leak stems from third-party vendor hack (BleepingComputer) German airport websites down in possible hacker attack (Deutsche Welle) The Cyber Defense Assistance Imperative – Lessons from Ukraine (Aspen Institute) U.S. launches 'disruptive technology' strike force to target national security threats (Reuters) Justice Department to Increase Scrutiny of Technology Exports, Investments (Wall Street Journal) ICS-CERT Advisories (CISA)
S7 E1762 · Thu, February 16, 2023
APT37 has some new tricks. Multilingual BEC attacks. A look at the cyber phases of Russia’s war, and how being a crime victim may now be another way of serving the state. Influencers behaving badly.
North Korea's APT37 is distributing M2RAT. Multilingual BEC attacks, and how they happen. Assessing the cyber phase of Russia's war as the first anniversary of the invasion approaches. Killnet's attempt to rally hacktivists and criminals to the cause of Russia. Dinah Davis from Arctic Wolf describes continuous network scanning. Our guest is Dr. Inka Karppinen of CybSafe with a look at cyber security through the lens of a behavioral psychologist. And Grand Theft Auto is now also a TikTok challenge. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/32 Selected reading. RedEyes hackers use new malware to steal data from Windows, phones (BleepingComputer) Multilingual Executive Impersonation Attacks (Abnormal Intelligence) Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape (Google Threat Analysis Group) Following the Money: Killnet’s ‘Infinity Forum’ Wooing Likeminded Cybercriminals (Flashpoint) Hyundai, Kia patch bug allowing car thefts with a USB cable (BleepingComputer) Hyundai and Kia Launch Service Campaign to Prevent Theft of Millions of Vehicles Targeted by Social Media Challenge (NHTSA)
S7 E1761 · Wed, February 15, 2023
A look at the SideWinder APT. GoAnywhere vulnerability exploited in the wild. Ransomware rampant. Hacktivism in Russia’s hybrid war. Patch Tuesday notes.
SideWinder is an APT with possible origins in India. MortalKombat ransomware debuts. The GoAnywhere zero day was exploited in a data breach. Belarusian Cyber-Partisans release Russian data. Betsy Carmelite from Booz Allen Hamilton shares an overview of cyber deception. Our guest is Ashley Allocca from Flashpoint with a look at the Breaches and Malware Threat Landscape. And notes on Patch Tuesday. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/31 Selected reading. Molted skin: APT SideWinder 2021 campaign that targeted over 60 companies in the Asia-Pacific (Group-IB) New MortalKombat ransomware and Laplas Clipper malware threats deployed in financially motivated campaign (Cisco Talos Blog) Tonga is the latest Pacific Island nation hit with ransomware (The Record from Recorded Future News) LockBit demanded £66mn from Royal Mail (Computing) City of Oakland declares state of emergency after ransomware attack (BleepingComputer) City of Oakland Targeted by Ransomware Attack, Work Continues to Secure and Restore Services Safely (City of Oakland) Huge data dump from Russia’s censorship agency posted online (Cybersecurity Connect) Russian system to scan internet for undesired content and dissent (Reuters) Patch Tuesday: Three zero-days and nine 'Critical' RCE flaws fixed (Computing) Microsoft February 2023 Patch Tuesday fixes 3 exploited zero-days, 77 flaws (BleepingComputer) Apple Releases Security Updates for Multiple Products (CISA) SAP Security Pa
S7 E1760 · Tue, February 14, 2023
Blender is back, but now DBA Sinbad (still working for the Lazarus Group). Cyberespionage notes. Hacktivism. ICS threats. Valentine’s Day scams.
"Blender" reappears as "Sinbad." A Tonto Team cyberespionage attempt against Group-IB is thwarted. DarkBit claims responsibility for a ransomware attack on Technion University. An overview of ICS and OT security. Ben Yelin looks at surveillance oversight at the state level. Ann Johnson from Afternoon Cyber Tea speaks with Marene Allison about the CISO transformation. And it’s Valentine's Day, that annual holiday of love, chocolate, flowers, and online scams. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/30 Selected reading. Has a Sanctioned Bitcoin Mixer Been Resurrected to Aid North Korea’s Lazarus Group? (Elliptic Connect) Nice Try Tonto Team (Group-IB) Hackers attack Israel’s Technion University, demand over $1.7 million in ransom (ARN) Israel's top tech university postpones exams after ransomware attack (The Record from Recorded Future News) Russian hackers ‘disrupt Turkey-Syria earthquake aid’ in cyber attack on Nato (The Independent) Killnet DDoS attacks disrupt Nato websites (ComputerWeekly.com) Russian Hackers Disrupt NATO Earthquake Relief Operations (Dark Reading) What Happened to #OpRussia? (Dark Reading) Russian-linked malware was close to putting U.S. electric, gas facilities ‘offline’ last year (POLITICO) 2022 ICS/OT Cybersecurity Year in Review Executive Summary (Dragos) What’s love got to do with it? 4 in 5 Valentine’s Day-themed spam emails are scams, Bitdefender Antispam Lab warns (Hot for Security)
S7 E1759 · Mon, February 13, 2023
Known Exploited Vulnerabilities. Fool’s gold. Hacktivists come in both dissident and loyal varieties. Naming and shaming the shameless.
CISA adds to its Known Exploited Vulnerabilities Catalog. Cl0p claims responsibility for GoAnywhere exploitation. Victims mine for gold; attackers use pig butchering tactics. Hacktivists disrupt Iranian television during Revolution Day observances. Killnet claims a DDoS attack against NATO earthquake relief efforts. CyberWire UK Correspondent Carole Theriault asks what can we learn from the recent Roomba privacy snafu? Rick Howard looks at first principles we considered along the way. And can you name and shame the shameless? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/29 Selected reading. CISA Adds Three Known Exploited Vulnerabilities to Catalog (CISA) GoAnywhere MFT Zero-Day Exploitation Linked to Ransomware Attacks (SecurityWeek) Clop ransomware claims it breached 130 orgs using GoAnywhere zero-day (BleepingComputer) Fool’s Gold: dissecting a fake gold market pig-butchering scam (Sophos) Iranian State TV Hacked During President's Speech on Revolution Day (HackRead) Russian hackers disrupt Turkey-Syria earthquake relief (The Telegraph) Hacking marketplace emerges from Killnet partnership, seeks pro-Russia donations (SC Media) Russian Government evaluates the immunity to hackers acting in the interests of Russia (Security Affairs) Russia’s Ransomware Gangs Are Being Named and Shamed (WIRED)
Bonus · Sun, February 12, 2023
Jaden Dicks: It is never too early to start. [CyberVista intern] [Career Notes]
Jaden Dicks, a new intern at CyberVista, a company that merged with CyberWire to become N2K Networks, shares his story as a young man growing up trying to get into the cyber community. From a very young age, Jaden hoped to become part of the cybersecurity field, He recalls growing up constantly being surrounded by technology, and now with the help of Urban Alliance, Jaden was able to secure this internship with CyberVista. Urban Alliance is a nonprofit that connects young adults with paid work experiences, such as internships to help them bridge the gaps between education and the workforce. Jaden hopes that this internship will help him further advance his career and help him to pursue his goals of working in cyber. He also shares advice to younger people like him who are looking to branch out and start working toward your goals, even as a teenager, and what has helped him to find his rhythm. We thank Jaden for sharing his story with us.
Bonus · Sat, February 11, 2023
Knocking down the legs of the industrial security triad. [Research Saturday]
Pascal Ackerman, OT Security Strategist from Guidepoint Security, joins Dave to discuss his work on discovering a vulnerability in the integrity of common HMI client-server protocol. This research is a Proof of Concept (PoC) attack on the integrity of data flowing across the industrial network with the intention of intercepting, viewing, and even manipulating values sent to (and from) the HMI, ultimately trying to trick the user into making a wrong decision, ultimately affecting the proper operation of the process. In this research, they are targeting Rockwell Automation’s FactoryTalk View SE products, trying to highlight the lack of integrity and confidentiality on the production network and the effect that has on the overall security of the production environment. The research can be found here: GuidePoint Security researcher discovers vulnerability in the integrity of common HMI client-server protocol
S7 E1758 · Fri, February 10, 2023
US, RoK agencies outline DPRK ransomware. Reddit breached. ICS and IIoT issues. It’s almost Valentine’s Day. Have you noticed? (The hoods have.)
US and Republic of Korea agencies outline the DPRK ransomware threat. Reddit is breached. CISA releases six ICS advisories. Flaws are found in IIoT devices. Dinah Davis from Arctic Wolf shares cybersecurity stats every IT professional should know. Our guest is Kayla Williams from Devo autonomous SOCs. And, it’s almost Valentine’s Day. Have you noticed? (The hoods have.) For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/28 Selected reading. #StopRansomware - Ransomware Attacks on Critical Infrastructure Fund DPRK Espionage Activities (CISA) #StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities (CISA) U.S., South Korean Agencies Partner to #StopRansomware Threat from DPRK (National Security Agency/Central Security Service) US and South Korea accuse North Korea of using hospital ransoms to fund more hacking (The Record from Recorded Future News) North Korea using healthcare ransomware attacks to fund further cybercrime, feds say (SC Media) U.S., South Korea Warn of North Korean Ransomware Threats (Bank Info Security) r/reddit - We had a security incident. Here’s what we know. (reddit) Hackers breach Reddit to steal source code and internal data (BleepingComputer) Reddit Breached With Stolen Employee Credentials (Dark Reading) Reddit Says It Was Hacked But That You Don't Need to Worry. Probably. (Gizmodo) Control By Web X-400, X-600M (CISA) LS ELECTRIC XBC-DN32U (CISA) <a href="https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-03
S2 E41 · Fri, February 10, 2023
CISA Alert AA23-040A – #StopRansomware: ransomware attacks on critical infrastructure fund DPRK malicious cyber activities. [CISA Cybersecurity Alerts]
CISA, NSA, FBI, the US Department of Health and Human Services, the Republic of Korea National Intelligence Service, and the Republic of Korea Defense Security Agency are issuing this alert to highlight ongoing ransomware activity against Healthcare and Public Health Sector organizations and other critical infrastructure sector entities. AA23-040A Alert, Technical Details, and Mitigations CISA’s North Korea Cyber Threat Overview and Advisories webpage. Stairwell provided a YARA rule to identify Maui ransomware, and a Proof of Concept public RSA key extractor at the following link: https://www.stairwell.com/news/threat-research-report-maui-ransomware/ See Stopransomware.gov , a whole-of-government approach, for ransomware resources and alerts. No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment . See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening MSP and customer infrastructure. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov , or call (888) 282-0870, or report incidents to your local FBI field office.
S7 E1757 · Thu, February 09, 2023
Cyberespionage, from war floating to phishing. An update on ESXiArgs. Fresh sanctions against ransomware operators, and more takedowns may be in the offing.
War-floating. A phishing campaign pursues Ukrainian and Polish targets. Pakistan's navy is under cyberattack. A new criminal threat-actor uses screenshots for recon. ESXiArgs is widespread, but its effects are still being assessed. The UK and US issue joint sanctions against Russian ransomware operators. Robert M. Lee from Dragos addresses attacks to electrical substations. Our guest is Denny LeCompte from Portnox discussing IoT security segmentation strategies. And is LockBit next on law enforcement’s wanted list? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/27 Selected reading. Chinese Balloon Had Tools to Collect Communications Signals, U.S. Says (New York Times) UAC-0114 Campaign Targeting Ukrainian and Polish Gov Entitities (The State Cyber Protection Centre of the State Service of Special Communication and Information Protection of Ukraine) NewsPenguin, a Previously Unknown Threat Actor, Targets Pakistan with Advanced Espionage Tool (BlackBerry) Screentime: Sometimes It Feels Like Somebody's Watching Me (Proofpoint) Florida state court system, US, EU universities hit by ransomware outbreak (Reuters). No evidence global ransomware hack was by state entity, Italy says (Reuters) Ransomware campaign stirs worry despite uncertain impact (Washington Post) VMware Security Response Center (vSRC) Response to 'ESXiArgs' Ransomware Attacks (VMware Security Blog) CISA and FBI Release ESXiArgs Ransomware Recovery Guidance (CISA) United States and United Kingdom Sanction Members of Russia-Based Trickbot Cybercrime Gang (U.S. Department of the Treasury) <a href="https://www.nationalcrimeagency.gov.uk/news/ransomware-criminals-sanctioned-in-joint-uk-us-crac
S2 E40 · Thu, February 09, 2023
CISA Alert AA23-039A – ESXiArgs ransomware virtual machine recovery guidance. [CISA Cybersecurity Alerts]
CISA and the FBI are releasing this alert in response to the ongoing ransomware campaign, known as “ESXiArgs.” Malicious actors are exploiting known vulnerabilities in VMware ESXi servers that are likely running unpatched and out-of-service or out-of-date versions of VMware ESXi software to gain access and deploy ransomware. AA23-039A Alert, Technical Details, and Mitigations CISA has released an ESXiArgs recovery script at github.com/cisagov/ESXiArgs-Recover VMware Security Response Center (vSRC) Response to 'ESXiArgs' Ransomware Attack… Enes Sonmez and Ahmet Aykac, YoreGroup Tech Team: decrypt your crypted files in… See Stopransomware.gov , a whole-of-government approach, for ransomware resources and alerts. No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment . See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening MSP and customer infrastructure. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov , or call (888) 282-0870, or report incidents to your local FBI field office.
S7 E1756 · Wed, February 08, 2023
An ICS update from CISA. Ransomware notes: LockBit, Clop, and ESXiArgs. Vulnerability in Toyota’s GSPIMS. Two new Russian cyberespionage efforts hit Ukraine. And a direction for US privacy policy.
CISA releases an ICS security advisory affecting a smart facility system. LockBit threatens to release Royal Mail data tomorrow. Cl0p ransomware expands to Linux-based systems. A vulnerability is identified in Toyota's GSPIMS. There’s an ESXiArgs update: new trackers and mitigation tools are available. Russia is running two new cyberespionage campaigns against Ukraine. Our guest is Roya Gordon from Nozomi Networks discusses the ICS Threat Landscape. And The Washington Post’s Tim Starks provides analysis on last night’s State of the Union. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/26 Selected reading. CISA Releases One Industrial Control Systems Advisory (CISA) LockBit group threatens to publish stolen Royal Mail data tomorrow (Computing) Cl0p Ransomware Targets Linux Systems with Flawed Encryption | Decryptor Available (SentinelOne) Hacking into Toyota’s global supplier management network (Eaton Works) Researcher breaches Toyota supplier portal with info on 14,000 partners (BleepingComputer) Vulnerability Provided Access to Toyota Supplier Management Network (SecurityWeek) CISA Releases ESXiArgs Ransomware Recovery Script (CISA) ESXiArgs Ransomware Campaign Targets VMWare ESXi Vulnerability (SecurityScorecard) Graphiron: New Russian Information Stealing Malware Deployed Against Ukraine (Symantec) Remcos software deployed in spying attempt on Ukraine’s government, CERT says (The Record from Recorded Future News) The State of the Union was light on cybersecurity (Washington Post) <a href="https://cyberscoop.com/state-of-the-unio
S7 E1755 · Tue, February 07, 2023
Update: VMware ESXi exploitations. Super Bowl cyber risks. Scalping bots. The curious case of the Moscow billboards.
VMware ESXi exploitations. Super Bowl cyber risks. Scalping bots. The curious case of the Moscow billboards. Joe Carrigan tracks pig butchering apps in online app stores. Our guest is David Liebenberg from Cisco Talos, to discuss incident response trends. And, in sportsball, it’s gonna be the Chiefs by a couple of hat tricks, or something. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/25 Selected reading. Ransomware Hits Unpatched VMware Systems: 'Send Money Within 3 Days' (Virtualization Review) Massive ransomware attack targets VMware ESXi servers worldwide (CSO Online) CISA steps up to help VMware ESXi ransomware victims (SC Media) ‘Massive’ new ESXiArgs ransomware campaign has compromised thousands of victims (The Record from Recorded Future News) Have you clicked “Report Junk” lately on your #mobile device? (Proofpoint) CyRC special report: Secure apps? Don’t bet on it (Synopsys) DataDome’s Inaugural E-Commerce Holiday Bot & Online Fraud Report Reveals the US as the Top Source of Bot Attacks (DataDome) Darknet drug market BlackSprut openly advertises on billboards in Moscow (The Record from Recorded Future News)
S7 E1754 · Mon, February 06, 2023
Unpatched VMware ESXi instances attacked. Okatpus is back. Update on LockBit’s ransomware attack on ION. Charlie Hebdo hack attributed to Iran.
New ransomware exploits a VMware ESXi vulnerability. Roasted 0ktapus squads up. LockBit says ION paid the ransom. Russian cyber auxiliaries continue attacks against healthcare organizations. Attribution on the Charlie Hebdo attack. Deepen Desai from Zscaler describes recent activity by Ducktail malware. Rick Howard looks at cyber threat intelligence. And the top US cyber diplomat says his Twitter account was hacked. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/24 Selected reading. Ransomware Gang in Trading Hack Says Ransom Was Paid (Bloomberg) Regulators weigh in on ION attack as LockBit takes credit (Register) Russian hackers launch attack on City of London infrastructure (The Armchair Trader) Ransomware attack on data firm ION could take days to fix -sources (Reuters) Linux version of Royal Ransomware targets VMware ESXi servers (BleepingComputer) Ransomware scum attack old VMWare ESXi vulnerability (Register) Italy sounds alarm on large-scale computer hacking attack (Reuters) Italy's TIM suffers internet connection problems (Reuters) Italy sounds alarm on large-scale computer hacking attack (Jerusalem Post) Italian National Cybersecurity Agency (ACN) warns of massive ransomware campaign targeting VMware ESXi servers (Security Affairs) Campagne d’exploitation d’une vulnérabilité affectant VMware ESXi (CERT-FR) VMSA-2021-0002 (VMware) CERT-FR warns of a new wave of ransomware attacks targeting VMware ESXi servers (Security Affairs) <a href="https://techcrunch.com/2023/02/02/0ktapus-hackers-
S1 E45 · Sun, February 05, 2023
“Shift Left”: A case for threat-informed pentesting. [CyberWire-X]
Penetration testing is a vital part of a robust security program, but the traditional pentesting model is in a rut. Assessments happen infrequently, the scope is often very broad, and the report is usually overwhelming. What if you could increase the overall ROI of your pentesting program and avoid these limitations? Every penetration test should have specific goals. Coverage of the MITRE ATT&CK framework or the OWASP Top Ten is a great start, but a pentest could provide exponential value by applying a more strategic approach. In this episode of CyberWire-X, the CyberWire’s Rick Howard and Dave Bittner discuss what it means to "shift left" with your penetration testing by working on a threat-informed test plan with guests and Hash Table members Bob Turner, the Field CSO of Fortinet, Etay Maor, the Senior Director for Security Strategy at Cato Networks, and Dan DeCloss, the Founder and CEO of our episode sponsor PlexTrac.
Bonus · Sun, February 05, 2023
Yamsin Abdi: Find your community. [Security Engineer] [Career Notes]
Yasmin Abdi, a Security Engineering Manager at Snapchat and the CEO and Founder of NoHack, sits down to share her story on how she got to be in her amazing current roles. From a young age, Yasmin was fascinated by the overlap of cybersecurity and crime and law. In her time in college, she was able to intern at big tech companies like Snapchat, Google, and Facebook. She decided to stick with Snapchat, which had the security aspect and security composure that she wanted. In her role at Snapchat, she gets to work with her team to help take down all kinds of bad content and keep up the platform’s integrity, and found she fell in love with the work along the way. Yasmin shares the sage advice to grow your community as much as you can, saying to"form a community of like-minded people. People that you can bounce ideas off of, people that can help support you when times are low. Find mentors, find people that you aspire to be like, and really find that community of people." We thank Yasmin for sharing her story.
Bonus · Sat, February 04, 2023
Can ransomware turn machines against us? [Research Saturday]
Tom Bonner and Eoin Wickens from HiddenLayer's SAI Team to discuss their research on weaponizing machine learning models with ransomware. Researchers at HiddenLayer’s SAI Team have developed a proof-of-concept attack for surreptitiously deploying malware, such as ransomware or Cobalt Strike Beacon, via machine learning models. The attack uses a technique currently undetected by many cybersecurity vendors and can serve as a launchpad for lateral movement, deployment of additional malware, or the theft of highly sensitive data. In this research the team raising awareness by demonstrate how easily an adversary can deploy malware through a pre-trained ML model. The research can be found here: WEAPONIZING MACHINE LEARNING MODELS WITH RANSOMWARE
S7 E1753 · Fri, February 03, 2023
Cyberespionage, and ransomware as misdirection. A new Python-based supply chain attack. Traffic on the Static Expressway. KillNet continues to plague hospitals. And Telegram may be compromised.
CISA has released six ICS Advisories. A look at a North Korean cyberespionage campaign. ChatGPT and its attack potential. A new Python-based supply chain attack. There’s traffic on the Static Expressway: ClickFunnels seen in use for redirection. KillNet continues its campaign against hospitals. Ransomware as misdirection for cyberespionage. Part two of my conversation with Kathleen Smith of ClearedJobs.Net discussing trends in the cleared space. Our guest is Eric Bassier of Quantum talking about the multi-layered approach to ransomware protection. And Russian surveillance extends to Telegram chats. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/23 Selected reading. Delta Electronics DIAScreen (CISA) Mitsubishi Electric GOT2000 Series and GT SoftGOT2000 (CISA) Baicells Nova (CISA) Delta Electronics DVW-W02W2-E2 (CISA) Delta Electronics DX-2100-L1-CN (CISA) Mitsubishi Electric GT SoftGOT2000 (CISA) No Pineapple! –DPRK Targeting of Medical Research and Technology Sector (WithSecure) Hackers linked to North Korea targeted Indian medical org, energy sector (The Record from Recorded Future News) North Korean hackers stole research data in two-month-long breach (BleepingComputer) ChatGPT May Already Be Used in Nation State Cyberattacks, Say IT Decision Makers in BlackBerry Global Research (BlackBerry) Supply Chain Attack by New Malicious Python Package, “web3-essential” ((Frotinet) Leveraging ClickFunnels to Bypass Security Services (Avanan) <a href="https://www.beckershospitalreview.com/cybersecurity/report-killnet-targeting-hospitals-in-countries-helping-
S7 E1752 · Thu, February 02, 2023
Cisco fixes vulnerabilities in ICS appliances. NIST’s anti-phishing guidelines. OneNote exploitation. HeadCrab malware. Recent actions by Russian threat actors. Trends in state-directed cyber ops.
Cisco patches a command injection vulnerability. NIST issues antiphishing guidance. HeadCrab malware's worldwide distribution campaign. The Gamaredon APT is more interested in collection than destruction. Kathleen Smith of ClearedJobs.Net looks at hiring trends in the cleared community. Bennett from Signifyd describes the fraud ring that’s launched a war on commerce against U.S. merchants. And trends in cyberattacks by state-sponsored actors. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/22 Selected reading. Command-Injection Bug in Cisco Industrial Gear Opens Devices to Complete Takeover (Dark Reading) Phishing Resistance – Protecting the Keys to Your Kingdom (NIST) OneNote Documents Increasingly Used to Deliver Malware | Proofpoint UK (Proofpoint) HeadCrab: A Novel State-of-the-Art Redis Malware in a Global Campaign (Aquasec) Another UAC-0010 Story (The State Cyber Protection Centre of the State Service of Special Communication and Information Protection of Ukraine) Russia-backed hacker group Gamaredon attacking Ukraine with info-stealing malware (The Record from Recorded Future News) City of London traders hit by Russia-linked cyber attack (The Telegraph) ChristianaCare recovers from cyberattack, restores website service (6abc Philadelphia) Nation-State Threats and the Rise of Cyber Mercenaries: Exploring the Microsoft Digital Defense Report (CSO Online) Microsoft Digital Defense Report 2022 (Microsoft Security)
S7 E1751 · Wed, February 01, 2023
How the C2C market sustains ransomware gangs. In Russia’s war, intelligence services deploy wipers, and hacktivist auxiliaries handle the DDoS. And a look into other corners of the cyber underworld.
Microsoft tallies more than a hundred ransomware gangs. Sandworm's NikoWiper hits Ukraine's energy sector. Mobilizing cybercriminals in a hybrid war. Firebrick Ostrich and business email compromise. Telegram is used for sharing stolen data and selling malware. Crypto scams find their way into app stores. Bryan Vorndran of the FBI Cyber Division outlines the services the FBI provides during an incident response. Ann Johnson from Afternoon Cyber Tea speaks with actor producer Tim Murck about the intersection of cyber awareness and storytelling. And we are shocked - shocked! - that there are fraudulent cyber professional credentials circulating online. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/21 Selected reading. Microsoft: Over 100 threat actors deploy ransomware in attacks (BleepingComputer) SocGholish: A Tale of FakeUpdates (Reliaquest) ESET APT Activity Report T3 2022 (WeLiveSecurity) Pro-Russian DDoS attacks raise alarm in Denmark, U.S. (The Record from Recorded Future News) ChristianaCare's website restored after attack; pro-Russia 'hacktivist' group takes credit (Delaware News Journal) Univ. of Iowa Hospitals website possibly hit by cyberattack (KCRG) Cyber attack causes problems with UM Health websites (The Detroit News) How the war in Ukraine has strengthened the Kremlin's ties with cybercriminals (The Record from Recorded Future News) Dark Covenant 2.0: Cybercrime, the Russian State, and War in Ukraine (Recored Future) Russia’s cyberwar against Ukraine offers vital lessons for the West (Atlantic Council) BEC Group Uses Secondary Per
S7 E1750 · Tue, January 31, 2023
The cybercriminal labor market and the campaigns it’s supporting. Russia’s Killnet is running DDoS attacks against US hospitals, but Russia says, hey, it’s the real victim here.
Some perspective on the cybercriminal labor market. DocuSign is impersonated in a credential-harvesting campaign. Social engineering pursues financial advisors. Killnet is active against the US healthcare sector. Mr. Security Answer Person John Pescatore has thoughts on cryptocurrency. Ben Yelin and I debate the limits of section 230. And, hey, who’s the real victim in cyberspace? A hint: probably not you, Mr. Putin. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/20 Selected reading. Perspectives on the cybercriminal labor market. (CyberWire). IT specialists search and recruitment on the dark web (Securelist) Cybercrime job ads on the dark web pay up to $20k per month (BleepingComputer) Report on hackers' salaries shows poor wages for developers (Register) Cybercrime groups offer six-figure salaries, bonuses, paid time off to attract talent on dark web (CyberScoop) Application security risks. (CyberWire) Survey gives insight into new app security challenges (Cisco App Dynamics) DocuSign impersonated in credential phishing attack. (CyberWIre) Breaking the Impersonation: Armorblox Stops DocuSign Attack (Armorblox) "Pig butchering" and financial advisor impersonation scams. (CyberWire) No Blocking, No Issue: The Curious Ecosystem of Financial Advisor Impersonation Scams (Domain Tools) Ukraine at D+341: Killnet hits US hospitals. (CyberWire) <a href="https://www.aha.org/cybersecurity-government-intelligence-reports/2023-01-30-hc3-tl
S7 E1749 · Mon, January 30, 2023
Criminal evolutions, disgruntled insiders, and gangsta wannabes. New wiper attacks hit Ukrainian targets, with less effect than the first rounds early last year. And support your local hacktivist?
Gootloader's evolution. Yandex source code leaked (and Yandex blames a rogue insider). New GRU wiper malware is active against Ukraine. Latvia reports cyberattacks by Gamaredon. Russia and the US trade accusations of malign cyber activity. A hacktivist auxiliary's social support system. Deepen Desai from Zscaler describes the Lilithbot malware. Rick Howard looks at chaotic simians. And wannabes can be a nuisance, too: LockBit impersonators are seen operating in northern Europe. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/19 Selected reading. Welcome to Goot Camp: Tracking the Evolution of GOOTLOADER Operations (Mandiant) Yandex denies hack, blames source code leak on former employee (BleepingComputer) Hackers use new SwiftSlicer wiper to destroy Windows domains (BleepingComputer) Sandworm APT targets Ukraine with new SwiftSlicer wiper (Security Affairs) Ukraine: Sandworm hackers hit news agency with 5 data wipers (BleepingComputer) Ukraine Links Media Center Attack to Russian Intelligence (BankInfoSecurity) Latvia confirms phishing attack on Ministry of Defense, linking it to Russian hacking group (The Record from Recorded Future News) Russia knows US recruits hackers, trains Ukrainian IT-army — Deputy Foreign Minister (TASS) Taking down the Hive ransomware gang . (CyberWire) US puts a $10m bounty on Hive while Russia shuts down access (Register) Exploring Killnet’s Social Circles (Radware) Copycat Criminals mimicking Lockbit gang in northern Europe (Security Affairs)
Bonus · Sun, January 29, 2023
Charlie Moore: Pilot to head honcho in cyber. [Cyber Command] [Career Notes[
Our guest, Charlie Moore, is a recently retired USAF Lieutenant General who sits down to share his story from flying high in the air to becoming a bigwig in the cyber community. He was most recently the Deputy Commander of the United States Cyber Command, and also spent part of his career as a human factors engineer working on human interfaces for fighter aircraft. When he first began his Air Force career, he was a member of the last class entering into the Academy that was not issued desktop computers. Charlie discusses how this changed as the year went on and how that impacted his career both in and out of the military. Charlie worked for different companies over the years to further his career and his goals, and discusses how his flying career has helped him and says, "I was extremely passionate about the flying aspect of my career for 25 years and I became even more passionate about operating in this space." We thank Charlie for sharing his story with us.
Bonus · Sun, January 29, 2023
Interview with the AI, part one. [Special Editions]
Cybersecurity interview with ChatGPT. In part one of CyberWire’s Interview with the AI, Brandon Karpf interviews ChatGPT about topics related to cybersecurity. Rick Howard joins Brandon to analyze the conversation and discuss potential use cases for the cybersecurity community. ChatGPT is a chatbot launched by OpenAI and built on top of OpenAI’s GPT-3 family of large language models. Cyber questions answered by ChatGPT in part one of the interview. What were the most significant cybersecurity incidents up through 2021? What leads you to characterize these specific events as significant? What were the specific technical vulnerabilities associated with these incidents? Who were the cyber actors involved in each of these attacks? Do you think it's valuable to attribute cyber attacks to specific actors?
Bonus · Sat, January 28, 2023
Flagging firmware vulnerabilities. [Research Saturday]
Roya Gordon from Nozomi Networks sits down with Dave to discuss their research on "Vulnerabilities in BMC Firmware Affect OT/IoT Device Security." Researchers at Nozomi Networks has revealed that there are thirteen vulnerabilities that affect BMCs of Lanner devices based on the American Megatrends (AMI) MegaRAC SP-X. The research states "By abusing these vulnerabilities, an unauthenticated attacker may achieve Remote Code Execution (RCE) with root privileges on the BMC, completely compromising it and gaining control of the managed host." As well as mentioning what patches could be in the future to help fix these vulnerabilities. The research can be found here: Vulnerabilities in BMC Firmware Affect OT/IoT Device Security – Part 1
S7 E1748 · Fri, January 27, 2023
An update on the Hive ransomware takedown. More DDoS from Killnet. Advisories from CISA, and an addition to the Known Exploited Vulnerabilties Catalog.
An update on the takedown of the Hive ransomware gang, plus insights from CrowdStrike’s Adam Meyers. If you say you’re going to unleash the Leopards, expect a noisy call from Killnet. Our guest is ExtraHop CISO Jeff Costlow talking about nation-state attackers in light of ongoing Russian military operations. CISA has released eight ICS advisories, and the agency has also added an entry to its Known Exploited Vulnerabilities Catalog. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/18 Selected reading. Cybercriminals stung as HIVE infrastructure shut down (Europol) U.S. Department of Justice Disrupts Hive Ransomware Variant (U.S. Department of Justice) Director Christopher Wray’s Remarks at Press Conference Announcing the Disruption of the Hive Ransomware Group (Federal Bureau of Investigation) Taking down the Hive ransomware gang. (CyberWire) US hacks back against Hive ransomware crew (BBC News) Cyberattacks Target Websites of German Airports, Admin (SecurityWeek) Delta Electronics CNCSoft ScreenEditor (CISA) Econolite EOS (CISA) Snap One Wattbox WB-300-IP-3 (CISA) Sierra Wireless AirLink Router with ALEOS Software (CISA). Mitsubishi Electric MELFA SD/SQ series and F-series Robot Controllers (CISA) Rockwell Automation products using GoAhead Web Server (CISA) Landis+Gyr E850 (CISA) Mitsubishi Electric MELSEC iQ-F, iQ-R Series (CISA) CISA Has Added One Known Exploited Vulnerability to Catalog<
S7 E1747 · Thu, January 26, 2023
Remote monitoring and management tools abused. Russian and Iranian cyberespionage reported. The world according to the CIO. And if volume is your secret, maybe look for a better secret.
Joint advisory warns of remote monitoring and management software abuse. Iranian threat actors reported active against a range of targets. UK's NCSC warns of increased risk of Russian and Iranian social engineering attacks. A look at trends, as seen by CIOs. Carole Theriault ponders health versus privacy with former BBC guru Rory Cellan Jones. Kyle McNulty, host of the Secure Ventures podcast shares lessons from the cybersecurity startup community. And the DRAGONBRIDGE spam network is disrupted. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/17 Selected reading. CISA, NSA, and MS-ISAC Release Advisory on the Malicious Use of RMM Software (CISA) Protecting Against Malicious Use of Remote Monitoring and Management Software (CISA) CISA: Federal agencies hacked using legitimate remote desktop tools (BleepingComputer) 'Malicious' cyber attacks launched by groups connected to Iran's regime (ABC) Abraham's Ax Likely Linked to Moses Staff (Secureworks) SEABORGIUM and TA453 continue their respective spear-phishing campaigns against targets of interest (NCSC) NCSC: Russian and Iranian hackers targeting UK politicians, journalists (Computing) State of the CIO Study 2023: CIOs cement leadership role (Foundry) U.S. says it 'hacked the hackers' to bring down ransomware gang, helping 300 victims (Reuters) Over 50,000 instances of DRAGONBRIDGE activity disrupted in 2022 (Google TAG)
Bonus · Thu, January 26, 2023
CISA Alert AA23-025A – Protecting against malicious use of remote monitoring and management software
CISA, NSA, and the MS-ISAC are releasing this alert to warn network defenders about malicious use of legitimate remote monitoring and management software. AA23-025A Alert, Technical Details, and Mitigations For a downloadable copy of IOCs, see AA23-025.stix Silent Push uncovers a large trojan operation featuring Amazon, Microsoft, Geek Squad, McAfee, Norton, and Paypal domains No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment . See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening MSP and customer infrastructure. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov , or call (888) 282-0870, or report incidents to your local FBI field office.
S7 E1746 · Wed, January 25, 2023
TA444 and crypto theft on behalf of the Dear Successor. CryptoAPI spoofing vulnerability described. New Python-based malware campaign. User headspace. Tanks vs. hacktivists.
How do the North Koreans get away with it? They do run their cyber ops like a creepy start-up business. A spoofing vulnerability is discovered in Windows CryptoAPI. Python-based malware is distributed via phishing. MacOS may have a reputation for threat-resistance, but users shouldn't get cocky. DevSecOps survey results show tension between innovation and security. Russian hacktivist auxiliaries hit German targets. Tim Starks from the Washington Post Cyber 202 shares insights from his interview with Senator Warner. Our guest is Keith McCammon of Red Canary to discuss cyber accessibility. And Private sector support for Ukraine's cyber defense. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/16 Selected reading. TA444: The APT Startup Aimed at Acquisition (of Your Funds) (Proofpoint) Exploiting a Critical Spoofing Vulnerability in Windows CryptoAPI (Akamai) Securonix Security Advisory: Python-Based PY#RATION Attack Campaign Leverages Fernet Encryption and Websockets to Avoid Detection (Securonix) BlackBerry's Inaugural Quarterly Threat Intelligence Report Reveals Threat Actors Launch One Malicious Threat Every Minute (BlackBerry) Global CIO Report Reveals Growing Urgency for Observability and Security to Converge (Dynatrace) Russian 'hacktivists' briefly knock German websites offline (Reuters) How Microsoft is helping Ukraine’s cyberwar against Russia (Computerworld) CISA Releases Two Industrial Control Systems Advisories (CISA)
Bonus · Wed, January 25, 2023
Cyber Marketing Con 2022: From the horse’s mouth: CISO Q&A on solving the cyber marketer’s dilemma. [Special Editions]
At the 2022 Cyber Marketing Con, the CyberWire presented a CISO Q&A panel session on how to help cyber marketers reach CISOs and other security executives in the industry. The panel included Rick Howard, CSO of N2K Networks, Jaclyn Miller, Head of InfoSec and IT at DispatchHealth, Ted Wagner, CISO of SAP NS2, and was moderated by board director & and operating partner, Michelle Perry. Listen in as the panel discusses: What works and doesn’t work in getting a security executive’s attention. Message trust, message fatigue, and what you can do about it. Trusted information sources and how security executives use them. Positioning and messaging that is actually meaningful to decision makers. The security executive’s purchasing behavior and why skepticism is the driving force. Stay tuned until the end to hear us answer some additional bonus questions submitted by attendees.
S7 E1745 · Tue, January 24, 2023
Disentangling cybercrime from cyberespionage. A threat to the IoT supply chain. What do you do with the hacktivists when they stop being hacktivists? A retired FBI Special Agent is indicted.
DragonSpark conducts "opportunistic" cyberattacks in East Asia. ProxyNotShell and OWASSRF exploit chains target Microsoft Exchange servers. The IoT supply chain is threatened by exploitation of Realtek Jungle SDK vulnerability. CISA adds an entry to its Known Exploited Vulnerabilities Catalog. A Cisco study finds organizations see positive returns from investment in privacy. What's the hacktivist's postwar future? Joe Carrigan tracks a romance scam targeting seniors. Our guest is Pete Lund of OPSWAT to discuss the security of removable media devices. And a retired G-Man is indicted on multiple charges. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/15 Selected reading. DragonSpark | Attacks Evade Detection with SparkRAT and Golang Source Code Interpretation (SentinelOne) Technical Advisory: Proxy*Hell Exploit Chains in the Wild (Bitdefender) Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats (Unit 42) CISA Adds One Known Exploited Vulnerability to Catalog (CISA) 2023 Data Privacy Benchmark Study (Cicso) Hacktivism Is a Risky Career Path (WIRED) Retired FBI Executive Charged With Concealing $225,000 In Cash Received From An Outside Source (Department of Justice, U.S. Attorney’s Office, District of Columbia) Former Special Agent In Charge Of The New York FBI Counterintelligence Division Charged With Violating U.S. Sanctions On Russia (Department of Justice, U.S. Attorney’s Office, Southern District of New York) Former Senior F.B.I. Official in New York Charged With Aiding Oligarch (New York Times)
S7 E1744 · Mon, January 23, 2023
Contractor error behind FAA outage. OneNote malspam. Vastflux ad campaign disrupted. Ukraine moves closer to CCDCOE membership. Alerts for gamblers and gamers.
The FAA attributes its January NOTAM outage. Malicious OneNote attachments are appearing in phishing campaigns. The Vastflux ad campaign has been disrupted. Ukraine moves toward closer cybersecurity collaboration with NATO. Rick Howard considers the best of 2022. Deepen Desai from Zscaler looks at VPN Risk. And, finally, we’re betting you want alerts for sports book customers and online gamers. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/14 Selected reading. FAA Says Contractor Unintentionally Caused Outage That Disrupted Flights (Wall Street Journal) Not a cyberattack, but an IT failure: the FAA's NOTAM outage. (CyberWire) Hackers now use Microsoft OneNote attachments to spread malware (BleepingComputer) Traffic signals: The VASTFLUX Takedown (HUMAN Security) Ukraine signs agreement to join NATO cyber defense center (The Record from Recorded Future News) FanDuels warns of data breach after customer info stolen in vendor hack (BleepingComputer) Industry looks at the MailChimp data incident. (CyberWire) PSA: Don’t play GTA Online on PC right now (Video Games) You might not want to play GTA Online right now due to security vulnerabilities (RockPaperShotgun) Riot Games hacked, delays game patches after security breach (BleepingComputer) Riot hit by ‘social engineering attack’ that will affect patch cadence for multiple titles (Dot Esports)
Bonus · Sun, January 22, 2023
Miriam Wugmeister: Technology's not as complicated as you think. [Data Security] [Career Notes]
Miriam Wugmeister, co-chair of Morrison & Foerster’s Privacy and Data Security practice, sits down to share her in-depth experience and understanding of privacy and data security laws, obligations, and practices across a wide range of industries. She talks about how she grew up not knowing exactly what she wanted to get into as a profession, starting off as a chemical engineering major in college before switching to philosophy. She then got asked to work on a project relating to a company’s privacy and fell in love with the subject matter, deciding then to pursue it as a career. Miriam mentions how technology is not as complicated as tech people might have you think. She hopes she can advertise a tech degree for young women and men looking to get into the field, as well as making sure she "encourages women and diverse lawyers to, uh, come into this area to thrive." We thank Miriam for sharing her story with us.
S1 E44 · Sun, January 22, 2023
The power of web data in cybersecurity. [CyberWire-X]
The public web data domain is a fancy way to say that there is a lot of information sitting on websites around the world that is freely available to anybody who has the initiative to collect it and use it for some purpose. When you do that collection, intelligence groups typically refer to it as open source intelligence, or OSINT. Intelligence groups have been conducting OSINT operations for over a century if you consider books and newspapers to be one source of this kind of information. In the modern day, hackers conduct OSINT operations in order to recon their potential victims by collecting email addresses, personal information, IP addresses, software versions, network configurations, and, if they are lucky, login credentials for websites and social media platforms. The question is, how can the good guys use these techniques to improve their security posture or maybe help the business in some kind of material way? On this episode of CyberWire-X, the CyberWire’s Rick Howard and Dave Bittner discuss OSINT operations to improve your security posture with guests Steve Winterfeld, Hash Table member and Advisory CISO for Akamai, and Or Lenchner, CEO at our episode sponsor Bright Data.
Bonus · Sat, January 21, 2023
Billbug infests government agencies. [Research Saturday]
Brigid O. Gorman from Symantec's Threat Hunter Team joins Dave to discuss their report "Billbug - State-sponsored Actor Targets Cert Authority and Government Agencies in Multiple Asian Countries." The team has discovered that state-sponsored actors compromised a digital certificate authority in an Asian country during a campaign in which multiple government agencies were also targeted. The research states they believe Billbug, which is a long-established advanced persistent threat (APT) group has been active since about 2009. They say "In activity documented by Symantec in 2019, we detailed how the group was using a backdoor known as Hannotog (Backdoor.Hannotog) and another backdoor known as Sagerunex (Backdoor.Sagerunex). Both these tools were also seen in this more recent activity." The research can be found here: Billbug: State-sponsored Actor Targets Cert Authority, Government Agencies in Multiple Asian Countries
S7 E1743 · Fri, January 20, 2023
Ransomware in Costa Rica. Cyberespionage against unpatched FortiOS instances. Credential stuffing PayPal, breaching T-Mobile. Utility business systems hit. Hackathons and phishing in Russia.
Ransomware hits Costa Rican government systems, again. A Chinese threat actor deploys the BOLDMOVE backdoor against unpatched FortiOS. Credential stuffing afflicts PayPal users. T-Mobile discloses a data breach. A cyberattack hits a remote Canadian utility. The Wagner Group sponsors a hackathon. Malek Ben Salem from Accenture describes prompt injection for chatbots. Our guest is Paul Martini of iboss with insights on Zero Trust. And the FSB’s Gamaredon APT runs a hands-on Telegraph phishing campaign against Ukrainian targets. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/13 Selected reading. Bolster Your Company Defenses With Zero Trust Edge (Forrester) MICITT detecta incidente informático en el MOPT, el cual ya se encuentra contenido (MICITT) MOPT mantiene habilitados todos los servicios de manera presencial (MICITT) Costa Rica’s Ministry of Public Works and Transport crippled by ransomware attack (Record) Suspected Chinese Threat Actors Exploiting FortiOS Vulnerability (CVE-2022-42475) (Mandiant) Attackers Crafted Custom Malware for Fortinet Zero-Day (Dark Reading) Chinese hackers used recently patched FortiOS SSL-VPN flaw as a zero-day in October (Security Affairs) PayPal accounts breached in large-scale credential stuffing attack (BleepingComputer) PayPal Confirms Over 34,000 Customer Accounts Were Breached (EcommerceBytes) 35,000 PayPal accounts hacked, and users could've prevented it (PCWorld) Thousands Of PayPal Accounts Hacked—Is Yours One Of Them? (Forbes) <a href="https://therecord.media/nearly-35000-paypal-users-had
S7 E1742 · Thu, January 19, 2023
Criminal-on-criminal action in the dark web. The cyber phases of the hybrid war heat up. ICS vulnerabilities. Codespaces and malware servers. Blank-image attacks. Social engineering.
A hostile takeover of the Solaris contraband market. Ukraine warns that Russian cyberattacks continue. An overview of 2H 2022 ICS vulnerabilities. Codespaces accounts can act as malware servers. Blank-image attacks. Campaigns leveraging HR policy themes. Dinah Davis from Arctic Wolf has tips for pros for security at home. Our guest is Gerry Gebel from Strata Identity describes a new open source standard that aims to unify cloud identity platforms. And travel-themed phishing increases. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/12 Selected reading. Friday the 13th on the Dark Web: $150 Million Russian Drug Market Solaris Hacked by Rival Market Kraken (Elliptic Connect) Russia-linked drug marketplace Solaris hacked by its rival (The Record from Recorded Future News) Cyber-attacks have tripled in past year, says Ukraine’s cybersecurity agency (the Guardian) Ukraine: Russians Aim to Destroy Information Infrastructure (Gov Info Security) Ukraine says Russia is coordinating missile strikes, cyberattacks and information operations (The Record by Recorded Future) ICS Vulnerabilities and CVEs: Second Half of 2022 (SynSaber) Abusing a GitHub Codespaces Feature For Malware Delivery (Trend Micro) The Blank Image Attack (Avanan) Phishing Attacks Pose as Updated 2023 HR Policy Announcements (Abnormal Security) Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns (Bitdefender)
S7 E1741 · Wed, January 18, 2023
ICS security–vulnerabilities, mitigations, and threats. A Chinese APT prospects Iranian targets. The persistence of nuisance-level hacktivism. And war takes a toll on the criminal economy.
CISA adds to its Known Exploited Vulnerability Catalog. Attacks against industrial systems. DNV is recovering from ransomware. Chinese cyberespionage is reported against Iran. The persistence of nuisance-level hacktivism. Robert M. Lee from Dragos outlines pipeline security. Our guest is Yasmin Abdi from Snap on bringing her team up to speed with zero trust. And a side-effect of Russia's war: a drop in paycard fraud. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/11 Selected reading. Bolster Your Company Defenses With Zero Trust Edge (iBoss) CISA Adds One Known Exploited Vulnerability to Catalog (CISA) GE Digital Proficy Historian (CISA) Mitsubishi Electric MELSEC iQ-F, iQ-R Series (CISA) Siemens SINEC INS (CISA) Contec CONPROSYS HMI System (CHS) Update A (CISA) Nozomi Networks Researchers Take a Deep Look into the ICS Threat Landscape (Nozomi Networks) A look at IoT/ICS threats. (CyberWire) DNV's fleet management software recovering from ransomware attack. (CyberWire) DNV says up to 1,000 ships affected by ransomware attack (Computing) Ransomware attack on maritime software impacts 1,000 ships (The Record from Recorded Future News) Chinese Playful Taurus Activity in Iran (Unit 42) Playful Taurus: a Chinese APT active against Iran. (CyberWire) Russian hackers allegedly tried to disrupt a Ukrainian press briefing about cyberattacks (Axios) <a href="https://www.infosecurity-magazi
S7 E1740 · Tue, January 17, 2023
Phishing campaigns (one uses mobilization as phishbait). Credential-stuffing attack affects Norton LifeLock users. Trends in security. Azure SSRF issues fixed. Calls for a “digital UN.”
A Phishing campaign impersonates DHL. Conscription and mobilization provide criminals with phishbait for Russian victims. Norton LifeLock advises customers that their accounts may have been compromised. Trends in data protection. Veracode's report on the state of software application security. Ben Yelin looks at NSO group’s attempt at state sovereignty. Ann Johnson from Afternoon Cyber Tea speaks with Microsoft’s Chris Young about the importance of the security ecosystem. And Ukraine calls for a "digital United Nations." For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/10 Selected reading. Cloud 9: Top Cloud Penetration Testing Tools (Bishop Fox) Our Top Favorite Fuzzer crowdsourcing pen testing tool s (Bishop Fox) DHL Phishing Attack. Simply Delivered. (ArmorBlox) Credential phishing campaign impersonates DH L. (CyberWire) Phishing scam invites Russian Telegram users to check ‘conscription lists’ to see if they’ll be drafted in February (Meduza) NortonLifeLock warns that hackers breached Password Manager accounts (BleepingComputer) Norton LifeLock says thousands of customer accounts breached (TechCrunch). NortonLifeLock notifies thousands of users about compromised Password Manager accounts (Computing) Data Protection Trends Report 2023 (Veeam) Trends in data protection . (CyberWire) How Orca Found Server-Side Request Forgery (SSRF) Vulnerabilities in Four Different Azure Services (Orca Security) Orca describes four Azure vulnerabilities . (CyberWire) <a href="https://www.veracode.com/state-of-sof
Bonus · Mon, January 16, 2023
Andy Greenberg Interview: Tracers in the Dark. [CSO Perspectives]
Rick Howard, N2K’s CSO and the CyberWire’s Chief Analyst, and Senior Fellow, interviews Andy Greenberg, Senior Writer at WIRED, regarding his new book, “Tracers in the Dark.”
Bonus · Sun, January 15, 2023
Gene Fay: Lead from the front. [CEO] [Career Notes]
Gene Fay, CEO of ThreatX sits down to share his experience rising through the ranks to get to where he is today. He shares how even at a young age he wanted to work in an office and become a businessman, though at the time he did not understand what that entailed. After college he acquired a job that was revolutionizing video editing for post-production studios as well as TV stations, where he started to really learn about technology. Gene talks about leading from the front and how a good leader will always do so, even if he has to lead from two different fronts. He said "it's kind of the two fronts, sometimes you've gotta put on the leadership face, and believe it, that, that you can get, and we can get through any situation, cuz sometimes you're, your gut feelings are, might be wrong and, or it's a moment in time and if you can help the team grind through that situation, it does get better." We thank Gene for sharing his story with us.
Bonus · Sat, January 14, 2023
DUCKTAIL waddles back again. [Research Saturday]
Mohammad Kazem Hassan Nejad from WithSecure joins Dave to discuss the team’s research, “DUCKTAIL returns - Underneath the ruffled feathers.” DUCKTAIL is a financially motivated malware operation that targets individuals and businesses operating on the Facebook Ads and Business platform. The research states “The malware is designed to steal browser cookies and take advantage of authenticated Facebook sessions to steal information from the victim's Facebook account.” WithSecure has found that after a short hiatus, DUCKTAIL has returned with slight changes in their mode of operation. The research can be found here: DUCKTAIL returns: Underneath the ruffled feathers
S7 E1739 · Fri, January 13, 2023
Updates on the hybrid war, and on the incidents at the Royal Mail, the FAA, and the Guardian. Royal ransomware exploits Citrix vulnerability. CISA’s annual report is out.
GitHub disables NoName accounts. Russia dismisses reports of cyberespionage attempts against US National Laboratories. The Royal Mail cyber incident is now identified as ransomware attack. An update on the NOTAM issues that interfered with civil aviation. A Citrix vulnerability is exploited by ransomware group. CISA publishes its annual report. Bryan Vorndran of the FBI Cyber Division calibrates expectations with regard to the IC3. Our guest is Kayne McGladrey with insights on 2023 from the IEEE. And Positive Hack Days and the growing isolation of Russia's cyber sector. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/8 Selected reading. Impact of Technology in 2023 and Beyond (IEEE) Ukraine at D+323: Fighting in Soledar, and industrial mobilization. (CyberWire) GitHub disables pro-Russian hacktivist DDoS pages (CyberScoop) Russia criticises Reuters story on Russian hackers targeting U.S. nuclear scientists (Reuters) Royal Mail cyber incident now identified as ransomware attack. (CyberWire) Not a cyberattack, but an IT failure. (CyberWire) The Guardian breach and news media as targets. (CyberWire) Citrix vulnerability exploited by ransomware group. (CyberWire) 2022 Year In Review (CISA) Russia’s largest hacking conference reflects isolated cyber ecosystem (Brookings)
S7 E1738 · Thu, January 12, 2023
Trojanized VPN installers circulate in Iran. A trip down the static expressway. Hacktivism-for-profit. IT incidents disrupt NOTAMs and Royal Mail. HR phishbait.
Iranian VPN users are afflicted by Trojanized installation apps. Phishing on the static expressway. NoName057(16) hacktivist auxiliaries target NATO. Yesterday’s flight outage appears not to have been caused by a cyberattack. Royal Mail is disrupted by a "cyber incident." Carole Theriault thinks Meta needs to step up their game when blocking financial scams. Our guest is Mark Sasson from Pinpoint Search Group to discuss why cybersecurity may no longer be a candidate-driven market. And HR phishbait dangles raises, and some employees bite. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/7 Selected reading. EyeSpy - Iranian Spyware Delivered in VPN Installers (Bitdefender Labs) Phishing on the Static Expressway. (CyberWire) NoName057(16) - The Pro-Russian Hacktivist Group Targeting NATO (SentinelOne) Not a cyberattack, but an IT failure. (CyberWire) FAA NOTAM Statement (FAA) Canadian Pilot-Alert System Reports Outage Hours After U.S. Grounding Order (Wall Street Journal) US air travel resumes but thousands of flights delayed after planes grounded - live updates (The Telegraph) US Flights Latest: Departures Resume After FAA Lifts Ground Stop (Bloomberg) Royal Mail suffers ‘severe service disruption’ after cyber incident (Glasgow Times) Royal Mail issues major disruption warning after 'cyber incident' (Computing) Parcels and letters stuck in limbo as Royal Mail is hit by a suspected hack (The Telegraph) <a href="https://www.securityweek.com/cyber-incident-hits-uk-postal-service-halts-overseas
S7 E1737 · Wed, January 11, 2023
Notes on patches. Dark Pink industrial cyberespionage campaign in Asia. Kinsing cryptojacking. Hacktivist DDoS against Iran. Healthcare cyber risk management. Pokémon NFTs.
Patch Tuesday. CISA releases two ICS Advisories and makes some additions to its Known Exploited Vulnerabilities Catalog. Dark Pink APT is active against Asian targets. Kinsing cryptojacking targets Kubernetes instances. Ukrainian hacktivists conduct DDoS against Iranian sites. Risk exposure and a hospital's experience with ransomware. The Health3PT initiative seeks to manage 3rd-party risk. Tim Starks from the Washington Post’s Cyber 202 on cyber rising to the level of war crime. Our guest is Connie Stack, CEO of Next DLP, on the path to leadership within cyber for women. And phishing with Pokémon NFTs. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/7 Selected reading. The Daily 202 (Latest Cybersecurity 202) Microsoft Releases January 2023 Security Updates (CISA) > Adobe Releases Security Updates for Multiple Products (CISA) Black Box KVM (CISA) Delta Electronics InfraSuite Device Master (CISA) Known Exploited Vulnerabilities Catalog (CISA) Dark Pink (Group-IB) New Dark Pink APT group targets govt and military with custom malware (BleepingComputer) Kinsing cryptojacking. (CyberWire) Ukraine at D+321: "Difficult in places." (CyberWire) Iranian websites impacted by pro-Ukraine DDoS attacks (SC Media) Ransomware attack against SickKids said to be unusual. (CyberWire) Health3PT seeks a uniform approach to healthcare supply chain issues. (CyberWire
S7 E1736 · Tue, January 10, 2023
Some trends in threats and defense. The possibility of cyber war crimes. RSAC innovation showcases are open for application. And common KEVs in the financial sector.
A look back at ransomware in 2022. Lessons from Russia's war: crooks, hacktivists, and auxiliaries. Cyberattacks as war crimes. The state of SSE adoption. RSA Conference 2023 opens applications for the Launch Pad and the Innovation Sandbox. Joe Carrigan looks at online scams targeting military members. Our guest is Richard Caralli from Axio on the State of Ransomware Preparedness. And the most common known exploited vulnerabilities affecting the financial sector. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/6 Selected reading. Ransomware trends: 2022. (CyberWire) State of Ransomware Preparedness Research Study: 2022 (Axio) Kyiv argues Russian cyberattacks could be war crimes (POLITICO) Ukraine official says Russian cyberattacks on its energy network could equate to war crimes (Yahoo) Ukraine war and geopolitics fuelling cybersecurity attacks - EU agency (EU Reporter) Industry-first research from Axis Security finds 65% percent of organizations plan to adopt a Security Service Edge platform within next two years (Axis Security) RSAC Launch Pad is Back! (RSA Conference 2023) The Best in Innovation Programs Starts Here (RSA Conference 2023) Top KEVs in the U.S. Financial Services Sector (LookingGlass)
S7 E1735 · Mon, January 09, 2023
Social engineering shenanigans, by both crooks and spies. Suing social media over alleged mental health damages. And how to earn an “F.”
Telegram impersonation affects a cryptocurrency firm. Phishing with Facebook termination notices. Russian phishing continues to target Moldova. The IEEE on the impact of technology in 2023. Glass ceilings in tech leadership. Seattle Schools sue social media platforms. Malek Ben Salem from Accenture explains coding models. Our guest is Julie Smith, identity security leader and executive director at IDSA, with insights on identity and security strategies. And dealing with the implications of ChatGPT. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/5 Selected reading. Breaking the glass ceiling: My journey to close the leadership gap (CyberWire’s Creating Connections: Wrapping up the Year) Impact of Technology in 2023 and Beyond (IEEE) Telegram insider server access offered to Dark Web customers (SafetyDetectives) Moldovaʼs government hit by flood of phishing attacks (The Record from Recorded Future News) OPWNAI : Cybercriminals Starting to Use ChatGPT (Check Point Research) Hackers exploiting ChatGPT to write malicious codes to steal your data (Business Standard) Armed With ChatGPT, Cybercriminals Build Malware And Plot Fake Girl Bots (Forbes) Hackers Exploiting OpenAI’s ChatGPT to Deploy Malware (HackRead) Cybercriminals are already using ChatGPT to own you (SC Media) Threat Report: Impersonation Detected in Telegram Chats to Deliver Malware (Safeguard Cyber) Seattle schools sue tech giants over social media harm (ABC News) <a href="https://www.geekwire.com/2023/seattle-public-schools-sues-tiktok-y
Bonus · Sun, January 08, 2023
Teresa Rothaar: Outwork the competition. [Analyst] [Career Notes]
Teresa Rothaar, a governance, risk, and compliance (GRC) analyst at Keeper Security sits down to share her story, from performer to cyber. She fell in love with writing as a young girl, she experimented with writing fanfiction which made her want to grow up to be in the arts. After attending college she found that she was good at math, lighting the way for her to start her cyber career. Teresa moved to being a writer at Keeper, finding she wanted to spread out and try more, so she ended up becoming an analyst while still doing writing on the side. She quotes David Duchovny in an interview once, explaining how sometimes you need to keep your head down and outwork others. Teresa said this resonated with her, saying, "that's how I went from a foreclosure box on the porch to where I am now. I have a good job and, and I have a career and I have a really good career and I absolutely love it." We thank Teresa for sharing her story.
Bonus · Sat, January 07, 2023
Stealer malware from Russia. [Research Saturday]
Marisa Atkinson, an analyst from Flashpoint, joins Dave to discuss a new blog post from Flashpoint’s research team about “RisePro” Stealer, malware from Russia, and Pay-Per-Install Malware “PrivateLoader.” “RisePro” is written in C++ and appears to possess similar functionality to the stealer malware “Vidar.” It's also a newly identified stealer, that began appearing as a stealer source for log credentials on the illicit log shop Russian Market on December 13, 2022. The research states, "Samples that Flashpoint analysts identified indicate that RisePro may have been dropped or downloaded by the pay-per-install malware downloader service “PrivateLoader” in the past year." Analysts identified several sets of logs uploaded to the illicit underground Russian Market, which listed their source as “RisePro.” The research can be found here: “RisePro” Stealer and Pay-Per-Install Malware “PrivateLoader”
S7 E1734 · Fri, January 06, 2023
CISA releases three ICS Advisories. Squealing cars. Rotate your secrets. Russian cyberespionage updates.
Security vulnerabilities in automobiles. CircleCI customers should "rotate their secrets." CISA Director Easterly notes Russian failures, but warns that shields should stay up. Attempted cyberespionage against US National Laboratories. Turla effectively recycles some commodity malware infrastructure. Robert M. Lee from Dragos shares his outlook on ICS for the new year. Our CyberWire Space correspondent Maria Varmazis interviews Diane Janosek from NSA about her research on space-cyber. And the Guardian continues to recover from last month's ransomware attack. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/4 Selected reading. Hitachi Energy UNEM (CISA) Hitachi Energy FOXMAN-UN (CISA) Hitachi Energy Lumada Asset Performance Management (CISA) Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More (Sam Curry) Toyota, Mercedes, BMW API flaws exposed owners’ personal info (BleepingComputer) 16 Car Makers and Their Vehicles Hacked via Telematics, APIs, Infrastructure (SecurityWeek) Ferrari, BMW, Rolls Royce, Porsche and more fix vulnerabilities giving car takeover capabilities (The Record by Recorded Future) CircleCI security alert: Rotate any secrets stored in CircleCI (CircleCI). CircleCI warns of security breach — rotate your secrets! (BleepingComputer) CircleCI Urges Customers to Rotate Secrets Following Security Incident (The Hacker News) CISA director: US needs to be vigilant, ‘keep our shields up’ against Russia (The Hill) Exclusive-Russian Hackers Targeted U.S. Nuclear Scientists (Reuters via US News) <a href="https://w
S7 E1733 · Thu, January 05, 2023
PurpleUrchin’s freejacking. Bluebottle versus the banks. A supply-chain attack on a machine-learning framework. The ransomware leaderboard. And cyber ops in a hybrid war.
The PurpleUrchin freejacking campaign. Bluebottle activity against banks in Francophone Africa. The PyTorch framework sustains a supply-chain attack. 2022's ransomware leaderboard. Cellphone traffic as a source of combat information. FBI Cyber Division AD Bryan Vorndran on the interaction and collaboration of federal agencies in the cyber realm. Our guest Jerry Caponera from ThreatConnect wonders if we need more "Carrots" Than "Sticks" In Cybersecurity Regulation. And two incommensurable views of information security. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/3 Selected reading. An analysis of the PurpleUrchin campaign. (CyberWire) PurpleUrchin Bypasses CAPTCHA and Steals Cloud Platform Resources (Unit 42) Bluebottle observed in the wild. (CyberWire) Bluebottle: Campaign Hits Banks in French-speaking Countries in Africa (Symantec) PyTorch incident disclosed, assessed. (CyberWire) PyTorch dependency poisoned with malicious code (Register) Compromised PyTorch-nightly dependency chain between December 25th and December 30th, 2022. (PyTorch) Most active, impactful ransomware groups of 2022. (CyberWire) 2022 Year in Review: Ransomware (Trustwave) Russia says phone use allowed Ukraine to target its troops (AP NEWS) For Russian Troops, Cellphone Use Is a Persistent, Lethal Danger (New York Times) Kremlin blames own soldiers for Himars barracks strike as official death toll rises (The Telegraph) <a href="https://carnegieendowment.org/2023/0
S7 E1732 · Wed, January 04, 2023
Terms of service and GDPR. LastPass breach update. GhostWriter resurfaces in action against Poland and its neighbors. Cellphones, opsec, and rocket strikes.
Ad practices draw a large EU fine (and may set precedents for online advertising). Updates on the LastPass breach, and on Russian cyber activity against Poland. Malek Ben Salem from Accenture explains smart deepfakes. Our guest is Leslie Wiggins, Program Director for Data Security at IBM Security on the role of the security specialist. And cellphones, opsec, and the Makiivka strike. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/2 Selected reading. Meta’s Ad Practices Ruled Illegal Under E.U. Law (New York Times) Meta Fined More Than $400 Million in EU for Serving Ads Based on Online Activity (Wall Street Journal) Meta's New Year kicks off with $410M+ in fresh EU privacy fines (TechCrunch) LastPass data breach: notes and actions to take. (CyberWire) Poland warns of attacks by Russia-linked Ghostwriter hacking group (BleepingComputer) Russia says phone use allowed Ukraine to target its troops (AP NEWS) Russian soldier gave away his position with geotagged social media posts (Task & Purpose) Russian commanders blamed for heavy losses in New Year’s Day strike (Washington Post)
S7 E1731 · Tue, January 03, 2023
DPRK cyber ops. Poland warns of Russian cyber activity. Twitter’s data incident. A crypto trading exchange is rifled. Ransomware shuts down the Port of Lisbon. Small business opportunities.
Recent DPRK cyber operations: spying and theft. Twitter’s data incident. 3Commas breached. Poland warns of increased Russian offensive cyber activity. Port of Lisbon hit by ransomware. DHS announces SBIR topics. New additions to the Known Exploited Vulnerabilities Catalog. Ben Yelin on the legal conundrum of AI generated code. Our guest is Tanya Janca from She Hacks Purple with insights on API security. And, news flash! LockBit says they have a conscience. (Yeah, right.) For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/1 Selected reading. Recent DPRK cyber operations: spying and theft. (CyberWire) Twitter targeted in extortion hack. (CyberWire) 3Commas' API compromised. (CyberWire) Russian cyberattacks (Special Services) LockBit activity over the holidays . (CyberWire) CISA Adds Two Known Exploited Vulnerabilities to Catalog (CISA) DHS Small Business Innovation Research (SBIR) Program FY23 Solicitation (SAM.gov) The SBIR and STTR Programs . (SBIR/STTR)
S1 E41 · Tue, January 03, 2023
Software supply chain management: Lessons learned from SolarWinds. [CyberWire-X]
Between the emergence of sophisticated nation-state actors, the rise of ransomware-as-a-service, the increasing attack surface remote work presents, and much more, organizations today contend with more complex risk than ever. A “Secure-by-Design” approach can secure software environments, development processes and products. That approach includes increasing training for employees, adopting zero trust, leveraging Red Teams, and creating a unique triple-build software development process. SolarWinds calls its version of this process the "Next-Generation Build System," and offers it as a model for secure software development that will make supply chain attacks more difficult. On this episode of CyberWire-X, host Rick Howard, N2K’s CSO, and CyberWire’s Chief Analyst and Senior Fellow, discusses software supply chain lessons learned from the SolarWinds attack of 2020 with Hash Table members Rick Doten, the CISO for Healthcare Enterprises and Centene, Steve Winterfeld, Akamai's Advisory CISO, and Dawn Cappelli, Director of OT-CERT at Dragos, and in the second half of the show, Rick speaks with our episode sponsor, SolarWinds, CISO Tim Brown.
Bonus · Mon, January 02, 2023
Women in Cybersecurity panel: A discussion on hidden figures of cyber skills gap. [Special Edition]
On Thursday October 20, 2022, the CyberWire was pleased to host the annual Women in Cybersecurity Reception at the International Spy Museum in Washington, DC. This annual event brought together almost 300 people to highlight and celebrate the value and successes of women in the cybersecurity industry. The reception included an industry-led panel discussion called “The Hidden Impact of Cybersecurity’s Talent Gap on the Cyber-Enabled Community,” discussing cyber-enabled professionals who aren’t usually included in conversations around the cybersecurity skills gap. The panel, moderated by Simone Petrella of CyberVista, included perspectives from experts including Davida Gray of MindPoint Group, Jennifer Walsmith of Northrop Grumman, Kyla Guru of Bits N’ Bytes, and Amy Mushahwar from Alston & Bird.
Bonus · Sat, December 31, 2022
Encore: LemonDucks evading detection.
Scott Fanning from CrowdStrike's research team, joins Dave to discuss their work on "LemonDuck Targets Docker for Cryptomining Operations." LemonDuck is a well-known cryptomining botnet, and the research suggests attackers are attracted to the monetary gain from the recent boom in cryptocurrency. LemonDuck was caught trying to disguise its attack against Docker by running an anonymous mining operation by the use of proxy pools. Scott shares how its unknown which organizations have been targeted and just how much cryptocurrency has been stolen. The research can be found here: LemonDuck Targets Docker for Cryptomining Operations
Fri, December 30, 2022
Interview Select: Nick Schneider of Arctic Wolf discusses why he believes 2023 will see a resurgence of ransomware and why the decline of crypto will not deter future ransomware actors.
SHOW NOTES This interview from October 28th, 2022 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Dave Bittner sits down with Nick Schneider of Arctic Wolf to discuss why he believes 2023 will see a resurgence of ransomware and why the decline of crypto will not deter future ransomware actors.
S1 E15 · Thu, December 29, 2022
Sisters, grifters, and shifters. [Hacking Humans Goes to the Movies]
Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe the on-screen action for you, and then they deconstruct what they saw. Grab your bowl of popcorn and join us for some fantastic scams and frauds. On this episode, Dave and Rick are joined by guest contributor Amanda Fennell. You can find Amanda on Twitter at @Chi_from_afar . Links to this episode's clips if you'd like to watch along: Dave's clip from the movie Zombieland Rick's clip from the movie Traveller Amanda's clip from the movie The Girl with the Dragon Tattoo
Wed, December 28, 2022
Interview Select: Diana Kelley, CSO & Co-founder of Cybrize to discuss the need for innovation and entrepreneurship in cybersecurity.
This interview from September 16th, 2022 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Dave Bittner sits down with Diana Kelley, CSO & Co-founder of Cybrize to discuss the need for innovation and entrepreneurship in cybersecurity.
Bonus · Tue, December 27, 2022
Interview Select: MK Palmore from Google Cloud talks about why collective cybersecurity ultimately depends on having a diverse, skilled workforce.
This interview from September 30th, 2022 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Dave Bittner sits down with MK Palmore from Google Cloud to talk about why collective cybersecurity ultimately depends on having a diverse, skilled workforce.
S3 E148 · Mon, December 26, 2022
Research Briefing: Spearphishing against Japanese political entities. Trojanized Windows 10 installers target Ukraine. XLL files abused to deliver malware.
Spearphishing against Japanese political entities. Trojanized Windows 10 installers target Ukraine. XLL files abused to deliver malware.
Bonus · Sun, December 25, 2022
The CyberWire: The 12 Days of Malware.[Special Editions]
Merry Christmas and Happy Holidays from the CyberWire and our friends! Enjoy our rendition of the 12 Days of Malware created by Dave Bittner and performed by Dave and friends: Rachel Tobac, Jayson Street, Ron Eddings & Chris Cochran, Ray [Redacted], Dinah Davis, Camille Stewart, Rick Howard, Michelle Dennedy, Jack Rhysider, Johannes Ullrich, and Charity Wright. Ba dum bum bum. Sing along if you are game! Check out our video for the full effect! The 12 Days of Malware lyrics On the first day of Christmas, my malware gave to me: A keylogger logging my keys. On the second day of Christmas, my malware gave to me: 2 Trojan Apps... And a keylogger logging my keys. On the third day of Christmas, my malware gave to me: 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the fourth day of Christmas, my malware gave to me: 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the fifth day of Christmas, my malware gave to me: 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the sixth day of Christmas, my malware gave to me: 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the seventh day of Christmas, my malware gave to me: 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the eighth day of Christmas, my malware gave to me: 8 Worms a wiping... 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the ninth day of Christmas, my malware gave to me: 9 Rootkits rooting... 8 Worms a wiping... 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the tenth
Bonus · Sat, December 24, 2022
Encore: Vulnerabilities in IoT devices.
Dr. May Wang, CTO of IoT Security at Palo Alto Networks, joins Dave Bittner to discuss their findings detailed in Unit 42's "Know Your Infusion Pump Vulnerabilities and Secure Your Healthcare Organization" research. Unit 42 recently set out to better understand how well hospitals and other healthcare providers are doing in securing smart infusion pumps, which are network-connected devices that deliver medications and fluids to patients. This topic is of critical concern because security lapses in these devices have the potential to put lives at risk or expose sensitive patient data. Unit 42's discovery of security gaps in three out of four infusion pumps that they reviewed highlights the need for the healthcare industry to redouble efforts to protect against known vulnerabilities, while diligently following best practices for infusion pumps and hospital networks. May walks us through Unit 42's work. The research can be found here: Know Your Infusion Pump Vulnerabilities and Secure Your Healthcare Organization
S6 E1730 · Fri, December 23, 2022
PolyVice and Royal ransomware make nuisances of themselves. US warns that KillNet can be expected to go after the healthcare sector. CISA’s plans for stakeholder engagement.
The Vice Society may be upping its marketing game. Royal ransomware may have a connection to Conti. Royal delivers ransom note by hacked printer. KillNet goes after healthcare. CISA's Stakeholder Engagement Strategic Plan. Adam Meyers from CrowdStrike looks at cyber espionage. Giulia Porter from RoboKiller does not want to talk to you about your car’s extended warranty. And holiday wishes to all. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/245 Selected reading. Custom-Branded Ransomware: The Vice Society Group and the Threat of Outsourced Development (SentinelOne) Vice Society ransomware gang switches to new custom encryptor (BleepingComputer) Conti Team One Splinter Group Resurfaces as Royal Ransomware with Callback Phishing Attacks (Trend Micro) Researchers Link Royal Ransomware to Conti Group (SecurityWeek) Major Australian university dealing with suspected cybersecurity attack (7NEWS) Printers at Queensland's second-largest university spit out ransomware messages after cyber attack (ABC) Pro-Russian Hacktivist Group ‘KillNet’ Threat to HPH Sector (HC3) HHS alert warns KillNet hacktivist group targeted US healthcare entity (SC Media) HC3 Analyst Note TLP Clear Pro-Russian Hacktivist Group Killnet Threat to HPH Sector December 22, 2022 | AHA (American Hospital Association) Strategic Plan for Stakeholder Engagement (CISA)
S6 E1729 · Thu, December 22, 2022
Online fraud, some targeting shoppers and investors, others going after e-commerce retailers. Updates on the cyber phases of Russia’s hybrid war.
The FBI warns of malicious advertising. A new gang makes an unwelcome appearance in the holiday season. Ukraine will receive more Starlink terminals after all. Cyber phases of the hybrid war: a view from Kyiv–the bears and their adjuncts are opportunistic agents of chaos. Caleb Barlow thinks boards of directors need to up their cyber security game. Our guest is AJ Nash from ZeroFox with a look at legislative restrictions on TikTok. And reports say that US National Cyber Director Chris Inglis is preparing to retire. We wish him the best of luck. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/244 Selected reading. Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users (FBI) A sophisticated fraud ring is waging war on commerce, using rapidly changing tacti cs (Signifyd) Ukraine to Get Thousands More Starlink Antennas, Minister Says (Bloomberg) Ukraine’s Cyber Units Aim to Retain Staff, Keep Services Stable as War Enters Year Two (Wall Street Journal) Top Biden cybersecurity adviser to step down (CNN) Chris Inglis to resign as national cyber director (CyberScoop). First-ever national cyber director Chris Inglis set to retire in coming months: sources (Axios). White House cyber adviser to resign (The Hill) Chris Inglis, Biden's top cyber adviser, plans to leave government in coming months (POLITICO). White House Cyber Director Chris Inglis to Step Down (Bank Info Security)
S6 E1728 · Wed, December 21, 2022
Developing a banking Trojan into a newer, more effective form. Cyberattacks on media outlets. Abuse of AWS Elastic IP transfer. Notes on the hybrid war. And cybercrooks are inspired by Breaking Bad.
The Godfather banking Trojan has deep roots in older code. FuboTV was disrupted around its World Cup coverage. The Guardian has been hit with an apparent ransomware attack. A threat actor abuses AWS Elastic IP transfer. Moldova may be receiving more Russian attention in cyberspace. CISA releases six industrial control system advisories. Ben Yelin looks at legislation addressing health care security. Our guest is Hugh Njemanze of Anomali with advice on preparing for the holiday break. And criminals are impersonating other criminals' underworld souks. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/243 Selected reading. Godfather: A banking Trojan that is impossible to refuse (Group-IB) FuboTV outage during World Cup semifinal was caused by cyberattack (Record) Guardian hit by serious IT incident believed to be ransomware attack (the Guardian) Elastic IP Hijacking — A New Attack Vector in AWS (Mitiga) Telegram Hack Exposes Growing Russian Cyber Threat in Moldova (Balkan Insight) Fuji Electric Tellus Lite V-Simulator (CISA) Rockwell Automation GuardLogix and ControlLogix controllers (CISA) ARC Informatique PcVue (CISA) Rockwell Automation MicroLogix 1100 and 1400 (CISA) Delta 4G Router DX-3021 (CISA) Prosys OPC UA Simulation Server (CISA) The scammers who scam scammers on cybercrime forums: Part 3 (Sophos News)
S6 E1727 · Tue, December 20, 2022
Warnings on SentinelSneak. The rise of malicious XLLs. Updates from Russia’s hybrid war. An unusually loathsome campaign targets children.
SentinelSneak is out in the wild. XLLs for malware delivery. CERT-UA warns of attacks against the DELTA situational awareness system. FSB cyber operations against Ukraine. Trends in the cyber phases of Russia's hybrid war. Mr. Security Answer Person John Pescatore offers his sage wisdom. Microsoft’s Ann Johnson from Afternoon Cyber Tea speaks with Dr. Chenxi Wang from Rain Capital. And an unusually unpleasant sextortion campaign. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/242 Selected reading. SentinelSneak is not a legitimate SDK. (CyberWire) SentinelSneak: Malicious PyPI module poses as security software development kit (ReversingLabs) Malicious Python Trojan Impersonates SentinelOne Security Client (Dark Reading) Malicious ‘SentinelOne’ PyPI package steals data from developers (BleepingComputer) Cisco research on XLL Abuse. (CyberWire) Threat Spotlight: XLLing in Excel - threat actors using malicious add-ins (Cisco Talos Blog) Ukraine at D+299: Cyber operations 300 days into the war. (CyberWire) Cyber Dimensions of the Armed Conflict in Ukraine (CyberPeace Institute) Ukraine's DELTA military system users targeted by info-stealing malware (BleepingComputer) Ukraine's Delta Military Intel System Hit by Attacks (Infosecurity Magazine) Russia’s Trident Ursa (aka Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine (Unit 42) FBI and Partners Issue National Public Safety Alert on Financial S
S6 E1726 · Mon, December 19, 2022
BEC gets into bulk food theft. BlackCat ransomware update. Epic Games’ settlement with FTC. InfraGard data taken down. More on the hybrid war. And Twitter asks for the voice of the people.
BEC takes aim at physical goods (including food). BlackCat ransomware activity increases. Epic Games settles an FTC regulatory case. The InfraGard database was pulled from a dark web auction site. CISA releases forty-one ICS advisories. Rick Howard interviews author Andy Greenberg. Rob Boyce from Accenture examines holiday cyber threats. The growing value of open source intelligence. Twitter says vox populi, vox dei. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/241 Selected reading. FBI, FDA OCI, and USDA Release Joint Cybersecurity Advisory Regarding Business Email Compromise Schemes Used to Steal Food (CISA) Colombian energy supplier EPM hit by BlackCat ransomware attack (BleepingComputer) Events D.C. data published online in apparent ransomware attack (Washington Post) Fortnite Video Game Maker Epic Games to Pay More Than Half a Billion Dollars over FTC Allegations of Privacy Violations and Unwanted Charges (Federal Trade Commission) Hacker Halts Sale of FBI's High-Profile InfraGard Database (HackRead) CISA Releases Forty-One Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency) Russia’s Wartime Cyber Operations in Ukraine: Military Impacts, Influences, and Implications (Carnegie Endowment for International Peace) How open-source intelligence has shaped the Russia-Ukraine war (GOV.UK) Front-line video makes Ukrainian combat some of history’s most watched (Washington Post) Elon Musk Polls Twitter Users, Asking Whether He Should Step Down (Wall Street Journal) <a href="https://www.computing.co.uk/news/4061836/musk-stay-
Bonus · Sun, December 18, 2022
Don Pezet: Stepping stones are the start of your career. [Career Notes]
Don Pezet, CTO of ACI Learning, sits down to share his over 25 years of experience in the industry. Don previously spent time as a field engineer in the financial and insurance industries supporting networks around the world. He co-founded ITProTV in 2012 to help create the IT training that he wished he had when he got started in his IT career. He also shares insights for anyone else wishing to pursue IT, no matter their age or past experience. Don explains how important stepping stones are as you get into this field, stating "know that that first job you get is probably not going to be the job you want to have your whole life, but it's a stepping stone that leads to where you want to get." Don started teaching on the side as well as working in the IT field and explains how much his teaching skills come in handy to help him with his leadership skills, which in turn helps him to be a better CTO, helping his customers. We thank Don for sharing his story.
S1 E43 · Sun, December 18, 2022
Strategies to get the most out of your toolsets. [CyberWire-X]
With a recession looming, many business leaders are looking for ways to cut spending wherever possible. And while tool bloat affects many security teams, it can be a challenging problem to tackle for a couple of reasons. First, there’s the fear that security will be lost if a tool is removed. Second, there’s the daunting task of unraveling complex systems. And finally, there’s the perennial talent shortage. Like all challenges in security, they’re made even worse by the fact that there’s not enough people able to tackle them. During this CyberWire-X episode, host Rick Howard, the CyberWire’s CISO, Chief Analyst and Senior Fellow, speaks with Hash Table member Ted Wagner, the CSO of SAP National Security Services, and host Dave Bittner speaks with sponsor ExtraHop Senior Technical Marketing Manager Jamie Moles. They discuss solutions to help business and security leaders to not just address these challenges, but to get more out of their tooling as they do. They discuss strategies for how to determine which tools you actually need and which you can get rid of, as well as the step-change benefits that can be realized when you consolidate, automate, and integrate your security solutions.
Bonus · Sat, December 17, 2022
Hijacking holiday spirit with phishing scams. [Research Saturday]
Or Katz from Akamai sits down with Dave to discuss research on highly sophisticated phishing scams and how they are abusing holiday sentiment. This particular threat, most recently has focused on Halloween deals, enticing victims with the chance to win a free prize, including from Dick’s Sporting Goods or Tumi Backpacks. It then requests credit card details to cover the cost of shipment. From mid-September to the end of October 2022, Akamai's research were able uncover and track this threat. This kit mimics well known retail stores in hopes to hijack credit card information, feeding off of people's holiday spirit. The research can be found here: Highly Sophisticated Phishing Scams Are Abusing Holiday Sentiment
S6 E1725 · Fri, December 16, 2022
Malicious apps do more than extort predatory loans. A Facebook account recovery scam. Notes from the hybrid war. Goodbye SHA-1, hello Leviathans.
A predatory loan app is discovered embedded in mobile apps. Facebook phishing. GPS disruptions are reported in Russian cities. NSA warns against dismissing Russian offensive cyber capabilities. Farewell, SHA-1. Kevin Magee from Microsoft looks at cyber signals. Our guest is Jason Witty of USAA to discuss the growing risk from quantum computing. And welcome to the world, Leviathans. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/240 Selected reading. Zimperium teams discover new malware in Flutter developed apps (SecurityBrief Asia) Meta-Phish: Facebook Infrastructure Used in Phishing Attack Chain (Trustwave) GPS Signals Are Being Disrupted in Russian Cities (WIRED) NSA cyber director warns of Russian digital assaults on global energy sector (CyberScoop) Russia's cyber war machine in Ukraine hasn't lived up to Western hype. Report analyses why (ThePrint) NIST Retires SHA-1 Cryptographic Algorithm (NIST) Historic activation of the U.S. Army’s 11th Cyber Battalion (DVIDS)
S6 E1724 · Thu, December 15, 2022
Updates on the cyber phases of a hybrid war. Alleged booters busted. Progress report from the US anti-ransomware task force. Suspicion in AIIMS hack turns toward China.
Trojanized Windows 10 installers are deployed against Ukraine. Alleged booters have been collared, and their sites disabled. A progress report on US anti-ransomware efforts. Suspicion in a cyberattack against India turns toward China. Bryan Vorndran from the FBI’s Cyber Division talks about deep fakes. Our guest is Lisa Plaggemier from the National Cybersecurity Alliance (NCA) on the launch of their Historically Black Colleges and Universities Career Program. And hybrid war and fissures in the underworld. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/239 Selected reading. Trojanized Windows 10 Operating System Installers Targeted Ukrainian Government (Mandiant) Federal Prosecutors in Los Angeles and Alaska Charge 6 Defendants with Operating Websites that Offered Computer Attack Services (US Department of Justice) Global crackdown against DDoS services shuts down most popular platforms | Europol (Europol) Readout of Second Joint Ransomware Task Force Meeting (Cybersecurity and Infrastructure Security Agency) US finds its ‘center of gravity’ in the fight against ransomware (The Record by Recorded Future) AIIMS cyber attack may have originated in China, Hong Kong (The Times of India) AIIMS Delhi Servers Were Hacked By Chinese, Damage Contained: Sources (NDTV.com) Russia-Ukraine war reaches dark side of the internet (Al Jazeera)
S6 E1723 · Wed, December 14, 2022
InfraGard data for sale. Cyberespionage warnings. Data sharing practices. Malicious drivers with legitimate signatures. Patch Tuesday. Task Force KleptoCapture indicts five Russian nationals.
The FBI’s InfraGard user data shows up for sale. An update on Iranian cyber operations. NSA warns of Chinese cyber threats. Challenges in sharing data for threat detection and prevention. Legitimately signed drivers are used in targeted attacks. Patch Tuesday addressed a lot of actively exploited issues. Tim Starks from the Washington Post Cybersecurity 202 shares his reporting on ICS vulnerabilities. Our guest is Mike Fey from Island with an introduction to the enterprise browser space. And the US indicts five Russian nationals on sanctions-evasion charges. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/238 Selected reading. FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked (KrebsOnSecurity) Would’ve, Could’ve, Should’ve…Did: TA453 Refuses to be Bound by Expectations (Proofpoint) APT5: Citrix ADC Threat Hunting Guidance (NSA) U.S. agency warns that hackers are going after Citrix networking gear (Reuters) NSA Outs Chinese Hackers Exploiting Citrix Zero-Day (SecurityWeek) Effect of data on Federal agencies' policies. (CyberWire) I Solemnly Swear My Driver Is Up to No Good: Hunting for Attestation Signed Malware (Mandiant) Driving Through Defenses | Targeted Attacks Leverage Signed Malicious Microsoft Drivers (SentinelOne) SAP Security Patch Day December 2022 (Onapsis) December 2022 Security Updates (Microsoft Security Response Center) December Patch Tuesday Updates | 2022 - Syxsense Inc (Syxsense Inc) Microsoft December 2022 Patch Tuesday fixes 2 zero-days, 49 flaws (BleepingComputer) <a href="https://www.darkreading.com/application-security/mic
S6 E1722 · Tue, December 13, 2022
Uber’s breach. Phishing in Ukraine’s in-boxes. What’s Russia been up to anyway? (Not the same thing, probably, NATO would be up to.) And the ransomware leader board.
Uber sustains a third-party breach. A phishing campaign hits Ukrainian in-boxes. The enduring riddle of why Russian offensive cyber operations have failed in Ukraine. Joe Carrigan on credit card skimming. Carole Theriault describes a UK food store chain that uses facial recognition technology to track those with criminal or antisocial behavior. And 2023’s ransomware-as-a-service leader board. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/237 Selected reading. Uber suffers new data breach after attack on vendor, info leaked online (BleepingComputer) Uber has been hacked yet again with code and employee data released online (SiliconANGLE) Uber hit by new data breach — what you need to know (Tom's Guide) Uber’s data breach. (CyberWire) Ukrainian railway, state agencies allegedly targeted by DolphinCape malware (The Record by Recorded Future) Cyber Operations in Ukraine: Russia’s Unmet Expectations (Carnegie Endowment for International Peace) The most prolific ransomware groups of 2022 (Searchlight Security)
S6 E1721 · Mon, December 12, 2022
Ransomware updates: TrueBot, Cl0p, and Royal. Iranian cyberattacks. An update on the cyberattack against the Met. Notes on the hybrid war, with a focus on allies and outside actors.
TrueBot found in Cl0p ransomware attacks. Royal ransomware targets the healthcare sector. Recent Iranian cyber activity. A night at the opera: an update on the cyberattack against the Metropolitan Opera. New Cloud Atlas activity reported. Europe looks to the cybersecurity of its power grid. Rob Boyce from Accenture describes Dark web actors diversifying their toolsets. Rick Howard explains fractional CISOs. And international support for Ukrainian cyber defense continues, more extensively and increasingly overt. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/236 Selected reading. Breaking the silence - Recent Truebot activity (Cisco Talos Blog) New TrueBot Malware Variant Leveraging Netwrix Auditor Bug and Raspberry Robin Worm (The Hacker News) TrueBot infections were observed in Clop ransomware attacks (Security Affairs) Clop ransomware uses TrueBot malware for access to networks (BleepingComputer) Royal Ransomware (US Department of Health and Human Services) US Dept of Health warns of ‘increased’ Royal ransomware attacks on hospitals (The Record by Recorded Future) Iran-Backed MuddyWater's Latest Campaign Abuses Syncro Admin Tool (Dark Reading) MuddyWater Hackers Target Asian and Middle East Countries with Updated Tactics (The Hacker News) New MuddyWater Campaign Uses Legitimate Remote Administration Tools to Deploy Malware (Cyber Security News) Shows will go on at Met Opera despite cyber-attack that crashed network (ABC7 New York) Cyberattack disrupts Metropolitan Opera (SC Media) Cloud Atlas targets entities in Russia and Belarus amid the o
Bonus · Sun, December 11, 2022
Jameeka Aaron: Sometimes you just have to follow two paths. [CISO] [Career Notes]
Jameeka Aaron, Chief Information Security Officer at Auth0, a product unit of Okta, sits down to share her story following two different paths that led her to where she is today. Jameeka has 20 years of IT and cybersecurity experience and has mitigated security risks at Nike, the U.S. Navy, and now Auth0. She joined the Navy not knowing what she wanted to do after high school and ended up becoming a Radioman, which is now titled IT. She shares her experiences of challenges she faced being the youngest, and the only woman, and the only woman of color in her group. She followed two different paths, getting an education as well as being in the Navy, and started her career at Lockheed Martin Mission Systems in San Diego. She eventually found her way to Auth0 in 2018. She says "I realized cybersecurity folks can do anything, everywhere. We're everywhere, we're in every industry and so I started to kind of say, I wanna work on programs that are fun for me." We thank Jameeka for sharing her story.
Bonus · Sun, December 11, 2022
Commercial threat intelligence proves invaluable for the public sector. [CyberWire-X]
Historically, the U.S. government has relied almost solely on its own intelligence analysis to inform strategic decisions. This has been especially true surrounding geopolitical events and nation-level cybersecurity situations. However, the explosion of assets being connected to the internet, along with the fact that most critical infrastructure is owned by private sector organizations, means that commercially developed cyber threat intelligence is being generated at a faster pace than ever before. In the Russia/Ukraine conflict, we saw how commercially generated satellite intelligence played a critical role in alerting the public and ensuring our allies were ready for an invasion. At LookingGlass, we believe commercial threat intelligence can provide similar anticipatory insight – and that it can be shared more easily and quickly than intelligence generated solely by the U.S. government. Ultimately, the public and private sectors need to work together to protect the interests of the American people. Currently, both private industry and academia are targeted by foreign adversaries, just as are government agencies. This means that commercial entities also have access to adversary tactics, techniques, and procedures (TTPs) and indicators of compromise, and they have that access from a different perspective, which is valuable intelligence for the government. On this episode of CyberWire-X, host Rick Howard, the CyberWire’s CISO, Chief Analyst and Senior Fellow, speaks with Hash Table member Wayne Moore, CISO at Simply Business, and host Dave Bittner speaks with Bryan Ware, CEO at episode sponsor LookingGlass Cyber Solutions. They’ll discuss why the U.S. government needs commercial cyber threat intelligence now more than ever before and how both the public and private sectors will benefit from closer, trusted cyber partnerships.
Bonus · Sat, December 10, 2022
Cybersecurity during the World Cup. [Research Saturday]
AJ Nash from ZeroFox sits down with Dave to discuss Cybersecurity threats including social engineering attacks planned surrounding the Qatar 2022 World Cup. The research shares some of the key threats we might see while the World Cup is happening this year. Researchers say "During the World Cup, there will likely be threat actors aiming to acquire personal information or monetary value through phishing and scams." In the research we can find how the venue host is preparing for these claims of attacks. The research can be found here: Qatar 2022 World Cup Event Assessment
S6 E1720 · Fri, December 09, 2022
Cobalt Mirage deploys Drokbk malware. Zombinder in the C2C market. Impersonation scams. CISA releases three new ICS advisories. And criminals prey on other criminals.
Cobalt Mirage deploys Drokbk malware. Zombinder in the C2C market. Impersonation scams: that's not Ukraine’s Ministry of Digital Transformation. On the cyber front, nothing new. CISA releases three new ICS advisories. Caleb Barlow on attack surface management. Mike Hamilton from Critical Insight explains how state and local governments apply for the $1 billion allocated by the feds for cybersecurity funding. And criminals prey on other criminals. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/235 Selected reading. Drokbk Malware Uses GitHub as Dead Drop Resolver (Secureworks) Zombinder: new obfuscation service used by Ermac, now distributed next to desktop stealers (ThreatFabric) Crypto Winter: Fraudsters Impersonate Ukraine’s Government to Steal NFTs and Cryptocurrency (DomainTools) Danish defence ministry says its websites hit by cyberattack (Reuters) Kela website hit by DoS attack (Yle) Advantech iView (CISA) AVEVA InTouch Access Anywhere (CISA) Rockwell Automation Logix controllers (CISA) The scammers who scam scammers on cybercrime forums: Part 1 (Sophos News) Cyber-criminals Scammed Each Other Out of Millions in 2022 (Infosecurity Magazine)
S6 E1719 · Thu, December 08, 2022
The IT Army of Ukraine claims VTB DDoS. DPRK exploits Internet Explorer vulnerability. New variant of Babuk ransomware reported. Blind spots in air-gapped networks. And, dog and cat hacking.
The IT Army of Ukraine claims responsibility for DDoS against a Russian bank. North Korea exploits an Internet Explorer vulnerability. A new variant of Babuk ransomware has been reported. Blind spots in air-gapped networks. Rob Boyce from Accenture has insights on the most recent ransomware trends. Our guest is Nathan Howe from Zscaler with the latest on Zero Trust. And the hacking of cats and dogs. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/234 Selected reading. IT Army of Ukraine Hit Russian Banking Giant with Crippling DDoS Attack (HackRead) Internet Explorer 0-day exploited by North Korean actor APT37 (Google) Morphisec Discovers Brand New Babuk Ransomware Variant in Major Attack (PRWeb) Bypassing air-gapped networks via DNS (Pentera) What to Know About an Unlikely Vector for Cyber Threats: Household Pets (Insurance Journal)
Wed, December 07, 2022
Ransomware, third-party risk, cyberespionage, social engineering, and a software supply-chain threat..
Rackspace reacts to ransomware. Third-party incidents in New Zealand and the Netherlands. Russian intelligence goes phishing. Mustang Panda uses Russia's war as phishbait. A Malicious package is found in PyPi. Kevin Magee from Microsoft Canada shares thoughts on cybersecurity startups in an economic downturn. Our guest is IDology's Christina Luttrell to discuss how consumers feel about digital identity, fraud, security and data privacy. And a French-speaking investment scam. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/233 Selected reading. Rackspace Technology Hosted Exchange Environment Update (Rackspace Technology) Multiple government departments in New Zealand affected by ransomware attack on IT provider (The Record by Recorded Future) Antwerp's city services down after hackers attack digital partner (BleepingComputer) Russian hacking group spoofed Microsoft login page of US military supplier: report (The Record by Recorded Future) Mustang Panda Uses the Russian-Ukrainian War to Attack Europe and Asia Pacific Targets (BlackBerry) Inside the Face-Off Between Russia and a Small Internet Access Firm (New York Times) Apiiro’s AI engine detected a software supply chain attack in PyPI (Apiiro | Cloud-Native Application Security) Anatomizing CryptosLabs: a scam syndicate targeting French-speaking Europe for years (Group-IB)
Bonus · Wed, December 07, 2022
CISA Alert AA22-335A – #StopRansomware: Cuba Ransomware [CISA Cybersecurity Alerts]
The FBI and CISA are releasing this alert to disseminate known Cuba Ransomware Group indicators of compromise and TTPs identified through FBI investigations. FBI and CISA would like to thank BlackBerry, ESET, The National Cyber-Forensics and Training Alliance (NCFTA), and Palo Alto Networks for their contributions to this CSA. AA22-335A Alert, Technical Details, and Mitigations For a downloadable copy of IOCs, see AA22-335A.stix Stopransomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts. Resource to mitigate a ransomware attack: CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide . No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment . U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov , or call (888) 282-0870, or report incidents to your local FBI field office.
S6 E1717 · Tue, December 06, 2022
Cyberespionage, privateering, hacktivism and influence operations, in Ukraine, Russia, the Middle East, and elsewhere. Criminals need quality control, too. A new entry in CISA’s KEV Catalog.
A Chinese cyberespionage campaign is believed to be active in the Middle East. Poor quality control turns ransomware into a wiper, and a typo crashes a cryptojacker. A large DDoS attack is reported to have hit a Russian state-owned bank. Privateers compromise Western infrastructure to stage cyberattacks. Cyber operations against national morale. A look at the Vice Society. Ben Yelin on the growing concerns over TicTok. Ann Johnson from Afternoon Cyber Tea speaks with Charles Blauner about the evolution of the CISO role. And CISA has added an entry to its Known Exploited Vulnerabilities Catalog. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/232 Selected reading. BackdoorDiplomacy Wields New Tools in Fresh Middle East Campaign (Bitdefender Labs) The Story of a Ransomware Turning into an Accidental Wiper | FortiGuard Labs (Fortinet Blog) Syntax errors are the doom of us all, including botnet authors (Ars Technica) Russia's No. 2 bank VTB suffers largest DDoS in history (Computing) Russia compromises major UK and US organisations to attack Ukraine (Lupovis) Russia’s online attacks target Ukrainians’ feelings (POLITICO) Vice Society: Profiling a Persistent Threat to the Education Sector (Unit 42) CISA Adds One Known Exploited Vulnerability to Catalog (CISA)
S6 E1716 · Mon, December 05, 2022
Swapping cyberattacks in a hybrid war. Privateers or just a side-hustle? US CSRB will investigate Lapsu$ Group. Notes on the cyber underworld.
Wiper malware hits Russian targets. Microsoft sees an intensification of Russian cyber operations against Ukraine. State policy, privateering, or an APT side-hustle? The US Cyber Safety Review Board will investigate the Lapsu$ Group. Rackspace works to remediate a security incident. The Schoolyard Bully Trojan harvests credentials. Grayson Milbourne of OpenText Security Solutions on attacks on common open source dev libraries. Rick Howard looks at CISO career paths. And trends in ransomware: cybercrime succeeds when the gang runs like a business. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/231 Selected reading. CryWiper: fake ransomware (Kaspersky). CryWiper data wiper targets Russian courts and mayors' offices (Computing) Never-before-seen malware is nuking data in Russia’s courts and mayors’ offices (Ars Technica) Russian regions attacked by new wiper posing as ransomware (Cybernews) Preparing for a Russian cyber offensive against Ukraine this winter (Microsoft On the Issues) Russia coordinating Ukraine hacks with missiles, could increasingly target European allies, Microsoft warns (POLITICO) Russia Is Boosting Its Cyber Attacks on Ukraine, Allies, Microsoft Says (Bloomberg.com) Hackers linked to Chinese government stole millions in Covid benefits (NBC News) Cyber Safety Review Board to Conduct Second Review on Lapsus$ (US Department of Homeland Security) Rackspace: Ongoing Exchange outage caused by security incident (BleepingComputer) Schoolyard Bully Trojan Facebook Credential Stealer (Zimperium) <a href="https://lookingglasscyber.com/resources/the-professional
Bonus · Sun, December 04, 2022
Rohit Dhamankar: Never close doors prematurely. [Vice President] [Career Notes]
Rohit Dhamankar from Fortra’s Alert Logic sits down with Dave Bittner to share his experiences as he navigates the industry. Rohit has over 15 years of security industry experience across product strategy, threat research, product management and development, and customer solutions. Before Alert Logic he served in Product roles for Live Oak Venture Capital at Infocyte and Razberi Technologies. He has previously worked in senior roles in several start-up companies in security analytics, intrusion detection/prevention, end-point protection, and security risk and compliance, including VP, Click Labs Solutions at Click Security, acquired by AlertLogic, and he was a Co-Founder of Jumpshot, acquired by Avast. Rohit shares the advise of never closing a door too prematurely, because you never know what could be behind the door waiting for you. We thank Rohit for sharing his story.
Bonus · Sat, December 03, 2022
Old malware returns in a new way. [Research Saturday]
Jeremy Kennelly and Sulian Lebegue from Mandiant sit down with Dave to discuss their research "From RM3 to LDR4: URSNIF Leaves Banking Fraud Behind? One of the oldest and most successful banking fraud malwares, URSNIF, which caused an estimated “tens of millions of dollars in losses”, has been discovered by researchers to have been re-tooled into a generic backdoor, dubbed “LDR4”. This new varient was first observed in June 2022. Mandiant researchers believe that the same threat actors who operated the RM3 variant of URSNIF are likely behind LDR4. They say "given the success and sophistication RM3 previously had, LDR4 could be a significantly dangerous variant—capable of distributing ransomware—that should be watched closely." The research can be found here: From RM3 to LDR4: URSNIF Leaves Banking Fraud Behind
S6 E1715 · Fri, December 02, 2022
Cuba ransomware pulls in $60 million. CISA releases three ICS advisories. Google announces new support for Ukraine. DDoSing the Vatican. Google supports Ukrainian startups in wartime.
Cuba ransomware pulls in $60 million. CISA releases three ICS advisories. DDoSing the Vatican. Andrea Little Limbago from Interos on the implications of Albania cutting off diplomatic ties with Iran. Our space correspondent Maria Varmazis speaks with Brandon Bailey about Space Attack Research and Tactic Analysis matrix. And how Google supports Ukrainian startups in wartime. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/230 Selected reading. Alert (AA22-335A) #StopRansomware: Cuba Ransomware (CISA) Novel News on Cuba Ransomware: Greetings From Tropical Scorpius (Palo Alto Networks Unit 42) New ways we're supporting Ukraine (Google) 25 new startup recipients of the Ukraine Support Fund (Google) Vatican shuts down its website amid hacking attempts (Cybernews)
S6 E1714 · Thu, December 01, 2022
Cyberespionage, cybercrime, and patriotic hacktivism. The Heliconia framework described. Cyber risk for the telecom and healthcare sectors. Notes on the hybrid war. Predictions for 2023.
A new backdoor, courtesy of the DPRK. The Medibank breach is all over but the shouting (or, all over but the suing and the arresting). Risks and opportunities in telecom’s shift to cloud. Cyber risk in healthcare. An assessment of Russian cyber warfare. Robert M. Lee from Dragos assesses the growing value of the ICS security market. Our guest is Cecilia Seiden of TransUnion to discuss their 2022 Consumer Holiday Shopping Report. And it’s December, which means…predictions. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/229 Selected reading. Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin (ESET) Medibank hackers announce ‘case closed’ and dump huge data file on dark web (the Guardian) New details on commercial spyware vendor Variston (Google) Risks and opportunities in telecom’s shift to cloud. (CyberWire) Moody’s discusses cyber risk in healthcare. (CyberWire) 'Do something:' Ukraine works to heal soldiers' mental scars (AP NEWS) Reformed Russian Cybercriminal Warns That Hatred Spreads Hacktivism (Wall Street Journal) Cybersecurity predictions for 2023. (CyberWire)
S6 E1713 · Wed, November 30, 2022
LockBit 3.0 and Punisher ransomware described. Leave that USB right in the parking lot where you found it. Killnet’s woofing. Lilac Wolverine’s big new BEC. And World Cup scams.
Has LockBit 3.0 been reverse engineered? A COVID lure contains a Punisher hook. A Chinese cyberespionage campaign uses compromised USB drives. Lilac Wolverine exploits personal connections for BEC. Killnet claims to have counted coup against the White House. Tim Starks from the Washington Post has the FCC’s Huawei restrictions and ponders what congress might get done before the year end. Our guest is Tom Eston from Bishop Fox with a look Inside the Minds & Methods of Modern Adversaries. And, of course, scams, hacks, and other badness surrounding the World Cup. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/228 Selected reading. LockBit 3.0 ‘Black’ attacks and leaks reveal wormable capabilities and tooling (Sophos News) Punisher Ransomware Spreading Through Fake COVID Site (Cyble) Always Another Secret: Lifting the Haze on China-nexus Espionage in Southeast Asia (Mandiant) BEC Group Compromises Personal Accounts and Pulls Heartstrings to Launch Mass Gift Card Attacks (Abnormal Security) Killnet Claims Attacks Against Starlink, Whitehouse.gov, and United Kingdom Websites (Trustwave) Scammers on the pitch: Group-IB identifies online threats to fans at FIFA World Cup 2022 in Qatar (Group-IB)
S6 E1712 · Tue, November 29, 2022
DDoS as a holiday-season threat to e-commerce. TikTok challenge spreads malware. Meta's GDPR fine. US Cyber Command describes support for Ukraine's cyber defense.
DDoS as a holiday-season threat to e-commerce. A TikTok challenge spreads malware. Meta's GDPR fine. Mr. Security Answer Person John Pescatore has thoughts on phishing resistant MFA. Joe Carrigan describes Intel’s latest efforts to thwart deepfakes. And US Cyber Command describes support for Ukraine's cyber defense. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/227 Selected reading. Holiday DDoS Cyberattacks Can Hurt E-Commerce, Lack Legal Remedy (Bloomberg Law) TikTok ‘Invisible Body’ challenge exploited to push malware (BleepingComputer) $275M Fine for Meta After Facebook Data Scrape (Dark Reading) Before the Invasion: Hunt Forward Operations in Ukraine (U.S. Cyber Command)
S5 E1711 · Mon, November 28, 2022
Keeping pentesting tools out of criminal hands. Updates from an intensified cyber phase in Russia’s hybrid war. Fars reports sustaining a cyber attack. The most common password remains “password.”
Nighthawk’s at the diner (but maybe not on the crooks’ menu). Internet service in Ukraine and Moldova is interrupted by strikes against Ukraine's power grid. Sandworm renews ransomware activity against Ukrainian targets. Russian cyber-reconnaissance seen at a Netherlands LNG terminal. European Parliament votes to declare Russia a terrorist state (and Russia responds with cyberattacks and terroristic threats). Carole Theriault reports on where these kids today are getting their news. Malek Ben Salem from Accenture on digital identity in Web 3.0. And, hey, the new list of most commonly used passwords looks...depressingly familiar. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/226 Selected reading. Sec firm MDSec slams Proofpoint for post on pen-testing framework (iTWire) Nighthawk: With Great Power Comes Great Responsibility - MDSec Cyberattack Hits Iran's Fars News Agency (RadioFreeEurope/RadioLiberty) Iran’s Fars news agency is hit by cyberattacks, blames Israel (Times of Israel) Ukraine and Moldova suffer internet disruptions after Russian missile strikes (The Record by Recorded Future) New ransomware attacks in Ukraine linked to Russian Sandworm hackers (BleepingComputer) Russian hackers targeting Dutch gas terminal: report (NL Times) Russia labelled state sponsor of terrorism as missile strikes leave Ukraine without power (The Telegraph) Killnet Group Claims Responsibility for European Parliament Cyber Attack (Digit) European Parliament hit by 'sophisticated' cyberattack (Deutsche Welle) European Parliament website suffers 'sophisticated' cyber att
S3 E127 · Sun, November 27, 2022
Laura Whitt-Winyard: Securing the world. [CISO] [Career Notes]
Laura Whitt-Winyard, CISO from Malwarebytes, sits down to share her story, beginning with a desire to be a pediatric oncologist that she later discovered was not the path for her. Laura was bouncing around from job to job until she bought her first computer, and a light bulb went off in her head. She set out to make it her goal to learn about this new, interesting field and grow within it. Now as a successful CISO, she wants to make the world more secure and goes from company to company to complete her goal. She considers herself a servant leader whose goal is the greater good. She compares her role to football, explaining that she is not the quarterback, but the center for the team. She believes she is the center that paves the path for the quarterbacks on her team to reduce the noise, to give the quarterback all the tools that they need to do their jobs and do their jobs well. We thank Laura for sharing her story.
Bonus · Sat, November 26, 2022
Encore: The secrets behind Docker.
Alon Zahavi from CyberArk, joins Dave Bittner on this episode to discuss CyberArk's work in conjunction with Patch Tuesday. CyberArk published about how Docker inadvertently created a new vulnerability and what happens when it's exploited. CyberArk's research concluded that an attacker may execute files with capabilities or setuid files in order to escalate its privileges up to root level. CyberArk found the new vuln in some of Microsoft’s Docker images, caused by misuse of Linux capabilities, a powerful additional layer of security that gives admins the ability to assign capabilities and privileges to processes and files in the Linux system The research can be found here: How Docker Made Me More Capable and the Host Less Secure
Fri, November 25, 2022
Interview Select: Perry Carpenter on his new book "The Security Culture Playbook." [CW Pro]
This interview is from June 3rd, 2022 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Dave Bittner sits down Perry Carpenter, host of 8th Layer Insights to discuss his new book "The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer."
S3 E144 · Thu, November 24, 2022
Research Briefing: Emotet's return. LodaRAT improvements. Callback phishing leads to data theft extortion. [CW Pro]
Emotet's return. LodaRAT improvements. Callback phishing leads to data theft extortion.
S6 E1710 · Wed, November 23, 2022
Watch out for abuse of pentesting tools. Cyber attack on Guadeloupe. Ducktail’s evolution. Cybersecurity for ports. ICS security advisories. And stay safe shopping during the holidays.
Another pentesting tool may soon be abused by threat actors. Cyberattack disrupts Guadeloupe. Ducktail evolves and expands. Warning of the potential disruption cyberattacks might work against European ports. CISA releases eight industrial control system advisories. Patrick Tiquet, VP of Security and Architecture at Keeper Security, talks about the FedRAMP authorization process. Bryan Vorndran of the FBI Cyber Division with reflections on ransomware. And stay safe on Black Friday (and Cyber Monday, and Panic Saturday, and…you get the picture. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/225 Selected reading. Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice (Proofpoint) Making Cobalt Strike harder for threat actors to abuse (Google Cloud Blog) Guadeloupe government fights 'large-scale' cyberattack (AP NEWS) Vietnam-Based Ducktail Cybercrime Operation Evolving, Expanding (SecurityWeek) Cyber as important as missile defences - ex-NATO general (Reuters) CISA Releases Eight Industrial Control Systems Advisories (CISA) Black Friday and Cyber Monday risks . (CyberWire)
loading...